Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2013-12-06 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

VMware ESX 4.x Security Advisory

Published: 2013-12-06
Last Updated: 2013-12-06 21:30:33 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

VMware released an ESX 4.1 update to third party libraries. The complete advisory can be viewed here.

VMware updated advisory VMSA-2013-0007 for ESX 4.0 and 4.1 related to third party update for Service Console package sudo. Additional information on this update is can be viewed here.

ESXi isn't affected by these updates.

[1] VMSA-2013-0015 http://www.vmware.com/security/advisories/VMSA-2013-0015.html
[2] VMSA-2013-0007.1 http://www.vmware.com/security/advisories/VMSA-2013-0007.html

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: ESX 4x Security
0 comment(s)
ISC StormCast for Friday, December 6th 2013 http://isc.sans.edu/podcastdetail.html?id=3710
Reminder: Please help us track fake tech support scams by reporting them here https://isc.sans.edu/reportfakecall.html

facebook, gmail and twitter accounts breached

Published: 2013-12-06
Last Updated: 2013-12-06 02:15:57 UTC
by Mark Hofman (Version: 1)
3 comment(s)

Spiderlabs published an interesting article on this the other day. http://blog.spiderlabs.com/2013/12/look-what-i-found-moar-pony.html

The list has now appeared on pastebin and is being sold for 0.05 bitcoins.  (last time I checked they made about $600 so far).  

If you haven't already you may want to start looking at the strong authentication options for some of these services. 

Mark H

 

Keywords:
3 comment(s)

Windows "Support" calls

Published: 2013-12-06
Last Updated: 2013-12-06 02:09:11 UTC
by Mark Hofman (Version: 1)
16 comment(s)
One of our readers  received a "Microsoft Support" call, finally.  It was to funny not to put up.  Happy Friday
 
"Finally(!), I got one of those unsolicited telephone calls from the "Windows Service Centre".
Caller-ID information showed 'unavailable'.
 
The first caller identified himself as 'Dadge Miller' (or something like that).
He said he was calling from Microsoft headquarters in California.
I said that I thought that their headquarters was in Redmond, Washington.
He said that Microsoft has offices worldwide.
OK, I'll buy that. :-)
 
He said that Microsoft has detected computer-viruses on my computer.
After helping me find the Windows key on my keyboard, he said "press Windows key and R key at the same time".
Then, enter 'eventvwr' and click OK.
When 'Event Viewer' opened, he had me click the 'Application' tab, and said that all the "errors" and "warnings" represented computer-viruses.
OK, I'll buy that. :-)
He had me minimize the window, and back to Windows-R.
Then, enter: www.support.me and click OK.
That launched Internet Explorer, redirecting to: https://secure.logmeinrescue.com/Customer/Code.aspx
He had me enter '702814' and click 'Start Download' and then 'Run'.
Instead, I clicked 'Save' for file: 'Support-LogMeInRescue.exe'.
At this point, I said that my anti-virus software had flagged the download as "unsafe" and that it had deleted the download.
He believed me.  :-)
He passed the telephone call to "Randy Roberts", his supervisor, with an Bangledeshi accent ?!
Then, enter: www.support.me and click OK.
That launched Internet Explorer, redirecting to: https://secure.logmeinrescue.com/Customer/Code.aspx
He had me enter '352632' and click 'Start Download' and then 'Run'.
Again, I said that my anti-virus software had flagged the download.
Then, after a pause, he asked me if there was a Walmart nearby.
 
He offered me two levels of "support" -- one year for 149 dollars (currency not specified) or lifetime for 249 dollars.
I chose the "lifetime" support.   :-)
He told me to go to Walmart, and say that I want to make a Moneygram Money Transfer, citing a "personal" reason.
Recipient name: Tapan Saha (over a dozen people by this name on LINKEDIN ! Lots on Facebook, too!)
Address: Nagaripur
City: Takerhat
Country: Bangladesh.
He said that Microsoft has contracted with this provider in Bangladesh.
He said that the fee will be $299 -- $249 plus $50 for a technician to come to my home to fix my computer, if they cannot fix it over the telephone.
Nice bit of "up-selling".  :-)
 
I said that it would take me some time to get to Walmart, purchase the MoneyGram, and return home.
So, he agreed with my request to call at 1 PM local (70 minutes from the time we talked).
I have an appointment downtown at 1 PM -- guaranteed not to be home at that time!
He said that Walmart will charge me $10 for the MoneyGram.
He confirmed my telephone-number, and gave me his: 727-498-0049,
and told me to ask for "Randy Roberts" if I called him.
 
They told me to turn my computer off before I went to Walmart.
 
While I was out, at my lunch-date, my voice-mail recorded 6 messages -- all "empty" -- two from "unavailable", two from a non-long-distance number, and two from Cincinatti (Ohio).
Obviously, they were spoofing the caller-ID information, repeatedly trying to contact me.
 
M
Keywords:
16 comment(s)
Diary Archives