Blog

The U.S. Census Bureau is warning of phishing and other scams that are using the 2010 Census as bait. Here is the warning from the bureau’s web site: If you are contacted for any of the following reasons — Do Not Participate. It is NOT the U.S. Census Bureau. Phishing: ‘Phishing’ is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, social security numbers, bank account or credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email and it often directs users to enter sensitive information at a fake web site whose look and feel are almost identical to the legitimate one. ...

Right! A site registered in the state of “Taliban.” You’re really going to go to a site with this registration: Nice work SANS. Thanks to Daniel Wesemann at SANS: http://isc.sans.org/diary.html?storyid=8350

Microsoft Vice President of Trustworthy Computing Scott Charney, in a keynote address at the RSA security conference in San Francisco yesterday, called for quarantines on malware-infected PCs. His remarks were widely covered by a variety of web news outlets. He compared the threat from infected PCs with the threat from smokers in public places and resulting bans on smoking because of second-hand smoke: “You have a right to infect and give yourself illness. You don’t have the right to infect your neighbor. Computers are the same way.” Charney didn’t discuss specific techniques. ...

Remember Microsoft’s action against 277 Waledac domains last week? Well, that’s one way of going after a botnet… Another way of shutting down a botnet? Arrest the botmasters! Three Spanish citizens have been arrested for running the “Mariposa” botnet. The three reportedly have no criminal records and have limited hacking skills. Mariposa is a Butterfly Kit based botnet, and the kit is no longer for sale. Details are available from the BBC and The Register. Kudos to those involved in the arrests.

Want a place to check the legitimacy of a charity? “Founded in 2001, Charity Navigator has become the nation’s largest and most-utilized evaluator of charities. In our quest to help donors, our team of professional analysts has examined tens of thousands of non-profit financial documents. As a result, we know as much about the true fiscal operations of charities as anyone. We’ve used this knowledge to develop an unbiased, objective, numbers-based rating system to assess the financial health of over 5,000 of America’s best-known charities.” ...

In the same way that media event X guarantees Rogue Antispyware Y, a new and highly anticipated videogame that’s about ready to launch will similarly bring out the scams and fakes. If you have any family members that like their PC games but perhaps aren’t clued up on their Internet fakeouts, you might want to warn them that no matter how cool the so-called “Battlefield: Bad Company 2” keygens look, they should steer clear: ...

It won’t work if you have a rootkit infection, but it won’t blue screen your machine either. Microsoft has reissued Security Bulletin MS010-15 from last month to work around a problem that had occurred when a WinXP user attempted to install the patch on a machine that was infected with a rootkit. (blue screen, blue screen) Jerry Bryant, Microsoft’s senior security communications manager lead, writing on the company TechNet blog said that the new installation packages for MS10-015 have new logic that will prevent the security update from installing on rootkit-infected systems. Microsoft also is offering guidance for those with infected machines and a scanning tool that can detect system conditions that will prevent the patch from applying itself. ...

For anyone that missed Microsoft CEO’s Q&A during the Search Marketing Expo West yesterday, a transcript is now available online. I went through and picked out key quotes, so that you don’t have to read the whole thing. Several things stand out from Ballmer’s comments: Mobile operators that want a search engine other than Bing can’t have Windows Phone 7 Series. Microsoft almost certainly is stirring up trouble for Google in Europe through third parties. Microsoft isn’t interested — at least for now — in releasing a Bing application for Android phones. A Bing for iPhone search deal is still possible, simply because Ballmer deflected the question rather than denying it. Twitter is a great Microsoft partner, but the value of an acquisition is “not clear.” My favorite quote from the Q&A: “I haven’t found that when you’re trying to sell something to somebody yelling is very effective.” How funny is that. coming from boisterous Ballmer? ...

“Big Brother Brazil” is a Brazilian reality TV program adapted from the popular Big Brother television series. The show is about a group of people living together in a purpose-built Big Brother house, isolated from the outside world, while being monitored by cameras 24×7. The television series is viewed by scores of people during primetime hours, but live feeds are also available from multiple cameras in the house on the Web. Part of the popularity is due to the fact that some of the videos are suitable only for adult viewing. ...

According to latest State of Spam and Phishing report, scam and phishing messages accounted for 21 percent of all spam, which is the highest level recorded since the inception of the report. For comparison, these types of spam represented only 10 percent of total spam a year ago. Historically, the primary vector for spam attacks was to blast out as many messages as possible, hoping that someone would open a message and click on the call to action. The call to action could be anything from clicking on a link to purchase medications, to visiting an adult website. While we continue to see high volumes of spam originating from expansive botnets, spammers are also moving towards a sophisticated and more targeted approach to spam. Two primary examples of this trend are 419/Nigerian type scams and phishing messages. ...