Skip to content

Gotham Security Daily Threat Alerts

by on January 16, 2015

January 15, Softpedia – (International) Google AdSense used for malvertising campaign. Researchers with Sucuri identified at least two AdWords campaigns using Google’s AdSense program to modify legitimate ads in order to redirect users to fraudulent Web sites. Source

January 15, Softpedia – (International) LinkedIn phishing uses HTML file to steal credentials. A researcher with Symantec reported that a recent phishing campaign designed to harvest login credentials for professional networking service LinkedIn uses a modified HTML file that contains the legitimate code from LinkedIn’s login page but instead redirects the information to the attackers running the campaign. The use of an HTML file prevents users from being protected by blacklists and also allows the attacker to use several techniques to avoid automatic phishing detection methods. Source

January 15, Softpedia – (International) Bogus Oracle patches flung by malicious websites. Oracle posted a warning to users the week of January 12 stating that it had received information on several fraudulent Web sites claiming to provide patches for Oracle products that are in fact malware. Oracle advised users to only download patches from its official sites and asked users encountering the fraudulent sites to report them. Source

January 15, CSO – (International) Mobile malware up 77 percent in 2014. Lookout Inc., released a report on mobile malware and found that the mobile malware encounter rate for 2014 increased from 4 percent in 2013 to 7 percent, a 75 percent increase. The researchers also noted that mobile malware attacks increased in both sophistication and frequency during the past year, among other findings. Source

January 14, Softpedia – (International) CryptoWall makes a comeback, version 3.0 spotted in the wild. Microsoft researchers and an independent researcher identified a new version of the CryptoWall (also known as Crowti) ransomware dubbed CryptoWall 3.0 that contains localized ransom messages and directs victims to several addresses located on the I2P anonymity network, or the Tor network as a fallback. The malware encrypts victims’ files and demands a $500 ransom be paid in Bitcoin virtual currency in order to decrypt the files. Source


From → Security

Comments are closed.

%d bloggers like this: