Category Archives: SPAM & SCAMS

  • 0
Bellarine Peninsula Map

RANSOMWARE HIGHWAY ROBBERY

Category : BLOG , SPAM & SCAMS

Ransomware is in full bloom – Protect yourself now!

Ransomware is a big problem and its growing way faster than your peonies and petunias are. In fact in just the second quarter of 2015 there were 4 million new incidents of Ransomware alone.

It has grown in numbers from a relatively minor bother, mostly found in Russia into a world-wide scourge, leaving no corn-near of the globe unaffected.

In terms of sophistication, Ransomware is constantly evolving as well. The first noted case, which was almost laughable by today’s standards, was created in 1989 by the less-than-stable biologist, Dr. Joseph Popp. Popp’s version was distributed through a disk that was supposed to contain an AIDS education program. Instead user’s computers were locked and Dr. Popp would ever so generously unlock them for just $198.

Today if you were to get tangled up by some form of Ransomware 2.0 such as the notorious Cryptolocker, it would cost you anything from approximately $600-2000 to unlock your device. And, as with all aspects of the nasty bugger, don’t even think about trying to pay with credit card or, *gasp*, cash, Nowadays savvy hackers only accept payments via bitcoin, which that means if you’re the unlucky victim, you also have to figure out how to set up a bitcoin account and get money in the account, all so the hackers can retain their anonymity as long and as well as possible.

In ransom wares earlier incarnations it seemed that such evil exploits were limited in scope to PCs but not so anymore. Today, hackers can take just about anything ransom, from your PC to your Mac or Linux, your iPhone or android and even your fitness trackers. Today nothing is safe from ransomware, not even your allergies (gehzundheit!). And the locking methods are much, much more effective. Back in Dr. Popp’s days (cue the mad scientist evil laugh), he used a relatively easy-to-reverse locking technique called symmetric cryptography. The lockers of today use super-strong encryption methods that simply cannot be reversed without the correlating unlocking keys. Talk about raining on your parade.

Ransomware affects home users, small businesses, mega corporations, governments and don’t forget the perps new favorite target, hospitals networks. The situation has become so perilous that on March 31st the US and Canada issued a joint cyber alert imploring citizens to take the threat seriously and use the Internet with forethought and caution.

Here are some things you can do to keep your computer and devices safe from the big bad ransomware.

  • • Keep away from shady links in the body of emails and attachments and on websites Clicking on malicious links that are designed to appear legit can cause your computer or device to download locking malware among other baddies.
  • • Back up your files. When it comes to beating ransomware, this is one of the most important things you can do because when it comes to soothing like Cryptolocker, there is no known solution other than paying up or starting over.
  • • Keep your ZoneAlarm software and Operating System updated. Malware and zero-day exploits including Ransomware just love to meet up with an operating system or other software that’s in need of updating or patching. One of the very most effective methods to keep hackers out it to ensure that your device is always running the most recent version of software and that your OS is always at the most current version.
  • • Run ZoneAlarm Extreme which will alert you to anything suspicious that might be trying to get onto your computer. The dual protection of AV and firewall increases the chances of any infiltrators being caught.

At ZoneAlarm, everything’s comin’ up roses Stick with us here at ZoneAlarm to find out all the latest ransomware-related news and have a great, ransomware-free May!

ZoneAlarm logoTrusted by more than 90,000,000 users worldwide

  • 0
Bellarine Peninsula Map

Hacked Compromised WordPress Sites

Category : BLOG , SPAM & SCAMS

What Hackers Do With Compromised WordPress Sites : wordfence.com

We often talk to site owners who are surprised that their sites are targeted by attackers. Most of them assume that if there isn’t any juicy data to steal, like credit card numbers, that compromising their site is a worthless exercise. Unfortunately they are wrong. Aside from data, a compromised site’s visitors can be monetized in various malicious ways.  The web server can be used to run malicious software and host content and the reputation of the domain name and IP address can be leveraged.

Last month we ran a survey that included the following open ended question for people who reported that their site had been compromised:

What did the hackers do to your site?

We received a total of 873 responses that could be categorized, which we did by hand. The chart below reflects the results. Many of the responses described multiple categories, so the percentages on the chart below deliberately add up to greater than 100%.

We did not include categories for “installed backdoor” or “installed malware”. We consider that to be more of a means to an end. Instead we focused on answering the question, “what’s in it for the attacker?”.

what_attackers_do_to_wordpress_sites

As you can see from the chart there are a wide variety of things that attackers are doing with compromised WordPress sites. Let’s take a look at each of them, so we can better understand the motive behind the attacks that we are constantly defending against.

