New Statement of Fees Malspam

September 11, 2008

The Statement of Fees malspam campaign continues today with additional messages containing new Trojans. This round is distributing the W32/Autorun.AFC.worm malware which connects and downloads a file called lspr.exe.


Top Weekly News Spam

August 19, 2008

This morning we detected another spam campaign with a very similar motivation to the MSNBC and CNN spam attacks that were detected recently. The vector for infection is a re-direction to a phony video page. In this case the user is asked to download an update which appears to be a video codec identified as installer.exe or better known as Trj/Exchanger.  We expect that these type of attacks are only going to evolve over a period of time to be much more sophisticated.

VirusTotal Information


Fake Microsoft Internet Explorer 7.0 Update

August 6, 2008

A few minutes ago we discovered another spam campaign this time offering an update to Microsoft Internet Explorer 7.0. What’s interesting about this particular message is it appears to be in exactly the same format as to what was used to distribute the get_flash_update.exe as seen in some attacks. The message comes from the address admin@microsoft.comor so it appears to be. When you click on the link an executable with the filename update.exe is downloaded (this is a downloader Trojan).

File size: 139776 bytes
MD5…: 6b50dc99f2ca5e90ef6ecef9a25c6157
SHA1..: 464d7f2e540eafc2162293ad11b28ba8b91dd21b
SHA256: 9083a161e7e9fb25bd99d814cfafa953881b1249ad079040c5faf158a3b7f203
SHA512: 1c70fe117fb7a757807484bad7ab7400427433e0b9e1cceb05c72b194cb22e7d
PEiD..: –
PEInfo: PE Structure information( base data )
entrypointaddress.: 0x40254a
timedatestamp…..: 0x4898440b Tue Aug 05 12:14:03 2008
machinetype…….: 0x14c (I386)( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x33d2c 0x4a00 4.01 320f92325281cf38056300846e33e293
DATA 0x35000 0x1b020 0x1ae00 8.00 b2da8ac3f7624aaec4e58820ca98f3d1
.rsrc 0x51000 0x1000 0x600 6.54 5a86ae6138955d3b751ed9ef76093acd

Research Paper: Breaching Wireless POS Systems

August 2, 2008

Wireless networks and endpoints offer convenience and connectivity. Unless properly secured, they also offer a means of ingress into the network. This article will describe the vulnerabilities and strategies for mitigation as it pertains to protecting wireless point-of-sale systems.

In the wake of undiscovered data breaches and subsequent public exposure, hackers have begun to turn their eyes towards breaching wireless networks and taking advantage of their many weaknesses. Furthermore, we are seeing a trend towards stealing cardholder information from retailers through much publicized breaches such as TJ Maxx and Hannaford Brothers. According to the 2008 Data Breach Investigations Report by the Verizon Business Risk Team, 84% of the data compromised in documented breaches pertained to card holder information.

Read full article here: