TechBlog

Reports have reached us of a fresh SQL injection attack that has compromised many websites – a google search of the malicious iframe nets over 100000 hits. As is typical, the iframes lead to more html pages that load yet more iframes that contain obfuscated Javascript that attempt to exploit the unfortunate visitor. A successful exploit leads to a download of a malware of the Buzus family. Please take care about the sites you visit, try to visit sites using Sandboxed browsers and also keep your antivirus/antivirus updated.

Internet Security 2010, It’s a rebranded clone of Advanced Virus Remover, a rogue security product. It’s one of your run-of-the mill rogues, using run-of-the mill scare tactics, except its payment screen contains a static graphic that imitates the McAfee Secure certification. A real “McAfee Secure” certification is a DAILY certification, it contains the date and its logo should look like this: When you click on it, it should take you to the McAfee Secure rating verification page: https://www.mcafeesecure.com/RatingVerify that gives the name of the certified web site and the “Status”. ...

Lately, a Google work at home scam has been plastering its way throughout the Internet. The scam site is designed to look like a convincing news paper article and is currently circulating heavily through social networks (hacked and spam accounts) and ad networks. Example of the scam wall post on Facebook from a hacked account: The scam site: To “cash in on the opportunity” all you have to do is fork up a measly $1.95 for the “Easy Google Profit” kit. Unfortunately, if you fall for the scam, you’re going to be taken for more than what you bargained for. Ripoff Report shows one victims struggle with these scam artists. Aparently they automatically started charging the victim $39.98 per month on top of an additional $129.95 fee. On top of that, they enrolled him in a 14 day trial for another site, which charges $29.95 a month if not canceled in time. ...

Basically, the rogue antispy was directing the victim to a genuine Microsoft address, but was modifying the html on the fly as it came back from the real Microsoft page. It made it read that Microsoft was recommending that the victim should buy the rogue. That’s a pretty good trick that will catch a lot of folks, and it reminded us of another one that we frequently see. It works like this… The victim attempts to reach Microsoft, or receives a link like http://go.microsoft.com/?linkid=9480113 and if you go there on a normal computer, you see a page like this (click to enlarge)… ...

SafetyAntispyware is a new rogue anti-spyware application. However, the functionality follows the same pattern as other rogues. First, it will detect some fake infections. Then it will ask the user to license the product to remove these “threats”. It will also keep reminding the user about these fake infections and will urge the user to activate the software. For more information Click Here.

There were two news stories recently that seemed to coincide. In the first, Cisco issued an annual security report which said the two current targets of the Internet criminal underground are banks and social networks. Banks because, well, we all know what they keep there. Social networks are targets because that’s where weakly protected password databases are kept and the passwords they contain probably are used on a lot of other sites as well. ...

The SecurityTool rogue security product, which first turned up early in October, is still active and trying to avoid countermeasures by setting up 12-24 download sites per day. It comes in two flavors online scanner scam: and fake codec scam: For more information Click Here.

I’ve been saying this for a long time. P2P networks are have the risk of accidently getting something you really don’t want… Matthew White, of Sacramento, California, has found himself in a rather unfortunate situation; he’s been accused of downloading child pornography. On the advice of his public defender, White is pleading guilty in hopes of cutting his potential 20-year sentence down to three and a half years. After serving his time, White will have to serve 10 years of probation and register as a sex offender. ...

Email is still the most common method used for security update notifications from all major vendors, but it is also the most commonly used trigger for launching the chain of infection attacks by malware writers. When I came to work today I found in my Inbox a message from Microsoft with the Security Bulletin Advance Notification for December. I immediately clicked on one of the links to visit the yet to be published December Security Bulletin and investigate how many critical vulnerabilities will be fixed this month. ...

This is a new one: bribeware. They’ll pay you a dollar to install their product. Nice idea, but unfortunately in this case it comes bundled with malware. We detect it as C4DLMedia, a group of installers that include adware and agents that change browser home pages. It’s considered a “moderate” risk. I wonder if Microsoft considered this for VISTA. C4DL Media might have a marketing problem with the dollar bribe though. In places where a dollar is worth enough to make this worth the effort there probably isn’t any Internet connectivity.