Search results for 'app:weblogs' matching tag 'Alerts'

Outlook Web Access Social Engineering Malware Scam

Don — Thu, 15 Oct 2009 05:00:00 GMT

Websense® Security Labs™ ThreatSeeker™ Network has discovered a new wave of malicious attacks claiming to be an update for Microsoft Outlook Web Access (OWA). Victims receive a message leading to a site to apply mailbox settings which were supposedly changed due to a "security upgrade." The especially dangerous thing about these messages is that they are very deceiving. The messages and attack pages are personalized for the To: email address to imply the message is being sent from tech support of the domain. The URL in the email looks like it leads to the company's own OWA system. We have seen upwards of 30,000 of these messages per hour and they have low AV detection.

Alert Details

Federal Bureau of Investigation Warns Public of Fraudulent Spam Email

Don — Wed, 07 Oct 2009 05:00:00 GMT

The Federal Bureau of Investigation (FBI) has released information warning the public about fraudulent email messages purporting to come from the FBI or the Department of Homeland Security. These email messages contain a malicious attachment that claims to provide an intelligence report or bulletin, but in reality attempts to launch malware on the user's system.

More information regarding these messages can be found in the Federal Bureau of Investigation's New E-Scams and Warnings web site.

To help protect against this type of attack, US-CERT recommends that users avoid opening attachments contained in unsolicited email messages. Additional tips regarding email attachments can be found in the US-CERT Cyber Security Tip - Using Caution with Email Attachments.

Source: US-CERT

Update: Phishing scheme affecting some Hotmail customers

Don — Mon, 05 Oct 2009 05:00:00 GMT

Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.

Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.” If you believe you’ve been a victim of a phishing scheme, it’s very important that you update your account information and change your password as soon as possible. More information on what to do is available on this page at our support community.

Microsoft recommends customers use the following protective security measures:

Renew their passwords for Windows Live IDs every 90 days
For administrators, make sure you approve and authenticate only users that you know and can verify credentials
As phishing sites can also pose additional threats, please install and keep anti-virus software up to date

Full Story

Google Wave SEO Poisoning

Don — Wed, 30 Sep 2009 05:00:00 GMT

Websense Security Labs™ ThreatSeeker Network has detected that Google searches on terms related to Google Wave return results that lead to a rogue antivirus. Google Wave is the much talked-about, latest API hitting the collaboration scene today.

There's a lot of hype about the launch of Google Wave, not only because of the 'new' things it offers but also because Google invited only 100,000 lucky users to test the service. With that said, it's no surprise that users are enticed to this new application. Unfortunately, it's also no surprise that the bad guys are using this hype to manipulate search results.

Alert Details

Microsoft Security Essentials SEO Poisoning

Don — Wed, 30 Sep 2009 05:00:00 GMT

Websense Security Labs™ ThreatSeeker™ Network has discovered that search engine results for information on how to download Microsoft's recently released Security Essentials tool are returning links to Web sites that serve rogue AV.

Malware authors have used Search Engine Optimization (SEO) techniques to mix rogue search results in with legitimate results. For example, one of the rogue links is directly under a MSDN blog entry discussing Microsoft Security Essentials. The rogue redirects are hosted on compromised Web sites, including a Canadian publisher's Web site and the British Travel Health Association.

When a user browses to the compromised Web sites, so long as they have been referred by a search engine, they are redirected to malicious Web sites with domain names such as computer-scanner21 and computervirusscanner31.

An example of one of the payload files shows that AV detection is low. One such file is named Soft_71.exe (SHA1: 4e58a12a9f722be0712517a0475fda60a8e94fdc)
If the user downloads the application, a file with extension .tif is downloaded in the "program files\TS" directory as TSC.exe and system.dat (the .tif file is decrypted/decompressed and split).
The payload then executes "tsc.exe -dltest" apparently connects to a NASA Web site, to check internet connectivity.
Finally, "tsc.exe" is executed with no parameters, and the rogue AV starts. (In the background the original file is deleted).

Since yesterday the Websense ThreatSeeker Network has been monitoring SEO poisoning of search terms related to Microsoft Security Essentials. It appears that the malware authors set up a trial run of SEO poisoning techniques, before converting the redirects to deliver rogue applications today.

Alert Details

How do I monitor problems with replication?

Anonymous — Thu, 24 Sep 2009 05:00:00 GMT

When you setup a program or application then you have equal responsibility to monitor the process/problems too. Similar to this monitoring a replication topology is an important aspect of deploying SQL Server replication. As the process is distributed and it is essential to track activity and status across all computers involved in replication. We have bunch of tools that can help the user/DBA/Developer to monitor replication, they are: Replication Monitor: most important tool for monitoring replication,...(read more)

Fake Monopoly Game Downloader

Don — Mon, 21 Sep 2009 05:00:00 GMT

Websense® Security Labs™ ThreatSeeker™ Network discovered a new spam campaign that is targeting players of the Monopoly game.

The Monopoly World Championships take place every four years, and Las Vegas is the host city of 2009. Because the Monopoly Regional Championships are going on all over the world and many Monopoly enthusiasts take part, the spammers utilize this chance to play their tricks.

Our email honeypot systems detected over 30 thousand Monopoly spam messages on September 21, 2009 alone. The spam uses a social networking technique to "invite" you to play the online board game. It then provides a link to the fake Monopoly game download site, which in fact downloads a Trojan.

Alert Details

Labor Day Sale-Related SEO Poisoning Leads to Rogue Antivirus

Don — Sat, 05 Sep 2009 05:00:00 GMT

Websense Security Labs™ ThreatSeeker Network has detected that Google searches on terms related to Labor Day sales return results that lead to rogue antivirus software. Labor Day is one of the biggest holidays observed in the US each year. Retail sales events held during this weekend are some of the most anticipated throughout the country.

When Google is used to search for terms related to Labor Day sales, malicious URLs as high as the first result are returned. Upon clicking an affected search-result link, JavaScript code redirects the user to a Web site advising them that their machine is infected with viruses. It then proceeds to offer free (rogue/fake) AV software. AOL and ASK.com are also affected in a similar way.

Alert Details

The Cell Phone Forums of IT168.com Injection

Don — Tue, 25 Aug 2009 05:00:00 GMT

Websense® Security Labs™ ThreatSeeker™ Network has discovered that some well-known cell phone forums at IT168 in China have been injected with malicious JavaScript. The infected forum sites - including forums for Nokia, Motorola, and Sony Ericsson - are serving some exploits that target a number of vulnerabilities in the wild.

IT168.com is one of the largest mainstream IT information platforms in China, providing IT product price and market orientation information. It has a high Alexa rank of 170. The forums on the site, especially the cell phone bulletin boards, are very popular, and unsuspecting visitors to these sites can easily get infected.

Alert Details

Rumors of Emma Watson's Death Leading to Rogue AV Sites

Don — Mon, 27 Jul 2009 05:00:00 GMT

Websense Security Labs™ ThreatSeeker™ Network has discovered that a rumor claiming that the actress Emma Watson, made famous by the Harry Potter series of movies, died on the scene of a fatal car collision is spreading rogue AV sites on the Internet. The rumor itself is spreading rapidly through social networks such as Twitter.

The attackers have targeted the Google search engine via the Search Engine Optimization (SEO) poisoning technique: when a user searches for terms related to Emma Watson's death, the fake AV sites are returned as high as the fifth result on Google.

Alert Details