11 total posts
Stolen email accounts, 90 bucks and some Chinese spam
From Trend Micro's Countermeasure blog:
In the news over the past couple of days, much has been made of the tens of thousands of stolen email account credentials that have been posted on publicly visible websites. There is no positive indication of how these accounts were obtained or really even whether they were obtained as a result of one single activity (such as a phishing or keylogging endeavour) or whether they are simply a collected list of stolen details.
So far details from Yahoo!, Hotmail, Gmail, AOL, Earthlink and Comcast among others have been posted online. The data has been simple lists of matched username and password pairs and did not appear to have been cleaned up or de-duped.
What is surprising is not really the amount of accounts affected, although current media reports may lead you to think otherwise.[...]
Anyway, I thought I would go and have a quick look at just how much that account data was actually worth, I think you?ll be surprised. Using the current prices of one single vendor who has multiple tens of thousands of stolen accounts for sale, we can estimate the value of 10,000 hotmail account credentials at a measly $90 (US Dollars), that is of course applying the 10% discount that the vendor is offering for purchases of over 10k accounts.
More in http://countermeasures.trendmicro.eu/stolen-email-accounts-90-bucks-and-some-chinese-spam/
Zbot using IRS scam
Sophos blog today:
Yesterday, there was significant media interest in the sharp growth (55%) in online banking fraud that had been reported in a press release published by Financial Fraud Action UK.
One of the contributing factors to this growth has been the rise in phishing attacks that masquerade as messages from HM Revenue and Customs (HMRC). SophosLabs have blogged about such attacks, and you can listen to a recent BBC radio report here.
Of course, it is not just HMRC. The Internal Revenue Service (IRS) within the United States Department of the Treasury is an equally attractive ?lure? to trick new victims. For example, just recently SophosLabs have been seeing an email scam trying to trick users into infecting themselves with banking malware. Emails purporting to be from the IRS are being sent to users.
This is not a classic phish - the user is not prompted for any credentials. Instead, the page instructs them to click on a link and download and run their tax statement. In actual fact, the link is to malware, detected by Sophos as W32/Zbot-IP. When run, it installs itself on the victim?s machine such that it can monitor future browsing sessions in order to target online banking transactions. Zbot (also known as Zeus) is a large and somewhat infamous family of banking malware, which has attracted much discussion recently.
More in http://www.sophos.com/blogs/sophoslabs/post/6729
Spam and Phishing Landscape: October 2009
From Symantec Security Response blog:
Overall spam volumes averaged at slightly over 86 percent of all email messages in September 2009, which is a decrease of 4 percent since July 2009. However, it is considerably greater than September 2008 when spam levels averaged at 78 percent of all email.
Notable this month is that the percentage of spam containing malware has increased, reaching up to 4.5 percent of all spam at one point. When compared to August 2009, Symantec has observed a nine-fold increase in spam containing malware during September. With respect to spam categories, the main movers were Internet spam, which increased by 3 percent again this month and averaged at 32 percent of all spam; and financial spam, which decreased 3 percent to account for 17 percent of all spam.
Check out also another blog entry: The Mariposa / Butterfly Bot Kit
We thought it might be interesting to provide some additional information on the Butterfly bot kit, following our blog published last week entitled The Mariposa Butterfly. We posted that blog in response to a report that half of the Fortune 100 companies have been compromised by a botnet dubbed Mariposa (Spanish for "butterfly"). The Butterfly bot kit's creator, known as Iserdo, markets the following features of the bot kit in the user manual supplied with the kit.
Previous news on Mariposa, butterfuly botkit:
FBI busts massive phishing ring
US and Egyptian investigation nets 100 suspects
The US and Egyptian authorities have busted a huge phishing operation, charging 100 people with illegally obtaining personal bank account information from Bank of America and Wells Fargo customers and stealing money from their accounts.
In the US, more than 50 people in Southern California, Las Vegas and North Carolina were indicted by a grand jury in Los Angeles for scheming to steal bank account information from thousands of people in the US using phishing techniques.
US authorities today arrested 33 of those named in the indictments and are on the lookout for the other 20.
Verizon Business teams with McAfee to offer security in...
Verizon Business and McAfee have formed a global strategic alliance to provide integrated security solutions to businesses and government agencies worldwide under which the companies will jointly develop a suite of next-generation, cloud-based managed security services.
Together, McAfee and Verizon Business will offer a comprehensive portfolio of managed security services (MSS) to enterprises, leveraging the strength of Verizon Business' MSS offerings and McAfee's technology.
