Our friend in the UK got this via a contact. It was from a Twitterer who obviously had his Twitter login stolen: (Twitter apparently is filtering this URL at this point.) The link led to a phishing page that used the deceptive tactic of showing an error message: “Wrong Username/Email and password combination.” You login, it steals your Twitter password, sends the above Tweet to all your contacts and continuing rounding up passwords. ...
How does one say in French: “We’re gonna make an example out of you, boy” The Toronto Sun is reporting that convicted spammer Adam Guerbuez of Montreal has been ordered to pay $1 billion to Facebook by Quebec Superior Court. The court was upholding a U.S. Federal court fine that resulted from a wave of four million spam ads sent to Facebook users in 2008. Guerbuez did not contest the Sept. 28 Quebec Superior Court ruling. ...
Stuxnet continues to be a hot topic. Here are answers to some of the questions we’ve received. Q: What is Stuxnet? A: It’s a Windows worm, spreading via USB sticks. Once inside an organization, it can also spread by copying itself to network shares if they have weak passwords. Q: Can it spread via other USB devices? A: Sure, it can spread anything that you can mount as a drive. Like a USB hard drive, mobile phone, picture frame and so on. ...
During our analysis of the different malware families we sometimes stumble upon some messages inside the viruses placed there by their authors. For example, the TDSS Trojan family is known to contain random strings from “Hamlet” and from the Bible. Also there is the Koobface family which contains random sentences – mostly taken from Wikipedia articles, like in the last variant we discovered, about the Tower of London. TDSS: ...
The Stuxnet Trojan is very well covered in the media as more and more details about its sophisticated code become public. It abuses four previously unknown security vulnerabilities in Windows to enter the system and is specialized on attacking Siemens processing systems. An interesting information which didn’t get much attention yet comes from heise Security: The nuclear plant in Busheer isn’t really the target of the worm as rumours say, as the attacked systems aren’t approved for usage in nuclear plants.
The New York Times is reporting a rising number of law suits against some major players because of their use of persistent web tracking: — Fox Entertainment Group — NBC Universal — Specific Media — Quantcast The Times said the suits are claiming that the companies used Flash cookies to collect data on browsing activities in spite of the fact that users had privacy settings on to block them. Those Local Shared Objects (LSOs) are persistent cookies that are stored in several ways and in some cases will restore themselves when deleted. One is available, with a detailed description here. ...
Twitterers are still clogging the micro-blogging service with little messages about the cross-site-scripting problem earlier today. Twitter has announced that the problem has been fixed. A cross-site scripting vulnerability using “onmouseover” was being widely exploited to spread worms and redirect viewers to malicious sites. Story here from The Register.
We received new spam emails which contain a JavaScript redirector in form of a HTML attachment. The emails we received have the subject “Consultation Appointment”. The decrypted JavaScript consists of new JavaScript code. This JavaScript redirector loads yet another JavaScript from the internet. The domain which is hosting the malicious .js is registered to someone from Malaga. Domain tools show that this person has registered about 2.400 other domains. ...
Adobe fixed the vulnerability in Flash Player in a record time again. Just one week after the 0-day became public and started to get exploited, an update is available to close the security hole. Even though Adobe Reader and Acrobat are affected (which are supposed to get an update in 2 weeks), until now we’ve only seen exploits against the Windows Flash Player. Users and administrators should update their Flash Player as soon as possible! The version 10.1.85.3 fixes the issue for Windows, Unix, Solaris and is available through Adobe’s download center. Android users can get the update to 10.1.95.1 on the Android Market Place.
Resident Evil. Man, those films are terrible. Frankly, I’m happy to end the writeup right there, but if I did you’d miss out on all the fun. Resident Evil Afterlife is now in cinemas (unfortunately) and scammers are all too happy to cash in. watchresidentevil4(dot)com is our port of call today: Try to watch the film, and you’re prompted to install ClickPotato (from Pinball Corp). There’s also four other items preticked, which is nice of them. Installing that lot gives you a prompt to “see premium content”. ...