Alexandru Catalin Cosoi

Domain ID:D158376320-LROR
Domain Name:UPDATEFM.ORG

Created On:16-Feb-2010 12:41:27 UTC
Last Updated On:16-Feb-2010 12:41:29 UTC
Expiration Date:16-Feb-2011 12:41:27 UTC
Sponsoring Registrar:eNom, Inc. (R39-LROR)

would it be … a rogue AV?

Some random code from the HTML source:

for(i=0;i<4;i++) { $("#warn_"+i).my_hide(); }
//$(".ch_bg").animate({width:"415px"},scen_time*1000);
percentTic = setInterval(doUpdatePercents,scen_time*10);
warnTic = setInterval(doShowWarns,scen_time*250);
blinkTic = setInterval(doBlink,1000);

Cool stuff!

Advantages of online flirting:

1. online gifts (mostly free)
2. you can do it from the comfort of your home, while having dinner or watching tv
3. you can pose as someone younger or older, male OR female

According to an older Nielsen study on Valentine’s day (and the entire week)

1. one of the most important weeks for sales on chocolate candy
2. people don’t buy more sparkling wine bottles, but they do spend more for a bottle
3. during that week, and six weeks after, more pregnancy tests are sold that any other time of the year
4. and obviously and most important is that dating services advertise more this time of year on Internet, TV and magazines.

Social Media Stats:

1. 1.37 tweets per second which contain the word “valentine” a week before the V day
2. 10 tweets per second which contain the word “valentine” during the V day
3. 23,700,000 google results for “online dating”
4. 119 results if you google for ”scamming women on dating sites” between January 1st and today
5. 129 facebook applications related to valentine’s day
6. over 500 facebook pages that have valentine’s day in the title
7. one tweet at every 8 seconds contains the word “dating”

Why do you do it?

1. people expect to receive promotions
2. people expect sales on gifts for both real and online shops

Why is it hard to obtain statistics on scammed people?

1. because usually involves a conversation
2. the process cannot be automatized
3. victims become aware of the fraud after 2-3 months that their identity was used by someone else

How do you protect yourself?

1. use a security solution (doh!)
2. obviously, if you receive the dating site address from a spam message (email spam, twitter spam… and so on) it is not a good idea to go there
3. there are also real and legit dating services out there, but that doesn’t mean scammers aren’t using that service.
4. be very skeptical. you might believe that if you do not give your card details you will be safe. Giving away your email address also it seems pretty ok, since already a bunch of people know that address. But email + where you were born, who was your teacher, oh… mine also can lead to answering the security questions and reseting the password.
5. when joining a dating service, the user could check when that website was registered and created. A site registered 4 days ago and which states it already has 10 mil users might be a very good indicator of a fraud.
6. check with google safe browsing
7. try saf.li to scan first
8. do your homework before joining (spend 5 minutes googling the site)
9. if you are into social media, ask people about it (your friends and stuff) ….
10. try quickscan.bitdefender.com

podcast

This post is two weeks old, but I forgot to push the publish button:

• Two variants so far: Win32/Zimuse.A and Win32/Zimuse.B/zipsetup.exe
• They pose either as a fake IQ test, or as a self-extracting zip archive
• Upon execution, the malware will attempt to spread through removable media and overwrite the MBR of all available drives after 40 days for variant A, and 20 days for variant B.
• Variant A needs 10 days to start spreading via USB devices, variant B needs only 7 days since infiltration.
• In order to execute on each Windows boot-up, the worm sets the following registry entry:  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]“Dump”=”%programfiles%\Dump\Dump.exe
• It also creates two driver files, namely:  %system%\drivers\Mstart.sys and %system%\drivers\Mseu.sys
• All windows 32 bit versions are vulnerable
• The IQ test may come from various places like emails, torrent sites, network shares or dc hubs. Also when downloading/opening files from unsecure
• Because there is a (long) time between the moment of infection and the time that this virus will activate, it’s difficult to appreciate how much this worm
• has spread.
• It takes into consideration only the system date. Moving the date in the future will activate the payload. Moving the date in the past will fool the malware
• Removal tool (and other data): http://www.zimuse.com

By Alexandru Trifan!

So I guess the holiday campaign starts now.

- Hey sir, what would you like from Santa?

- Are you interested in some cheap canadian pills?

What is it?

It is a network worm that takes advantage of vulnerabilities in Microsoft Windows to spread. Initially it used to be the vulnerability described in MS08-067 regarding the RPC Server Service issues, but then it was also able to spread through windows shares and removable storage devices.

How can you get infected?

• if you do not perform your windows updates (yes, I know… sometimes you have to restart your computer, but still!) and if you do not have a security solution installed.
• if the administrator account on the attacked system has a week password (1234567890, admin and even qwerty are NOT good passwords)
• if the computer has the Autoplay feature enabled (who here knows how to disable this?) and an infected mapped/removable disk is attached (everyone has at least one USB stick)

What does it do?

Not much. But could transform your computer into a drone from a larger botnet. It’s like a huge corporation, and your computer just received a nice job in the company. A massively underpaid one!

What can you do with a botnet?

1. Corruption of Defensive System - The most dangerous aspect related to Conficker infection is that it completely neutralizes defensive systems. In other words, any infected machine holds a huge security breach that can be exploited anytime from now on. It is like having a house with a door wide open all the time, even when you sleep or go to work or in vacation.
2. Distributed Denial of Service – we all know what DDOS is
3. Pay-per-Click Systems Abuses and Frauds – oldie but goldie
4. Key Logging, Traffic Monitoring and Mass Identity Theft
5. Spamming – most probably

Whitepaper – http://www.bitdefender.com/files/Main/file/Conficker_-_One_Year_After_-_Whitepaper.pdf

You are going to like the whitepaper. Did you know a couple of weeks ago we had conficker’s aniversary?

Podcast - http://news.bitdefender.com/site/viewPage/multimedia.html

Tips

1. Check with your operating system provider on a regular basis – download and install the latest security updates, malware removal tools, as well as other patches or fixes.
2. Install and activate a reliable password protected antimalware, firewall,
3. spam filter and parental control solution, like those provided by BitDefender.
4. Update your antimalware, firewall and spam filter as frequent as possible,
5. with the latest virus definitions and suspicious applications/files signatures.
6. Scan your system frequently.
7. Stay informed about e-threats and security.

American Express Phishing eMail

This looks rather nice and organized. Looks almost the same as the “template” for the Facebook phishing. Is Spam becoming more… elegant?

I’m planning to clear all spam comments from my blog.
Why? Because I want to start blogging again (yes, I watched Julie and Julia).

Now… it may sound weird, but if any other blog spammer wants to add this blog in their list of targeted blogs, please do. We will soon release a surprise for them!!!!

Will let you know when I’ll be spam free. Give me a couple of hours!