BenkoBlog

Confessions of an Evangelist

Email Exploit No.9 You got Voicemail

Originally posted on: http://geekswithblogs.net/benko/archive/2014/09/08/email-exploit-example-1.aspx

I want to help people be aware of some of the scams going on. Lately I’ve been getting a number of emails that are needing some attention.The latest phishing scam example is fairly clever, disguising itself as a voicemail received by outlook. It includes text with a bogus phone number and a link to a zip file they want you to open that includes the exploit. Notice that the from email says Microsoft Outlook Voicemail which might be a real source of stuff for you, but the actual email is from the domain “documents233.com”!

 

image

 

Taking a closer look at where this comes from you can run a Whois to see the registration information on the domain…which shows the domain is owned by some company in China! Should you open this up? Only if you want to install their virus on your machine, because the attached zip is an executable that wants to install stuff when you run it.

 

image

Just saying…always be careful what you click!

-mike

[More]

Avoiding Hacker Trix

Originally posted on: http://geekswithblogs.net/benko/archive/2014/08/20/avoiding-hacker-trix.aspx

ExtremeHackerThis week we're doing a session called "Avoiding Hacker Trix" which goes thru some of the top web exploits that you should be aware of. In this webcast we will cover a variety of things including what we call the secure development process, cross site scripting attack, one click attack, SQL Injection and more. There are a bunch of links we cover, but rather than having you copy these down I'm providing them here...

Links from the slide deck:

[More]