Tuesday, December 11, 2007

Vulnerability in 2Wire routers

We've just released a security advisory for a vulnerability in 2Wire routers that is being actively exploited through phishing.

The advisory is located here.

Monday, December 3, 2007

Win a car!, just click here

I don't know if this scam really qualifies as "phishing" because it seems odd at first sight.

I don't know even if it really represents a threat to anyone. Let me explain, the e-mail asks the user to click on the attachment and answer a trivia to win a car, so what's this all about?

The picture of the "prize" is of a Volkswagen Golf (by the way, the name of the file is misspelled as "Wolsvagen") but not the brand new model, not even the previous one, the car is something around Mark 3 or Mark 4 (newest is Mark 5), I'm not sure because I'm not a VW fan nor expert, but certainly it isn't a Mark 5 VW Golf, you can take a look at the VW Mexico website.


So, my first thought was "this e-mail must be a joke", but when I analized the binary I realized that the threat was very real, the .exe file modifies the hosts file in Windows and, guess what, add some entries to replace the BANAMEX domain name.

I don't know if this is intentional, but in any case the phishers put little effort to deceive the user, finally, there's always a user who will try to "win the car" even if the car was dropped from production in Mexico many years ago.

Md5sum: 70d0a93d0001288ad057f41c7fd8a397
Filename: Wolsvagen-Sorteo.exe
IP: 65.23.158.58

Ps. I did some research and found that the car is indeed offered as a prize in Spain, so my guess is that this phishing scam originates in the Motherland.