Posts Categorized: Phishing Trojans


Fake Zbot Site Poses as CDC H1N1 Flu Vaccine Info

by

The newest victim of the faux-Web-sites-posing-as-government-pages scam is the Centers for Disease Control and Prevention. In the same vein as fake pages supposedly hosted on the Web servers of the IRS, FDIC, and other organizations, we’re seeing a new scam to infect computers with Trojan-Phisher-Zbot that pretends to be a “Personal H1N1 Vaccination Profile.” As with the previous scams, dozens of Web servers are involved. The URLs involved in the scheme all begin with the “http://online.cdc.gov” — the “online.” subdomain is not used by the CDC — followed by a six- to seven-character random domain name and a non-.gov top-level […]

Continue Reading »

Phishing Scheme Targets E-Payment Rule-Maker, NACHA

by

Coming on the heels of similar fraud schemes that targeted victims using the names of such familiar institutions as the FDIC, IRS, and HMRC, scammers are trying to get people to infect their own computer using a different organization’s name—one that is probably unfamiliar to most people. NACHA is a not-for-profit association that “oversees the Automated Clearing House (ACH) Network, a safe, efficient, green, and high-quality payment system.” In other words, they write the rules for the organizations that run the pipes through which money flows between banks and businesses–the circulatory system of the financial world. In fact, more than […]

Continue Reading »

Lazy Phishers Just Email the Phishing Web Page to You, Now

by

It was a particularly busy weekend for spammers, especially the creepy, evil ones who are trying to steal information (as opposed to the merely scungy pill vendors and their ilk). Webroot’s Threat Research team has recently seen a glut of phishing messages which, like most, purport to come from banks and ask you to update your account information. But unlike most phishing messages, which contain a link to a Web site, these phishing messages include an attached HTML file which, in essence, puts the phishing page right on your hard drive. When launched, the HTML file renders a sparse but effective phishing form […]

Continue Reading »

IRS Tax “Warning” Fraud Crosses the Pond, Targets the UK

by

For several months, we’ve been seeing spam and phishing Web sites which purport to be IRS notifications of delinquent non-payment of income taxes. Who can blame the fraudsters — almost no three letter agency of the US government inspires more dread and fear than good old Internal Revenue. In the UK, the counterpart to the IRS is called Her Majesty’s Revenue & Customs (or HMRC), even though it is the British government, and not the Queen’s Coldstream Guards, who dutifully stick a fork in the populace to pay up. The income tax filing deadline in the UK (for people who […]

Continue Reading »

Shields Up During National Cyber Security Awareness Month

by

By Mike Kronenberg Be suspicious. About email swindles, bogus security products and online scams. I’m not kidding around. You need to pay attention and be diligent, because cyberthreats are lurking everywhere. What got me thinking about this was President Obama’s proclamation of October as National Cyber Security Awareness Month. He said that all users — not just those in government — have to practice safe computing. The President is taking this seriously. At the start of the month he authorized the Department of Homeland Security to hire 1,000 cyber security specialists over the next three years. The goal for these professionals […]

Continue Reading »

Trojan Decodes Captchas Using Stolen Commercial Tools

by

A new Trojan quietly circulating in the wild uses components from a commercial optical character recognition (OCR) application to decode captchas, those jumbled-text images meant to help a website discern human activity from automated bots. The OCR-using captcha breaking tool is just one component of the Trojan. Its main purpose appears to be to fill out contest entries, online polls, and other forms relating to marketing campaigns originating in the US, and it uses the OCR-cracking software in order to read the captchas and submit the form entries, on pages where the website presents a captcha to the user. And […]

Continue Reading »

One Click, and the Exploit Kit’s Got You

by

After all the brouhaha surrounding the NYTimes.com website hosting ads which spawned rogue antivirus Fakealerts last weekend, I spent a considerable amount of time looking at so-called exploit kits this week. These are packages, made up of custom made Web pages (typically coded in the PHP scripting language), which perform a linchpin activity for malware distributors. Namely, they deliver the infection to the victim, using the most effective methods, based on parameters which help identify particular vulnerabilities in the victim’s browser, operating system, or applications. There’s no indication that an exploit kit was used by the attackers in the NYTimes.com […]

Continue Reading »

‘Koobfox’ variant digs for Firefox cookies

by

A new variant of the Koobface worm started striking out this week, with a twist: Where the older Koobface would steal and use the cookies saved by Internet Explorer which store social network logins in order to spread its infectious messages in the victim’s name, this new variant is pulling down a tool designed to steal credentials saved by Firefox (in the form of cookies and stored passwords). Users of the Firefox browser were, until now, able to thwart the pernicious spy’s ability to hijack a victim’s social network accounts, because the two browsers store their cookies in different locations, […]

Continue Reading »

The WoW Catphishers are Biting

by

The body’s barely cold from last week’s BlizzCon, but the script kiddies who write phishing kits have been hard at work putting their best foot forward, crafting account-stealing code that targets gullible WoW players who want an early peek at the just-announced Cataclysm expansion. These Catphish pages, linked off of YouTube video postings that offer promises of early, exclusive access to the expansion, lift graphics and design characteristics directly from the pages hosted by Blizzard, the publisher of the WoW franchise. Unfortunately for the script kiddies making and hosting the pages, they’re making some of the most boneheaded mistakes imaginable. […]

Continue Reading »

How Phishers Target WoW Players

by

Yesterday, at the opening of our BlizzCon coverage, we showed you just how commonly phishers target WoW players by posting innocuous-looking links in message board or forums frequented by players. Today, we’ve produced a really short video that shows exactly how someone infects their computer with a phishing Trojan. As you can see in the video (even through the “censorship”), the page the victim eventually ends up on emulates the appearance of a Flash-video-based porn site. Every single link on the page links to the malware installer, which means that no matter where on the page the victim clicks, he […]

Continue Reading »