Globo.com , one of the top 10 portal of Brazil , has been hijacked by cyber criminals and users are being redirected to a website that displays spam ads, reports Sucuri.
The Users who visit the main domain and sub-domains(etc.globo.com, g1.globo.com,..) are being redirected to the pagesinxt.com - The domain appears to be registered in 2011 displays ads about internet, hosting, antivirus.
The sucuri says "redirection has been going for a few hoursat least and we detected it for the first time around 8am EST and it is still live four hours later (noon EST)". Yes, The website still redirects users to the ads-displaying page.
Researchers identified an external script "hxxx://sawpf.com/1.0.js" which is being loaded in the site causes the redirection.
It appears the cybercriminals have hijacked the sawpf.com and modified the scripts such that it redirects to the target website.
This is another incident that reveals why you should be careful on the Internet. A British woman fell prey to a phishing scam and lost her £1million life savings.
The victim unwittingly handed over her personal details to fraudsters after receiving a bogus bank notification email.
Tamer Abdelhamid, the fraudster who stole the personal data then sold the info to Nigerian national, Rilwan Oshodi. A 26 year old woman from Sierra Leone used the data to change the bank details by pretending to be the victim.
Detectives seized Oshodi's computer during a raid on his home with details of more than 11,000 credit cards, according to DailyMail report.
The fraudsters purchased cheeseburgers, high-end computers, gold with the stolen money. They are facing jail for their roles in the scam.
[Spam alert] While everyone horrified by the Boston Marathon bombings, the heartless cyber criminals ready to take advantage of this tragic incident and started to spread spam mails.
Earlier Today i received two mails with subject related to Explosions at Boston Marathon. The mail had nothing other than a link to external page [IP_address/boston.html]
When i tried to visit the "85.198.81.**/boston.html" page, the page with title "Hot News::Videos of Explosions at the Boston Marathon 2013" displayed some legitimate youtube videos .
But, in background, the page load an iframe to a malicious page where the java exploit is being hosted. Anyway, i am not able to download the .jar file because it is unavailable when i try to download.
It seems like the same link is being used in the spam mail received by Kaspersky Lab. Kaspersky analyzed and found that malware tries to connect to several IP addresses in Ukraine, Argentina and Taiwan.
Earlier Today i received two mails with subject related to Explosions at Boston Marathon. The mail had nothing other than a link to external page [IP_address/boston.html]
When i tried to visit the "85.198.81.**/boston.html" page, the page with title "Hot News::Videos of Explosions at the Boston Marathon 2013" displayed some legitimate youtube videos .
But, in background, the page load an iframe to a malicious page where the java exploit is being hosted. Anyway, i am not able to download the .jar file because it is unavailable when i try to download.
It seems like the same link is being used in the spam mail received by Kaspersky Lab. Kaspersky analyzed and found that malware tries to connect to several IP addresses in Ukraine, Argentina and Taiwan.
If you are using Social Media widget plugin in your WordPress site, make sure to remove it immediately. Sucuri has discovered that the plugin is being used to inject spam into your site.
The Social Media Widget is a simple sidebar widget that allows users to input their social media website profile URLs and other subscription options to show an icon on the sidebar to that social media site and more that open up in a separate browser window.
It is one of the popular plugin with more than 935,000 downloads, it means thousands of WordPress sites are affected.
According to Sucuri malware report, the plugin has a hidden call to a malicious url "hxxp://i.aaur.net/i.php", which is used to inject "Pay Day Loan" spam into the websites running the plugin.
The malicious code was added only in the latest version of the plugin , SMW 4.0. Users are recommended to remove the plugin from their sites. The plugin has been removed from the WordPress Plugin repository.
The fight between a spam fighting company called "Spamhaus" and a web hosting company called "Cyberbunker" has slowed down a majority of the internet by making DNS resolving slow.
The reason behind the attack is that Spamhaus added the IP addresses of cyberbunker to its "spam" list due to Cyberbunker allowing almost any sort of content to be hosted hence also maybe the source for spam. So Cyberbunker attacked back and this attack also affected normal internet users.
The attack was possible because of the large number of vulnerable DNS servers that allow open DNS resolving.Simply put an attack exploiting this type of vulnerability makes use of the vulnerability of the DNS server to increase the intensity of the attack 100 fold.
The origins of these type of attacks goes back to the 1990's to an attack called "smurf attack"
But now the attack method has become more efficient and uses DNS amplification to flood the victim with spoofed requests which are sent to the DNS servers by using a botnet of compromised computers.The attack at its peak reached a speed of 300 Gbps making it the largest DDOS attack in history.
Cyberbunker which claims itself to be a supporter of free speech and defender against the "big bullies" seems to have now have stooped down to their level of using aggressive offensive methods that affect the normal functioning of the internet.This is not the way to go !
The people who run DNS resolvers are also equally responsible for these attacks as its their vulnerable servers that make these attacks possible, the internet community should come up with a PERMANENT solution to this problem.
Please read cloudflare's blog post for a detailed analysis : http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
The reason behind the attack is that Spamhaus added the IP addresses of cyberbunker to its "spam" list due to Cyberbunker allowing almost any sort of content to be hosted hence also maybe the source for spam. So Cyberbunker attacked back and this attack also affected normal internet users.
The attack was possible because of the large number of vulnerable DNS servers that allow open DNS resolving.Simply put an attack exploiting this type of vulnerability makes use of the vulnerability of the DNS server to increase the intensity of the attack 100 fold.
The origins of these type of attacks goes back to the 1990's to an attack called "smurf attack"
But now the attack method has become more efficient and uses DNS amplification to flood the victim with spoofed requests which are sent to the DNS servers by using a botnet of compromised computers.The attack at its peak reached a speed of 300 Gbps making it the largest DDOS attack in history.
Cyberbunker which claims itself to be a supporter of free speech and defender against the "big bullies" seems to have now have stooped down to their level of using aggressive offensive methods that affect the normal functioning of the internet.This is not the way to go !
The people who run DNS resolvers are also equally responsible for these attacks as its their vulnerable servers that make these attacks possible, the internet community should come up with a PERMANENT solution to this problem.
Please read cloudflare's blog post for a detailed analysis : http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
Cyber Criminals now started to abuse the Google's blog-publishing service Blogger for spreading their Sex Tape spams in the Facebook. Today, E Hacking News come across two facebook spam posts that links to a Blogspot address.
In one of the Justin Bieber sex tape spam, the cyber criminals used the title of the video link as "Watch Justin bieber s3x tape" and posted "I can't believe this is for real , omg is this true" from the victim accounts.
When a user click the link , it leads to a blogspot page redirects to a malicious survey scam page where user asked to click a button & copy the content of the address bar and submit for verification.
If the user do as instructed in the page, soon he will find himself as a victim of Facebook spam and his account will be used for spreading the spam post.
Previously, we have detected that the scammers abused the Tumblr for spreading the spam in facebook .
