Tag Archives: Commtouch

Online Paperless Billing – The New Attack Vector For Cyber Crime

imageI’m very much in favor of online paperless billing and, virtually all of my reoccurring monthly bills are delivered this way – directly to my inbox. For example (shown below), is a snapshot of the regular monthly email notice from my natural gas supplier.

A simple click on the embedded link, and …..

Enbridge 1

there’s the bill – which is identical, I might add, to the bill delivered by regular mail.

Enbridge 2

A couple of extra clicks to reach my online banking and, the bill is paid.

image

No stacking up bills to be dealt with (along with all the other bills), at a later date. Done – fini – terminado!

I like it and, I’m sure my utilities suppliers love it – since, in most cases, they get paid far in advance of the required payment date. A perfect system it seems – except, this is the Internet.

Ah, the Internet – the playground of every scumbag cyber criminal from Moscow to Montreal – and, beyond. So, it’s hardly surprising to see online paperless billing come under attack.

Yesterday, Commtouch let me know of an ongoing attack – directed at AT&T  customers – which automatically embeds malware onto the targeted machine, once the user clicks on the embedded link in the  billing notice.

Since the billing email shows an outrageous balance (in the following screen capture, $943.01), theoretically, the response ratio should be significantly higher than it might otherwise be.

Several months back, I received a billing notice from my cable supplier totaling $650 – versus the normal $150 – and, I can assure you, I clicked on the embedded link, immediately.

It was, of course, a massive screw up at their end. Never the less, I instinctively (and, without thinking) clicked on the link . Being frustratingly annoyed is often a powerful call to action. Cyber criminals know exactly how to wind us up –increasing the odds that we’ll respond inappropriately.

image

Graphic courtesy of Commtouch.

According to Commtouch, who generously shared their research –

The pattern to be aware of in this case is: <legitimate domain>/<recurring set of random letters>/<index.html>

The index.html file tries to exploit at least the following known vulnerabilities:

·Libtiff integer overflow in Adobe Reader and Acrobat       CVE-2010-0188

·Help Center URL Validation Vulnerability       CVE-2010-1885

Every link in the email (there are 9 links), leads to a different compromised site with malware hidden inside. Recipients who are unsure whether the email they have received is genuine or not (the malicious version is a very accurate copy), should mouse-over the links.

Genuine emails from AT&T will include AT&T website links.  For example the “att.com link will be the same in both places that it appears in the email – unlike the malicious version which uses two very different URLs.

I might add, that I use the WOT Browser add-on and, you’ll notice in the first graphic (at the top of this page), the green circle indicated the embedded link is safe. I strongly suggest that if you currently do not have WOT installed, that you consider doing so. As well, I use the Redirect Remover add-on which removes any redirect links in Firefox. An appropriate way to become aware of redirected links.

Four years ago, when I stated writing this Blog, I was hopeful that the cyber criminal threat to Internet users would be actively addressed. That at some point, governments and law enforcement would step up and actively seek out, and punish, the criminals who have turned the Internet into a minefield.

Governments, (the U.K, the U.S., Canada, Australia, India …) it seems, don’t give a fiddler’s f*ck – they appear to be much more interested in passing regressive Internet legislation directed at you – not cyber criminals. Legislation designed to massively infringe on individual personal privacy, and individual human rights. In the meantime, cyber criminals continue to roam freely.

As for law enforcement agencies – just try reporting a cyber crime to your local police department and, you’ll find that they couldn’t care less. Their focus is on low level behavioral crimes, like busting teenage Pot smokers. Just how much safer does that make you feel on the Internet?

Unless, there is a concerted effort on the part of all of us – and yes, that means you need to get involved – demanding a responsible approach to this outrageous criminality on the Internet – we will all, at some point, become a victim of cyber crime.

Do I sound angry? You bet I am.

12 Comments

Filed under Cyber Crime, email scams, Malware Alert

Webmasters Struggle With Hacked Sites – A Commtouch, StopBadware Report

imageI’m often asked why I host this Blog on WordPress.com – why I don’t self host, and maybe make a few dollars, while I’m at it, by running ads. So, I’ll start with the back-end first.

It’s not about money – far from it. I write this Blog to have a little bit of fun; to help keep my mind sharp (often a failing exercise  Smile  ) – and, to be part of a community which recognizes the need to educate computer users that the Internet is not all sweetness and light.

That’s the back-end – but, it’s the front-end that’s most important. WordPress does all the heavy lifting. All elements are taken care of: setup, upgrades, spam, backups, and site security. Site security might be last in the previous sentence but, it was the most important factor in my decision to use WordPress as my blogging platform.

Just a few of the security reasons:

Potential harmful activity is constantly monitored.

Blog PHP code can’t be modified.

Plugins can’t be uploaded.

JavaScript embed codes and CSS, are restricted.

