zveloLABS™ has uncovered an additional 1.5 million sites associated with the newest series of SQL injection attacks. Any compromised sites are very dangerous, infecting the user with Trojan.Buzus silently in the background. The Buzus family of trojans can steal passwords, financial data, and other sensitive information.
During the last week, zveloLABS™ detected a number of malicious emails, allegedly from the Federal Reserve Bank. The emails warn the recipient of phishing attacks and instruct the user to follow a link for more detailed information on the threat.
CoolerEmail is notifying customers of a new phishing scam used to steal login credentials. The web based email marketing program carries an impressive client list including Walmart, Toyota, Pepsi and dozens of other big name brands. Any phished credentials can be used to impersonate these companies in additional phishing or malicious emails.
zveloLABS™ is today warning users to be wary of sites hosted on g0oo.info, a Japanese hosting site. At this time, all blogs and other web sites hosted by g0oo.info are compromised and currently being used to boost the Google PageRank of various sites including Japanese pornography sites in a technique sometimes called “PageRank Bombing” and also referred to as “BlackHat SEO.”
Yahoo! Marketing users are the target of a new phishing scam being detected today by zveloLABS™. Webmasters receive a very believable notification that their Yahoo Marketing account has expired with a link to login and presumably reactivate the account.
The Koobface gang has struck again using compromised web servers to deliver a potent mix of malware. zveloLABS™ researchers have found hundreds of newly exploited sites hosting malware which includes downloaders, keyloggers and multiple variants of the Koobface worm.
zvelo first detected a compromise on the Fox Sports website two weeks ago and as of today, at least one Fox Sports host continues to contain automatic links to a multitude of dangerous exploits. Even with media coverage and direct emails, this compromised host has not been taken offline or cleaned. The threats being hosted have rotated with the most recent threats being remote script links to ackworld.com and nt002.cn.
A fresh twitter phishing campaign is underway and using both tweets and direct messages to spread. The messages contain text such as “hah, I think I seen u on here” and “wow you look different on here” together with a link to a video.
Quick update on this web threat: as of today, 10/7/09, the Fox Sports website is still compromised. The specific URL, hxxp://msndr.foxsports.com/, has been cleaned, but any added nonsensical path results in a 404 page with the malicious iframe to thingre.com.
The Fox Sports website remains infected and a risk to the 11m+ unique visitors (as reported by Compete). This website is ranked as the 135th in the United States and 523rd most popular in the World according to Alexa remains compromised and a major security risk to end-users.