Tagged: malware

Shellshocked: Some Bash #Vuln Useful Links

Last week, I was “literally” fooling around with the bash bug by reposting 9gag images about it 🙂

and mashing it up with old movie flicks:

but by the end of the week things are getting a little bit serious as my colleagues found some live malicious files in the wild

As part of the usual sharing of good tech info to my blog readers and friend and as part of public service of a responsible netizen, here are some cool links about this vulnerability:

Infographic from TrendLabs on the Bash Bug aka Shellshock vuln

Shellshock

Some useful links too below:

All image/link credits to Trend Micro, TrendLabs Security Intelligence Blog and CNN.

Before I end the post, the usual disclaimer/disclosure:
I work at Trend Micro. The information contained in this post is taken from Trend Micro website and TrendLabs Security Intelligence Blog. To know more on what I do full-time kindly visit my blog’s about page or visit my linkedin page. To read my blog’s disclosure policy, kindly visit my disclosure page.

For infosec, malware and tech (and not so techie) stuff, please follow me in Twitter 🙂

Flappy Bird Cheats


It’s been a long time since I featured a game here at menardconnect.com. And since this Flappy Bird game is such a hit let me do some Flappy Bird Cheats post.

Flappy Bird Splash

Flappy Bird is really an addicting game for most people. I am not really sure why. Maybe because its so simple and yet so difficult. The game was released last year (around May 2013) and was removed from both Apple AppStore and Google Play last week.

The first Flappy Bird Cheat I found out was this: there were lots of Flappy Bird cheaters out there. By cheaters I mean really nasty people creating and releasing fake and malicious apps and games. They are taking advantage that the author have removed it from the App Store and Google Play. Quoting my colleagues report  at Trendlabs Security Intel Blog

The interesting turn of events surrounding the game Flappy Bird has had the Internet buzzing: after becoming massively popular (downloaded more than 50 million times), the developer suddenly announced that he will take down the game from app stores, and then actually did it. The decision brought the interest around the game to an even greater scale, with similar apps seen emerging in app stores, and even auctions for devices with the app installed.

The next development we saw, however, is a less desirable one: we found a bunch of fake Android Flappy Bird apps spreading online”

Full story here

Its really sad to see that bad guys (read: cybercriminals) are always up-to-date on the latest buzz and trends. And they will take each opportunity to constantly make money/quick bucks on popular games (like Flappy Bird and Temple Run 2). I guess because that’s where the money is.

While sharing and tweeting that gaming/security blog post last week:

I discovered my next Flappy Bird Cheat: Twitter have its own share of Flappy Bird cheaters.

By just twitting about Flappy Bird, (match it with #hashtag #flappybird) Twitter autobots will reply to your tweet offering Flappy Bird cheats and Flappy Bird hacks.

flappy-bird-cheats-twit-spam-2

 Flappy Bird Unlimited Lives? What?

flappy-bird-cheats-twit-spam

 I was really lost on how Harry Potter got in the picture here 😀

Don’t worry I am always a responsible internet citizen and I reported these spammers to Twitter Spam Team.

So for those looking for Flappy Bird cheats and hacks, be careful ok? Don’t blame me if you get something bad and malicious in the internetz!!!

For me I think I will still be on the lookout for other legit tricks. Why? Because my Flappy Bird high score is still…

my Flappy Bird high score not that high 😀

I hope you like my Flappy Bird cheat warning post.

Watch out for more gaming post soon…

Malware Blog – World of Warcraft Scams: Mist of Pandaria, Free Mounts and Phishing Galore

I’m always excited when I encounter some #security meets #gaming issue.  So I’m eagerly re-posting my blog article published in the TrendLabs Malware Blog entitled World of Warcraft Scams: Mist of Pandaria, Free Mounts and Phishing Galore.

World of Warcraft: Mists of Pandaria is the fourth expansion for the massively multiplayer online role-playing game (MMORPG) World of Warcraft. It was first unveiled to the public last October 2011 during the BlizzCon 2011 conference in Anaheim, California.

TrendLabs researchers started seeing increased phishing activity inside World of Warcraft after Blizzard started the closed beta testing for Mists of Pandaria last March 2012.

In these new rounds of phishing attempts, scammers are trying to abuse the WoW’s in-game mail system. In this phishing attempt, the malicious URLs are sent via in-game mail and are received by players in their in-game mailboxes.

 

 

In this phishing try, the scammer entices would-be victims to join the Mist of Pandaria beta testing and win an exclusive in-game item, the Dragon Turtle Mount, by visiting and registering in their website. The Dragon Turtle Mount was previously announced by Blizzard as the racial mount for the Pandarens, the new additional playable character race available in the Mist of Pandaria expansion.

 

 

The phishing URL in the in-game email goes to a phishing website that closely resembles the actual Battle.net website. The phishing URL tried to add some credibility by adding the string Mist of Pandaria abbreviation (MOP) to the domain name.

 

 

If unsuspecting users input their Battle.net credentials it will definitely result to Battle.net account theft. Battle.net is the central account management for all Blizzard games like World of Warcraft, Starcraft 2, and Diablo III.

In contrast to what we discussed in our previous World of Warcraft post, we observed that recent scamming attempts seem to be targeted at low level characters and not high level or level-capped (Level 85) ones. This may be part of the scam detection avoidance strategy of the bad guys, as high level characters may have more awareness to this security issue as they have spent more time in the game.

