Aug 03 2021

BazarCaller – the malware gang that talks you into infecting yourself

Category: Malware,Security Awareness,SpywareDISC @ 10:29 am

You’re almost certainly familiar with vishing, a phone-based scam in which cybercriminals leave messages on your voicemail in the hope that you’ll call them back later to find out what’s going on.

In fact, if you have a long-standing phone number, like we do, you may well get more of these scam calls (perhaps even many more of them) than genuine calls, so you’ll know the sort of angle they take, which often goes along these lines:

[Synthetic voice] Your Amazon Prime subscription will auto-renew. Your card will be billed for [several tens of dollars]. To cancel your subscription or to discuss this renewal, press 1 now.

Sometimes, they’ll read out the number to call them back on, to re-iterate not only that it matches the number that shows up in your call history, but also that it’s a local number, right there in your own town or country.

The crooks do this to “prove” that caller is local too, rather than sitting overseas in some scammy boiler-room call centre, far from the reach of law enforcement and the regulators in your part of the world.

BazarCaller – the malware gang that talks you into infecting yourself

Scam Me If You Can

Tags: BazarCaller, Scam Me If You Can, Spam

Sep 12 2010

‘Here You Have’ worm and who takes the credit

Category: MalwareDISC @ 11:16 pm
Computer Worm
Image via Wikipedia

Malicious Mobile Code & How to Protect from Malware

If you receive an email with the subject ‘Here You Have.’ or ‘Just For You’ delete the message without clicking the link. Do NOT forward the email to Security or anyone else.

One version of the spam e-mail simply says, “Hello: This is The Document I told you about, you can find it here” and includes a link that appears to be a pdf document.

Another version of the worm includes the subject “Just For you” and says “This is The Free Dowload Sex Movies, you can find it Here.”

If a user clicks the link and downloads the virus, it spreads to contacts in that individual’s e-mail account and continues to propagate. McAfee also said that it attempts to stop and delete security services.

Organizations including NASA, Comcast, AIG, Disney, Proctor & Gamble, Florida Department of Transportation and Wells Fargo are just a few of the organizations apparently affected by the worm.

Who Takes the Credit

The hacker, known as Iraq Resistance, responded to inquiries sent to an e-mail address associated with the “Here you have” worm, which during a brief period early Thursday accounted for about 10 percent of the spam on the Internet. He (or she) revealed no details about his identity, but said, “The creation of this is just a tool to reach my voice to people maybe… or maybe other things.”

To read more “Who takes the credit”

Tags: Comcast, Computer worm, Email, McAfee, NASA, Procter & Gamble, Spam, Wells Fargo

Feb 11 2010

Spam, malware proliferate in late 2009

Category: MalwareDISC @ 2:16 pm

Image by colodio via Flickr

Alejandro Martínez-Cabrera

Online security firm Websense has released a report on the cyberthreat landscape during the second half of 2009, and some of the findings are jaw dropping:

The firm, which scans millions of Web sites and e-mails a day looking for malicious content, found that 95 percent of all user-generated content came laced with some kind of spam or malicious link.

“The notion that the Internet could be the great equalizer turned out to be true after all; unfortunately, it’s mostly making suckers out of all of us,” tech Web site Ars Technica said.

Also surprising: Remember last year when the New York Times said a page on its Web site had been sending malware through its ad network? That was the most high-profile example of how criminals have managed to infiltrate trusted Web sites through a tactic known as drive-by downloading, in which a Web user picks up a virus simply by visiting an infected page. According to Websense, 71 percent of all Web sites generating malware in the second half of 2009 were infected legitimate Web sites.

Echoing what other research has found, the report said the number of infected Web sites went through the roof last year. Websense estimated there was a 225 percent growth in the number of malicious sites in 2009 compared with the year before.

The problem declined slightly in the second half of the year, with the decrease attributed to criminals moving away from attacks on traditional Web sites and attempting to exploit social-networking sites.

Websense also found that 85.8 percent of all e-mails sent in the second half of 2009 were spam.

More surprising is that 81 percent of all e-mail sent during the same period had some kind of malicious link. That means there was a 4-in-5 chance that a link pasted into an e-mail would lead you to download an infected file or take you to an infected Web site. (You usually don’t see all of the junk mail because it’s often filtered by your e-mail provider, browser or antivirus software.)

Finally, Websense found that in the second half of 2009, it took security vendors an average 46 hours – almost two days – to repair damage by malware after it had been identified (compared with 22 hours in the first half of 2009).

“The idea that computer users are not protected for days at a time, or even weeks or a month, may be compared with leaving your laptop in a public space for three weeks and hoping it won’t be used or abused,” the report said.

On Feb 1oth this article appeared on page D1 of the SF Chronicle

Tags: Antivirus software, E-mail, Malware, New York Times, Social network service, Spam, User-generated content, websense

Jun 22 2009

Access to computers on sale

Category: CybercrimeDISC @ 3:09 pm


According to SF chronicle article by Deborah Gage (June 17, 2009, c1) a troublesome online network for buying and selling access to infected computers has been discovered by security researchers. The name of the group is GoldenCashWorld which sell access to online infected computers such as web server, mail server, database server etc. Infected computers are utilized to send spam, SQL injections, XSS attacks, buffer overflow attacks and spread viruses and worms.

According to the article this underground network already have access to more than 100,000 websites and 40% of these compromised computers reside in the United States. This is a growing threat to individuals and business assets in United States which should be taken seriously by National Cyber security Divisions.
GoldenCashWorld is a global underground ring which requires an international law to crack this nut.

Online Secure Remote Backup solution
Online crime ring detected
Guide to Computer Forensics and Investigations

Cyber Crime Growing Global Threat

Reblog this post [with Zemanta]

Tags: buffer overflow, cyber crime, GoldenCashWorld, NCD, online infected computer, San Francisco Chronicle, Spam, SQL injection, xss