 

Conclusion

If you were of the opinion that your site couldn’t possibly be of interest to hackers, we hope that this post has changed your mind and given you some insight into their motives and methods.

Regardless of what you use your site for, how much traffic it gets or how inexpensive your hosting plan is, an attacker can figure out how to make use of it if they can break in. To learn about how attackers gain access to WordPress sites, check out our blog post from last month.

This entry was posted in Learning, Research, WordPress Security on April 19, 2016 by Dan Moen


  • 0
www.easydomainsubmitt.com Spam-Scam

Unbelievable Email Scam Spam

Category : BLOG , SPAM & SCAMS

Dont fall for this rubbish!

Attention: Important Notice , DOMAIN SERVICE NOTICE
Domain Name: xxxxxx.net

ATT: Xxxxxxx  Xxxxxxxxxx
xxxxxxxxx.net
Response Requested By
9 – March – 2016

PART I: REVIEW NOTICE

Attn: Xxxxxxx  Xxxxxxxxxx
As a courtesy to domain name holders, we are sending you this notification for your business Domain name search engine registration. This letter is to inform you that it’s time to send in your registration.
Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web.
Privatization allows the consumer a choice when registering. Search engine registration includes domain name search engine submission. Do not discard, this notice is not an invoice it is a courtesy reminder to register your domain name search engine listing so your customers can locate you on the web.
This Notice for: xxxxxxxxxx.net will expire at 11:59PM EST, 6 – March – 2016 Act now!

Select Package:
http://www.easydomainsubmitt.com/?domain=saveonsolar.net

Payment by Credit/Debit Card

Select the term using the link above by 9 – March – 2016
http://xxxxxxxx.net
unsubscribe:
Please reply with UNSUBSCRIBE subject.
———————————————————————————————————————–
Disclaimer: The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial email, spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask mailers to stop spamming them. The above mail is in accordance to the Can Spam act of 2003: There are no deceptive subject lines and is a manual process through our efforts on World Wide Web. If you send me an UNSUBSCRIBE email we ensure you will not receive any such mails.

 

Return-Path: <info@easydomainsubmitt.com>
Received: from srv1a.itarget.nl ([109.70.3.41]) by mx.mail.com (mxgmxus001) with ESMTPS (Nemesis) id 0M7ZIn-1ZswNj1bkd-00xKoO for <xxxxxxxxxxxxx@email.com>; Thu, 10 Mar 2016 17:12:00 +0100
Received: from [111.90.148.48] (helo=vpd49589) by srv1a.itarget.nl with esmtpa (Exim 4.72) (envelope-from <info@easydomainsubmitt.com>) id 1ac388-00045y-Fd for xxxxxxxxxxxx@email.com; Sat, 05 Mar 2016 04:43:50 +0100
Message-ID: <033ec70d-42434-ec8d4883310069@vpd49589>
Reply-To: “Domain Notice” <info@easydomainsubmitt.com>
From: “Domain Notice” <info@easydomainsubmitt.com>
To: “Xxxxx Xxxxxxx” <xxxxxxxxxx@email.com>
Subject: Domain Notification for xxxxxxxxx.net : This is your Final Notice of Domain Listing
Date: Sat, 5 Mar 2016 11:42:11 +0800
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-Mailer: My email client v3.3
X-MimeOLE: Produced by my email client v3.3
Envelope-To: <xxxxxxxxxxx@email.com>
X-GMX-Antispam: 0 (Mail was not recognized as spam); Detail=V3;
X-GMX-Antivirus: 0 (no virus found)


  • 0

Sophie explains, at first, I thought this was just another internet scam

Category : BLOG , SPAM & SCAMS

Sophie explains, “At first, I thought this was just another internet scam,”

AND IT IS according to my BENDIGO BANK who phoned me 30 minutes later to say they have declined the transaction and CANCELLED my CARD!

I hope YOUR bank is as proactive as Bendigo Bank!! THANK YOU Bendigo Bank!bendigo-bank

httpscrewed://skillgamee.com/

Apple Getting Desperate : How Australian Citizens Are Getting The Brand New iPhone 6S For Only $1

iPhone 6S Giveaway

If you live in Australia and want the brand new iPhone 6S, then this may be the most exciting article you’ll ever read.

Here’s the deal: Apple Inc (NASDAQ: AAPL) is giving away 250 brand new 64 GB iPhone 6S’s to Australian citizens for $1. Yes you read that right- one australian dollar.

As part of a special holiday promotion, Apple is working with its trusted distribution partner, Skillgamee for, giving away iPhone 6S’s that cost 99% off regular retail price.

