Malware, hacking, phishing and cybercrime is growing with news stories and new online attractions. Here’s what we found this week:
* Phony Holiday Tweets Hide Malware
* Coming Soon: A New Banking Trojan
* How the Worm Turned
* Will High-Speed Malware Crash the Internet?
* Top Security Predictions for 2011
* Siberian crooks dev’d custom malware in ATM slurp heist scheme
* Three common smartphone scams to avoid
* Web sites are stealing browser histories
* Phishing victims responded within one hour
Top Security Predictions for 2011
Aside from the festivities of the holidays, one thing that always makes December special is the combination of reflecting on the year gone by, and looking ahead to what the next year might hold. It is filled with top 10 lists and predictions on every imaginable topic.
In that spirit, I decided that it’s a good time for me to contribute to the annual onslaught of prognostications with a look at what 2011 holds in store for security–with a little help from some outside sources.
Full story : Tony Bradley, PCWorld
Phony Holiday Tweets Hide Malware
Shortened URLs posted on Twitter may not lead to the holiday-themed sites listed . . . It’s that time again for holiday cheer, wishes of goodwill to all and an online minefield of potential malware.
Online scams spike at times of increased online activity, whether it’s a major sporting or news event or something more scheduled like the big holidays. As eSecurity Planet reports, the bad guys are at it again, using Twitter to spoil the holiday fun. PandaLabs researchers said they identified more than 300 Twitter accounts that were specifically targeting various trending topics on the site. Full story : www.internetnews.com
Web sites are stealing browser histories
Certain Web sites probe visiting browsers for data that can be used to help criminals craft phishing attacks that compromise the accounts of online banking customers, researchers have found.
Java scripts on these sites invade the browsers’ history cache and finds out what sites the browser has visited. If, for example, the history reveals that the browser routinely visits a particular online banking site, attackers would know what phony banking page to serve up in order to steal login information, according to scientists at the University of California, San Diego. Full story : www.networkworld.com
Will High-Speed Malware Crash the Internet?
How do we avoid the collapse of the Internet under the strain of more malware attacks at higher speeds?
Network security systems are under pressure. You might not be experiencing it yet, but you will soon. The dual challenge of dealing with more attacks at higher speeds threatens to undermine the stability of the most important commercial platforms of the 21st century, namely the Internet. Full story : www.ctoedge.com
Phishing victims responded within one hour
Half the victims of phishing emails respond to fraudulent emails within an hour of the receipt of scam messages, according to to a study by transaction security firm Trusteer. Within five hours, more than 80 per cent of the total pool of potential victims have responded, a figure that rises to 90 per cent after the first 10 hours of a phishing attack.
The findings have implications for the fight against fraudulent websites that attempt to hoodwink the unwary into handing over online banking credentials or similar sensitive information. Full story : www.theregister.co.uk
Coming Soon: A New Banking Trojan
Recently, a malware developer announced that he would launch a program dubbed Ares Trojan that would be one step ahead of the Zeus banking Trojan. According to security experts, both the programs concentrate on compromising financial and login credentials, as reported by InfoWorld on November 23, 2010.
The malware creator has launched a free software development kit for a new Trojan horse that is all set to provide cybercrooks a technique to circulate malware via poisoned websites. Full story : www.spamfighter.com
How the Worm Turned
Last week Mahmoud Ahmadinejad acknowledged that Iran’s uranium enrichment program had suffered a setback: “They were able to disable on a limited basis some of our centrifuges by software installed in electronic equipment,” the Iranian president told reporters. This was something of an understatement. Iran’s uranium enrichment program appears to have been hobbled for the better part of a year, its technical resources drained and its human resources cast into disarray.
The ‘software’ in question was a computer worm called Stuxnet, which is already being viewed as the greatest triumph in the short history of cyberwarfare. Full story : www.weeklystandard.com
Siberian crooks dev’d custom malware in ATM slurp heist scheme
Russian cybercrooks contracted a virus writer to develop custom-made malware before launching a plot to loot compromised ATM machines. Although the gang – mostly from Yakutsk, a mid-sized city close to the Artic Circle in Siberia – were ultimately caught, the sophistication, planning and investment that went into their plot ought to be a wake-up call for the banking industry.
The Moscow-based leader of the gang contacted a virus writer through an underground forum and paid him 100,000 rubles ($3,200) to create malware capable of infecting ATMs, security site Host Exploit reports. Full story : news.hostexploit.com
Three common smartphone scams to avoid
The rotary phone is dead and the land line will probably suffer the same fate in the near future. What has taken their place are “smartphones” that can do everything a computer can. Most of us, though, haven’t thought of the downside to the rapidly evolving cell phone: the more it can do, the more vulnerable it is to cyber attacks – the same cyber attacks that have caused great financial loss for unknowing consumers all over the world.
Let’s take a look at a few ways that your smartphone could end up costing you more money than your already expensive cell service bill. Full story : www.theglobeandmail.com
Thanks for reading…
You can also keep up with the efforts to curb spam and cybercrime by reading the news at Knujon and HostExploit.com. And, you should switch to SpamCop and take a stand against spam.
