Tax Credit Refund Scam Is affecting UK Based Individuals

Tax credits are a hot topic at the moment, this is in part to the Conservative death by a thousand cuts, I said cuts, plans which are set to reduce the income of many of the poorest in society by an average of £800 a year. Unfortunately, the adverse media coverage has been picked up by scammers who have devised a fraud which promises tax credit refunds.

Individuals have received messages within the last few days to a week which utilizes the Goo.gl shortening URL to redirect victims to what appears to be a compromised website: The message reads “Dear valued customer, we are happy to inform you that you have a new tax credit refund from HMRC. Click on the following link [URL] to claim your HMRC refund”

These messages have been sent via texts although you may want to keep a look out for other forms including emails in case the scammers diversify. The stats are below concerning this fraud, as you can see, it’s shocking to note that there have been 731 clicks so far considering the scam is pretty new.

  • 731 clicks so far, with the majority of them coming from the UK.
  • 440 of those were on iPhone, and 252 were using Android. Just 31 people were browsing via Windows.
  • The shortened link is around 1 week old, so the scam is pretty fresh.

The phishing page is located at – savingshuffle(dot)com/hmrc/Tax-Refund(dot)php:

The scam page appears to be from HMRC, but to be clear it is certainly NOT from the official government-backed site. The page would like many personal details which includes the following

  • Name
  • Address
  • Phone
  • Email
  • telephone number
  • card details,
  • Sort code and account number.

Scroll further down the page and the scammers would also quite like a piece of “Identity Verification” in the form of a driving license number, national insurance number and mother’s maiden name. There’s also a pre-filled refund amount of £265.48 next to the submit button.

This is fake; this is a scam and please DO NOT under any circumstances click on any link which purports to offer any kind of refund. The official HMRC do not send any messages which purport to offer any kind of refunds in the first place. An official bank or government-backed service wouldn’t start a message with the words “Dear Valued Customer” Also, be aware just in case you receive a message with your name offering a refund, this would also be a scam with absolute certainty.

There will be inevitably more variants of this scam which prey on people’s financial circumstances; always be suspicious.

Thank you malwarebytes for providing us with the information.

Extensive Malvertising Campaign Targets Yahoo!

This Malvertising Campaign is no longer active having been reported to Yahoo by Anti Malware blocker Malwarebytes, it’s still newsworthy to note the stats and techniques which targeted yahoo Ad Network for now and future reference.

According to the following statistics, yahoo and its combined websites has an estimated 6.9 Billion visits per month, which makes this attack one of the biggest targeted attacks seen recently.

  • www.yahoo.com | 6.9B monthly visits
  • news.yahoo.com308.50M monthly visits
  • finance.yahoo.com | 135M monthly visits
  • sports.yahoo.com | 112.50M monthly visits
  • celebrity.yahoo.com | 66.60M monthly visits
  • games.yahoo.com | 43.40M monthly visits

The attack leverages Microsoft Azure websites with the following domains being used,

      trv0-67sc.azurewebsites.net/?=trv0-s4-67sc

  • ch2-34-ia.azurewebsites.net/?ekrug=sewr487giviv93=12dvr4g4

This chain of events leads to the infamous Angler Exploit kit which attempts to exploit known software vulnerabilities within a person’s computer. Think of it like this, your browsing the web for cat pictures, you arrive at a site which contains a malicious link or ad, without clicking on the advert, the tool attempts to find and exploit for example a Flash or another program bug, if it’s successful it will then attempt to compromise said computer. Angler is also known for spreading the rise of Crypto Ransomware which is extremely dangerous. To allow myself a plug, and this is my first one, here’s a link to an article which I have written concerning the Windows 10 Crypto Malware.

Malware within adverts is hugely popular because it does not need the user to click on the ad for the Malware to spread. The nature of the Internet pushes these attacks at a phenomenal rate which exploits the globe. Always update your plug-ins, software, Anti Virus and Windows patches on a regular basis, we all know Flash is about as breakable as a glass hammer. Unless Adobe adapts, it will be remembered in nostalgia circles rather than a current product.

It may be wise to either uninstall or change Adobe Flash’s settings to “Ask to Activate”

Thank You Malwarebytes for providing us with this information.

Malwarebytes Offers Free Reprieve to Pirates

Oh the conundrum of pirated software, on one hand, it’s better to support the product, on the other hand it’s free, but loyalty is what counts, yeah but it’s free. Software companies have tried many avenues to stop pirates, from banning individuals from using particular online games to as in Microsoft’s case, offering free copies of Windows 10 to cracked software owners only to change their minds around 50 times.

Popular and successful Anti Virus Company Malwarebytes have taken a different view and are offering an amnesty to pirated keys in exchange for legitimate licences. How does it work? Well according to the Malwarebytes website, if you try, well not you, but if someone attempts to activate a pirated licence key, a message will appear informing them of two options. One is to contact Malwarebytes for a new 12 months key before its disabled with the second option being for paid customers of legitimate licences.

Malwarebytes aims to roll out a new licensing system which is stronger and also hopes to determine which keys are for which owners. The offer is for a limited time only but as of writing, there is no defined end date to which this offer will end. It’s a brave move to offer a free key to pirates, but in turn the company is not threatening users with legal action etc which might build a stronger reputation with users in the long run.

Or this could be just the case of spreading a huge net to see who bytes, bites, I am speaking in tech, either way it will be interesting to follow the progress of this offer.

Thank you Malwarebytes and Forum for providing us with this information

Image courtesy of degreedix

Xtube Infecting Visitors With Malware

Adult site Xtube, rated in the top 800 sites in the United States, has been compromised and is infecting users with malware, warns Malwarebytes Labs. Visitors to the site can be redirected to the Neutrino Exploit Kit, exploiting a Flash vulnerability (because of course it does), to deliver the Trojan.MSIL.ED malware.

