2012 December 10 | Security Intelligence

December 2012
S	M	T	W	T	F	S
« Nov		Jan »
	1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

Dec10

Facebook Spam Leverages, Abuses Instagram App

10:26 am (UTC-7) | by Ruby Santos (Fraud Analyst)

The downside of popularity is that cybercriminals tend to abuse it for their own nefarious ends. Case in point, social networking sites have been often used to proliferate malware. Just recently, we spotted a Facebook clickjacking attack that leverages and abuses Instagram to point users to malicious websites.

Users encounter this threat by being tagged in a photo posted by one of their contacts on Facebook. The post states that users can know who visited their profile on Faceboofk and how often. It also includes a photo posted via Instagram.

We noticed that the photo and the names used in the “Recent Profile Views” (see below) are used repeatedly for other attacks.

Should users decide to click the link, they are lead to a page with instructions on how to generate the verification code. Once done, a pop-up window appears, which is actually the Instagram for Facebook app asking users to click “Go to App” button. Once done, it redirects users to a page that looks like the Facebook Home page.

Read the rest of this entry »

Posted in Bad Sites | TrackBacks (2) »

Dec10

Latest on Police Ransomware – It Speaks!

3:47 am (UTC-7) | by Trend Micro

Yes, it does. And depending on where you are located, it can even speak in your mother tongue.

As discussed in our paper Police Ransomware Update, the people behind police Trojan/Ransomware have implemented improvements to make this threat more effective. Gone are the days when ransomware simply showed a message that users’ systems are “captured” and that they have to pay for a fee to have them back.

These days, this new breed of ransomware notifies users of the fee (or ransom) under the guise of the victim’s local law enforcement agencies. Thus, a user with a ransomware-infected system from France will get a notification from the Gendarmerie Nationale, while a US-based one will likely receive a message from the FBI.

To level up the ante, we received a report that a new police Trojan variant even has a “voice”. Detected as TROJ_REVETON.HM, it locks the infected system but instead of just showing a message, it now verbally urges users to pay. The user won’t need a translator to understand what the malware is saying – it speaks the language of the country where the victim is located.