Why are they offering this crazy promotion? Director of Marketing, Joel Branson explains, “Last year, Apple’s Australian market share dropped to 35% and is losing to Google’s Android worldwide. Apple can recapture Australian users by giving away extremely low-priced iPhone 6S to people and converting them into repeat Apple customers who will spread the word to their friends.”

Sounds too good to be true? That’s what 29 year-old Sophie Davies of Adelaide thought too. She decided to give it a shot and received her $1 iPhone 6S in the mail a couple of days later.

dan tran 660.jpg

Sophie explains, “At first, I thought this was just another internet scam, but then I did some research and saw that Skillgamee is a legitimate promotions company and Apple partner. I decided to risk the $1. It’s less than the price of a cup of coffee anyways. 3 days later, I check my mail and am delighted to see a shiny new box with an Apple logo on it.”

Apparently this “practically free” promotional tactic is common practice among big companies with big marketing budgets. For instance, Burger King launched a similar campaign in 2013, giving away 20,000 free Whoppers on Facebook.

Here’s how to claim your iPhone 6S for $1:

1. Simply visit the official $1 iPhone 6S promotion here

2. Fill out your email address and pay $1

During this special promotion, you’ll also receive a $20 gift card to JB Hi-Fi, Australia’s largest home entertainment retailer. Your gift card will be delivered immediately (they even cover the delivery fee), and you’ll receive it in 3-5 days.

Click here to check if $1 iPhone 6S are still available

So you can get an iPhone 6S for incredibly cheap. But is the new iPhone 6S really the best smartphone on the market?

Our review department compared the iPhone 6S to previous-gen Apple iPhones and Android phones and this is what we concluded: the iPhone 6S ranks #1 in call quality, battery life, screen resolution, speed and message delivery.

In short, it’s the best, most reliable phone currently on the market. Combined with the fact you can get one for only $1, the choice is a no brainer.

Update (7 January, 2016):

Our team thought this iPhone 6S promotion was too good to be true, so we ordered one over the weekend and received it yesterday morning!

dan tran 660.jpg

We thought this special offer was too good to be true, so we ordered an iPhone 6S over the weekend and received it yesterday morning!

UPDATE: Apple’s $1 iPhone promotion ends midnight on 7 January, 2016. As of today, there are less than 100 products remaining in stock. After midnight, you won’t find a 64GB iPhone 6S for cheaper than $1,229 so act fast and take advantage of this incredible deal.

More on this…

  • Skillgamee offering iPhone 6S for $1…

  • Apple’s most outrageous sale ever

  • Experts say iPhone 6S is better than any Android, despite more expensive price

Trending in Entertainment

SEE ALL TRENDS

ON OUR RADAR

  • Candice’s sexiest photoshoot

    TMZ

  • Charlotte Cox

    I saw this on the news. How crazy is it that they’re giving these away for $1!? I’m signing up right now
  • Ruby Mason

    The timing of this couldn’t be better, I havn’t started my birthday shopping yet
  • Mia Graham

    Haha wow.. my friend just bought one for $1229. I’m going to rub this in his face. Anyone actually receive one?
    • Sophie Clarke

      @Mia Got mine in the mail this morning!! 😀 Brand new and runs SO much smoother than my Samsung
  • Emily Patel

    wow this is legit!! thought this was a joke at first but I decided what the hell and paid $1. Today, I got mine in the mail
  • Noah Thompson

    @Cooper- stupid or not, I just got an iPhone 6S plus for $1 lol. This is amazing. Finally a reason to like Apple
  • Cooper Wilson

    This is the stupidest “marketing” scheme ever. I really thought Apple would be smarter than this. This is not going to help them recapture their market share. They are losing to Android and theres not much they can do about it. This seems like a really desperate attempt to capture just a few new users, and cheapens their product significantly.
  • Grace Davis

    Just ordered mine. Only 43 left, so hurry up guys!
  • Ellie Green

    My friend told me about this the other day and I thought he was joking. Can’t believe this is actually true. I’m going to give this a shot
  • Katie Smith

    I havn’t signed up for this yet, but I’m familar with Skillgamee because my cousin works for them. Last year, they did a PS4 giveaway and over 2 thousand people got free playstations. When it caught on with news sites, everyone and their mums ordered one and it was pretty much over. Take advantage while you still can!
  • Daisy Roberts

    Ah yes I heard of Skillgamee before. They did an Android tablet giveaway a while back and I got one for $1 (shame on them for promoting both Apple AND Android lol
  • Emily Hughes

    Seriously? This is an amazing deal, but Apple is just STUPID to offer this lol
  • Oliver Wright

    Got back from work and THIS was waiting for me on the table…. Wooooo!
  • Amber Lewis

    I used different emails and ordered 5 of these lol
  • Megan Price

    heard about this on the radio. getting one now. thanks apple!

