Tuesday, 27 October 2009

Fake Facebook Password Reset Confirmation

Hi,

Has loads of these hit the inbox this morning....
















Virus Total:

AntivirusVersionLast UpdateResult
a-squared4.5.0.412009.10.27-
AhnLab-V35.0.0.22009.10.26-
AntiVir7.9.1.442009.10.26-
Antiy-AVL2.0.3.72009.10.26-
Authentium5.1.2.42009.10.27W32/Bredolab!Generic
Avast4.8.1351.02009.10.26-
AVG8.5.0.4232009.10.26Win32/Heur
BitDefender7.22009.10.27Trojan.Downloader.Bredolab.AZ
CAT-QuickHeal10.002009.10.27-
ClamAV0.94.12009.10.27-
Comodo27442009.10.27Heur.Packed.Unknown
DrWeb5.0.0.121822009.10.27-
eSafe7.0.17.02009.10.25Suspicious File
eTrust-Vet35.1.70842009.10.26-
F-Prot4.5.1.852009.10.26-
F-Secure9.0.15370.02009.10.22Trojan.Downloader.Bredolab.AZ
Fortinet3.120.0.02009.10.26-
GData192009.10.27Trojan.Downloader.Bredolab.AZ
IkarusT3.1.1.72.02009.10.27-
Jiangmin11.0.8002009.10.26-
K7AntiVirus7.10.8792009.10.24-
Kaspersky7.0.0.1252009.10.27Packed.Win32.Krap.w
McAfee57832009.10.26Bredolab.gen.a
McAfee+Artemis57832009.10.26Bredolab.gen.a
McAfee-GW-Edition6.8.52009.10.27-
Microsoft1.52022009.10.27TrojanDownloader:Win32/Bredolab.X
NOD3245452009.10.26-
Norman6.03.022009.10.26W32/Obfuscated.D2!genr
nProtect2009.1.8.02009.10.26-
Panda10.0.2.22009.10.26-
PCTools4.4.2.02009.10.19-
Prevx3.02009.10.27-
Rising21.53.10.002009.10.27-
Sophos4.46.02009.10.27Mal/Bredo-A
Sunbelt3.2.1858.22009.10.26Trojan.Win32.Bredolab.Gen.1 (v)
Symantec1.4.4.122009.10.27-
TheHacker6.5.0.2.0542009.10.26-
TrendMicro8.950.0.10942009.10.27TROJ_BREDLAB.SMF
VBA323.12.10.112009.10.26-
ViRobot2009.10.27.20062009.10.27-
VirusBuster4.6.5.02009.10.26-

Detected as:

Sanesecurity.Malware.12841
Sanesecurity.Malware.12842
Posted by Steve Basford at 08:13 0 comments Links to this post

Wednesday, 26 August 2009

Spammer Fail

A nice big...





















to the spammer that sent this...





Firefox says....






I think they meant http:// not htt://

:)
Posted by Steve Basford at 15:57 0 comments Links to this post

Friday, 26 June 2009

michael jackson virus already :(

Well, it didn't take long for the "them" to abuse the situation did it? :(

News item, with a picture and "video" to download:





















Here's the Anubis report on the "video"

Being detected as : Sanesecurity.Malware.11747.UNOFFICIAL

Update: Other article with translation here

Cheers,

Steve
Sanesecurity
Posted by Steve Basford at 15:39 0 comments Links to this post

Monday, 16 March 2009

Fake News/Flash Player

Interesting email came in just:

I worry about you httx: // ho.bestbreakingfree.com/news.php

Here's the "news page" that you are taken too....

















Downloading the fake Player and running it through VirusTotal gives you this:
















VirusTotal

As you can see the 0-hour detection rates aren't that good (3/39 scanners) :(

I'm sure we'll see more of this.
Posted by Steve Basford at 11:30 0 comments Links to this post

Wednesday, 25 February 2009

A good way to cut down on costs.. or not

I received an email today, looks quite safe and perhaps needed in the current climate... cutting costs:






Clicking on the link, you are taken to a nice friendly looking coupon page to save money...















Ah... it's asking to download an exe file... best submit to virus total first....















VirusTotal Results shows it's not exactly going to save us money... but does give us something nasty... for free :(
Posted by Steve Basford at 08:21 0 comments Links to this post

Friday, 13 February 2009

13.01.09: News

Lots of changes have been made recently to the download scripts, so if you haven't
checked out the new versions recently, it might be worth taking a look in the usage page.

In other news, there is now a support forum available here and there is now a searchable mailing list available here
Posted by Steve Basford at 21:27 0 comments Links to this post

Saturday, 31 January 2009

20.01.09: News

31.01.09: Update... aka Oops... forgot to update the main blog

20.01.09: News

It's been a while... but the Sanesecurity signatures have returned!

We disappeared for a while due a DDos, a small number of users who overloaded the shared hosting servers by downloading the signatures every second and in reality, an unscalable download system.

The old download system doesn't work any more and won't be coming back, so if you haven't done already, please disable your cron jobs and wget/curls downloads, as a new round-robin rsync based download url is available.

All the changes are detailed here.

There's also a Sanesecurity list, which is recommended that signature users subscribe to, so that any future problems can be reported directly to you:

Subscribe to Sanesecurity list, by sending an email to the address in the below graphic, with a subject of: subscribe



There is an archive, so you can read previous messages here

Finally, thank you for all the support and feedback.

Steve
Sanesecurity
Posted by Steve Basford at 21:41 0 comments Links to this post
Subscribe to: Posts (Atom)