Koobface has been a thorn in the side of Web sites for years now. But starting today, Facebook is responding with salvos that could put the gang on the run.
According to The New York Times, the world’s largest social network will announce today that it’s planning to share boatloads of information it has gathered over the years about the Koobface Gang. The Times said today that Facebook believes “public namings” could go a long way toward stopping the gang from operating, and potentially help law enforcement officials start taking it down.
Koobface is responsible for a computer worm of the same name that, for over three years, has targeted social networks, including Facebook. The worm targets Windows and Mac OS X users by getting them to click on malicious links. The malware is notable for not attempting to steal financial information. The people behind Koobface make money by using the peer-to-peer botnet to download pay-per-install malware on computers and redirecting search queries to display ads.
Though Facebook is expected to offer up a relatively large data dump, security researcher Sophos has preempted that, revealing a host of details on the gang, including its real name, “Ali Baba & 4.” Both The New York Times and Sophos claim to have the names of the gang members, which the sources say, work out of St. Petersburg.
Facebook has had some information on the gang since 2008, Ryan McGeehan, Facebook manager of investigations and incident response, told the Times. And over the last several years, it has continued to gather intelligence and safeguard users from attacks.
Read more…
Scammers are posing as Facebook security in chat sessions to try to trick people into providing their credit card information, Kaspersky Lab warned today.
“This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing Web site. It will reuse the stolen information and login to the compromised account and change both profile picture and name,” writes David Jacoby, a Kaspersky Lab Expert, in a blog post.
“The profile picture will be changed to the Facebook logo and the name will be translated to ‘Facebook Security’,” he wrote.
After an account has been compromised, the scammers will use it to send out an instant message to the victim’s contacts pretending to be Facebook Security, according to Jacoby. The message says “Last Warning: Your Facebook account will be turned off Because someone has reported you. Please do re-confirm your account security by:” and it provides a URL ending in “.vu” for the recipient to visit, he said.
The link redirects to a Web site that is made to look like a Facebook page and it prompts the visitor to provide name, e-mail, password, security question, e-mail account password, country and birth date, the blog post says. After that information is provided another page appears with a heading “Payment Verification” that asks for the first six digits of the person’s credit card. A subsequent page then asks the visitor to verify the information by providing the full credit card number, expieration date and security code as well as billing address, Jacoby wrote.
Read more…
After coming out of Beta toward the end of December, avast! Free Mobile Security has gained much attention. These guys are offering everything the other anti-virus/security apps bring to the table and then some. Complete with root features (yes, you heard that right), this is the fullest security app we have ever used. All for a price everyone can afford – free.
We’ve recently been talking about the idea of anti-virus apps in the Android ecosystem. A Googler has even gone into detail, mentioning that “virus companies are playing on your fears to try to sell you BS protection software for Android, RIM and iOS.” He then goes on to call them charlatans and scammers.
There are two main types of dangers, though: malware/phishing (rare, but possible) and physically loosing your device. Android holds a huge market and may become a main target soon. This is why Windows users are at more danger than other PC operating systems.
Owning an Android smartphone comes with great responsibilities. These gadgets are not only nice and expensive, but their value extends to its power. These are very powerful devices and usually hold information that should not fall into the wrong hands, whether it be physically or virtually. One of the apps that best protects you happens to be avast! Mobile Security, so let’s take a look at its features.
Virus Protection
While not the most exciting (because all other competing apps offer it), this is the main function of the avast! app. There are certain apps or files that will put your device and private information at risk. There are many who believe smart app-shopping can get rid of such worries.
It is definitely good to read app reviews, stick to official app stores (avoid piracy), revise the permissions and make sure you do not download a “fake” app. These practices will put you in a safe position, but many users are not always that attentive. Even if they are, there’s always a small risk.
Read more…
As we turn the page to 2012, it makes sense to sit back and take a look at what happened during the past twelve months in the IT Security world. If we were to summarize the year in one word, I think it would probably be “explosive.” The multitude of incidents, stories, facts, new trends and intriguing actors is so big that it makes it very hard to crack into top 10 of security stories of 2011. What I was aiming for with this list is to remember the stories that also indicate major trends or the emergence of major actors on the security scene. By looking at these stories, we can get an idea of what will happen in 2012.
1. The rise of Hacktivism
It’s difficult to imagine someone reading this list who has not yet heard of Anonymous, LulzSec or TeaMp0isoN. Throughout 2011, these groups, together with others were actively involved in various operations against law enforcement agencies, banks, governments, security companies or just major software vendors. Sometimes working together, in other cases, working against each other, these groups emerged as one of the main actors of 2011, through incidents such as security breaches of networks belonging to the United Nations, security intelligence firm Stratfor, FBI contractor IRC Federal, US Defense contractor ManTech or the CIA website. Interestingly, some of these incidents, such as the Stratfor hack revealed major security problems such as the storing of CVV numbers in unencrypted format, or extremely weak passwords used by the administrator.
