Scam

That’s possibly the most unlikely headline I’ve ever had to write in my computer security career, but never mind.. My guess is that regular readers of the Naked Security site might not be ardent fans of Justin Bieber – but chances are that some of you have young daughters or nieces who can’t get enough of the pint-sized pop hamster. If that’s the case then they might be intrigued by a message that is spreading virally across the Facebook social network claiming to be footage of… and how can I put this delicately? I don’t think I can.. Justin Bieber with an erection. ...

Tom Kelchner, Sunbelt blog: Alert reader Laurie (my boss actually) forwarded a copy an email she received from a friend. It said the sender was “…pleased to announce the newest version of Antivirus 2010 for Windows.” There was a link to click, of course. Something called “Antivirus 2010” for sale in November is very odd for three reasons: It’s nearly 2011 and legitimate AV companies are putting out their 2011 versions. There was a rogue security product last year called “Antivirus 2010.” (VIPRE detection: FraudTool.Win32.Antivirus2010 (v)) Although a lot of companies make a product named Anti-Virus 2010, they usually put their name in front of it, such as “Kaspersky Anti-Virus 2010” or “Norton AntiVirus 2010.” The Antivirus 2010 rogue graphic interface from 2009: ...

I was reading an article on PCWorld’s website about the upcoming Google Chrome OS: So far so good. Except that I inadvertently clicked on one of their sponsored links: which ironically states “Here is all about spyware removal and even more.” After a few redirects, my browser is hijacked by one of those FakeAV scanners: Here is the HTTP traffic capture screenshot and log: ...

This is a pretty neat attack from the malware pushes leveraging on the ignorance of the average user – which in all honestly is a safe bet most of the time! You could consider it a Social Engineering attack as it’s taking something that’s familiar and changing it to deliver malware. I’m sure all the Firefox users reading have at some point or another been faced with the warning screen that tells you a site is not safe to visit, the red page which states in big white letters “Reported Attack Page!”. ...

You might be wondering why the frontpage of Twitter has a big “Edit” line running through it in the screenshot below: The answer, of course, is that this is not the real Twitter page at all. It’s part of an increasingly popular kit used for shenanigans: The scammer downloads the zip, edits the links in the .htm file and places something likely to catch the attention of an end-user underneath the “Edit” line. The fact that the fake content is sitting directly underneath the “New Twitter” promotional text is not a coincidence. ...

W32.Stuxnet has been a subject of much discussion amongst security researchers and media, and we posted a series of blogs on the subject. As you may already be aware, Stuxnet is hot topic as the threat targets industrial control systems in order to take control of industrial facilities and systems, such as manufacturing assembly lines and even power plants. Because Stuxnet is such major news, the miscreants who like to spread malware are not wasting much time taking advantage of this for their malicious activities. In our investigations we have discovered that various forums are discussing a free Stuxnet removal tool but unfortunately the tool is actually a piece of malware. We successfully obtained a sample of this tool and our analysis supported our sense of danger: Bottom line is, do NOT run the tool. ...

Some domain names make you cringe, some make you smile… Such was the case this morning, with redpoo.com a domain name whose registrar is the Center of Ukrainian Internet Names, and registered to: Igor Nikenin ul. B. Pertrovskaya, dom 12, kv 74 Rostov na Donu, 344000 RUSSIAN FEDERATION The servers’ IP, 121.156.57.184, is located in the Republic of Korea. Other than the poor joke, the site serves various exploits which you can view in this Wepawet report. ...

During the weekend our spamtraps received large amounts of emails pretending to come from Twitter. This time, the social engineering twist lies within the subject of the email: It is “You have 2 urgent messages from Twitter!”, creating psychological pressure by some kind of emergency within in the social surroundings of Twitter users. This way the spammers try to increase the rate of the users that are opening the email and click on the links. ...

Hmmm. That’s not what the source code says We started out the day fat fingering the spelling of “youtube.com” and ended up at the typo squatting site behind the URL “youube.com.” youube.com redirects you to http://youtube.com-prizes.com – obviously a URL intended to make you think it’s really YouTube. Like so many of these “survey” scam web sites, the offer was available “today only: Thursday, October 7, 2010.” Obviously, this is to add a little bit of sales pressure to make a visitor go for the prize ASAP, or at least before midnight. ...

Resident Evil. Man, those films are terrible. Frankly, I’m happy to end the writeup right there, but if I did you’d miss out on all the fun. Resident Evil Afterlife is now in cinemas (unfortunately) and scammers are all too happy to cash in. watchresidentevil4(dot)com is our port of call today: Try to watch the film, and you’re prompted to install ClickPotato (from Pinball Corp). There’s also four other items preticked, which is nice of them. Installing that lot gives you a prompt to “see premium content”. ...