Posts Categorized: social engineering


Newsflash: HTML Spammers are Not So Bright

by

It’s been more than a week that we at Webroot, and countless others, have been getting floods of bogus messages with HTML attachments. I thought I’d give the curious readers of this blog a quick glance at one of the drive-by sites that load in the browser if you try to open the file. As I’d mentioned previously, the HTML files themselves simply contain highly obfuscated Javascript (code that’s hard for humans to read but easy for machines to interpret). When you try to load those malicious scripts into a browser, the script instructs the browser to load a page […]

Continue Reading »

Civilization 5 Torrent Bonus: Uncivilized Malware

by

Bootlegged copies of Civilization 5, the highly anticipated, just-released real time strategy game, are already popping up in file sharing services. And, as we’ve come to expect, some of the pirated copies of the game come with that little something special — malicious components. One of our Threat Research Analysts, who also happens to be an avid gamer, started looking for pirated copies of the game Friday morning and, within five minutes of looking, found Trojans in some of the torrents in circulation. I’ve chosen to focus on one of these files, not only because it was the first we […]

Continue Reading »

Malicious HTML Mail Attachments Flood Inboxes

by

If you hadn’t already noticed, an ongoing spam campaign where someone is sending email messages with attached HTML files continues to be a problem. The current campaign appears to be a new wave of spam similar to the one I reported about in July. The messages, which began arriving a week ago, have subject lines pulled from news headlines (“Cops kill shooter at Johns Hopkins Hospital,” “America’s Got Talent Judges Were They Shocked,” “Daniel Covington”) and with a financial angle (“Apartment for rent,” “Invoice for Floor replacement,” “credit card,” and the ever-popular “Shipping Notification”). The messages themselves are brief, such […]

Continue Reading »

Epic Malware Dropper Makes No Attempt to Hide

by

In the world of first-person shooter games, getting the most headshots – hits on the opponent which instantly take the opponent’s avatar out of the game — is a prized goal. The headshot is the quickest way to dispatch a foe in virtually every shooter, which is why the file name of a malware sample, currently in circulation, stood out. The file, yogetheadshot.php.exe (VT), is a dropper, a glorified bucket designed to tip over and spill other malware all over a PC. But where other droppers might leave behind a handful of payloads, this one utterly decimated a testbed PC […]

Continue Reading »

New Rogue Is Actually Five Rogues in One

by

For years, the makers of those snake oil security programs we call Rogue Security Products have spent considerable effort making up new names, developing unique graphic design standards, and inventing backstories for their utterly useless, expensive scam products. Now a new rogue has taken this never ending shell game one step further, releasing a single program that calls itself one of five different names, depending on what button an unfortunate victim clicks in a highly deceptive dialog box. Let’s call it what it really is, though: A malicious play in five acts. The rogue’s delivery method, or Act 1 in […]

Continue Reading »

Workplace Social Networking: More Like Antisocial Not-working

by

By Ian Moyse, EMEA Channel Director Hardly a week goes by when the national press doesn’t carry a story about how social networks represent a threat to privacy or security, or both. These news stories aren’t wrong: Users of social networks face a raft of risks, ranging from malware attacks and identity theft, to cyberbullying, grooming from sexual predators or stalkers, viewing or posting inappropriate content, and the ever-present risk that you (or someone you work with) might end up with your foot (or is it your keyboard?) firmly in mouth. Using social networks to give out too much information […]

Continue Reading »

Fake Flash Update Needs Flash to Work

by

If you live in the US, you may have played sports, barbequed, or enjoyed the last long weekend of the summer outside doing something fun outdoors. Unfortunately, that wasn’t an option here in Boulder, where a large wildfire generated a thick plume of smoke and ash. So, what’s a malware analyst to do indoors on a beautiful day with toxic smoke outside? Why, spend some quality time with Koobface, of course. I took a closer look at the worm’s behavior and also noted that, since the Migdal keylogger site went dark for the Koobface crew, they’ve switched to using a […]

Continue Reading »

Pro-Israel Website Receives Passwords Stolen by Koobface

by

Is the team behind the Koobface worm taking a stance on the Israeli-Palestinian peace talks, or is this notorious worm’s most recent, bizarre twist just a coincidence? We’ve seen Koobface hijack legitimate Web sites for more than a year, using them not only to host malicious payload files, but also to work as proxy command-and-control servers for the botnet. One such hijacked Web domain, migdal.org.il, popped up in a number of blog posts and on Web sites which list the domains used to host malware, as far back as this past May, when the Koobface crew began using a slew […]

Continue Reading »

Subscription Renewal Spam Points to Drive-by

by

Dear Customers: Please be aware that a crew of Russian malware distributors are circulating a spam message which looks like a subscription renewal confirmation from Best Buy, allegedly for one of our products. The linked text in the message, however, leads to a Web site which performs a drive-by download. Please don’t click the links in the message; If you have any questions about your subscription, please contact support. The spammers appear to have done some homework. Some, but not enough. Best Buy currently sells our products through their online software subscription service. Note to spammers: If you’re going to […]

Continue Reading »

Blackhat SEO of Google Images Links to Rogue AV

by

Yesterday, a few of the Threat Research folks and I had a little fun playing with a hack that had, for one day at least, pretty much decimated Google’s Image Search feature. One researcher, who stumbled into the attack purely by chance, found that a Google Images link to a map of the United States was, instead, redirecting hapless Web surfers to pages that deliver an installer of a rogue antivirus in the Security Tool family of fine, fraudulent products. What really caught our interest was how the hack behaved, depending on the operating system and browser you used. With […]

Continue Reading »