Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

It is time to update your Web Browser

Published: 2012-02-17
Last Updated: 2012-02-17 18:46:18 UTC
by Mark Baggett (Version: 1)
5 comment(s)

Both Firefox and Chrome have release updates this week.   Firefox has released 10.2 and Chrome is up to 17.0.963.56.  Firefox has released a couple of updates in quick succession with an impressive list of bugs being fixed. Check out this list : http://www.mozilla.org/en-US/firefox/10.0/releasenotes/buglist.html    Consider doing an update soon.

Firefox

Download: http://www.firefox.com

Release Notes: http://www.mozilla.org/en-US/firefox/10.0.2/releasenotes/

Chrome

Download: https://www.google.com/chrome

Release Notes: http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html

Keywords:
5 comment(s)
ISC StormCast for Friday, February 17th 2012 http://isc.sans.edu/podcastdetail.html?id=2335

Intersting Facebook SPAM

Published: 2012-02-17
Last Updated: 2012-02-17 01:27:57 UTC
by Mark Hofman (Version: 1)
5 comment(s)

Facebook is kind of training its user base that it is OK to click on links in emails, as long as they look like pretty buttons.  When there is a friend request, or a comment has been added, in the interest of making sure that you get the message it is emailed. It was probably only a matter of time before Facebook like SPAM/PHISH email started arriving. 

When I received the following, I must confess I nearly clicked it automatically, before I noticed the actual link.

When I did click the link, I got a second surprise.  To be honest I was expecting a facebook login page, failing that I was expecting malware, but what I ended up with was this. Plain old SPAM

Not terribly exciting I agree. What caught my eye however was that the SPAM email looked darn close to the real thing, the emails Facebook users get every day.  

If you have a user base that uses Facebook, you may wish to bring this to their attention.  At the moment it is only SPAM, but it doesn't have to be.

If you are into blocking, this particular SPAM run ends up on 115.145.129.35 (South Korea), loads medicalaf.ru (In China) which redirects to cvecpills.com (In Romania). Not a bad method to get some distance between the emil and the eventual landing page.  Allows them to switch targets easily.

Mark H - Shearwater

 

Keywords: PHISH SPAM
5 comment(s)
Diary Archives