Overall, the rise of hacktivism was one of the major trends of 2011 and no doubt, it will continue in 2012 with similar incidents.
2. The HBGary Federal hack
Although related to the first item on this list, I’d like to point this out as a separate story. In January 2011, hackers from the ‘Anonymous’ hacker collective broke into HBGary Federal’s webserver “hbgaryfederal.com” through an SQL injection attack. They were able to extract several MD5 hashes for passwords belonging to the company CEO, Aaron Barr and COO, Ted Vera. Unfortunately, both used passwords were very simple: six lowercase letters and two numbers. These passwords allowed the attackers to get access to the company’s research documents and tens of thousands of mails stored on Google Apps.
Read more…
Well, here we are, the start of 2012. If you’re like me, you’ve read a bunch of stories online about the top news stories, movies and books of 2011. But what about the top 10 cyber security stories of 2011? That’s what I am here for, to give you the rundown!
This is a very condensed version of an article that will appear in this month’s Virus Bulletin. To get the full details rather than my snippets here, you’ll need to refer to that.
Oh, yeah, in full disclosure, this is really the top 10 stories of January through the first half of November – in order to meet my editing deadline. Now without further ado, here they are.
1. Microsoft shuts down Rustock
For years, the spamming botnet with the biggest footprint was the Rustock botnet. Its characteristics were to “wake up” at a specific time each time day, send tons of spam messages, and go back to sleep. But on March 16, 2011, the US Department of Justice, working with Microsoft, Shadowserver, and some other partners obtained a court order to seize command-and-control servers that were responsible for running the Rustock botnet in the United States. Virtually overnight, spam from Rustock plummeted and has never recovered:
2. Spam volumes go way down
Starting in late 2010 and continuing throughout 2011, something odd happened: spam started to decline. And it didn’t just decline a little, it declined a lot:
What caused this steep decline? The answer: nobody knows for certain. But what we do know is this: the battle against spam isn’t over, it’s just shifted from one form to another.
Read more…
INFORMATION FROM SCAMBUSTERS:
There’s some good news and bad news sprinkled around our annual look at the top scams of the past and coming years.
The good news is that, according to the most recently available research, the number of identity theft and fraud victims in the US has dropped sharply.
The bad news is that, on average, the out-of-pocket cost to individual victims went up, and identity theft remains in the number one slot in our top 10 scams list both in 2011 and 2012.
One other bit of disappointing news: Just as we were all wising up to the “lost inheritance” or money-smuggling types of Nigerian scams, a massive new wave of bogus online romance tricks is pushing them back up the charts.
And, oh yes, lotteries. When will we ever learn that you don’t win lotteries that you didn’t enter and that you should never pay money to collect your supposed winnings? It seems there’s a never-ending supply of victims.
Read more…
Smartphone security firms have reason to worry. Malware threats to Android phones, which have positioned themselves in the smartphone category, are growing.
This time, mobile crooks are targeting certain features that were popular on PCs but are found to be vulnerable on Android phones. For, unlike other smartphones with proprietary app stores, Android phones keep their app stores ‘open’, exposing themselves to attacks by malware writers.
“Android phones are now drawing crooks’ attention. It is easier to launch malware on Android. In most cases, the phones are being compromised by installation of certain applications that exploit the vulnerabilities,” says Shantanu Ghosh, vice-president and managing director, India product operations, Symantec.
The Android phones offer a variety of applications that allow users to operate the phone for requirements that are beyond voice. Typically, smartphone makers offer applications through their app stores. Wresting control of the app stores, however, can allow malware writers to pick vulnerabilities in Android phones.
“Apple’s iPhone too has an app store but the applications that are available on the store are put through a stringent evaluation and it is a closed eco-system. In the case of Android, the eco-system is open and there are multiple app stores. That is precisely why the incidence of malware is high on Android phones,” says Ghosh.
Read more…
The security industry expects the number of cyber-espionage attacks to increase in 2012 and the malware used for this purpose to become increasingly sophisticated.
In the past two years there has been a surge in the number of malware-based attacks that resulted in sensitive data being stolen from government agencies, defense contractors, Fortune 500 companies, human rights organizations and other institutions. (See also “How to Remove Malware From Your Windows PC.”)
