The Latest E-Mail and Web Scams
There have been a rash of new email and website scams, some of which we will address in this newsletter. Some of the new phishing
scams take advantage of all of the frightening economic and housing news. Criminals are sending out emails with subject lines such
as "Foreclosure Assistance", or "Debt Relief", and new ones today titled "Merill Lynch Customer Support" and "Merrill Lynch
Update". Expect some soon titled, "WAMU Update". The City's email filtering software, Postini, is catching most of these, but some
may make it through or you might inadvertently release them from Postini. These will either infect your computer directly or give
you a link to a poisoned web site.
We are also seeing many instances of legitimate web sites that are infected. These sites pop-up a message saying that your computer
has a virus along with an offer of an antivirus you can download. These are AV applications fake, and in fact will infect your
computer with a Trojan (a malware application that takes over control of your computer).
There are several other new scams that take advantage of recent news, including ones about the presidential election, Dept of
Homeland Security and hurricane relief. And finally, the "You have an e-greeting" has resurfaced.
If you receive a suspicious email, simply delete it. If you get a pop-up on a web site about an antivirus program, shut
down your web browser immediately.
Infected Software Fakes on the Rise
Spam e-mail that contains links to malware bearing viruses and Trojans are on the increase, particularly those disguised as
legitimate software, security vendors warn.
One common ruse involves the circulation of fake copies of popular software, which infects users’ systems upon installation. In a
statement Wednesday, Symantec pointed to the example of a “very high profile attack” involving fake versions of Microsoft browser,
Internet Explorer 7.
Adobe also recently issued a warning that fake copies of its Flash plugin had been circulated via fake news video pages that
prompt users to download the malware. Ironically, another IT security company Sophos, noted that Symantec itself fell victim to
such hoaxes.
Malware Poses as iPhone Game
Malware writers are spamming e-mails with a file posing as a popular iPhone video game, according to researchers at Sophos. In
fact, the file contains a Trojan, which ironically only runs on Microsoft Windows. Still, Sophos said the Trojan can potentially
allow a hacker to take over an infected PC.
The Trojan, identified by Sophos as Troj/Agent-HNY, is being spread via e-mail as an attachment dubbed Penguin.Panic.zip after the
popular “Penguin Panic” game for the iPhone. Hoping to snare unsuspecting video game fans, the spam e-mails contain subject lines
such as “Virtual iPhone games!” and “Apple: The most popular game!”
“It’s your bog-standard malicious Trojan horse, designed to hand control of the compromised computer over to a third-party hacker,”
said the senior technology consultant at Sophos. “That hacker can then take over the compromised PC to download further malware,
or launch spam campaigns, install spyware to steal your identity or launch a distributed denial-of-service attack. Because so many
Trojan horses these days download additional code from the Internet, hackers can change the ultimate payload at anytime they
wish – they just update the file which the Trojan tries to download.”
Fake Celebrity Websites Infecting With Malware
Attacks through phony celebrity websites have continued to spawn. According to new data from McAfee, a user searching for a variety
of items (wallpapers, screensavers, photos, etc.) relating on one specific celebrity has, on average, an 18 percent chance of
encountering malware in one form or another. Such malware is often served up by a “fake” celebrity website whose primary purpose
is to shove Trojans and worms into the desktops of the unwary. These websites differ from standard malware landing pads, as they
try to appear as a legitimate source of news.
The Most Dangerous Celebrities To Google
Brad Pitt has overtaken Paris Hilton as the most dangerous celebrity to search for in cyberspace according to Internet security
company McAfee. For the second year running, McAfee entered the glamorous world of Hollywood to reveal the riskiest celebrities in
cyberspace.
Checking in on your famous friends is not only a guilty pleasure, but seriously dangerous for your PC. Fans searching for "Brad
Pitt," "Brad Pitt downloads," and Brad Pitt wallpaper, screen savers and pictures have an 18% chance of having their PCs infected
with online threats, such as spyware, spam, phishing, adware, viruses and other malware.
