12345

2/23/2011

Phishings on online transactions

1. Introduction

Recently, we found pop-up type phishing case on accessing certain web site; therefore, general users need to be careful on using internet.
Damage cases occurred on ticketing movie ticket using credit card or online banking in South Korea.
Because it can cause financial damage, general users must be careful on using financial related tasks.

2. Spreading path and symptoms of infection

It can be downloaded from attachment of e-mail or clicking link on messenger or SNS.
Besides, we found this malicious file has been being loaded running process list on victim's PC.


In this figure, we can check that "noloadf5A.dll" is injected in normal process "rundll32.exe". This dll file remains as a hidden on following path. Furthermore, infected PC can register following certain registry value.


* File path of noloadf5A.dll

C:\WINDOWS\system32\noloadf5A.dll ( 614,400 bytes, hidden )

* Registry value

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemonTool"="C:\WINDOWS\system32\noloadf5A.dll"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemonTool"="C:\Documents and Settings\(User account)\noloadf5A.dll".

These 2 types of tried cases have been found recently, and various cases can appear.

A. Tried case on signing in online banking site

Following figure can appear while signing in domestic online banking site in infected PC.

It induces user input card information. Besides, this page will appear only in "Internet Explorer".

B. Tried case on ticketing movie tickets online site

Another case appears on reserving tickets on movie tickets online site. If you input information for the ticket,


This Mastercard's secure code input form will appear.
This page is fake page and requires user card's information.


By the way, this pop-up will appear while using card for international-use.


3. How to prevent

To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.
Posted by erteam at 13:38
Labels:

31 comments:

  2. Aspiring to wind up noticeably an astonishing web journal author like the essayist of this blog.
    www.bokepsemi69.com

    ReplyDelete

  3. Reading something so beautiful has a healing power for the soul.
    http://www.intaskrnd.com/clash-royale-astuces/

    ReplyDelete

  4. Online software and business software can help managers study all their departments simultaneously, checking ledgers and payrolls whilst keeping tracks of the employees bills and expenses in materials. israin solutions

    ReplyDelete

  5. A getting a handle on splendidly formed blog. Truly a present for its social affair of individuals.
    jio gigafiber

    ReplyDelete

  6. A luxurious blog, truth be told. Appreciated every tiny bit of this amazing thing.
    Changelly

    ReplyDelete

  7. Properly, permit's just say I Biogenic Xr failed to need to request money back! i was completely satisfied with the outcomes I were given from taking Extagen and i am surely glad that I determined to present it a attempt.
    http://www.healthprograme.com/biogenic-xr-reviews/

    ReplyDelete

  8. Cla Safflower Oil For example, how frequently have you seen a stomach practice thingy on information business TV and stated, "Amazing!" But the reality of the situation is - no one is EVER going to see your washboard stomach under all your fat...
    http://www.drozhealthblog.com/cla-safflower-oil/

    ReplyDelete

  9. Testo Ultra Despite the fact that home grown cures are extraordinary male enhancers, don't put every one of your expectations in them.
    http://xtrfact.com/testo-ultra-reviews/

    ReplyDelete

  10. Testro T3 which for the ones folks who are devoted to the idea of complete body health and most advantageous wellness, is remarkable vital as nicely!
    http://www.drozhealthblog.com/testro-t3-uk/

    ReplyDelete

  11. Testx Core And considerably more. The majority of these utilization your turn keeping in mind the end goal to be performed.
    http://www.usadrugguide.com/testx-core-review/

    ReplyDelete

  12. CLA Safflower Oil sufficient water on your frame correctly metabolizes stores of fat. in any other case, if you're no longer having enough water supply (in your frame), your fat metabolism slows down, making it tough to burn calories.
    http://xtrfact.com/cla-safflower-oil/

    ReplyDelete

  13. Dermagen IQ for UK At least eight hours of Dermagen IQ sleep will assist along with your skin care. A lovely glow may be visible for your skin in case you're able to observe the eight-hour sleep that is advocated for anybody.
    http://www.usadrugguide.com/dermagen-iq/

    ReplyDelete

  14. Cla safflower oil The approach is to set sensible, achievable objectives and continuously scale things up. For instance, you could begin by supplanting your unhealthy breakfast supper with something more advantageous.
    http://healthnbeautyfacts.com/cla-safflower-oil-reviews/

    ReplyDelete

  15. Dermagen IQ This is an olive oil determined fixing utilized as an emulsifier (helps mix fixings that can't for the most part mix together) or to make a gel-like recipe.
    http://www.drozhealthblog.com/dermagen-iq/

    ReplyDelete

  16. Rapiture Muscle Builder Apparently sufficient, a bit bit of first-rate workout can ist mitigate all of these issues. with out a query, you will be surprised at how a whole lot advantage you'll get hold of from muscle constructing products Rapiture Muscle Builder.
    http://xtrfact.com/rapiture-muscle-builder/

    ReplyDelete

  17. In any case, what are the fixings behind these items to make Perlelux them viable in switching the early indications of maturing?
    http://www.drozhelp.com/perlelux/

    ReplyDelete

  18. D BAL Max Several days of light exercises is okay but any longer enthusiastic practicing will keep your body from recuperating .
    http://xtrfact.com/d-bal-max-review/

    ReplyDelete

  19. Slimfire Forskolin Subsequent to having a type of activity Is it ideal for you? No Forskolin one but you can genuinely answer that, once.
    http://supplementdigestdog.com/slimfire-forskolin/

    ReplyDelete

  20. Xtrfact Between a smoker and non-smoker person Ritesh non-smoker at 30 years old purchases an individual .
    http://xtrfact.com/

    ReplyDelete

  21. Pure CBD Oil The negative focuses are that it can be exceptionally dusty, a few steeds will eat straw informal lodging can bring .
    http://www.drozhealthblog.com/pure-cbd-oil/

    ReplyDelete

  22. CBD Hemp Oil Most natural and normal healthy skin items are hypo-allergenic. Albeit every normal item are your best healthy skin decision.
    http://xtrfact.com/cbd-hemp-oil/

    ReplyDelete

  23. Dermagen IQ Instead of recognized, you Dermagen IQ for UK will no doubt lament not dealing with your poor old skin There are numerous .
    http://www.drozhealthblog.com/dermagen-iq/

    ReplyDelete

  24. Perlelux That is the reason each one of those collagen creams and moisturizers have not been giving you the outcome you are searching for.
    http://www.usadrugguide.com/perlelux-ca/

    ReplyDelete

  25. Nitridex You can develop your masculinity as well. In this article, I will uncover all What makes normal improvement so extraordinary.
    http://supplementdigestdog.com/nitridex/

    ReplyDelete

  26. Zylix Plus The fuel that your body needs is made of basic supplements which kick begin the development procedure.
    http://www.drozhealthblog.com/zylix-plus/

    ReplyDelete

  27. Reducelan Advances glycogen stockpiling in the muscle, Reducelan and expands fat consuming in the muscle. The issue is the point at which you abstain from food
    http://supplementdigestdog.com/reducelant-garcinia/

    ReplyDelete

  28. For your security and prosperity, your must mastermind Nitridex to meet in an open place. Make sure to tell a companion where you will be.
    http://supplementdigestdog.com/nitridex/

    ReplyDelete

  30. This is a wonderful post.thanks for sharing <a href=" http://www.iam-active.com/monday-offer-fire-hd-8-essentials-bundle/”>news</a>

    ReplyDelete

Subscribe to: Post Comments (Atom)