Online Paperless Billing – The New Attack Vector For Cyber Crime

I’m very much in favor of online paperless billing and, virtually all of my reoccurring monthly bills are delivered this way – directly to my inbox. For example (shown below), is a snapshot of the regular monthly email notice from my natural gas supplier.

A simple click on the embedded link, and …..

there’s the bill – which is identical, I might add, to the bill delivered by regular mail.

A couple of extra clicks to reach my online banking and, the bill is paid.

No stacking up bills to be dealt with (along with all the other bills), at a later date. Done – fini – terminado!

I like it and, I’m sure my utilities suppliers love it – since, in most cases, they get paid far in advance of the required payment date. A perfect system it seems – except, this is the Internet.

Ah, the Internet – the playground of every scumbag cyber criminal from Moscow to Montreal – and, beyond. So, it’s hardly surprising to see online paperless billing come under attack.

Yesterday, Commtouch let me know of an ongoing attack – directed at AT&T  customers – which automatically embeds malware onto the targeted machine, once the user clicks on the embedded link in the  billing notice.

Since the billing email shows an outrageous balance (in the following screen capture, $943.01), theoretically, the response ratio should be significantly higher than it might otherwise be.

Several months back, I received a billing notice from my cable supplier totaling $650 – versus the normal $150 – and, I can assure you, I clicked on the embedded link, immediately.

It was, of course, a massive screw up at their end. Never the less, I instinctively (and, without thinking) clicked on the link . Being frustratingly annoyed is often a powerful call to action. Cyber criminals know exactly how to wind us up –increasing the odds that we’ll respond inappropriately.

Graphic courtesy of Commtouch.

According to Commtouch, who generously shared their research –

The pattern to be aware of in this case is: <legitimate domain>/<recurring set of random letters>/<index.html>

The index.html file tries to exploit at least the following known vulnerabilities:

·Libtiff integer overflow in Adobe Reader and Acrobat       CVE-2010-0188

·Help Center URL Validation Vulnerability       CVE-2010-1885

Every link in the email (there are 9 links), leads to a different compromised site with malware hidden inside. Recipients who are unsure whether the email they have received is genuine or not (the malicious version is a very accurate copy), should mouse-over the links.

Genuine emails from AT&T will include AT&T website links.  For example the “att.com link will be the same in both places that it appears in the email – unlike the malicious version which uses two very different URLs.

I might add, that I use the WOT Browser add-on and, you’ll notice in the first graphic (at the top of this page), the green circle indicated the embedded link is safe. I strongly suggest that if you currently do not have WOT installed, that you consider doing so. As well, I use the Redirect Remover add-on which removes any redirect links in Firefox. An appropriate way to become aware of redirected links.

Four years ago, when I stated writing this Blog, I was hopeful that the cyber criminal threat to Internet users would be actively addressed. That at some point, governments and law enforcement would step up and actively seek out, and punish, the criminals who have turned the Internet into a minefield.

Governments, (the U.K, the U.S., Canada, Australia, India …) it seems, don’t give a fiddler’s f*ck – they appear to be much more interested in passing regressive Internet legislation directed at you – not cyber criminals. Legislation designed to massively infringe on individual personal privacy, and individual human rights. In the meantime, cyber criminals continue to roam freely.

As for law enforcement agencies – just try reporting a cyber crime to your local police department and, you’ll find that they couldn’t care less. Their focus is on low level behavioral crimes, like busting teenage Pot smokers. Just how much safer does that make you feel on the Internet?

Unless, there is a concerted effort on the part of all of us – and yes, that means you need to get involved – demanding a responsible approach to this outrageous criminality on the Internet – we will all, at some point, become a victim of cyber crime.

Do I sound angry? You bet I am.

Free Sucuri SiteCheck – Find Out If Your Site Has Been Hacked

I recently posted a piece – Webmasters Struggle With Hacked Sites – A Commtouch, StopBadware Report – which read in part: “Recent statistics indicate (surprise, surprise) – cybercriminals are increasing their targeting of websites for identity theft, virus distribution, and spamming.

And, according to a newly released survey (Compromised Websites: An Owner’s Perspective), from Commtouch and StopBadware – in which webmasters were queried on their fight against hacking – almost half of the survey participants (who had been hacked), had no idea until they received a warning from their own computer’s protection technology.”

Since I use WordPress as my blogging platform, I rely on the security apparatus WordPress has in place to protect me from the various cyber criminal attack schemes currently in play. Still, I would be more than a little naive if I didn’t  consider the possibility that WordPress’ site security is vulnerable to hacking.

