The PC Informant » Security

More Facebook scams

Vic Laurie — Thu, 19 Nov 2009 19:03:03 +0000

Some new Facebook scams are circulating. gHacks reports:

According to several reports on websites like Computerworld a new phishing scam is currently in the wild that is trying to get the Facebook login data of Facebook users. Pandalabs, who uncovered the phishing scam, did not release lots of details about the attack other than it mimicked the Facebook login page and displayed an error message after the user entered the Facebook login information. They also mentioned that the fraudulent url would most likely be spread by email but also Blackhat SEO techniques which could mean that the attackers have placed their website in prominent positions in some search engines making users believe that they visit the right Facebook website when in fact they visit the manipulated website.

Pandalabs did release in depth details about a Facebook hacking scam as well. They discovered a website which claimed to hack any Facebook account for $100 payable through Western Union. A user who wants a Facebook account hacked has to register at the website. The Facebook Id of the account that the user wants hacked needs to be entered into the form on the website. A script will then pull the username from that account and mimic a hacking attempt.

Cyberwarfare is a reality

Vic Laurie — Tue, 17 Nov 2009 17:39:02 +0000

A new report from the security firm McAfee says that political activities involving Internet attacks are increasing:

McAfee, Inc. today revealed that the global cyberarms race has moved from fiction to reality, according to its fifth annual Virtual Criminology Report. The report found that politically motivated cyberattacks have increased and five countries – the United States, Russia, France, Israel and China – are now armed with cyberweapons.

“McAfee began to warn of the global cyberarms race more than two years ago, but now we’re seeing increasing evidence that it’s become real,” said Dave DeWalt, McAfee president and CEO. “Now several nations around the world are actively engaged in cyberwar-like preparations and attacks. Today, the weapons are not nuclear, but virtual, and everyone must adapt to these threats.”

Can you trust eBay reputations?

Vic Laurie — Mon, 16 Nov 2009 18:38:15 +0000

An important consideration in dealing with others on eBay is their reputation rating. These ratings are supposed to reflect the feedback from those who have had previous transactions with the person in question. But are those reputation ratings reliable? Science Daily reports a study that says there may be problems:

A new study to be published in the International Journal of Electronic Business suggests that unscrupulous vendors on the online marketplace eBay can easily buy a good reputation and so circumvent recent efforts by the company to prevent feedback fraud.

Links about anti-malware applications

Vic Laurie — Thu, 12 Nov 2009 10:58:33 +0000

There is always a debate going on about which is the best anti-malware application. Or whether current anti-malware approaches need changing. There have been some interesting posts on the subject recently and here are some that I thought I’d pass along:

The good guys win a small victory

Vic Laurie — Wed, 11 Nov 2009 20:10:12 +0000

The odds are on the side of the cybercriminals and their botnets but now and then there’s a small triumph for our side. A major botnet has been temporarily stymied; Ars Technica reports:

Security researchers have taken down a major spam offender, though the dip in spam levels may be only temporary. Members of the FireEye security team coordinated an attack on the Mega-D botnet (also known as Ozdok) last week by preemptively registering domains meant for the botnet’s command and control channels (CnCs) and shutting down others. Spam coming from Mega-D stopped almost instantly, proving that David really can take down Goliath every once in a while.

Can’t anybody play this here game?

Vic Laurie — Tue, 10 Nov 2009 10:47:11 +0000

I was reminded of the above famous quote by Casey Stengel about the hapless New York Mets baseball team he was managing when I saw this post at InformationWeek, 9 In 10 Web Apps Have Serious Flaws. Can’t anybody out there write safe applications?

Another Facebook phish

Vic Laurie — Sun, 08 Nov 2009 18:13:50 +0000

The popularity of Facebook means it’s an inviting target for the cybercrooks. Another phishing attack is going around. TrendMicro describes the exploit:

Trend Micro security experts received email messages that supposedly came from Facebook. It asks recipients to update their login credentials for security purposes. It then instructs them to click the URL provided in the email message. When the user clicks the URL, it points them to a spoofed Facebook website where they are required to input their password only as their email address has been automatically filled up.

Secure your home wireless network

Vic Laurie — Fri, 06 Nov 2009 10:09:29 +0000

A lot of us have home networks or at least are using wireless to connect to the Internet. Unfortunately, we are not always careful about making the network secure. I have posted about setting up a wireless network before and here is another article worth reading. It’s at Digital Inspiration and is described:

This article describes how you can secure your Wireless Network from hackers and you’ll also learn about free tools that people generally use to intercept your Wi-Fi signals.

Via TechSupport Alert

The malware industry

Vic Laurie — Thu, 05 Nov 2009 11:28:42 +0000

I’ve posted before about how cybercrime has become an organized industry but here’s some more on the subject; it’s a Microsoft report entitled, “Microsoft Security Intelligence Report Volume 7″. PC World comments:

Malware makers – the criminals responsible for viruses and worms – have become increasingly organized and sophisticated, according to a Microsoft security report that was released today. Gamers, the gullible, USB drive users, and people who don’t patch their PCs are their biggest targets.

Cybercriminals are organized like corporations, and follow regular software release cycles, said Jeff Williams, principal group program manager for the Microsoft Malware Protection Center: “They are working for monetary gain.”

Can whitelisting help combat the malware epidemic?

Vic Laurie — Thu, 05 Nov 2009 10:50:21 +0000

Malware on the Internet is a bad situation and any good news on that front is welcome. So it is encouraging to see that security expert Roger Grimes says that whitelisting may be an effective defense. Writing at InfoWorld, Grimes reviews five whitelisting applications and says that whitelisting may be the new best defense against modern malware. He begins his reviews:

Whitelisting security has always taken a backseat to blacklisting approaches. After all, when there is far more good software running on computers and networks than bad software, it’s just easier to block the bad than to approve all the good. But that was then, and this is now.

In 2009, the computer security defense world quietly marked a momentous threshold that should have us all looking anew at the value of whitelisting. Last year, the number of unique malicious programs and variants that were created outstripped all the legitimate software published in the world, straining the accuracy of anti-virus solutions like never before. It’s a disturbing fact that suggests whitelisting is now more suitable as a primary security defense than traditional anti-virus scanners, which are really nothing more than blacklisting programs.

Now for some good news: Just as whitelisting may be finding a receptive audience, a number of whitelisting solutions are proving to be mature, capable, and manageable enough to provide significant protection while still giving trustworthy users room to breathe. Nor are today’s whitelisting programs limited to locking down desktops to prevent malware executions — they’re also useful for software configuration and licensing compliance and regulatory auditing.

Grimes particularly likes Bit9 Parity Suite. At the moment, whitelisting suites are aimed at businesses and large users but whitelisting might soon be part of the home PC anti-malware arsenal. In fact, Windows 7 Enterprise and Ultimate have a limited type of whitelisting called AppLocker. Perhaps Microsoft will see the light and make something for the home version or perhaps one of the security vendors will.