An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Equifax enabling malware
#12631 11/03/10 04:35 AM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
I just got one of those random skypes, I'll quote it here for the lols:
Quote:
View earlier messages: 1 Day | 1 Week | 2 Weeks | 1 Month | 3 Months | 6 Months | 1 Year | All
Online Update ®
10:40 PM
WINDOWS REQUIRES IMMEDIATE ATTENTION
URGENT SYSTEM SCAN NOTIFICATION ! PLEASE READ CAREFULLY !!

http://www.updatebf.com/

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser !

FULL DETAILS OF SCAN RESULT BELOW
****************************************

WINDOWS REQUIRES IMMEDIATE ATTENTION

ATTENTION ! Security Center has detected
malware on your computer !

Affected Software:

Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair utility immediately

Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.

http://www.updatebf.com/

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser!


Anyway, clicking the ling of course takes you to a scareware virus scanning page. (which will in all likelyhood not still be up by the time you read this) Here's a screenshot in case you miss it.

So, clicking on that (I have to click on the very tippy bottom of the alert bubble on the bottom, I'm sure windows users have a much larger flashy target somehow) takes me to cart.secureorderstore.com. So I thought aha, THAT I can maybe do something about. It too may be something that's no longer valid by the time you read this, so here's another screen shot.

Anyway, I loaded the root of the page (https://cart.secureorderstore.com/) and it's a blank apache template page so I assume it's an infected high bandwidth zombie of some sort being used to collect everyone's credit card numbers and maybe even sell you something, but it's certainly not on the up and up.

So I look again... the little icon to the left of the URL is a gold lock, ya, whatever. BUT, it IS https, and the padlock in the upper right is showing, AND I didn't get a warning for an unsigned certificate, which really surprised me when I thought about it. hmm, that's unexpected. So if I can try to make the signature go away that may be a start. Clicking the lock, I get an Equifax Signature ... ok. There's somewhere I can go.

Or can I? The secureorderstore.com domain is obviously being used for unadulterated fraud, but equifax is signing off on them. I tried for awhile to find a way to contact them to report it and maybe get their cert revoked, (ya I know it won't do a LOT of good, but it'll get rid of ONE of the locks on the screen) but I was unsuccessful.

It appears that equifax is almost as shady as these fraudsters, from what I'm reading online. They appear to have really crappy customer service, and do their darndest to prevent you from contacting them via email. So, anyone got an address with a pulse I can report their supporting fraud to? I find it ironic that a company whose business appears to be geared toward accountability is helping fraudsters.


I work for the Department of Redundancy Department
Re: Equifax enabling malware
Virtual1 #12652 11/05/10 05:29 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Reporting to Equifax won't likely do any business. The certificate was actually issued by RapidSSL, not by Equifax (Equifax is the upstream CA). The shopping cart on secureorderstore.com is already dead.

This isn't the first time that organized crime has duped someone into issuing a security cert for a malicious Web site. There is so much money in computer viruses that it's worthwhile for organized crime to set up fictitious businesses, with real business licenses and the whole bit, just to get security certs or digital signing certs.

One such "business," Mistland Limited, tricked a CA into giving them not only SSL certificates but even into giving them code-signing certificates, which they attached to their malware. So the malware would download and run even on computers that had their internet security settings cranked up to maximum, which will cause a browser refuse to download and run an unsigned app.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Equifax enabling malware
tacit #12653 11/05/10 03:39 PM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: tacit
One such "business," Mistland Limited, tricked a CA into giving them not only SSL certificates but even into giving them code-signing certificates, which they attached to their malware.

What's a CA?

ryck

Last edited by ryck; 11/05/10 03:39 PM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Equifax enabling malware
ryck #12658 11/05/10 04:55 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Originally Posted By: ryck
Originally Posted By: tacit
One such "business," Mistland Limited, tricked a CA into giving them not only SSL certificates but even into giving them code-signing certificates, which they attached to their malware.

What's a CA?

ryck


"Certificate Authority"


I work for the Department of Redundancy Department

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.017s Queries: 22 (0.010s) Memory: 0.5924 MB (Peak: 0.6616 MB) Data Comp: Zlib Server Time: 2024-03-29 06:08:29 UTC
Valid HTML 5 and Valid CSS