Malwarebytes says that Xtube has been made aware of the problem, but is yet to isolate the cause.

“Contrary to a malvertising issue where the problem is external, XTube admins need to look at their own server to identify the issue,” Jerome Segura, Senior Security Researcher at Malwarebytes, said. “Based on what we saw, this [is] a dynamic infection that injects [a] malicious iFrame ‘on-demand.’ In other words this is not hardcoded in the page’s source code, but added on the fly.”

The community section of the website is particularly affected, according to Segura, but adds that other pages on the site are infected. “We have seen server-side infections before that exhibit this type of behavior and they require a thorough review of the entire system and its logs,” Segura said.

Source: SC Magazine

Jamie Oliver’s Website Hacked and Used as Malware Distributor

The website of celebrity chef Jamie Oliver, which has an average of 10 million visitors per month, has been hacked. The hackers inserted a string of code that redirects visitors to a WordPress site that uses a Flash, Java, or Silverlight exploit to force malware to run on the visitors’ computers.

The hack was discovered by computer security firm Malwarebytes. Jerome Segura, Senior Security Researcher at Malwarebytes, said, “The malicious redirection led to the Fiesta Exploit Kit which had recently integrated a critical zero-day (now patched) in Flash Player. However, as many people do not apply updates on a regular basis, this vulnerability is ripe for mass exploitation.”

Though Malwarebytes has contacted the admins of jamieoliver.com, Jamie Oliver’s press team is yet to issue a response on the matter.

Though anyone with the latest versions of Flash, Java, or Silverlight should be safe, it is advised that users avoid jamieoliver.com until the site has been cleaned.

Source: Forbes

Zero-Day Vulnerability in Adobe Flash Player Reported

An independent security researcher, known as Kafeine, has discovered a zero-day vulnerability in Flash Player, a week after Adobe issued a patch to fix nine vulnerabilities within the multimedia software.

Kafeine warns that the zero-day flaw has already been incorporated into the Angler EK exploit, a notorious malware attack kit.

Disabling Flash player for some days might be a good idea,”Kafeine then advises in a blog post.

Angler EK can give hackers access to your PC, allowing them to install Trojans, keystroke loggers, and other malware on to your system.

Security software provider Malwarebytes considers Angler EK to be one of the most widely-used malware packages, and acknowledges that Flash’s history of vulnerabilities makes it a popular target. “Flash has been plagued with critical vulnerabilities in the past few months and surpassed the no longer popular Java as the most exploited plugin,” Jérôme Segura, senior security researcher at Malwarebytes, said.

Until this latest vulnerability is patched by Adobe, it might be prudent to follow Kafeine’s advice and disable Flash for the time being.

Source: Computing

New Malware Is Reported To Be Affecting World Of Warcraft Gamers

World of Warcraft gamers and other MMORPG players are subject to hacks and exploits that attempt to steal their user names and passwords, after which the hackers will either rob the character of all their gold, or maybe even sell it off. For those of you out there who are still playing World of Warcraft, Blizzard has recently identified a new malware that poses as a client for a popular World of Warcraft add-on site.

It has been classified as a trojan horse and it looks and functions exactly the same as the Curse Client, in which gamers use to download World of Warcraft add-ons and tweaks. Furthermore, when attempting to search for “curse client”, a listing of the fake website pops up and will look exactly the same as the official one, so for those who weren’t paying attention, you might have inadvertently downloaded a malware onto your computer.

Blizzard suggests that those who have downloaded the client to delete it and perform a scan on their computer to ensure that there are no traces of it left, using programs such as Malwarebytes. Blizzard has also provided instructions to those who might have been infected as well. Either way, Blizzard advices those who are downloading the Curse Client for the first time to double check and make sure it is from the official site based on its URL.

Thank you Ubergizmo for providing us with this information

Thousands Of Computers Attacked By MalwareBytes Monday

Do you use Malwarebytes? If so you are among millions of customers of the Anti-Malware software distributor. Many of us monitor and repair our own computers, and we use largely known companies to keep our computers safe and secure. Unfortunately, every once in awhile there is a glitch which causes major issues for our computers, such as how Malwarebytes released an update which made our computers think that Windows was attacking Windows! Even though you might think that the Windows operating system is a virus, or acts like a virus from time to time, we don’t want Malwarebytes or any other software for that matter to delete our windows. The update did just that.

On April 15 at approximately 3 P.M. (PDT) Malwarebytes was updated, this update disabled thousands of computers within just a few minutes. Though the issue was caught in the initial few minutes of the release the damage had already been done. A simple definitions update for Malwarebytes turned into a fatal application for your computer, attacking .exe and .dll files alike thinking that nearly all of the files in your computer were viruses. Malwarebytes acted swiftly in working to disable the update and removing it from their servers. Unfortunately the damage had already been done. And they have apologised for their mistake, taking the blame.

“I want to offer my sincere apology to our millions of customers and free users. I started this company because I thought everyone was entitled to malware-free computing. We acted overzealously in that mission and realize far superior procedures around updating are needed. More was expected of us, and we failed.”  CEO Marcin Kleczynski posted on the official Malwarebytes forum

Thousands of computers being affected by this simple release is really devastating, we can only hope that Malwarebytes will test out the updates more thoroughly in the future. Of course we understand that they may have missed this issue, by trying to be the best anti-malware software out there, having the most current and up to date definitions available.

If you have been affected by the update, and you have not been able to fix your computer just yet, you can find repair information, and a tool HERE.

How do you keep your computer safe and secure, do you use a combination of Malwarebytes and an anti-virus software? Let us know in the comments below.

Source