We believe this is well worth reading. Cybercriminals have been busy this week running scams that target Facebook users, college basketball fans, and celebrity gossip watchers. Security experts are warning about recent attacks with nasty payloads. One widespread attack was a common ploy security researchers call the Facebook Password Reset Scam. The cybercriminals send an e-mail addressed to "user of Facebook" that reads, "Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in the attached document." McAfee reports that this scam is global. The attachment is malware with downloaders, password-stealing Trojans, fake antivirus software, or bots. The scam ranked six on McAfee's Global Virus Map Top 10, and accounted for as much as 10 percent of the infected e-mail that its software-as-a-service unit is witnessing. "As we had previously discussed in our 2010 Threat Predictions, social-networking sites will continue to be a favorite social-engineering lure for cybercriminals to distribute malware," said David Marcus, research labs manager at McAfee. "Make sure you are protected and educated." March Virus Madness At a time when college basketball fans are going wild, cybercriminals are actively pursuing opportunities for scams. Basketball fans go online to fill out bracket selections, and when they do, hackers are also playing their own game of spamdexing, i.e. manipulating search results to promote sites, according to James Duldulao, a security researcher at McAfee. In this case, he explained, cybercriminals are spamdexing malware-infected sites. This week, the top results for terms like "ncaa bracket" and "march madness predictions" were poisoned. McAfee reports that five out of the first 10 hot searches on Google Trends are being promoted by a network of legitimate sites that were hacked to serve malware. One site had an embedded Flash file that downloads malware from another site and installs it without user interaction. "Who would have thought that a simple, harmless-looking site with only a bunch of March Madness-related texts as content and not even a single pop-up or web ad could be that dangerous?" Duldulao said. "This simple, yet very sneaky and effective technique of downloading malware through exploitation, also called a 'drive-by download,' will surely infect a lot of users, especially users with no virus and malware protection." Gossip Doesn't Pay Celebrity news is also driving malware. Sophos senior security consultant Graham Cluley noted how the Internet is full of gossip about the marriage between Sandra Bullock and Jesse James after accusations that James was having an affair with tattoo model Michelle McGee. "With such a hot-trending story, it's no surprise that hackers have not been slow in exploiting the interest to their own advantage, taking the opportunity to spread their attacks disguised as content related to the breaking news," Cluley said. "Sure enough, we are seeing web pages appearing high in search results -- through the hackers' use of search-engine optimization techniques -- which point to dangerous web pages." -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://accessible-devices.com/pipermail/a-d_accessible-devices.com/attachments/20100322/3da91d8b/attachment.html> This is an Announce only list. Subscribers are not able to post to this list. To unsubscribe from the Accessible Devices list copy the line below. Paste it inthe To: line of a blank message and send it. a-d-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx You may download our podcasts from this link, http://www.accessible-devices.com/Podcasts.html Or if you're using a podcatcher of some type the subscribe URL is. http://www.accessible-devices.com/feed.xml Visit our website at: www.accessible-devices.com Please feel free to pass this message on to a friend who might like to subscribe. To subscribe to Accessible Devices send a blank e mail to: a-d-subscribe@xxxxxxxxxxxxxxxxxxxxxx Just follow the directions in the confirmation message when it comes. Please Note: Accessible Devices is not able to provide tech support for software or products that we supply information about.