The Latest E-Mail Scams
We're seeing similar trends in the SPAM that the City is blocking as we have the last few
weeks. By far the greatest number are some kind of debt consolidation, etc. with the next
runner up being the online pharmacy offers. We've also seen a rise in the SPAM relating to
the Bank closures, with subject lines like "Wachovia Connection Alert, or WAMU Customer
Information".
However, there have been several new virus infected emails blocked. Some were of the old,
"You have an e-card" variety, and in the last two days we've seen one with the subject line, "Angelina Jolie
Free Video" and one titled, "Funds wired into your account are stolen". We also had some instances of a virus laden email with a "doc.zip" attachment and
the subject, "Important document for 49". And then, of course, there have been several nasty
malware laden presidential campaign videos being foisted upon us recently.
If you receive a suspicious email, simply delete it.
E-mail Claiming to Be From the FDIC
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a
fraudulent e-mail that has the appearance of being sent from the FDIC.
The subject line of the e-mail states: "Funds wired into your account are stolen." The
e-mail tells recipients that the proceeds of identity theft crimes have been
wire-transferred into their bank account. The e-mail then directs recipients to open and
review an attached copy of their bank account statement. The attached file is actually an
unknown executable file.
Recipients should consider the intent of the executable file as a malicious attempt to
collect personal or confidential information, some of which may be used to gain unauthorized
access to on-line banking services or to conduct identity theft.
The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and
consumers should NOT open the executable file attached to the fraudulent e-mail.
Attackers Mix Online, Offline Exploits to Mask Financial Fraud
Professional cybercriminals
are deploying multichannel attacks that split the attack cycle into pieces that may not look
like they are related. This combination of offline and online activity lets the attacker
stay under the radar of forensics or other incident tracking, for instance, using wire
transfers and ATM transactions, as well, rather than a pure online transaction with a bank.
One example of this type of attack is the Coreflood botnet Trojan, which is notorious for
performing reconnaissance on its victims. Coreflood has stolen user account information,
Webpage content, digital credentials, and browser cookies. And it made sure the server it
used appeared to be from the same geographic location as the victim.
Banking customers can
protect themselves from these multipronged — and often silent — attacks with the usual best
practices: updated antivirus and anti-spyware, patching one’s machine, and never clicking on
an email purportedly from a financial institution.
Symantec Warns of Alarming Spam Trends
Symantec’s monthly State of Spam report claims that
malware-laden messages are far more common than in the first half of the year. The security
firm estimates that 1.2 percent of all email messages sent contain a malicious payload.
Overall, Symantec found that spam comprises some 78 percent of the global email volumes.
While attached .zip and .rar archives were the most popular method for spreading malware,
researchers also found that embedding attack code within the source code of the message
itself is becoming popular. ”The increase began in May 2008 and continues to the present,”
the company said in the report. ”During this period, there has also been an increase in
email messages carrying malware payloads, not just links to malicious code.” The majority of
the malicious payloads were generic Trojan, downloader and information stealing
applications.
Barclays Hit by Phishing Scam
Barclays is the latest bank to be hit by a hoax phishing
campaign, which encourages customers to log their personal details on to a fake site. The
email scam entitled, ‘restore your account’ encourages consumers to click on to a hoax
Barclays log-in site, in a bid to extract personal banking details. Barclays denies having
anything to do with the email.
The bank is urging customers to delete the email or forward
it on to Barclay's internet security address.
Malware Masquerades as YouTube Video
Security experts are warning users of a new malware
attack posing as a pornographic YouTube video. Researchers at McAfee said that the
newly-discovered attack attempts to lure the user to a malicious site by way of a YouTube
page promising an adult movie.
YouTube’s terms of service prohibit the posting of obscene
content, and the company removes videos it deems inappropriate. But the attack does not
actually post the videos on YouTube. Instead, the attackers have constructed a fake YouTube
user account. Forum spam messages are then used to link to the profile pages, which in turn
offer ‘video’ links hosted on an external site. Believing the page to be hosting a
legitimate YouTube video, the user follows the link which attempts to perform a number of
browser exploits as well as a fake codec attack in which the user is told that an
‘additional file’ is needed to display the video
Google Trends Used to Propagate Malware
Researchers at Webroot have discovered that malware operators have begun using Google Trends
information to assist in malware propagation attempts. By abusing popular blog hosting sites
such as Windows Live Spaces and applying Google Trends data on popular search terms,
operators are able to increase the chance of a victim selecting a malicious web site during
a search.
Free Security Scan Tool from Verizon
With industry estimates of more than a million viruses stalking the unprotected computers of
Internet users, the need for adequate protection from these and other threats has never been
greater. Verizon Security Advisor provides consumers with a fast and simple way of
determining their level of risk and follows up with tips and instructions on how to stay out
of trouble.
Internet users can access the free security scan at http://www.verizon.net/securityadvisor
Verizon also offers its customers free parental controls and has launched a publicly available Parental Control
Center offering tips and tools for parents on how to protect their children when they're
online. The Parental Control Center features simple downloading of the parental-control
software (if you're a customer) and tutorials on subjects such as Social Networking and Safe Surfing for Kids.