“I absolutely expect this trend to continue through 2012 and beyond,” said Rik Ferguson, director of security research and communication at security firm Trend Micro. “Espionage activities have, for hundreds of years, taken advantage of cutting-edge technologies to carry out covert operations; 2011 was not the beginning of Internet-facilitated espionage, nor will it be the end,” he added.
Threats like Stuxnet, which is credited with setting back Iran’s nuclear program by several years, or its successor, Duqu, have shocked the security industry with their level of sophistication. Experts believe that they are only the beginning and that more highly advanced malware will be launched in 2012.
“It is quite possible that we will see another of these threats in the near future,” said Gerry Egan, director of security response at Symantec. Duqu was used to gather design documents from companies that manufacture industrial control systems and could be a precursor to future Stuxnet-like industrial sabotage attacks, Egan explained.
Read more…
Do you use public computers? Maybe to check in on a flight at a hotel? Or a convention kiosk? We have a warning: Criminals could be watching every move you make and recording every key you type.
When John Wetmore travels for work, public computers are his life line for email access. He wonders when he logs on at a library, hotel or coffee shop… who else could be watching?
“My biggest worry when I’m using a public computer is has someone installed spyware on it? There’s spyware on it, then someone can capture the key strokes and know my account and my password and then I’m probably vulnerable,” John figures.
Vulnerable is right. Experts say anyone using public computers may expose themselves to identity thieves waiting to swipe what you type online. We found there are no laws or regulations requiring public computers be secured against spyware programs. As a result some public computers may have safeguards, others may not. Damon Petraglia is a Forensic Computer Investigator, and says this is a growing problem.
Read more…
Although a number of people are out looking for the latest deals on gadgets that Apple and others may offer, scammers are in no doubt interested in capitalizing on the increased interest in purchases and promotions.
E-mail scams and other attempts to coerce people into giving up personal information online is nothing new, however, scammers may make extra effort to use Apple’s popularity.
Recently, MacFixIt reader Martin F. wrote in about a scam e-mail he received regarding an Apple promotion, which, while obvious to many people as a scam, might be enough for others to fall for it.
The e-mail claims it is from Apple Christmas Awards, and mentions that the recipient is a promotions winner. The e-mail is from an account at “rediffmail.com,” which would be the first sign it is not an official Apple e-mail. Additionally, the e-mail asks you to open an attachment, which is a Microsoft Word document.
While the document does not appear to have any malware associated with it, its content is quite obviously a scam. Underneath a large Apple logo, it claims that Apple has created a million iPhone 4S units in commemoration of Steve Jobs, and that winners were selected at random to both receive the phone and an award of around $2 million, from a pool of $250 million that Apple has set aside for this “promotion.”
Read more…
From Facebook to bank accounts, logging in has become somewhat a way of life for internet users. Consequently, so is the threat of identity theft.
Using a strong password is usually enough to beat back attempted break-ins, but hackers have become more and more sophisticated in their approach. Last week, my colleague Christie Nicholson outlined seven methods one hacker used to gain access to emails and other private accounts, some of which included exhaustive efforts such as mining clues from a person’s blog, online legal records and information gleaned from search engines. And as if that wasn’t creepy enough, Simson Garfunkel over at Technology Review recently discussed a few more tricks that involve the vulnerabilities inherent in the technologies we use to sign on.
Here’s a summary:
•Malware that lurks inside your computer. Antivirus programs can detect and remove password-stealing viruses but some bugs can remain undetected for weeks or months after initially infecting the host.
•The giant loophole that is Windows XP. It wasn’t until Microsoft released Windows 7 that the popular operating system was fortified with advanced security features. Not upgrading means you’re that much more at risk.
•Public computers. There’s no way of telling whether an internet cafe are free of viruses or keylogging programs. And many run on Windows XP.
Read more…
The number of malicious apps mobile security firm Lookout has identified in less than six months has doubled to 1,000, according to a report from Lookout to be released tonight.
The vast majority of those dubious apps are found on third-party app stores and alternatives to the official Android Market, the company said.
“2011 has seen the emergence of a credible field of Android malware with a 4 percent yearly likelihood of an Android user encountering malware, which was a significant increase compared to the beginning of the year. In the beginning of 2011 we measured a 1 percent yearly likelihood,” Lookout says in its report, titled “Malwarenomics: 2012 Mobile Malware Predictions.”
“The U.S. is in the middle of the pack in terms of mobile malware compared to other countries, including Russia, Israel and China,” said Derek Halliday, senior security product manager at Lookout.
Meanwhile, Android users are increasingly at risk–like users on all mobile platforms are–of unwittingly clicking on links that lead to malware and phishing sites.
Read more…
