The Big Business of Spam: Adulterers beware, scammers may be targeting you

As you have probably heard by now, a group of hackers who call themselves The Impact Team recently breached the systems of Avid Life Media (ALM), and stole sensitive data from AshleyMadison.com. The group has since published a large cache of data that includes personal information from members of the site, and are making that data available online for download. To make the situation worse, opportunistic scammers are looking to capitalize on this unique opportunity for a financial gain of their own. To start, the scammers will send phishing emails suggesting that they have information on the recipient that will expose them as an AshleyMadison user. The scam methods they’re using are quite simple and common, yet highly effective when used as a scare tactic like this. Spammers often buy full lists of verified addresses (email addresses in this case) after a large breach, then target and attempt to solicit the users. Here’s how this particular scam works: An unsuspecting user will get an email titled – “Recent data leak, your details are there!” (image below) Once the user opens the email, they will see a note that implies that their personal information has been leaked along with the other 37 million people. At the end of the note, they are directed to click on a link that will direct them to a page that offers services from UnTraceMe. From there, they are directed to pay a fee of $19.95 to get their information secured and removed. (image below) After a spooked user agrees to pay the fee and clicks on the link provided, they are then directed to use a PayPal-like site to pay the fee and “secure their information.” (image below) What folks don’t know is that the leaked data can be retrieved by just about anyone, and will not disappear no matter what ransom is paid. At this time, Barracuda Labs has blocked over 1000 emails similar to the one imaged above, and depending on the monetary success that the spammers...

read more

Home Depot shoppers: check your credit card statements now

Another big-brand retailer has been notified that their customers’ payment information got stolen:  Home Depot stores appear to be the latest source of stolen credit or debit cards on sale in the cybercrime underground. (Update: rescator[.]cc just updated another bulk of credit cards for sale today as of Sept. 4th, 2014.) As of today, at least five other stores have enrolled in the Get-Your-Customers-Credit-Cards-Stolen Club in the past 12 months, and this distinguished list includes: Target,Neiman Marcus, Michaels Stores, Sally Beauty, P.F. Changs. Figure: The 6 retailer stores had data breaches in last 12 months “Protecting our customers’ information is something we take extremely seriously, and we are … working to protect customers.” Home Deport representative responded on this issue. We certainly hope these stores will be serious with customers’ information and take actions, particularly since customers can’t do anything to prevent their information from leaking once those payments are handed over to the retailers. But there are a few things that customers can do to prevent any financial loss and better protect ourselves. A few tips are: Check your credit/debit card statements regularly. Pay particularly attention to those cards used at Home Depot in last few months, and talk to your card issuer if anything looks suspicious. Do not overlook small-amount transactions. Take advantage of the free credit score checks available to see if your score has been damaged Next time, use credit cards with a computer chip and pin, or use a paper check or cash when making purchases in stores. For more on this topic and the latest breaches – check out these videos: NBC Bay Area: Brian Babineau, Barracuda VP Product & Channel Marketing http://www.nbcbayarea.com/news/tech/Home-Depot-Looking-Into-Credit-Card-Hack-273607071.html CNBC Fast Money: BJ Jenkins, Barracuda CEO & President...

read more

New malware campaign impersonates bank guardian Trusteer

Jul 20, 13 New malware campaign impersonates bank guardian Trusteer

Posted by in ID Theft, Phishing, Security, Spam

When it comes to online banking security, banks have a big problem.  How do they verify that a transaction request is actually coming from a customer and not from an identity thief or a piece of malware controlling the customers’ computer? A Boston-based company named Trusteer targets banks with solutions to this problem.  Among those solutions is an endpoint malware detection program named Rapport.  Banks are encouraged to offer this program to their important clients so that the client computers can be secured. So, you’re a malware author, and you’re looking for online banking customers to compromise. Who better to target than people who are so important to a bank that they would receive special software to protect their accounts? That targeting is just what is happening with the latest malicious spam campaign to appear in the Barracuda Labs spam honeypots. This well-done done email spoofs Trusteer and even customizes each email so that the attachment contains the email ID of the email recipient.   The name recognition and comfort associated with the Trusteer brand might very well be enough to persuade someone to open and run  this attachment, thinking they are enhancing their computer security when in fact they are actually doing quite the opposite. Only 8 out of 47 antivirus products even recognize the attached malware, which Malwarebytes does identify as Trojan.Agent.rfz. This trojan downloads three other pieces of malware (one was already inaccessible when we ran our tests,) all of which had even worse detection ratios – only 4 out of 47 for each, although these ratios should improve as antivirus vendors catch up.  Note that the periodic contact with Google.com is typical of credential stealers which do so to test internet connectivity. Trusteer Rapport might actually intercept these downloads, although we have no way of knowing for sure.   What we do know for sure is a maxim we repeat often in our blog – don’t run attachments received in email unless you personally know the sender, and the contents.  It is...

