Comments for PhishLabs Blog - News on Fraud, Phishing, Malware and Cybercrime

Comment on Fighting Corruption in Nigeria web site .. is a phish! by yinka

yinka — Sat, 25 Feb 2012 17:42:05 +0000

Let us all support fighting corruption.

Comment on “Your ACH Transaction” spam leads to malware by Following the Money: Evolving Cybercriminal Techniques and Targets | Malware Blog | Trend Micro

Wed, 25 Jan 2012 02:08:40 +0000

[...] PhishLabs found an attack very similar to the one above, but with a different payload. The malicious file to which the spam leads to is now detected by Trend Micro as TSPY_ZBOT.GBX. [...]

Comment on “Your ACH Transaction” spam leads to malware by Trend Micro Asia Pacific News Library - Following the Money: Evolving Cybercrime Techniques and Targets

Tue, 01 Mar 2011 09:28:19 +0000

[...] PhishLabs found an attack very similar to the one above, but with a different payload. The malicious file to which the spam leads to is now detected by Trend Micro as TSPY_ZBOT.GBX. [...]

Comment on “Your ACH Transaction” spam leads to malware by Following the Money: Evolving Cybercrime Techniques and Targets | Simply Security

Mon, 28 Feb 2011 20:03:38 +0000

[...] PhishLabs found an attack very similar to the one above, but with a different payload. The malicious file to which the spam leads to is now detected by Trend Micro as TSPY_ZBOT.GBX. [...]

Comment on “Your ACH Transaction” spam leads to malware by DfwPcDoctor.com – Affordable Virus and Malware Removal Services in Dallas – Ft Worth Metro Area » Blog Archive » Following the Money: Evolving Cybercrime Techniques and Targets

Sat, 26 Feb 2011 03:04:28 +0000

[...] PhishLabs found an attack very similar to the one above, but with a different payload. The malicious file to which the spam leads to is now detected by Trend Micro as TSPY_ZBOT.GBX. [...]

Comment on “Your ACH Transaction” spam leads to malware by Following the Money: Evolving Cybercrime Techniques and Targets | Loan ToolZ

Fri, 25 Feb 2011 20:55:11 +0000

[...] PhishLabs found an attack very similar to the one above, but with a different payload. The malicious file to which the spam leads to is now detected by Trend Micro as TSPY_ZBOT.GBX. [...]

Comment on Acrobat 0-day used in targeted attacks by Disable JavaScript in Acrobat Reader Drija

Disable JavaScript in Acrobat Reader Drija — Thu, 18 Nov 2010 03:26:33 +0000

[...] Answers Anonymous I’m not much of a sysadmin, but I know that PhishLabs has something about where in the Registry to turn this off on 9.0. In the comments, other users have suggested keys for other versions. You can find the article here: http://www.phishlabs.com/blog/archives/122 [...]

Comment on Cleaning up from the Avalanche by Rapport semestriel de l’APWG 2S2009 – le groupe Avalanche « Criminalités numériques

Sat, 15 May 2010 17:07:53 +0000

[...] fonctionnement du bot utilisé par Avalanche est assez simple : il se compose de deux fichiers (et d’une clé de [...]

Comment on Acrobat 0-day used in targeted attacks by Registry-Patch für Acrobat Reader und Adobe Acrobat | TC Blog

Registry-Patch für Acrobat Reader und Adobe Acrobat | TC Blog — Fri, 16 Apr 2010 12:11:30 +0000

[...] phishlabs.com [...]

Comment on Open formmailers won’t die by Robert

Robert — Sat, 24 Oct 2009 22:30:54 +0000

Hi,

I have just come across this article and I am somewhat confused.

Although you seem to be totally against formmailers, you supply a link to Matt Wright’s site and you use formmail yourself. This is a formmail I am filling in, isn’t it?

I have just put up some formmailers with Matt Wright’s script on my sites, but I neither want to facilitate phishing nor spamming.

Can you tell me if there are save scripts to use, and if so which ones?

Thank you

Robert

Comment on Acrobat 0-day used in targeted attacks by Mitigating Vulnerabilities in Adobe Reader and Acrobat

Mitigating Vulnerabilities in Adobe Reader and Acrobat — Tue, 17 Mar 2009 14:07:48 +0000

[...] you need to implement this change across a large number of machines, PhishLabs have posted some information which will make your life [...]

Comment on Acrobat 0-day used in targeted attacks by Adobe Vulnerability on the Loose? | Complete Source

Adobe Vulnerability on the Loose? | Complete Source — Tue, 10 Mar 2009 12:58:22 +0000

[...] Phishlabs has written a bat file that can automatically handle the registry edit. You can download the necessary files here: http://www.phishlabs.com/blog/archives/122 [...]

