May 27th, 2008 by Steven Adair
It appears there are now Adobe Flash vulnerabilities live and in the wild on several sites. This is not good considering some of the websites involved in the recent mass SQL injection attacks are aiming to exploit this vulnerability. Basically, if you can’t recall upgrading flash recently, you probably need to go ahead and do it.
You can check your current flash version by clicking here.
You can upgrade to the latest version of flash by clicking here.
Don’t wait - just upgrade right now!
Posted in Malware, Exploits, Random | 1 Comment »
May 20th, 2008 by Steven Adair
The phishers out there are once again finding new ways to obfuscate their URLs in attempts to fool end users. I am pretty sure I saw this method mentioned this elsewhere recently, but I cannot recall where. In any event, this recent phish found itself into SPAM folder on one of my e-mail accounts. Notice the URL they provided:
Subject: Tax Notification
From: “Internal Revenue Service” <taxrefund@1×8c.8xdb95d4.irs.gov>
Date: Tue, May 20, 2008 6:36 am
Internal Revenue Service (IRS)
United States Department of the Treasury
Dear Taxpayer,
After the last annual calculations of your fiscal
activity we have determined that you are eligible
to receive a tax refund of $184.80.
Please submit the tax refund request and allow us
6-9 days in order to process it.
A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying
after the deadline.
To access the form for your tax refund, use the following personalized link:
http://0×7C.0xDB11D1/www.irs.gov/
Regards,
Internal Revenue Service
Document Reference: (0×7C.0xDB11D1).
Notice that the URL is http://0×7C.0xDB11D1/www.irs.gov/ and that they used 0×7C.0xDB11D1 as the “Document Reference” in attempt to make it look more official. Well it turns out that 0×7C.0xDB11D1 really converts to an IP address in Taiwan - 124.219.17.209. Visiting this IP address or the URL abovve ends up redirecting you http://www.comtipps.de/www.irs.gov/index.htm?memberID=0×7C.0xDB.0×11.0xD1.
This then tries to get your social security number, credit card information (including CVV code and ATM PIN), date of birth, full name and address, phone number, and finally e-mail address (wouldn’t one assume they already have this if they e-mailed you? :D). Be on the look out for this slightly different take on an old trick.
Posted in Phishing, Links | No Comments »
