Arr0w
Professional
- Messages
- 137
- Reaction score
- 28
- Points
- 28
The IC3 continues to receive complaints reporting telephone calls from individuals claiming to be with Tech Support from a well-known software company. The callers have very strong accents and use common names such as “Adam” or “Bill.” Callers report the user’s computer is sending error messages, and a virus has been detected. In order to gain access to the user’s computer, the caller claims that only their company can resolve the issue.
The caller convinces the user to grant them the authority to run a program to scan their operating system. Users witness the caller going through their files as the caller claims they are showing how the virus has infected their computer.
Users are told the virus could be removed for a fee and are asked for their credit card details. Those who provide the caller remote access to their computers, whether they paid for the virus to be removed or not, report difficulties with their computer afterwards; either their computers would not turn on or certain programs/files
Some report taking their computers to local technicians for repair and the technicians confirmed software had been installed. However, no other details were provided.
In a new twist to this scam, it was reported that a user’s computer screen turned blue, and eventually black, prior to receiving the call from Tech Support offering to fix their computer. At this time, it has not been determined if this is related to the telephone call or if the user had been experiencing prior computer problems.
As some are aware, reports of pay day loan phone scams have been occurring for the last three years or more. The scam involves victims being relentlessly contacted at their residences and places of employment regarding claims they are delinquent on a payday loan. Various coercion techniques have been used by the subjects in an attempt to persuade the victim to send money. Such techniques have evolved from repeated annoying phone calls to abusive language, threats of bodily harm, and arrests.
The IC3 has become aware of increased coercion tactics used by the subjects, which have created a threat to emergency services across the nation. The threats have now escalated into a Telephony Denial of Service (TDoS) attacks against the victims’ employers, which some have been emergency service agencies. The TDoS attacks have tied up the emergency services’ telephone lines, preventing them from receiving and responding
The other tactic the subjects are now using in order to convince the victim that a warrant for their arrest exists is by spoofing a police department’s telephone number when calling the victim. The subject claims there is a warrant issued for the victim’s arrest for failure to pay off the loan. In order to have the police actually respond to the victim’s residence, the subject places repeated, harassing calls to the local police department while
Java Zero-DayExploitOnSalefor‘FiveDigits’
Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle’s Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned.
The flaw, currently being sold by an established member of an invite-only Underweb forum, targets an unpatched vulnerability in Java JRE 7 Update 9, the most recent version of Java (the seller says this flaw does not exist in Java 6 or earlier versions).
According to the vendor, the weakness resides within the Java class “MidiDevice.Info,” a component of Java that handles audio input and output. “Code execution is very reliable, worked on all 7 version I tested with Firefox and MSIE on Windows 7,” the seller explained in a sales thread on his exploit. It is not clear whether Chrome also is affected. “I will only sell this ONE TIME and I leave no guarantee that it will not be
The seller was not terribly specific on the price he is asking for this exploit, but set the expected offer at “five digits.” The price of any exploit is ultimately whatever the market will bear, but this is roughly in line with the last Java zero-day exploit that was being traded and sold on the underground. In August, I wrote about a newly discovered Java exploit being folded into the BlackHole exploit kit, quoting the author of that crimeware tool as saying that “the price of such an exploit if it were sold privately would be about
I have repeatedly urged readers who have no use for Java to remove it from their systems entirely. This is a very complex program that is widely installed (Oracle claims that some 3 billion devices run Java), and those two qualities make it a favorite target for attackers. What’s more, Java is a cross-platform technology, meaning that applications written to run in Java can run seamlessly across multiple operating systems. Indeed, some 650,000 Mac users discovered this the hard way earlier this year, when the Flashback worm took advantage of an unpatched vulnerability that was present in Apple’s version of
Apple has since taken steps to unplug Java from the browser in OS X, and this is the very approach I’ve recommended for users who need Java for specific Web sites or applications, I would suggest a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site that requires it.
The caller convinces the user to grant them the authority to run a program to scan their operating system. Users witness the caller going through their files as the caller claims they are showing how the virus has infected their computer.
Users are told the virus could be removed for a fee and are asked for their credit card details. Those who provide the caller remote access to their computers, whether they paid for the virus to be removed or not, report difficulties with their computer afterwards; either their computers would not turn on or certain programs/files
Some report taking their computers to local technicians for repair and the technicians confirmed software had been installed. However, no other details were provided.
In a new twist to this scam, it was reported that a user’s computer screen turned blue, and eventually black, prior to receiving the call from Tech Support offering to fix their computer. At this time, it has not been determined if this is related to the telephone call or if the user had been experiencing prior computer problems.
As some are aware, reports of pay day loan phone scams have been occurring for the last three years or more. The scam involves victims being relentlessly contacted at their residences and places of employment regarding claims they are delinquent on a payday loan. Various coercion techniques have been used by the subjects in an attempt to persuade the victim to send money. Such techniques have evolved from repeated annoying phone calls to abusive language, threats of bodily harm, and arrests.
The IC3 has become aware of increased coercion tactics used by the subjects, which have created a threat to emergency services across the nation. The threats have now escalated into a Telephony Denial of Service (TDoS) attacks against the victims’ employers, which some have been emergency service agencies. The TDoS attacks have tied up the emergency services’ telephone lines, preventing them from receiving and responding
The other tactic the subjects are now using in order to convince the victim that a warrant for their arrest exists is by spoofing a police department’s telephone number when calling the victim. The subject claims there is a warrant issued for the victim’s arrest for failure to pay off the loan. In order to have the police actually respond to the victim’s residence, the subject places repeated, harassing calls to the local police department while
Java Zero-DayExploitOnSalefor‘FiveDigits’
Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle’s Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned.
The flaw, currently being sold by an established member of an invite-only Underweb forum, targets an unpatched vulnerability in Java JRE 7 Update 9, the most recent version of Java (the seller says this flaw does not exist in Java 6 or earlier versions).
According to the vendor, the weakness resides within the Java class “MidiDevice.Info,” a component of Java that handles audio input and output. “Code execution is very reliable, worked on all 7 version I tested with Firefox and MSIE on Windows 7,” the seller explained in a sales thread on his exploit. It is not clear whether Chrome also is affected. “I will only sell this ONE TIME and I leave no guarantee that it will not be
The seller was not terribly specific on the price he is asking for this exploit, but set the expected offer at “five digits.” The price of any exploit is ultimately whatever the market will bear, but this is roughly in line with the last Java zero-day exploit that was being traded and sold on the underground. In August, I wrote about a newly discovered Java exploit being folded into the BlackHole exploit kit, quoting the author of that crimeware tool as saying that “the price of such an exploit if it were sold privately would be about
I have repeatedly urged readers who have no use for Java to remove it from their systems entirely. This is a very complex program that is widely installed (Oracle claims that some 3 billion devices run Java), and those two qualities make it a favorite target for attackers. What’s more, Java is a cross-platform technology, meaning that applications written to run in Java can run seamlessly across multiple operating systems. Indeed, some 650,000 Mac users discovered this the hard way earlier this year, when the Flashback worm took advantage of an unpatched vulnerability that was present in Apple’s version of
Apple has since taken steps to unplug Java from the browser in OS X, and this is the very approach I’ve recommended for users who need Java for specific Web sites or applications, I would suggest a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site that requires it.