read more

Spammers eye Apple IDs

By Luis Chapetti – Security Researcher Apple’s huge success with iPods, iPhones, and generally any other iDevices, has captured the attention of consumers. The cornerstone to operate any of these devices is iTunes, which requires the user to have an Apple ID. Spammers are keenly aware that each iDevice a user owns is associated with an Apple ID and thus a valid credit card.  Using Apple products has typically felt safe, but with the proliferation of iDevices, users are becoming targets for credit card fraud in addition to phishing and malware. As always, use your best judgment and err on the side of caution. Barracuda email security solutions customers are protected from threats like...

read more

Be careful – that voice mail could hack your computer

By Dave Michmerhuizen – Research Scientist, Luis Chapetti – Security Researcher Spammers are always looking for an angle to get onto your computer, and the continued adoption of digital PBX systems has given them a new type of business email to spoof – the email message that contains a voicemail attachment. Most modern digital PBX systems offer the option of capturing voicemail as a sound file and sending it to the phone’s owner as an email attachment. These messages have become so common that users might not examine them with a critical eye, especially if they are anxiously awaiting a message from someone. This week Barracuda Labs researchers saw a short-lived but very high volume spam campaign mimicking these sorts of messages.   They are generic, and well written enough not to raise much suspicion. The give-away is that the link to the supposed sound file is actually a link to a compromised Russian website. The fact that it is a link is by itself suspect, as most PBX systems that email voice message files attach the sound file to the email message, as shown below.     The thing is, you don’t want to pass up a voice mail message, do you? What if it’s real? What if it’s important?   Well, those spam links aren’t real, and taking a chance on one of them could ruin your day.  The compromised websites that they link to will display a distracting message like this one.   While you wonder about this, the browser is being redirected to an IP hosting the Blackhole exploit kit, which sends malicious code to take over various browser add-ons such as Java, Adobe Flash and Adobe PDF reader. Older Windows Help and Windows Media player vulnerabilities are sometimes targeted as well.   If a vulnerability is found and exploited, then that code goes to work downloading a variant of Trojan.Zeus, one of the most common credential stealers on the internet. This malware injects itself into the web browser stack and silently monitors your internet traffic...

read more

How spam targets small business

by Dave Michmerhuizen & Luis Chapetti – Security Researchers When criminals use computers to steal money, they don’t usually go after private individuals. The average person doesn’t keep a sizable sum in retail banking account, and they are protected by law, so banks keep relatively close watch for unusual activity affecting personal accounts. Instead, most computer criminals target commercial banking accounts.   Not only do small and medium sized business accounts carry much heftier balances, banks transfer more risk onto those balances. To quote the New York Times, “[business] owners often assume incorrectly that the protection they have on personal bank accounts applies to their business accounts. Many are shocked to learn that most banks do not take responsibility for unauthorized debits from business accounts.” Computer criminals are well aware of all this, and when they send out malicious spam more often than not, it is made to attract the attention of small business owners and employees.  Getting malware installed on the right business computer can can result in a huge payoff for the crooks.  One of the most common, best targeted and most damaging families of malware is Zeus, a credential stealer that silently relays user account names and passwords back to criminals who use that information to carry out bank theft. We’re going to show you some examples of how Zeus distributors craft their messages to pique the interest of business people, along with some advice about what not to do. A list of sample emails (click for larger image)   The subjects of these emails tend to be about sales, orders, invoices and payments.  Interesting stuff, sure to attract the attention of anyone trying to do business today. None of these are legitimate, instead they all carry a dangerous payload. Here is a gallery of samples, the sort of thing to treat gingerly if they appear in your inbox.  Click on any message to see it full size The wording is always just a bit vague, probably because these emails aren’t intended...

read more