Archive for May, 2012

National Bank of Greece phishing e-mail

A new phishing e-mail is on the run, claiming to be from nbg.gr (National Bank of Greece), requesting to click on a link in order to have credit and debit card changed and personal info updated.
Needless to say once again that you should never click on such links, there is no bank in the world that will request personal information through e-mail and not prompt you logging into your web banking account with your credentials and token (if available). …

Continue Reading →
0

HOAX mail mentioning that you will be assassined

A new hoax mail is on the run the last couple of days mentioning that you have been targeted for assassination.
Don’t go hiring police or private investigators, the message is originating from infected and compromised servers.
Below you can see a sample of this hoax mail.
 
 
From: bauer@izinet.ci [mailto:bauer@izinet.ci]
Sent: Monday, May 28, 2012 8:27 PM
To: bauer@izinet.ci
Subject: RE : INFORMATION
Importance: Low
 
RE : INFORMATION
YOU HAVE BEEN TARGETED FOR ASSASSINATION OVER A PAST …

Continue Reading →
0

Plesk backdoors, a very large number of servers compromised.

In another post ( http://0entropy.blogspot.com/2012_03_01_archive.html ) we wrote about some perl scripts, bots, that were found in PLESK server installations. Apparently there is more on it. As described also in parallels forums, http://forum.parallels.com/showthread.php?t=258101 the attacks were quite elaborated. Attackers, using the bug http://kb.parallels.com/en/112303 were able to get access to PLESK installations and install backdoors in the systems. I’m using plural on backdoors, cause it’s not just one, there are quite a few.
In some systems /dev/shm/persist was created with the …

Continue Reading →
0