WellsFargo spam serving infostealing malware

Not that new, but still noteworthy the spammers seem to be abusing WelssFargo (an American bank) as trusted sender. This is simple mail spoofing.

Mail from "Georgina Franks"

Some example senders (where it seems to come from):
Evelyn_Piper@wellsfargo.com
Georgina_Franks@wellsfargo.com
Noe_Zavala@wellsfargo.com

As far as I could find, these email addresses do not even exist.

The mail itself is actually coming from the Pushdo botnet. Example IPs:

173.167.205.149 - IPVoid Result
209.181.66.178 - IPVoid Result

All the links in the mail are legit, this to convince you that the attachment will be legit as well. When opening the ZIP file (which is named WellsFargo.yourmailprefix) , you're presented with a what-looks-like a PDF file, but is in fact an EXE file:

MD5: 47e739106c24fbf52ed3b8fd01dc3668
VirusTotal Report
Anubis Report
Malwr Report


This malware is known as Fareit (or Tepfer). According to Microsoft:

 Win32/Fareit is a multiple component malware family that consists of a password stealing component, PWS:Win32/Fareit, that steals sensitive information from the affected user's computer and sends it to a remote attacker, and a Distributed Denial of Service (DDoS) component, DDoS:Win32/Fareit.gen!A, that may be commanded to perform flooding attacks against other servers.

When executing the file it looks for quite a lot of data to steal, as well to phone home to update its configuration files and download additional malware (Zeus).Below you can find an image on the data (information) it tries to steal:

List of programs it tries to extract username/password from

So besides all this, it additionally downloads Zeus (the payload), which tries to steal banking credentials and others... If you'd think Fareit is enough, guess again! There's a good image made by the FBI how the Zeus 'scheme' or malware works:

Cyber Theft Ring details

The downloaded Zeus files are all having a very low detection rate on VirusTotal. Hint:
check out the VirusTotal report from the sample above and click on the tab "Behavioural Information". Note the links are live!



Conclusion

• Don't open any attachment(s) of unknown senders. In fact, don't even open mail from unknown senders.
• Don't be fooled by mail spoofing, you can view the real source by right-clicking your mail and choosing "View Source". (This depends on your mailclient though.)
• Don't be fooled by the fancy icons, they are actually EXE files. You can enable an option in Windows so you're always sure of the filetype being used:
  Enable Viewing of Filename Extensions for Known File Types
• Install an antivirus and antimalware product and keep it up-to-date & running.
• If you're in an organisation, you might want to block the following IPs (quite a long list):
  
  173.255.213.171
  5.199.171.133
  50.141.158.229
  62.149.131.162
  62.149.131.162
  69.115.119.227
  69.128.126.198
  76.226.112.216
  76.226.112.216
  78.140.131.151
  82.211.180.109
  89.122.155.200
  90.156.118.144
  95.241.244.184
  107.193.222.108
  107.211.213.205
  108.233.198.131
  108.240.232.212
  116.202.222.102
  142.136.161.103
  173.255.213.171
  188.217.207.224
  198.118.112.110
  211.209.241.213
  212.182.121.226
  108.254.22.166
  108.74.172.39
  112.78.142.66
  122.178.149.88
  173.194.67.105
  173.194.67.94
  173.201.59.32
  173.201.59.32
  173.254.68.134
  173.254.68.134
  178.40.101.100
  181.67.50.91
  182.68.130.230
  184.80.8.18
  187.153.52.160
  189.254.111.2
  190.153.51.122
  190.21.64.25
  199.30.90.80
  199.7.177.218
  2.180.24.120
  2.230.133.66
  200.180.176.65
  201.122.96.80
  201.245.14.237
  201.245.14.237
  207.204.5.170
  207.204.5.170
  216.227.73.207
  24.115.24.89
  24.120.165.58
  41.34.11.17
  65.131.15.62
  66.63.204.26
  68.162.220.34
  69.26.171.181
  69.77.132.197
  69.92.6.139
  71.43.167.82
  74.120.9.245
  74.125.24.105
  74.125.24.94
  74.240.17.144
  78.100.36.98
  78.152.96.70
  79.29.227.158
  79.52.113.31
  81.111.62.181
  83.172.126.39
  84.59.129.23
  84.59.138.75
  85.100.41.9
  87.29.153.193
  87.66.14.62
  87.66.14.62
  90.189.54.253
  91.236.245.22
  94.67.83.244
  94.67.83.244
  95.101.0.104
  95.249.114.32
  98.103.34.226
  98.67.162.178
  99.159.193.22
  99.36.163.147
  99.48.126.246
  99.5.234.38
  99.98.209.3

