QR Codes- Leading Lambs to the Slaughter

Discussion in 'malware problems & news' started by Dermot7, Jan 6, 2012.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    : http://blog.lumension.com/4100/qr-codes-–-leading-lambs-to-the-slaughter/
     
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Thanks for this ~ QR Codes and the inherent risks
     
  3. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Good information. Call me stupid, but I had never really thought through the security/privacy implications of the whole QR code thing. I have read several places that despite some of the figures thrown around, it's really not catching on anyway. But, it's very good to think about these things. Thanks for posting.
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Cited elsewhere on the Forum: Malware in a barcode or QR code.

    Regards,

     
    Last edited: Jan 7, 2012
  5. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    Has anybody seen e-mail spam with a URL link to "mobileqrcodes dot us"? Googling that domain doesn't seem as if it's really a legit hosting provider.

    The text of the suspicious e-mail is ** exceptionally ** sophisticated (very, very impressive, actually), only 2 very slight grammatical mistakes and 1 typo. The content of the mail is 99% above suspicion but there are some contextual oddities about it, aside from that weird URL, that rings not legit.

    If anyone would recommend a researcher who is investigating spam+QR codes I'd consider submitting it for analysis.
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The folks cited here may be interested in your input.

     
  7. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    Thx, siljaline, will follow up.
     
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You're welcome, will keep an eye on your post.

    Regards,

     
  9. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    "Researchers spot pharmaceutical spam campaign using QR Codes" : http://www.zdnet.com/blog/security/...maceutical-spam-campaign-using-qr-codes/10023
     
  10. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    Unfortunately I'm having a problem finding a way to contact Marcin or MB except through support, and as this isn't explicitly an MB issue, a not-quite-MB support contact might get lost in the works.

     
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I don't see this as much of a threat here, since "suspicious emails" go to the trash!

    More difficult to deal with:

    Hackers using QR codes to push Android malware
    http://www.zdnet.com/blog/security/hackers-using-qr-codes-to-push-android-malware/9522
    but from siljaline's link:

    Malware in a Barcode
    http://www.kleczynski.com/blog/2011/12/malware-in-a-barcode/
    That's what I would do if I had a smart phone.

    Having that type of check is similar to previewing a shortened URL before clicking, it seems to me...


    ----
    rich
     
  12. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    http://www.infosecisland.com/blogview/20814-How-QR-Codes-Can-Deliver-Malware.html
     
Loading...
Thread Status:
Not open for further replies.