The Great Years: 2004-2010
Microsoft and Oracle both announced monster-size patch Tuesday releases this month.
Microsoft Security Bulletin Summary for October 2010:
http://www.microsoft.com/technet/security/bulletin/ms10-oct.mspx
Oracle Critical Patch Update Advisory – October 2010
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
Tom Kelchner
I thought it might be useful to rip a little bit out of my HacKid presentation and post it here. The section in question deals with the most popular scams that are floating around in gaming land. If your kids avoid these, they have a very good chance of hanging on to their accounts, money and other assorted spangly things.
1) Phishing. Yes, I’m walking into Captain Obvious territory here but hey – it works. A typical collection of twenty seven pages worth of stolen logins will drink to that, and there’s plenty of room at the bar.
Click to Enlarge
There’s a fair amount of national / public holidays coming up in many countries, and worth noting that there will be holiday themed phishes out there too. Microsoft do tend to get involved in regional deals during holiday seasons, so a carefully crafted fake email combined with a site such as the one below will work wonders:
Click to Enlarge
2) Used console sales. When people do naughty things with their games consoles, Microsoft hits them with the banhammer. Their expensive console is no longer able to play online, and is about as much use as a toaster. A lot of the various types of cheating means the scammer has to change parts inside the console, which of course breaks the warranty sticker in half.
What do they do? They jump onto EBay, and buy a bunch of warranty stickers “for their collection”.
Click to Enlarge
I guess these replaced Pokemon cards. Anyway, they put the sticker on and take it back to the place they purchased it from – the shop may well put it back on the shelves, at which point some random person ends up buying a banned console.
Click to Enlarge
Selling banned consoles is also a popular past time on EBay, so buyer beware – especially if the seller is called something like “Leetxboxhax0r” or whatever.
3) Fake programs. The staple diet of Youtube video watchers everywhere, fake programs have been around forever but seem to be particularly attractive to young gamers. I mean, they do look nice:
Click to Enlarge
At best, your kid will fill in a survey (handing over a bunch of personal information to marketers) in return for a non functional program. Worst case scenario? The program will steal their login information, or dump infection files onto your PC and start trying to steal a whole lot more.
The other kind of fake program is the kind the scammer will tell you about, but not physically show you. They ask your child to send them information, or logins, or points that they’ve purchased legitimately so they can “double” them via some magical method only they know about.
Click to Enlarge
Click to Enlarge
If you bought your child 2,000 Microsoft points and they then send the scammer the redemption code, they won’t double anything – they simply enter the code themselves and keep the points.
Whenever you see a site claiming to have found a “glitch” in Microsoft servers, or a group of ex-Microsoft coders have come together to give you a bunch of freebies you can bet it is one huge scam. Example:
4) Big name, big target. You can set your watch to the fact that the moment a big name title is on the way, scammers will be all over it. Fake programs offering extra items, surveys to grant access to fictional Beta tests, phish mails that also promise Beta access…all of these scams will hit the ground running, usually driven by phony Youtube video campaigns (complete with the usual fake “This worked, yay” comments from Youtube users that are actually friends with the scammer).
Click to Enlarge
Knowing that some users will be suspicious of freshly registered Youtube accounts singing their praises, the scammers will first steal a bunch of Youtube logins – the older the account, the better – which will look a lot more convincing to a younger user.
Click to Enlarge
Additionally, we see Rogue SEO scammers pushing fake antivirus products focusing on searches related to specific elements of games (usually the most difficult ones). At that point, you could end up with programs on the PC you’d rather not want so extra caution is advised.
There are other ways of acting maliciously, of course – but the above examples are the ones I tend to see recycled over and over again. Feel free to throw in any examples you’ve seen doing the rounds.
Christopher Boyd
The GFI Sunbelt Software Malware Minute video is available for your viewing pleasure on the Sunbelt Software YouTube channel (and below).
Malware Minutes are short videos (1-2 minutes) that will provide a weekly roundup of top stories from the GFI Sunbelt Software Blog, the GFI Sunbelt Rogue Blog and anything else we think might be of interest.
Tom Kelchner
I’ve just returned home from Boston, having taken part in one of the most interesting, original and awesome conferences I’ve ever seen.
