lloyds message service

lloyds message service – debit posted.zip (malware)

If you got lloyds message service – debit posted in an email then its a virus.  This .zip is malware verified by VirusTotal.com

lloyds message service

courtesy of tranquilnet

Subject: You have received a new debit

This is an automatically generated email by the Lloyds TSB PLC

LloydsLink online payments Service to inform you that you have

receive a NEW Payment.

The details of the payment are attached.

This e-mail (including any attachments) is private and confidential

and may contain privileged material. If you have received this

 

Scan From VirusTotal:

Antivirus

Result

Update

Ad-Aware

20131211

Agnitum

20131217

AhnLab-V3

Trojan/Win32.Dapato

20131218

AntiVir

20131218

Antiy-AVL

20131218

Avast

Win32:Malware-gen

20131218

AVG

20131218

Baidu-International

20131213

BitDefender

20131211

Bkav

20131218

ByteHero

20130613

CAT-QuickHeal

20131218

ClamAV

20131218

CMC

20131217

Commtouch

W32/Trojan.CIRP-9141

20131218

Comodo

20131218

DrWeb

20131218

Emsisoft

20131218

ESET-NOD32

Win32/TrojanDownloader.Waski.A

20131218

F-Prot

W32/Trojan3.GVD

20131218

F-Secure

Trojan.Agent.BBBY

20131218

Fortinet

20131218

GData

Trojan.Agent.BBBY

20131218

Ikarus

Trojan-Spy.Agent

20131218

Jiangmin

20131218

K7AntiVirus

20131218

K7GW

20131218

Kaspersky

Trojan.Win32.Bublik.boha

20131218

Kingsoft

20130829

Malwarebytes

Trojan.Agent.RV

20131218

McAfee

20131218

McAfee-GW-Edition

20131218

Microsoft

20131218

MicroWorld-eScan

20131218

NANO-Antivirus

20131218

Norman

20131218

nProtect

20131218

Panda

20131218

Rising

PE:Malware.FakePDF@CV!1.9E18

20131218

Sophos

Troj/Zbot-HEQ

20131218

SUPERAntiSpyware

20131218

Symantec

20131218

TheHacker

20131217

TotalDefense

20131217

TrendMicro

20131218

TrendMicro-HouseCall

TROJ_GEN.F47V1218

20131218

VBA32

20131218

VIPRE

20131218

ViRobot

20131218

derad: Malicious “Security Warning” Popups

Here is some good quick advice from my fellow blogger Debra Radcliff:

Panda Security reports increased spread and success of popup “security warnings.” These warnings popup when people surf the Web and hit a malicious or infected Website, and keep flashing their warnings until the user goes to the link, at which time they get infected.

No legitimate security company would do this to a computer, so don’t click the link. Instead, disconnect from the Internet, clear your browser history and restart your computer. If your browser is still flashing warnings, the system will need to be disinfected through anti-virus or a computer restoration service.

Usually these false security warnings are a symptom of something much worse. I’ve had some that will actually not allow you to do much of anything but click on the link in their fake pop-up. What I did was a system restore, but you can also boot in Safe mode and attempt to clean the system.

Ed Skoudis lists the Top 5 Worst Attacks of 1998 – 2002

That which does not kill us makes us stronger.
-Friedrich Nietzsche

In the November 2002, Information Security Magazine article, Infosec’s Worst NightMares, Ed Skoudis lists the Top 5 Worst Attacks of 1998 – 2002. Mr. Skoudis is the founders of Intelguardians Network Intelligence, LLC and is a handler of the very popular Internet Storm Center.

Mr. Skoudis mentions that the Top five major destructive attacks of 1998 – 2002 made many industries “battle-tested” and more likely to be proactive rather than reactive. The 5 year Worst Skoudis list is based on exploits that shook our very faith in the Internet and security of e-commerce.

1. Code Red (2001). July 13 2001, the worm attacked Microsoft IIS systems. By 19 July 2001, the worm had affected over 350,000 systems. SANS and Honeynet Project set up honey pots to capture the worm. But E-eye Digital Security Programmers did the most intense research on the worm and also named it. The worm exploited a vulnerability in the indexing software distributed with IIS, described in Microsoft’s MS01-033 patch. It was a buffer overflow attack. Some of the lessons learned: Keep systems patched, use of honey pots to capture malware, coordinated response helps to contain worms.

