English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
0
 

The XXII Winter Olympic Games officially get under way on 7 February. Of course, this major sporting event has not gone unnoticed by the spammers. The “Nigerian” scammers couldn’t resist either: at the end of January we received an interesting mailing from someone looking for a trustworthy person in Russia who they could transfer 850,000 euros to. To explain such an unusual request, the author didn’t use the standard “Nigerian” tales, but instead cited a trip to the Olympic Games - the money was needed for a group of six people who supposedly intended to stay in Sochi. For further information, the recipient of this generous offer had to contact the sender.

 

A seemingly harmless request for help in organizing a trip turns out to be a trap, with the usual large sum of money as the bait. A reference to a real event is used to persuade the recipient that the request is genuine. But the result is always the same – the spammer asks the recipient to transfer a certain amount of money, for instance, to cover the costs of the transfer, and after that the fraudster vanishes without a trace.

Comment      Link
0
 

Letters about lottery wins are a standard trick used by ”Nigerian” scammers. Very often, the author of such letters will explain that he is the happy winner of a multi-million lottery win, and he doesn’t know how to spend the unexpected windfall, and has decided to turn to philanthropy.

 

0.4
 

The storm of phishing and malware attacks using the theme of the World Cup continues – some months ago we registered several malicious campaigns with this theme. To diversify the attacks and attract more victims, Brazilian cybercriminals decided to invest their efforts to spread fake giveaways and fraudulent websites selling tickets for the games at very low prices, tickets that in fact do not exist.

The attacks start when a user does a simple search on Google, looking for websites selling World Cup tickets. Bad guys registered the fraudulent domain fifabr.com that is displayed among the first results as a sponsored link:

Incidents|Black Gold, or a Black Hole in Your Pocket

Tatiana Kulikova
Kaspersky Lab Expert
Posted January 30, 13:46  GMT
Tags: Spam Letters, Nigerian Spam
0.1
 

Mikhail Khodorkovsky, the former head of the Russian oil company YUKOS, was recently released from jail. There is a lot of speculation in Russia as to the reasons for his amnesty, while tabloids around the world are watching the ex-businessman’s every step. For ‘Nigerian’ scammers, the news was used as the basis for a tale of tragedy whose sole aim is to squeeze money out of the gullible users.

According to the ‘Nigerian’ story, an entire group of Russian oil tycoons (an exaggeration that is intended to justify the huge sum of money referred to in the story) faced trial on fraud charges. Luckily for the recipient, they had time to transfer their fortunes to a trust account with a UK bank. And now a mysterious middleman, Mr. Maharais Abash, is asking people to provide a personal bank account that the $50 million oil fortune could be transferred to. Naturally, the affair is strictly confidential – UK and Russian officials should know nothing about it.

 

Khodorkovsky’s release from jail triggered a surge in creative scams by these writers of ‘Nigerians letters’ – there can be no other explanation for the claim that an entire group of oil tycoons (rather than just one individual) was supposedly given a 15-year sentence. Fortunately, this makes it easier to spot the scam. A simple online search will quickly reveal that there have been no mass arrests of Russian oligarchs, and that the $50 million is merely a figment of Mr. Maharais Abash’s imagination – if indeed he even exists.

Comment      Link
0.1
 

China is traditionally the leading source of spam in the world, and letters from numerous Chinese manufacturers, producing a huge variety of goods, are constantly present in spam traffic. In our October report we mentioned that these mailings are usually linked in some way to the most popular international holidays. And seeing as how January doesn’t really have any major holidays to speak of, the spammers have turned to another major event – the forthcoming Winter Olympics in Sochi. For instance, some warehouse companies have been promoting their services by telling recipients that their services are being used by Russia in preparation for the Sochi 2014 Games. 

 

Publications|ZeuS – now packed as an antivirus update

Andrey Kostin
Kaspersky Lab Expert
Posted December 04, 08:16  GMT
Tags: Spam Letters, ZeuS, Phishing
0.1
 

Last week, Kaspersky Lab identified a mass mailing of phishing letters sent in the name of leading IT security providers. The messages we detected used the product and service names belonging to Kaspersky Lab, McAfee, ESET NOD32 and many others.

The text and general layout of each letter followed the same template; only the senders’ names and the IT security solutions mentioned in the text were different. In their messages, the cybercriminals invited the reader to install an important security update for his/her security solution to guarantee protection against a new piece of malware supposedly ravaging the web. To do so, the user simply needed to open the attached ZIP archive and launch the executable file in it. Not surprisingly, the writers urged their victims to act immediately rather than spend time thinking about who might be behind this sudden urgent letter.


