Before we get started, are you running a Windows operating system with anti-virus software that’s up to date?  No?  Please stop reading this and go get that under control.  If you need AV software, see Dave’s post on FREE AV.  We’ll wait for you

We’ve talked about the current malware trends and I’m sure that’s not a surprise to anyone but I saw a couple reports recently that did surprise me.  Malware is being found in some very odd places.

Symantec researchers discovered malware lurking in software that monitors the charging status on a USB battery charger

Panda labs discovered malware on a new cell phone distributed by Vodaphone. They discovered variants of the mariposa bot and conficker…

It’s not clear how this happened but it’s obvious that the affect of malware is far reaching and can leak into our lives in unlikely ways.  It’s not the first time malware has been discovered in pre-packaged devices.  In 2008 there were reports of malware showing up in digital picture frames.

Message: Be cautious! Make sure you have anti-virus software running and keep it up to date.

Have any interesting virus stories? We want to hear about it.

No related posts.

Spammers harvesting emails from Twitter in real time!

As if you didn’t have enough things to worry your pretty heads about, spammers have figured out a simple email harvesting trick using Twitter. This is too easy. Straightforward queries for tweets containing, “gmail.com”, “email me at”, “contact me at” etc. reveal thousands of tweets that can be quickly scraped and harvested with a script.

TIP: Never reveal your email openly on Twitter. DM only!

Attackers, like marketers, are targeting brands better

I work in an ad agency, so I can tell you firsthand, marketers are getting damn good at targeting niche audiences and individuals. Unfortunately, so are online criminals. According to Cyveillance’s 2009 Cyber Intelligence report [PDF]:

“Cyveillance determined that during the second half of 2009, 399 brands were first-time targets of phishing attacks, nearly double the amount of first-time targets than in the first half of the year. Averaging more than 36,000 confirmed, unique attacks per month in the same period of 2009, phishing attacks continue to succeed, the report says.”

Points for style

While the Koobface gang (responsible for the Koobface botnet and several online pranks) may be somewhat nasty, you have to give them points for style and humor.

No related posts.

Wow, busy week for feds and hackers alike!

Mariposa Botnet netted and doused in formaldehyde

UPDATE: New details have emerged about the size and complexity of the Mariposa botnet. Apparently Mariposa dwarfed the attacks from Estonia and Georgia, and contained details on over 800,000 people.

Investigators in Spain shut down the Mariposa botnet, finding out the perps weren’t the sophisticated geniuses they expected.

“They’re not like these people from the Russian mafia or Eastern European mafia who like to have sports cars and good watches and good suits — the most frightening thing is they are normal people who are earning a lot of money with cybercrime,” said Cesar Lorenza, a captain with Spain’s Guardia Civil.

Blippy = TMI

For the life of me, I cannot figure out why anyone would use this service. Blippy allows you to post your purchases—in real time—to credit cards, ecommerce sites, etc., publicly and let your friends like or comment on your purchases. Seriously. Dancho Danchev’s post, Does Blippy really pose a security risk? is a must-read wake-up call for anyone using or planning to use this service. Hint: Don’t. Even Web Celebs like Leo LaPorte post rather sizable purchases on Blippy, making question whether or not he realizes what a target he is making himself into.

Botnets are ruining your inbox

Good lord. As if Mariposa wasn’t causing enough mischief, two other botnets, Grum and Rustock are accounting for nearly half of all spam, most of it Canadian pharma scams.

iPhones users targeted for scams

This scam is pretty ingenious in an evil way. According to the MarkMonitor blog,

“This recent attack also stands out because it utilizes some advanced technologies and suggests possible directions of future cybercriminal activity. First, the attack uses server-side logic that hides the phishing site unless it is accessed through the browser produced by the smartphone company. Second, the attack uses additional protective technology in the form of a fast-flux network, which hides the phishing site behind a dynamic network of ever-changing proxies. These two smart technologies demonstrate how cybercriminals continue to focus their efforts on making their attacks targeted, stealthy, and resilient.”

Choosy hackers choose PDF

According to a recent report of more than a trillion Web requests, PDFs were responsible for a staggering 80% of all exploits targeted at Adobe Reader vulnerabilities. The report (ironically itself a PDF) mentions that Flash-based attacks actually dipped from 40% to 18% in Q4 2009 while malicious PDFs rose from 56% to 80%.

More stories tomorrow. Lots going on! What do you think of Blippy? Too much info? Let us know!

No related posts.