2. Nimda (2001). Shortly after 9/11, the Nimda worm was unleashed. It caused more damage financially than Code Red. There were rumors that it was China that released it to hurt the US further, but this is unlikely due to the nature of Nimda.

While it was bad, it had the appearance of a being written by a determined amateur, not a nation-state that spends $1 Billion annually on cyberwarfare capabilities. – Skoudis.

Nimda affected Windows 95, 98, Me, NT, or 2000 and servers running Windows NT and 2000. It was so affective because it attacked IIS, e-mail, browsers and network shares. This multi dimensional attack method could mark a trend in future cyberfare.

Lessons Learned: The importance of an incident response capability, disabling arbitrary scripts in e-mail and browsers.

3. Melissa (1999) & LoveLetter (2000). Both of these exploited malware through e-mail propagation. Melissa used Microsoft Word Macro virus and LoveLetter (I Love You Virus). The worm harvested the victims address book to forward itself to more victims which killed a lot of email servers. Lessons Learned: Many companies got serious about implementing anti-virus applications throughout the network.

4. Distributed Denial-of-Service (DdoS) attacks (2000)
. After all the panic of pre-Y2K, a completely new and unexpected storm hit major sites: Yahoo!, Amazon, CNN, E*Trade ZDNet and eBay. All by a single child hacker nicked named Mafiaboy. He had spread zombie flooding agents to hundreds of machines around the world and used them to attack sites with billions of useless packets. Lessons Learned: employ anti-spoofing filters.

5. Remote Control Trojan Horse Backdoors (1998 – 2000)
. In 1998, the Cult of the Dead Cow hackers group created the Trojan, Back Orifice which initially targeted Windows NT/9x. The tool allowed unskilled attackers to attack any vulnerable system. It also marked the rise of the “script kiddies” and produced a bunch of spin offs such as Subseven, Netbus and Hack-a-Tack.

War on Zombies

Lawmakers are looking to make harsher punishments for botnet herders. Botnet laws are sure to shake things up. The Racketeer Influenced and Corrupt Organizations, or RICO, law & Internet Spyware (I-SPY) Prevention Act are examples of such laws. Once passed, these laws will be a signifigant change to federal computer law.

“Today’s botnet herders have hundreds of thousands of computers at their command and use technically sophisticated ways to hide their headquarters, making it easy for them to make millions from spam and credit card theft. They can also be used to direct floods of fake traffic at a targeted website in order to bring down a rival, extract protection money or less frequently, used to make a political point in the case of attacks on Estonia and the Church of Scientology.” — Wired

Homeland Security Secretary Michael Chertoff speaks about computer security at the RSA Conference on information security in San Francisco, Tuesday, April 8, 2008.

Malware Alarm

A friend of mine wanted me to do some work on her computer, but when I fired up the computer all I saw was Malware Alarm.

The computer was really slow and essentially un-usable. Malware alarm, I noticed, looks a lot like the scamware PS Guard and SpySheriff. These are applications that pretend to be anti-virus, anti-spam software that actually infect your system with spyware, mass-mailers, and backdoors into your system. This type of the malware is known as a trojan. As usual any attempts to shut this application down or minimized it are useless because even if you do manage to get anything else up, it will eat up so much system resources (CPU, memory, bandwidth) that the computer itself is close to useless. It you delete it in normal mode and miss a part of it, it will regenerate itself like a hydra.

After looking at the Task Manager (which took 20 minutes or so), I decided to reboot in “safe mode”. Unless your system has something like a Rootkit (malware that replaces the main component of your operating system) Safe Mode only turns what is needed and nothing else. I used system restore to remove Malware Alarm. And Spybot Search and destroy/Adaware to remove everything else.

System Restore should be used first because it is easiest and does require any additional software.

1) Reboot in Safe mode: Restart system, hit F8, select “Safe Mode”

2) Proceed in Safemode: When prompted (as in the picture above) Select “NO”

3) Restore Wizard: Select a date prior to when you recieved the malware (system restore does not delete newly downloaded files, only new changes in the registry)

1 2