CNN Scam Morphs to MSNBC, Weekly News, etc. - Now Debt Consolidation
Hackers trying to plant malware on PCs switched from touting news supposedly from CNN in come-on messages to pushing breaking
stories said to be from rival network MSNBC, and most recently simply titling them, "Weekly News Release".
The fake messages pose with subject headings that include the phrase “Breaking News,” along with phony headlines, such as “Jerry
Yang relinquishes control over Yahoo,” “Mary-Kate Olsen responsible for Heath Ledger’s death” and “Plane crashes into prep school,
hundreds of kids killed,”
At its peak, the blitz dumped nearly 11 million messages an hour on users. But as of today it seems this particular attack has come
to an abrubt halt and now the latest blast of phishing schemes are all debt related come-ons.
The scammers will just keep evolving their tactics, so your job is to remain skeptical and remind all your friends and
relations that if it seems to good to be true, it probably is.
New Phishing Scam Targets Apple MobileMe Users
There have been new reports of a phishing attack circulating via email messages that appear to be targeting Apple MobileMe users.
These messages claim that there is a problem with the user's billing information and instruct the user to follow a web link to
update personal information. Clicking on this link directs the user to a web page that contains a seemingly legitimate web form
requesting personal and financial information. Any information entered in this form is not sent to Apple but rather, to a malicious
attacker.
If you use Apple's MobileMe, be aware of this attack and delete any messages that look suspicious.
Hackers Leverage Olympics In New Attacks
As we expected and warned about last time, Internet and computer security firms report that the Summer Olympics have presented
cyber criminals with an opportunity to leverage public interest in the games to launch new attacks.
Olympic themed junk emails spiked before the games’ opening ceremony, with hackers sending malicious messages aiming to trick
unsuspecting recipients into opening booby-trapped attachments or to visit phony Web sites. Some of the messages were disguised as
fake award notifications, telling users that they had won an Olympic lottery and needed to respond to claim their prize.
SPAM E-Mail Uses Russia/Georgia Conflict
There are public reports of malware circulating via spam email messages related to the Russia/Georgia conflict. These messages
contain factual information about the conflict. The messages also contain download instructions for the user to watch a video
that is attached to the message. If a user opens the attachment, malware may be downloaded and installed onto their system.
Clipboards Hijacked in Web Attack
Whenever you copy and paste or cut and paste text or files your operating system saves that information to your "clipboard". We have learned
of a new attack that hijacks the clipboard and puts a hard-to-delete web-link into the clipboard that, if followed, leads to a
website selling fake security software.
Researchers have found that some big websites, including Digg, MSNBC, and Newsweek, are being salted with these malware-infected Adobe
Flash banner ads. Any web browser on Windows, Mac, and Linux systems that runs Flash, which is almost all of them including
Microsoft’s Internet Explorer, Apple’s Safari, and Mozilla’s Firefox, is said to be vulnerable.
The malicious advertisements place a persistent URL on the user’s clipboard, which points to a fake anti-virus program that
presumably contains malware like a Trojan, keyboard logger, zombie robot, or rootkit. The user has to close and restart the web
browser or even reboot the system in order to purge the offending URL and make their clipboard usable again. It is apparently not
known yet how the offending banner ads are being inserted or served.
More Security Holes Plague MySpace, Possibly Facebook
MySpace was working to fix a security hole on Monday that allows people to see private comments friends
have written on members' pages.
"MySpace is committed to keeping all users as safe and secure as possible. Today, MySpace was alerted to an issue within the MySpace
Mobile WAP site and is working to roll out an immediate fix," a MySpace spokesperson wrote in an e-mail.
With the MySpace hole, people have to go through the company's mobile page and know the user ID of a member to read their private
comments, said Canadian computer technician Byron Ng, who alerted CNET News to the issue and said he had previously contacted
MySpace as well.
Getting someone's user ID is easy; just hover over the name and the user ID is the first group of numbers buried in the coding at
the bottom of the page.
In addition, security vulnerabilities publicized by Ng in June that allow MySpace users to delete bulletins from groups they don't
control, to pin and unpin topics in groups they aren't members of, and to post messages to a group they are banned from remained
unfixed. Those issues are expected to be fixed within the week, MySpace said.
Meanwhile, Facebook was investigating possible security issues of its own, including a third-party app that lets people see comments
written on member pages, even if they aren't their friends.
"We're still checking on Advanced Wall but we've confirmed that there is not a hole in Free Gifts," a Facebook spokesman wrote in
an e-mail. "It's only public gifts that can be seen in the manner you propose below, which is how they are meant to be seen....
Private gifts are not shown on this page."
Facebook users should remember that photos and videos are public unless the person who posts them sets the privacy setting
to private. MySpace users should make sure to keep their versions up to date and ensure their settings are correct to ensure privacy.
Facebook Blocks Links Between Its Site and Malware Infested Web Sites
"We've identified and blocked the ability to link to the malicious Web sites from anywhere on Facebook. Less than .002% of people
on Facebook have been affected, all of whom we notified and suggested steps to remove the malware," wrote Max Kelly, Facebook's
head of security, in a blog post early Friday.
Security company Sophos PLC had recently issued a warning about the attack, in which malicious hackers were targeting unsuspecting
Facebook users via postings on the site's Wall feature.
The Wall, a core component of Facebook profile pages, is used by members to leave one another messages. Impersonating members'
friends, malicious hackers posted messages urging users to click on a link to view a video on a Web site they falsely said was
hosted by Google.
