Posts Categorized: social networks


Phishers Cast Their Nets in the Social Media Pool

by

By Ian Moyse, EMEA Channel Director It can seem at times that the only people who like change are Internet attackers. And they don’t just like it—they need it. Technology’s rapid changes give cybercriminals new attack vectors to exploit, and new ways to turn a profit out of someone else’s misfortune. Take phishing, for example. The concept is simple: Send an email disguised as a message from a bank, PayPal, or UPS. Wait for the user to click a link in the message, and enter their private details into a phishing site, and presto! The attacker attains financial or personal […]

Continue Reading »

Facebook-Spamming Worm Wants Your Eyeballs

by

(Update, July 11, 2011:  On May 25, 2011, we were contacted by representatives of Future Ads, LLC, the parent company of both Playsushi and Gamevance.  Future Ads informed us that they, too, had been victims of a scam perpetrated by rogue affiliates who seemed to be involved with the malicious campaigns we described in this post.  Future Ads claims that it has taken action to prevent this type of abuse from happening in the future.) A worm that has been circulating on Facebook in the form of a Facebook application appears to have been engineered to drive traffic to a […]

Continue Reading »

Pinball Corp’s Appbundler Employs Malware-like Techniques

by

For a couple of weeks now, I’ve been noticing a curious (and increasingly prevalent) phenomenon: Some of the free Web hosts popular among those who engage in phishing are popping new types of multimedia ads over the tops of the pages they host. Not only does the victim, in this case, risk having their login credentials to banks or social media sites phished, but many of those ads behave almost identically to “missing codec” social engineering scams that have been popular among malware distributors for years. The ads — and I use the term very loosely, because these contrivances fall […]

Continue Reading »

Spammed YouTube Comments Promote Adware – Successfully

by

(Update, July 11, 2011:  On May 25, 2011, we were contacted by representatives of Future Ads, LLC, the parent company of both Playsushi and Gamevance.  Future Ads informed us that they, too, had been victims of a scam perpetrated by rogue affiliates who seemed to be involved with the malicious campaigns we described in this post.  Future Ads claims that it has taken action to prevent this type of abuse from happening in the future.) By Curtis Fechner and Andrew Brandt I was poking around at the end of the work day last week, checking out the newly-released trailer for […]

Continue Reading »

10 Threats from 2010 We’d Prefer Remain History

by

With 2010 finally behind us, and an unknown number of cyberattacks likely to come in the new year, I thought I’d run down a brief list of the malicious campaigns criminals pulled off last year that I’d really dread to see anyone repeat. Now that they’re in the past, they should stay there. Operation Aurora: Google’s accusation (with Adobe, Juniper Networks, Rackspace, Yahoo! and Symantec) that China hacked its servers, allegedly stealing private emails stored on the company’s servers. The big surprise wasn’t that it was happening, but that companies were publicly talking about it. Abused ccTLDs: 2010 saw lots […]

Continue Reading »

Rogue AV Spam Invades Multiply, Yahoo Mail

by

While nowhere near the size of the mammoth Facebook, the social network Multiply is no slouch. Based in Boca Raton, Florida, the site is designed around not only sharing photos and videos with friends and family, but also a relatively novel concept called social shopping, which permits users of the site to shop together in a virtual marketplace, or even set up an Internet storefront. At last count, according to Multiply’s blog, the site has over 12 million users, which means that the Multiply Market may be one of the largest single shopping Web sites in Southeast Asia, where most […]

Continue Reading »

Malware Threats: What Would Churchill Do?

by

By Ian Moyse, EMEA Channel Director With Christmas fast approaching, (lest we forget the shops have kindly put all the Christmas goods out in September and early October again!) we can expect online attacks to increase as per their normal schedules, ramping up through the end of the year. With apologies to Sir Winston Churchill, never in the field of Internet conflict was so much harm done to so many by so few. For all the benefits the Internet provides our lives, no single technology has given so few criminals the ability to cheaply and easily target the many. We’ve […]

Continue Reading »

Five Reasons You Should Always “Stop. Think. Connect.”

by

Today’s the official kickoff for National Cyber Security Awareness Month, and the organizations supporting the event, including the National Cyber Security Alliance, the Anti-Phishing Working Group, and dozens of corporate citizens including Webroot, want you to protect your computer and your personal information. So they’ve come up with a three word campaign slogan they hope will become conventional wisdom for every Internet user: Stop. Think. Connect. Think of it as the 21st century equivalent of looking both ways before crossing the street. In my case, they’re preaching to the choir. For years, I’ve advocated that people treat everything they see […]

Continue Reading »

Workplace Social Networking: More Like Antisocial Not-working

by

By Ian Moyse, EMEA Channel Director Hardly a week goes by when the national press doesn’t carry a story about how social networks represent a threat to privacy or security, or both. These news stories aren’t wrong: Users of social networks face a raft of risks, ranging from malware attacks and identity theft, to cyberbullying, grooming from sexual predators or stalkers, viewing or posting inappropriate content, and the ever-present risk that you (or someone you work with) might end up with your foot (or is it your keyboard?) firmly in mouth. Using social networks to give out too much information […]

Continue Reading »

Fake Flash Update Needs Flash to Work

by

If you live in the US, you may have played sports, barbequed, or enjoyed the last long weekend of the summer outside doing something fun outdoors. Unfortunately, that wasn’t an option here in Boulder, where a large wildfire generated a thick plume of smoke and ash. So, what’s a malware analyst to do indoors on a beautiful day with toxic smoke outside? Why, spend some quality time with Koobface, of course. I took a closer look at the worm’s behavior and also noted that, since the Migdal keylogger site went dark for the Koobface crew, they’ve switched to using a […]

Continue Reading »