Phishing spam targeting AmericanExpress Accounts

New email phishing have been spotted by Dynamoo’s blog that is targeting American express customers,  the fake message notify user that they have a security problem with their account and invite them to decline a new charges by opening the phishing web page which is http://**-**.com/americanexpress/ and logon with their credentials.

American Express Credit Cards, Rewards, Travel and Business Services - Mozilla F_2014-08-10_15-01-14Phishing website screenshot for  American express

The page is similar to the American express official website and each time the victim will type his credential it will display that the User ID and password is incorrect. At the moment there are several similar phishing website while the IPs are belonging to ISPs in Ukrain and Romania.

If you receive a similar fake message make sure to delete/ignore the email and report it to your bank. Usually the bank will never send email to make account changes but they will call customer to make any update.

Share
securitymalware

“Payroll Received by Intuit” A spam that brings Cryptowall to Your System

New spamming message have been spotted by Dynamo’s Blog that attach Cryptowall malware. the virus is a Trojan horse that infect windows operating system and uses RSA2048 encryption to encrypt victims data. this to prevent users from opening their files and provide cyber criminal a control on infected system. If the victim will not make an online payment files are going to be destroyed.

The email claims to be about a successful payment that users made while attaching a copy of victims Remittance. Obviously this email is attaching a zipped copy of Cryptowall that takes executable form. only 9 antivirus on Virus total identify the file to be malicious.

Analysis Results Title Remittance___CopyDecrypt instruction by Cyber criminal for Cryptowall

Within the decrypt instruction attackers are asking victims to use Tor network and Bitcoins for better protecting compromised systems , money and encryption keys from law enforcement. Tor  will complicate tracking cybercriminals while Bitcoins makes it hard to track money transfer.

To protect your system be sure to never open attachments/emails from untrusted sources, update your security software and make sure to have a backup for your important files that will be stored in a safe place.

Share

Nasty Snifula Trojan starts targeting users in Japan

New Snifula Trojan variant have been spotted by Symantec Security Response team in Japan. the malware have compromised more than 30 financial entities with 12 regional agencies across the country. the malware was firstly discovered in 2006 and were used to steal victims financial accounts using man-in-the-browser (MITB) techniques.

According to Symantec the configuration file in the malware is listing 20 credit card sites with 17 online banking service in Japan, 20% of the malicious activity monitored are coming from hosts in Japan to make it on the second place with Germany while UK have the highest number of infected hosts with 24% of the global infected systems.

Graph for snifulaChart for Snifula distribution sourced Symantec

This type of threats is hard to detect because it is customizable to make it adapted to certain regions, easy to distribute over internet with infected web server and strong authentication will not help because the infected user will perform a covered transaction using the same steps and validation required without detecting the actions performed by the malware.

To protect your system make sure to have the latest update for your antivirus and use only hardened software that provide the protection against the MITB attacks.

Share
shazzle

ShazzleMail- Application to maintain your email privacy

Today we see more of new services that offer anonymous surfing and mailing. this because many online service store users information on their systems and this makes end users not safe from reusing the data in the future. ShazzleMail is one of the interesting mail system that you can use to protect your privacy.

ShazzleMail is a free private email application that turns your smart phone into a mail server, delivering your messages directly to your receiver via an SSL encrypted channel with no server copies. Not even Shazzle gets a copy. the application can be installed on laptop , smartphone or even integrate it with Microsoft outlook.

The application will send notification for recipient and create a direct connection from sender to receiver. The ShazzleMail service sends them a web notification e-mail with a link. The recipient only needs to click the link to establish a direct connection with the Sender and receive the email. ShazzleMail sends all communications over a secure line, and keeps your email on your local storage device and not in some third party cloud.

Shazzle Mail Client 1.3.2Screenshot for Shazzle email client (click to enlarge)

This will make sender control the email so he can delete the message at any moment. All email are encrypted locally so even if you lose the device no one can read the content. you can download ShazzleMail over this link: http://shazzlemail.com/downloads

Share

More Self-XSS Scams Targeting Facebook Accounts

Social networks continue to be one of the resources that cyber criminal use to promote their attacks. Self-XSS is a new way used by hackers to compromise accounts on Facebook. the attack consist of malicious JavaScript or client-side that will be executed by the web browser and this will provide attacker access to victim account for fraud, spam and promoting further the attack by posting on timeline to friend list.

Attacker claiming on this case that they will provide a way to hack any Facebook user by following some simple steps but they are actually looking to run a Self XSS attack by urging user into pasting or injecting malicious code into their web browsers. the code will sign out the victim and ask the user to login one more time and here attacker will receive username and password for victim.

The posted scam looks as follows:

Hack any Facebook account following these steps:

1. Go to the victim’s profile
2. Click right click then click on inspect element and click the “Console” tab.
3. Paste the code into the box at the bottom and press Enter.

The code is in the web site: http://textuploader .com****/

Good luck: *

Don’t hurt anybody…

Self-XSS

To avoid Self-XSS social scam make sure to never copy past suspicious links from unknown sources to your browser, you can also report the post using the small triangle tab in the upper right hand side of each post, and then selecting “Report/Mark as spam” from the drop-down menu. If you want to check the URL try to use a virtual environment with sandbox that you can find over this poste: http://www.sectechno.com/2010/10/03/playing-around-malwares/

Share

New release Kali Linux 1.0.8

KaliNew release have been announced for Kali Linux a distribution that include more then 300 penetration testing tools. the new version is  Kali Linux 1.0.8 and allow user to have the full system embedded in a USB device. This will help to simplify the usage so you don’t need to install the system or use an ISO image but it is only required to boot from the USB or run a VM using the  USB EFI.

According to the release notes we have the following:

  1. Adding a new tools (Parsero, ghost-phisher, Nishang 0.3)
  2. Upgrade for tools ( SSLsplit,  Armitage, Recon-ng ,dnsrecon ,Responder, Automater)
  3. Bug fixes requested from previous releases.

If you have the distribution already installed you can run the update  using apt-get update && apt-get dist-upgrade. Some of the popular tools are Aircrack-ng for pentesting and cracking wireless network, Maltego for the intelligence and forensics , Metasploit can be used as an exploit framework , SAINT network vulnerability assessment scanner , Kismet wireless network sniffer,  Btcrack for Bluetooth Pass Phrase Bruteforce, Btscanner for the Bluetooth auditing , Nmap and much more.

You can read more about this release over here: http://www.kali.org/news/kali-1-0-8-released-uefi-boot-support/

Share

Rekall Memory Forensic Framework

Rekall Framework is an open source collection of tools that you can use for Forensics analyses. the program is based on Python and allow to have a full visibility for system state memory (RAM). Rekall runs on any platform that support Python and investigate the following images:

  • Microsoft Windows XP Service Pack 2 and 3
  • Microsoft Windows 7 Service Pack 0 and 1
  • Microsoft Windows 8 and 8.1
  • Linux Kernels 2.6.24 to 3.10.
  • OSX 10.6-10.9.x.

rekall screenshotRekall Framework screenshot

With Rekall you can have:

  • session information
  • list of processes
  • list of registers
  • sockets
  • hashed passwords stored in memory

There is also a possibility to use API which helps to run any search you need on the system memory. the installation is possible using pip manager by running (pip install rekall). you can have more information on the official website: http://www.rekall-forensic.com/

Share