Security

The good news is that overseas hackers apparently did not change the grades of more then 100 thousand University of North Florida students when they broke into the computer system in September. The bad news is that personal information like names and social security numbers for those students may now be in the hands of those hackers. The FBI is investigating the attack, which was discovered by the university in a routine check of the server. According to University officials, the hacker had access to the system between September 24th and September 29th, but the University did not say when the breach was discovered. The Florida Times-Union newspaper said the university learned of the attack in September but did not notify potential victims because they were still investigating ...

Some people didn’t like his comments about downloading… Two of Gene Simmons’ official sites were shut down after hacker attacks by a group called Anonymous, associated with the 4chan.org forum. The attacks were in response to comments by Simmons about how the music industry should have been tougher with illegal downloaders. Both SimmonsRecords.com and GeneSimmons.com were taken offline briefly due to the attacks. Simmons had made the comment, “The music industry was asleep at the wheel, and didn’t have the balls to sue every fresh-faced, freckle-faced college kid who downloaded material. And so now we’re left with hundreds of thousands of people without jobs. There’s no industry.” ...

Variants of the infamous ZeuS cybercrime toolkit have begun using the tactics of the infamous Conficker worm in a bid to get ahead of security defences. The so-called Licat worm, which is “strongly linked” to ZeuS, represents a likely attempt to reinforce botnets following recent arrests of suspected bank fraud money mules, as well as hackers tied to ZeuS in the UK, US and Ukraine over the last month or so. ...

Posted by Diana Phan, Gmail Support Team October is National Cyber Security Awareness month and a good time for a reminder about why hijackers do what they do and how you can protect your account. Check out the Online Security blog to learn about common hijacking techniques and security practices that will help you stay one step ahead of the bad guys. To help ensure your Gmail account is safe, take a minute to visit the Gmail help center and complete their new security checklist.

Accessing Facebook from a public computer or Internet cafe can now be done more securely. Moving to enhance online security, Facebook on Tuesday said that it will soon offer users the ability to receive one-time passwords on their mobile phones and that it has already enabled the ability to sign out of Facebook remotely. “We’re launching one-time passwords to make it safer to use public computers in places like hotels, cafes or airports,” said Facebook product manager Jake Brill in a blog post. “If you have any concerns about security of the computer you’re using while accessing Facebook, we can text you a one-time password to use instead of your regular password.” ...

W32.Stuxnet has been a subject of much discussion amongst security researchers and media, and we posted a series of blogs on the subject. As you may already be aware, Stuxnet is hot topic as the threat targets industrial control systems in order to take control of industrial facilities and systems, such as manufacturing assembly lines and even power plants. Because Stuxnet is such major news, the miscreants who like to spread malware are not wasting much time taking advantage of this for their malicious activities. In our investigations we have discovered that various forums are discussing a free Stuxnet removal tool but unfortunately the tool is actually a piece of malware. We successfully obtained a sample of this tool and our analysis supported our sense of danger: Bottom line is, do NOT run the tool. ...

Some domain names make you cringe, some make you smile… Such was the case this morning, with redpoo.com a domain name whose registrar is the Center of Ukrainian Internet Names, and registered to: Igor Nikenin ul. B. Pertrovskaya, dom 12, kv 74 Rostov na Donu, 344000 RUSSIAN FEDERATION The servers’ IP, 121.156.57.184, is located in the Republic of Korea. Other than the poor joke, the site serves various exploits which you can view in this Wepawet report. ...

Usually I have to wonder how much inventiveness the spammers and Phishers show. But, from time to time, it is funny to see some really stupid Phishing attempts. I do hope that nobody is falling for these puny attempts to fake Paypal we found today. The email below is being sent with a German subject line and it is pretending to come from a German mail address, but the mail itself is written in English and it is allegedly pointing to paypal.com instead of paypal.de. ...

During the weekend our spamtraps received large amounts of emails pretending to come from Twitter. This time, the social engineering twist lies within the subject of the email: It is “You have 2 urgent messages from Twitter!”, creating psychological pressure by some kind of emergency within in the social surroundings of Twitter users. This way the spammers try to increase the rate of the users that are opening the email and click on the links. ...

Hmmm. That’s not what the source code says We started out the day fat fingering the spelling of “youtube.com” and ended up at the typo squatting site behind the URL “youube.com.” youube.com redirects you to http://youtube.com-prizes.com – obviously a URL intended to make you think it’s really YouTube. Like so many of these “survey” scam web sites, the offer was available “today only: Thursday, October 7, 2010.” Obviously, this is to add a little bit of sales pressure to make a visitor go for the prize ASAP, or at least before midnight. ...