We analyzed the malicious domain further and found some great discovery: The same server also hosts other phishing sites targeting World of Warcraft players:

  • http://{BLOCKED}p.us-support.net
  • http://{BLOCKED}p.wow-support.net
  • http://for{BLOCKED}t-eu-wow-account-blizzard.com
  • http://for{BLOCKED}t-wow-us-account-blizzard.com
  • http://{BLOCKED}a-pandaria.net

The newly discovered malicious websites are using Mist of PandariaWorld of Warcraft, and their corresponding abbreviations in their URLs.

Trend Micro users need not worry about these threats, as they are protected from these World of Warcraft phishing attacks via the Trend Micro™ Smart Protection Network™, which blocks access to the phishing websites.

It is interesting to note that some of the phishing websites were registered just days after Blizzard announced that Mist of Pandaria will be the next World of Warcraft expansion. This clearly shows that the bad guys are up to date and are always in the lookout for events and opportunities to expand their nefarious schemes.

Blizzard on their part have stepped up their security measures. They have published a dedicated security page to help users understand their security commitment; raise awareness on different types of account thefts, highlight a gamer’s security checklist, and a step by step guide on what to do when users suspect that their account is being compromised.

Blizzard also promoted their authenticator (available as an app for iOS and Android devices, and as a keychain fob) by giving away an exclusive World of Warcraft Corehound pet to users availing the authentication services.

We also advice our readers, casual and hardcore gamers alike to view our latest Security and Gaming e-Guide to get helpful tips to help secure their online game experience.

Thanks to Paul Pajares for additional technical details.

Image credits: blog.trendmicro.com

Original post from: TrendLabs | Malware Blog – by Trend Micro

My special thanks to Paul, JM, Tin, Gelo and Badette for their help in the article. You guys and gals rock!!!

I will give my personal insights on this article (World of Warcraft, Mist of Pandaria, Phishing and Security) here in menardconnect.com soon. Watch out for it OK?

Kindly view my other World o Warcraft posts here

To all online gamers out there, be safe online OK?

 

Malware Blog – WoW Scams: Free Gifts and Fake Account Suspension Threats

I’m reposting my blog article entitled World of Warcraft Scam: Free Gifts and Fake Account Suspension Threats that was published via Trend Micro Malware Blog today.

Blizzard’s World of Warcraft (more popularly known as WoW) is one of the most popular massively multiplayer online role-playing games (MMORPGs) in the world. With more than 11.5 million subscribers as of 2008, WoW is plagued by a thriving underground online gaming economy.

The most common scam in WoW that Trend Micro has seen uses the in-game chat/whisper system.

An unsuspecting player will receive an in-game chat/whisper from an unknown player offering free gifts (usually in-game pets, riding mounts, and vehicles) that they can avail of by registering at the website that is included in the chat message.

The website included is, of course, a phishing site that will gather the user’s Battle.net account name and password.

However, we have seen a new approach recently—the use of WoW’s postal system, more commonly known as the in-game mail system. In this new trickery, the phishing URLs are sent via WoW in-game mail and is received by players in their in-game mailboxes.

The mail message is full of a mix of surprises. It combines several elements from other Blizzard games. Wings of Liberty refers to Starcraft 2, which was launched in July 2010. “Deathy” refers to “Black Dragon Aspect Deathwing,” the major antagonist in the upcoming WoW expansion game, Cataclysm.

To add to its credibility, the phishing URL contains the string worldofwarcraft and an abbreviation of Cataclysm. It is also interesting to mention that the website domain is registered and hosted in China.

We also noted that WoW online scammers have raised the bar by pretending to be figures of authority, something seen in spam attacks outside the online gaming industry.

The scam perpetrator poses as a Blizzard employee with a name that contains a string similar to Blizzard. The attacker threatens to suspend the player’s account if he/she does not register at the website included in the chat message.

As in the attack mentioned earlier, the link goes to a phishing site that tries to steal the user’s Battle.net credentials. The phishing site very closely resembles the actual site in terms of layout. At first glance, the user may be led to believe that the URL is related to the WoW Armory, an official site containing information on in-game characters, guilds, and items.

To protect its customers, Blizzard has intensified its information campaign on Battle.net’s security page. It also provided very accessible means within the game to report users who are abusing its chat and mail systems.

Trend Micro users are protected from these World of Warcraft phishing attacks via the Trend Micro™ Smart Protection Network™, which blocks access to the phishing websites.

For a more in-depth analysis of an online gaming Trojan kit (including World of Warcraft) and the underground online gaming economy, I highly recommend reading our research paper entitled, “Dissecting the XWM Trojan Kit: A Peek at China’s Growing Underground Online Gaming Economy,” by Lion Gu.


Image credits to Trend Micro and TrendLabs Malware Blog

Original Article:World of Warcraft Scams: Free Gifts and Fake Account Suspension Threats

Special thanks to Jovi, Jonathan and Badette for the assistance on the images and posting.

Additional personal thoughts on this WoW scam post coming soon in menardconnect.com 🙂
Update 2010.10.12
Part 1: Free WoW Cheats: Free Gifts, Free Pets, and Free Mounts for WoW Cataclysm