If a security developer’s web site can be hacked – and, many have been in the last year – including Panda Security in just the past few days*, it lends credence to the suggestion that any site can be hacked.

*Late Tuesday night, at least 35 public facing websites belonging to Panda Security were hacked and defaced by the LulzSec and Anonymous hacking groups. The defacement also posted multiple usernames and passwords associated with Panda Security employees.

Frankly, it absolutely infuriates me when I consider that the 4 years plus that I’ve put into writing and maintaining this Blog could, in little more than a moment, be destroyed by a single act of a cyber criminal. In my weaker moments, I have visions of lining these creeps up against the wall and being done with them.

But, the reality is much different, of course. So, it’s incumbent upon me to ensure that visitors to this site are protected (imperfect as that might be), from the nasties which cybercriminals can load onto a site.

There’s no foolproof solution but, one measure which I employ frequently is taking advantage of a free service offered by Sucuri Security – which, quickly scans for the most common threats as illustrated in the following screen capture.

Additionally, all links within the site are scanned. The following screen shot shows a small representation of the hundreds of links which were scanned.

If you’re a blogger or a site owner, I suggest that you take advantage of this free service so that you can check if your site has been compromised. It’s one more tool in the fight against the increasing threats posed by cyber criminal gangs.

Scan your website free.

The Best “Stay Safe On The Internet” App? – Your BRAIN!

Yes, it’s true! There’s an application designed to help keep you safe on the Internet. And here’s the best part – you don’t have to buy, or download and install this application.

Most Internet users, in my experience, already have this app (some don’t – more about that later), and it works surprisingly well with a computer’s Firewall, Security Applications, and Browser security add-ons.

The Brain is a very efficient Internet safety device, and using it will provide a user with the best protection available while surfing the Internet. There’s a small problem with the Brain though – which might explain its frequent unreliability.

Just as a Firewall needs to be “trained”, to reach the best state of efficiency and protection capabilities, similarly, the Brain app requires “training’”; so that it too, can perform to its maximum potential as an Internet safety device.

Failure to train a software Firewall application, for example, can lead, in many cases, to an erratic and uncertain experience. The untrained Brain app as well, can exhibit parallel behavior.

Sadly, a significant number of Brain apps lack this training and as a result, many computer users fail to recognize the dangers, and threats, the Internet poses to their computers, and to their personal privacy.

The following is a current example of the dangers an untrained Brain can be exposed to:

Last week Naked Security warned of a Facebook worm that was spreading on the social network, tricking users into believing that they were clicking on a link to an image.

Although an unsuspecting user may believe that they are clicking on a link to a JPG image, the truth is that they are downloading an executable file that attempts to download further code (another piece of malware) from the net and drops a .BAT batch file onto infected computers.

The ultimate aim of all this malicious activity is to install the Dorkbot malware onto your Windows computer.

Clearly it’s time, if you haven’t already learnt the lesson, to realize that you should always be wary of links shared by friends on social networks – after all, how can you tell it was a friend who sent it or a piece of malware on their computer?

Times have changed; cybercriminals are increasingly more knowledgeable, quicker to respond to opportunities, and more relentless than ever in their attempts to separate surfers from their money.

Train that Brain – so that you are aware of the shape of the Internet landscape, and the changes that are occurring, or may occur in that landscape. Now, more than ever, Brain training is a necessity – a prerequisite to protecting yourself, and your computer, from cybercriminal attack.

Shameless self promotion: Subscribe to Tech Thoughts Daily Net News and stay in the loop. We’ll keep you on top of changing security conditions so that you’re better prepared to make proactive adjustments to your Internet security strategy. Just click on “Follow” – bottom right hand on this page – and you’ll never miss another Tech Thoughts article.

PC Tools Exposes “Harry Potter and the Deathly Hallows Part 2” Cyber Threat

The waiting game is almost over for Harry Potter fans who are hungry to feast their eyes on the much-anticipated final chapter in the Harry Potter franchise – Harry Potter and the Deathly Hallows Part 2.

There are always those of course who won’t wait – in this case until July 15. You know the type – the buttinskis who push ahead of you in line, or cut you off on the expressway – the ones you’d like to clunk upside the head.

Unfortunately, the obnoxious dimwits who behave in this way, tend to repeat this behavior across a broad range of personal activity, and I suspect, that the niceties of copyright law is well below their personal radar horizon.

