Gone Facebook Phishing?

The folks at Appriver recently reported that attackers have started a serious campaign against Facebook users. According to their reports, the botnet is sending over 500 phishing messages per second. And get this, along with stealing your Facebook credentials, the botnet prompts unsuspecting users to download what appears to be an “update.” What the user really gets is malware crafted to target bank account and other financial information.

For more information on this attack, visit the Appriver blog.

The threat of short-lived malware

New article:

Recently, security software vendor AVG Technologies asserted that Web-based malware attacks are now so prevalent that attackers craft them to be “secretive, short-lived and fast-moving. It’s an acceptable premise, but why the sudden shift? Is it because more active and open attacks aren’t as successful or noteworthy? Well, not quite. Let’s explore why attackers do this, how they do it, and how enterprises can defend against short-lived Web malware.

Read the rest of my article here

Valentines Day Malware – Beware

The month of February can bring a lot of unwanted e-mail, some from old friends, others from unknown sources. Specifically, “evildoers” use this time to circulate their malicious code via spam e-mail. Some of these messages may include images of hearts and other Valentines related pictures.

In more targeted attacks, attackers may use personal information found online or through recently compromised sources. For instance, the databases of Monster.com and USAJobs.Gov were recently compromised. In their press releases, the information accessed by unauthorized sources included user names, passwords, names, e-mail addresses, and phone numbers. Attackers could use this information to personalize spam e-mail, leading to users clicking on malicious links.

PandaLabs recently reported a new variant of a worm called Saint Valentine. They have numerous URLs that are known distributors of this worm. The list can be found here

LinkedIn links leading to malware

LinkedIn is a professional networking website that has gained quite a bit of exposure in the past few years. With many IT professional losing their jobs and others looking for more security, it’s not a surprise that LinkedIn’s user base has increased to over 30 million. As in most cases, attackers like to target sites where they’ll get the most exposure, leading to the highest percentage of potential victims.
 
Trend Micro recently reported that one of their researchers found bogus LinkedIn profiles that contained links to malware. The profiles contained images of high-profile celebrities, with links that “supposedly” downloaded their nude pictures. These links lead to a series of redirections and eventually to malware. Trend Micro also reported that attackers are using previously registered accounts that are sold in the black market by the hundreds.

New malware targeting MAC OS X

Trend Micro reports of a new form a malware targeting MAC OS X. The malware, called OSX_LAMZEV.A, can download itself when a user visits a compromised website, or when a user downloads it thinking it’s a legitimate program. 

According to Trend:

It prompts the user to select an application and port number above 1024. This may serve as a backdoor whenever the application is opened.

It creates the file /tmp/com.apple.DockSettings and is copied to ~/Library/LaunchAgents. It is then deleted once it has been loaded. This routine allows the backdoor to execute during system startup

The full article can be found here.

Beware of President Obama Spam!

According to Sophos Plc., hackers have already launched a “President Obama” malware campaign. This widespread attack claims to provide up-to-date news results about the election. The e-mail message attempts to lure you in by saying “Watch his amazing speech.” However, the link redirects you to a fake news page that presents a download box posed as an Adobe flash player update–supposedly required to view the video.

Sophos also noted that this isn’t the first instance they’ve seen, as hackers have been quite interested in the U.S presidential race.

The full article can be found here.