Phishing alojado en página del gobierno peruano (parte II)

La semana pasada les contaba cómo desde el Laboratorio de ESET Latinoamérica encontramos un caso de phishing alojado en un sitio gubernamental de Perú, el cual estaba dirigido a una entidad financiera chilena. Hemos continuado con el análisis del ataque y nos encontramos con bastantes cosas interesantes…  Lo más relevante, es que encontré que el

Phishing alojado en página del gobierno peruano

La semana pasado reportamos desde el Laboratorio de ESET Latinoamérica algunos casos de phishing a entidades financieras como también para robar datos de tarjetas de crédito. Hoy hemos detectado un nuevo ataque de phishing, se trata de un ataque diseñado especialmente para personas que vivan en Chile, ya que el ataque se realiza para obtener

Nueva botnet argentina

Hace algunos días nuestro Laboratorio identificó una nueva amenaza de infección la cual se trasmite vía mensajería instantánea, en este caso por el famoso producto de Microsoft Live Messenger, que se conecta a una botnet administrada por IRC. Mediante la técnica de Ingeniería Social envía un mensaje a todos los contactos que tengamos en nuestra

Cómo opera un phisher

Los ataques de phishing son en la actualidad muy frecuentes y prácticamente ningún servicio que se ofrezca a través de Internet escapa del accionar de los phisher. Sin embargo, poco se dice sobre el “detrás de escena” respecto a cómo operan estos delincuentes. Tratemos entonces de ejemplificar mediante un caso real cuál es el proceso

Datos de acceso a eBay

Debido al impacto económico, los ataques de phishing han logrado acaparar la atención de profesionales de seguridad y de cualquier compañía que ofrezca algún tipo de servicio a través de Internet y que requiera un proceso de autenticación para su acceso. Actualmente el phishing no se limita sólo a páginas web clonadas de entidades bancarias,

IEEE eCrime Researchers Summit 2010 Call for Papers

The fifth IEEE eCrime Researchers Summit 2010 once again will be held in conjunction with the 2010 APWG General Meeting between October 18-20, 2010 at Southern Methodist University in Dallas, TX. See http://ecrimeresearch.org.

Ecuador Government Web Site Attack

A situation has arisen in a governmental site in Ecuador. Taking advantage of a vulnerability on the server where the Web site is hosted, the attackers succeeded in accessing the system remotely.

No Stone Left Unturned

We have discussed SEO poisoning extensively in the ESET Threat Blog, and it should come as no surprise to our readers that any topic which trends up quickly in search engine traffic will be exploited by the criminals who specialize in such activities.  The poisoned search term du jour is "erin andrews death threat".  Apparently,

Shortened URLs: Don’t Sweat the Short Stuff?

A press query was passed to me concerning our blogs about the Russian bombings and the fact that criminals are making use of the topic to spread malware using blackhat SEO (Search Engine Optimization) and abuse of the twitter service. See "Russian Metro Bombings: here come the ghouls" and "Here come (more of) the ghouls" for more

Phishing and Scamming: it’s a Taxing Occupation

SANS posted a story at the Internet Storm Center a couple of days ago that they were seeing fake email from the IRS. (Even I don't have time to read everything on the Internet relating to current information security issues.) The emails described try to kid the victim that they've under-reported or failed to report

iPad scammers target the unwary

The Apple iPad is the current gadget du jour amongst the digerati and has been seeing strong presales, with estimates as high as 150,000 units on the first day.  With such attention in the media and the blogosphere, it is no wonder that both legitimate businesses and scammers have taken to using it as bait

The Return of Jacques Tits

It has been a year since we last discussed fraudulent domain name registrar scams and we wanted to let people know that this scam continues unabated. In a nutshell, a message is sent to a publicly-visible email address listed on your website (sales, support, the CEO's office, a public relations contact, et cetera) from a

Phishing alojado en página gubernamental de Colombia

Luego de alertar sobre el caso de phishing a entidades bancarias de República Dominicana, en el día de ayer hemos encontrado un nuevo caso que deja en evidencia el estado actual de los fraudes en línea a través de esta modalidad delictiva. En este caso, la entidad bancaria cuya imagen es objeto del phishing es

Phishing contra usuarios de entidades de República Dominicana

Hace unos días alertamos sobre una campaña de ataques de phishing contra usuario de una conocida entidad bancaria de Brasil, y contra la Policía Federal, también de ese mismo país. Ahora, hemos detectado la propagación de una nueva campaña, pero en este caso, contra usuarios de entidades bancarias de República Dominicana. Este ataque, que busca

iPhishing – gathering iPhone data

As posted a few minutes ago on Mac Virus, Dancho Danchev has posted information on a phishing campaign where the bad guys are impersonating Apple in order to steal sensitive device information from iPhone users. Dancho’s post, which has lots of other links, is at: http://blogs.zdnet.com/security/?p=5460&tag=col1;post-5460 David Harley CISSP FBCS CITP Director of Malware Intelligence ESET

Verified by Visa – Pushmi-pullyu*

* http://en.wikipedia.org/wiki/Pushmi-pullyu#The_Pushmi-pullyu In an article in the Register with the eye-catching title of "Verified by Visa bitchslapped by Cambridge researchers", John Leyden comments on the argument by Cambridge researchers Ross Anderson and Steve Murdoch that the 3D Secure system, better known as Verified by Visa or Mastercard Securecode is better suited to shifting liability for

Ten Ways to Dodge Cyber-Bullets (Part 5)

[Part 5 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Trust People, Not Addresses Don’t trust unsolicited files or embedded links, even from friends. It’s easy to spoof email addresses, for instance,

Haiti Help Resources

Update: more resources I picked up on  a security list just now (I'm drowning in email here!) Apologies for any duplication. Update 2: more additions below. @imaguid pointed out in a microblog that there's a pattern to the use of social engineering around disasters like the Haiti earthquake:  "first comes the tragedy, then malware purveyors exploiting the

Ten Ways to Dodge Cyber-Bullets (Part 4)

[Part 4 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Good Password Practice Use different passwords for your computer and on-line services. Also, it’s good practice to change passwords on a regular basis

Holiday Shopping Deadlines

In just a couple of weeks you will be out of time to shop online and have that gift delivered in time for the holiday. I expect that there will be a surge in phishing attacks designed to take advantage of the panic factor. You get an email that says something to the effect that

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
24 Nov 2010
ESET Virus Radar


Select month
Copyright © 2014 ESET, All Rights Reserved.