The reigning experts in social engineering – cybercriminals (who, in my view, could teach “legitimate social engineering experts” a thing or two), are well aware of the “can’t wait buttinskis”, and in a perfect replay of the old “there’s no honor amongst thieves”, have made available through free torrent downloads –Harry Potter and the Deathly Hallows Part 2, except…

Except – PC Tools, the company which brings you PC Tools Firewall Plus (free), ThreatFire (free), and of course a complete line of award-winning commercial grade security offerings, has discovered that these free torrent downloads are nothing more than a new online malicious scam. Gotta admit – I love Karma payback!

I’m posting the bulletin PC Tools sent me yesterday on this, since it’s very instructive in terms of just how much effort cybercriminals will go through, in order to penetrate a target’s computer.

It’s not often possible to capture an online attack as it occurs, but in this case, PC Tools managed to do just that – see images and links listed below.

Here’s how the malicious scam works:

• First, a user searches torrents for free downloads of the final Harry Potter movie
• Results claiming to offer a free download of the new movie appear
• Once users download the file, .RAR file and password.txt downloads appear
• Users receive a message saying, “This video is password protected to stop automated leeching and detection. To get your password, please visit:
• Here, users are taken through a series of instructions to obtain their password.

One of which is choosing a link for a special offer while the site “verifies” the password

• Once users click on an offer, a new tab and pop-up open, asking users to save what seems to be a legitimate file
• After saving the file, cybercriminals have access to your computer—and the movie, of course, never appears on the screen

Harry Potter Threat  Exposed

Here’s what victims find while searching for the Harry Potter and the Deathly Hallows Part 2 movie or videos:

Users can discover apparently ripped versions of the new Harry Potter movie on file-sharing websites.

It looks like the movie is being downloaded on the victim’s computer.

The victim is instructed to decompress the archive.

RAR and password.txt files suddenly appear.

User is told to visit separate website by password.txt file.

The victim then sees this screenshot, claiming to be MovieYT.com.

User follows 3-step instructions, which takes them to a verification code check.

User clicks on VLC Player and a new tab is opened.

When hovering over the download button, the download executable file looks real.

Once the user clicks on the file, they are prompted to save it – this, of course, contains malware.

While all this is happening, the user is still waiting for the “Verification Check” from MovieYT – but the cybercriminals now have access to the victim’s computer. They have your password and other personal information that they can use to further attack you, your finances, your friends and social networks.

Worth repeating: Consider the trade-offs, and the very real risks involved with Peer to Peer and Torrent applications.

Privacy: When you are connected to file-sharing programs, you may unintentionally allow others to copy confidential files you did not intend to share. So be sure to setup the file-sharing software very carefully.

If you don’t check the proper settings when you install the software, you could allow access not just to the files you intend to share, but also to other information on your hard drive, such as your tax returns, email messages, medical records, photos, and other personal and financial documents.

It’s extremely important to be aware of the files that you place in, or download to, your shared folder. Don’t put information in your shared folder that you don’t want to share with others. Your shared folder is the folder that is shared automatically with others on peer to peer file sharing networks.

Copyright Issues: You may knowingly, or otherwise, download material that is protected by copyright laws and find yourself caught up in legal issues. Copyright infringement can result in significant monetary damages, fines, and even criminal penalties.

Some statistics suggest as many as 70% of young people between the ages of 9 – 14, regularly download copyrighted digital music. If you are a parent, you bear the ultimate responsibility for this illegal activity.

Adult Content: Again, if you are a parent you may not be aware that their children have downloaded file-sharing software on the family computer, and that they may have exchanged games, videos, music, pornography, or other material that may be unsuitable for them. It’s not unusual for other peoples’ files to be mislabeled and you or your children can unintentionally download these files.

Spyware: There’s a good chance that the file-sharing program you’re using has installed other software known as spyware to your computer’s operating system. Spyware monitors a user’s browsing habits and then sends that data to third parties. Frequently the user gets ads based on the information that the spyware has collected and forwarded to these third parties.

I can assure you that spyware can be difficult to detect and remove. Before you use any file-sharing program, you should buy, or download free software, that can help prevent the downloading or installation of spyware, or help to detect it on your hard drive if it has been installed.

Viruses: Use and update your anti-virus software regularly. Files you download could be mislabeled, hiding a virus or other unwanted content. Use anti-virus software to protect your computer from viruses you might pick up from other users through the file-sharing program.

Generally, your virus filter should prevent your computer from receiving possibly destructive files. While downloading, you should avoid files with extensions such as .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.

