lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <200711011908.43670.dr@kyx.net>
Date: Thu, 1 Nov 2007 19:08:43 -0800
From: Dragos Ruiu <dr@....net>
To: bugtraq@...urityfocus.com
Subject: IM upgrade automated social engineering attack

With all the proliferation of phone home for update systems in
even trivial software packages these days, neophyte users 
can easily get confused about legitimate upgrades and imposters. 
So someone is trying to take advantage of this with an 
automated version of an old school social engineering 
attack via Skype spam.

Someone/something/.someone's-botnet on skype last night 
contacted users who reported it to me. The messages were
formatted to resemble Microsoft update messages or an AV scan
with a link to click to update and/or repair malware in a number 
of Microsoft products. None of the users who reported it to me 
clicked on the link so its not clear what the installed malware 
was after.

A series of users with the name "Scan Alert" followed by the registered
trade mark sign originating from a numeric range of skype userids 
following the form:
	scan.alert.o<number>

...have been sending these unsolicited messages. These id's seem
to be registered in the US. Please warn your users to ignore and be 
wary of social engineering attacks purporting to be upgrades via 
IM, because without doubt the persons behind this will try other 
variants.

A little bit of googling indicates these folks have been active for
at least two weeks.

cheers,
--dr

-- 
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan   November 29/30 - 2007    http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