Trustwave Vulnerability Scan Scam

This one is potentially a better attempt at a phishing scam than most.

Supposedly from TrustWave, it tells of a failed vulnerability scan on my network and to view the results online.

Visiting this site potentially loads Malware, or tries phishing techniques to get access to your systems.

One interesting aspect of this is it predicts IP ranges that will attempt to access your network, which makes me lean toward a malware attack.

This is an automated email message to prevent you that the scheduled TrustKeeper vulnerability scan of YOUR NETWORK SYSTEMS has completed and is not compliant.

IMPORTANT: During the scan, TrustKeeper Discovered several Unsecure systems. Trustwave strongly recommends you review these findings as your overall PCI DSS compliance status may be affected.

TrustKeeper generated a vulnerability scan report. You may view these results by accessing TrustKeeper at:

https://login.trustwave.com
User Name:webmaster@deepweb.co.nz

You will receive an e-mail confirmation when the scan completes and your results are available. Please note that this can take up to three days.

Note: If you monitor your network for activity, note that the TrustKeeper scan may originate from IP addresses in these ranges:

200.16.208.0/24
61.37.230.0/24

TrustKeeper is a certified remote assessment and compliance solution created by Trustwave and designed to help merchants meet the PCI DSS and achieve compliance with the associated programs of VisaŽ, MasterCardŽ, American ExpressŽ, DiscoverŽ, and other credit card associations. The TrustKeeper solution is an integrated easy-to-use tool that removes the challenge of navigating the complex PCI DSS requirements and provides a “one stop shop” for merchants to certify compliance.

DO NOT REPLY TO THIS MESSAGE VIA EMAIL.

This mail is sent by an automated message system and the reply will not be received. Thank you for using TrustKeeper.
This email was sent to: webmaster@deepweb.co.nz
This email was sent by: Trustwave
80 West Madison Street, Suite 1080, Chicago, IL, 60408, USA

We respect your right to privacy – view our policy

So a new attack method, using fear to cause people to click the link and open themselves up for the real attack.

New Facebook Virus Threat

These virus guys are busy, so soon after the DHL and Mail Server viruses, we now have a Facebook one. It will be interesting to see if people are getting wise to these forms of delivery, or whether the threat of losing access to Facebook will panic people into opening the attachment.

Again it looks like they are in the wild for a day or so before the virus software gets updated.

As usual here is the transcript

From: “The Facebook Team”
To: validemail@yoursite.co.nz
Subject: Facebook Password Reset Confirmation.

Hey validemail ,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
The Facebook Team

Attachment called Facebook_Password_420ca.zip at the bottom

As always if you get anything suspicious, look at the Email Scams and Viruses category to see if it is there.

If not, let me know

Let the fun begin!

Possible new DHL Email Virus

Wow, the virus / malware people are working overtime, my last post was about the Mail Server Upgrade scam / virus, now interestingly, a DHL email has slipped past my virus scanner.

In the past these have been picked up and have never been a threat, but this one got through, the email reads

Subject: DHL delivery service. Get your parcel NR.26252

Dear customer!

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.

You may pickup the parcel at our post office personaly!

Attention!
The shipping label is attached to this e-mail.
Please print this label to get this package at our post office.

Thank you for attention.
DHL Delivery Services.

As usual, there is a zip file attached. This normally trips the virus scanner,b ut not this time.

Hopefully the next virus updates will catch up with this new variant.

What’s Hiding Behind That Shortened URL

TinyURL.com, bit.ly and the new su.pr from Stumbleupon are all tools you can use for shortening URL’s, especially useful for Twitter and other micro blogging sites due to their limitation on each message.

However, I had never thought of the possible implications of shortened URL’s, primarily the ability to hide any references to bad sites hosting malware, phishing scams etc.

I found this in my server logs when someone used longURL.org to expand one of my shortened URL’s for a recent post, most likely found on my Twitter account or Digg as these are common places to find shortened URL’s.

It really made me think about how blindly we click on shortened URL’s expecting them to go to where the description says they will.

Have you had any bad experiences with shortened URL’s taking you places you hadnt expect? Is this a huge problem waiting to happen?