Don’t click on ‘Paramore n-a-k-ed photo leaked!’ Facebook link

Updated Many Facebook users are being hit by further clickjacking attacks today, taking advantage of the social network’s “Like” facility.

 

The latest lure is a link which claims to point to a website containing a naked photo of Hayley Williams, the lead singer of the American rock band Paramore.

 

Affected profiles can be identified by seeing that the Facebook user has apparently “liked” a link:

Paramore n-a-k-ed photo leaked!

 

The fact that 21-year-old Hayley Williams has recently been the subject of much internet interest after a topless photo of her was leaked online, is only likely to fuel interest in the naked pictures promised by these links. But take care, because all may not be what it seems.

 

Clicking on the links takes Facebook users to a third-party website which displays a message saying:

Click here to continue if you are 18 years of age or above

What the hackers have actually done is very sneaky. They have hidden an invisible button under your mouse, so wherever you click on the website your mouse-press is hijacked. As a consequence, when you click with the mouse you’re also secretly clicking on a button which tells Facebook that you ‘like’ the webpage. This then gets published on your own Facebook page, and shared with your online friends, resulting in the link spreading virally.

 

Attacks like this can spread very very fast. Judging by the number of messages I’ve seen, thousands have already found it impossible to resist the idea of seeing the lead singer of Paramore naked and have fallen head-first into the “likejacking” trap.

 

This use of a clickjacking exploit to publish the same message (via an invisible iFrame) to the visiting user’s own Facebook page works in a similar fashion to the clickjacking attacks we saw earlier this week.

 

Read More…

Perform a security scan by Symantec Security Check

Is your computer safe from online threats? The Security Scan performs the following tests and offers recommendations based on the results:

Hacker Exposure Check
Checks whether your computer allows unknown or unauthorized Internet communications.

Windows Vulnerability Check
Checks whether basic information about your computer, including your PC’s network identity, is exposed to hackers.

Trojan Horse Check
Checks whether your computer is safe from Trojan horses.

 

 

Embarrassing privacy flaw found on Facebook

A researcher has found a critical security flaw on Facebook that could be exploited by hackers to expose sensitive information about users.

 

M J Keith, a senior security analyst with security firm Alert Logic, discovered the vulnerability which could lead to private information being exposed, or users’ Facebook pages being maliciously defaced.

 

IDG security reporter Robert McMillan has explained the problem well:

The bug has to do with the way that Facebook checked to make sure that browsers connecting with the site were the ones they claimed to be. Facebook's servers use code called a "post_form_id" token to check that the browser trying to do something -- liking a group, for example -- was actually the browser that had logged into the account. Facebook's servers check this token before making any changes to the user's page, but Keith discovered that when he simply deleted the token from messages, he could change many settings on any Facebook account.

 

This is called a CSRF (Cross-site request forgery attack), which – if left unpatched – would allow hackers to set up malicious webpages that could submit instructions to the victim’s Facebook account without validation.

 

The consequence? Well, a hacker could make your hitherto private information public, or force your profile to “like” a Facebook group that you may find embarrassing.

 

M J Keith reports on AlertLogic’s website that he informed Facebook of the problem on the 11th of May, and that the problem has now been fixed.

 

However, IDG has reported that the security hole is still present.

 

Hopefully, if it’s not already patched, this privacy flaw – which comes at an embarrassing time for Facebook – will be removed soon.

 

If you’re a regular user of Facebook, you could do a lot worse than join the Sophos page on the site to ensure you are kept up-to-date with the latest security news. Oh, and remember to be careful about clicking on suspicious links..

 

By Graham Cluley, Sophos

 

Malicious contracts spammed out by hackers

All of us know how easy it is to accidentally send an email to the wrong address. If two people in your address book have similar names then your email client might make it all too simple to send a message to the wrong one.

 

For instance, I work with Carole, but a simple slip of the fingers or not reading carefully enough might mean I drop a note to Carla Bruni instead. (In my dreams..)

 

And it’s this kind of common inccident that cybercriminals are exploiting when they launch an attack like the one we are currently seeing in our worldwide network of traps.

 

This is a significant attack – the malicious emails are being spammed out enmasse to computers around the globe, claiming to contain contracts for the unsuspecting recipient to approve.

 

A typical message reads:

Dear ladies and gentlemen,
We have prepared a contract and added the paragraphs that you wanted to see in it.
Our lawyers made alterations on the last page. If you agree with all the provisions we are ready to make the payment on Friday for the first consignment.
We are enclosing the file with the prepared contract.
If necessary, we can send it by fax.
Looking forward to your decision.
"<name>

 

Subject lines used in the attack include:

• Rent contract
• Loan contract
• Contract of order fulfillment
• Permit for retirement
• Open an account
• Record in debit of account
• Contract of settlements
• Your new labour contract
• Open an account

 

The danger is that recipients of the emails might be curious and tempted to examine the attached file (called Contract_01_05_2010.zip) and end up infecting their Windows computer. And it’s possible that they might open the file out of the goodness of their heart, hoping that it will contain information that will help them identify who should have received the unsolicited message.

