Phishing

As we have commented before when content served up from adservers is compromised, the effects can be far reaching, potentially exposing huge numbers of victims to the malicious code as they innocently browse legitimate sites. The problem is further complicated by the fact that legitimate ad content is often heavily obfuscated, in order to evade ad-blocking technology. During the latter half of this week we have seen a whole batch of compromised adservers injected with malicious JavaScript to silently load malicious content from a remote site. A significant number of popular sites that load ads content from these servers have therefore been affected by this attack. ...

It’s been over a year since we first started seeing the familiar Windows XP My Computer page where it appears your drives are being scanned and it reports a bunch of non-existent malware on your computer. Yesterday I was investigating the latest hot news item where there was a FAMU (Florida Agricultural and Mechanical University) sex tape released on the internet and sure enough I found many SEO poisoned links claiming to have the video. Imagine my surprise when I saw the following. ...

Symantec has been observing several spam and phishing attacks regarding the recent Valentine’s Day. One such phishing attack was on an e-card website that asked for user credentials in order to send Valentine’s Day greetings to loved ones. The legitimate e-card website has partnerships with several other brands and so accepts credentials from certain other websites as well. Hence, attackers can steal user information from several brands’ sites by phishing on just one e-card website. This particular attack asked for users’ credentials for a popular information services website. The phishing domain was hosted on servers in China and has been reported as “domain tasting.” Domain tasting is a situation in which a domain name is used for a small period of time and is checked to see if it is making enough money. If it doesn’t earn enough, the domain name is deleted and the registrant is refunded the entire registration fee. This is a technique used by attackers to perform phishing activity for small periods of time at low costs. ...

The U.S. Census Bureau is warning of phishing and other scams that are using the 2010 Census as bait. Here is the warning from the bureau’s web site: If you are contacted for any of the following reasons — Do Not Participate. It is NOT the U.S. Census Bureau. Phishing: ‘Phishing’ is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, social security numbers, bank account or credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email and it often directs users to enter sensitive information at a fake web site whose look and feel are almost identical to the legitimate one. ...

Want a place to check the legitimacy of a charity? “Founded in 2001, Charity Navigator has become the nation’s largest and most-utilized evaluator of charities. In our quest to help donors, our team of professional analysts has examined tens of thousands of non-profit financial documents. As a result, we know as much about the true fiscal operations of charities as anyone. We’ve used this knowledge to develop an unbiased, objective, numbers-based rating system to assess the financial health of over 5,000 of America’s best-known charities.” ...

“Big Brother Brazil” is a Brazilian reality TV program adapted from the popular Big Brother television series. The show is about a group of people living together in a purpose-built Big Brother house, isolated from the outside world, while being monitored by cameras 24×7. The television series is viewed by scores of people during primetime hours, but live feeds are also available from multiple cameras in the house on the Web. Part of the popularity is due to the fact that some of the videos are suitable only for adult viewing. ...

A new KOOBFACE variant is again making the rounds in the social-networking scene. According to Trend Micro researcher, Norman Ingal, the malware employs Facebook’s Private Message feature to proliferate. The threat arrives as a Facebook private message that does not bear a subject but contains a supposed link to a YouTube video. Taking a closer look at the link, however, indicates that it is not an authentic YouTube link as in previous attacks. ...

More than 60 websites have been found to be hotbeds for SEO poisoning. Each of these domains host hundreds of possible matches for search keys. Also, the topics in one domain overlap with that of the other domain, thus making it possible that they will both emerge in the search results. Topics range from the Winter Olympics Luge Crash to the death of Alexander McQueen and even to NASCAR Schedule. ...

In Additional to my last post: http://boelectronic.blogspot.com/2010/03/twitter-phished-its-easy-mistake.html We’ve received some questions regarding recent phishing attacks conducted against Twitter.com. Tweets and Direct Messages (DM) containing phases such as “This you??” or “LOL is this you” are linking victims towards a Twitter login phishing page. If the bait is taken and victim enters their password, Twitter’s infamous “fail whale” is displayed and the user is returned to their account. They might not even realize that their account details have been compromised. ...

London, England (CNN) — Twitter this week endured a number of “phishing” attacks, in which some users unwittingly gave out their passwords to malicious sites. Haven’t we all learned to keep our passwords to ourselves, you ask_?_ Perhaps. But the truth is we’re all vulnerable to social engineering, and two major Web trends are creating further confusion for new Internet users. The anatomy of these attacks is simple: You receive a message, seemingly from a friend on a social network. The message contains a link and some strong incentive to click it — in the case of the most recent Twitter attack, the note simply asks “This You????.” When you click the link, you’re prompted to log in again to view the page. ...