One of the phishing messages

0.2
 

The continuing conflict and the complex political situation in Syria have created the perfect conditions for new ‘Nigerian’ scams. In recent months, there has been a surge in the number of Nigerian letters that contained some sort of reference to Syria; scammers sent messages both in the names of ordinary citizens of that country and on behalf of representatives of banks and humanitarian organizations. The texts of the messages made frequent use of words such as “turmoil”, “crisis” or “revolution”.

The scam messages, written in the names of representatives of reputed Syrian and UK banks, stated that their clients would like to transfer their multi-million savings from their accounts because of the unrest in Syria, and were looking for a partner who would help them to do so. Naturally, “compensation” was offered, of which the scammers were ready to tell the recipient either immediately or once they had received a reply. The scammers gave a contact phone number and an email address; the latter could be either the sender’s address or the personal email of the “bank’s client” who allegedly needed help. The scammer’s aim was to entice the victim into an email exhange. After all details of the future partnership are discussed, the victim will most probably be asked to perform a service, e.g. transfer a small amount of money to pay for the mediator’s services. When the money is transferred, the scammers will vanish just as suddenly as they appeared.

 

Incidents|Boston Aftermath

Michael
Kaspersky Lab Expert
Posted April 17, 04:02  GMT
Tags: Spam Letters, Social Engineering, Malvertizing
0.3
 

While many are still in shock after the Boston Marathon bombings on 16 April, it didn't take long for cyber criminals to abuse that tragic incident for their dirty deeds.



Today we already started receiving emails containing links to malicious locations with names like "news.html". These pages contain URLs of non-malicious youtube clips covering the recent event. After a delay of 60 seconds, another link leading to an executable file is activated.



The malware, once running on an infected machine, tries to connect to several IP addresses in Ukraine, Argentina and Taiwan.
Kaspersky Lab detects this threat as "Trojan-PSW.Win32.Tepfer.*".

MD5sums of some of the collected samples:
5EA646FFDC1E9BC7759FDFC926DE7660
959E2DCAD471C86B4FDCF824A6A502DC

Our thoughts and prayers are with our colleagues in Massachusetts and others affected by the tragic events in Boston.

comments      Link

Spam Test|Absent-minded spammers

Tatiana Kulikova
Kaspersky Lab Expert
Posted April 09, 13:42  GMT
Tags: Spam Letters, Social Engineering
0.1
 

A large number of scam emails disguised as newsletters sent by the CNN television channel have been detected again. Sensational headlines are used in the messages to grab the attention of recipients (e.g., falling stock indexes, the election of a new Pope etc.). Users are asked to click on the links provided in the messages to get access to the complete versions of the articles. To make them look authentic, the emails also include links to real CNN pages, but of course the link with the main piece of news is fake. It leads to a compromised website which uses JavaScript to redirect the user to a site hosting malware – in this case, the Blackhole exploit kit.

At the same time as the CNN newsletter scam, there has also been an epidemic of scam emails imitating Facebook notifications. In these emails, spammers suggested that users check out new comments on their photos. The mechanism used in the malicious link was the same as in the case described above. The most curious part, though, was that the scammers did not even bother to change the links. While in the former case the link included “cnnbrnews.html” after the domain name, the same ending in the link provided in fake Facebook messages looks out of place.

Unfortunately, this is the only part of the scam where the cybercriminals were careless. Emails containing the malicious links are still being distributed, so be cautious when handling suspicious messages.

comments      Link

Incidents|The Brazilian Phishing World Cup

Fabio Assolini
Kaspersky Lab Expert
Posted March 11, 11:19  GMT
Tags: Spam Letters, Credit Cards
0.1
 

The 2014 FIFA World Cup has already kicked off, at least for Brazilian bad guys. Next year’s big event in Brazil has become one of the most prominent tactics used by Latin American cybercriminals as they unleash a real avalanche of phishing messages, fraudulent prizes and giveaways, malicious domains, fake tickets, credit card cloning, banking Trojans and a lot of social engineering.

Indeed Brazil figured among the top five countries where users risk being caught ‘offside’ by phishing attacks, according to a recent study conducted by RSA and released in January. The country is in fourth place, along with the UK, USA, Canada and South Africa. So it's no big surprise to find four Brazilian brands in the Top 10 most targeted on PhishTank stats.

Offers range from alleged cash prizes, trips and tickets to watch the games, while the attacks involve massive phishing mailings, and, to add spurious credibility, stars of the national soccer team have been ‘signed up’ by the conmen. Here’s one example featuring Neymar, the latest Brazilian hero to be dubbed the new Pelé:

"Win a new car, cash prizes and tickets for the World Cup, just click and subscribe now"