Comments on: Rogue AV Spam Invades Multiply, Yahoo Mail

By: Mohamed

Mohamed — Tue, 17 May 2011 08:01:29 +0000

Really good.
Recently i received facebook notifications as email-

In that, my friends commenting the ” why u get tagged in this video?”.
I checked that notification, but it is not active.
That page shown to be like restricted one.
Its pretty similar case!
I found it here, what the idea is ?
Thanks!!

By: duder

duder — Thu, 25 Nov 2010 09:01:24 +0000

Yea, I had it sent to me. Opened it and F-Secure caught it right away… Poor excuse for a l337 haxor should be ashamed of himself.

By: Andrew Brandt

Andrew Brandt — Mon, 15 Nov 2010 20:21:15 +0000

While it isn’t likely your passwords were phished, it’s not a bad idea to change them anyhow.

By: seiji

seiji — Sun, 14 Nov 2010 22:10:39 +0000

uh oh… kinda realized too late that this was screwed up since i opened it early when i just woke up. I was using a mac when i checked though, so i stopped when it asked me to install a .exe file. so… uh… should i worry about anything? like say, change my password for my multiply or yahoomail?

…can’t believe I’d fall for something like this.

By: Dave

Dave — Sun, 14 Nov 2010 10:24:28 +0000

Thank you Rhoda A. for catching an reporting this.
Thank you Andrew for the excellent write up it has been passed around in Multiply.

By: Steven Kavanagh

Steven Kavanagh — Fri, 12 Nov 2010 09:24:54 +0000

Fantastic article Andrew.

You malware analysts never cease to amaze me in your investigative process.

By: Andrew Brandt

Andrew Brandt — Thu, 11 Nov 2010 21:21:22 +0000

Not surprising at all. I prefer to distribute public information and leave the distribution of justice, whatever that might be in this case, to someone else.

By: Doug

Doug — Thu, 11 Nov 2010 14:48:41 +0000

His script is easily open for SQL injection judging by that source: you should distribute justice.