  • -

Top 3 ranking on Google, yahoo, and Bing with our SEO

Category : BLOG , SPAM & SCAMS

More SEO SPAM

Not a bad spiel though.

====================

SEO is dead as we know it. The old mathematics of increased back links and stuffing keywords is now a target for Google to identify your site and bury it in the search results.

SEO is no longer a mathematics problem, it’s a human one. Social indicators are becoming key to Ranking and link algorithms are being retired. It’s time for you to see the truth about SEO and adjust accordingly.

So, here we got a customized and guaranteed top 10 Internet Marketing Proposal for you.

Here below is the content marketing activities “Monthly Task and responsibilities”

1. 30 Press Release Submissions (10 press release x 10 press release websites)
2. 3 Press releases, 400+ words written
3. 5 Unique Articles will be written

4. 5 Web 2.0 Properties will be made
5. 5 Unique “how to Articles” will be written

6. Face book Pages will be created

7. Twitter channels wiil be created
8. Will increase twitter followers

9. Youtube channel will be created
10. Youtube videos will be created by Animoto.com (paid)
11. Will likes, shares, tweets, reddits, and 1+ in order to get natural backlinks

12. Anchor text diversity (will not use exact keywords for back links).
13. Will get Natural back links by link worthy articles
14. Will draft & submit 5 articles to Ezinearticles.com
15. Will create Google+ page for your business
16 Will distribute 15 post daily via Google+ Page
17. Will participate in Forum
18. Will create blog for your website
19. Will make 1 post daily on your blog
20. Will bookmark real content to leading 150 Social Book marking sites as digg, delicious
21. Will submit your website to 10 leading Web directories as Dmoz.org On-Page work activities “Follow only first month”.

22. Yellow Pages Submission

On Page Optimization Activities.
23. Meta tags/Title tag changes
24. Keyword research/Analysis
25. Competitor Analysis
26. Analysis by our Paid SEOMoz Program
27. Heading tag changes
28. Alt tag changes
29. Interlinking wherever required.
30. Keyword density in site content.
31. HTML Site Map
32. XML site map and Submission in webmaster tool
33. Ror.XML File creation
34. Robots.Txt File creation Extra work activities
35. Google Webmaster tool
36. Google Analytics
37. Html to text ratio optimization
38. Keyword Prominence

39. Google authorship will be provided

 

Google Penguin / Panda Algo Audit

40. On-page evaluation

41. Link Profiling

42.Bad Link Removal

 

“Proposal starts from 350 USD/month with guaranteed top 10 ranking otherwise your money will be refunded.”


  • 0

Website SEO

Category : SPAM & SCAMS

Website SEO – The Holy Grail of  Email Spammers?

There are many websites promoting Search Engine Optimisation or SEO services that are completely valid.

There are also others that may not be so skilled but can help you with Google Adwords placements.

Then there are the SEO Services Email Spammers……

You know the ones that clog your mail account with promises of getting you the first place on the Google Page relating to your prime Keyword or phrase.

You take your chances with these, as IF they are so good, why is their website not on the top position for SEO Services where you can select their website service to know they can probably enhance your organic serps results?

Some below examples may be able to do what they claim, but I am not sure as I have deleted them.

========================

I was doing some local research and I found your website“www.yourwebsite.com”  online. I’m very impressed by your company but I’ve identified some key areas for growth that you’re currently missing.

I’ve got proven strategies for how you can increase sales using online marketing that targets your local customers. I’m confident I can help you engage the right customers and grow your business.

I’m an online marketing consultant that specializes in helping local business grow to the next level.

In 20 minutes I can show you how to fuel your brand and generate more revenue from search engines and social networks. These are tactics we’ve used to help over 300 clients grow their business. I’d like to follow up about this with a quick phone call.

Can I call you this week to discuss strategies for your campaign?

——————————————–

Many in the industry still think SEO as some sort of black-magic secret that requires internet illuminati to learn the ways of, while it’s just another marketing method. SEO is surprisingly a very viable marketing method that can, in concert with effective landing pages and content, bring your business qualified leads and customers.

Moreover, studies have shown that SEO can have a better ROI than traditional forms of marketing like TV and print ads. It isn’t any magic, it’s just a strategy.

How your company can be benefited?

