Cyware Daily Threat Intelligence October 03, 2017

Top Malware Reported in the Last 24 Hours
Monero mining
Security researchers recently discovered a malware campaign that infected hundreds of Windows web servers with malicious cryptocurrency miner. Crooks exploited a known buffer overflow vulnerability in Microsoft IIS 6.0. Newer versions of Microsoft Internet Information Services are safe from this malware. Patching the vulnerable servers is the obvious mitigation here.

HerbaLife spam campaign
The hackers are using a new variant of Locky ransomware with a single identifier to track the infections. Hackers have sent more than 20 million HerbaLife branded emails within few days with malicious attachments which use Herbalife branded messages. The spam messages come from a spoofed domain, disguised as a legitimate one.

VMware banking Trojan
It has been found that a banking Trojan is getting distributed by legitimate VMware binary. The spam campaign is exploiting the binary to trick security programs for allowing malicious binaries to load into the system. The Java Code is used to execute a legitimate binary from VMware. Using it, hackers trick security software into loading libraries containing malicious files.

Top Breaches Reported in the Last 24 Hours
R6DB hacked
R6DB, a fan-powered online gaming service that provides statistics for players of Ubisoft's tactical FPS Rainbow Six Siege, was hit by hackers over the weekend. An automatic bot accessed their server, cleared the database, and left a ransom note behind. The database seems to be a PostgreSQL instance.

Graton Resort info leaked
Graton Resort and Casino, a Sonoma County-based Casino, announced on September 2, 2017, that it had inadvertently released personally identifiable data of its customers. The details were leaked in February and August when emails were sent out with the attachments containing this sensitive data.

Malvertising campaign
Cybercriminals leverage online advertising company that allows them to deploy ads with custom JavaScript code to mine Monero, Feathercoin, and Litecoin. A separate campaign was spotted mining for Zcash cryptocurrency. The JavaScript code used in these campaigns is a modified version of MineCrunch (aka Web Miner), a script released in 2014 that can mine cryptocurrencies using JavaScript code executed inside the browser.

Top Scams Reported in the Last 24 Hours
Netflix identity theft
An account update email from Netflix inviting users to click on the “Login” button to update their billing information. This is the new phishing email Netflix users are being targeted with to get hold of their sensitive information. Users should visit Netflix site and log in to check their account status.

Microsoft phishing email
Users were being tricked into clicking on phishing emails that were supposedly coming from Microsoft. The mail appears to be an account suspension or account renewal email. It appears to be realistic but has some red flags that you must watch out for. Don’t click on the link without verifying the sender address.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.