phishing | Page 4


I had always wanted to look into Firefox OS. It's done. I created my first application. What kind of application does a reverse engineer write as first app? A CrackMe of course. You can try it: the sources are available here. But, honestly, it is really a very (very) simple CrackMe, as my real goal was to get acquainted with Firefox OS, and understand the possible risks in terms of malware. We, anti-virus analysts, won't need disassemblers or decompilers for Firefox OS malware That's cool, isn't it (although part of the mystery of our job is... [Read More]
by RSS Axelle Apvrille  |  Jul 30, 2012  |  Filed in: Security Research
We recently had a company contact us regarding an email they received from their bank. The company's access to its online banking account was blocked by its bank due to fraudulent activity observed through the account. A screenshot of the email received can be seen below. What I found extremely strange and suspicious about the email, and set the alarm bells ringing in my head, was the fact that the email contained 5 zip-compressed images as attachments. After going through it a second time, even the Anti-Virus link started to feel suspicious. Even... [Read More]
by RSS Ruchna Nigam  |  Jul 30, 2012  |  Filed in: Security Research
Last week the security world was abuzz with news of a new attack vector for mobile attacks. The malware was sent to the accounts of Tibetan human rights advocates and activists from the hacked account of one of the activists regarding the the World Uyghur Congress (WUC) Conference that took place in Geneva from 11-13 March, 2013. What made the piece of malware particularly interesting was the targeted nature of the attack, once again highlighting the political aspect of cyber warfare and making us question whether governments and legitimate organizations... [Read More]
by RSS Ruchna Nigam  |  Jul 30, 2012  |  Filed in: Security Research
Many security and technology writers have had similar thoughts as this author has in regards to Yahoo's plan to recycle inactive email addresses (my previous post is here if you'd like to take a look). In response to Mat Honan's of Wired query to Yahoo for more comment, Yahoo made the following statement: "Our goal with reclaiming inactive Yahoo! IDs is to free-up desirable namespace for our users. We're committed and confident in our ability to do this in a way that's safe, secure and protects our users' data. It's important to note that the... [Read More]
by RSS Richard Henderson  |  Jul 30, 2012  |  Filed in: Industry Trends
While an invaluable communication tool, email remains one of the most effective and reliable threat vectors around. The reason? It still works. It's no secret email is the gateway to sensitive customer information, crucial databases and other valuable data. Attacks that leverage email as the initial point of entry provide lucrative returns for their operators. The email security market has little room to be complacent. Email security continues to evolve to keep up with increasingly sophisticated, multi-faceted threats and counteract stealth malware... [Read More]
by RSS Stefanie Hoffman  |  Jul 30, 2012  |  Filed in: Industry Trends
Yahoo announced last week that they're going to release what may be hundreds of thousands of inactive or unused @yahoo.com email addresses starting next month. While on the surface this seems like a good idea, it's really not. Here's a personal story that shows what can happen when a company decides to recycle unused email addresses: I had a friend years ago who wanted to sell some things on eBay, but was absolutely flummoxed as to what to do. So I walked her through the whole process. When it came to accepting payments, she asked if she could... [Read More]
by RSS Richard Henderson  |  Jul 30, 2012  |  Filed in: Industry Trends
If you have an email account, it's pretty much guaranteed that you've seen a scam email... or worse, fallen prey to one. There is a big percentage of emails in cyberspace that belongs to the scam category. Emails that asks you to fill-out a survey form for a chance to win a vacation of a lifetime. Perhaps you've received an email that asks you about your financial information because they want to give you a big inheritance. Maybe it's an email that wants to let you in on an online deal that seems too good to be true. But scamming is not confined... [Read More]
by RSS Raul Alvarez  |  Jul 30, 2012  |  Filed in: Industry Trends
There are many dangerous threats lurking in cyberspace today, from software vulnerabilities and exploits, to viruses and botnets. Among these threats are phishing attacks, an electronic communication scam that attempts to secure highly personal information such as credit card info, user names and passwords by assuming the identity of a trustworthy entity. The trustworthy entity can be anything from a friend, who's email account has been compromised, to large legit corporations such as banks and online retailers such as Amazon and eBay. A typically... [Read More]
by RSS Derek Manky  |  Jun 07, 2011  |  Filed in:
AV Lab's honeypots have just started catching new malware seeding campaigns leveraging vaccination profiles for the H1N1 virus. The message is sent as a notification from the "Centers for Disease Control and Prevention (CDC)". Because the sender's email is spoofed and because the URL leading to the rogue website contains a "gov" subdomain, which can be mistaken for the top-level domain, the message may seem plausible to many people. Here is what the email looks like: From: "Centers for Disease Control and Prevention (CDC)" <info-mess-id:01203428med@cdcmails.gov>... [Read More]
by RSS Karine de Ponteves  |  Dec 01, 2009  |  Filed in: Security Research