Default Closing Behavior: It is critical that you close your connection after you have finished using the software. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and will increase your security risk. Be sure to turn off this feature in the programs “preferences” setting.

What’s more, some file-sharing programs automatically run every time you turn on your computer. As a preventive measure, you should adjust the file-sharing program’s controls to prevent the file-sharing program from automatically starting.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Internet Security Revisited: There’s an App for That – Your BRAIN!

Yes, it’s true! There’s an application designed to help keep you safe on the Internet. And here’s the best part – you don’t have to buy, or download and install this application.

Most Internet users, in my experience, already have this app (some don’t – more about that later), and it works surprisingly well with a computer’s Firewall, Security Applications, and Browser security add-ons.

The Brain is a very efficient Internet safety device, and using it will provide a user with the best protection available while surfing the Internet. There’s a small problem with the Brain though, which might explain its frequent unreliability.

Just as a Firewall needs to be “trained”, to reach the best state of efficiency and protection capabilities, similarly, the Brain app requires “training’”; so that it too, can perform to its maximum potential as an Internet safety device.

Failure to train a software Firewall application, for example, can lead, in many cases, to an erratic and uncertain experience. The untrained Brain app as well, can exhibit parallel behavior.

Sadly, a significant number of Brain apps lack this training and as a result, many computer users fail to recognize the dangers, and threats, the Internet poses to their computers, and to their personal privacy.

The following is a perfect recent example of the results of an untrained Brain:

Malware in fake White House e-card steals data – Official-looking holiday e-greeting downloads Zeus malware, and secretly downloads PDFs and Microsoft Word and Excel documents to a server in Belarus.

So, in order to get the best out of this priceless Internet safety device, it needs to be trained. A good place to start this training process is The Enemy is at the Gate – Common Sense Tips for Internet and System Security, on this site.

Times have changed; cybercriminals are increasingly more knowledgeable, quicker to respond to opportunities, and more relentless than ever in their attempts to separate surfers from their money.

Train that Brain – so that you are aware of the shape of the Internet landscape, and the changes that are occurring, or may occur in that landscape. Now, more than ever, Brain training is a necessity – a prerequisite to protecting yourself, and your computer, from cybercriminal attack.

This article was originally posted here May 30, 2010.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Gmail Password Phishing Still Going Strong

For months now, Gmail inboxes have been flooded with one form or another, of the “Your Account Information Has Changed” phishing attack. Unfortunately, I don’t expect to see this Gmail  accounts scams reducing in volume any time soon.

This morning I received another email, purportedly from the Gmail Team, in which the spam scammer attempts to convince me that this is the genuine article.

Unlike most of these type of emails though, this one does not contain the usual misspelling, grammatical, and punctuation errors. In fact, this notice, as the following screen capture shows, is a brilliant forgery. And, it gets better, yet.

Despite the fact the cyber crooks involved here, have taken extraordinary care in developing this scam, the notice still shouts out the need to “stop and think” – before clicking.

No personalized greeting – Google, which knows more about me than anyone, except perhaps my mother, has chosen to use a generic greeting – Hello. How strange is that?

My information is incomplete – How can this be? I’ve been a Gmail user since day one, and I don’t recall that Google has ever been accused of losing data. This just doesn’t make any sense.

Of course, I didn’t response to this password phishing attempt and click on the enclosed link. But, those users who fell for this crafty scam were taken to a forged version of Gmail’s login page and, I’m quite sure – happily provided the requested information.

Google provides excellent advice on their page – Messages asking for personal information, from which the following has been taken.

Here’s what you can do to protect yourself and stop fraudsters:

Check the email address of the sender of the message by hovering your mouse cursor over the sender name and verifying that it matches the sender name.

Check whether the email was authenticated by the sending domain. Click on the ‘show details’ link in the right hand corner of the email, and make sure the domain you see next to the ‘mailed-by’ or ‘signed-by’ lines matches the sender’s email address.

Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site. Although some links may appear to contain ‘gmail.com,’ you may be redirected to another site after entering such addresses into your browser.

Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.

Check the message headers. The ‘From:’ field is easily manipulated to show a false sender name. Learn how to view headers.

If you’re still uncertain, contact the organization from which the message appears to be sent. Don’t use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.

If you enter your Google account or personal information as the result of a spoof or phishing message, take action quickly. Send a copy of the message header and the entire text of the message to the Federal Trade Commission at spam@uce.gov. If you entered credit card or bank account numbers, contact your financial institution. If you think you may be the victim of identity theft, contact your local police.