 

Ø SEO gives strong Business Visibility and Branding

Ø SEO provides Business Credibility

Ø SEO brings leads to Business Traffic

Ø SEO has one of the best ROI’s in Advertising

Ø SEO gives you unmatched insight into your customers

 

Want to know how SEO can help your business?

————————————————–

We are an ISO 9001:2008 & ISO: 27001 Certified and CMMi Level 3 Company providing application development, product re-engineering, web design, web development, SEO and mobile application development solution to varied industries across the globe.

Believing in customer satisfaction, we create user friendly web interfaces for our clients driving targeted audience. We walk an extra mile with you to fabricate a brand strategy, rebuilding your online image and help you reach out to the global market. Our design team can work closely with you as part of your marketing staff and we can assure you – you won’t even notice we are in another country.

Our services at a glance: –
· Website development (Custom Website Development, PHP Development, ASP .NET, Java, Ajax Programming, etc.)
· Website designing (HTML Designing, Corporate Website Design, PSD to XHTML/HTML, etc)
· Open source customization (CMS, Joomla, Drupal, WordPress, etc)
· Ecommerce website development (Magento, OS Commerce, Zen Cart Integration)
· Web Programming Services (PHP MySQL Development, PHP Frameworks, JavaScript Frameworks)
· Mobile application development (iPhone, Android iOS, Blackberry, Windows) etc.

We customize our processes according to your styles and guidelines. Many overseas clients have achieved significant savings by outsourcing either all or part of their IT development work to us.

I am looking forward for a great business relationship ahead with you. Do let me know if you think of a relevant project we can head start with. Please share your Skype ID and contact number to make the communication easily accessible.

—————————————-

I’ve been tracking the success of “www.yourwebsite.com” while doing some research on your industry—I’m impressed with your company, but there are some real opportunities for growth that you currently are missing.

Are you interested in several proven strategies to use content and social media to drive relevant traffic to your site? In 20 minutes I can show you how to fuel your brand and generate more revenue from search engines and social networks.

This is a $500 value free of charge.

I’d like to follow up about this with a quick phone call. Can I call you this week to discuss your campaign?

——————————————-

We are an Online marketing firm based Delhi- NCR in India and offers SEO, SMO, Web Design and Web Development Services.
I was surfing through your website: “www.yourwebsite.com” and checked it for a few keywords on Google. Unfortunately, it was not ranking well on any of those.
As per the trends in your industry – over 80% of people search for your products/services online and buy the same. These rankings also influence other channels of sales as well.

 

In the current online market scenario, SEO (search engine optimization) is one of the popular services that are required for any online business. We are providing top ranking in the major search engines like Google, Bing and Yahoo.

 

There is a simple equation that is applicable to the online Business world.

 

Ethical SEO -> More Traffic ->More Sales

 

Just wondering, if you would be interested in getting the SEO (Search Engine Optimization) done for your website and improving the position of your website for the key terms your clients would be using to search your services. In case you require any additional information, it shall be our pleasure to furnish the same. No obligations.

 

Do let me know if you are interested and I would be happy to give you details about our past work details, methodology and pricing etc.

———————————————

We are an India based ISO 9001:2008 & ISO: 27001 Certified and CMMi Level 3 Website development company with a primary focus on Website Design & Development with PHP, Java, .NET and Mobile Application Development at affordable prices. We have a dedicated team of 275 professional designers and developers with over 14 years of experience and we thrive on the idea that design makes a difference.

 

I was surfing the internet and came across your website “www.yourwebsite.com” I have been observing various changes in recent industry trend and the types of sites. We would be happy to discuss any modifications you may want to make.

 

Our main competency is Website Design using Design- Flash, Photoshop, E-Commerce – OS Commerce, Zen Cart, Virtue Mart, Prestasoft, Modx, Mambo, FedEx and Web Application Development (Core PHP, MySQL, ASP .NET, Java, CMS, Joomla, Drupal, Word Press, Magento, Perl, ASP, JSP, HTML, CSS), Mobile Application Development (Android, iOS, Blackberry) and Mobile Friendly sites, etc.

 

Our design team can work closely with you as part of your marketing staff and we can assure you – you won’t even notice we are in another country.

 

We customize our processes according to your styles and guidelines. Many overseas clients have achieved significant savings by outsourcing either all or part of their website development work to us.

 

Do let me know if you are willing to discuss a possible (redesigning/redevelopment) of your website, designing new website. I can send you more details on the packages, action and Portfolio.

 

Now we are offering discount on new website design and Development.

——————————————-

I sincerely hope you are doing well.

