Recently in Miscellaneous Category

There seem to be quite a few of these in circulation over the past day or so:

Download the latest version! <URL Removed>

About this mailing:
You are receiving this e-mail because you subscribed to
MSN Featured Offers. Microsoft respects your privacy.
If you do not wish to receive this MSN Featured Offers e-mail,
please click the "Unsubscribe" link below. This will not
unsubscribe you from e-mail communications from third-party
advertisers that may appear in MSN Feature Offers.
This shall not constitute an offer by MSN. MSN shall
not be responsible or liable for the advertisers' content
nor any of the goods or service advertised. Prices and item
availability subject to change without notice.

2008 Microsoft | Unsubscribe <http://www.msn.com>  |
More Newsletters <http://www.msn.com>  |
Privacy <http://www.msn.com>

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052


As you might have guessed, it's fake. Microsoft don't send out EMails asking you to download files from random, non-Microsoft websites. This:

ie71.jpg

....is not what it appears to be. Run the file, and instead of IE7, you're actually more likely to see a fake antivirus program appear on your desktop:

top106.jpg

Click to Enlarge

By the time you see this, its probably too late.  This threat also i known to send the user fake infected alerts to provoke the victim into buying the product.  It also utilizes the Sysinterals fake Blue Screen of Death Screen Saver to scare the victim.  As you can see below, there have been several options taken out of the desktop properties window to hinder users from restoring the default settings.

background.png

This particular product is detected by us as Fake.AV, and is also being pushed quite heavily via the recent CNN videos scam. You can see another example of these emails here. There is more than one URL being used for this attack, so be alert!

Additional Research: Chris Mannon, Senior Threat Researcher

Anybody out there that uses Twitter will be pleased to know you can now wrap all your security people into a big ball of twitterness (or something) via this handy list. I never thought I'd reach the heady heights of "security twit", but there you go...!

Word Of The Year

| | Comments (0)

It's always a little quiet with regards interesting spyware stories at this time of the year - probably because the bad guys are taking a three week break from hacking, phishing and cracking while they eat gigantic turkeys on their luxury cruise liners in the Bahamas or whatever - so here's a little missive that caught my eye this morning.

According to this (rather surreal) press release, Merriam-Webster has selected "W00t" as Word of the Year.

My question is - what took them so long?

Hotmail / EBay Follow Up

| | Comments (0)

Earlier today I posted this regarding compromised EBay / Hotmail accounts. Well, check this out:

http://blog.spywareguide.com/upload/2007/11/listingebay2-thumb.jpg
Click to Enlarge

.....guess this confirms the intentions behind all these hijacks.

If you happened to login to Hotmail recently, found yourself locked out and presented with this at the Password Reset screen:

http://blog.spywareguide.com/upload/2007/11/htmail1-thumb.jpg
Click to Enlarge

...yes, your secret question is now in Chinese...then don't panic, because you're not alone. There seems to be a little outbreak of Hotmail accounts being compromised (likely via Phishing, though we have no evidence of the method used yet), and then from there, EBay accounts are hijacked. Most likely, this is to use those EBay accounts to sell dubious merchandise (or, more likely, pretend to sell merchandise then run away with the profit, leaving you with bad feedback galore).

Here's someone back in October complaining about it, and you'll see a few others at the end of the comments section here with the same problem. In all cases, you should go here to get help reclaiming your Hotmail account and go here to chat with EBay Live Support.

There's been quite a bit in the news recently about Habbo Hotel, and while there are some interesting tools out there designed to swipe login details, I find....

habscam1.jpg

....that, despite all the warnings....

habscam2.jpg

.....quite often, the easiest way to cheat people out of their login details....

habbostoled2.jpg

....is to ask for them.

I'd like to tell you the rest of that page didn't consist of people hurling their login details at the original poster.

Sadly, I'd be lying.

.....well, not just DRM, but a lot of issues currently surrounding the music industry in general, too. Presenting - A Brief History of Rock and Roll Suicide.

It's worth remembering that it's not just social networking sites like Myspace that get all the hacker-style attention. Recently Friendster has had its fair share of wobbles, too.

From about July to August of this year, a virus was doing the rounds called "Saviour of the Seoul", which (at first glance) would likely seem to be a calling card for Korean hackers. Now, because I happened to do my University Dissertation on 20th Century Hong Kong Cinema - don't ask - I can add a little bit more to the thinking behind this, because I know that "Saviour of the Seoul" is a sly reference to a particularly crazy film from the early 90s resurgence of HK Cinema, called - obviously enough - "Saviour of the Soul" (minus the "e"). It makes no sense whatsoever, but it's very pretty. Anyway, for no good reason, our leet hax friends decided to name their virus after this film. If you had this appearing in your profile page code:

savioursoul.jpg

...then you'd have the words "Saviour of the Seoul" sitting in the bottom corner of your profile, quite often while the rest of the page remained blank. The only way to fix your profile at that point would be to scrub everything and start all over again.

There also seemed to be a slightly different version of this attack, where you'd have an image file placed on your profile instead:

savsoul1.jpg

...don't those Smileys look grumpy?

Anyway, over here, we have an apparent redirect to a .za domain. And finally, we have a rash of comments being posted to profiles that seems to say "hello", seemingly mixed in with some choice insults. To date, this final profile attack is still ongoing - we're looking into it, and will report back with any new findings...

Crazy Discussion

| | Comments (0)

I'm not a fan of double-posting material both here and on Vitalsecurity.org, but I did think it worth giving a repeat mention to the fact that there's all sorts of action going on in the comments section of this blog post on the Sunbelt Blog. Well worth a read.

I've been offline most of last week due to my testbox pretty much exploding, and am currently stuck with using dialup to get online.

And what a horrendous experience it is. It's sort of strange to think we were all stuck using this not so long ago, and it's easy to forget how infuriating a PC hijack would be if still on dialup. I've tested pretty much every kind of PC hijack imaginable, and even in the worst case on broadband, I was still able to browse the Net. Sure, the browser itself would usually take about five minutes to open up due to all the garbage installed, but once running, you could view web pages in a fairly functional fashion (well, apart from the occasional redirect to a gambling website or whatever).

Hand someone the same situation while on dialup, however, and I don't think they'd have much of a choice but to clean up. A few browser redirects and maybe an additional popunder browser / window while using broadband isn't generally going to make much of a difference to a DSL user, but apply the same scenario to someone on a dialup modem (where every last kb counts) and you're not going to get very far.

Now, I do know people who have all sorts of junk on their computer, but don't bother to get their PCs cleaned out because, in their own words, "I can still get online" thanks to their broadband.

Maybe we should stick them back on dialup for a week....

Pages

About this Archive

This page is a archive of recent entries in the Miscellaneous category.

Instant Messenging is the previous category.

Myspace is the next category.

Find recent content on the main index or look in the archives to find all content.