Note that these are IPs the malware communicates to. In most cases, they are harmful, but keep in mind some IPs might be legit, as the malware authors want to test for connectivity by connecting to Google for example. So, if you plan to block on IP, be sure to cross-check on IPvoid or DomainTools.

Stay safe.

How to install Facebook's Open Graph tags into Blogger

This article shows how to install Facebook's Open Graph tags into Blogger

Why Open Graph 

Neil Patel recently explained on Quick Sprout why having Facebook and Twitter tags installed into your blog is important.

To cut his long story short, if you install them, then when someone shares your blog-post, the shared item looks better. This means that more people are likely to follow the link and/or share it themselves - so your blog gets more traffic, and people think you're more professional and thus credible.

Neil also stated that if you don't use Wordpress, "you’ll need to manually generate meta tags for each page on your site" - but fortunately for Blogger users who are brave enough to edit their template that's not true.   Blogger provides lots of SEO-supportive features these days, and you can easily use them to make OG-tags work on your blog - even if you haven't quite got your head around what OG is - personally it took me months to understand what it was all about.

The following sections have more details about how to do this.

How to install Facebook's Open Graph tags into a blog made with Blogger

Edit your template in the usual way.

1     Tell Google about the namespace:

Find the opening <html  ... statement, and add the Open Graph namespace information to it.   The code to add is

xmlns:og='http://ogp.me/ns#'

and it goes after the existing namespace statements.   For example, my current tag looks like:

<html b:version='2' class='v2' expr:dir='data:blog.languageDirection'
xmlns='http://www.w3.org/1999/xhtml'
xmlns:b='http://www.google.com/2005/gml/b'
xmlns:data='http://www.google.com/2005/gml/data'
xmlns:expr='http://www.google.com/2005/gml/expr'    >

or like this after the line is added:

<html b:version='2' class='v2' expr:dir='data:blog.languageDirection'
xmlns='http://www.w3.org/1999/xhtml'
xmlns:b='http://www.google.com/2005/gml/b'
xmlns:data='http://www.google.com/2005/gml/data'
xmlns:expr='http://www.google.com/2005/gml/expr'
xmlns:og='http://ogp.me/ns#'>

2   Add the Open Graph tags

Find the closing </head> tag.
(Hint:  I often search for just </head   ie without the closing >, in case there's something else in the tag in my template)


Put the following code immediately before it:

<!-- Begin Open Graph metadata --> 

<meta expr:content='&quot;en_US&quot;' property='og:locale'/> <meta expr:content='data:blog.canonicalUrl' property='og:url'/> 

<b:if cond='data:blog.pageType == &quot;item&quot;'>
<meta expr:content='data:blog.pageName' property='og:title'/>
<meta content='article' property='og:type'/>

</b:if> 

<meta expr:content='data:blog.title' property='og:site_name'/> 

<b:if cond='data:blog.postImageThumbnailUrl'>
<meta expr:content='data:blog.postImageThumbnailUrl' property='og:image'/>
<b:else/>
<meta content='URL-FOR-IMAGE-YOU-WANT-TO-USE-IF-THERE-IS-NOT-A-THUMBNAIL-PHOTO-IN-THE-POST' property='og:image'/>
</b:if> 

<b:if cond='data:blog.metaDescription'>

<meta expr:content='data:blog.metaDescription' property='og:description'/>

<b:else/>

<!-- Still looking for a way to use the post snippet if there's no description -->

</b:if>

<!-- End Open Graph metadata -->

This code needs to be adapted for your blog.   In particular:

• en_US

This value is fine if your blog is written in US-English. But if you are writing in UK-English, you may want to change it to en_GB.   

