What We’re Reading

Meta

Phishing Ecosystem

Taking a look at one of the thousands of malware samples we are processing everyday, we have found a Trojan that was looking for e-mail addresses, apparently nothing special. Unlike other Trojans, it was not looking for e-mail addresses in every location, but only in the valid contact list. All of them were saved in a text file and uploaded via FTP to the hacker’s server. The guy was fool enough to leave the ftp credentials in plain text, so we could access effortlessly.

We accessed the server, which was running a RedHat Linux distribution. Once there, we could see a few thousands of stolen e-mail addresses, plus some phishing pages belonging to different banks from Italy, Brazil, and some other countries:

The server contained some scripts to send out phishing e-mails to the stolen addresses, as well as to send the Trojan. So it was an easy task: send out the Trojan, wait for stolen e-mail data to come, send out phishing attacks and wait for the stolen credentials. And as I have mentioned before, this is just one of the thousands of malware samples we deal with everyday. Be careful.

Posted under Malware Alerts

This post was written by Ted on February 18, 2008

Tags: , , , ,

FirePack for the winter

Do you remember IcePack? It seems that some kits for installing malware are somehow “seasonal”, as we found IcePack in summer, and in late 2007 we found yet another one that suits better for winter, called FirePack:

FirePack 

Anyway it is not as advanced as other kits (IcePack, MPack , Traffic Pro, etc.) Furthermore, it is really expensive compared to other kits: 3,000$, while the official price for MPack is 1,000$, IcePack Platinum Edition 700$, Traffic Pro 40$ and IcePack Lite just 30$.

We have found two different versions so far, 0.11 and 0.17. This is what you can see when you log in the control panel; this is the Russian version, there is also an English version:

FirePack Control Panel

Posted under Malware Alerts

This post was written by Ted on February 14, 2008

Tags: , ,

Microsoft Updates for February

This month Microsoft has released 11 security bulletins (from MS08-03 to MS08-013). Six of them are rated as critical and five are Important. We recommend you to update your systems ASAP, as most of the vulnerabilities allow remote code execution.

Last Thursday's Security Bulletin Advance Notification included details on twelve issues however only eleven have been published. What has happened?

These bulletins updates the following software: LSASS, DirectShow, Internet Explorer, Macrovision Driver, JScript, VBscript, Office Suite, Media File Formats, Message Queuing Service.

Microsoft Security Bulletin Summary for February 2008 

Posted under Malware Alerts

This post was written by Ted on February 13, 2008

Tags:

« Previous Entries
Next Entries »

Search

Special Savings

Panda Internet Security 2009

Categories

-->