Here’s a review of last week’s posts on Malwarebytes Unpacked*:

  • Poste Italiane Phishing Mails In Circulation (Fraud/Scam Alert) Spam containing HTML files that are actually phishing pages are a dime a dozen. The particular attachment profiled in this blog, however, has its code fully encrypted, making it more challenging for security researchers to study and figure out.
  • World Cup TV Streams: An Early Substitution Required? (Privacy) With the World Cup in Brazil still in full swing, it seems easy to get confused with which live streaming websites to trust, especially the free ones. Our best advise remains: Steer clear of such sites.
  • Steam Account Phishers Caught Squatting (Fraud/Scam Alert) Typosquatters were found targeting Internet users with Steam accounts.
  • Misleading eBook Advertisements Install PUPs (Fraud/Scam Alert) Fraudsters are now in the business of fake ebook downloads, and most users are not aware of this. Security researcher Joshua Cannell recounted what happened in his encounter with a fake ebook download domain. It involved potentially nasty files and broken links.
  • The Life and Death of a "Facebook Video" Campaign (Online Security) Security researcher Chris Boyd took a look at a fake Facebook video campaign. It may be near-dead at that time of writing, but the malicious file is believed to still be in the wild.
  • Ancient Chain Letter Migrates From Mail to Social Networking (Fraud/Scam Alert) Pen and paper then, pixels and digital canvasses now. We found a fake Microsoft / AOL beta payout bonanza scam circulating online, which was believed to first appear in physical mailboxes in the form of read letters. Imagine our surprise.
  • The PirateBox, Revisited (Hacked and Unpacked) Security researcher Jean Taggart reviewed and updated us on PirateBox, a topic he had written in late 2013.
Top news stories:
  • Banking malware sniffs out data sent over HTTPS. Our friends at Trend Micro discovered a banking Trojan capable of intercepting and capturing data even when transferred securely. Its name is Emotet. (Source: Help Net Security)
  • Microsoft Darkens 4M Sites in Malware Fight. What was supposed to be a switching off of 2,000 selected malicious sites by Microsoft became an ISP-wide blackout, all in the name of security. Even legitimate domains using services of were affected by this supposed take-down. (Source: Kebs on Security)
  • Active malware operation let attackers sabotage US energy industry. "Researchers have uncovered a malware campaign that gave attackers the ability to sabotage the operations of energy grid owners, electricity generation firms, petroleum pipelines, and industrial equipment providers." (Source: Ars Technica)
Stay secure, everyone!

The Malwarebytes Labs Team