| Author |
Topic: Beware malware codes embedded in email scams |
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 12 Jun 2012 2:23 pm |
|
Today, I received two back to back email malware scams that were unusual, not in that they contained malware, but because of how it was delivered. Both emails had the subject: Re: URGENT. The senders are spoofing linkedin.com and sbcglobal.net.
Anybody opening or previewing these emails in an HTML rendering email client, with JavaScript and iframes allowed would be instantly attacked.
If you have such an email with the aforementioned subject in your inbox, do not open it until you first switch your email client Reading preferences to Plain Text. This allows you to safely view the contents of any email. If you see line, upon line of JavaScript functions, along with an iframe tag leading to a remote file with a name like "mail.htm" - it is the BlackHole Exploit code, meant to draft your computer into a botnet, steal your bank accounts, use your PC for spamming and hosting evil codes and attacking other websites.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Richard Sinkler
From:
aka: Rusty Strings -- Missoula, Montana
|
Posted 12 Jun 2012 3:52 pm
|
|
| Quote: |
| HTML rendering email client |
Would this be email services like gMail, Hotmail, AOL, etc...??
I have been getting emails where the subject says "Urgent" for many months now. They hit my spam folder and I always delete them and never open them. My girlfriend has AOL and I am afraid she wouldn't catch these.
_________________
Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, Recording King Professional Dobro, NV400, NV112,Ibanez Gio guitar, Epiphone SG Special (open D slide guitar) . Playing for 55 years and still counting. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 12 Jun 2012 4:02 pm
|
|
| Richard Sinkler wrote: |
| Quote: |
| HTML rendering email client |
:?: :?: :?: :?: :?: :?:
Would this be email services like gMail, Hotmail, AOL, etc...??
I have been getting emails where the subject says "Urgent" for many months now. They hit my spam folder and I always delete them and never open them. My girlfriend has AOL and I am afraid she wouldn't catch these. |
I do believe that if you and your GF were to be logged into your email web page, there will be a link, typically on the upper right side, labeled something akin to Options, or Preferences. Clicking on that link will reveal all options at your disposal regarding how and how much email is displayed.
Reading email in plain text can be trying, as most commercial email in composed in HTML. People sending images inline are using HTML. Rich text is considered HTML.
The best thing that could happen would be if you and she have an easily switched view setting to toggle from Plain Text to HTML.
Further, only allow messages from senders on a "safe List" or Whitelist to be delivered to the Inbox folder. Route everything else to Junk. If there is a setting to read Junk mail in plain text, apply that option.
Another protection for Webmail users is to only use Firefox, along with the NoScript Add-on, installed and enabled. By default, it blocks JavaScript and Java from functioning in the browser. This in itself defeats the BlackHole Exploit Kit.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 12 Jun 2012 4:16 pm
|
|
This is a shameless plug for a security program I use and am affiliated with.
Trend Micro security programs all include a module that links to their cloud servers, which have the most up-to-date definitions of malware AND the location of exploit servers and compromised innocent websites. If you are lured to such a site, Trend Micro's Smart Protection Network will intercept your click and display an unmistakable warning page that the destination has been deemed dangerous to your computer.
One can override this blocked page feature, and I do occasionally. I am protected anyway because I use the NoScript Add-on, AND operate with less than Administrator privileges. Furthermore, my PCs are also protected by Trend Micro in realtime, should anything evil get downloaded by actions I take (intentionally, or by being tricked), or even zero-day exploits that bypass any interaction with the user.
Anybody who would like to learn more about these Security programs and features is invited to read my Trend Micro security products page.
As much as I appreciate freebies, I have stopped using any free anti-virus software and gone commercial. The threatscape changes too quickly for a once or twice a day update to keep you well protected. I research this stuff every day. It is a jungle out there.
All day long, after a quiet week of nothing but spam for drugs and diplomas, almost everything not legitimate is now an exploit attack, leading to the BlackHole Exploit Kit. There are now scams in the wild spoofing Twitter, Facebook, LinkedIn, wire transfers, MySpace, Xanga, and other social networking websites.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