We have some special offers this season. We are an Australia based Web Design company with a primary focus on SEO based Website Design & Development (ASP, ASP.Net, Java ,Perl and PHP development).We have a dedicated team of 110 professional designers, developers and SEO specialists; especially for Graphic/Flash/3D designing.

We can assure you of getting quality works. Most firms overseas have achieved a significant amount of savings by outsourcing either part of, or their entire work to us in Australia. We would like you to give us an opportunity to work with your company and AMAZE you with our service.

 

Please let us know in case you are interested.

 

Email us back to get a full proposal.


  • 0

WordPress Security: Nulled Scripts and the CryptoPHP Infection

Category : BLOG , SPAM & SCAMS

WordPress Security: Nulled Scripts and the CryptoPHP Infection

http://www.wordfence.com/blog/2014/11/wordpress-security-nulled-scripts-cryptophp-infection/?utm_source=list&utm_medium=email&utm_campaign=cryptophp

From Wordfence’s blog, where they post security alerts, product updates, beta releases and more.

http://www.wordfence.com/

Share

172

0

31

Our friends over at Fox-IT based in Delft in the Netherlands just contacted me with some amazing research they’ve just published. If you’re technically minded and want as much detail as possible, I recommend you skip this blog entry and head straight over to theWhitepaper that Fox-IT has published on the CryptoPHP backdoor (It’s 50 pages). I’ve summarized the details and our response:

Nulled scripts are commercial web applications that you can obtain from pirate websites that have been modified to work without a license key. They are the web equivalent of pirated software. They include commercial WordPress themes and plugins.

It’s come to our attention courtesy of Fox-IT that nulled scripts are being distributed via several websites with a sophisticated infection pre-installed. Fox-IT have dubbed it CryptoPHP because of the fact that it encrypts data before it sends it to command and control servers.

The infection is relatively simple: Inside a nulled script there’s a little line of code that looks like this:

<?php include('assets/[ignore square brackets and content - to stop WF alert]images/social.png'); ?>

If you’re a PHP developer you will immediately recognize this as looking strange: It is a PHP directive to include an external file containing PHP source code, but the file is actually an image. Inside this image file is actual PHP and the code is obfuscated (hidden through scrambling) to try and hide the fact that it’s malicious.

If you’re a Wordfence customer, and you are doing scans, the default settings for Wordfence do not scan image files for infections. However we are aware of these kinds of infections so a while back we added an option to scan image files as if they are PHP code. However with the detection we just added, Wordfence will detect the ‘include’ directive above in your PHP source, so even if you haven’t enable image-file scanning, you will still catch all known variants of this infection provided you are running the newest version of Wordfence.

Fox-IT has determined that the purpose of the malware is, currently, to engage in black-hat SEO by injecting links to other, presumably malicious, websites into your content. However this infection is sophisticated and it communicates with command and control servers that can instruct it to do a variety of tasks including the ability to upgrade itself. So this is a classic botnet infection which turns all infected websites into drones that can be instructed to do just about anything, from sending spam email to SEO spam to hosting illegal content to performing attacks on other websites.

The researchers think they may have identified the location of the author. Inside the code of the malware is a user-agent (browser) check that checks to see if the web browser user-agent equals ‘chishijen12′. If it does, then the application is instructed to output all PHP errors to the browser, presumably for debugging purposes. Fox-IT found an IP address that is associated with that user-agent and the IP is based in the state of Chisinau in Moldova. The name of the state is similar to the user-agent string, which gives their theory some credence.

This infection doesn’t just affect WordPress but affects Drupal and Joomla too. The detection we’ve added will actually detect the infection in Drupal or Joomla source code too if that lives under your WordPress directory.

If you’re an enterprise customer and are using an IDS like Snort or the EmergingThreats ruleset, Fox-IT have created Snort signatures which are in the whitepaper and I see that EmergingThreats have updated their open ruleset today to detect this.

You can find the full white paper discussing this new threat here and it includes quite a bit of technical detail if you’re a developer or information security researcher.

Please help spread the word about the danger involved in downloading or distributing nulled scripts and help keep the community safe.

 

This entry was posted in WordPress Security on November 21, 2014.


  • 0

FACEBOOK USERS ARE A TARGET FOR SCAMMERS!!

Category : SPAM & SCAMS

FACEBOOK USERS ARE A TARGET FOR SCAMMERS!!

And why not?! Facebook sends you emails that you blindly click on all the time, dont you?

WHY!!?  IF YOU WANT TO COMMUNICATE ON FACEBOOK – LOGIN to your account on www.Facebook.com!

Not via some phishing scammers email to you!

Just hover over some of these [BROKEN] links in a recent email to me below and you aint going to facebook.com!

