Alert

“Big Brother Brazil” is a Brazilian reality TV program adapted from the popular Big Brother television series. The show is about a group of people living together in a purpose-built Big Brother house, isolated from the outside world, while being monitored by cameras 24×7. The television series is viewed by scores of people during primetime hours, but live feeds are also available from multiple cameras in the house on the Web. Part of the popularity is due to the fact that some of the videos are suitable only for adult viewing. ...

In Additional to my last Post: http://boelectronic.blogspot.com/2010/03/free-fakeav-at-virus-total-thats-not.html VirusTotal.com [http://en.wikipedia.org/wiki/VirusTotal.com] is a brilliant site that helps both public and researchers alike determine if an executable file they have is potentially malicious or not. Julio Canto (of VirusTotal fame) has noticed that somebody decided to cash in on the good name of the site with the following domain: virus-total(dot)in Go there, and you’ll see a message claiming the site is a “free online antivirus scanning service, click SCAN to begin scanning:“ ...

It’s been ten years already; can you believe it? I’m talking about the U.S. Census. It’s been ten years since the last one. Time to do it again. No, it wasn’t on my calendar either. To remind all of us and to encourage us to participate, the U.S. Census Bureau is spending $340 million to get the word out. There was even a Super Bowl ad. The Census Bureau will not be the only ones trying to get our attention and encouraging us to help them collect data. Cybercriminals will be doing the same thing. But they’ll be trying to fool us into thinking they are the Census Bureau. And the data they’ll be collecting will be a little different. It will be personal information they can use to rip us off. ...

A massive earthquake struck near the Chilean city of Concepcion in the early hours of the morning of February 27th, 2010. The quake measuring 8.8 on the Richter scale was considerably stronger than the one that recently caused widespread destruction on the island of Haiti. Fortunately, despite the size of this latest quake, so far there has been few reported casualties. The quake occurred near the coast and tsumani warnings were issued for many countries bordering on the Pacific ocean. Unfortunately as with any major news event, miscreants are not slow to pounce when such opportunities arise to further their aims. ...

In this post I want to highlight how SEO attacks are working: Pages using server side kits to fool search engine bots into ranking them high in results are uploaded to legitimate web sites. If all goes to plan, when a user searches for a popular term, high up in the search engine results are links to these pages. In the example below, the malicious SEO page was the 2nd item in the search results (highlighted in blue). When the user arrives on such a page (highlighted in green in the example below), the referrer is typically checked to ensure they came from a search engine. If so, there are redirected (302 redirect) to another site (orange below). There are typically additional levels of redirection from this point. In the example shown below, the user is bounced from the .org to the .in site (purple). Finally, the user will be redirected to the fake AV distribution site (red). This is where the user receives the usual visual trickery, in order to fool them into installing the rogue application. ...

Earlier this week Sophos informed a UK Local Police Authority (Hertfordshire) that a website they owned was infected with Troj/IFrame-DY. It turns out that the Police Authority has a new site and the infected site is an old one that just leads the user to the new site: Unfortunately, the old site also contains a malicious script, appended after the closing /HTML tag. There are several ways of migrating users to a new website: ...

Herndon, Va., forensics firm NetWitness has said that the Zeus botnet has breached the networks of nearly 2,500 organizations in nearly 200 countries, including 10 U.S. federal agencies. NetWitness researchers said many victims are Fortune 500 companies in energy, finance and high tech sectors. NetWitness based its conclusions on information from a 75-gigabyte collection of data that they intercepted. It was information the botnet had stolen in one month. The Zeus botnet, which started in 2008, is believed to have 74,000 machines infected. ...

Fraudsters never seem to rest. They have now turned their attention towards phishing using the Indian Income Tax Department’s name and branding. It is the season of tax returns in India and it is well known that people will file their income tax returns for the end of the fiscal year in India. Hence, phishers have chosen the right time to phish the market since most users will not be aware of these attacks. ...

It’s Fat Tuesday — time for an Adobe Update. Adobe plans to release a security update for Adobe Reader and Acrobat later today. Read Security Advisory APSB10-07 for additional details.

While everyone is searching the web for the unusual gift on Valentine’s Day, Cybercriminals take this opportunity to propagate Rouge Antivirus. I have searched for the keywords “unusual-valentines-day-gifts”, gives the following results: Clicking the highlighted link above will lead to fake message such as “Alert! Your system is exposed to risk of virus attack. It’s highly recommended to check your PC immediately. Press OK to start the scan right now”. ...