Step up HacKid, a conference geared towards “providing an interactive, hands-on experience for kids and their parents which includes things like staying safe online, how the internet works, manipulating hardware / software for fun, meeting law enforcement, low impact martial arts, podcast creation, Makerbot building” and an awful lot more to boot.
I’ll be honest, I wasn’t sure if it would go without a hitch or end up like a scene from 28 Days Later. However, I’ve seen adult conferences that haven’t run as smoothly as this one. Turns out you CAN fill a Microsoft Research Center with small children and watch them learn about security basics, technology, programming languages like KODU, building things and the many, many definitions of what a “hacker” can be and what those same hackers can do in a positive manner.
Plus, we had a Hoverdrone that you could control with an iPhone.
My talk was a shorter, retooled and updated version of the gaming security preso I wheeled out at SecTor. Of particular note to the parents was the “Five top scams to avoid”, which seemed to cause a few “Oh, so THAT’S what it was” type glances around the room. Besides the parents, there were kids of all ages present (from about five up into the teens range) and I was surprised to see most young children were quite happy to sit and listen about security stuff, although I made sure my ramblings were restricted to about 30 minutes tops with time for questions if needed. My only suggestion here would be to maybe have a dedicated “Teens” track session – while the parents of the younger children present are now swimming in “things to avoid”, I’m not 100% certain the very young kids can handle a 30+ minute talk.
There were also security presentations from Microsoft themselves courtesy of Jeff Williams, and a number of other security themed chats throughout both days.
Additionally, you could feast your eyes upon robots that make stuff:
Makerbots are pretty amazing bits of kit – the one below was given away in a raffle on the second day:
That’s a “before” shot, by the way. It looked more like this by Day 2:
I also helped to plug three wires in, and it didn’t explode or anything so that’s a bonus.
Lockpick village:
He has amazing Star Wars tattoos on every square inch of his arms, by the way.
I particularly liked the “anything goes” atmosphere – I found myself getting involved in a talk regarding the many meanings of the word “Hacker” in populare culture across both days.
What particularly blew me away was on Day 2, we all had to wear protective eye goggles.
The reason? A row of kids at the front were shooting us in the face with DIY marshmallow guns.
I tell you what, I never got shot in the face at RSA or InfoSec Europe. Tough crowd!
Now the event is over and people have hopefully arrived home in one piece, I’m starting to see some blog posts go up. I’ll add more as I see them, and you can see my photos here. Hackid was a definite success, and with any luck you’ll be seeing more Hackid events popping up both in America and elsewhere – I believe there’s an upcoming event scheduled for DC to kick things off, and we’ll see how it goes.
Kudos to Microsoft for hosting the event, all of the sponsors and everyone that took part. I had an excellent time, parents and their children picked up lots of useful skills & information and the organisers should be very proud of their efforts.
More please!
Christopher Boyd
This turned up today: new fake codec scam masquerading as a VLC video player plugin error message. In reality, clicking on the “install” button will result in a download of the Security Essentials rogue security product.
(click graphic to enlarge)
In the event you stumble across it and just must watch 10,000 adult movies (or whatever), go to the real VideoLAN plug-in download site here: http://www.videolan.org/
If you are “unwise” enough to fall for the scam, you’ll get this: the Security Essentials rogue (GFI Sunbelt Rogue Blog here: http://rogueantispyware.blogspot.com/2010/02/security-essentials-2010.html)
(click graphic to enlarge)
Thanks Patrick.Thanks Adam.
Tom Kelchner
World of Warcraft hits 12 million subscribers world wide
Blizzard Entertainment has issued a news release saying that the number of subscribers to World of Warcraft has hit 12 million worldwide.
“This milestone was reached in the wake of the mainland Chinese launch of World of Warcraft’s second expansion, Wrath of the Lich King, and also as global anticipation continues to mount for the December 7 release of the game’s third expansion, Cataclysm,” they said.
WOW, which is played by people speaking eight languages, began in North America, Australia and New Zealand in 2004, the company said. It is now the most popular massive multiplayer online role-playing game (MMORPG) and is keeping people up waaaay too late at night in North America, Europe, mainland China, Korea, Australia, New Zealand, Singapore, Thailand, Malaysia, Indonesia, the Philippines, Chile, Argentina and the regions of Taiwan, Hong Kong, and Macau.
