12345

2/23/2011

Phishings on online transactions

1. Introduction

Recently, we found pop-up type phishing case on accessing certain web site; therefore, general users need to be careful on using internet.
Damage cases occurred on ticketing movie ticket using credit card or online banking in South Korea.
Because it can cause financial damage, general users must be careful on using financial related tasks.

2. Spreading path and symptoms of infection

It can be downloaded from attachment of e-mail or clicking link on messenger or SNS.
Besides, we found this malicious file has been being loaded running process list on victim's PC.


In this figure, we can check that "noloadf5A.dll" is injected in normal process "rundll32.exe". This dll file remains as a hidden on following path. Furthermore, infected PC can register following certain registry value.


* File path of noloadf5A.dll

C:\WINDOWS\system32\noloadf5A.dll ( 614,400 bytes, hidden )

* Registry value

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemonTool"="C:\WINDOWS\system32\noloadf5A.dll"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemonTool"="C:\Documents and Settings\(User account)\noloadf5A.dll".

These 2 types of tried cases have been found recently, and various cases can appear.

A. Tried case on signing in online banking site

Following figure can appear while signing in domestic online banking site in infected PC.

It induces user input card information. Besides, this page will appear only in "Internet Explorer".

B. Tried case on ticketing movie tickets online site

Another case appears on reserving tickets on movie tickets online site. If you input information for the ticket,


This Mastercard's secure code input form will appear.
This page is fake page and requires user card's information.


By the way, this pop-up will appear while using card for international-use.


3. How to prevent

To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.

9 comments:

  1. Aspiring to wind up noticeably an astonishing web journal author like the essayist of this blog.
    www.bokepsemi69.com

    ReplyDelete
  2. Reading something so beautiful has a healing power for the soul.
    http://www.intaskrnd.com/clash-royale-astuces/

    ReplyDelete
  3. Online software and business software can help managers study all their departments simultaneously, checking ledgers and payrolls whilst keeping tracks of the employees bills and expenses in materials. israin solutions

    ReplyDelete
  4. A getting a handle on splendidly formed blog. Truly a present for its social affair of individuals.
    jio gigafiber

    ReplyDelete
  5. A luxurious blog, truth be told. Appreciated every tiny bit of this amazing thing.
    Changelly

    ReplyDelete
  6. Properly, permit's just say I Biogenic Xr failed to need to request money back! i was completely satisfied with the outcomes I were given from taking Extagen and i am surely glad that I determined to present it a attempt.
    http://www.healthprograme.com/biogenic-xr-reviews/

    ReplyDelete
  7. Cla Safflower Oil For example, how frequently have you seen a stomach practice thingy on information business TV and stated, "Amazing!" But the reality of the situation is - no one is EVER going to see your washboard stomach under all your fat...
    http://www.drozhealthblog.com/cla-safflower-oil/

    ReplyDelete
  8. Testo Ultra Despite the fact that home grown cures are extraordinary male enhancers, don't put every one of your expectations in them.
    http://xtrfact.com/testo-ultra-reviews/

    ReplyDelete