An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#12631 - 11/02/10 09:35 PM Equifax enabling malware
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
I just got one of those random skypes, I'll quote it here for the lols:
Quote:
View earlier messages: 1 Day | 1 Week | 2 Weeks | 1 Month | 3 Months | 6 Months | 1 Year | All
Online Update ®
10:40 PM
WINDOWS REQUIRES IMMEDIATE ATTENTION
URGENT SYSTEM SCAN NOTIFICATION ! PLEASE READ CAREFULLY !!

http://www.updatebf.com/

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser !

FULL DETAILS OF SCAN RESULT BELOW
****************************************

WINDOWS REQUIRES IMMEDIATE ATTENTION

ATTENTION ! Security Center has detected
malware on your computer !

Affected Software:

Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair utility immediately

Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.

http://www.updatebf.com/

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser!


Anyway, clicking the ling of course takes you to a scareware virus scanning page. (which will in all likelyhood not still be up by the time you read this) Here's a screenshot in case you miss it.

So, clicking on that (I have to click on the very tippy bottom of the alert bubble on the bottom, I'm sure windows users have a much larger flashy target somehow) takes me to cart.secureorderstore.com. So I thought aha, THAT I can maybe do something about. It too may be something that's no longer valid by the time you read this, so here's another screen shot.

Anyway, I loaded the root of the page (https://cart.secureorderstore.com/) and it's a blank apache template page so I assume it's an infected high bandwidth zombie of some sort being used to collect everyone's credit card numbers and maybe even sell you something, but it's certainly not on the up and up.

So I look again... the little icon to the left of the URL is a gold lock, ya, whatever. BUT, it IS https, and the padlock in the upper right is showing, AND I didn't get a warning for an unsigned certificate, which really surprised me when I thought about it. hmm, that's unexpected. So if I can try to make the signature go away that may be a start. Clicking the lock, I get an Equifax Signature ... ok. There's somewhere I can go.

Or can I? The secureorderstore.com domain is obviously being used for unadulterated fraud, but equifax is signing off on them. I tried for awhile to find a way to contact them to report it and maybe get their cert revoked, (ya I know it won't do a LOT of good, but it'll get rid of ONE of the locks on the screen) but I was unsuccessful.

It appears that equifax is almost as shady as these fraudsters, from what I'm reading online. They appear to have really crappy customer service, and do their darndest to prevent you from contacting them via email. So, anyone got an address with a pulse I can report their supporting fraud to? I find it ironic that a company whose business appears to be geared toward accountability is helping fraudsters.
_________________________
I work for the Department of Redundancy Department

Top
#12652 - 11/04/10 10:29 PM Re: Equifax enabling malware [Re: Virtual1]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Reporting to Equifax won't likely do any business. The certificate was actually issued by RapidSSL, not by Equifax (Equifax is the upstream CA). The shopping cart on secureorderstore.com is already dead.

This isn't the first time that organized crime has duped someone into issuing a security cert for a malicious Web site. There is so much money in computer viruses that it's worthwhile for organized crime to set up fictitious businesses, with real business licenses and the whole bit, just to get security certs or digital signing certs.

One such "business," Mistland Limited, tricked a CA into giving them not only SSL certificates but even into giving them code-signing certificates, which they attached to their malware. So the malware would download and run even on computers that had their internet security settings cranked up to maximum, which will cause a browser refuse to download and run an unsigned app.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#12653 - 11/05/10 08:39 AM Re: Equifax enabling malware [Re: tacit]
ryck Online


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: tacit
One such "business," Mistland Limited, tricked a CA into giving them not only SSL certificates but even into giving them code-signing certificates, which they attached to their malware.

What's a CA?

ryck


Edited by ryck (11/05/10 08:39 AM)
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS Mojave 10.14.6
Canon MX710 Printer
Epson Perfection V500 Photo Scanner
Carbon Copy Clone on 1TB LaCie USB-C
Carbon Copy Clone on 500GB OWC Mercury OTG Pro

Top
#12658 - 11/05/10 09:55 AM Re: Equifax enabling malware [Re: ryck]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: ryck
Originally Posted By: tacit
One such "business," Mistland Limited, tricked a CA into giving them not only SSL certificates but even into giving them code-signing certificates, which they attached to their malware.

What's a CA?

ryck


"Certificate Authority"
_________________________
I work for the Department of Redundancy Department

Top

Moderator:  alternaut, cyn