The security picture
Online games, unfortunately, are no longer just fun and games. With the vast, vast audience they have, games are a serious part of the computer security landscape. Players who subscribe at a cost of $13-15 US per month are often the targets of password snatching phishing attempts. We’ve documented some of these and written about the gold-farming – largely in third-world countries – that takes an industrial approach to accessing online game accounts to steal virtual goods and turn them into real money.
Our man in the UK, Chris Boyd, has become a specialist in spotting the hacks, social engineering and scams in the gaming world and blogging about them here on the GFI Sunbelt Blog. It looks like he’s going to have work for some time into the future.
Blizzard Entertainment news release here.
Tom Kelchner
Our rogue specialist Patrick Jordan has found a new delivery mechanism for the rogue security product SecurityTool. It’s a fake Adobe Flash Player update (fake codec) on malicious web sites.
Specifically, you might find this if you go looking for naked lady pictures in the .pl (Poland) top level domain.
(click on graphic to enlarge)
Thanks Patrick.
Tom Kelchner
Why go the trouble of writing new code if you can “borrow” it from somewhere else. Our rogue researcher (in more ways than one) Patrick Jordan has pointed out the similarities in design elements in Web pages used by online scanner scams for the Trojan DNSChanger and four recent rogues.
The “System Folders” portion of the graphic is used in three of them. The “Your computer is infected!” graphic twice. “System scan progress” is used twice. The fake “Windows Security Alert” box three times.
1. “Online Protection:” Trojan DNSChanger
2. “Windows Security:” The FakeAlert for the Security Essentials rogue
On Rogue Blog: Security Essentials
3. “Wait a minute!” SecurityTool rogue
On Rogue Blog: SecurityTool
4. “Security Analysis:” FakeVimes family of rogues (most current is SmartSecurity.FakeVimes)
On Rogue Blog: SmartSecurity.FakeVimes
5. “Warning!” Antivirus Plus rogue
On Rogue Blog: Antivirus Plus
Thanks Patrick
Tom Kelchner
Microsoft has issued its advance notification for October’s Patch Tuesday. The company said it will release 16 security bulletins next week.
Microsoft Office
Two for Microsoft Office marked “important” will patch remote code execution vulnerabilities.
Microsoft Server Software
One for Microsoft Server Software marked “important” will fix information disclosure vulnerabilities.
Windows and IE
One for Microsoft Windows and Internet Explorer marked “critical” will fix remote code execution vulnerabilities.
Windows
Three for Microsoft Windows marked “critical” will patch remote code execution vulnerabilities.
Two for Microsoft Windows marked “important” will patch elevation of privilege vulnerabilities.
Three for Microsoft Windows marked “important” will patch remote code execution vulnerabilities.
One for Microsoft Windows marked “important” will patch elevation of privilege vulnerabilities.
One for Microsoft Windows marked “important” will patch denial of service vulnerabilities.
One for Microsoft Windows marked “moderate” will patch remote code execution vulnerabilities.
One for Microsoft Windows marked “moderate” will patch tampering vulnerabilities.
Microsoft Security Bulletin Advance Notification for October 2010 here.
Tom Kelchner
Hmmm. That’s not what the source code says
We started out the day fat fingering the spelling of “youtube.com” and ended up at the typo squatting site behind the URL “youube.com.” youube.com redirects you to http://youtube.com-prizes.com – obviously a URL intended to make you think it’s really YouTube.
(click on graphic to enlarge)
Like so many of these “survey” scam web sites, the offer was available “today only: Thursday, October 7, 2010.” Obviously, this is to add a little bit of sales pressure to make a visitor go for the prize ASAP, or at least before midnight.
Looking for the deeper meaning of life (or at least this site), we checked the page source code. The text “today only: Thursday, October 7, 2010” isn’t in there. There is, however, JavaScript to pull whatever day the page is viewed and put it in the viewer’s browser.
(click on graphic to enlarge)
Well, there’s nothing illegal about that. But it’s a little html code giveaway that the folks running this thing aren’t exactly the most morally upright people who ever created a Web site, not that the typo squatting didn’t give that away already.
