Top Phishing Scams & malware threats of the week & some tools

NOt many people have time to go and check on latest threats.
Please post any threat update you come across here

Top Phishing Scams this week

1. Account Security Measures!
2. please confirm your data.
3. Lloyds TSB Bank customer service: please confirm your data.
4. Lloyds TSB Bank: please confirm your data.
5. official information
6. please confirm your data!
7. please confirm your data
8. Lloyds TSB Bank: please confirm your data
9. Lloyds TSB Bank customer service: please confirm your data
10. Lloyds TSB Bank: please confirm your data!

Should you recieve any email with these subject lines, delete it.

SOME IMPORTANT TOOLS

Hijackthis
TrendSecure | Download TrendMicro HijackThis

Log file submission for Hijackthis
HijackThis Logfileauswertung

Spybot Search & Destry

The home of Spybot-S&D!

Lavasoft Ad-Aware 2008

Ad-Aware @ Lavasoft - The Original Anti-Spyware Company - Lavasoft

Malwarebytes

Malwarebytes.org

Current MS Vulnerabilities (patches are available on MS updates portal)

Re: Top Phishing Scams & malware threats of the week

I’m not sure if this is new or old but I received it in my email last week and I can tell you that on the outset it really looks pretty legit… and for someone who does a fair amount of business on eBay, it might get a little tricky.

Subject Line: Question about Item #199488724442 - Respond Now

More details about the scam here: How much does it cost to mail this to Chicago Item#199488724442

Re: Top Phishing Scams & malware threats of the week & some tools

Add details of ms patch: ms08-067

3 million pc's infected by this conficker worm, it's made BBC headline

Re: virus detected - how to remove?

ANTI-VIRUSES

• avast!
• Avira
• AVG Anti-Virus
• BitDefender
• BullGuard
• CA Anti-Virus
• Cisco Security Agent
• DriveSentry (antivirus, antispyware and HIPS technologies)
• eSafe
• Fortinet FortiClient End Point Security
• F-PROT
• F-Secure
• G DATA Software
• Graugon AntiVirus Pro
• Kaspersky Anti-Virus
• LinuxShield
• McAfee VirusScan
• nProtect
• NOD32
• Norman ASA
• Norton AntiVirus/Norton 360
• Panda Security
• PC Tools AntiVirus
• Rising AntiVirus
• Sophos Anti-Virus
• Trend Micro Internet Security
• Vba32 AntiVirus
• Windows Live OneCare
• ZoneAlarm

edit] Freeware

• Avira AntiVir Personal - Free Antivirus (nagware - home use only)
• AOL Active Virus Shield (discontinued)
• AVG Anti-Virus Free (registerware/nagware)^{[1]](http://en.wikipedia.org/wiki/List_of_antivirus_software#cite_note-0)}
• avast! Home Edition (registerware - home use only)^{[2]](http://en.wikipedia.org/wiki/List_of_antivirus_software#cite_note-1)}
• BitDefender Free (lacks an on-access scanner)
• Comodo AntiVirus (home and business use)^{[3]](http://en.wikipedia.org/wiki/List_of_antivirus_software#cite_note-2)}
• DriveSentry (some paid features)
• F-PROT for Linux, FreeBSD, MS-DOS
• Graugon AntiVirus
• Malwarebytes AntiMalware (on-demand scanner is free; real-time protection is one-time fee)
• PC Tools AntiVirus Free Edition
• Rising Antivirus Free Edition