Also, Verizon Business will provide data centre outsourcing services to McAfee enabling McAfee consolidate its data centres, improve management of its Web hosting operations and better position it to deliver cloud based services. McAfee customers will have access to Verizon Business' network of 1,200 security professionals who can help design, implement and integrate holistic security solutions worldwide.
How dangerous could a hacked robot possibly be?
University of Washington researchers take a first look at the privacy and security problems with robots
It seems like a question ripped from the back of a cheap sci-fi novel: What happens when the robots are turned against us?
But researchers at the University of Washington think it's finally time to start paying some serious attention to the question of robot security. Not because they think robots are about to go all Terminator on us, but because the robots can already be used to spy on us and vandalize our homes.
In a paper published Thursday the researchers took a close look at three test robots: the Erector Spykee, and WowWee's RoboSapien and Rovio. They found that security is pretty much an afterthought in the current crop of robotic devices.
Some of today's robots operate as wireless access points, and Kohno's team found that a nearby attacker could connect to someone else's robot quite easily. Robots such as the Rovio can also be controlled over the Internet, meaning that if a hacker could somehow sniff the victim's user name and password, he could turn the robot into a remote-controlled spy machine.
Citing cybercrime, FBI director doesn't bank online
The head of the U.S. Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt.
FBI Director Robert Mueller said he recently came "just a few clicks away from falling into a classic Internet phishing scam" after receiving an e-mail that appeared to be from his bank.
"It looked pretty legitimate," Mueller said Wednesday in a speech at San Francisco's Commonwealth Club. "They had mimicked the e-mails that the bank would ordinarily send out to its customers; they'd mimicked them very well."
In phishing scams, criminals send spam e-mails to their victims, hoping to trick them into entering sensitive information such as usernames and passwords at fake Web sites.
Though he stopped before handing over any sensitive information, the incident put an end to Mueller's online banking.
F-Secure: Update on Finnish SMS Spam case
From F-Secure blog:
We checked for updates on Mobile Tube page that was linked by SMS spam we posted about on Tuesday.
Now the fine print says that service is free of charge and by using this service user gives the company
rights to send information and promotional messages in the future.
Interestingly enough the page used to have company name at the bottom, that is now removed.
If the fine print on the page can be relied on, the SMS spam messages are now rather harmless.
But we still advice people against clicking on any unsolicited links they receive over SMS,
as the company behind messages still tries to use the page to legitimize any further advertising messages.
Earlier news entry on the above is in http://forums.cnet.com/5208-6132_102-0.html?messageID=3143511#3143511
Comcast pop-ups alert customers to PC infections
By Elinor Mills
October 8, 2009
Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections, if the computers are behaving as if they have been compromised by malware.
For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus taking control of the system and using it to send spam as part of a botnet. (See screenshot in article)
The alerts are triggered "when we see computers on our network that are doing things that are known bot activities--say, a computer is spewing out thousands of spam e-mails," said Jay Opperman, senior director of security and privacy at Comcast.
The Philadelphia-based cable giant, which is the largest residential Internet service provider in the United States, with 15.3 million consumer customers, also is alerted to compromised customer computers when an IP address of one of its customers is identified as the source of spam on an industry spam list, Opperman said.
Customers in Denver are set to begin receiving notifications that their system may be infected with a virus or other malware via a pop-up message in the browser, as part of the new free service, called Comcast Constant Guard. The "Service Notice" will include a link to a Comcast security Web site where customers can follow a set of instructions to remove the malware from their computer.
Continued here: http://news.cnet.com/8301-27080_3-10370996-245.html?tag=mncol;title
Plans for Windows 8 leaked online
Microsoft staffer forgets social networking is public
by Iain Thomson
08 Oct 2009
An employee has accidentally leaked details of Microsoft?s next operating system via his LinkedIn profile.
Robert Morgan, a senior member of the Microsoft Research team for the last seven years, posted the details on his profile at LinkedIn, a popular social networking site for business professionals.
He describes himself as: ?Working in high security department for research and development involving strategic planning for medium and long-term projects. Research & Development projects including 128bit architecture compatibility with the Windows 8 kernel and Windows 9 project plan.?
If correct the new operating system will be a major jump for Microsoft, which is producing a 32bit version of Windows 7 as well as a 64bit one. The jump to 128bit suggests Microsoft is banking on machines using much faster processors and a buoyant hardware refresh cycle.
Steve Ballmer has confirmed that the company is working on a client operating system to follow Windows 7 but details were not released. The earliest expected date would be 2012 he said.
Continued here: http://www.v3.co.uk/v3/news/2250890/plans-windows-leaked-online