Computer Security Articles

Today there are many social networks on the internet and everyday new ones are being introduced with new and better features. They have unique and useful features, which makes it easy for users to remain updated with friends. They also offer apps for different smartphones providing even easier access to friends and other useful information. [...]

Read the full story

In case you missed it — and you very well might have considering what time this ball got rolling — Sony has officially flipped the switch on the PlayStation Network, restoring service in a limited capacity as a gradually filling map of the United States. charted the progress of the rollout through the night. The [...]

Read the full story

If you are a regular user of Google’s search engine you might have noticed that poisoned search results have practically become a common occurrence. Google has, of course, noticed this and does its best to mark the offending links as such, but they still have trouble when it comes to cleaning up its image search [...]

Read the full story

Facebook scammers know that in order to keep users falling for their scams, they have to use a variety of approaches. For example, there was a time where rogue applications were the scammers’ preferred method of making sure that the scheme is propagated through the social network. Before that, they were more partial to trying [...]

Read the full story

Within hours of the announcement of Osama Bin Laden’s death, we are already seeing malicious sites emerge to capitalize on the news. One Spanish language site displays a purported photo of a murdered Osama Bin Laden and includes a story about the US led operation. Farther down the page, the reader is presented with a [...]

Read the full story

From likejacking to photo-tagging, Facebook scammers are constantly searching for new ways to get their scam campaigns to spread through the social network. Early this weekend, we observed a new type of scam, this one leveraging Facebook’s new social plugin for websites that allow for comments. This is being exploited by scammers to get their [...]

Read the full story

Malware distribution via email is far from dead.  While we had a distinctly quiet period from October 2010 to March 2011, our stats show the bot herders are gearing up again with the proportion of spam with malware attachments rising, although still not as high as the peaks we saw mid last year when the [...]

Read the full story

Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injection and HTML Injection are security flaws that have been around for years. They are well know vulnerabilities, with well-known solutions. As we’ve seen in recent weeks, even well-established tech companies are not immune to these basic flaws: MySQL was compromised by SQL Injection WordPress.com was compromised by [...]

Read the full story

Google has been sued over its Android location tracking practices, days after a similar suit was brought against Apple.According to The Detroit News, two Michigan women have filled a $50 million class-action suit against the web giant, demanding that the company stop offering Android phones that can track a user’s location.Google is using Android phones [...]

Read the full story

Emails disguised as electronic cards have been used as bait over and over again for malicious intent. The fact that they are overused is a clear indicator that this lure indeed works.  Websense Security LabsT and the Websense ThreatSeekerR Network recently came across an e-card themed email.  Our customers are protected from this threat by ACE, our Advanced [...]

Read the full story

Any trick to get Pay Per Installs (PPI) money from Ad-supported companies is good these days.This site (www.megavideomovieshare.com/?title=) is usurping MegaVideo’s identity to get people to install adware programs. (The real site does not require you to install “plugins” other than the default Flash Player).The plugin you must download is in fact the well known “ClickPotato” adware.To make [...]

Read the full story

RE/MAX is a well known international real estate company. Here is one of their Israeli’s websites:remaxplus.co.ilAlthough everything looks fine on the surface, the site has been hacked and is hosting malware:remaxplus.co.il/Include/zombie60.exeThe file is poorly detected on VirusTotal (5/41).Upon running zombie60.exe, a copy is placed under:The following TCP connections are made:The IP 67.205.124.38 points to a [...]

Read the full story

The wave of  United Parcel Service, DHL Global and Post Express Office spam – which has been so prolific and leading to scareware infections – changed to Bobijou Inc. over the Easter weekend.However, the first batch sent out was flawed. As you can see below, the file attached has a “.dat” extension.The mistake was rectified [...]

Read the full story

I always find it interesting to know what goes on in cyber criminals’ minds.Lately I’ve been observing a deluge of websites being hacked and serving drive-by downloads in the form of Java exploits under the name mario.jar.Below is a screen cap of some of those caught by our HoneyPots:On the left hand side are sites that have been hacked [...]

Read the full story

Some sort of .htaccess hack is going on, redirecting users to infernomag.com and then on to a malicious site that looks like it’s downloading a Zbot variant. It only seems to work with Internet Explorer, and only when the page is accessed from a search engine (like Google). infernomag.com is hosted on 85.17.132.194 (Leaseweb) which [...]

Read the full story

This particular scam has been around for a couple of years and is so common now that I’ve christened this group of scam domains “Lapatasker” after the email address used in some of the older WHOIS details.New domains for this scam (all registered on 26/4/11) are:1job-europ.comconsult-europ.commiddle-consult.comwestconsult-eu.comThe (probably fake) contact details on the domains are:    Vilechka [...]

Read the full story

A currently ongoing malware campaign is impersonating Bobijou Inc for malware-serving purposes.Sample subject: “Successfull Order 977132“Sample message: “Thank you for ordering from Bobijou Inc.This message is to inform you that your order has been received and is currently being processed.Your order reference is 901802. You will need this in all correspondence. This receipt is NOT [...]

Read the full story

The WordPress team just released a new version of WordPress (3.1.2) to fix a security issue where contributor-level users were allowed to publish posts. It is a small release, and everyone using WordPress should upgrade to it! From the WordPress site: WordPress 3.1.2 is now available and is a security release for all previous WordPress [...]

Read the full story

Weekly (kinda daily) malware update. You can track all updates by following our malware_updates category. *If your site has been affected with any of these issues, contact us at support@sucuri.net or visit http://sucuri.net to get help or if you want to share some information with us. Today we started to see a lot of sites [...]

Read the full story

These are allegedly German companies, but: They are all very recently registered (4th and 17th April 2011) The registrar is in China (BIZCN.COM) The web host is in Romania In each case a Yahoo email address has been used The host is “Enter Net Team” / “Power Host” in Romania. Blocking 86.55.96.0/23 is a quick [...]

Read the full story

Implicated in malware distribution, botnet C&Cs and spam, the network range 62.122.72.0/21 (62.122.72.0 - 62.122.79.255) is currently quite active in evil activities (you can find examples here and here and the SiteVet report here). There aren’t many sites in this block, and they are almost all either in 62.122.73.0/24 and 62.122.75.0/24 (but blocking the /21 is safer).. [...]

Read the full story

We first detected malware from globalpoweringgathering.com almost a month ago, and posted on our blog about it. But just on the last few days, we started to see a big increase in the number of sites infected with it.We were able to catalog a find almost 3 thousand sites with this malware and Google lists [...]

Read the full story

Google has released a video showing at least some of the security and data protection techniques used in its worldwide network of data centers.The video plays like a souped-up advertisement for the search giant and its Google Apps suite of online business applications – there are more than a few visual allusions to the Tom [...]

Read the full story

An American citizen has admitted to stealing data for more than 676,000 payment cards from databases he hacked into and netting more than $100,000 by selling them in underground bazaars online.Rogelio Hackett, 26, of Lithonia, Georgia, pleaded guilty to one count of access device fraud and one count of aggravated identity theft. He admitted a [...]

Read the full story