Wednesday, February 18, 2015

Thank you for your payment


THIS fake e-mail came to one of our system .. today .. do not click on the attachment.exe


This is confirmation that your payment on Wed, 18 Feb 2015 16:32:42 +0000 for USD 7900.00 has been
accepted by the NYC Department of Finance. Your Credit Card statement will show
an entry from Parking Fines NYCGOV. Please read the attachment and save it in case
you have any questions about the items that you have paid.

Name: sol chaimovits

Payment Date: Wed, 18 Feb 2015 16:32:42 +0000

Receipt Number: WWW87523543

Payment Amount: USD 7900.00

Credit Card: Visa

Account ending in: 1440

Your payment was for the following items:

Agency                             Item                              Amount
------------------------------     --------------------     ---------------
PVO                                1160025162                        USD 3000.00
PVO                                7247746580                        USD 4500.00
DOF                                Convenience Fee                    USD 400.00

Thank you for using New York City's website to process your payment.
Please do not reply to this email.  You may contact us by visiting
http://nycserv.nyc.gov/NYCServWeb/ContactUs.html if you have questions
or need further assistance.



Hash and Link .... https://www.virustotal.com/en/file/EF74C90EAF5BAD3B27C12991C05D858173E7C5971655CB2E3FB165738B311E69/analysis/
 https://www.virustotal.com/en/file/EF74C90EAF5BAD3B27C12991C05D858173E7C5971655CB2E3FB165738B311E69/analysis/
Posted by at No comments:

Wednesday, February 11, 2015

IPS in Action, Canada Cyber managed services.

This is a example of a automated e-mail sent from 1 of our managed clients IDS system.  In this example it's is a inline IPS .. so the attack is blocked in real time, Then the duty tech receives an automated e-mail with <body> of the below information.

This exact data is from a Hotel in Ottawa Canada, as you are all aware hotels are a hot spot for malware as most users, usually do things the should not do......

later on investigation, revealed that the triggers first came from a user, that was looking for escort services in Ottawa using backpage.com.


Oh yah . .do not try to Google for this, as this is part of the other web or dark web .... XXX are not known on search engines. Just like TOR and IP2, Google doesn't really index these things. unless you are looking for a one time love. ;-) .


 
 logid=021100 type=virus subtype=infected level=warning msg="File is infected." status="blocked" service=UNKNOWN(255) srcip=x.x.0.129 dstip=x.x.222.194 srcport=60509 dstport=80 srcintf="internal" dstintf="wan1" policyid=1 identidx=0 sessionid=56909525 direction=N/A quarskip="No skip" virus="Zeus" ref="https://en.wikipedia.org/wiki/Zeus_%28malware%29" profile="default" srcname="PerryXXXX" osname="Windows" analyticssubmit="false" 
Posted by at No comments:

Friday, February 6, 2015

Current Cyber attacks on Canada

Current Cyber-attacks against Canada Cyber Canadian servers,This is from the Last 24 hours as of Feb 6th 2015,  This is a sample from 6 unique servers that are also unique in Ip address across eastern Canada. The Map below shows the top source Country’s attacking. This Data is derived from triggers based on SSH TCP port 22, Telnet TCP port 23 and RDP Port 3389 attacks against our honey bots. 
https://en.wikipedia.org/wiki/Honeypot_%28computing%29



Posted by at No comments:
Subscribe to: Posts (Atom)