C.I.S.R.T.

IM-Worm.Win32.Zeroll.a

Tue, 24 Aug 2010 01:27:03 +0000

Kaspersky reported a new IM-Worm "IM-Worm.Win32.Zeroll.a" was spreading in Latin America.

According to Kaspersky's description:

Quotation

On Aug 21, we (Kaspersky Lab) detected a new instant messenger worm that spreads through almost all well-known IM programs, including Skype, GTalk, Yahoo Messenger and Live MSN Messenger. The name of the threat is “IM-Worm.Win32.Zeroll.a”

It “speaks” 13 different languages (including Spanish and Portuguese) according to the local language of the infected Windows computer. There are some characteristics that show the worm originated Mexico. It is written in VB and the C&C is located on an IRC channel (an old botnet technique recycled by the Mexican coders).

So all the IM users should be careful of this worm.

Tags - im-worm.win32.zeroll.a

Fake iTunes Gift Certificate

Fri, 07 May 2010 08:32:29 +0000

We recevied spams about fake iTunes Gift Certificate. Be careful of these spams.

Subject:Thank you for buying iTunes Gift Certificate!

Body:
Hello!
You have received an iTunes Gift Certificate in the amount of $50.00 You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.

iTunes Store.

Attachment: iTunes_certificate_447.zip

Tags - itunes certificate 447.zip

The Death of Mr.Jiangmin Wang

Mon, 05 Apr 2010 08:38:01 +0000

I just heard this bad news from Jiangmin Anti-virus Company.

Mr.Jiangmin Wang, Branch Chairman of Jiangmin, died in Beijing due to illness at 9:20a.m. on April 4, 2010.

The color of the chinese homepage of Jiangmin has turned to be gray.

Baidu.com DNS hijacking

Tue, 12 Jan 2010 02:47:05 +0000

We received lots of reports about Baidu.com, the most popular search engine in China, had been unavailable since this moning.

As the time of writing, Baidu.com is also unavailable.

We noticed this case may be caused by DNS hijacking by the “Iranian cyber Army”, the same guys we mentioned several weeks ago.

A related news: Baidu, China’s Largest Search Engine, Hacked by “Iranian Cyber Army”

............

Tags - baidu.com , dns , hijack

ISC: Twitter outage via DNS hijacking

Fri, 18 Dec 2009 08:31:18 +0000

I just saw Sans.org reported that Twitter outage via DNS hijacking.

A reader posted a image in the comments of this report.

http://i.imgur.com/Q1EgM.jpg

Tags - twitter , hijack

First iPhone Worm Ikee

Mon, 09 Nov 2009 00:43:26 +0000

There are lots of reports about first iPhone worm "Ikee" today.

F-Secure: First iPhone worm found

Sophos: First iPhone worm spreading in the wild

ISC: iPhone worm in the wild

Tags - ikee , iphone

Spams with Hello Darling

Tue, 03 Nov 2009 11:37:52 +0000

The spams had been sent with the subject "Hello Darling" and attchment "photo.zip".

Subject: Hello Darling
Mail body:
Hi, how are you? My photos Which I promised in attached file

Attchment: photo.zip

............

Tags - hello darling , photo.zip , photo.exe

Get Back to My Office for More Details Spams

Sun, 01 Nov 2009 10:55:09 +0000

I saw lots of spams which contained subject "get back to my office for more details" and attchment "info.zip" in recent two days. Be careful of them.

From: boss <"boss">
Subject: get back to my office for more details
Mail body:
Please read the attached letter and get back to my office for more details to proceed further.

Thanks and have a very nice day.

............

Tags - info.zip , get back to my office for more details

Facebook Password Reset Confirmation Spams

Tue, 27 Oct 2009 01:10:07 +0000

Be careful of the new round of spams about Facebook Password Reset Confirmation.

From: The Facebook Team
Subject: Facebook Password Reset Confirmation.
Mail body:
Hey gt ,

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

............

Tags - facebook password 6ff26.zip , facebook password c92dd.zip , facebook password reset confirmation

Contract of Settlements Spams

Sat, 24 Oct 2009 10:53:50 +0000

There is a new round of spams, which contained the subject titles as "Contract of Settlements" and the attachments as "contract_1.zip".

Be careful.

Subjects: Contract of Settlements

Mail body:
Greetings,
We have prepared a contract and added the paragraphs that you wanted to see in it. Our lawyers made alterations on the last page. If you agree all the provisions we are ready to make the payment on Friday for the first consignment, We are enclosing the file with prepared contract. Password: 34****
............

Tags - contract 1.zip , contract of settlements