FedEx Delivery Notices Dropping Zeus and Fareit Trojans

Not all FedEx deliveries contain packages that users expect.

Security researchers at AppRiver have observed an uptick in spam messages that appear to be shipping notifications from FedEx, but in fact contain Fareit malware, an information stealer that targets email passwords and browser-stored passwords, as well as FTP credentials.

During AppRiver’s analysis, the malware also downloaded a copy of the ever-popular Zeus Trojan onto the infected machine.

According to Troy Gill, manager of security research, the messages appear to contain a shipping receipt for a package that the courier was unable to deliver. The attached file, while it does have .PDF in the name, is actually a file archive utilizing the open source file archiver 7zip. Inside the compressed archive, you will find an executable file (.exe) that contains the Fareit malware.

Continue reading

Facebook Phishing Attack

A successful phishing attack on Facebook has been uncovered by Netcraft researchers. The phishers used a page on a facebook subdomain that looked like a legitimate Facebook verification form to deceive victims into submitting their information.

The phishers have registered Facebook apps, and have managed to load the form inside it via iframes. The form is hosted on the crooks’ own servers, which also uses HTTPS, so no warnings about unsecure connections will pop up.

0000

To convince suspecting users who might enter wrong information to test the system, the form returns an “incorrect credentials” notification for the first time and on a second attempt forwards the submitted logon information to the phishers’ servers quietly on the background and tells the user that Facebook will contact them in 24 hours.

SOURCE: Zeljka Zorz | HELPNETSECURITY

Snapchat Suckered by Payroll Phishing Attack

SnapchatMessaging service Snapchat has admitted that sensitive financial information about some of its employees was phished after a member of staff fell for an email scam.

In a blog post on Sunday, the firm claimed that the phishing attack managed to con one of its employees into revealing payroll information about their colleagues.

“Last Friday, Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information,” it revealed.

“Unfortunately, the phishing email wasn’t recognized for what it was–a scam–and payroll information about some current and former employees was disclosed externally. To be perfectly clear though: None of our internal systems were breached, and no user information was accessed.” Continue reading

Spam Volume Falls in 2015

There’s no question that the threat landscape continues to widen when it comes to cybersecurity, but at least one arena has seen some improvement. The volume of spam email in 2015 actually decreased.email_spam

According to a Kaspersky Lab Security Bulletin, spam volume fell last year to 55.28% of overall email traffic—a decline of 11.48% on the previous year.

Further, more than three quarters (79%) of all emails sent were less than 2KB in size, which shows a steady decrease in email size for spam campaigns over the past few years. Continue reading

Average age of UK cyber crime suspect now just 17

The National Crime Agency (NCA)—essentially the UK’s version of the FBI—has revealed that over the past year the average age of a cyber crime suspect was just 17. In 2014, the average age was much higher: 24.

In an earlier operation targeting the users of the Lizard Stresser DDoS tool, all seven people arrested were under 18. Another crackdown, aimed at people using the Blackshades Remote Access Trojan (RAT) led the NCA to arrest 22 people of the average age of 18, with the youngest one being only 12 years old.

Fighting the problem of the growing number of teenage hackers, the agency has launched a multi-channel #CyberChoices campaign aimed at properly scaring the youngsters who could consider engaging in criminal activities online.

 

Continue reading

Simple Tips for Safe Holiday Shopping

According to security firm ESET, consumers can educate themselves to be aware when shopping online, and they should be following a basic set of best practices.

“As we enter the heart of the holiday shopping season, it’s extremely important to be a smart and safe shopper—especially online,” the company noted. “Cybercriminals prey on consumers who are unaware of the potential risks associated with shopping online.

ESET’s tips included the following:

Don’t be phished – Pay close attention to any spelling and grammatical errors in the body of the email, and also look at the sender’s email address. If you don’t recognize the sender, or didn’t sign up for emails from that address, do not respond.

Keep an eye out for vishing – never provide personal details over the phone; instead, call the supposed supplier back and ensure that you are speaking with a customer representative.

Pay attention to HTTPS – Always ensure sites are running web encryption through HTTPS as opposed to HTTP. Also, look for other signs of secure payment options such as Verified by VISA and any other types of two-factor-authentication. (2FA)

Say NO to search engine ads – Ad servers are regularly being breached by criminals who misdirect people who click onto malicious sites where they try to steal credentials or infect users in a drive-by-download attack.

Be wary of fake coupons – If there’s any doubt over the coupon’s authenticity, check official retail store websites or their social channels.

Also, consumers should always make to be careful what links they click on and where they buy products.

“Pay particular attention to tweeted deals that look too good to be true with shortened links (as they might be trying to lure you to a malicious website),” the company said. “If you’ve never heard of the seller before, look into them online and study their terms and conditions carefully because, as mentioned above, you need to be careful who you are buying from.”