Links are available to Web sites for organizations like WiredSafety, the largest cybersafety
organization, and the National Center for Missing and Exploited Children's Cyber Tipline.
The center is available at http://www.verizon.net/parentalcontrol.
Two New iPhone Security Flaws
Security researcher Aviv Raff disclosed two Iphone security flaws last week that could allow
attackers to trick users into unknowingly surfing to malicious destinations.
He had brought both vulnerabilities to Apple's attention way back in July but the company
failed to address them with patches, so he had no choice but to publicly disclose the flaws.
The first flaw exists in Iphone's Mail application and its Safari web browser, which tend to
truncate parts of long URLs when they're displayed. That can allow evil-doers to disguise
malicious URLs without the user having a chance to view them.
"In most mail clients... you can just hover [over] the link and get a tooltip [showing] you
the actual URL that you are about to click," explained Raff. "In iPhone it's a bit
different. You need to click the link for a few seconds in order to get the tooltip. Now,
because the iPhone screen is small, long URLs are automatically cut off in the middle."
He explained that it's possible for a blackhat to devise a long URL beginning with a trusted
domain name but which actually point to an entirely different location. The Iphone user
would only see the familiar-looking part of the domain name and therefore might easily be
tricked into clicking on a malicious link.
Raff said Iphone Mail is also vulnerable because it automatically downloads images linked in
HTML-formatted emails.
Most email client software allows users to make downloading of images require approval in
each instance. Setting that option helps email users protect themselves against spammers,
because spammers can learn when they've reached an active email account if the recipient
opens a spam email and downloads images.
"This one is not just a trivial bug," Raff said. "It's actually a pretty dumb design flaw,
which was already fixed by all other mail clients ages ago."
Researcher Finds Evidence of Massive Website Compromise
Several criminal gangs have acquired
administrative log-in credentials for more than 200,000 Web sites — including the one used
by the U.S. Postal Service — and have used the compromised domains to attack unsuspecting
users’ PCs with a notorious hacker exploit kit, a researcher said Friday.
More than a month
ago, the director of security research at Aladdin Knowledge Systems Inc. found and
infiltrated a server belonging to a longtime customer of Neosploit, a hacker tool kit used
by cybercriminals to launch exploits against browsers and popular Web software such as Apple
Inc.’s QuickTime or Adobe Systems Inc.’s Adobe Reader. On that server, he uncovered logs
showing that two or three hacker gangs had contributed to a massive pool of Web site
usernames and passwords.
“We have counted more than 208,000 unique site credentials on the
server,” he said, “and over 80,000 had been modified with malicious content.” The site
credentials were only the means to an end: The 80,000 modified sites were used as attack
launchpads. Each served up exploit code provided by the Neosploit kit to any visitor running
a Windows system that had not been fully patched.
Remember to keep your operating systems and applications patched and up to date.
Most U.S Hotels Vulnerable to Malicious Attacks
Most U.S hotels are vulnerable to malicious attacks and are "ill prepared" to protect their
guests from internet security problems, claims a study published by Cornell University.
The study, “Hotel Network Security: A Study of Computer Networks in U.S. Hotels” examined
the security of 147 hotels through surveys, interviews and on-site testing.
“Many hotels have flaws in their network topology that allow for exploitation by malicious
users, thereby resulting in the loss of privacy for guests,” the study says.
For guests, Ogle recommended connecting to the internet using a Virtual Private Network
(VPN), having updated anti-virus and firewall software and making sure each secured website
starts with “https://” rather than “http://”.
Smartcard Hack
Boffins (finally) publish hack for world’s most popular smartcard. Two research papers
published Monday have finally made it official: the world’s most widely deployed radio
frequency identification (RFID) smartcard - used to control access to transportation
systems, military installations, and other restricted areas - can be cracked in a matter of
minutes using inexpensive tools.
One paper - published by researchers from Radboud
University in Nijmegen, The Netherlands - describes in detail how to clone cards that use
the Mifare Classic. The chip is used widely throughout the world, including in London’s
Oyster Card, Boston’s Charlie Card, and briefly by a new Dutch transit card.
Manufacturer
NXP and the Dutch government had tried in vain to prevent the researchers from disclosing
their findings, arguing that the findings would enable abuse of security systems that rely
on the card.
WinZip Releases Version 11.2 SR-1
WinZip has released version 11.2 SR-1 to address a
vulnerability. This vulnerability is due to flaws in the "gdiplus.dll" library included with
the affected versions of the software. Exploitation of this vulnerability may allow an
attacker to execute arbitrary code.
US-CERT encourages users and administrators to review
the WinZip 11.2 SR-1 release notes and apply any necessary updates to help mitigate the
risks.
Apple Issues Java updates
Apple has issued updates for the Java components of its two most
recent OS X releases. The three security fixes address a total of 38 Common Vulnerability
and Exposure (CVE) entries in Java. Each of the fixes addresses errors which could lead to
remote code execution.
Apple said that the errors contained both Mac-specific and
Java-specific flaws. While Sun Microsystems develops and maintain Java software for several
operating systems, Apple is among the vendors that have opted to develop Java components
in-house.
