Malware, hacking, phishing and cybercrime is growing with news stories and new online attractions. Here’s what we found this week:
* News about royal engagement leads to malware
* Malware pushers lure victims with leaked Harry Potter movie screener
* ‘New Password’ Phishing Scam Email Targets Facebook Users
* The 10 Most Unsafe Facebook Pages
* BlackHat SEO Poisons the Web
* Cyber security by the numbers
* Online Fraud — Consumer Protection Revealed
* Sophos publishes list of Mac attacks
* Bogus help desk victimizing plenty of online users
* Is your enterprise winning the war against malware?
News about royal engagement leads to malware
Taking advantage of the long awaited news of the engagement of Prince William of England to his long-time girlfriend Kate Middleton, malware pushers have hopped immediately on the wagon and initiated their search poisoning campaigns.
Sunbelt reports that searching for photos of the future royal bride results in some images that redirect the (Firefox) users to a website where they are urged to download a Trojan masquerading as a Firefox update:
Full story : net-security.org
Malware pushers lure victims with leaked Harry Potter movie screener
News that a partial DVD screener of Harry Potter and the Deathly Hollows: Part 1 has been leaked just days before the film’s scheduled worldwide premiere, has made impatient fans scan torrent sites for the file by the thousands.
But, as you might surmise, such a great interest in something can’t go unnoticed by scammers and malware pushers who, according to Softpedia, have rushed to take advantage of the buzz and offer torrents with fake copies of the screener. To watch the video, fans are required to install special codecs or players which are, of course, malware in disguise.
Full story : net-security.org
‘New Password’ Phishing Scam Email Targets Facebook Users
Email claims attached file contains ‘new password’ but actually contains info-stealing Trojan
If you receive an email claiming to be from Facebook Support, telling you your password has been changed and the only way to see your new one is to download an attached .zip file, DO NOT download the file. It’s yet another Facebook phishing scam.
Full story : Sara Huffman — ConsumerAffairs.com
The 10 Most Unsafe Facebook Pages
Spammers have been increasing their momentum on Facebook, but a new pair of rankings that SafeToBe.Me debuted today show that the problem may have critical mass. Many of the most popular applications on the social network have the highest risk of spam and other dangers like phishing and forced file downloads.
SafeToBe.Me has scanned Facebook pages, status updates, comments and posts over the course of developing a security tool promising to protect your profile from various forms of malware, phishing, spam and other inappropriate content. You might feel motivated to add the beta version of SafeToBe.Me to your profile after checking out the developer’s rankings.
Full story : allfacebook.com
BlackHat SEO Poisons the Web
Search engine optimization (SEO) is a big money-earner for cybercriminals. They are getting better at it, refining their techniques via blending attacks to trick Internet users onto malware-ridden or personal ID-harvesting Websites.
Over time, however, fraudsters have grown wise to mastering the way that SEO works, increasingly hijacking the techniques to make them work for their own purposes. A simple example of “BlackHat SEO” or SEO poisoning is where unsuspecting users can be sent to Websites selling fake anti-malware software that offers free health scans that compromise a user’s PC with malicious coding.
Full story : www.internetevolution.com
Cyber security by the numbers
Malware surges, spam declines in third quarter — McAfee and Cisco have released their detailed cybersecurity reports for the third quarter and there’s good news and bad news. Malware surged in the quarter, but spam eased off a bit.
* 60,000 new pieces of malware were identified a day, quadruple the 2007 rate. In the third quarter, McAfee identified 14 million unique pieces of malware, up 1 million from a year ago
* The Zeus botnet led to small businesses losing $70 million to Ukranian cyberthugs.
* The most popular botnet was Cutwail, which used denial of service attacks against 300 Web sites.
* In the third quarter, 60 percent of top Google search terms delivered you to malicious sites in the first 100 results.
and more …
Full story : www.zdnet.com
Online Fraud – Consumer Protection Revealed
A program for the protection of consumers against online fraud has been revealed with the collaboration of an e-crime management company named PhishLabs and the Internet Fraud Alert (IFA).
Hundreds of thousands of complaints and reports were received by Anti-Phishing Working Group (APWG) last year. Investigations were done by joint forces of internet service providers and phishing companies including PhishLabs, along with the law enforcement agencies and the researchers. However, what was missing from the operation was a system to alert the financial institutions where consumers’ predicaments regarding online fraud could have been addressed properly.
Full story : businessservicenews.com
Sophos publishes list of Mac attacks
IT security and control firm Sophos has released a list of common viruses that can be found on Apple Macs. The data was collected from less than 50,000 malware reports from users of Sophos Mac anti-virus software, which revealed that many of the viruses are Windows specific and could be transferred to Macs from other platforms.
Not direct attacks — Some of these threats do not attack Macs directly but manoeuvre themselves in via other platforms.
Full story : www.siliconrepublic.com
Bogus help desk victimizing plenty of online users
Up to 24 percent of online users have been contacted by bogus help desk representatives and notifications that tried to dupe them into buying fake computer security software to fix an alleged malware attack.
The survey by the U.K.’s GetSafeOnline,org, a national campaign initiative for cyber security, said that these fake help desk attempts to con unsuspecting Internet users are devised by cyber gangs.
Full story : seerpress.com
Is your enterprise winning the war against malware?
That’s a question prompted by several recent security threat reports
According to Cisco, enterprise users were hit with an average of 133 Web-based malware encounters per month for July, August, and September of 2010. Most of the malware came from spam, but at least 10 percent came from search results. There also were SQL injections, the Rustock Botnet, and the Stuxnet worm to contend with. Still, Cisco says that an average of 65 percent of all Web malware encountered by enterprise users in the survey period either didn’t contain exploit code or was blocked before the activation of an exploit.
Full story : internetevolution.com