Flash-based rogue AV targets users

In a recently discovered spam e-mail campaign promoting fake AV, the links in the messages take users to one of more than 300 compromised domains.

Once users lands on the page, a JavaScript message warning about a “critical process activity” prepares them for a fake scan which immediately starts “running.” “The page uses Flash making it look more convincing with realistic icons, progress bars, and dialog boxes,” according to the researchers.

“Unsurprisingly, the fake antivirus detects plenty of viruses. Decompressing the Flash file and analyzing it shows a huge list of files contained within it. The Flash movie then simply picks some of these at random and claims they are infected (with equally random virus names).”

Users are then offered the option of removing all the found malware. If they choose not to, they are bombarded with warnings about an imminent system crash and urged to change their decision. If they choose to remove the malware, they are offered a “Windows Risk Minimizer” for downloading and, once run, the fake solution appears legitimate. It also runs a scan and finds the system is overrun with malware.

If users still fail to proceed to buy a subscription for the solution and close the window, the fake AV will vex them with pop-up warnings and balloon messages indicating a program was blocked from stealing data, identity theft is in process, or threats of prosecution. It then claims the problems can be solved by buying a lifetime subscription and support for the fake AV for $99.

From Help Net Security

Source: http://www.net-security.org/malware_news.php?id=2046&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

Microsoft, Financial Groups Execute Takedown of Zeus Botnet Servers:

Microsoft has gone after another botnet, this time targeting some of the command-and-control infrastructure behind the Zeus network with a takedown effort that included seizing two IP addresses used for C&C servers and filing suit against 39 unnamed defendants. The action against Zeus is the latest in a string of such moves by Microsoft and some of its partners against the operators of botnets such as Kelihos and Waledac.

Zeus is one of the more widespread and well-known pieces of malware to appear in the last five years and is among the new breed of tools that’s sold in various forms to anyone who can pay the freight. The Zeus kit enables an attacker to monitor a user’s actions on a compromised machine, steal credentials for online banking or other valuable sites and then rack up huge profits. Like other major botnets operating right now, the Zeus network is not one botnet but dozens and dozens of individual networks operated by various criminals around the world.

Read the full story here:  http://threatpost.com/en_us/blogs/microsoft-financial-groups-execute-takedown-zeus-botnet-servers-032612

Facebook ‘Like’ Scam Driven by Malicious Chrome Extension:

A Kaspersky Lab researcher has discovered a Brazilian social engineering campaign that attempts to trick Facebook users into installing a malicious plug-in hosted on Google’s Chrome Web Store.

The Facebook scam-page solicits victims by promising to teach them how to “remove the virus from their Facebook profile.” Securelist claims that the application has 923 users, according to a post by researcher Fabio Assolini.

Users are asked (in Portuguese) to, “1) Click on install app, 2) click on allow or continue, and, 3) click on install now.” Users that decide to click “Install aplicativo” are redirected to the legitimate Chrome Web Store where a malicious extension masquerades as Adobe Flash Player, Assolini wrote.

Once the extension is installed it has complete control of a user’s profile. It then sends messages to that user’s ‘Friends,’ encouraging them to install the malicious extension themselves. The app also sends out commands that make its victims’ profiles ‘Like’ certain pages. This is the point. The scammers have created a service of selling ‘Likes’ to companies trying to promote their profiles on Facebook.

Source: http://threatpost.com/en_us/blogs/facebook-scam-driven-malicious-chrome-extension-032612

Senators ask feds to probe Facebook log-in requests

We knew that political posturing over the privacy brouhaha involving employer requests for access to Facebook accounts was only just getting started.

Today U.S. Sens. Richard Blumenthal (D-Conn.) and Charles Schumer (D-N.Y.) called on two federal agencies — the Department of Justice and the Equal Employment Opportunity Commission — to investigate what they call a “new disturbing trend” of prospective employers demanding job applicants to turn over user names and passwords for their social networks.

Just Friday, in response to complaints from employees, Facebook published a post expressing its opposition to the practice, which it said undermines both the security and the privacy of the user and the user’s friends. Erin Egan, the company’s chief privacy officer for policy, offered that employers who demand password information for prospective employees might just end up getting sued.

Source: http://news.cnet.com/8301-1023_3-57404178-93/senators-ask-feds-to-probe-facebook-log-in-requests/