Fraudulent Spam E-mail Purported From FBI Deputy Director John S. Pistole
A spam e-mail claiming to be from FBI Deputy Director John S. Pistole is currently being
circulated. This attempt to defraud is the typical e-mail scam using the name and reputation
of an FBI official to create an air of authenticity.
As with many scams, the e-mail advises the recipient that they are the beneficiary of a
large sum of money which they will be permitted to access once fees are paid and personal
banking information is provided. The appearance of the e-mail leads the reader to believe
that it is from FBI Deputy Director John S. Pistole..
This e-mail is a hoax. Do not respond.
Spam From Microsoft Hotmail
The Warezov botnet is propagating spam messages via Microsoft's Hotmail e-mail service. The
Warezov Trojan is spread via malicious web pages; once installed, it downloads a list of
account credentials which are then used to send spam via Hotmail, effectively hijacking
Hotmail's "trusted" reputation with spam-blocking and content filtering systems.
Fake Update Pretending to be from Microsoft
Malicious security update spammed out, coincides with Patch Tuesday. IT security and control
firm, Sophos, is warning computer users to be on their guard following the discovery of a
malicious Trojan horse spam campaign disguised as Microsoft’s monthly security bulletin.
The messages were first discovered Monday and continued to cause problems October 14, coinciding
with Microsoft’s monthly ‘Patch Tuesday’ cycle - when the software giant issues an update of
genuine critical patches. Samples intercepted at SophosLabs have the subject line ‘Security
Update for OS Microsoft Windows’ and claim to come from Steve Lipnser at
securityassurance@microsoft.com. Running the attached file infects Windows computer users
with the Mal/EncPk-CZ Trojan horse, and could give hackers control over your PC.
”Computer users need to learn that Microsoft never sends out security updates as e-mail attachments,
and that they should always visit the genuine Microsoft Web site, or use automatic updating
processes, to keep their systems current,” says the CEO of regional Sophos distributor,
Sophos SA.
Phony Verizon Multimedia Messages
Webroot has detected a new malicious download disguised as a legitimate multimedia
message service (MMS). “We are now seeing hackers use the Verizon Wireless name to send spam
e-mails to PC users who unknowingly open a fake MMS which launches a Trojan to drop infected
files onto their computers,” said the director of Threat Research, Webroot. “Hackers
typically use downloads like this to harvest users’ personal information -- not to mention
soak up significant bandwidth from users’ computers.”
PC users targeted with this fraudulent
spam receive a MMS that, when opened, activates the download of a file called
“VerizonMMS.4837192. “ Once downloaded, the file instantly infects the PC with malware and
also establishes connections to external Web sites that infect the computer with additional
malware. “While it’s no surprise hackers continue to evolve how they attack PC users, the
sheer volume of Verizon Wireless customers who may be deceived by this new threat means its
effect may be significant,” said Webroot’s senior vice president and general manager of
Consumer Business.
Financial Crises Leaves Banks Branches Open to Social Engineering
Heightened concern over the growing financial crisis is making banks more vulnerable to targeted social engineering
and spear-phishing attacks, researchers said this week.
Breaching a bank’s physical security
is also easier now, according to Errata Security. In a social engineering ploy for a
mid-sized bank last week, an Errata’s Chief Technology Officer was mistaken for a federal
auditor and allowed access to the branch manager’s unoccupied office. He made off with a
computer backup tape containing account transaction data.
Some social engineers are worried
that the bad guys will soon start preying on bank employees’ fears to wage real targeted
attacks. One researcher has decided to hold off on releasing a powerful open source hacking
platform he created for targeted email and phishing attacks that includes payloads for
popular Web threats out of fear that it will be used by bad guys to wage real targeted
attacks. “I think phishing and social engineering [are] the highest risk currently faced by
the financial industry,” said the CEO of PacketFocus, who is afraid that his so-called
Lunker tool could be used for targeted phishing attacks.
More Than 5,000 Pirated eBay Credentials Found on Web
A security researcher has stumbled across a mass listing of eBay login details saved to a
Google cache.
Chris Boyd, director of malware research at FaceTime Communications, said he was
investigating an unrelated phishing case when he made the unexpected find.
He uncovered the usernames, passwords and email accounts for 5,534 eBay users on the Google
cache of a pastebin website -- a Wiki-like application that allows for the pasting of large
amounts of text, Boyd told SCMagazineUS.com on Tuesday.
Fake Windows Security Center
Security researchers at CA Inc. have discovered a malicious program that poses as a Windows
Security Center. Once installed by a Trojan, the program informs the user of non-existent
infections, the researchers said.
Without extensive knowledge of the Windows system, this very convincing fake could throw
most PC users.
Writing in CA's Security Advisor Research Blog, Benjamin Googins, senior engineer at CA,
said the infection alters registry settings and can control critical system settings,
including proxy settings.
Googins said the malicious file is called seccenter.exe. The program launches the fake
security center and immediately begins to goad the user into downloading Windefender 2008, a
fake spyware removal tool. The program also limits the user's Internet connection, making it
impossible to load legitimate websites. It then requests the user to pay $40 for the spyware
program.
The only difference between the fake Windows Security Center and the actual security center
provided by Microsoft is a tiny icon and a message warning that "WindowsDefender is
inactive."
