A Week in Security (Aug 24 – 30)

A Week in Security (Sept 14 – 20)

Here’s a review of last week’s posts on Malwarebytes Unpacked:

  • The “Kevin the Game Dev” Tumblr Spam Run (Fraud/Scam Alert) Security researcher Chris Boyd has found “Kevin”, a bot posing as a game developer on Tumblr, encouraging the unwary to “try a game he’s been ‘working on’.” Boyd adds, “As best we can tell, the games mentioned are real MMORPG titles but it seems clear that this person has nothing to do with games development and is riding on their coat-tails.”
  • Rogue E-Books Could Pose Threat to Amazon Accounts (Security Threat) In this post, Boyd has reported about a security researcher finding malicious code that can likely be injected via a stored XSS attack on the Manage Your Kindle page on the Amazon website. He also issued a few tips for users to follow on how they can secure their Kindle device.
  • Steer Clear of Fake “EuroMillions Lottery” Email (Fraud/Scam Alert) Boyd finds a 419 mail under the guise of a fake “EuroMillions Lottery”. Anyone can be conned by this scam since EuroMillions is a legitimate European lottery; however, it is also aware that scammers are banking on their name to cash out on users, too. They have useful tips in their official websites on how to spot fakeouts.
  • Steam Threats: What They Are and What You Can Do to Protect Your Account (Online Security) We have compiled a list of threats that continue to affect certain users of Steam, Valve’s famous gaming platform. In this post, we also put together and out a handy list of safety measures one may take to help ensure that their accounts are secure and will remain that way.
  • Steer Clear of USAA Phishing Campaigns (Fraud/Scam Alert) We have observed several scam attempts to get personally identifiable information on United Services Automobile Association (USAA) clients. USAA phish usually targets credit/debit card details; however, this campaign extended to gathering more sensitive information, such as birth dates, social security number, and mother’s maiden name among others.
  • Magazine Photoshoot Leak Leads to Installs / Surveys (Fraud/Scam Alert) Photos of a rising model from the Philippines were leaked to the public Web without permission. Esquire Philippines, the magazine who will be putting the model on the cover in their upcoming issue, already issued a statement about the photos, which were apparently taken from one of their exclusive photoshoots.
  • Meet the Master Boot Record (Security Threat) Security researcher Pieter Arntz talks about the Master Boot Record (MBR), what it is and how malware can alter it. He also dished out a couple of ways users can fix it if expert help is not on hand.
  • Malvertising hits ‘The Times of Israel’ and ‘The Jerusalem Post’, redirects to Nuclear Exploit Kit (Malvertising) Security researcher Jérôme Segura has discussed malvertising (malicious advertising) attempts within the legitimate domains of two popular Israeli news channels on the Web. Malwarebytes Anti-Malware detect the payload from the ads as Trojan.Agent.BPEN, a malware downloader.
  • Large malvertising campaign under way involving DoubleClick and Zedo (Malvertising) Following the discovery of malvertisements on a couple of popular news sites, Segura also found malvertising attempts on Last.FM, a popular site for streaming music. The binary involved this time is Zemot, a known payload of another malware.
  • Malicious activity observed in new Top-level domains (Online Security) Segura observed malicious activities, particularly involving exploits, on new top-level domains (TLDs) in our honeypots. He adds, “It is important to note that the majority of the domains involved were not registered by the bad guys themselves. Instead what we observed are websites whose DNS entries have been hacked and are used for nefarious purposes.”

Top news stories:

Stay safe!

The Malwarebytes Labs Team