Alert

This is the ‘12 scams of Christmas’ I mentioned in last post: Pipers tout fake gold rings as Maids are ‘a-phishing’ to milk bank accounts On what is traditionally the busiest online shopping day of the year (1), consumers are being warned not to become victims of the ‘12 Scams of Christmas’ and to take extra care with personal and IT security. The ‘12 Scams of Christmas’ developed by the National Fraud Authority (NFA), The UK Cards Association and the City of London Police (CoLP) highlight the greatest holiday fraud threats and how to spot them. ...

Tanya has just posted over on Kaspersky Russian site about losses caused by Internet fraudsters in England and Wales. If you want to practice your Russian, hop over there, and take a look! I know that most people in the UK prefer to get their news in English. So here’s a few facts and figures: In a recent statement, the Office of Fair Trading estimated that losses caused by Internet fraud amounted to £14 billion per year. That’s a lot of money! It’s also a lot of victims! ...

Well, it didn’t take long for the Christmas E-Card scams to start. Recently we have seen email messages pretending to be from Hallmark, suggesting that you have received an E-card from a friend. The complete email message looks like this:You have recieved a Hallmark E-Card from your friend. To see it, check the link below: http://www.hallmark.com/webapp/wcs/stores/Occasion/ChristmasE-CardsThere’s something special about that E-Card feeling. We invite you to make a friend’s day and send one.Hope to see you soon, Your friends at Hallmark ...

Don’t go there. There are a lot of rogue downloaders hiding in those links. Yahoo CEO Carol Bartz, speaking at the UBS Media and Communications Conference in New York, said the Tiger Woods sex scandal was a better traffic generator than the death of Michael Jackson, according to the ZDNet blog.

What’s the best way to distract an online gamer while you drop some undesirable files onto their system? We saw what’s probably a pretty effective method today in Troj/Lneage-A. This particular Trojan leaves the user viewing a slideshow of topless elves while it drops a file designed to steal their gaming info. Given that the vast majority of MMORPG’ers are male, and bless them they’re often a little bit lonely, dazzling them with a variety of images of well endowed half naked elves (I think they’ve had some work done to be honest) should be enough to keep them entertained while the malware authors do whatever they fancy in the background. ...

Adobe is currently investigating a new security hole in Reader and Acrobat. Cybercriminals are currently spamming emails with prepared documents which lead to an infection of the computer with malware. The PDF document abuses a buffer overflow in a new place within the Adobe programs. There is a JavaScript object included in the PDF which checks the Reader Version – the exploit works with Adobe Reader starting at version 8. The code it injects downloads malware which it stores in the file “winver32.exe” in the Windows directory. This file drops 3 further files which Avira detects as BDS/Ientlcp.A, TR/Agent.faa and TR/Agent.HO. ...

Reports have reached us of a fresh SQL injection attack that has compromised many websites – a google search of the malicious iframe nets over 100000 hits. As is typical, the iframes lead to more html pages that load yet more iframes that contain obfuscated Javascript that attempt to exploit the unfortunate visitor. A successful exploit leads to a download of a malware of the Buzus family. Please take care about the sites you visit, try to visit sites using Sandboxed browsers and also keep your antivirus/antivirus updated.

The SecurityTool rogue security product, which first turned up early in October, is still active and trying to avoid countermeasures by setting up 12-24 download sites per day. It comes in two flavors online scanner scam: and fake codec scam: For more information Click Here.

Email is still the most common method used for security update notifications from all major vendors, but it is also the most commonly used trigger for launching the chain of infection attacks by malware writers. When I came to work today I found in my Inbox a message from Microsoft with the Security Bulletin Advance Notification for December. I immediately clicked on one of the links to visit the yet to be published December Security Bulletin and investigate how many critical vulnerabilities will be fixed this month. ...

Sunbelt analyst Adam Thomas came across this ugly new social engineering technique when he analyzed the DefenceLab rogue security product. It does the usual scare-ware stuff: a fake scan and fake “Windows Security Center” alert: Then it directs the potential victim to a Microsoft Support page, but injects html code into the page in his or her browser to make it appear as though Microsoft is suggesting the purchase of the rogue. This is the real Microsoft page: ...