Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-03-08 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Bargain: 10'000 infected PC's for only 25$

Published: 2006-03-08
Last Updated: 2006-03-08 18:21:19 UTC
by Daniel Wesemann (Version: 1)
0 comment(s)
Just got this one, sent in by a reader who received it as email:

Dear Sir/Madam, Hello! We are internet hackers crew. We propose you for sale some interesting things: - private exploits - http://some.site.in.ru - stolen credit cards and bank accounts - http://some.site.in..ru - we infect users pc's with your trojan for low prices (10000 infected pc's for 25$) - http://some.site.in.ru - bulletproof dmains and hosting - http://some.site.in.ru Best offer - bulletproof domain + hosting =0 usd/week. You can use this hosting for any scam/fraud and nobody will close it! For more information look at - http://some.site.in.ru P.S. We are registering bulletproof domains on our partner site http://www.other.site.in.ru/ there we have "our" people to guarantee stability of our domains and hosting so any organization like spamhaus.org cannot down our hosting and domains. We are now spaming 5 000 000 people look out the domain is alive as always and never gonna be down !! Please go and order our services at: http://some.site.in.ru

(I have disguised the domain, of course, for apparent reasons)

Keywords:
0 comment(s)

"Free" exchange rate conversion

Published: 2006-03-08
Last Updated: 2006-03-08 08:59:32 UTC
by Daniel Wesemann (Version: 1)
0 comment(s)

This one is for our readers in Europe... If one of your users should be searching for a "currency" or "exchange rate" conversion tool with one of the more popular search engines, chances are he/she will end up on a link or site like this one



Maybe it's best if you don't go there now - we can't vouch for what the page does once they become aware that their "tool" is mentioned in our diary. What the page used to do as of 10min ago is present the user with a lovely, extensive and complete list of currencies and exchange rates to convert from and to. All for free. The only catch being, the user gets the "result" of his calculation as ... an EXE download



The download contains what some of the AV vendors refer to as Dropped:Trojan.Downloader and Trojan.Muldrop.  If you are using any sort of URL filter, web-url.de and wechselkursrechner.de should maybe be part of your filter list if exe downloads make it past your perimeter otherwise.




Keywords:
0 comment(s)

Cingular wireless outage

Published: 2006-03-08
Last Updated: 2006-03-08 00:32:56 UTC
by Johannes Ullrich (Version: 3)
0 comment(s)
Our reader Kevin alerted us that Cingular Wireless is experiencing a widespread outage.

Right now, it looks like the outage effects mostly the north east. One reader mentioned that Cingular links the outage to a worm, but a Cingular representative stated that the outage is not worm related.

A Cingular support representative confirmed an outage in the North East, but didn't comment about the worm. A couple test calls to Cingular customers went through ok, so its not a "total outage". Appearently, Cingular to Cingular calls are more likely to be affected, and one user reported that old AT&T phones where down, while newer Cingular phones worked fine

We are now receiving more reports that things are back to normal.



Keywords:
0 comment(s)
Diary Archives