As we enter the new year, signs that cypercrime is on the rise increase. Here’s a line-up of developments since the first of the year:
* Spam Levels on the Rise, Again
* The IRS is not trying to e-mail you.
* Fake CNN site hides a Trojan
* Best Practices for Protecting yourself
* Twitter hack explained by hacker
* Hack forces Twitter into ‘full security review’
Spam Levels on the Rise, Again
With the shutdown of McColo by Internet Service Providers in November, global spam volumes dropped over 50 percent. Sadly, this appears to have been a short-term fix. According to a new Symantec report, (PDF) the spammers have moved to new locations and the volumes are back up to 80 percent of pre-McColo levels.
Full article by Ed Dickson, Blogcritics
The IRS is not trying to e-mail you.
Tax season is coming soon, and so are tax preparation software wars and tax-related scams. Other fake IRS e-mails are out there, too. One claims to be a notification that you have an outstanding economic stimulus refund.
* If you think you received a scam e-mail message purporting to be from the IRS, do not reply to it or open any attachments. Forward the email to the IRS at phishing@irs.gov.
Full article: blogs.timesunion.com
Fake CNN site hides a Trojan
A new e-mail that is circulating looks like it comes from CNN and links to a fake CNN Web page offering “graphic” video related to the Israel-Hamas conflict but instead hosts a Trojan that steals sensitive data, RSA said on Thursday.
When someone clicks on the video link on the fake CNN site an error message pops up urging the visitor to download the latest version of Adobe Flash Player. Clicking on the download link installs an “SSL stealer” Trojan that captures financial and other sensitive information. (See screen)
Full article: CNET News
Best Practices for Protecting yourself
As the value of information goes up, it is attracting more sophisticated kinds of thievery. In the past hacking and viruses were often individual efforts, sometimes carried out by students and even by high-school students sometimes just for the thrill of accomplishing the act. However in today’s world theft of valuable information has migrated to organized crime, terrorist groups, and even to hostile foreign governments. Not only that but denial of service attacks and “search bots” that can take over computers are powerful and sophisticated enough to shut down corporate data centers and interfere with government operations. This situation is going to get worse as the global economy declines.
Full article by Capers Jones, Dr. Dobb’s Journal
Twitter hack explained by hacker
The person responsible for the Twitter hack that saw various celebrity twitter accounts announcing bizarre news, or pointing to spam sites, has come forward and spoken to Wired magazine. There were numerous theories on how the person, who goes by the handle GMZ, gained access to those accounts. It turns out that it was a simple brute force dictionary attack on a Twitter account’s password. The hacker, who only identified themselves as an 18 year old US student, had been randomly targeting apparently popular users with his own, dictionary based, brute force password guesser. It appears that Twitter allows an unlimited number of rapid fire logins, and after an overnight run, the hacker found that a popular user with the name “crystal” had a password of “happiness”.
Full story at www.heise.de
Wired interview
An 18-year-old hacker with a history of celebrity pranks has admitted to Monday’s hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama’s, and the official feed for Fox News.
Full story at blog.wired.com
Hack forces Twitter into ‘full security review’
Twitter Inc. has launched a comprehensive review of the defenses in its popular social network and microblogging service after hackers hijacked the accounts of several high-profile users on Monday.
Full story: www.computerworld.com