I’m not suggesting that WordPress can’t, or won’t be hacked (nothing on the Internet is invulnerable to cyber criminals) – but, should sites hosted by WordPress.com fall to  the bad guys, those of us who rely on WP, will at least have a fighting chance to recover. This is not always the case for self-hosted sites.

Recent statistics indicate (surprise, surprise) – cybercriminals are increasing their targeting of websites for identity theft, virus distribution, and spamming. And, according to a newly released survey (Compromised Websites: An Owner’s Perspective), from Commtouch and StopBadware – in which webmasters were queried on their fight against hacking – almost half of the survey participants (who had been hacked), had no idea until they received a warning from their own computer’s protection technology.

More particularly, according to the Commtouch/StopBadware report – “about half of site owners discovered the hack when they attempted to visit their own site and received a browser or search engine warning.”  Not a very effective method of discovering one’s site has been hacked. As opposed to WP’s – “Potential harmful activity is constantly monitored.”

Highlights from analysis of the survey’s responses include:

Over 90% of respondents didn’t notice any strange activity, despite the fact that their sites were being abused to send spam, host phishing pages, or distribute malware.

Nearly two-thirds of the webmasters surveyed didn’t know how the compromise had happened.

Twenty six percent of site owners had not yet figured out how to resolve the problem at the time they completed the survey.

Forty percent of survey respondents changed their opinion of their web hosting provider following a compromise.

The report includes several examples of hacked websites, as well as the spam emails that may trick users into visiting these sites. In addition to analysis and quotes from site owners, the report provides tips to help webmasters prevent their sites from being compromised.

The following graphic illustrates why cyber criminals target web sites.

image

Courtesy – Commtouch

The full report is available for download (PDF format) at:

Commtouch

StopBadware

10 Comments

Filed under Blogging Tips, Cyber Crime, Malware Reports, Reports, Web Hosting

Cyber Criminals Bump Up Efficiency Using Cloud Services

In a comment response yesterday to regular reader Mal C., I made the point – “It’s the person at the keyboard, that’s where the trouble starts – not the OS”. Continuing the discussion with regular reader John B., I expanded on this –

“It’s the person at the keyboard, that’s where the trouble starts – not the OS”, is operative – no matter the operating system.

Just one example: Email accounts are continuously been phished (“your account will be deactivated”, is a popular approach), with the objective being to have the user respond with, password, DOB, mobile telephone number, etc.

If the phish is successful (and many are), the crook ends up controlling that account. Cyber crimes like this, are not system specific. They depend on unaware, undereducated users, for their success.”

As luck would have it, this morning I got an invitation from Commtouch, to post an upcoming article here on Tech Thoughts (which will be published on their site shortly), that partly supports this view.

Cloud Streamlines Efficiency of Identity Theft

Working with cloud-based services significantly improves economies of scale – for cybercriminals, too. Phishers are already benefiting from free hosting by hiding phishing pages within hacked legitimate sites.  Now, they are leveraging cloud-based form management sites, such as Google docs or formbuddy.com. to collect information from unwitting victims.

With this technique, the phisher does not have to worry about creating/managing/storing back-end form data and can more easily scale the harvesting of phished data.  Those duped into filling out the form will not be aware of this nuance.

We just hope victims are paying attention when they fill out a seemingly legitimate form that directly asks for an “email address password.” If their attention lags, they are giving the phisher a significant pay-off for a minimal investment: Identity theft.

This attack targets users of HomeAway holiday rentals – See the images below. Click on an image to expand.

image

A look at the page source reveals that the filled in form is sent to “formbuddy.com” and not collected directly by the phisher.  Formbuddy.com collects and stores all the responses to the “form” shown above, and then emails a neat summary to the phisher (whose login name is “fanek”).

image

As a matter of interest, WOT (Web of Trust) warns against visiting formbuddy.com, as per the following screen capture.

image

As an aware and educated computer user, I know that you wouldn’t be deceived by this type of clumsy attempt to defraud – under no circumstances would you disclose your email address password to anyone.

As I said at the opening, these schemes depend on unaware, undereducated users, for their success. Unfortunately, that describes far to many Internet users.

About Commtouch:

Commtouch provides proven Internet security technology to more than 150 security companies and service providers including 1&1, Check Point, F-Secure, Google, Microsoft, Panda Security, Rackspace, US Internet, WatchGuard and Webroot,, for integration into their solutions. Commtouch’s GlobalView™ and patented Recurrent Pattern Detection™ (RPD™) technologies are founded on a unique cloud-based approach, and protect effectively in all languages and formats.  Commtouch’s Command Antivirus utilizes a multi-layered approach to provide award winning malware detection and industry-leading performance.

More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Cloud Computing, Cyber Crime, Cyber Criminals, Don't Get Scammed, Don't Get Hacked, email scams, Freeware, Internet Security Alerts, Online Safety, Phishing, Windows Tips and Tools, WOT (Web of Trust)