In follow-up to our previous post regarding the 0-day vulnerability discovered in Microsoft’s Internet Explorer (MS12-063, Advisory: 2757760), Solutionary is pleased to advise you that the vendor has released a patch release (KB2744842). Considering the large volume of reports that this has been actively exploited, Solutionary advises that organizations consider immediate testing (in accordance with good practice to ensure production systems are not adversely affected) followed by subsequent deployment.... read more >

Tags: 0-day, exploit, incident response, malware, managed security service provider, spam, email scam, malicious emails

The Solutionary Security Engineering Research Team (SERT) has been receiving a significant amount of malicious emails luring would-be victims to hosts running the Blackhole Exploit Kit.

The emails claim to be related to a rejected wire transfer. SERT has observed that the malicious emails use an embedded hyperlink or an attached HTML file attachment. The hyperlink points to a compromised website, usually running a piece of obfuscated javascript that is decoded as an iframe. The iframe redirects the victim’s browser to a Blackhole landing page that attempts to exploit the victim’s computer and install additional malware such as... read more >

Tags: Blackhole Exploit Kit, Cridex, email scam, malicious emails, malicious hosts, malware, managed security service provider, security best practices, security intelligence, spam, toolkit, Trojan, email security, Gameover Zeus, malicious sites

The Solutionary Security Engineering Research Team has been busy analyzing malware this week. Here is an example of a piece of malware we received yesterday, masquerading as an Amazon.com shipping notification. __ Email Title: Your Amazon.com order of "Casio Men's EEDN7D-1 G-Shock Solar Atomic Digital Sports Watch" has shipped!

Hello,

Shipping Confirmation
Order # 889-2623316-0593748

Your estimated delivery date is:
Friday, July 13 2012

Track your package. Thank you for shopping with us. We thought you'd like to know that we shipped this portion of your order separately to give you quicker service. You won't be charged any extra shipping fees, and the remainder of your order will follow as soon as those items become available. If you need to return an item from this shipment or manage other orders, please visitYour Orders on Amazon.com.

Shipment Details

Casio Men's... read more >

Tags: email scam, email security, malicious hosts, malware, phishing, security tips, SERT, Solutionary, spam, vulnerabilities, Amazon.com Phishing

This past week we have seen a notable increase in spam appearing to be some type of recruitment email. The following is an example of the emails received with varying subject lines. From: someone
Sent: Monday, July 02, 2012 7:55 AM
To: someone
Subject: Finance Manager
Importance: High

We have an excellent opportunity for an apprentice applicant to join a rapidly expanding company.

An at home Key Account Manager Position (Ref: 30721-126/5HR) is a great opportunity for stay at home parents or anyone who wants to work in the comfort of their own home.

This is a genuine offer and not to be confused with scams! The successful candidate must have the ability to handle calls efficiently whilst maintaining the highest levels of customer service and being courteous. Applicants must have an excellent... read more >

Tags: ActiveGuard, email scam, email security, phishing, security best practices, security engineering research team, security tips, SERT, Solutionary, spam