Blog

Del Harvey who leads Twitter’s Trust and Safety team blogged yesterday that the social networking/micro-blogging service has begun filtering all links in Twitter Direct Messages to stop phishing: “Since these attacks occur primarily on Direct Messages and email notifications about Direct Messages, this is where we have focused our initial efforts. For the most part, you will not notice this feature because it works behind the scenes but you may notice links shortened to twt.tl in Direct Messages and email notifications.” ...

Be on the lookout for websites offering up “free applications” which come with a nasty sting in the tail. Here’s a typical example: Appzkeygen(dot)com If you like videogame consoles, you may be a fan of emulators (programs that ape long dead consoles, allowing you to play old games on your PC – we’ll avoid the murky legal minefield that comes with this practice and instead focus on the malware). Below is a Playstation 2 emulator – no really, it is. Would they lie to you? ...

Hot on the heels of the Patch Tuesday announcements yesterday, came the announcement of a new zero-day in Internet Explorer (CVE-2010-0806). Whilst checking through some URLs supposedly serving up malicious code to exploit this vulnerability, I noticed a link to some spam runs from earlier in the week. On March 8th SophosLabs saw spam messages attempting to trick the recipient into visiting rogue web pages. Messages used at least two social engineering tricks to lure victims into clicking the malicious link. ...

A while ago I was writing about twitter spam and I was trying to make a brief definition of this kind of spam: It follows a lot of users , has 1 post and is followed only by a few persons. Well, this changed now, because the theme became much more interesting for the people on Twitter: how to loose weight. Ironically, the URLs on Twitter also make a diet – they always get “compressed” using link shortener services. ...

Exploit code for the the zero-day vulnerability in Internet Explorer has been added to the Metasploit framework. According to an email HD Moore wrote to ZDNet’s Ryan Naraine, the exploit works quite reliable – successful 50% of the times on Windows XP with SP2 and SP3 with IE7 and deactivated Data Execution Prevention (DEP). The security hole got reported yesterday on Microsoft’s March 2010 Patch Tuesday. Drive-by-Download-Exploits are likely to appear now as the Metasploit framework is open source and the exploit can now be abused even by script kiddies. Time to change the default browser – Microsoft just released a new browser choice screen which allows for exactly that!

I use Google Reader a lot — not only to stay on top of the news, but also to find interesting blog posts and articles. I’m always telling my friends about Google Reader, and while some of them love it, others don’t want to take the time to set it up. For those of you who fall into this second category, Google is announcing Google Reader Play, a new product that makes the best stuff in Reader more accessible for everyone. Reader Play is a new way to browse interesting stuff on the web, customized to the topics you’re interested in, with no setup required. ...

As we were working through URLs identified as suspicious due to our GTI technology, one of the URLs that presented itself was an average “.com” site that loaded a php. As we processed this – it was interesting to see that this php actually reached out to download a file that ended with the string facebook.com.exe — as this “.com” site was very social-network friendly – it would be easy to see how an average user, without web protection in place, would not even realize what was going on. ...

Swiss security blog Abuse.ch has reported that the worst Zeus botnet hosting ISP was taken off line yesterday, cutting the botnet’s number of servers from 249 to 181 – including the six worse ones. Abuse.ch wrote: “As you can see in the chart above, on March 9th 2010, the number of active ZeuS C&C servers dropped from 249 to 181! The first thing I thought was: There has to be some problem with the ZeuS Tracker cron script. I checked the script – everything looked ok. So the massive drop of ZeuS C&C server is fact. I noticed that six of the worst ZeuS hosting ISP suddenly disappeared from the ZeuS Tracker. _ _ “I verified the subnets of the affected ISP and came to the conclusion that Troyak-as (AS50215), the upstream provider for the six worst ZeuS hosting ISPs, was cut from the internet on 2010-03-09. ” ...

Hollywood celebrity Corey Haim has died in typical tabloid fashion: “under investigation.” And we all know that celebrity death equals Internet scams by the boatload. There are a number of spam runs currently circulating on video sharing sites such as Youtube, ready to catch out the curious and the unwary. Shall we take a look? “Suicide or killed! Watch Corey Haim first found dead” Classy. Visiting mycelebzone(dot)com will pop open a Hotbar prompt, which you need to install to “see the content”: ...

This is an article taken from CNN and I don’t agree or disagree it. What security concerns are hidden in the murk of cloud computing? (CNN) — Stormy weather could be on the horizon for cloud computing as security experts warn not enough is being done to make sure one of the hottest IT trends is safe. “There are many motivations for why an individual or a company would want to engage in cloud computing,” said Thomas Parenty, managing director of Parenty Consulting, a Hong Kong-based information security consulting firm. “None of them have to do with enhanced security.” ...