12345

12/26/2011

[Warning] Santa Claus is coming to down with scams.(Update #1)

1. Information

As a result of intensive monitoring during Christmas season, INCA Internet's Emergency Response Team detected various scams around the year.
Malicious hackers are trying to spread malicious files with using Christmas season and the end of the year.
Users need to be careful on using about "Christmas, video URL, season's greetng, SNS message, or shorten URL", especially on e-mail with attachment or URL.



Malicious file distributors are using social engineering and social issues for spreading malicious files.
Our team was fortifying our emergency monitoring during Christmas season, and we found many spreading cases.

[Information] Be careful about scams around the end of the year
http://en-erteam.nprotect.com/2011/12/information-be-careful-about-scams.html

Issues on 2011 and predictions of upcoming 2012
http://en-erteam.nprotect.com/2011/12/issues-on-2011-and-predictions-of.html

2. Malicious files related Christmas

During this Christmas, MS Word exploit, Christmas program, and PDF exploits have been reported.

* Case1 - THIS XMAS SAY NO TO MADE IN CHINA

This e-mail seemed to be related Tibet, and it contains attachment which name is "THIS XMAS SAY NO TO MADE IN CHINA.doc".
It is malicious and installs malicious file secretly.


This e-mail is expected to spread malicious files to multiple countries.
And the recipients are including Indian, Nepalese, Switzerland's, Japanese, Canadian, French, Russian; therefore, attacker seemed to attack Tibet related users.

If user executed attachment, it will create normal document file and shows to user, then it will create another malicious file and execute.
Let's see the document.


Those files including wordupgrade.exe will be created in Temp folder and executed, and it hides itself with using batch command.


Upon executed malicious "wordupgrade.exe", it will install additional malicious file disguised as internet service function, then "wordupgrade.exe" will be deleted itself by batch file command.

C:\Program Files\Online Services\Internet Services.exe


Executing "Internet Services.exe" will create other malicious files, which will also be deleted by its batch file command.


And then, it accesses to certain host and waits for additional commend. When remote control connection is established, Backdoor can work and victim's PC can be in danger.


* Case 2 - Malicious file disguised as Christmas decoration program

Christmas tree desktop program can be seen in right bottom of desktop.


This freeware can be downloaded on http://get-xmas.com/, malicious file distributor injected malicious code and repackaged.

Malicious file uses WinRAR SFX(Self-extracting), and it contains various malicious files including normal mas.exe.


Once executed, it will create "udp.exe, taskngr.exe, drv.cmd, mas.exe, spoolcv.exe, svghost.exe" on system folder, and it can update additional malicious file on accesses certain domain.




Especially, disguised as install_flash_player.exe is the biggest feature of this file, and it adopted WinRAR SFX as similar as the program above.


This malicious file can download additional malicious file disguised as flash player.

* Case 3 - Malicious file using PDF exploit

Merry Christmas.pdf uses Adobe Reader program's vulnerability and installs secretly.


When malicious PDF file is executed, it is disguised as a normal file with showing normal document.
And it installs malicious gupdater.exe on Application Data folder with using updates.js, Winword.js coded by Embedded JavaScript

3. How to prevent

Social engineering can be on users via e-mail or SNS. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.

46 comments:

  1. Welcome to the Best writer Review, Here you can get the best All Assignment Help reviews sites. We strongly urge you to check our entire website once and we will assure you will find this review website very useful. Our hard work will be rewarded if students like you will appreciate our effort and spread the message about this site with your class-fellows and friends.

    ReplyDelete
  2. I feel it interesting, your post gave me a new perspective! I have read many other articles about the same topic, but your article convinced me! Thanks your share!

    ReplyDelete
  3. https://irantahsil.org/
    Thank you ever so for you article post.Really looking forward to read more.
    pls see my site

    ReplyDelete
  4. Thank you ever so for you article post.Really looking forward to read more.

    ReplyDelete
  5. Thank you for sharing your details and experience. I think it very good for me.bloons tower defense 5
    super smash flash 2

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete
  7. مؤسسة مكافحة حشرات بمحايل صعب مكافحة الحشرات بمحايل صعب و الشغل فى أبادتها نهائيا فشركتنا من المؤسسات المختصة و الرائدة الاولى فى ذلك الميدان
    شركة مكافحة النمل الابيض بالقطيف
    شركة مكافحة حشرات بالقطيف
    شركة رش مبيدات بالقطيف
    شركة الانوار لرش المبيدات

    ReplyDelete
  8. tutuapp has a champion among the best UIs which empowers customers to use it suitably. tutuapp apk download , if they face any issue, they may get the help of the application's help center to get help.

