Spyware, Viruses, & Security forum


NEWS - February 21, 2013

by Carol~ Forum moderator / February 21, 2013 12:02 AM PST
Rogue Chrome extension racks up Facebook 'likes' for online bandits

Security researchers at Bitdefender have discovered a new phishing scam that installs a malicious extension in the Chrome web browser in order to turn Facebook 'likes' into cash for cyber crooks.

The exploit begins with a malicious link embedded in spam email, says Bogdan Botezatu, a senior e-threat analyst at Bitdefender. The link ushers you to the Chrome Web Store, where you download an extension for a "business" Flash player—assuming you're foolish enough to click on spam links.

Once this so-called "business" version of Flash is downloaded, it monitors your browser activity. When you land on a Facebook page with Chrome, the malware checks your browser cookies to see if you're logged into Facebook. If you are, it will fetch a piece of Javascript code that tells the extension what to do with your account.

"They can run as many campaigns as they want," Botezatu said in an interview. "All they have to do is fetch a new script."

Continued: http://www.pcworld.com/article/2028614/rogue-chrome-extension-racks-up-facebook-likes-for-online-bandits.html
Post a reply
Discussion is locked
You are posting a reply to: NEWS - February 21, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 21, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Study Shows 1 in 4 Who Receive Data Breach Letter Become..
by Carol~ Forum moderator / February 21, 2013 1:19 AM PST
... Fraud Victims

A study released Wednesday shows one in four consumers who receive a data breach letter become the victim of identity fraud. That statistic represented 12.6 million victims last year -- one million more than the year before, according to the 2013 Identity Fraud Report released by Javelin Strategy & Research.

"This past year was one where there were both successes and setbacks for consumers, institutions and fraudsters," said Jim Van Dyke, CEO of Javelin Strategy & Research, in a prepared statement. "Consumers and institutions are now starting to act as partners—detecting and stopping fraud faster than ever before. But fraudsters are acting quicker than ever before and victimizing more consumers. Consumers must take data breach notifications more seriously and maintain vigilance to safeguard personal information, especially Social Security numbers."

Javelin researchers have conducted the annual study for 10 years, most recently by launching an address-based survey of 5,249 U.S. consumers. According to a news release, this is the nation's longest-running study of ID fraud with 48,200 participants in the past decade. This latest survey was conducted with assistance from CitiGroup Inc., Intersections LLC and Visa Inc.

Continued: https://threatpost.com/en_us/blogs/study-shows-one-four-who-receive-data-breach-letter-become-fraud-victims-022013

Javelin: Identity fraud reports increased by more than a million last year
One New Identity Theft Victim Every 3 Seconds in 2012
Survey: Identity fraud in US reaches highest level in three years
Collapse -
Racist "McDonald's" notice posted on Facebook is designed..
by Carol~ Forum moderator / February 21, 2013 1:19 AM PST
Racist "McDonald's" notice posted on Facebook is designed to generate calls of complaint to KFC

If we've said it once, we've said it a hundred times.

Don't believe everything you read on Facebook, and think carefully before sharing it with your friends.

Take this Facebook post, for instance, which calls on people to boycott McDonald's. [Screenshot]


As an insurance measure due in part to a recent string of robberies, African-American customers are now required to pay an additional fee of $1.50 per transaction.

Thanks for your cooperation,

McDonald's Corporation

The phone number at the bottom of that "McDonald's" notice?

A quick internet search reveals that it's actually the customer satisfaction number for KFC.

Regardless, almost 40,000 people have already shared the picture across Facebook. If only common sense were more common, maybe chain letters and hoaxes like this wouldn't spread so far and wide.

Collapse -
Twitter uses DMARC to take action against email phishing ..
by Carol~ Forum moderator / February 21, 2013 4:14 AM PST
Twitter uses DMARC to take action against email phishing for user passwords after high-profile hacks

Twitter's 'Postmaster' Josh Aberant today announced that Twitter has been using a new technology called Domain-based Message Authentication, Reporting and Conformance (DMARC) to help prevent email phishing.

Phishing is the practice of sending fake emails to people that look like they come from a company like Twitter but actually don't. The goal is to harvest user passwords by tricking people into entering passwords on sites that are owned by hackers and harvesters, rather than by the companies that they're imitating.

Twitter says that using the DMARC technology makes it 'extremely unlikely' that any users will see any email pretending to be from a Twitter.com address.

"Without getting too technical," writes Aberant, "DMARC solves a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols. It builds on established authentication protocols (DKIM and SPF) to give email providers a way to block email from forged domains popping up in inboxes."

Continued : http://thenextweb.com/twitter/2013/02/21/twitter-starts-taking-action-against-email-phishing-for-user-passwords-with-dmarc-system/
Collapse -
Malicious URLs eclipsing botnets as malware distribution ..
by Carol~ Forum moderator / February 21, 2013 4:14 AM PST
.. leader

McAfee Labs revealed that sophisticated attacks originally targeting the financial services industry are now increasingly directed at other critical sectors of the economy, while an emerging set of new tactics and technologies are being implemented to evade industry-standard security measures. [Screenshot]

Their report showed the continued proliferation of password-stealing trojans and advanced persistent threats (APTs) such as Operation High Roller and Project Bliztkrieg, and the expansion of their attacks to government, manufacturing and commercial transaction infrastructure targets.

"We are seeing attacks shifting into a variety of new areas, from factories, to corporations, to government agencies, to the infrastructure that connects them together," said Vincent Weafer, senior vice president of McAfee Labs. "This represents a new chapter in cybersecurity in that threat-development, driven by the lure of financial industry profits, has created a growing underground market for these cybercrime weapons, as well as creative new approaches to thwarting security measures common across industries."

Continued : http://www.net-security.org/malware_news.php?id=2420

Related: McAfee finds sophisticated attacks targeting other 'critical sectors' of the economy
Collapse -
White House Cracks Down On Cyberespionage
by Carol~ Forum moderator / February 21, 2013 4:14 AM PST

The Obama administration is turning up the heat on nation-state cyberespionage attackers in a new policy aimed at protecting the U.S. government and businesses from theft of their intellectual property that goes further than previous administrations in addressing the worst-kept secret that cyberspies are stealing U.S. IP.

Direct diplomatic pressure, greater law enforcement engagement, promotion of better security practices by potential victims, tougher legislation, and more aggressive public awareness campaigns are some of the main approaches of the strategy announced yesterday by administration officials.

The announcement came a day after Mandiant published a detailed and highly publicized report outing the Chinese military as a major perpetrator of IP theft against the U.S. The report provided the first public disclosure of evidence of a long-suspected Chinese military link to cyberespionage against U.S. firms, tying a prolific and especially persistent cyberespionage group out of China to the People's Liberation Army. The group is responsible for attacks on at least hundreds of companies across 20 major industries, according to Mandiant's investigations into those breaches.

Continued : http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240149044/white-house-cracks-down-on-cyberespionage.html

White House promises trade war on countries behind cybercrime
White House targets trade secret theft with new strategy
White House announces anti-theft trade strategy

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

CNET Holiday Gift Guide

Looking for great gifts under $100?

Trendy tech gifts don't require a hefty price tag. Choose from these CNET-recommended useful and high-quality gadgets.