07 October 2008

Standard Bank Spoofed Email Malware

Please note that there are emails circulating claiming to be from Standard Bank Offshore Bank.
The URL in the email takes you to a page on the domain reprsinos.com.
The website tries to download a file "StandardCertificate2008.exe" to your computer.
Trend Micro office scan picks up the malware as "Cryp_MEW-11".

Clip of the Spoofed Email:
"Attention to all Standard Bank Customers!
Some Standard Bank customers have reported experiencing disconnect or write error issues with online banking.
To address this, Standard Bank has released a 128-bit SSL update for the online banking page that eliminates this bug."

I would suggest that all admins block access to the domain reprsinos.com on thier proxy servers imediatly.
Screenshot of spoofed website

UPDATE:

Some more emails have made it through:
Example Subject lines:
  • Standard Offshore Bank - Security - security of individual customer information.
  • Standard Offshore Bank - Security - We use some information to help identify
  • Standard Offshore Bank - Security - Our customer information
Examble Email Body:

Attention to all Standard Bank Customers!
Some Standard Bank customers have reported experiencing disconnect or write error issues with online banking.
To address this, Standard Bank has released a 128-bit SSL update for the online banking page that eliminates this bug.

 You can update your browser from our Customer Service Department>>>

More domains to Block:
  • bizcombf.com

02 October 2008

The PHP Driven World Will End in 2037!


PHP / Unix seems to have its very own Y2K bug. Except it will happen in 2037.If you try and do any date/time calculations greater than 2037 with PHP it freaks out and goes back to 1 Jan 1970!

I am currenlty writing a bookings application and was playing with the calendar and checking out the future. All of a sudden when I went past the year 2037 the system would jump back to 1970!

Apparently this is a known but and is a limitation in counter that is 32bits long. (http://bugs.php.net/bug.php?id=7103)
Apparently 64bit machines are not vulnerable to this.

After doing some reading it would seem that this is indeed the Unix equivilent of the Y2K Bug!

So the moral of the story is that in the year 2038 you better make sure that you have a 64bit machine if you are running any unix based machines. Also make sure that the time_t is set to 64bit !


Delivery Reciept SPAM

It has recently been found that SPAMMERS are using the delivery reciept functionality of most mail clients to find valid email accounts. 
It is reccomended that you switch off this feature to prevent you email account from sending a response back to the SPAMMERS letting them know that your email address is valid.