Monthly Archives: April 2011

Facebook Admin E-mail

0
Posted by chris on Friday, April 15, 2011 – 11:34 AM
Filed under cybercrime, e-mail, Facebook, malware

Just in case you still think one day you may get a useful attachment in your e-mail, you should know it won’t be coming from someone claiming to be a Facebook Administrator. Here’s a scam e-mail I got this morning..

from: Administration of Facebook [official-no.893@facebook.com]
subject: Facebook Support. Personal data has been changed! No81864
attachment: Facebook_Password_INM.152.zip (99k)

body:

Security service of FaceBook.

Your password is not secure!
To secure your account the password has been changed automatically!
Attached document contains a new password to your account and detailed information about new security measures.

Thank you for attention,
Your Facebook

He was astonished at the ease with which he twisted Deane upon his back and put the handcuffs about his wrists.The work was no sooner done than he understood. A rag was tied about Deanes head, and it was stained with blood. The mans arms and body were limp. He looked at Billy with dulled eyes, and as he slowly realized what had happened a groan broke from his lips. In an instant Billy was on his knees beside him. He had seen Deane twice before, over at Churchill, but this was the first time that he had ever looked closely into his face. It was a face worn by hardship and mental torture. The cheeks were thinned, and the steel-gray eyes that looked up into Billys were reddened by weeks and months of fighting against storm. It was the face, not of a criminal, but of a man whom Billy would have trusted– blonde-mustached, fearless, and filled with that clean-cut strength which associates itself with fairness and open fighting.

That’s kind of weird, isn’t it. I mean do they think this little piece of a story will make you lose all control and run the attached virus file? Maybe the author is looking for a book deal and wants to steal a publishers identification. Either way, do not open the attachment, it contains a virus/trojan. At the time of this writing, 25 of 42 antivirus programs detect it, according to VirusTotal

One final thought. Facebook has come under major attack lately. By now you should know better than to ever open an attachment from anyone you don’t expect to get one from. I would also go a step farther, and not click on any links that come in e-mails claiming to be from Facebook. Just go directly to Facebook, either by typing in the address yourself, or using a bookmark YOU created yourself.
Stay Safe

Fake Xvid Update Serving Up Malware

4
Posted by chris on Sunday, April 10, 2011 – 10:52 PM
Filed under adware, cybercrime, malware, scams, video, virus
Tagged as , , , , ,

I’m going to make this short and sweet to get the word out there. I will delve further into what actual malware is being served and what the effects are at a further date.

The following image was taken from a screen shot I made. It shows the fake video player that shows a rotating “waiting” graphic and pretends that it can’t load the video because it needs to be updated.

I knew this was a threat because I’m also a video editor and I keep all my codecs up to date. However, I thought I would pursue this further so I could see what file was going to be installed. Then I could run analysis on it and report my findings here. But I was running ESET NOD32 and it recognized this page was a threat and also blocked whatever this page tried top send me. You can see the results below.

Fake xvid page block

So just don’t update your video player through any website that claims your video player needs to be update to view an online video. I would imagine there will be variations of this soon. Like fake Quicktime Player or Windows Media Player updates. I will grab a copy of the file this site is trying to distribute, for further analysis, later and post my findings here. That’s going to take some time and I have seen this fake xvid update a couple times now and decided I should spread the word sooner rather than later.