A Week in Security (Jan 31 – Feb 6)

Posted: February 8, 2016 by Malwarebytes Labs
Last updated: March 30, 2016

It’s Monday, which means we have a roundup!

Over the past week on Malwarebytes Unpacked, we’ve moved from a vulnerability disclosure and launch of a bug bounty program to a new form of Ransomware called DMA Locker. Nuclear Exploit Kit returned to cause problems with a large WordPress compromise campaign, and we weighed in on a problematic situation brewing over at BleepingComputer. We looked at a Weather App which would wait until a very specific date to pop a fake Blue Screen of Death (complete with tech support scam phone number), and the latest round of Malvertising we detected caused problems for readers of TMZ. Rounding off the week, we covered Amazon themed phishing mails on the hunt for logins and bank details, and the latest in a string of problems for the popular DayZ videogame.

As for the rest of the news…

Fake Flash scareware targeting users of OS X.
Someone compromised the Dridex Botnet and had it offer up a legitimate Antivirus product instead of the usual Malware.
Google are taking the fight to websites with dubious “Download Now” buttons all over the place (especially problematic on download websites where you can’t…quite…figure out where the download you actually want is located).
Skype threats can be extremely problematic given the potentially sensitive data they can get their hands on, and the T9000 can record conversations, steal files and grab screenshots.
Toilet hire Malware? Toilet hire Malware.
There are claims that up to 10,000 NASA machines could be infected with Malware.
Were Israeli drones hacked and turned into live-feed monitoring stations?
Users of TurboTax were warned to steer clear of a recent phishing campaign.

Stay safe!

The Malwarebytes Labs Team

COMMENTS

faithfulpublishing

I apologize that this is going to be long but I think we need to out these crooks as often as possible. First let me say I am really grateful I found malwarebytes after researching what happened to me last week. Frankly I found little usable information on the Adobe forum or the Apple help forums which was disappointing. I was able to clean up my system using the free download file from malwarebytes though.

Yesterday my 80 year old sister fell prey to one of the the scams but worse. She was looking for something and clicked on a link and the ‘Adobe Flash’ update downloaded automatically to her desktop. She didn’t click on it but the next time she launched her browser the box popped up warning her she had a virus and it locked her browser. I think this is noteworthy. She didn’t install and it still embedded.

Unfortunately she called the number on the pop up and talked to a “tech” named Jason who promised he could ‘clean’ her system for $99.99. She gave him her debit card and let this complete stranger have control of her computer. [arghhhh]

Her granddaughter called me later when she found out to tell me what happened. I went there and dumped the Flash dmg and had her check her bank account. The debit withdrawal was from Worldgate Solutions, LLC SO Fremont CA. I looked it up and found that it was registered in July 2015 and is owned by Manish and Schruti Rustagi. Today I took her to the bank to report this and get her debit card replaced. I checked her applications folder and library and found that ‘Jason’ left Sophos Anti-Virus software behind. He told my sister he put up a ‘firewall’ for her. I took it all out. I’ll upload the malwarebytes app after we upgrade her hard drive.

I have noticed this feeding frenzy is on the uptick, as more people are falling for the scams that are becoming more sneaky and aggressive. Mac folks are especially vulnerable because they have lived under the long held delusion that Macs are virus proof.

The worst thing is that there are not enough warnings out there from the very systems support sites you’d expect would be up to date on this growing problem. I believe the various forms of this come in all manner of ways. I’m extremely careful about where I click and I do a lot of vetting before I believe a ‘free’ download is what it claims to be. I believe my attack came in on a pop up ad that I tried to close. Hit the ‘X’ and it downloads. When the frenzy of pop ups started and I realized what happened I checked my applications folder and noticed the mackeeper logo in there too. I immediately dumped it. But I still had to have malwarebytes clean up the hidden stuff that I didn’t know what to look for. I’m most grateful for this and plan to upgrade.

Sadly the Net has become a den of greedy thieves. :-[ My sister pay $100 for her hard lesson. I’m hoping I have done all the right things here.
Jérôme Segura

Hello there,

Thank you for leaving a comment here. I fully empathize with your experience and recognize the usual trademarks of tech support scammers.
It seems like you have done the right thing to recover from this in terms of identity protection and banking details.
Thank you for providing the details of the company behind this. We will investigate and blacklist the offending actors so other people do not become victims.

RELATED ARTICLES

Conferences | Security world

Malwarebytes @ DefCon

July 26, 2012 - That’s right, this week some of the Malwarebytes gang will be out in Las Vegas for the hacker convention: DefCon 20! Who is going? Marcin Kleczynski – CEO Rebecca Kline – Director of Marketing Josh Hall-Bachner – Web Developer Doug Swanson – VP of Development Adam Kujawa – Me! What are we doing there? DefCon...

CONTINUE READING No Comments

Conferences | Security world

Malwarebytes @ DefCon: The Wrap-Up

July 30, 2012 - As mentioned last week, the Malwarebytes crew made it out to DefCon this year to check out all of the interesting talks and presentations given by various members of the computer/intelligence security community. This blog is meant to summarize most of what we saw, giving a brief explanation of which talks we thought were the...

CONTINUE READING 2 Comments

Conferences | Security world

DefCon for Developers

August 8, 2012 - My colleague Adam Kujawa recently wrote a great post about the Malwarebytes experience at the hacker convention DefCon this year. By popular demand, here’s a round-up of my top four favorite DefCon talks from a development perspective: 1. “Stiltwalker”, by “DC949” (http://www.dc949.org/projects/stiltwalker) I am sure everyone is familiar with reCAPTCHA. You have likely wasted hours...

CONTINUE READING 2 Comments

Security world | Technology

Passing The BitCoin

August 24, 2012 - BitCoin is a new-ish form of digital currency. It allows people to perform financial transactions without the need for a bank or central authority and allows for a large amount of privacy. Transactions are currently limited to ones performed online and only by individuals and organizations that accept BitCoin as payment. However, in the next...

CONTINUE READING 2 Comments

Business | Security world

So You Want To Be A Malware Analyst

September 18, 2012 - In war, there are always two sides: the attackers and the defenders. A less focused on group is the researchers and developers. While soldiers are fighting a war on the front lines, scientists and engineers are researching and developing new weapons, defenses and tools; things that give their side an advantage. If one of these...

CONTINUE READING 8 Comments

ABOUT THE AUTHOR