TechBlog

Symantec Connect: Symantec is intercepting a resurgence of spam attacks on popular brands. Spam messages that are replicas of the Wikipedia email address confirmation alert are the new vector for the present. The said spam messages pretend to be originating from Wikipedia, and are selling meds, with the following subject line: “Subject: Wikipedia e-mail address confirmation”. The spoofed Wikipedia page is a ploy to give legitimacy to the sale of meds online. The embedded URL in the message navigates to a fake online pharmacy site that is dressed up as a Wikipedia Web page. Furthermore, to give the email a legitimate look, the spammer has added the recipient’s IP address in the body of the spam mail. Needless to say this IP does not belong to the user. ...

The H-Online: A beta of version 12 of the Opera web browser has been released with privacy and security-focused improvements. Code-named “Wahoo”, the Opera 12.00 beta now runs plugins out-of-process and includes optimizations for better SSL handling. Running plugins in their own process not only improves the smoothness and stability of the browser but can limit the damage some plugin exploits can do. Privacy is enhanced with support for the “Do Not Track” (DNT) header, which is used to tell web sites that the browser user wishes to opt-out of online behavioral tracking. ...

Cnet: Forrester’s CEO isn’t the only one spouting doom and gloom for Apple today. Now Eugene Kaspersky, the CEO of security firm Kaspersky Lab, says Apple is headed for a rough patch. However, this one’s in the world of computer security, and he says Apple is already getting into the thick of it. Speaking to Computer Business Review at Info Security 2012 show in London this week, Kaspersky said that when it comes to computer security, Apple’s Mac platform was a decade behind Microsoft‘s, and that it’s got some things to learn from its rival. ...

The H-Online: Online forums have, for some time, apparently been the target of hackers who inject additional code. However, the attackers aren’t interested in publishing cool slogans or political messages, they’re looking for money. They steal Google traffic from the forums and exploit this traffic via ads. Their main targets appear to be forums that are based on the vBulletin software. Unlike the “Look how cool I am” crackers, these attackers have very discreet working methods. They hide their code deeply within the system and ensure that their redirections don’t attract much attention. Only users who visit forum pages for the first time via a search engine such as Google are redirected to a url123.info URL. This site initially displays a strange blocking alert (“Access denied”) followed by some arbitrary text and then loads a full-page ad by InfinityAds. The ads are probably a direct source of income for the intruders even though each ad is only worth a few pennies. However, as some forum operators have reported that their traffic has dropped by more than 70 per cent, and the phenomenon seems to be a rather wide-spread one, the overall yield is likely to be considerable. ...

Facebook and security. Is it a marriage that has any legs? The social networking giant today announced its partnership with a number of security vendors. A Facebook blogger writes: Nothing is more important to us than the safety of the people who use Facebook, and the security of their data…That’s why we’re thrilled to announce the Antivirus Marketplace and welcome Microsoft, McAfee, TrendMicro, Sophos, and Symantec to the Facebook Security family. ...

Cnet: Microsoft today made available for download a new release of its free anti-virus/anti-malware program for Windows PCs, Microsoft Security Essentials (MSE). The MSE 4.0 release is available via the Microsoft Download Center and the MSE Web site. (I learned of its availability from a post on Neowin today.) The latest version runs on Windows XP, Windows Vista, and Windows 7. The 4.0 version has been in beta since late 2011. As ZDNet sister site TechRepublic reported back in December 2011, Microsoft officials said the 4.0 release would include a streamlined interface; a renamed version of the SpyNet service (now slated to be known as Microsoft Active Protection Services); new automatic remediation functionality; and overall improved performance and detection capabilities. ...

Cross-Posted from Official Google Blog: Just like the Loch Ness Monster, you may have heard the rumors about Google Drive. It turns out, one of the two actually does exist. Today, we’re introducing Google Drive—a place where you can create, share, collaborate, and keep all of your stuff. Whether you’re working with a friend on a joint research project, planning a wedding with your fiancé or tracking a budget with roommates, you can do it in Drive. You can upload and access all of your files, including videos, photos, Google Docs, PDFs and beyond. ...

Symantec Connect: Phishers are constantly developing new strategies in an effort to trick end users. In April 2012, phishers created sites spoofing the Apple brand with fake offers for Apple discount cards. In this phishing attack, customers were targeted by region: namely, the UK and Australia. The phishing sites mimicked the webpage of Apple and prompted customers for their Apple ID. The phishing page stated the customer’s long-term loyalty toward the brand gave them eligibility for an Apple discount card as a reward. Upon entering an Apple ID and clicking the “Next” button, the customer was redirected to a page that asked for more confidential information: ...

The BBC is reporting that websites belonging to the Iranian oil ministry and national oil company are offline after suffering a malware infection this weekend. Iran has disconnected all of its oil processing facilities as a precaution, including the facility at Kharg Island which processes more than 90% of Iran’s exports. The semi-official news agency, Mehr, reported that information about users of the websites had been stolen, but no sensitive data had been accessed. ...

Mozilla has released new final versions of Firefox 12 and Thunderbird 12, its open source browser and email messaging tools. Neither update, despite the new version number, contains much in the way of exciting new features, but developments on future builds suggest version 13 could be a landmark release for both. Firefox 12 introduces one notable change for Windows users — the advent of silent updates with no User Account Control dialog getting in the way, while Thunderbird 12’s headline new feature is the ability to view message extracts in global search results. ...