**Note:-These are wikipages, but links to the official sites are on those pages. **
Xenophanez

Re: Top Phishing Scams & malware threats of the week & some tools

As Facebook works to make itself more relevant and timely for its growing member base with a profile page makeover, attackers seem to be working overtime to steal the identities of the friends, fans and brands that connect though the social-networking site. Indeed, Facebook has seen five different security threats in the past week. According to Trend Micro, four new hoax applications are attempting to trick members into divulging their usernames and passwords. And a new variant of the Koobface worm is running wild on the site, installing malware on the computers of victims who click on a link to a fake YouTube video.
The Koobface worm is dangerous. It can be dropped by other malware and downloaded unknowingly by a user when visiting malicious Web sites, Trend Micro reports. When attackers execute the malware, it searches for cookies created by online social networks. The latest variant is targeting Facebook, but earlier variants have also plagued MySpace.
** Koobface’s Wicked Agenda **
Once Koobface finds the social-networking cookies, it makes a DNS query to check IP addresses that correspond to remote domains. Trend Micro explains that those servers can send and receive information about the affected machine. Once connected, the malicious user can remotely perform commands on the victim’s machine.
“Once cookies related to the monitored social-networking Web sites are located, it connects to these Web sites using the user log-in session stored in the cookies. It then navigates through pages to search for the user’s friends. If a friend has been located, it sends an HTTP POST request to the server,” Trend Micro reports.
Ultimately, the worm’s agenda is to transform the victim’s computer into a zombie and form botnets for malicious purposes. Koobface attempts to do this by composing a message and sending it to the user’s friends. The message contains a link to a Web site where a copy of the worm can be downloaded by unsuspecting friends. And the cycle repeats itself.
** An Attractive Face(book) **
Malware authors are investing more energy in Facebook and other social-networking sites because that effort pays off, according to Michael Argast, a security analyst at Sophos. Facebook alone has more than 175 million users, which makes it an attractive target.
“Many computer users have been conditioned not to open an attachment from an e-mail or click a link found within, but won’t think twice about checking out a hot new video linked to by a trusted friend on Facebook,” Argast said.
Argast called the Koobface worm a mix of something old and something new. The new is using social networks as a method to spread malware. The old is using fake codec Trojans linked to a saucy video to induce the user to install the malware.
Argast said people can protect themselves by running up-to-date antivirus software, restricting which Facebook applications they install, thinking twice before clicking on links from friends and never, never installing a codec from some random Web site in the hopes of catching some celebrity in a compromised situation.
“I would expect to see more attacks on Facebook,” Argast said. “As long as this is a successful propagation method, the bad guys will double down and invest more. They are entirely motivated by financial gain. If it pays, they’ll continue to romp in your social playgrounds.”

Yahoo! News - Koobface, Other Worms Target Facebook Friends by NewsFactor: Yahoo! Tech

So be vigilant, and be careful.

Re: Top Phishing Scams & malware threats of the week & some tools

You’re going to want to get this utility if you can get your hands on it. It is used by corporate and to some extent by BestBuy GeekSquad and Staples EasyTech to diagnose and analyse Customer PCs to dig up any nasty viruses/worms/cookies that might have otherwise escape your everyday anti-virus, etc.

It’s called Webroot System Analyzer. I have used it a few times, it takes a little time to scan but works amazingly. Will tell you the name of viruses on your system, so you can use appropriate tools to remove those viruses, and will also do a checklist to see what your PC is missing. (Antivirus/Firewall/Auto Updates are on/off, etc)

Very nice. :k:

Re: Top Phishing Scams & malware threats of the week & some tools

Nice suggestion, thanks Teg :)

Re: Top Phishing Scams & malware threats of the week & some tools

This tiny tool is not to be underestimated. It can do wonders to a system that is jammed up with infections.

Course of action

1. Scan with Malwarebytes (Update it first of course), and remove all infections found.
2. Scan with Spybot (Update first) and fix all problems found.
3. Scan with Combofix, and it will blast away anything else that remains.

You should now be clean.

Re: Top Phishing Scams & malware threats of the week & some tools

System stuck in a logon/logoff loop and you’re on Windows XP?

Try this:

You will need your vista recovery CD. If you don’t have one, it can be downloaded from here. Burn it as a bootable ISO. Label it Vista Recovery Console (Yes, It’s Vista Console but will be useful to launch command prompt from advanced repair menu options that are embedded in vista’s recovery consoles.)

Next, you will need to download this. Again, burn this onto a CD/DVD. Label this SaveMe.

Now, before proceeding it would help if you know what Service Pack your current OS has. If you know it, write it down you’ll need it momentarily.

Now, put in the Vista Recovery console dvd, and reboot PC. Make it boot from CD/DVD instead of HDD, so Recovery console can be launched. Once it is launched, it will take a few mins depending on PC speed to read media and scan Hard Drive for current system files that will be needed later.

Just click Next. On the next screen, click on Repair your computer. It will now take you to another window which will not have detected XP. That is just fine. Click Next, and you will now be shown advanced repair options including command prompt.

Click Command Prompt. Once command prompt launches. Take out Vista CD/DVD without closing any windows and put in the second CD/DVD labelled Saveme.

Once you have put in the CD, and assuming you know the letter assigned to your cd/dvd rom (D:/, E:/, etc.) type D:/saveme (D:/ is the assumed letter for your cd/dvd drive, put in whichever maybe correct for you in specific).

Once you’ve done that, the program will now launch and start the repair process. Just follow instructions on screen. It may take a little while, but this method has proven to work and enable login to windows xp after suffering from a virus that corrupts userinit.exe, disableing successful login to windows.

Worst case scenario, you will need to re-install windows if this fails to help you.

Cheers!

Source