Subscribe to Virus Experts – We Make Your Digital Life Secured RSS FeedSubscribe to Virus Experts – We Make Your Digital Life SecuredComments FEED

Browse > Home /

GFI Labs Issues Labor Day Phishing Warning

September 3, 2010 by admin  
Filed under Security News

Leave a Comment

Online holiday retail sales traditionally serve as prime platform for attacks


GFI Software security researchers issued a warning today regarding an expected increase in phishing attacks in relation to the upcoming Labor Day holiday. GFI Labs, the dedicated malware research center of GFI Software, warns that consumers are traditionally at high risk for targeted phishing attacks due to the preponderance of online retail sales events over the holiday weekend.

 

Amidst the flurry of emails promoting holiday sales are fraudulent messages that include bogus links to sites that download malicious software or phishing sites soliciting personal information. While research from companies like IBM have suggested that phishing attacks were on the decline last year, GFI Labs warns that customers should not be lulled into a false sense of security. According to phishing tracker Phishtank.com, there are over 2,900 active phishing web sites currently verified on the internet. Furthermore, the popularity of social media sites such as Facebook and Twitter has made them attractive platforms for holiday-themed attacks.

 

According to GFI Software, one of the world’s leading providers of security software, consumers can reduce their risk of infection by following three simple rules:

 

1)    Ensure that your computer is protected against the newest malware threats by installing a combined antivirus and antispyware solution.  This serves as the first point of protection against dangerous viruses and Trojans – and one without the other is no longer effective.

 

2)    Never click on a link from an email to make a credit card purchase.  The email you’ve received may look legitimate, but there’s a high probability that the link will take you to a spoofed site where your credit card information will be recorded by cyber criminals.  Instead, navigate to the retailer’s Web site directly through your browser.  Again, the email may look harmless, but it’s better to be safe than sorry.

 

3)    Even when visiting a trusted Web site, be vigilant about anything that looks out of the ordinary.  Social networking sites like Facebook, Twitter and MySpace have all served as points of infection recently.  Do not download anything, even from a trusted site, unless you are 100% sure of its contents.

 

“Every Labor Day, we see a wave of phishing attacks taking advantage of consumers’ expectations of increased retail email promotions connected with the holiday,” said Tom Kelchner, research center manager, GFI Labs. “Cyber criminals see an opportunity to slip by unnoticed among the legitimate promotions. Along with making sure virus updates and security software patches are current, consumers need to stay vigilant and use common sense in order to avoid any unnecessary headaches that these fraudulent emails look to deliver over the long weekend.”

 

About GFI
GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SME) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.

 

 

Tags: , , , , ,

Facebook unnamed app: Hackers poison search results

January 27, 2010 by admin  
Filed under Security News

Leave a Comment

Thanks to Clu-blog reader Jamie for contacting me regarding a scare that is currently spreading bewteen Facebook users.

 

Users of the social-networking site are warning each other of what is rumoured to be a rogue application, spying on their activities on Facebook. Users are told in the warning that they can find the “Unnamed app” by going to “Settings”/”Application Settings” and then choosing “Add to Profile” from the drop-down box.

 

Here’s a typical example of the message that is being passed around:

ALERT >>>>> Has your facebook been running slow lately? Go to "Settings" and select "application settings", change the dropdown box to "added to profile". If you see one in there called "un named app" delete it... Its an internal spybot. Pass it on. about a minute ago...i checked and it was on mine.

Sure enough, when I went to look on a Facebook account I found an “Unnamed app”:

fbook unnamed Facebook unnamed app: Hackers poison search results

However, I’m not seeing any evidence that the application is malicious. Indeed, it seems to me that the only sin it may have committed might be to have been given a daft unhelpful name. According to Facebook itself, it appears to be a buggy presentation of the boxes tab that appears on users’ Facebook profiles.

 

Of course, news of the “dangerous” app is spreading more quickly than the sensible advice for everyone to calm down and have a nice cup of tea. And, as a result, many people are searching the internet trying to find clues about the Facebook application.

 

google un named Facebook unnamed app: Hackers poison search results

It is at this point that the malicious hackers enter the story.

 

Just as they have done with other Facebook scares (like the Facebook Fan Check Virus scare and the Error Check System application), hackers have created webpages stuffed with keywords related to the “Unnamed” (sometimes “Un named”) app.

 

This and other search engine optimisation (SEO) techniques have helped hackers push their webpages high into the upper reaches of search results.

 

And if you happen to stumble across one of these malicious sites after searching for information about the “Facebook Unnamed app” you might find yourself infected by fake anti-virus software, designed to trick you out of your hard-earned cash.

 

Sophos detects the malware seen on these infected webpages as Mal/FakeVirPk-A.

 

By Graham Cluley, Sophos

 

 

Tags: , , , , , , , , , ,

8 Things You Probably Didn’t Know About KOOBFACE

October 10, 2009 by admin  
Filed under Security News

Leave a Comment

koobface 8 Things You Probably Didn’t Know About KOOBFACE

You’ve probably read or heard about KOOBFACE malware propagating through social networking sites such as Facebook, MySpace, and Twitter. A lot of analysis is available online through blogs or malware descriptions. But I bet most of you probably still do not know some or all of these things about KOOBFACE.

 

  1. KOOBFACE knows: KOOBFACE has the capability to steal whatever information is available in your Facebook, MySpace, or Twitter profile. Profile pages of these social networking sites may contain information about one’s contact details (address, email, phone), interests (hobbies, favorite things), affiliations (organizations, universities), and employment (employer, position, salary). So beware, KOOBFACE knows a lot!
  2. KOOBFACE doesn’t just know you through your profile information, they also know what you look like!: Not only does the botnet steal profile information, it also makes sure to put a face to the name by getting one’s profile picture as well.
  3. URLs leading to KOOBFACE malware are either in compromised or free Web hosting sites: Yep, call them cheap but the guys behind KOOBFACE are making good use of compromised and free Web hosting sites in spamming KOOBFACE-related URLs. These URLs are spammed in social networking sites with catch phrases like “funny video,” which lead to a fake YouTube or Facebook site, which then leads to KOOBFACE malware.
  4. KOOBFACE zombies are made into Web servers on top of being social networking site spammers: KOOBFACE installs a Web server component into infected machines, which effectively makes the infected machine part of the malware’s distribution network. Infected machines serve fake YouTube or Facebook pages, which then lead to the KOOBFACE malware.
  5. KOOBFACE zombies are able to distribute repackaged versions of the malware: KOOBFACE Web servers are able to use UPX, a popular executable packer program, to pack (compress) the KOOBFACE binaries they serve.
  6. Half of KOOBFACE infections occur in the United States: This is not surprising since majority of the social networking site users reside in the United States.
  7. KOOBFACE is able to block IP addresses: Probably in an effort to protect itself against takedown or snooping by curious researchers, KOOBFACE implemented a blockIP routine where traffic coming from a particular IP range is blocked.
  8. KOOBFACE is able to defeat Facebook’s spam filtering: Facebook, MySpace, and Twitter have recently implemented a spam-filtering mechanism where known spam URLs are blocked. KOOBFACE tries to circumvent this by first testing if a KOOBFACE spam URL is blocked by Facebook or not.


So there, some things you may not know about KOOBFACE. If this whets your appetite for more information, you may read our research paper The Heart of KOOBFACE: C&C and Social Network Propagation, fresh off the grill from the White Papers section of TrendWatch.

 

by Ryan Flores from trendmicro

Tags: , , , , , ,