And if you are using a different language altogether, you should change it to the two letter code for that language-territory combination:   see https://developers.facebook.com/docs/internationalization/  for more information about the codes that they support

• URL-FOR-IMAGE-YOU-WANT-TO-USE-IF-THERE-IS-NOT-A-THUMBNAIL-PHOTO-IN-THE-POST 

Replace this with the web-address of a picture that you want to use if the individual post doesn't have a thumbnail  - perhaps your logo, or a blogger logo.

• App-ID and Facebook-Profile-ID

If you have got an App-ID associated with your blog, perhaps because you signed up to use Facebook commenting with it, then you may also want to add the following statements, just before  the "<!-- End Open Graph metadata -->"

<meta content='App-ID' property='fb:app_id'/>
<meta content='Facebook-Profile-ID' property='fb:admins'/>

Of course putting in your own values instead of the ones in red   (I'm assuming that if you knew enough to get an App-ID, then you will know how to find it, and also about the risks associated with linking your Facebook-profile-ID to your blog.)

3    Check it's complete:

Preview the template changes to make sure that they've worked, and then save them.

Troubleshooting

Testing the OG tags

Facebook have a tool that you can use to see what values the OG tags in your blog have.
It is found here: https://developers.facebook.com/tools/debug

Enter the URL of one of the posts from your blog and click Debug to see the OG tags which Facebook finds for it.

Descriptions

The Descriptions tag will only work if you have Search-descriptions on (Option > Search > Meta-tags > Enabled), and have entered a search description for each post using the post-editor.   I had hoped to be able to use post.snippet when this wasn't available, but have not been able to work out the correct syntax to do this.

Pictures

Facebook would like you to use an image that's at least 200x200 as your posts's thumbnail image or as the default image to use for posts that don't have one.

If the picture that you use is smaller than this, they do appear to use it.

However you will see the following message when you use a debugging tool to look at what tags Facebook is reading from your site:

og:image should be larger
Provided og:image is not big enough. Please use an image that's at least 200x200 px. Image 'http://3.bp.blogspot.com/XXX.png' will be used instead.

---

Related Articles:

How to add Twitter-Cards to Blogger - these are the Twitter equivalent to Open Graph tags

Advantages and disadvantages of editing your Blogger template

Post.thumbnail:   a summary image for a post

How to edit your Blogger template

Linking your blog to the social networks

Xonotic 0.7 released

After an agonizingly long wait, I am happy to report that a new official release of the premier FOSS arena FPS Xonotic is available to the masses.

Here is a nice (but slightly older) game-play video for those not having played Xonotic yet:



Changes are quite extensive compared to the last official release... most notably an extensive update the the CTF mode, some neat additional features for competitive gaming and an assortment of great new maps.

New maps in Xonotic 0.7

On the technical side of things, the engine DarkPlaces got quite a few performance improvements (mainly due to the fact that the creator now works at Valve software and thus has direct access to Nvidia's and AMD's graphics hardware divisions) and that an all new script compiler is now in use. That it runs on SDL 2.0 might also increase it's usability a lot for some.
There are also finally an animation bending feature for the player-models and creation of new characters has never been easier now that the iqm format is used.

You can comment on this release over at the Xonotic forum release announcement thread (or of course here in our comment section).

Also check out these two still under heavy development mods for xonotic:

• Overkill is a mod that attempts to combine the best of minsta gameplay and TDM/CTF. It also has some nice vector shaded new weapons and player models.
• DotC is an DOTA like but in 1st person view type of mod.

Last but not least, the awesome all new level editor for quake based games, Trenchbroom is making great advances and should soon allow easy mapping for Xonotic out of the box.

