R3v3rs3e's Blog

Posts Tagged ‘social engineering’

Social Engineering Tactics Promote “Miracle” Berries

Posted by Steve Espino on January 22, 2010

I received an unlikely Yahoo! IM from a long time friend with whom I have not been in contact with for quite a long time.

Af first I thought, wow this would be a good time to catch up.

She buzzed me and asked me if I was busy, then gave me a URL to try out very quickly and tell her what the results tell me.

Well, here’s the screenshot:

The link was: hxxp://freakyloverresults.com

At this time I was already suspicious about the whole thing. So I tried out the link in a controlled environment. There were a series of redirections and my browser was redirected to:

hxxp://www.acaipowermax.com

It seems that whoever I was talking to was not my friend (possibly a bot). She might have been a victim of a phishing scam, and her Yahoo! IM account was being used as part of this social engineering tactic in order execute the Acai Berry spam which has been bugging people for ages.

This one was a bit harmless as the whole exercise was just another form of spam. But as always, I would like to remind everyone to be careful of clicking links, even if they come from people you know.

Posted in Uncategorized | Tagged: , , , , | 2 Comments »

Eric Dane threesome video links used to serve DNS Changer malware

Posted by Steve Espino on August 19, 2009

cover

A recently leaked threesome sex tape, involving Grey’s Anatomy’s “McSteamy” Eric Dane and wife Rebecca Gayheart, has been circulating around the internet. And we all know that controversial stuff like these are often taken advantage of and used to distribute malware using techniques such as social engineering and SEO (search-engine optimization). Users of one particular website have been spotted to be talking about the sex tape. There was no video on the site itself so people wanting to see the video might be enticed to clicking the links posted by fraudulent users and are tricked into downloading and installing malware on their computers.

There’s one such post suggesting we go to hentaiplace.org to watch the leaked video:

3somecomment

Here the malware poses as a fake video codec Divxcoder that users need to install in order to watch the video.
hxxp://hentaiplace.org/play.php?id=Eric_Dane_and_Rebecca_Gayheart_sex_tape

hentaiplace

Following the download link hxxp://hentaiplace.org/promo.php, we are redirected to hxxp://fiopolosa.com/download/7933547766773d3dd846130c20090815/FlashCodecPlugin.exe

The malware presents the user with a License Agreement while doing its dubious deeds in the background. And you don’t even need to agree to the License Agreent to install the malware!

divxcoder

The malware changes the affected computer’s DNS settings to use the following IP Addresses as DNS servers:
85.255.112.80
85.255.112.168

This means that the affected computer’s will have to contact these IPs for name resolution and this gives the bad guys a really good opportunity to redirect users to fake websites and steal passwords, login details and other confidential information.

PCTools Spyware Doctor detects the malware as Trojan.DNS_Changer.

This malware employs Rootkit.TDSS and Trojan.TDSServ in order to hide its presence on the infected machine.

Posted in Malicious Intent | Tagged: , , , , , , , , , , , , , , , , , , , | Leave a Comment »

 
Follow

Get every new post delivered to your Inbox.