Skip navigation

Monthly Archives: April 2008

Comerica phished emails circulating

This email hit a little too close to home today. It arrived in a mailbox days after a new account was created at Comerica. Oddly enough, the Comerica application asked for an email address for online banking info, and the employee mentioned that notification would be coming as soon as the account was set up.

Checking the link, it was found that the domain that it pointed to was created 2 days ago, and it wasn’t Comerica. Furthermore, it was in Nova Scotia. The domain is gf6fe.com. You can find a write up about the phishing email here

 

Subject: Comerica Bank – Protect your account.

Client authentication using digital certificates in COMERICA BANK(r)

 

Dear Customer,

Comerica.com site has requested that you identify yourself with a certificate. The next step in the transformation of Comerica Online is Digital Certificate (DC) access.

This DC will allow you to access Comerica Bank and other online services through a single sign-on.

All users will be notified and transitioned to the new URL between April 2008 and October 2008.

Please register your DC account and use our services safely.

Continue>> (I removed the link)

2008 Comerica Bank. All rights reserved.

Microsoft posts 8 Bulletins

As part of its regular patch cycle, Microsoft released 8 bulletins involving MS Office, various versions of Windows, and Internet Explorer. In at least one case, there is Proof of Concept (PoC) exploit "in the wild", so be sure to test the patches in commercial environments. Home users should be fine patching ASAP.

Was Storm really as bad as it could have been? The calm . . .

There’s word that the Storm malware that has been crating huge botnets for remote attacks and spam, is shrinking. Some have been crediting detection and disinfection methods. I think it more has to do with a new larger botnet that has taken over much of these zombie. Others credit the arrest of the botnet creator. I don’t know about many of you out there, but we’re not seeing a decrease in spam or attacks. In fact, at one location, I saw a spam attack of over 11,000 messages in a single hour last week. Apparently, others were getting it too, because NDR’s (Non-Delivery Receipts) were coming back to the domain, suggesting that an attack was happening elsewhere where the sender was spoofed to the domain I was watching.

I think that either this was a test, or the "paid" time was up (as the attack started on the hour and ended on the hour). Either way, this spam attack has the promise of a larger storm.

Patch your Adobe Flash Player

For all platforms, Adobe released an bulletin that addresses major vulnerabilities in Flash 9.0.115 and earlier versions. You can see the bulletin  Adobe recommends patching either through the auto-update in the player, or using the Player Download Center.

The cause for the bulletin is a "critical" vulnerability that allows a malicious SWF to take control of a machine that does not have an updated version.

With all the web sites being exploited these days, it is not a far stretch that a malicious swf be loaded on one of your favorite web sites.

Patch now!