We took the survey of trivial questions and selected our prize: an Apple iPad and iPhone 4. That’s a retail value of $700-$1,130 (depending on options) from a leading on-line retailer. Now that’s not too good to be true or anything – YouTube gives away gear worth nearly a thousand dollars after you answer some inconsequential questions on a survey?
(click on graphic to enlarge)
But of course you then head into the old survey loop:
“Compete to win $50,000!” — $9.99 to $19.99 per month (billed to your cell phone)
(click on graphic to enlarge)
“Connect with Singles Anytime Anywhere!” — $6.99 to $19.99 per month (billed to your cell phone)
(click on graphic to enlarge)
“Get the Best Horoscopes Sent Right to your Cell Phone!” $9.99 per month (billed to your cell phone)
(click on graphic to enlarge)
“HOTTEST” flirting tips sent right to your mobile phone!” $9.99 per month (billed to your cell phone)
(click on graphic to enlarge)
Somehow there’s no mention of the iPhone and iPad that was “available TODAY only.”
BUT WAIT! THERE’S MORE!
If you try to navigate away from the page of course, as we’ve come to expect in these sorts of things, we see this:
(click on graphic to enlarge)
Tom Kelchner
Our man in the UK Chris Boyd got this via a contact. It was from a Twitterer who obviously had his Twitter login stolen:
(click on graphic to enlarge)
(Twitter apparently is filtering this URL at this point.)
The link led to a phishing page that used the deceptive tactic of showing an error message: “Wrong Username/Email and password combination.” You login, it steals your Twitter password, sends the above Tweet to all your contacts and continuing rounding up passwords.
(click on graphic to enlarge)
If you’re “ill-informed” enough to log in to the phishing page, it snatches what ever username and password you’ve entered and passes you along to the Twitter log-in page. We made up a username and password and it took them. The real Twitter log-in page would have given you an error notification.
There are two pieces of evidence here that you’ve been phished: Firefox asks if you want it to remember the password which you just gave to my3gb.com – obviously the phishing site (up since July 12). And there’s the Twitter “sign in” button on the page. That wouldn’t be there if you had really logged in.
(click on graphic to enlarge)
This is phishing. The safe practice in this situation is: don’t log into pages that you get as links in emails. Go to the site yourself: type in the URL or use your bookmark.
Thanks “Just_this_time”
Tom Kelchner
How does one say in French: “We’re gonna make an example out of you, boy”
The Toronto Sun is reporting that convicted spammer Adam Guerbuez of Montreal has been ordered to pay $1 billion to Facebook by Quebec Superior Court. The court was upholding a U.S. Federal court fine that resulted from a wave of four million spam ads sent to Facebook users in 2008.
Guerbuez did not contest the Sept. 28 Quebec Superior Court ruling.
The Sun wrote: “According to Facebook, Guerbuez fooled its users into providing him with their usernames and passwords. One method was the use of fake websites that posed as legitimate destinations.
“After Guerbuez gained access to user’s personal profiles, he used computer programs to send out millions of messages promoting a variety of products, including marijuana and penis-enlargement products, Facebook said.
“(Superior Court judge) Fournier wrote that Guerbuez has earned ‘very significant revenues’ from his online business.”
Guerbuez appears to have maintained a very high public presence on his Web site adamguerbuez.com since 2008 and even scheduled a news conference today.
The site includes photos of the very substantial Guerbuez in casinos as well as shots of plates of food in what appears to be a very nice Montreal restaurant.
His first 2008 blog posts were to deny reports that police had raided his home and that he had an extensive criminal record.
Tom Kelchner
We fixed the title. The $1 billion was Canadian dollars. That’s US$873 million.
The GFI Sunbelt Software Malware Minute video is available for your viewing pleasure on the Sunbelt Software YouTube channel (and below).
Malware Minutes are short videos (1-2 minutes) that will provide a weekly roundup of top stories from the GFI Sunbelt Software Blog, the GFI Sunbelt Rogue Blog and anything else we think might be of interest.
Tom Kelchner
Money mules are an essential cog in the machinery of international Internet theft. Commonly they are recruited through an Internet job site or via spam email by off-shore thieves.
