GLOBAL SECURITY ADVISOR RESEARCH BLOG

Scam lotteries have been a frequent issue in the past and they continue to exist following the media trend.
Total Defense Intelligence Service (Research ISI Team) today caught an interesting email pretending to come from Facebook’s CEO Mark Zuckerberg.

The email clearly informs of a fake lottery win, getting the user to contact a Mr. Douglas Price as a fiduciary agent who will handle the award.

Our first indicators of ransomware were trojanised emails masquerading as police warnings against end users. (Ransomware Exploits the Italian Police) and now  it seems to have evolved into leveraging a Fake Windows Update system.
It is the  result of an aggressive campaign originating in Germany where users receive emails similar to the following:

It is a very common habit of internet users to download the videos or unknown software from the reputed video sharing websites. There is nothing un-common in doing so, but there could be a chances of luring the users in the form of presenting advertisements to the types of interesting draw contests of false websites which in turn loss of money if attempted to purchase.

I have come across the similar scenario when I have downloaded the video.

News trending on most major, and a few tech websites, is the re-animated emergence of a digital avatar resembling a long deceased musician.
2Pac videos have gone viral, and as expected it’s almost too good an opportunity for the malware guys to pass up.

It must be mentioned that the video format itself is not immune to embedded malicious links, but this time, the links are far more obvious.
In fact, the links are in plain sight. Almost “Helpful” and benign looking... if only they were!
See screen grab.

Another new malware has been discovered that exploits the CVE-2012-0507 Java Vulnerability, the same vulnerability that OSX/Flashback used. The latest variant of this threat have been found using the same exploit that OSX/MS09-027!exploit used.

This new malware is taking advantage of an old vulnerability in Microsoft Word (MS09-027). This vulnerability has been already patched since 2009, which could allow remote code execution if a user opens a specially crafted Word file. This malware is detected as OSX/SabPub.A.

Once executed, OSX/SabPub.A, the decoy Word file will be executed, it will cause distraction to the user to hide its malicious activity in the background.