[SecurityRatty] tag: dupe

Web mail rivals at risk of password-reset hacks

Mon, 29 Sep 2008 00:00:00 +0000

Yahoo Mail isn't the only Web-based e-mail service that hackers could dupe into giving up passwords, the tactic that apparently was used to break into Alaska Gov. Sarah Palin's Yahoo account this month.

Adobe warns over bogus Flash Player installers

Mon, 04 Aug 2008 20:00:00 +0000

Hackers are trying to dupe people into downloading malicious software labeled as Adobe Systems' Flash Player, prompting a warning from the company.

Researcher warns of unpatched iPhone bugs

Wed, 23 Jul 2008 09:00:00 +0000

Security researcher Aviv Raff warned today that security flaws in the iPhone's e-mail and Web browser apps can be used by phishers to dupe users into visiting malicious sites or by spammers to flood the phone's in-box with junk mail.

Researcher warns of unpatched iPhone bugs

Tue, 22 Jul 2008 20:00:00 +0000

Security vulnerabilities in the iPhone's e-mail application and Safari Web browser can be used by phishers to dupe users into visiting malicious sites or by spammers to flood the phone's inbox with junk mail, a researcher warned Wednesday.

The Dutch Embassy in Moscow Serving Malware

Mon, 28 Jan 2008 13:07:58 +0000

The Register reports that the Royal Netherlands Embassy in Moscow was serving malware to its visitors at the beginning of last week :

"Earlier this week, the site for the Netherlands Embassy in Russia was caught serving a script that tried to dupe people into installing software that made their machines part of a botnet, according to Ofer Elzam, director of product management for eSafe, a business unit of Aladdin that blocks malicious web content from its customers' networks."

Let's be a little more descriptive. The only IP that was included in the IFRAME was 68.178.194.64/tab.php which was then forwarding to 68.178.194.64/w/wtsin.cgi?s=z. ip-68-178-194-64.ip.secureserver.net (also responding to lmifsp.com and foxbayrental.com) has been down as of 22 Jan 2008 18:56:38 GMT, but apparantly it was also used in several other malware embedded attacks. For instance, the IFRAME is currently active at restorants.ru. The secondary IFRAME is a redirector script in a traffic management script that can load several different URLs, to both, generate fake visits to certain sites that are paying for this, and a live exploit URL as it happens in between.

Historical preservation of actionable intelligence on who's what and what's when is a necessity. Here are for instance two far more in-depth assessments given the exploits URLs were still alive back then, discussing the malware embedded at the sites of the U.S Consulate in St. Petersburg, and the Syrian Embassy in the U.K.

Related posts:
MDAC ActiveX Code Execution Exploit Still in the Wild
Malware Serving Exploits Embedded Sites as Usual
Massive RealPlayer Exploit Embedded Attack
A Portfolio of Malware Embedded Magazines
The New Media Malware Gang
The New Media Malware Gang - Part Two
Another Massive Embedded Malware Attack
I See Alive IFRAMEs Everywhere
I See Alive IFRAMEs Everywhere - Part Two
Have Your Malware in a Timely Fashion
Cached Malware Embedded Sites
Compromised Sites Serving Malware and Spam
Malware Serving Online Casinos

Firefox hit with spoofing bug

Wed, 02 Jan 2008 21:00:00 +0000

A serious flaw in how Firefox handles logons could be used by identity thieves to dupe users into disclosing passwords, a noted security researcher said Wednesday.

Malware honeypots wait for '08

Tue, 01 Jan 2008 21:00:00 +0000

An innovative malware honeypot project backed by a leading consortium of IT security experts is preparing to re-launch its global sensor network after Jan. 1 in an effort to dupe more cybercriminals into handing over information about their latest attack methods.

Hackers quickly move to exploit Bhutto assassination

Thu, 27 Dec 2007 21:00:00 +0000

Within hours of yesterday's assassination of former Pakistani Prime Minister Benazir Bhutto, malware makers exploited the breaking news to dupe users into downloading attack code, security researchers said Friday.