 

Subject:

Facebook account
From: Facebook.Accounts <EAEF72454@americooring.biz> 
To: greg@a.com
Date: 16/10/2012 3:57
Size: 4.9 KB
Message source
facebook
Hi greg@a.com,
You have blocked your Facebook account. You can reactivate your account whenever you wish by logging into Facebook with your former login email address and password. Subsequently you will be able to take advantage of the site as before
Kind regards,
The Facebook Team
Sign in to Facebook and start connecting
Sign in
Please use the link below to resume your account :

http://www.facebook.com/home.php

This message was sent to greg@a.com. If you don’t want to receive these emails from Facebook in the future, please click: unsubscribe.
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

Message source

Return-Path:
X-Original-To: greg@a.com
Delivered-To: web23_greg@pws1.o.com
Received: from [2.145.2.148] (unknown [2.145.2.148])
by pws1.o.com (Postfix) with ESMTP id DCC7E1736DB
for; Tue, 16 Oct 2012 05:57:16 +1100 (EST)
Message-ID: <20121015222707.E67EC6F6EDC2D3579B26@1-PC>
Date: Mon, 15 Oct 2012 22:27:07 +0430
From: "Facebook.Accounts"
MIME-Version: 1.0
To:Subject: Facebook account
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Virus-Status: Failed
X-Virus-Report: /home/admispconfig/ispconfig/tools/clamav/bin/clamscan error 153
X-Virus-Checker-Version: clamassassin 1.2.4 with clamscan / ClamAV 0.93/15464/Tue Oct 16 04:41:23 2012
facebook
Hi greg@a.com,
You have blocked your Facebook account. You can reactivate your account whenever you wish by logging into Facebook with your former login email address and password. Subsequently you will be able to take advantage of the site as before
Kind regards,
The Facebook Team
Sign in to Facebook and start connecting
Sign in
Please use the link below to resume your account :

http://www.facebook.com/home.php

This message was sent to greg@a.com. If you don’t want to receive these emails from Facebook in the future, please click: unsubscribe.
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

  • 0

Subject: ANZ – Account Suspended – OH NOOO~!

Category : SPAM & SCAMS

It does not matter how official these SCAM EMAILS LOOK – DELETE! DO NOT CLICK ANYTHING!

IF IN DOUBT:

Open your browser and do your normal banking login with Security enabled and if your REAL BANK wants to contact you, it will be in there where they KNOW YOUR NAME and banking details already!

Your Bank will NEVER EMAIL you to enter any details into an EMAIL RESPONSE!!!

 

Subject: ANZ – Account Suspended
From: ANZ National Bank Limited <theverif@anz.com.au> 
To: undisclosed-recipients, @MISSING_DOMAIN,
Date: 16/10/2012 10:16
Size: 2.0 KB
Message source

anz ANZ National Bank Limited 

You have (1) new message.

Click here to login and read your security message. 

Copyright © Australia and New Zealand Banking Group Limited (ANZ) 2012 ABN 11 005 357 522.
ANZ’s colour blue is a trade mark of ANZ.

 

Message source

Return-Path: 
X-Original-To: greg@a.com
Delivered-To: web23_greg@pws1.o.com
Received: from admin.revenuestars.com (unknown [209.216.252.43])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by pws1.o.com (Postfix) with ESMTP id 407471736DB
for ; Tue, 16 Oct 2012 11:16:59 +1100 (EST)
Received: from adsl-068-222-208-005.sip.bhm.bellsouth.net ([68.222.208.5]:57150 helo=anz.com.au)
by admin.revenuestars.com with esmtpa (Exim 4.80)
(envelope-from )
id 1TNupr-0006ro-ES; Mon, 15 Oct 2012 17:16:39 -0700
From: ANZ National Bank Limited 
Subject: ANZ - Account Suspended
Date: 15 Oct 2012 19:16:35 -0500
Message-ID: <20121015191635.CA3ECEBADA37038B@anz.com.au>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - admin.revenuestars.com
X-AntiAbuse: Original Domain - a.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - anz.com.au
To: undisclosed-recipients:;
X-Virus-Status: Failed
X-Virus-Report: /home/admispconfig/ispconfig/tools/clamav/bin/clamscan error 153
X-Virus-Checker-Version: clamassassin 1.2.4 with clamscan / ClamAV 0.93/15464/Tue Oct 16 04:41:23 2012

3D"anz"

=
ANZ National Bank Limited 
You have (1) new message.
Click here t= o login and read your security message.  
Copyright =A9 Australia and New Zealand Banking Group Limited (ANZ) 2012 ABN=
11 005 357 522. 
ANZ's colour blue is a trade mark of ANZ.

