Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

McAfee lists the top phishing threats for September

McAfee : 24 September, 2007  (Technical Article)
Bank customers continue to be the main target for phishing fraud in top ten listing for September issued by McAfee
Top 10 Phish Scams:
1 Volksbanken Raiffeisenbanken AG Bitte.
2 Important Notice - E*TRADE FINANCIAL Corp.
3 Service PayPal - Update Your PayPal Information.
4 CITIZENS BANK Technology Solutions.
5 Attention to all clients of CITIZENS BANK.
6 CITIZENS BANK informs about danger.
7 MONEY MANAGER GPS ONLINE informs about danger.
8 CITIZENS BANK web solution.
9 Important Notice.
10 Citizens Bank customer service: official information!.

Top brands targetted by phishing scams:.
Citizens Bank - 56.54%.
VolksBank - 42.79%.
Bank of America - 0.18%.
Amazon - 0.18%.
Wachovia - 0.13%.
PayPal - 0.09%.
RBC Royal Bank - 0.4%.
Others - 0.4%.


The most prevalent threats for July 2007 - This is a monthly tracker of the leading threats that are infecting computers across Europe and each threat has been detailed below:.

Name of Threat: W32/Zhelatin.gen!eml.
Type of Threat: Virus.
Threat aimed at: This is a detection of spammed email messages used to entice users into visiting sites hosting exploits that would result in a drive-by download. This is the first part in a three-stage infection of W32/Nuwar@MM. The Java Script used in the second stage of infection is detected as JS/Downloader-BCZ.

A user receives an email titled "You're received a postcard" in his inbox and is requested to open the link contained in the message body in order to view the virtual postcard. On visiting the link, a cocktail of browser and application exploits that attempts a drive-by install of malware on the users machine is performed.

The URL in the message points to a site hosting a cocktail of browser and application exploits. On visiting the site, a silent drive-by install of malware is attempted on unpatched machines.
No. of PC's scanned: 890,951.
PC's Infected: 7.43.

Name of Threat: VBS/Psyme.
Type of Threat: Program.
Threat aimed at: Several cases have been reported to AVERT as potential incorrect identifications of JS/Wonka, which turned out to be accurate hits. These observations were typically made upon visiting hacked web pages. These hacked pages have an IFRAME inserted that point to an external website containing malware such as Exploit-Codebase, Exploit-ANIFile, W32/Dumaru.gen, and Exploit-MhtRedir.gen.

This is a generic detection for highly obfuscated JavaScript. The signature is based on specific characteristics of the encryption.
Because this is a generic detection there is no specific description of the activity undertaken by JavaScript detected under this name, however these can include malicious activity such as downloading and executing files.
No. of PC's scanned: 857,790.
PC's Infected: 5.89.

Name of Threat: JS/Wonka.
Type of Threat: Trojan.
Threat aimed at: Several cases have been reported to AVERT as potential incorrect identifications of JS/Wonka, which turned out to be accurate hits. These observations were typically made upon visiting hacked web pages. These hacked pages have an IFRAME inserted that point to an external website containing malware such as Exploit-Codebase, Exploit-ANIFile, W32/Dumaru.gen, and Exploit-MhtRedir.gen.

This is a generic detection for highly obfuscated JavaScript. The signature is based on specific characteristics of the encryption.
Because this is a generic detection there is no specific description of the activity undertaken by JavaScript detected under this name, however these can include malicious activity such as downloading and executing files.


Indications of Infection - Vary.
Method of Infection:
JS/Wonka may be used as a means to load other malicious scripts and exploit trojans.
No. of PC's scanned: 890,951.
PC's Infected: 5.79.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo