malware

HP Launches Web Series about Security Starring Christian Slater

Excellent video and start to a security web series about security starring actor Christian Slater. Purposed to elevate security awareness around the risks that businesses and consumers face daily. “The Wolf, highlighting how corporate networks can be hacked and what companies must do to protect themselves.”

If you’re not taking your printer security seriously, someone else might be. From director Lance Acord comes The Wolf starring Christian Slater.
To learn more about how to protect your business visit http://www.hp.com/go/ReinventSecurity

Over 1 Million Google Accounts Hacked by ‘Gooligan’

As you know by now from the latest buzz. Over 1 Million #Google Accounts Hacked by ‘Gooligan’. Gooligan itself isn’t new, as its just a variant of  Ghost Push, a piece of Android malware

Researchers from security firm Check Point Software Technologies have found the existence of this malware in apps available in third-party marketplaces.

Once installed it then roots the phone to to gain system level access.  The rooted devices then download and install software that steals the authentication tokens that allow the phones to access the owner’s Google-related accounts without having to enter a password. The tokens work for a variety of Google properties, including Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite

In a recent blog post by the folks over at Check Point:  http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/

“The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device. Our research team has found infected apps on third-party app stores, but they could also be downloaded by Android users directly by tapping malicious links in phishing attack messages. After an infected app is installed, it sends data about the device to the campaign’s Command and Control (C&C) server.

Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153). These exploits still plague many devices today because security patches that fix them may not be available for some versions of Android, or the patches were never installed by the user. If rooting is successful, the attacker has full control of the device and can execute privileged commands remotely.

After achieving root access, Gooligan downloads a new, malicious module from the C&C server and installs it on the infected device. This module injects code into running Google Play or GMS (Google Mobile Services) to mimic user behavior so Gooligan can avoid detection, a technique first seen with the mobile malware HummingBad. The module allows Gooligan to:

  • Steal a user’s Google email account and authentication token information
  • Install apps from Google Play and rate them to raise their reputation
  • Install adware to generate revenue

Ad servers, which don’t know whether an app using its service is malicious or not, send Gooligan the names of the apps to download from Google Play. After an app is installed, the ad service pays the attacker. Then the malware leaves a positive review and a high rating on Google Play using content it receives from the C&C server.”

Android users who have downloaded apps from third-party markets can visit the Check Point blog post for a list of the apps known to contain Gooligan.

Also Check Point has released what is being called the Gooligan Checker web page to be used to check if you have been compromised by this latest threat.

 

 

SOTD: Internal ONLY

This is a forged email originating from Administrator@<yourdomain><tld>

– body –

**********Important – Internal ONLY**********

File Validity: 16/03/2015
Company : http://<domain>.com
File Format: Adobe Reader
Legal Copyright: Adobe Corporation.
Original Filename: Internal.pdf

********** Confidentiality Notice **********.
This e-mail and any file(s) transmitted with it, is intended for the exclusive use by the person(s) mentioned above as recipient(s).
This e-mail may contain confidential information and/or information protected by intellectual property rights or other rights. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this e-mail is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify the sender and delete the original and any copies of this e-mail and any printouts immediately from your system and destroy all copies of it.

– end message –

Atatched file info:

SHA256: de72bdf40d62fc9d9be022d0990bcd73bd2845bacb7d012254c4009c9849b541
File name: SecureMessage.zip

Profiled via virustotal:
https://www.virustotal.com/en/file/de72bdf40d62fc9d9be022d0990bcd73bd2845bacb7d012254c4009c9849b541/analysis/1426513930/

 

Please note:  The company associated with the domain used for this email may not have any knowledge of this email being sent out as its clearly forged.

The best suggestion is to delete this if your spam / malware /antivirus solution has not.

SOTD: Quote

-email body-

Dear,

Per your request, here is the quote from PermaTherm (please see attached). After your review of the quote please give me a call to discuss if you have any questions.

Please let me know if your project requires engineering services or shop drawings. These services are not provided by Permatherm but we will be happy to provide a referral.

Thanks again for the opportunity to serve you,

Brigette Adams
Inside Sales

PermaTherm Inc.
The Green Choice
269 Industrial Park Rd.
Monticello, GA 31064
706-468-7500 (Main)
706-819-5072 (Direct)
877-468-7500 (Toll Free)
706-819-3012 (Cell)
brigette@permatherm.net
www.permatherm.net

-end email-

Attached file info:

SHA256: 1b8a0ee0ad1e9349ea8c6a20929759a1f22395a4d71f3e2c158f28edd99e0b28
File name: document.zip

Profiled via virustotal

https://www.virustotal.com/en/file/1b8a0ee0ad1e9349ea8c6a20929759a1f22395a4d71f3e2c158f28edd99e0b28/analysis/1426168464/

 

Please note:  The company associated with the domain used for this email may not have any knowledge of this email being sent out as its clearly forged.

The best suggestion is to delete this if your spam / malware /antivirus solution has not.

SOTD: Please

-email body-

Good Afternoon,

 

Please find attached notice regarding carriers pre-filing for an additional General Rate Increase for effective date of April 9, 2015.  Please note, we are advising you of this filing in order to comply with FMC regulations.  However, we feel it is unlikely that the carriers will be successful in implementing this increase, especially since the March 9th GRI has already been postponed to March 17th.  We will continue to keep you updated as we receive additional information pertaining to these filed rate increases.

 

Phoenix Zhang-Shin

Director

P & J International Ltd

Calverley House, 55 Calverley Road

Tunbridge Wells, Kent, UK TN1 2TU

Tel: 0044 1892 525588

Fax: 0044 1892 522277

Mob: 0044 7771802252

 

This email and any attachments are confidential and solely for the use of the intended recipient. They may contain material protected by legal, professional or other privilege. All correspondence with and communication with us is governed by and subject to our Standard Terms and Conditions of Sale (March 2010) (Our STCs), a copy of which has been provided to you and which is available on request or on our web-site

– end email – 

Attached file:

SHA256: e2b2d125ccc83ce749c6e5bcba2e64c764f764afe35d13616c4d348a45c8bf3b
File name: documents-id323.zip

Analysis reference: https://www.virustotal.com/en/file/e2b2d125ccc83ce749c6e5bcba2e64c764f764afe35d13616c4d348a45c8bf3b/analysis/1426087752/