In case you missed it — and you very well might have considering what time this ball got rolling — Sony has officially flipped the switch on the PlayStation Network, restoring service in a limited capacity as a gradually filling map of the United States. charted the progress of the rollout through the night. The [...]
16 May 2011
If you are a regular user of Google’s search engine you might have noticed that poisoned search results have practically become a common occurrence. Google has, of course, noticed this and does its best to mark the offending links as such, but they still have trouble when it comes to cleaning up its image search [...]
10 May 2011
Facebook scammers know that in order to keep users falling for their scams, they have to use a variety of approaches. For example, there was a time where rogue applications were the scammers’ preferred method of making sure that the scheme is propagated through the social network. Before that, they were more partial to trying [...]
08 May 2011
Within hours of the announcement of Osama Bin Laden’s death, we are already seeing malicious sites emerge to capitalize on the news. One Spanish language site displays a purported photo of a murdered Osama Bin Laden and includes a story about the US led operation. Farther down the page, the reader is presented with a [...]
02 May 2011
Dutch GPS and navigation software giant, Tom Tom, recently took what I consider to be a small privacy step for the company, but a giant privacy step for mankind.Faced with evidence that the Dutch police have been using anonymised trip data from Tom Tom users to assist in enforcing speeding laws, Tom Tom CEO Harold [...]
02 May 2011
Google’s top-trending Anglophone search term right now is, understandably, “osama bin laden dead”. Google officially describes its hotness (you couldn’t make this stuff up) as volcanic.The short version, according to the LA Times, is that bin Laden was tracked to a “comfortable mansion surrounded by a high wall in a small town near Islamabad, Pakistan’s [...]
02 May 2011
After some months since the last blog post about the TDL rootkit, we have to come back and write again about this nasty threat that is targetting both 32 bit and 64 bit versions of the Windows operating system, succesfully bypassing all the security countermeasures implemented in the 64 bit version of Windows that should [...]
02 May 2011
From likejacking to photo-tagging, Facebook scammers are constantly searching for new ways to get their scam campaigns to spread through the social network. Early this weekend, we observed a new type of scam, this one leveraging Facebook’s new social plugin for websites that allow for comments. This is being exploited by scammers to get their [...]
02 May 2011
Scam Signature Message: 2 FREE Southwest Airline Tickets!Scam Type: Click-Jacking, Bogus OfferTrending: May 2011Why it’s a Scam:Clicking the wall post link takes you to the following page: Clicking the “Comment” click-jacks your account and presents the following bogus offer:If you read the fine, you must complete a total of 13 Sponsor Offers. Not only is this a ridiculous hoop to jump through, and [...]
02 May 2011
Scam Signature Message: Father walks in on his Daughter… EMBARRASIN!Scam Type: Survey Scam, Click-JackingTrending: May 2011Why it’s a Scam:Clicking the wall post link takes you to the following page: On this screen you really don’t have to click the right answer – any input will do. Clicking submit click-jacks your account and loads the following survey scam:Here we see the [...]
02 May 2011
I just saw an article by Mathew Schwartz for Information Week focused on a series of articles by Aleksandr Matrosov, Eugene Rodionov and myself for Infosec Institute.The articles are actually based on previous analyses of TDL3 and TDL4 by Aleksandr and Eugene, but even if you’ve seen those, you might find the aggregation of older and [...]
02 May 2011
Just a few days ago, two major web browsers have been updated to fix security vulnerabilities which may allow attackers to infect the computer with malware just by visiting a hacked website.Google released version 11 of the Chrome web browser. 18 of the more than 20 security holes which get closed with this release are [...]
02 May 2011
It’s starting to seem like Facebook can’t win against those who wish to use their service to scam, spam and simply cause trouble. Over the last day or so, a new type of attack has been spreading using the phrase “OMG! I Can’t believe JUSTIN Bieber did THIS to a girl”.It leads to a page [...]
30 April 2011
Yesterday, five weeks after shipping Firefox 4, the Mozilla project published the new browser’s first-ever security update. The Firefox version number bumps up to 4.0.1.The update fixes 50-odd bugs in total, amusingly including three fixes listed as specific to OS/2. Ironically, the latest official release of the OS/2 port of Firefox, dubbed Warpzilla, hasn’t yet [...]
30 April 2011
Scam Signature Message: OMG! I Can’t believe JUSTIN Bieber did THIS to a girlScam Type: Survey Scam, Click-JackingTrending: April 2011Why it’s a Scam:Clicking the wall post link takes you to the following page: On this screen you really don’t have to click the right answer – any input will do. Clicking submit click-jacks your account and loads the following survey [...]
30 April 2011
Antivirus Center is a rogue anti-spyware program from the same family as Internet Protection. This malware is installed onto your computer through the use of fake scanner pages and Trojans that pretend to be updates to Adobe Flash. When Antivirus Center is installed onto a computer it will be configured to start automatically when Windows [...]
30 April 2011
Malware distribution via email is far from dead. While we had a distinctly quiet period from October 2010 to March 2011, our stats show the bot herders are gearing up again with the proportion of spam with malware attachments rising, although still not as high as the peaks we saw mid last year when the [...]
30 April 2011
A while back we noticed that malware authors seem to have a thing for Chuck Norris. And why not: Chuck Norris kicks ass! We have been monitoring the situation carefully and have found several malware that show some sort of interest or tribute towards Mr.Norris.We started thinking; if our automation can detect malware by looking [...]
30 April 2011
Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injection and HTML Injection are security flaws that have been around for years. They are well know vulnerabilities, with well-known solutions. As we’ve seen in recent weeks, even well-established tech companies are not immune to these basic flaws: MySQL was compromised by SQL Injection WordPress.com was compromised by [...]
30 April 2011
Google has been sued over its Android location tracking practices, days after a similar suit was brought against Apple.According to The Detroit News, two Michigan women have filled a $50 million class-action suit against the web giant, demanding that the company stop offering Android phones that can track a user’s location.Google is using Android phones [...]
30 April 2011
This message may repeat. This message may repeat. For those of us old enough to have fond memories of the phonograph, the phrase “broken record” may come to mind.Yes, more user information has been leaked and in a totally preventable fashion. A season ticket sales representative for the New York Yankees accidentally emailed a spreadsheet [...]
29 April 2011
As we all know, compromised sites play an important role in web distributed malware, acting as the conduit, guiding user traffic to further malicious content. Sometimes, the attackers get lucky, and succeed in compromising a high profile, popular site. Another way to increase the number of users exposed to the attack is to compromise advertising [...]
29 April 2011
In the wake of the press reports concerning the recent data breaches at Sony and Epsilon, some organizations are getting the wrong idea about modern online attacks. The media largely chooses to cover mass-scale losses that affect large numbers of consumers from trusted brands.While it is important to raise awareness about keeping your data safe [...]
29 April 2011
In the absence of a genuine ticket to the real event, Facebook users are encouraging each other to reveal their Royal Wedding Guest name.Here’s a typical message that is currently being spread by well-meaning users across the social network: In honor of the big wedding on Friday, use your royal wedding guest name. Start with [...]
29 April 2011