  • 0
Sunset

SPAM & SCAM Email

Category : BLOG , SPAM & SCAMS

BEWARE: Your email host is unlikely to send out anything like the email below.

 

They know who you are, and would put your actual name in the email so you know it has half a chance of being genuine!

 

NEVER CLICK these links! Hit DELETE button!

Be SUSPICIOUS of EVERYTHING!

 

——– Original Message ——–

Subject: Increase your email quota limit
Date: Sat, 20 Nov 2010 05:30:05 -0500
From: Webmaster System Administrator
Reply-To:
To: undisclosed-recipients:;

This is to inform you that you have exceeded your email quota limit of 200 MB and you need to increase your email quota limit because in less than 48 hours your email will be disable. Increase your email quota limit and continue to use your webmail account. To increase your email quota limit to 10 GB, click the below link:
http://@@@com   [EDITOR:@@@- Inserted to break link]
Thank you for your understanding. Webmaster System Administrator Copyright © 2010 Webmail Helpdesk Support Centre.

 

Recently getting FACEBOOK Emails that are hacked phishing emails.

If you are on FACEBOOK – PLEASE dont click on emailed links –

GO to your Facebook Page to accept GENUINE friend requests!

Had to notify www.Reham.nl website that it looked like they were hacked to redirect FAKE FACEBOOK FRIEND Notifications via JAVASCRIPT in one of their directories.

 

A FAKE Facebook email notification to my EDITED (xxxxx) domain is redirecting to your website to the PICS subdirectory where it is trying to run Javascript.
THIS is the link:  DONT CLICK THIS!!

http;///www.reham.nl/facebook.com/n/reqs.php&type=1&mid=68847e0G5af401cdcxxxxxx62482.AaQvYSe95rSZ3-kF&lloc=header

NOTICE THAT FaceBook is not the BASE URL as it should be!!

Inspect your PICS directory for hacked in Javascript please.
Below is a source copy of the email that says it is from facebook!

Return-path:
Envelope-to: xxxx@xxxx.com.au
Delivery-date: Wed, 08 Aug 2012 08:59:42 +1000
Received: from laxs3-n1s.host-services.us ([173.231.45.66]:53379)
by SYDS13-N1S.hosting-services.net.au with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.77)
(envelope-from )
id 1SyskY-002CRx-Dh
for xxxx@xxxxx.com.au; Wed, 08 Aug 2012 08:59:42 +1000
Received: from [108.171.212.183] (port=45069 helo=hostw.hostwitter.com)
by laxs3-n1s.host-services.us with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.77)
(envelope-from )
id 1Syska-001CF8-4o
for xxxxx@xxxxx.com.au; Tue, 07 Aug 2012 15:59:44 -0700
Received: from par30web by hostw.hostwitter.com with local (Exim 4.77)
(envelope-from )
id 1SysmD-0001u4-S7
for xxxxx@xxxxx.com.au; Wed, 08 Aug 2012 04:31:25 +0530
To: xxxxx@xxxxx.com.au
Subject: =?UTF-8?B?TWFkZGllIEZpcnRoIHdhbnRzIHRvIGJlIGZyaWVuZHMgb24gRmFjZWJvb2s=?=
From: Facebook
Message-Id: <13074656259.17430@facebook-email.com>
X-Mailer: php-sender2.1
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Date: Wed, 08 Aug 2012 04:31:25 +0530
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – hostw.hostwitter.com
X-AntiAbuse: Original Domain – xxxxxx.com.au
X-AntiAbuse: Originator/Caller UID/GID – [523 523] / [47 12]
X-AntiAbuse: Sender Address Domain – hostw.hostwitter.com
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – laxs3-n1s.host-services.us
X-AntiAbuse: Original Domain – xxxxx.com.au
X-AntiAbuse: Originator/Caller UID/GID – [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain – hostw.hostwitter.com
X-Source:
X-Source-Args:
X-Source-Dir:

facebook
<= /a>
Maddie Firth wants to be friends with you on Face= book.
Works at Dartmoor Hotel =B7 Mount Gamb= ier High School =B7 Dartmoor, Victoria
229 frie= nds =B7 38 photos =B7 8 Wall posts =B7 1 group
Confirm Request
=
See All Requests
If you don’t want to receive these emai= ls from Facebook in the future, please click: unsub= scribe.
Facebook, Inc. Attention: Department 415 P.O Box 10005 Pa= lo Alto CA 94303

 


SEARCH US

SHARE US

INFORMATION