 

Sophos detects the attached malware as Troj/Invo-Zip and Mal/Koobface-E. Make sure that you keep your anti-virus software automatically updated, and always be suspicious of unsolicited emails.

 

Opening an unknown file on your computer could mean that you’re opening a backdoor for hackers to compromise and infect your PC.

 

By Graham Cluley, Sophos

Operation Aurora: Microsoft knew about Internet Explorer flaw for four months

On Thursday there were sighs of relief from all corners as Microsoft released a security patch for a vulnerability that had been exploited by hackers.

 

The patch fixed a critical zero-day vulnerability in versions of Internet Explorer that would have meant visiting a boobytrapped webpage could have infected your computer, opening a backdoor for remote hackers.

 

Nasty stuff, especially as it was being alleged that the security hole had been exploited by Chinese hackers who broke into the likes of Google and Adobe in an attack dubbed “Operation Aurora”.

 

Interestingly, details are now emerging that Microsoft was first told about the security hole early last September – a full four months before it hit the world’s headlines.

 

According to reports, Microsoft was informed about the security problem with its software (and the potential for hackers to take advantage of it) by security researcher Meron Sellen, and the company planned to roll-out a fix in a cumulative update for Internet Explorer scheduled for next month.

 

Now, if you were one of the high-tech, financial or miltary targets that are said to have been struck by the Chinese hackers you might be feeling a little bit miffed that Microsoft didn’t roll out its patch for this critical vulnerability sooner.

 

For their part, Microsoft may well feel that as the flaw primarily affected Internet Explorer 6 that such organisations should already have updated to a more secure version of their browser (such as version 8.0).

 

Is four months too long a time to fix a security hole of this severity? I’m not sure. One thing we have to bear in mind is that it can be very complicated developing and then testing a security patch to ensure that it works in all environments with multiple different versions of the software being patched.

 

I would rather a patch worked than was rushed out and caused more problems than the bug it was trying to solve.

 

The thing we should all be grateful for is that there is now a patch for Internet Explorer, meaning there really is no excuse for any company to be breached via this particular security hole again.

 

But if Microsoft knew about this critical security vulnerability four months ago, I wonder how many other security holes there are that they secretly know about, but we don’t have a clue about yet.

 

Oh, and don’t forget, there’s nothing to suggest that the hackers only exploited this Internet Explorer flaw. Chances are that they took advantage of a whole bunch of different weaknesses in different products, as well as some social engineering tricks, to break into computers inside the affected companies.

 

By Graham Cluley, Sophos

 

Banking malware found on Android Marketplace

An application for smartphones running the Google Android operating system has been reported to steal users’ banking information.

 

According to a blog post from the First Tech Credit Union, an app developer called 09Droid created applications which posed as a shell for mobile banking applications, and in the process phished personal information about the users’s bank accounts. The information would, presumably, have been usen for the purposes of identity theft.

 

SophosLabs has not yet seen a sample of the malware, which has now been removed from the Android Marketplace, and First Tech Credit Union is at pains to point out to its customers that it does not currently have an app for the Android phone.

 

A number of other financial institutions have also published warnings regarding the Android applications. For instance, here’s a similar warning about the Android app that was published on the website of Travis Credit Union, and this is what the credit union posted on its official Facebook page:

Although malware has previously emerged for jailbroken iPhones (such as the infamous Rick-rolling Ikee worm) the malicious applications have not made it onto users’ iPhones via Apple’s highly guarded AppStore.

 

The Android marketplace, however, is not as closely monitored as Apple’s equivalent, and adopts a more “anything goes” philosophy. This, combined with the current buzz around new phones running Android such as the Motorola Droid and the Google Nexus One, may make the platform more attractive to cybercriminals in future.

 

As more and more users inevitably take advantage of smartphones to access their bank accounts in the future, the temptation for hackers to exploit systems may become greater.

 

by Graham Cluley, Sophos

 

Baidu, China’s largest search engine, defaced by Iranian Cyber Army

Hot on the heels of last month’s attack on Twitter, the so-called “Iranian Cyber Army” appears to have defaced another high profile website.

 

Baidu, formed in 2000, is China’s number one search engine, dominating the home market for online searches – partly because it had a six year head start over Google. As a result of its huge popularity, it’s no wonder that from time to time hackers might try and take advantage of the site, just as top websites can be in the frame for attack in the West.

