リンクをクリックすると、図 2 のように感染した Web ページが開きます。この Web ページには、事件現場を収めた一連のビデオが表示されています。ページの最後には、読み込み途中のビデオがあり、Red 悪用ツールキットにリンクされています。これが、ユーザーのコンピュータ上でさまざまな脆弱性を悪用します。悪用に成功すると、boston.avi_______.exe というファイルのダウンロードするよう求めるポップアップが表示されます。
図 2. 感染した Web サイト
スパムメールメッセージには、以下のような件名が使われています。
件名: 2 Explosions at Boston Marathon(ボストンマラソンで 2 度の爆発)
件名: Explosion at Boston Marathon(ボストンマラソンで爆発)
件名: Explosion at the Boston Marathon(ボストンマラソンで爆発)
件名: Boston Explosion Caught on Video(ビデオがとらえたボストンマラソン爆発の瞬間)
Contributor: Christopher Mendes
On the afternoon of April 15, 2013, just when many people were on the cusp of conquering another personal milestone by completing the Boston Marathon, they were hit hard by an act of cowardice. Two bombs struck near…
Phishers continue to target Indian movies with phishing scams. The phishing site featuring the movie “Bodyguard” is one example, and this month Symantec observed a phishing attack in which phishers used a song from the Telugu movie “Brindavanam” as bait.
The phishing site displayed a picture of a musical number from the movie “Brindavanam” starring Telugu actresses Samantha and Kajal Aggarwal in the left side of the phishing page. There is also a plot summary of the movie below the image. The phishing page then encouraged users to enter their login credentials stating that, after logging in, they could watch the video. The pictured musical number from the movie was taken from the legitimate movie website. After login credentials are entered, users are redirected to this legitimate movie website which features the same video. Due to the popularity of this musical number, and the star cast, phishers were probably hoping for a large audience, increasing the number of user credentials they could steal.
The phishers’ redirection to a legitimate Web page is to create the illusion of a valid login for duped users. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes. The phishing site was hosted on server based in Montreal, Canada.
Users are advised to adhere to the following best practices to avoid phishing attacks:
Do not click on suspicious links in email messages
Do not provide any personal information when answering an email
Do not enter personal information in a pop-up page or screen
Ensure the website is encrypted with an SSL certificate by looking for the padlock, “https”, or the green address bar when entering personal or financial information
Update your security software frequently (such as Norton Internet Security which protects you from online phishing)
Contributor: Sandeep Ingale
When it comes to financial organizations, being informed about best security practices is every customer’s right. Many organizations provide this information on their websites to help their customers learn how to take …
Following the recent discovery of Android/Chuli.A, yet another Android malware has now been found using the same method as Chuli.A: via forged email messages with the Android malware (APK file) as an attachment. However, instead of creating a standalone malicious application that shows a fake invitation about an upcoming congress, this time the attackers compromised Read more…
Last week, we noticed thousands of malware files in the wild that employ a simple phishing attack by modifying the hosts file on Windows systems. What’s interesting, however, is the technique chosen by the malware authors to distribute their payload. The samples in question (Example MD5: 34d9b42bfd64c6f752fe27eef8d80c5f) are packaged in a ZIP file along with Read more…
The Android threat landscape continues to evolve in 2013. To distribute Android threats, malware authors are transitioning away from attacking traditional vectors like the Google Play Market and third-party Android markets to vectors like spam and phishing emails and SMS. Recently a new information-stealing Android malware was found being distributed as an attachment in emails Read more…
Contributor: Avdhoot Patil
New methods to entice victims into handing over their personal information are always being devised by the people behind phishing websites and the use of fake social networking applications is always popular.
During the past …
Com a renúncia de Bento XVI e da eleição do novo pontífice da Igreja Católica, Francisco I, nas últimas semanas o Vaticano tem aparecido nos principais noticiários. O interesse gerado por este tema tem chamado atenção dos spammers, que aproveitam o momento para espalhar malware na web.
O Symantec Security Response tem observado que atacantes estão distribuindo spams que direcionam os usuários a um site que hospeda o ‘Kit Exploit Blackhole’. A boa notícia é que a Symantec já oferece proteção para esta ameaça.
A mensagem maliciosa afirma ser de um canal de notícias bem conhecido. As seguintes linhas de assunto são usadas neste ataque:
Assunto: Opinião: O novo Papa Bento pode ser processado por casos de abuso sexual? – [REMOVIDO]
Assunto: Opinião: Novo papa e autoridades do Vaticano processados por suposto abuso sexual! – [REMOVIDO]
Assunto: Opinião: Novo Papa processado por não usar cinto de segurança no Papamóvel … – [REMOVIDO]
Os domínios utilizados no e-mail foram recentemente registados. Ao clicar no link da mensagem, o usuário é direcionado para um site malicioso que hospeda o malware. A imagem seguinte é uma captura de tela do e-mail malicioso (em inglês):
Abusar da popularidade de uma agência de notícias conhecida aumenta as chances de um ataque bem sucedido. No entanto, a Symantec oferece proteção multinível adequada contra essa ameaça. As recomendações dos especialistas da companhia são não abrir e-mails não solicitados e manter o software de segurança atualizado, a fim de manter-se protegido contra as ameaças on-line.