Cybercriminals are using A-listers' names and images, like Beyonce and Justin Timberlake, to lure Internet users who surf the Web
for the latest gossip, screen savers and ringtones to "fake" Web sites that look legitimate.
Actors Brad Pitt and Justin Timberlake are the most dangerous men to seek on the Internet, while Beyonce and Heidi Montag top the
list for women. Paris Hilton, who topped 2007's most dangerous celebrities, is noticeably absent from this year's list. Also absent
is Britney Spears who was ranked #4 in 2007.
Clickjacking - a New Attack Vector on the Web
Public reports of a new attack vector, referred to as "clickjacking," which affects most web browser applications. According to
multiple vendors and security researchers, this method could cause a browser to follow malicious links without the user's knowledge
or consent, even when all common scripting functions (javascript, ActiveX) have been disabled. The details of the attack vector
and accompanying proof-of-concept exploit code have not been made public at this time.
Business Week Web Sites Compromised
The Web site of BusinessWeek magazine suffered a major SQL injection attack in recent days that left it hosting malware on hundreds
of its pages. Once compromised by such a server weakness, the attack scripts could, in principle, launch anything desired by the
attacker except currently included code for automatic attacks based on JavaScript. That means a visitor could be hit by malware
just by landing on one of the pages, without even interacting in any way. Luckily, according to Sophos, the code that's still on
the magazine site pointed to a Russian site that appeared to be nonfunctioning. A similar attack was used earlier in 2008 to
undermine 500,000 legitimate Web sites in a period of days.
Letter Scam - Pay Taxes on the Money You "Won"
A new snail mail letter scam urges recipients to pay taxes on money ‘won’. The Waterford, New York, Office of the Public Safety
Commissioner is warning residents to beware of a scam designed to lure letter recipients into paying taxes on money the letter
claims they won. A Waterford resident received the letter, which claims the recipient won $125,000. The letter goes on to say the
recipient can claim the cash once he or she pays $2,975 in taxes. The letter asks the recipient to send the money through Western
Union or Moneygram. A check is included for $4,875, but the letter asks the recipient to call before cashing it. Police say the
letter was sent as a mass mailing, and recipients should disregard it.
Mozilla Patches 11 Bugs in Firefox
Mozilla Corp. late Tuesday patched 11 vulnerabilities in Firefox 3.0, more than half of them labeled “critical,” and fixed 14 flaws
in the older Firefox 2.0.
Firefox 3.0.2 quashes six critical bugs, four marked “high,” and one pegged as “low” in Mozilla’s four-step threat ranking system.
Among the most serious were four stability bugs in the browser’s graphics rendering, layout and JavaScript engines that can crash
the progra, and might be exploitable with malicious code. “Some of these crashes showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” said Mozilla
in the accompanying advisory.
Mozilla also updated the older Firefox to 2.0.0.17, patching all but one of the bugs fixed in 3.0.2, but also addressing several
issues specific to the aging browser.
Apple Releases Java Updates for Mac OS X 10.4 and 10.5
Applehas released updates for Java for Mac OS X 10.4 and 10.5 to address multiple vulnerabilities. These vulnerabilities may allow
an attacker to execute arbitrary code. US-CERT encourages users to review Apple Article HT3178 and HT3179 and apply any necessary
updates to help mitigate the risks.
Is Your Webcam Watching YOU!?
Cover your webcams and unplug your microphones, because the latest freely-available hacker tools could use your own hardware against
you without your knowledge.
Security specialist Prevx demonstrated some of the latest scary techniques being used to take unsuspecting web users' credit card
details, passwords and personal information, as well as turn on your webcam and watch you.
Worryingly, something as simple as a failure to update Adobe Acrobat reader and then clicking on the wrong PDF file could put your
PC at risk, and the real concern is the increase in 'zero day exploits' – unpublicised or previously unknown exploits that allow
hackers to seize control of computers.
