Posts Categorized: Targets


Social Nets Put Your Privacy at Risk

by

By Mike Kronenberg Attention Facebook and Twitter users: You’re still at risk. Last year, our survey found that lots of people using social networking sites were taking the risk of financial loss, identity theft, and malware infection. Have things gotten any better? Well, the answer is yes but, unfortunately, not better enough — and potentially a lot worse for some of you. The results of our 2010 survey reveals that more of you are adhering to some safe behaviors — like blocking profiles from being visible through public search engines. That’s a good thing, but the downside is over 25 […]

Continue Reading »

Weird New Koobface URLs Use Old Tricks

by

Pretty much since it arrived on the malware scene, Koobface has used the technique of sending messages with Web links — in your name, to your friends — as a method of propagating the infection to others. Using your name is a powerful social engineering trick, and the makers of the worm have tried innumerable ways to mask the danger behind those dangerous links: They’ve used “short link” services like Bit.ly to hide the destination; They build pages on sites normally considered safe, like Blogspot or Google Reader, that simply redirect users to a dangerous page; and they use stolen […]

Continue Reading »

Botnet Trojan Adds “Gootkit” Code to Web Pages

by

An insidious new Trojan that finds its way onto Windows PCs in the course of a drive-by infection employs a novel method to propagate: It connects to Web servers using stolen FTP credentials, and if successful, modifies any HTML and PHP files with extra code. The code opens an iFrame pointing to a page that loads browser exploits. The exploit pushes down the infection, which then perpetuates the process. The initial infection vector in this case was a spam message supposedly from Amazon.com containing a link to the page which performs the drive-by attacks. The malware, which we’re calling Trojan-Backdoor-Protard, […]

Continue Reading »

New Research: IT Pros Sound Off On 2010 Security Concerns

by

Research from the enterprise security experts at Webroot With the explosion of social networking sites like Twitter and Facebook in 2009, it’s no surprise cybercriminals have set their sights on these Web sites for new victims. Facebook now has over 400 million active users and Twitter has over six million — a sizeable pool of potential targets. These new threats are a cause of great concern for IT managers and businesses. Webroot recently surveyed over 800 IT professionals in the US, UK and Australia, at companies ranging from 100 to 500 people in size, to learn what are their biggest concerns for […]

Continue Reading »

Play it Safe on Safer Internet Day

by

February 9 marks Safer Internet Day, and around the world, people are trying to help their fellow netizens navigate an obstacle course of threats to their security and privacy. InSafe, the organization funded by the EU that sponsors the annual youth-targeted event, has themed the day around the concept “Think B4 U post.” As grammatically sloppy as that sounds, it’s actually good advice. Readers of this blog shouldn’t be surprised that myriad dangers threaten the safety of all Internet users: Keylogging software disguised as “updates” are everywhere; Fake security alerts pop up when you least expect them; Phishing Web pages […]

Continue Reading »

Massive Spam Campaign Impersonates Social Networks

by

Spammers are the source of a flood of messages that appear to originate from various social networks, including Facebook and Myspace, as well as popular sites like iTunes. The spam messages usually just contain a link, and possibly a few words. Their subject matter falls into three general categories common to most contemporary spam: Pill vendors, Russian bride “vendors,” and drive-by download sites hosting Zbot password-stealer installers. It’s not unusual for spammers to forge the return addresses, but the sheer volume of spam that has been forged so it appears to originate from MySpace, Facebook, or iTunes is notable.

Continue Reading »

Cover Your Assets on Data Privacy Day

by

Today is Data Privacy Day, which is supposed to remind us all that keeping our digital secrets a secret is important and necessary. To commemorate the event, I’d like to run down some of the most serious privacy threats any of us could face on a daily basis: How a malware infection puts your privacy at risk. For years, it’s been clear that the creators and distributors of malicious software are after one thing above all others — money. Whether they steal it (by installing a keylogger, or just phishing) or defraud you out of it (by coercing users to […]

Continue Reading »

Rogue AV Payload Blocks Popular Websites

by

A payload file installed along with some variants of the rogue Internet Security 2010 “antivirus” program modifies victims’ networking settings within Windows, inserting itself into the network stack and preventing victims from visiting some of the Web’s most popular Web sites. More than 40 sites have been targeted, including: Microsoft’s live.com and Bing search engine; social networking giants Facebook, Twitter, MySpace, Bebo, LinkedIn, and YouTube; news organizations including Fox News, The New York Times, the Washington Post, and the UK’s Guardian and BBC news sites; and blogs hosted by blogger.com, livejournal.com, and wordpress.com. The payload modifies the Layered Service Provider (LSP) […]

Continue Reading »

Phishers Break WoW’s Magic Spell Over Gamers

by

By Curtis Fechner and Andrew Brandt While we’ve touched on the subject of World of Warcraft phishers (and the Trojans they attempt to spread) a handful of times in the past several months, it’s worth mentioning the ongoing problems phishing posts cause both players and Blizzard, the game’s operator. To recap, the official message board for World of Warcraft is under constant attack by phishers, who use stolen credentials to post message board articles containing malicious links under the names of the innocent players whose passwords have been stolen. The links, which can be tied to virtually any kind of […]

Continue Reading »