Note: Despite 20+ years of experience using Webmail, one of my Gmail accounts was hacked recently. I have yet to work out exactly how this was accomplished.

It’s important that you know that Google is not immune to hacking, as the fairly recent fiasco in China, in which Chinese hackers compromised Chinese activists’ Gmail accounts, illustrates. In fact, Gmail hacking is a much more common occurrence than most users are aware of.

To further illustrate just how common this is, the article I wrote on being hacked – My Gmail Account Hacked From Nigeria, continues to be one of the most read articles I’ve written.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

I’ve Got 10 Kilos Of GOLD I Want To Share With You!

My Australian friend Rod, a security developer executive, regularly forwards copies of scam emails that his company detects, through their various Internet  resources.

I’m very appreciative that Rod takes the time to do this, since it keeps me in the loop at the company level on email scams and malware threats. And,  it gives me a chance to LMAO – some of these emails are outrageously funny.

Every get one of those emails? Sure you have. In fact, you probably get a lot of emails similar to the one below, recently forwarded by Rod – this one is particularly ridiculous. But, that’s the point in using it as an illustrative example.

Anyone with an email address is bound to be bombarded with this type of scam email (including the misspellings, lack of punctuation, incorrect grammatical usage, etc.).

How are you doing sir/madam? My name is Mr. Twum a 25 year old man, please dont be surprise i got your email from yahoo. i have 10kilogram of AU RAW GOLD, i got this Gold as a beneficiary from my parent as their only son . i dont know much about Gold so i am here looking for someone who can lecture me on how i can sell the Gold and how much it worth at the market.

please note that i have all legal documentation from my late dad before he passed away and on one of the documents, It is said the specification of the gold is,

QUALITY : 22+Carat with a minimum

PURITY : 96% Or Better

Origin : Ghana.

And i am ready to send sample to you to test and see if it is Gold as i can read clearly.

if you so interested. have a nice day and enjoy your day

hope to hear from you soon

Opening this type of email is definitely not recommended (despite the humor), since, at a minimum, opening one lets the spammers/scammers know that your email address is “live”. Generally not a good idea, since this virtually guarantees you will receive a lot more spam.

We’ re all pretty curious, and spammers/scammers, being experts at social engineering – “the act of manipulating people into performing actions or divulging confidential information, for the purpose of fraud, or computer system access”, rely on this to manipulate victims into opening this type of email.

While there may be some dispute as to whether “curiosity killed the cat”, there is no dispute as to the likely outcome of following the instructions contained in emails of this type because of curiosity.

For those who are swept away by an overriding curiosity  – go ahead and click and then follow the instructions. But before you do, make sure you have:

A current backup CD/DVD or other media containing your irreplaceable files – you’re going to need it.

Your original operating system install disk – you’ll need this too.

Your system and peripherals driver disks. Without these you’re going to spend hours on the Internet locating (if your lucky), drivers that were written specifically for your hardware and peripherals.

You can save yourself all this trouble, and heartache, just by one simple action, or more properly; by a single inaction. Don’t click!

Scam emails like this are designed, and crafted, to seek out financial information from you, or from your computer, that can be used to steal your money and your identity. As well, they can be designed to install various types of malware  that can have drastic consequences for your system’s stability.

You may well be curious when it comes to emails like this, but don’t let your curiosity override your common sense. Security experts argue (none too successfully it seems), that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly”, or opening the type of files that are clearly dangerous.

You may be lucky, and you may be able to recover control of your computer if your anti-malware applications are up to date, and the malware signature recognize the intruder as malware.

But I wouldn’t count on it. Often, anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

It is beyond dispute that the Internet now fits the criteria of a world that is not just perceived to be, but is in fact, personally threatening to uninformed or casual Internet users. I could go on, but I think the message here is clear. Think carefully before you click.

Despite every warning under the sun, there are people who will open this type of email. And, in that group, there will be people who will respond. If you’re having trouble believing this – believe it. If this type of scam didn’t show results, we wouldn’t have to deal with them on a constant basis.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Your Account Information Has Changed Phishing Attack

The spam landscape changes constantly with new tactics and new threats evolving, seemingly on a daily basis. A recent tactic which appears to have found favor with cyber criminals is, the limited scale, targeted phishing attack – attacks which are aimed at a particular organization, or a particular industry segment.

