Malware Purveyor Serving Up Ransomware Via Bogus ICANN Blacklist Removal Emails
Furnished content.
Fun stuff ahead for some website owners, thanks to a breakdown in the registration process. A Swiss security researcher has spotted bogus ICANN blacklist removal emails being sent to site owners containing a Word document that acts as a trigger for ransomware.Fake @ICANN Domain Abuse Notices being spammend out to domain owners, distributing malware (Dridex?) - icann-monitor[dot]org These fake @ICANN abuse notices distribute Cerber Ransomware (hXXp://csenet.org/view/file5.exe) calling out to ffoqr3ug7m726zou.1nuljt\.top The email appears to orginate from somewhere legitimate, as seen in this screenshot:But the quasi-legit URL (icann-monitor.org) was only very recently registered through eNom, which apparently had no problem with some internet rando snagging a URL closely associated with the international group that governs domain names.Domain Name: ICANN-MONITOR.ORG
Domain ID: D402200000001096932-LROR
WHOIS Server:
Referral URL: http://www.enom.com
Updated Date: 2016-12-29T15:25:14Z
Creation Date: 2016-12-28T20:19:57Z
Registry Expiry Date: 2017-12-28T20:19:57Z
Sponsoring Registrar: eNom, Inc.
Sponsoring Registrar IANA ID: 48
[...]
Tech Email: legal@whoisguard.com
Name Server: DNS1.REGISTRAR-SERVERS.COM
Name Server: DNS2.REGISTRAR-SERVERS.COM Ironically, the emails containing this malware inform recipients that their domain is "being used for spamming and spreading malware." The spam email invites site owners to download a malware-laced "report" for further instructions on how to remove their site from the blacklist, warning them they only have 24 hours to fall victim to ransomware respond.The researcher is now "counting the hours (days?)" until either eNom or ICANN act in response to this spoofing/ransomware attack. Don't hold your breath. ICANN has yet to say anything publicly about this and, as of this point, eNom has yet to deactivate the account. For now, the fake ICANN still lives and breathes and poses a threat to recipients of this official-looking email.
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 31-Dec-2016
path: /Policy | permalink | edit (requires password)
FBI Says It Has 487 Pages Of James Comey Talking Points, Refuses To Release Any Of Them
Furnished content.
Well, we can already see what government agency will be the next recipient of a Jason Leopold FOIA lawsuit.Leopold had requested FBI Director James Comey's talking points for a variety of subjects, including "going dark," the terrorist attacks in Paris, the "Ferguson Effect," and encryption. The FBI responded with two things, both of which add up to nothing.The letter Leopold received noted that the FBI had found 487 pages responsive to his request. Of those, the agency will be releasing a grand total of zero pages. All 487 have been withheld under FOIA exemptions b(5) through b(7)(E).Despite not releasing a single page, the FBI still utilized some taxpayer pocket change to mail Leopold a CD containing nothing more than its rejection. Leopold notes he'll be using it as a coaster.The exemptions cited are bogus. "Talking points" aren't deliberative documents, interagency memos, or documents containing sensitive personal information [b(5), b(6)]. Neither are they documents that might expose law enforcement sources or investigative techniques [b7(D) and 7(E)].They are exactly what the name says they are: points to be used when discussing these issues in Congressional hearings or during press conferences. They are indicative of the public stances the FBI takes on certain issues. There's nothing secret about them, or at least there shouldn't be.But the FBI is treating Comey's talking points like they're confidential documents that could result in the exposure of its sources and techniques. If Comey's talking points do actually include this information, that's pretty irresponsible. These are used to make public statements and they certainly shouldn't include sensitive information not meant for the public domain.And there's 487 pages of them, which means Comey has had plenty to talk about. The eventual release of these documents post-lawsuit should be entertaining and informative. Considering Comey has taken public stances privately opposed by other FBI officials and has made of habit of bypassing agency norms when delivering statements, it would be interesting to see if his past statements have periodically veered away from the agency's prepared talking points.This response is a typical one for the FBI, which frequently returns an upraised middle finger to the requester in lieu of the documents requested. It's just how it opens FOIA negotiations. From there, requesters are expected to begin the appeals process or, in the case of FOIA enthusiast Jason Leopold, file yet another FOIA lawsuit that's 90% boilerplate and 10% "this is SPECIFICALLY how [US Government Agency X] has dicked me around this time."
Permalink | Comments | Email This Story
Read more here
posted at: 12:00am on 31-Dec-2016
path: /Policy | permalink | edit (requires password)
|
|
