Here’s a review of last week’s posts on Malwarebytes Unpacked:
- Convincing YouTube look-alike fires RIG Exploit Kit (Exploits) Security researcher Jérôme Segura found and detailed a fake YouTube site hosting a fake Adobe Flash Player.
- Sub-domain on SourceForge redirects to Flash Pack Exploit Kit (Exploits) Segura also came across a compromised pages hosted in SourceForge, a popular domain for software developers and coders. Visitors of the said infected page may likely fall victim to drive-by downloads.
- Leave these Vacation Scams at the Border (Fraud/Scam Alert) Security researcher Chris Boyd tallied a list of scams one may encounter while he/she is on vacation.
- Phishers Hook Facebook Users via SMS (Fraud/Scam Alert) Scammers had tapped into their creativity once more and began utilizing SMS to get recipients to send them their Facebook login credentials.
- Goodbye CD Wallet. Hello ISOSTICK! (All Things Dev) Senior Security Researcher Jean Taggart explored the ISOSTICK, a USB device that “masquerades as an external CD/DVD drive and loads ISOs from a removable MicroSD card.”
- Fake Government Warning Leads to Bogus Infection Pictures (Fraud/Scam Alert) Boyd encountered a shock tactic used on a fake Facebook page containing a video with the title “GOVERNMENT WARNING – you will never this shampoo after viewing this video!”. This leads to a download of a file we detect as PUP.Optional.InstallBrain.A.
- Shining some light on the ‘Unknown’ Exploit Kit (Exploits) Who would’ve thought that exploits can be “nameless”? In this post, Segura discussed such an exploit that has been around for quite some time yet remains “unknown”.
- Fraudulent Refund Mail Targets UK Taxpayers (Fraud/Scam Alert) UK taxpayers were targeted once again. Boyd discussed the lastes spam campaign he found and reminds readers to report such emails to HRMC directly.
- Fraudulent Netflix site wants to leave you high and dry (Fraud/Scam Alert) Segura has been covering Netflix scams before, and this post detailed the latest phishing campaign he found.
Top news stories:
- Study shows how attackers make use of websites existing for less than 24 hours. Our friends at Blue Coat Security tells us in a recent report about “one-day wonders”, and how these were used to house malware, manage botnets, and elude spam filters. (Source: SC Magazine)
- Behind the huge cyberattack campaign in Latin America that no one has heard about. The campaign, which was believed to be state-sponsored, was named El Machete by our friends at Kaspersky. Majority of the countries it target speak Spanish, and mostly in Venezuela, Ecuador, and Colombia. (Source: Quartz)
- Watch out for fake versions of Flappy Bird sequel Swing Copters in Google Play Store! Our friends at Sophos released a warning a week after the game app, Swing Copters, was released to the public. The creator of the famous Flappy Bird app was also the develop behind the said mobile game. (Source: Sophos Naked Security Blog)
- Java.com, TMZ Serving Malvertising Redirects to Angler Exploit Kit. “These websites have not been compromised themselves, but are the victim of malvertising. This means an advertisement provider, providing its services to a small part of a website, serves malicious advertisement aimed at infecting visitors with malware,” said security company Fox-IT. (Source: ThreatPost)
- Cybercriminals Leverage Rumored Windows 9 Developer Preview Release With Social Engineering. Our friends at Trend Micro found scams revolving around the the latest hoopla about a new Windows release this month by using the keywords “Windows 9”, “free”, “leak” and “download” in search engines. (Source: Trend Micro Security Intelligence Blog)
- Risk of cyber attack on the shipping supply chain increasing, say experts. It appears that online criminals are increasing their verticals by targeting the shipping industry next after it started targeting the healthcare and retail industries. (Source: Business Reporter)
Stay safe!
The Malwarebytes Labs Team