Designating specific targets has some obvious advantages for cyber crooks, not the least of which is – most of us don’t get to hear about them. Since the focus is narrow, this type of threat typically slides under the radar and tends not to be reported due to the low numbers involved. Despite the low numbers, this type of attack can be surprisingly effective.

Given that the content is specific to the targeted recipient, the engagement factor, where the potential victim actually opens the email and attachments, is much higher than with a a broad scale shotgun attack.

Here’s a real world example of a current attack:

This week, in conversation with my friend Rod, an Australian antimalware company executive, he mentioned that his group of companies, and product users, had been targeted specifically as the following email samples indicate.

Sample 1:

Subject: Your antivirus.com.au account information has changed

Hello, xxxxx@antivirus.com.au.

We received your request to reset your antivirus.com.au password. To confirm your request and reset your password, follow the instructions below. Confirming your request helps prevent unauthorized access to your account.

If you didn’t request that your password be reset, please follow the instructions below to cancel your request.

Sample 2:

Hello, xxxxx a@nod32.com.au.

Please reply to this email message to confirm your subscription to nod32.com.au.

Your email address has been entered for a subscription to the nod32.com.au mailing list. However, your new subscription requires a confirmation that you received this email message and want to join this mailing list.

To confirm that you do want to join click here.

To unsubscribe immediately click here.

Thank you.

It’s obvious from the content, that the crooks involved in this attack have increased the chances of success, by providing the recipient with the opportunity to respond both positively, or negatively. If the recipient responds either way, the crooks win, and the victim loses.

Advice worth repeating:

If you have any doubts about the legitimacy of any email message, or its attachment, delete it.

Better yet, take a look at the email’s headers. Check the initial “Received from” field in the header, since this field is difficult to forge. Additionally, the mail headers indicate the mail servers involved in transmitting the email – by name and by IP address. It may take a little practice to realize the benefits in adding this precaution to your SOP.

For example, to do this is Gmail –

Log in to Gmail.

Open the message you’d like to view headers for.

Click the down arrow next to Reply, at the top-right of the message pane.

Select Show original.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

FIFA World Cup Scammers Using Double Attack Mode Says Symantec Hosted Services

If one is good, then two must be better, right? FIFA World Cup  scammers apparently believe this double whammy approach will be more successful in helping them overcoming security safeguards, and perhaps even a targeted victim’s reluctance to engage with malicious email.

According to Symantec Hosted Services’ MessageLabs Intelligence unit, they have intercepted “a run of 45 targeted malware emails in route to a number of Brazilian companies across industries”.

The MessageLabs Intelligence unit discovered the attack had been crafted using both an infected  PDF attachment, and a malicious web link. The outcome of this double barreled approach could mean, “even if the malicious PDF attachment is removed by an anti-virus gateway, the malicious link remains in the body of the email and may still be delivered to the recipient” stated Symantec.

As the tournament continues, don’t be surprised to see more World Cup-related spam and malware threats emerge.

You can learn more about World Cup-related spam here.

About MessageLabs Intelligence:

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

PandaLabs Says the Facebook “Like” Option May Scam You

PandaLabs, the anti-malware laboratory of Panda Security, the company responsible for Panda Cloud Antivirus, the  antimalware application that should be high on every users list of installed antimalware applications, reported today on the increasing number of scams that utilize the Facebook “Like” option.

According to Panda, in one particular attack –

“The attack uses eye-catching messages related to the popular game Farmville, the “Sex and the City 2” movie, or the keyword sex to grab the attention of logged-in Facebook users as they browse Web pages with the “Like” button, the Facebook wall feature or messaging system.”

If you are a Facebook user, and you want to keep your “friends” happy, use extreme caution in using the Like option. In a  “clickjacking” attack, you’ll end up recommending your “Like” to all your friends, who may not be at all impressed with your choice, since you have potentially made them part of the clickjacking attack. Probably not a good way to keep friends and influence people.

If you’re wondering why clickjacking is important to cyber-criminals, I’ll let Panda CEO, Luis Corrons explain it –

“Cyber-criminals can make money just by tricking you into visiting a Web page with ads. Or worse still, they can spread malware and infect you. This possibility has not yet been exploited, but it would be relatively easy and effective to do it.”

Additional information is available in the PandaLabs blog.

About PandaLabs

Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security’s new security model which can even detect malware that has evaded other security solutions.

Currently, 99.4 percent of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), who work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

This explanation of how Panda manages its enterprise, is one reason I’m so high on Panda Cloud Antivirus as a first line of defense against malware infection. If you haven’t tried it yet, then check it out here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.