C.I.S.R.T.

Baidu.com DNS hijacking

Tue, 12 Jan 2010 02:47:05 +0000

We received lots of reports about Baidu.com, the most popular search engine in China, had been unavailable since this moning.

As the time of writing, Baidu.com is also unavailable.

We noticed this case may be caused by DNS hijacking by the “Iranian cyber Army”, the same guys we mentioned several weeks ago.

A related news: Baidu, China’s Largest Search Engine, Hacked by “Iranian Cyber Army”

............

Tags - baidu.com , dns , hijack

ISC: Twitter outage via DNS hijacking

Fri, 18 Dec 2009 08:31:18 +0000

I just saw Sans.org reported that Twitter outage via DNS hijacking.

A reader posted a image in the comments of this report.

http://i.imgur.com/Q1EgM.jpg

Tags - twitter , hijack

First iPhone Worm Ikee

Mon, 09 Nov 2009 00:43:26 +0000

There are lots of reports about first iPhone worm "Ikee" today.

F-Secure: First iPhone worm found

Sophos: First iPhone worm spreading in the wild

ISC: iPhone worm in the wild

Tags - ikee , iphone

Spams with Hello Darling

Tue, 03 Nov 2009 11:37:52 +0000

The spams had been sent with the subject "Hello Darling" and attchment "photo.zip".

Subject: Hello Darling
Mail body:
Hi, how are you? My photos Which I promised in attached file

Attchment: photo.zip

............

Tags - hello darling , photo.zip , photo.exe

Get Back to My Office for More Details Spams

Sun, 01 Nov 2009 10:55:09 +0000

I saw lots of spams which contained subject "get back to my office for more details" and attchment "info.zip" in recent two days. Be careful of them.

From: boss <"boss">
Subject: get back to my office for more details
Mail body:
Please read the attached letter and get back to my office for more details to proceed further.

Thanks and have a very nice day.

............

Tags - info.zip , get back to my office for more details

Facebook Password Reset Confirmation Spams

Tue, 27 Oct 2009 01:10:07 +0000

Be careful of the new round of spams about Facebook Password Reset Confirmation.

From: The Facebook Team
Subject: Facebook Password Reset Confirmation.
Mail body:
Hey gt ,

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

............

Tags - facebook password 6ff26.zip , facebook password c92dd.zip , facebook password reset confirmation

Contract of Settlements Spams

Sat, 24 Oct 2009 10:53:50 +0000

There is a new round of spams, which contained the subject titles as "Contract of Settlements" and the attachments as "contract_1.zip".

Be careful.

Subjects: Contract of Settlements

Mail body:
Greetings,
We have prepared a contract and added the paragraphs that you wanted to see in it. Our lawyers made alterations on the last page. If you agree all the provisions we are ready to make the payment on Friday for the first consignment, We are enclosing the file with prepared contract. Password: 34****
............

Tags - contract 1.zip , contract of settlements

Conflicker.B Infection Alert Spams

Tue, 20 Oct 2009 02:30:55 +0000

Be careful of spams about Conflicker.B Infection Alert.

They are the same gang as i mentioned before.

Subject:Conflicker.B Infection Alert
Mail body:
............

Tags - conflicker.b , install.zip

More Spams

Thu, 15 Oct 2009 07:44:19 +0000

Numerous spams had been sent these days. The name of attchments are like "DHL_package_label_1f553.zip" , "DHL_print_label_433a6.zip" , "DHL_Label_a4f79.zip" , "DHL_Package_ac42d.zip" , "install.zip", etc.

Be careful of these spams.

I listed some spams' content:

Quotation

Subject: DHL service. You should get the parcel! Delivery NR.6445
Mail body:
Hello!

The courier company was not able to deliver your parcel by your address. Cause: Error in shipping address.

You may pickup the parcel at our post office personaly!

Please note!
The shipping label is attached to this e-mail. Please print this label to get this package at our post office.

Thank you for attention.
DHL Delivery Services.

............

Tags - dhl label , dhl package , dhl print label , dhl package label , install.zip , trojan.win32.inject

Renren.com XSS Worm

Tue, 25 Aug 2009 01:44:19 +0000

I noticed Sophos and ISC reported a Chinese social web site - renren.com(aka xiaonei.com), was attacked by a flash XSS worm.

If you can read Chinese, you may read more details written by KnownSec Team here.

Tags - renren , xiaonei , xss