Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

New Drive-By Spam Infects unsuspecting users

The threat arrives via email, is now read consuetidine attacks that use email as a vector for spreading malware. Until now we have observed as typical scenario for the contagion an unsuspecting user that clicks on a link in the body of email that started the download of malware or that open the agent directly […]

The threat arrives via email, is now read consuetidine attacks that use email as a vector for spreading malware. Until now we have observed as typical scenario for the contagion an unsuspecting user that clicks on a link in the body of email that started the download of malware or that open the agent directly attached to the email.

Unfortunately that aren’t the only way to infect remote pc, attackers have developed a new way to infect your PC through email without forcing any action from users. According the announcement of researchers at Eleven, a German security firm, it is sufficient that an email is opened in the email client to infect the final host without that the user click on a link or open an attachment. Eleven experts said that a new malware attack uses JavaScript in HTML email and doesn’t require user interaction to become infected.

Once the email is opened and the HTML is displayed, the malware attempts to scan the user’s computer and download malware while displaying a “Loading…please wait,” message. The easiest way to avoid this malware spam attack is to deactivate display of HTML emails in your account. The experts says that the mechaninsm is the same used to infect PC while users open an infected web site in their browser.

“This is similar to so-called drive-by downloads, which infect a PC by opening an infected website in the browser.”

The “drive-by spam” attacks observed are using email with well known subject “Banking security update” and a sender address with the domain fdic.com. If the email client allows HTML emails to be displayed, the HTML code is immediately activated. If we receive an email with the subject, “Banking Security Update,” or a similar message, we must take every precaution before opening open it at all, it is suggested to choose the option of displaying emails in pure-text format only to avoid problems.

The increasing use of email makes it much harder to detect whether an email is legitimate or counterfeit, and we must take in care that the with the introduction of the IPv6 blacklist-based anti-spam solutions will become early obsolete.
According to eleven, “the significant expansion of the address space allows for the use of throwaway addresses, which will be used only once for spamming.”
Blacklist concept is based on the possibility to identify those addresses used several times for spamming purpose, with the IPv6 the concept is not applicale due the wide options in term of address given to the attackers.

What are the simple rules to follow to avoid being victims of this type of fraud?

Ignore e-mails that ask for confidential data!

In general, send banks but also credit card companies and online payment services do not make e-mails that link to a page on which you should enter your account information. Delete the e-mail immediately and then not on the link! The mere visit to the site may lead to an infection with a virus or or trojan ( Drive-by download )!

Check whether the site is secure! 

Check to see where the link actually leads

Pay attention to the exact spelling of the URL! 

Always make sure that the spelling of the URL (even in e-mail sender!) And check it for spelling errors! Also check that URL, the company normally uses (by comparison with the site or with real e-mail)!

Pay close attention to what data you should enter! 

Not only account and credit card phishing is dangerous

Alleged e-mails from Facebook or Hotmail can be just as dangerous as those from your bank.

Pierluigi Paganini

References

http://www.eleven-securityblog.de/2012/01/phishing-funf-tipps-zum-erkennen-betrugerischer-e-mails/