    ReplyDelete
  9. applock is a lightweight application that gives you a chance to bolt practically any sort of document on your Android.

    ReplyDelete
  10. نحن نعتبر من شركة تنظيف مجالس بخميس مشيط
    الاقوي في التعامل مع الأتربة
    شركة تنظيف سجاد بخميس مشيط
    وتلك الحشرات التي تجعلنا دائما
    شركة كشف تسربات المياه بالرياض
    في حالة الصرع المستمر
    شركة تنظيف شقق بخميس مشيط
    والدائم في التعامل مع كل العناصر الذي تم عندما يستخدم المكانس الكهربائيه و على ما جالك من المعدات و المنظفات
    شركة تنظيف منازل بخميس مشيط
    من أجل الحصول على السطح الجاف النظيفة التي
    شركة نقل عفش بخميس مشيط
    ترسم من استقبل القبله الأول في تلك الاعمال والانشطة
    ده كله ما علينا هو إثبات تلك المهام التي تجعلنا
    شركة عزل اسطح بخميس مشيط
    دائما الافضل والاسرع في كل تلك الأمور

    التخلص من الأتربة وخيوط العنكبوت
    من الاتربه ما يكون دائما في انتشار
    شركة رش مبيدات بخميس مشيط
    مستمره فى الموقع وهو ما يجعل كل الارضيات الجدران في المنازل وفي الفنادق في كل الأماكن والمواقع التي تحتاج التوظيف
    شركة عزل خزانات بخميس مشيط
    دا واجب علينا الي في شركه التعامل بكل الحكمة والمهارة من أجل التخلص من تلك الأتربة خيوط العنكبوت
    شركة كشف تسربات المياه بخميس مشيط التي تعتبر من الاشياء المناسبه لها دائما وفي ذلك نحن نستمر وانا اعمل من اجل رفع القدرة والكفاءة الخاصة بنا وإدراك الفاعلية والكفاءة في التنظيف
    الكفاءة في التنظيف

    ReplyDelete
  11. Helo is a content sharing platform to write and share WhatsApp Status, Shayari, Memes, Trending Jokes, Wallpapers and more with your friends.
    https://heloapp.xyz/
    helo app
    helo app Apk
    helo app download
    helo app download apk

    ReplyDelete
  12. From our custom research essay writing services, students can hire the best writers and be assured to receive the best custom papers when they search buy a custom research paper written by experts.

    ReplyDelete
  13. Thanks for providing apk flie for free

    shareits

    ReplyDelete
  14. Thanks for providing the smartphones features & specifications

    mytechmobiles

    ReplyDelete



  15. Excellent Blog! I would like to thank for the efforts you have made in writing this post. I am hoping the same best work from you in the future as well.
    I wanted to thank you for this websites! Thanks for sharing. Great websites!

    Blackmart APK https://apkfasak.com
    thoptv apk
    GBWhatsApp APK
    FMWhatsApp APK
    Ac Market APK
    TutuApp APK

    ReplyDelete


  16. Excellent Blog! I would like to thank for the efforts you have made in writing this post. I am hoping the same best work from you in the future as well.
    I wanted to thank you for this websites! Thanks for sharing. Great websites!

    Pubg APK Pubg Mobile APK
    Pubg
    Pubg Download
    Download Pubg Mobile
    Pubg Mobile Download

    ReplyDelete




  17. Excellent Blog! I would like to thank for the efforts you have made in writing this post. I am hoping the same best work from you in the future as well.
    I wanted to thank you for this websites! Thanks for sharing. Great websites!

    thop tv
    Blackmart APK
    GBWhatsApp APK
    FMWhatsApp APK
    Ac Market APK
    TutuApp APK

    ReplyDelete
  18. As much as an Affordable Term Papers is a summary of other works that should not be an excuse to many Pre Written Research Paper with plagiarized work. They ensure that the arguments are presented in a discussion and reflective manner to maintain the aspect of originality as well as show the audience that they understand what they are presenting on the Buy Pre Written Essays.

    ReplyDelete