lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 6 Nov 2007 10:37:50 +0000
From: Roman Shirokov <insecure@...dex.ru>
To: Dragos Ruiu <dr@....net>
Cc: bugtraq@...urityfocus.com
Subject: Re: IM upgrade automated social engineering attack

Hey all

I confirm that, I received several messages as well. The text of
message is:

WINDOWS REQUIRES IMMEDIATE ATTENTION
=============================

ATTENTION ! Security Center has detected
malware on your computer !

Affected Software:

Microsoft Windows NT Workstation
Microsoft Windows NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win98
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair
utility immediately

Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.http://www.alertmonitor.org/?q=updatescan


> With all the proliferation of phone home for update systems in
> even trivial software packages these days, neophyte users 
> can easily get confused about legitimate upgrades and imposters. 
> So someone is trying to take advantage of this with an 
> automated version of an old school social engineering 
> attack via Skype spam.

> Someone/something/.someone's-botnet on skype last night 
> contacted users who reported it to me. The messages were
> formatted to resemble Microsoft update messages or an AV scan
> with a link to click to update and/or repair malware in a number 
> of Microsoft products. None of the users who reported it to me 
> clicked on the link so its not clear what the installed malware 
> was after.

> A series of users with the name "Scan Alert" followed by the registered
> trade mark sign originating from a numeric range of skype userids 
> following the form:
>         scan.alert.o<number>

> ...have been sending these unsolicited messages. These id's seem
> to be registered in the US. Please warn your users to ignore and be 
> wary of social engineering attacks purporting to be upgrades via 
> IM, because without doubt the persons behind this will try other 
> variants.

> A little bit of googling indicates these folks have been active for
> at least two weeks.

> cheers,
> --dr




-- 
Best regards,

Roman Shirokov

e-mail:insecure@...dex.ru

Sic itur ad astra

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