Posted by chris on Sunday, April 10, 2011 – 10:52 PM
Filed under adware, cybercrime, malware, scams, video, virus
Tagged as adware, cybercrime, divx, malware, virus, xvid
I’m going to make this short and sweet to get the word out there. I will delve further into what actual malware is being served and what the effects are at a further date.
The following image was taken from a screen shot I made. It shows the fake video player that shows a rotating “waiting” graphic and pretends that it can’t load the video because it needs to be updated.
I knew this was a threat because I’m also a video editor and I keep all my codecs up to date. However, I thought I would pursue this further so I could see what file was going to be installed. Then I could run analysis on it and report my findings here. But I was running ESET NOD32 and it recognized this page was a threat and also blocked whatever this page tried top send me. You can see the results below.
So just don’t update your video player through any website that claims your video player needs to be update to view an online video. I would imagine there will be variations of this soon. Like fake Quicktime Player or Windows Media Player updates. I will grab a copy of the file this site is trying to distribute, for further analysis, later and post my findings here. That’s going to take some time and I have seen this fake xvid update a couple times now and decided I should spread the word sooner rather than later.
Posted by chris on Saturday, April 10, 2010 – 10:15 PM
Time to add another fake e-mail to the long list of social engineering e-mail scams. This one looks like this.
Subject 4912-3337 Apple AppStore Confirmation
Sender Apple Up-To-Date Add contact
Apple Store
Call 1-800-MY-APPLE
#4368-66525
Order Details
You can also contact Apple Store Customer Service or visit online for more information.
Visit the Apple Online Store to purchase Apple hardware, software, and third-party accessories.
Copyright 2010 Apple Inc. All rights reserved.
This one wants you to click on the order details link, which I have removed, but if you look at the “Order Details” link more closely, you will see that it doesn’t go to the apple store but links to some place called goofbomb. I don’t feel like testing out my anti-virus or risk getting a 0-day virus or some malware, let’s just assume it’s a bad place. So keep your eyes out for this and other e-mails that claim you have purchased something, or missed a delivery, and gives you a link to your “order” or has an attachment for you to open. Quite a few of these going around these days.
Surf Safe
Posted by chris on Sunday, February 7, 2010 – 1:50 AM
Last night I saw a banner ad for a “new” version of Risk. I use to play Risk, the board game, many years ago and thought this looks like fun. So I downloaded and installed it. With in a couple of minutes, ESET NOD32 was blocking downloads from a site I wasn’t at. Next time I went to use google to search for something, my search results were being redirected. Looks like it installed some malware on my computer. Most likely it’s some sort of XSS cross scripting exploit.
Read More »
Posted by chris on Wednesday, December 16, 2009 – 10:20 AM
Filed under malware, virus
Tagged as malware, virus
Just got an e-mail that says it’s from e-cards@hallmark.com with the subject: You have received A Hallmark E-Card! It had an attachment called Postcard.zip which was identified by my antivirus, I use NOD32 by E-Set
__________ ESET NOD32 Antivirus warning, version of virus signature database 4693 (20091216) __________
Warning, ESET NOD32 Antivirus found the following threats in the message:
Postcard.zip – probably a variant of Win32/Merond.AA worm – deleted
Postcard.zip > ZIP > document.chm .exe – probably a variant of Win32/Merond.AA worm – was a part of the deleted object
This came from one of my works TV affiliates mailing list. So I am guessing it is one that goes through your address book and sends itself to everyone on there.
Figured this was also a good time to remind people to be careful with any “e-cards” they get. Watch out for infected attachments, as was the case with this one, and watch for links that send you to websites designed to infect you or steal your identity / information.
