Security

With virus and spam outbreaks, analysts needs to keep their nerves to analyze the situation and proceed to deal with the new threat. So, I wasn’t expected to be surprised by my friends’ actions on facebook this past weekend. It started innocently enough, as a post about getting a Free $25 Starbucks gift card for joining a particular group. The first person to join the group from my friends list happens to work for a non-profit organization helping young people. So, I expected the young people on his “friends list” to join this group shortly. ...

Since yesterday, our lab has detected a flood of email messages that seem to contain a Microsoft Update, but it’s actually malware. We’ve seen around 3,000 in a few hours. The message is like the following: This email, which seems to have been sent by the Microsoft Support team, informs you that a new security update for Outlook/Outlook Express has been released. It’s a critical update, so it’s better to install it as soon as possible. ...

In recent weeks, various cybercrime attacks have disrupted the computer systems that allow nations to manage their national greenhouse-gas emissions quotas and their possession of carbon assets according to international agreements (the Kyoto Protocol and the European system). One quota is the right to emit the equivalent of one ton of carbon dioxide during a specified period. The initial attack targeted the Danish CO₂ quota register that was shut down on January 12. The Danish authorities took this decision after registry users received a fake email purporting to originate from the Danish Energy Agency and redirecting the recipients to a mirror site to steal their credentials. ...

We were made aware that phishing for Skype credentials is currently taking place. The link the phishing mails direct to are dangerous – they aren’t detected by any phishing filter of the popular browsers yet. One thing caught my attention. Modern browsers should support domain highlighting so that the real domain is visible when someone surfs the Internet. Like Internet Explorer 8 properly does: There you can clearly see that you are not on the Skype website, but on another domain. ...

MyPcSecure is the latest rogue anti-spyware application and a clone from the WiniGuard family.

LiveEnterpriseSuite is a clone of InternetAntivirusPRO. Actually, the only thing that the authors of this rogue have changed is the name in the GUI. LiveEnterpriseSuite will detect false infections and require a license to remove them. If your computer is infected with this malware, you should remove it soon, Click Here to learn how to remove such malwares.

With the latest release of their browser, v.4.0, Google has published a long expected feature: Browser Extensions. Now Chrome features what other browsers like Firefox, IE, Opera and so on offer for a long time already. But, being able to compete with the others better doesn’t mean that they have solved all problems. Actually, their problems just start to appear – because adding extensions in the browser is just the same as opening Pandora’s box. ...

Information leakage is a real problem. It’s especially bad for high-security organizations, like military agencies. And it’s now harder than ever, thanks to services such as Flickr, Photobucket, Facebook, Twitter and Myspace. So, we worked together with Lewis Communications to submit a Freedom Of Information Act request to Ministry of Defence in UK, asking if they’ve had problems with this. After waiting some weeks, we got a reply back, detailing that UK military personnel and Ministry of Defence staff have leaked secret information 16 times on social networking websites and Internet forums. ...

It has been a month since Sophos added detection for Troj/JSRedir-AK and figures generated today show that over 40% of all web-based detections have been from this malicious code. [Graph shows Malware hosted on websites from 2009-12-22 11:00:00 to 2010-01-21 11:00:00 (GMT-8)] Translating the numbers into a more human comprehensible form: 1 site every 15 secs was being detected as Troj/JSRedir-AK. The affected sites include well-known names, including: ...

APcSafe is another rogue anti-spyware clone of the WiniGuard family. if your computer is infected with this malware you should remove it soon.