Another phishing email targets PayPal users: Email header details: Received: from mail.artworkdigital.com.br (ns1.artworkdigital.com.br [201.86.117.58]) Received: from User (216-107-107-254.static.networktel.net [216.107.107.254]) by mail.artworkdigital.com.br (Postfix) Subject: Periodic Maintenance Date: Fri, 18 May 2012 06:56:...
Continue reading...

Users have reported another malicious email message with subject “Your Bill Me Later notice” that states you have made a payment over the phone of $60.12 to Bill Me Later website. The email body is full of HREF links that point to a lot of malicious URLs, view a screenshot of the email message: Email [...]
Continue reading...

Another malicious link received by an user via Twitter: hxxp:// profitscoaching .info /index.php?eVTv=1336686044437 Whois details: Domain Name: profitscoaching .info Registrar: GoDaddy.com LLC (R171-LRMS) Status: CLIENT DELETE PROHIBITED, CLIENT RENEW PROHIBITED, CLIENT TRANSFER PROHIBITED, CLIENT UPDATE PROHIBITED Expiration Da...
Continue reading...

One user has reported us a malicious URL that is being sent as a private message to the users that are registered on Twitter, the extracted malicious link is: hxxp:// www. delicious-audio .com /wp-content If clicked, it redirects users to a new malicious link: HTTP/1.1 302 Found Date: Tue, 08 May 2012 20:50:06 GMT Server: [...]
Continue reading...

We have logged a new email that looks like to be sent by LinedIn: The email header info shows it is a scam: Received: from lhost10.forahost.net (server-178.211.48.24.as42926.net [178.211.48.24]) Received: from c9069568.static.spo.virtua.com.br ([201.6.149.104]:49583 helo=fixnot.com.tr) by lhost10.forahost.net Date: Fri, 04 May 2...
Continue reading...

Our sandbox has logged various domains with suffix .COM.BR infected with a malicious obfuscated javascript code, that is injected at begin of the HTML pages of the websites, before the initial <html> tag: The malicious script redirects the users to a malicious URL: hxxp:// bylviha .ru/count18.php An example of websites inf...
Continue reading...

We have logged other phishing emails used to steal details of Visa users: From - Mon Apr 23 16:04:50 2012 Received: from ser.just3d.tv (unknown [91.227.127.33]) Received: (qmail 23589 invoked by uid 0); 23 Apr 2012 13:21:36 -0000 Received: from unknown (HELO User) (admin@just3d.tv@151.58.16.184) Reply-To: sicurela@visaltalia.it ...
Continue reading...

We have received few emails that looked like to be sent from LinkedIn: But after checking email header details it was clearly a spam: Return-Path: trtro@www.trt.ro Received: from vps136.whmpanels.com (unknown [89.42.219.181]) Received: from [95.6.42.101] (helo=www.trt.ro) by vps136.whmpanels.com Date: Fri, 30 Mar 2012 21:37:47 +...
Continue reading...

We have received various spam emails that simulate messages from Better Business Bureau (BBB), but in real are used to spread malicious links that leads to Blackhole Exploit Kit. The subject of the emails looks like this: Your updated information is necessary A screenshot of the email: Other details of the emails: Return-Path: &...
Continue reading...

Below there is a list of malicious URLs grabbed from our sandbox that analyzed few recent malware samples, we highly recommend to block these domains with a firewall and with the hosts file (C:\WINDOWS\system32\drivers\etc\hosts). hxxp://195.189.226.104/ftp/g.php hxxp://outkxmkcxkxqqmy. org/news/?s=36052 hxxp://poohfsngrxnlnkr. ...
Continue reading...