Gas Station Card Readers Targeted
Paying at the pump just got more risky. Police in Puyallup, Washington, say thieves snagged
debit card numbers and PIN codes of hundreds of people at two gas stations in the area. They
did it by installing their own hard-to-spot card reader, called a skimmer, on top of the
card reader built into the pump. The skimmer is able to grab the account information from
the card without interfering with the legitimate payment transaction.
The crooks used the stolen data to create (or clone) fake debit cards that were used at ATMs in Washington state
over the Fourth of July weekend and in northern California on Labor Day weekend. The bad
guys like three-day holidays because it gives them more time to use the cards before the
unauthorized withdrawals are spotted. “We are looking at a sophisticated, very
well-organized group of individuals,” says a detective with the Puyallup Police Department.
When all the victims from these two incidents are identified, the total loss could reach
half a million dollars. Gas pumps are being compromised in cities across the country. “We
don’t view it as an epidemic, but there are cases open in at least a half dozen states right
now,” says a spokesman for the U.S. Secret Service. These investigations are underway in
California, Nevada, Pennsylvania, Delaware, and Washington. The detective says the Secret
Service believes some of these crimes are inside jobs, involving someone at the service
station.
Police in Puyallup and Las Vegas now advise residents not to use their debit card
at a gas pump because there is no way to be sure it has not been tampered with.
Google's Gmail Suffers from Security Flaws
Google's Gmail service suffers from security flaws that make it trivial for attackers to
create authentic-looking spoof pages that steal users' login credentials. Google Calendar
and other sensitive Google services are susceptible to similar tampering.
A proof-of-concept attack, published by Adrian Pastor of the GNUCitizen, exploits a weakness in the google.com
domain that allows him to inject third-party content into Google pages. In the past,
Google's security team was among the more proactive in stamping out bugs that could put
their users at risk. The company is also among the more sensitive to reports in the press
and the blogosphere about gaping security holes.
Researchers Expect Hackers to Prey on Cellphones
Security researchers say cell phones, and not just PCs, are the next likely conscripts into the automated armies. The mobile phone
as zombie computer is one possibility envisioned by security researchers from Georgia Tech in a
new report coming out Wednesday.
The report identifies the growing power of cell phones to
open a new avenue of attack for hackers. Of particular concern is that as cell phones get
more computing power and better Internet connections, hackers can capitalize on
vulnerabilities in mobile-phone operating systems or Web applications.
Botnets, or networks
of infected or robot PCs, are the weapons of choice when it comes to spam and so-called
“denial of service attacks,” in which computer servers are overwhelmed with Internet traffic
to shut them down. For example, botnets were used against Estonia’s government and financial
Web sites in a devastating wave of attacks last year.
Oregon Warns Consumers of Banking Scam
This is close enough to home that we should be aware of it in case it (or something like it) affects us here.
The Oregon Department of Consumer & Business Services
(ODCBS) is warning Oregonians about a scam targeted at people looking for loans. According
to ODCBS, scam artists working under the name Oregon Bankers Lending Network are offering
loans that require an advance payment. However, victims who have wired money to the company
found no loans existed. Ten arrests were made and ten arrest warrants issued following a
raid by police officers at an apartment complex outside Toronto, Canada. Documentation of 21
fraudulent businesses was found related to the scams in Oregon.
Free Firefox Security Tool Upgraded
A popular free security tool for the Firefox browser has been upgraded to block one of the
most dangerous and troubling security problems facing the web today known as click-jacking.
NoScript is a small application that integrates into Firefox. It blocks scripts in
programming languages such as JavaScript and Java from executing on untrusted web pages. The
scripts could be used to launch an attack on a PC. Web standards groups are currently
working on HTML 5, a specification that will incorporate new features into the programming
language to accommodate future web design problems like this. But the standards process
moves slowly, and changes to HTML could break existing web pages.
Adobe Flash Player Update
Adobe has released Flash Player 10 to address a number of security concerns, including
clickjacking and clipboard hijacking vulnerabilities. The new version also corrects a bug
affecting Firefox 3 users.
Apple Releases Security Update
Apple has released Security Update 2008-007 in order to close numerous security holes in
Mac OS X 10.4 and 10.5. Some of the holes only affect the server versions, including a
critical hole in MySQL and ClamAV.
Conspicuous this time is the high proportion of critical
holes in open source components which have been closed for some time in the official
versions but are only being resolved by Apple several weeks later. A US-CERT advisory warned
of the hole in Tomcat in mid August. While Apple has offered version 2.2.9 of the Apache web
server for download since June 2008, it has only now incorporated it in the updates.
However, only Leopard clients and servers contain this server and it is not enabled by
default.
Microsoft Releases Patch Tuesday Fixes with New Exploitability Index
Microsoft pushes out 11 security bulletins as part of October's Patch Tuesday. Microsoft
also unveils its Exploitability Index, which includes information about vulnerabilities that
are likely to be exploited. Four of the 11 bulletin cover security issues are rated
critical.
The "Exploitability Index" appears as a new table on the monthly Microsoft Security Bulletin
Summary. Next to each bulletin is an additional rating based on how likely it is that the
vulnerability will be exploited. An additional column is for notes with extra information.
The critical bulletins cover remote code
execution issues in Internet Explorer, Active Directory, Host Integration Server's Remote
Procedure Call Service and Office Excel.
