New Koobface variant saves researchers time from analysis

Researchers at McAfee labs monitor Koobface activities 24/7 via custom honeypots and while reviewing one such update we noticed a variant that had debug/log features. Unlike the traditional captcha breaking technique to create new accounts, this variant of the worm converts the infected machine to a bot. When we analysed the malware trapped in our botnet, we found that this variant of Koobface has a special feature for logging all activities carried out during the infection process in a log file . Log file is created under system root with date and time stamp for eg, C:\fb_reg20090612.log. ...

January 16, 2010 Â· 2 min Â· 396 words Â· Omid Farhang

Twitter banned passwords

As you may have heard in the last few days, Twitter has banned 370 passwords (actually only 369, ‘password’ appears twice in the list) as ‘too obvious’ to be safe for their users. A good move in theory but why are so few words banned? And what are they? The list is available in various places online, or even just by viewing the source of the Twitter sign up page. Sadly the sports fans in this Sophos office may be out of luck with both ‘boston’ and ‘redsox’ making the banned list. ...

December 29, 2009 Â· 2 min Â· 311 words Â· Omid Farhang

Facebook and Twitter Security – And How to Stay Safe!

Hopefully, the holiday season has found you spending a good amount of time offline: enjoying moments spent with friends and family, keeping long-standing traditions or creating new ones to follow for seasons to come, or just relaxing due to some downtime from work or school. It wouldn’t come as much of a surprise, though, if you’ve still found yourself spending a fair share of your time during the holidays online: checking status updates and posting new pictures on Facebook, or sending and checking tweets on Twitter. And, why not? These networking sites are an easy way to connect and share with the people we care about. ...

December 29, 2009 Â· 2 min Â· 312 words Â· Omid Farhang

All about Brittany on Twitter

It’s the usual situation, with the bad guys exploiting the death of a famous person, just like they did with Michael Jackson. Yesterday we identified some Twitter accounts that are being used both to send “make money on the Internet” spam, and also to spread links to malware. In both cases, they used Brittany Murphy’s name. Here’s a couple of examples: The actual text of messages of this type can vary. What characterizes them is that the first link is genuine, i.e. it leads to a site which really does talk about the topic tweeted. The second link though, leads to standard spam advertising sites which tell you how to earn money on the Internet, offer various goods, etc. The second type of tweet we’re seeing is undeniably malicious. These tweets, like the first type, use Brittany Murphy’s name, but have a shortened bit.ly URL leading to malware: ...

December 23, 2009 Â· 2 min Â· 402 words Â· Omid Farhang

Twitter Defaced by Iranian Hacktivists

Twitter, one of the Internets most popular social networking sites, has been hacked and defaced by a group claiming to be an “Iranian Cyber Army” as of 10:15PM PST today. At this point no statement has been made by Twitter, so it’s unclear as to what vulnerability was used to exploit the site. Oftentimes hacktivism campaigns are fueled by ego-driven script kiddies who use publicly available exploits, but for now we’ll have to wait and see if Twitter decides to publicly announce the details surrounding the attack. The defacement has been removed and Twitter is back up and running as of 11:20 PM PST. ...

December 18, 2009 Â· 1 min Â· 207 words Â· Omid Farhang