Comment on Acrobat 0-day used in targeted attacks by Tecnologia e Informação » Como se manter seguro usando Adobe Flash e Reader

Tecnologia e Informação » Como se manter seguro usando Adobe Flash e Reader — Wed, 04 Mar 2009 10:21:16 +0000

[...] explorações através de arquivos PDF maliciosos estão acontecendo). Por enquanto, sobreviva de workarounds. Outra opção é instalar um patch não oficial que um consultor da SourceFire [...]

Comment on Acrobat 0-day used in targeted attacks by Vlad

Vlad — Sat, 28 Feb 2009 04:01:41 +0000

Yeah – how do you disable the pop-up warning about enabling the java (fricking annoying)?

Comment on How AV software can stop phishing sites by Light Blue Touchpaper » Blog Archive » Evil Searching

Light Blue Touchpaper » Blog Archive » Evil Searching — Wed, 25 Feb 2009 17:19:46 +0000

[...] phishing websites (”if you can break in, then so can I”); or they were seeking the PHP “shells” that phishing attackers often install to help them upload files onto the website (”if you [...]

Comment on Acrobat 0-day used in targeted attacks by max

max — Wed, 25 Feb 2009 12:53:42 +0000

how do you disable the pop-up warning about enabling the java ??

Comment on Acrobat 0-day used in targeted attacks by 山寨PDF补丁比Adobe官方提前两周发布 | 紧跟IT潮流

山寨PDF补丁比Adobe官方提前两周发布 | 紧跟IT潮流 — Wed, 25 Feb 2009 06:27:12 +0000

[...] 此外安全公司PhishLabs也发布了补丁去重置一个Windows注册表项，禁用Adobe Reader 9.0的JavaScript，从而切断黑客入侵之路。 Grenier的补丁下载。 [...]

Comment on Acrobat 0-day used in targeted attacks by jcg

jcg — Tue, 24 Feb 2009 17:55:37 +0000

acrobat 6 pro:
HKCU\Software\Adobe\Adobe Acrobat\6.0\JSPrefs\bEnableJS

reader 7:
HKCU\Software\Adobe\Acrobat Reader\7.0\JSPrefs\bEnableJS

Comment on Acrobat 0-day used in targeted attacks by Dave Howe

Dave Howe — Tue, 24 Feb 2009 13:06:08 +0000

Note that for acrobat reader v8, that key becomes

HKCU\Software\Adobe\Acrobat Reader\8.0\JSPrefs\bEnableJS

I would imagine that there may be other versions also, although localizations tend to use the same keys.

Comment on Acrobat 0-day used in targeted attacks by .blog » Blog Archive » Adobe flaw work arounds

.blog » Blog Archive » Adobe flaw work arounds — Tue, 24 Feb 2009 03:24:34 +0000

[...] the security for several computers you may wish to disable JavaScript via the registry. The guys at PhishLabs have pointed out how to do this. according to their blog you can disable JavaScript in Adobe Reader [...]

Comment on Acrobat 0-day used in targeted attacks by More Acrobatics | ThreatBlog

More Acrobatics | ThreatBlog — Sat, 21 Feb 2009 19:27:49 +0000

[...] batch-file for turning off JavaScript in Adobe Reader by altering Registry settings at http://www.phishlabs.com/blog/archives/122 (I haven’t tested it!). Assuming that it works as advertised, there’s no advantage [...]

Comment on How AV software can stop phishing sites by jal

jal — Wed, 26 Nov 2008 23:31:01 +0000

@Jarek

Trend Micro and 29 other vendors were tested. The published results only include the top 10 performing vendors. The point of the test was not to shame the underperforming vendors, but rather to call attention to the need to detect these files in general since all vendors performed relatively poor compared to, for example, the typical Win32 trojan. Soon, the same samples will be tested again to see which vendors have responded and which have not. Stay tuned.

Comment on How AV software can stop phishing sites by Jarek Bechemot

Jarek Bechemot — Wed, 26 Nov 2008 17:13:27 +0000

Dear All,
I wonder why there was no TrendMicro in this test ? TM has av scan engine for Linux (unix) system – eg.: http://emea.trendmicro.com/emea/products/enterprise/serverprotect-for-linux/index.html and detects PHP shells, backdoors, etc.
This is because neither av-test.org nor VirusTotal has it in its scan engine pool ?
Any answer will be appreciated. Regards,