However, the link took users to a rogue Web page where they were told to download a new version of Adobe Systems Inc.'s Flash
player in order to view the video. If users authorized the download, the site would install a Trojan horse, Troj/Dloadr-BPL, that
funneled other malicious code detected as Troj/Agent-HJX into their PCs.
Then, an image of a court jester sticking his tongue out would appear. Facebook members might think it was an innocent practical
joke by a friend, but in fact, at that point, their PCs would have been seriously compromised and put in the control of malicious
hackers so they could be used to disseminate spam and malware and perform other harmful actions, according to Sophos.
UTorrent Peer to Peer Client Fixes Vulnerability
One of the most popular programs used by some to illegally share files under copyright has patched a serious software vulnerability.
The problem affects the P-to-P (peer-to-peer) program uTorrent as well as BitTorrent Mainline, another program based on the
uTorrent code. It has been classified as “highly critical,” the second most severe ranking of risk, by Secunia, a security vendor
in Denmark. Both programs use the BitTorrent protocol, which has become the most popular method of file sharing worldwide,
according to iPoque, a company based in Leipzig, Germany, that specializes in traffic-management appliances for ISPs.
The programs collect pieces of a particular file from other computers around the world and assemble it. The vulnerability can be
exploited if a user downloads a malicious torrent, which is a text file that coordinates the downloading of content. The problem
causes a stack overflow, which can allow an attacker to upload other malicious software to a PC. The bug was in the software for
at least two years, wrote the researcher who is credited with the find.
If you use UTorrent or BitTorrent for Peer to Peer file sharing (or any other P2P software), be aware that these can be extremely dangerous (you can
never know for sure the files you are downloading aren't infected - nearly 70% have at times been shown to be malware). If you
choose to use these services, be sure your antivirus is running and up to date, and be sure to use the P2P software's
most recent clients.
Microsoft Issues Massive Security Update for Windows, Office
In its largest batch of security fixes in 18 months, Microsoft Corp. last week released 11 software updates to plug 26 holes in
Windows, Office, Internet Explorer, and other products. Six of the updates were tagged “critical,” Microsoft’s highest severity
rating.
The company acknowledged that at least two of the vulnerabilities being patched have already been exploited by attackers in the wild.
Those two, plus another pair, said one security researcher, should be considered "zero-day" bugs because technical details about the
flaws had been circulating prior to today.
This month’s update count was supposed to be even larger: Microsoft said it decided not to issue an expected fix for Windows Media
Player 11 “because of a last-minute quality issue.”
If you are using Microsoft Operating Systems or Office software, be sure that you have applied this update. We recommend
using AutoUpdate and enabling it to automatically install any new updates from Microsoft.
Opera v9.52 Available As Security Upgrade
Opera has released a recommended security and stability upgrade. It fixes the following issues:
- Fixed a startup crash that could allow execution of arbitrary code
- Sites can no longer change framed content on other sites
- Fixed an issue that could allow cross-site scripting
- Custom shortcuts no longer pass the wrong parameters to applications
- Prevented insecure pages from showing incorrect security information
- Feed links can no longer link to local files
- Feed subscription can no longer cause the wrong page address to be displayed
Researcher Reveals Critical Java Bugs in Nokia Phones
A pair of critical vulnerabilities in Sun Microsystems Inc.'s Java technology for mobile devices could be used by hackers to
surreptitiously make calls, record conversations and access information on Nokia Series 40 cell phones, a Polish researcher
reports.
Adam Gowdiak, a researcher who has found numerous bugs in Java 2 Micro Edition (J2ME) in the past, said he reported the two
vulnerabilities to Sun last Thursday and notified Nokia the same day of the security issues in its handsets.
Bank Warns of Cell Phone Scam
We are hearing reports of these types of scams all across the country. This week, the chief executive officer of Mutual Bank
urged the public to beware of a cell phone/identity theft scam, and to immediately contact authorities if they receive such a
message.
A number of cell phone owners in the region received text messages from a source claiming to be Mutual Bank, saying that the
customer’s bank account access had been locked, and urging recipients to call 508-424-1203 to restore the account. According to
the official, a recorded message then asks for the customer’s card and pin number.
He said the scam is apparently the work of scam artists who picked the name of the bank and sent text messages to a random list of
cell phone owners, in the hope that at least some of the people on their list were actually Mutual Bank customers. The cell phone
numbers did not come from Mutual Bank, he said.
These types of attacks are becoming commonplace. Please be aware of them and inform your vulnerable friends and family.
GMail Tip - Use HTTPS To Ensure Security
Some Gmail users already know that to ensure your gmail session can't be picked up in public wi-fi areas, you need to login via
https://mail.google.com. Doing so puts your mail session into 128-bit encryption, so that, as Ryan Singel of 'Threat Level' puts
it, "[it leaves] would-be Wi-Fi snoops at a cafe staring at the electronic equivalent of a blended latte."
Basically, anytime you are using a public wi-fi system, you should always login to your web based email accounts using https if it
is available. Otherwise your email session is easily readable by anyone with a wi-fi monitoring application.
But there's another type of attack that can allow the attacker to grab a cookie over the wi-fi airwaves and login to your account
temporarily, even though they don't know your password. This attack is about to get very easy with the release of a new hacking
tool.
Simply logging in to https won't save you from this one. Instead you need to make your Gmail (or other web based email accounts)
always run using a secure protocol such as SSL.
If you are a Gmail user, login, go to settings and then look for Browser connection. Select always use https:// unless you
have a desktop and a dial-up connection. If you use other web-based email, look for a similar setting and enable it.
