[infoshare] Fw: Accessible Devices Beware FaceBook Users and College Basketball fans
- From: "Luis Guerra" <free_speech@xxxxxxxxxxx>
- To: <"Undisclosed-Recipient:;"@freelists.org>
- Date: Mon, 22 Mar 2010 10:28:33 -0400
We believe this is well worth reading.
Cybercriminals have been busy this week running scams that target Facebook
users,
college basketball fans, and celebrity gossip watchers. Security experts are
warning
about recent attacks with nasty payloads.
One widespread attack was a common ploy security researchers call the
Facebook Password
Reset Scam. The cybercriminals send an e-mail addressed to "user of
Facebook" that
reads, "Because of the measures taken to provide safety to our clients, your
password
has been changed. You can find your new password in the attached document."
McAfee reports that this scam is global. The attachment is malware with
downloaders,
password-stealing Trojans, fake antivirus software, or bots. The scam ranked
six
on McAfee's Global Virus Map Top 10, and accounted for as much as 10 percent
of the
infected e-mail that its software-as-a-service unit is witnessing.
"As we had previously discussed in our 2010 Threat Predictions,
social-networking
sites will continue to be a favorite social-engineering lure for
cybercriminals to
distribute malware," said David Marcus, research labs manager at McAfee.
"Make sure
you are protected and educated."
March Virus Madness
At a time when college basketball fans are going wild, cybercriminals are
actively
pursuing opportunities for scams. Basketball fans go online to fill out
bracket selections,
and when they do, hackers are also playing their own game of spamdexing,
i.e. manipulating
search results to promote sites, according to James Duldulao, a security
researcher
at McAfee. In this case, he explained, cybercriminals are spamdexing
malware-infected
sites.
This week, the top results for terms like "ncaa bracket" and "march madness
predictions"
were poisoned. McAfee reports that five out of the first 10 hot searches on
Google
Trends are being promoted by a network of legitimate sites that were hacked
to serve
malware. One site had an embedded Flash file that downloads malware from
another
site and installs it without user interaction.
"Who would have thought that a simple, harmless-looking site with only a
bunch of
March Madness-related texts as content and not even a single pop-up or web
ad could
be that dangerous?" Duldulao said. "This simple, yet very sneaky and
effective technique
of downloading malware through exploitation, also called a 'drive-by
download,' will
surely infect a lot of users, especially users with no virus and malware
protection."
Gossip Doesn't Pay
Celebrity news is also driving malware. Sophos senior security consultant
Graham
Cluley noted how the Internet is full of gossip about the marriage between
Sandra
Bullock and Jesse James after accusations that James was having an affair
with tattoo
model Michelle McGee.
"With such a hot-trending story, it's no surprise that hackers have not been
slow
in exploiting the interest to their own advantage, taking the opportunity to
spread
their attacks disguised as content related to the breaking news," Cluley
said. "Sure
enough, we are seeing web pages appearing high in search results -- through
the hackers'
use of search-engine optimization techniques -- which point to dangerous web
pages."
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://accessible-devices.com/pipermail/a-d_accessible-devices.com/attachments/20100322/3da91d8b/attachment.html>
This is an Announce only list. Subscribers are not able to post to this
list.
To unsubscribe from the Accessible Devices list copy the line below. Paste
it inthe To: line of a blank message and send it.
a-d-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
You may download our podcasts from this link,
http://www.accessible-devices.com/Podcasts.html
Or if you're using a podcatcher of some type the subscribe URL is.
http://www.accessible-devices.com/feed.xml
Visit our website at:
www.accessible-devices.com
Please feel free to pass this message on to a friend who might like to
subscribe.
To subscribe to Accessible Devices send a blank e mail to:
a-d-subscribe@xxxxxxxxxxxxxxxxxxxxxx
Just follow the directions in the confirmation message when it comes.
Please Note: Accessible Devices is not able to provide tech support for
software or products that we supply information about.
Other related posts:
- » [infoshare] Fw: Accessible Devices Beware FaceBook Users and College Basketball fans - Luis Guerra