P.S.: If you have a really fast Android device, you can also try to run Xonotic on it via this newly fixed DarkPlaces port. Just don't expect to be able to compete online with touchscreen input :p

Top 10 best Social Networking Apps for Android

There has a large of Social Networks apps in the android market, and as everyone knows, Social networks, allow us to share some or all facets of our lives with our friends, our family. It is also the best way to share your stuff with the whole world & to get the updates about anything happened in the world. Today, we are going to share you a good collection of best Social Networking apps for android to get more out of social networking.

1.  Facebook
There is no doubt that Facebook is the number one social networking site in the world at the present time. Facebook allows users to share just about anything from status updates to news stories to current locations, and the Android app extends that functionality. With Facebook for Android, users can do just about anything they can do on the website, as well as post specific location-based info to the site. You can also share photos and videos with this app.

2.  Twitter
With Twitter, you can watch the world unfold like never before. By installing Twitter on your android phone, you can get real-time stories, pictures, videos, conversations, ideas, and inspiration all in your timeline. You can follow people and your interests to get unfiltered access and unique behind-the-scenes perspectives. It also makes what they call “Discovery” very easy through search and trending topics.

3.  LinkedIn
The new Android app makes it even easier to connect and grow your network, engage with professional content and gain insights right from the stream.

LinkedIn allows you to upload your resume, listing education, experience, achievement, and much more. Others can also add recommendations as well as contact you for job opportunities. The Android app will allow you to view profiles and your news feed, as well as sync your LinkedIn calendar with your device’s calendar.

4.  Google+
Google+ is Google’s latest attempt at social networking, and it seems like this time they really got it right.

Beyond features that Facebook already offers – like status, links, photos, and location – Google+ offers a few really cool extras – including Hangouts, which are real-time, multi-person video chats. The app allows you to check out what’s hot stream to see trending topics and view nearby stream to see what people near your location are saying.

5.  Instagram
100 million users love Instagram! It's a free, fun, and simple way to make and share gorgeous photos on your Android. Instagram for android allows you to take photos, apply filters, and share them to your Instagram followers as well as with your friends on Facebook, Twitter, and Tumblr.

6.  Foursquare
Foursquare, one popularized location-based sharing app, allow you to find out where friends and locals love to go. Wherever you are in the world, open up Foursquare to see where your friends like to go, and get recommendations for the best restaurants, bars, and sights in the area. We analyze our millions of tips, likes, and over 3.5 billion check-ins to show you the most-loved places in any city.

7.  Pinterest
Pinterest is a tool to find your inspiration and share it with others. Use it to collect things you love, organize and plan important projects, and more. With Pinterest for android, you can pin images from around the web, Explore pins and boards you’re interested in and Get inspiration from DIY, Travel, Food and other categories. You can also pin with your camera.  Browsing pinboards is a fun way to discover new things and get inspiration from people who share your interests.

8.  Yahoo! Messenger
Yahoo is the one the popular social network and it possesses most of the ingredients necessary to make a great IM experience. With Yahoo Messenger for Android, you can chat with Facebook friends, Free international SMS ††, Share Photos & Video, and Chat with Windows Live friends. It also allows you send camera and gallery photos and express yourself with emoticons and receive pix from your IM friends.

9.  Path
Path is a personal social network designed to help you be closer with family and friends. Now with Path 3, they have added private messaging and stickers so you can chat instantly with the ones you love. Path takes the social network concept and makes it even more personalized. Path is meant for you to connect with family and close friends, limiting you to 150 connections.

10.  Imo.im
Imo.im is a convenient way to stay on top of your instant message conversations. The app is available for all major mobile phones and allows you to keep in touch with friends through Facebook Chat, Google Talk, Skype, MSN, ICQ/AIM, Yahoo, Jabber, Hyves, VKontakte, Myspace, and Steam. You can also share your location with friends using Google Maps and Places and Discover new people and content tailored to your interests.

8th June 2013 AUD Weekly Report

AUD Primary Monthly cycles

AUD BUY zone....

expectation is that the AUD will swing up towards the June 50% level...

and as high as the MARCH low breakout @ 1.0131, as part of resting the breakout.

if it gets that high, might be a good idea to cash in the AUD, or book O/S holidays