 

Earlier today, visitors to Baidu.com’s home page were met with a message – “This site has been hacked by Iranian Cyber Army” – alongside what I presume to be Farsi, and a picture of the national flag of Iran:

It’s not presently clear whether Baidu’s site itself was compromised or, as in the case with the Twitter attack, its DNS records. If the website’s DNS records were breached then the hackers would have been able to redirect users who typed www.baidu.com into their browser to a webserver under their control.

 

Within two hours the Baidu website appeared to be returning to normal operation, and as far as we can tell the motive for the attack was political rather than financial. However, imagine how easy it might have been for the hackers to have created a cloned version of the main Baidu webpage complete with a silent invisible-to-the-naked-eye link to a software exploit or piece of malware.

 

Attacks like this are a reminder to everyone that you always need to have security scanning every webpage you visit, even if it’s an established legitimate website.

by Graham Cluley, Sophos

 

7 Must Have – Free Software To Protect Your Laptop

Traditional computer security measures are not enough to protect your laptop and netbook. You have to pay attention on various laptop related security risks such as insecure public wireless network, laptop theft, laptop search, about which you don’t worry with your desktop computer.

 

Whether your laptop is stolen or not, your privacy can still be at risk by simply traveling with your laptop. The Homeland Security Department and other authority can search your laptop to look for evidences on any illegal activity and illicit materials stored on your laptop such as unlicensed songs, movies, software or unlawful images of children. However, good laptop security does not necessarily cost you money.

 

Here are 7 easy-to-use, useful and free software that can help you protect your laptop, your sensitive data and your privacy.

 

1. Encryption. TrueCrypt is a trustworthy encryption program that can protect your data against unauthorized access. www.truecrypt.org

 

2. Backup. Cobian Backup is backup software that can protect your data against loss. www.cobiansoft.com. An alternative is Mozy free edition, which is an online backup software with 2 Gbytes space. www.mozy.com

 

3. Antivirus.  ( AVG – Avira – Avast ) free edition provides protection against viruses, spyware and other malware.

 

4. Firewall. The built-in Windows firewall protects your laptop against hackers while you’re online. (but make sure you configured it properly)

 

5. Alarm. LAlarm is like a car alarm for your laptop. The software can help prevent your laptop from theft, and can also recover and destroy your data in the laptop in case of theft. www.lalarm.com

 

6. Tracking. Prey laptop tracking software that can locate your laptop if it is stolen. www.preyproject.com

 

7. File shredder. Eraser is a data sanitizing program that can permanently delete sensitive data such as passwords, Internet browse history, personal information from your laptop. www.forensicswiki.org/wiki/Eraser

 

 

Malicious bogus DHL and FedEx emails bombard inboxes

We are currently seeing a large number of malicious emails purporting to be sent from FedEx or DHL, but containing attachments designed to infect your computer.

 

It’s a familiar story. In the case of the malware attached to the emails coming from DHL, the communication claims that there has been an error in the delivery address, and so you are invited to pick up the parcel “at our post office personaly” (spelling has often been the downfall for would-be hackers).

 

If the poor spelling doesn’t set your alarm bells ringing then you might be foolish enough to open the attached shipping label (we have seen examples where this can be called DHL_print_label_75ba9.zip or DHL_print_label_9731b.zip)

 

Sophos detects the attached malware as Troj/BredoZp-A or Mal/Bredo-A.

 

On the SophosLabs blog, Prashant has written about a similar campaign claiming to come from FedEx, carrying an infected invoice in the form of a file called TR768212.zip.

 

The thing which is most notable about these current spammed-out attacks, though, are their ferocity. Take a look at what our email malware traps intercepted in a less than two minute interval:

 

Dangerous emails claiming to come from courier companies are nothing new – it has become a standard method by which hackers can socially engineer you into opening a malicious attachment or clicking on a dangerous link.

 

Make sure that you and your colleagues are wise to the trick – and think before you click.

 

by Graham Cluley, Sophos

Microsoft IIS web server under attack from hackers

Microsoft has updated a security advisory concerning vulnerabilities in its Internet Information Services (IIS) web server, confirming that “limited” attacks were using publicly available exploit code.

 

The attacks are targeting flaws in the FTP service in Microsoft IIS 5.0 and could allow remote execution attacks or denial of service (DoS) attacks in IIS 5.0 as well as 5.1, 6.0 or 7.0.

 

Microsoft said it was aware that detailed exploit code had been published for the vulnerabilities, and was “actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.”

 

Microsoft said in the advisory: “These vulnerabilities were not responsibly disclosed to Microsoft and may put computer users at risk.”

 

Tomorrow’s Patch Tuesday has come too soon to fix the IIS vulnerabilities in question, but Microsoft said it would take the appropriate action, which could mean a security update released for a future Patch Tuesday or an out-of-cycle security update.

By Asavin Wattanajantra from itpro.co.uk