The thieves use spear phishing or other means to get the banking credentials of businesses, government bodies or non-profit groups. They transfer money from their victim’s banks to their money mules’ bank accounts. The mules are told to wire the cash to the thieves via untraceable international transfer services minus a 10 percent commission.
Here is a recruiting spam email. The attachment “Position offer!” is a text file. That’s to avoid email filtering.
(click on graphic to enlarge)
Your first line of defense is: DON’T OPEN SPAM ATTACHMENTS!
But, let’s assume you’re desperate for a job and bite at this.
If you do read something like this, look for bad English grammar and non-standard capitalization, punctuation and spelling.
(Below we’ve cut just the important parts out of a monster 920-word document.)
The pitch:
Dear Sir/Ma,
Would you like to work online from Home/Temporarily and get paid weekly? We are glad to offer you for a job position at our company, Tangram Interior We need someone to work for the company as a Representative/Bookkeeper in the USA. This is in view of our not having an office presently in the USA.
The bait (which is always WAAAY too good to be true):
* The average monthly income is about 4000.00 USD.
* No form of investments from you.
* This job takes only 1-3 hours per day
The setup:
Your tasks are;
1. Receive payment from Customers
2. Cash Payment at your Bank
3. Deduct 10% which will be your percentage/pay on Payment processed
4. Forward balance after deduction of percentage/pay to any of the offices you will be contacted to send payment to. (Payment is to be forwarded by Western Union Money Transfer).
Who to contact to hook yourself:
A swift acknowledgment of the receipt of this email will be appreciated.
Thanks For Your Total Understanding.
Harry Jones,
Staffing and Recruiting Dept,
Regional Manager,
Tangram Interior.
jones.harry98@mail.com
The defense: do some research:
A Web search for “Tangram Interior” turned up the company’s web site. Checking out their location(s) revealed this:
(click on graphic to enlarge)
A vast, sprawling corporate headquarters in Santa Fe Springs, Calif., as well as huge locations in Santa Ana, Woodland Hills and Riverside, Calif.
Does that seem like a company that has no accounts-receivable staff in the U.S.?
Do you think it’s going to be offering jobs using a non-company email account? (jones.harry98@mail.com).
And, a check of Tangram’s “employment” page turns up this:
“Important public notice.
“Our Company is a victim of an Internet scam. Unscrupulous individual(s) are using our Company name and our website to perpetrate a fraud. If you receive an email regarding a job opening that invites you to work from home and process payments (money orders or money drafts) please do not respond.”
. . .
That’s a whole lot of clues.
Tom Kelchner
Advertising Option Icon
A coalition of media and marketing associations announced today that they are encouraging their members to begin using an Advertising Option Icon to allow Web users to opt out of online behavioral tracking.
The program encourages companies to:
— Inform consumers about their data practices through clear, meaningful and prominent notices.
— Display the Advertising Option Icon so that consumers can easily find out about online behavioral advertising, learn about the data practices associated with advertisements they receive, and opt-out if they choose.
— Register to receive information about how to be listed on the Consumer Opt-Out Page, where consumers will be able to easily opt-out of receiving online behavioral advertising from some or all participating companies.
They encourage consumers to:
— Learn about Online Behavioral Advertising: If you’re an online user, you can find out more about online behavioral advertising and how it helps provide you with more relevant advertising on the websites you visit. You’ll learn how online advertising supports the free content, products and services you use online; what choices you have; and how to use browser controls to enhance your privacy.
— Exercise Your Choice: This fall, consumers will have an opportunity to conveniently opt-out from online behavioral ads served by some or all participating companies, if they choose.
Participating Associations
— American Association of Advertising Agencies
— American Advertising Federation
— Association of National Advertisers
— Better Business Bureau
— Direct Marketing Association
— Interactive Advertising Bureau
— Network Advertising Initiative
— American Association of Advertising Agencies
— American Advertising Federation
— Association of National Advertisers
— Better Business Bureau
— Direct Marketing Association
— Interactive Advertising Bureau
— Network Advertising Initiative
Program Website here.
Tom Kelchner
Update:
Last week the story was making the rounds that a committee in the U.S. Senate is working on legislation for the next session of congress that would include a do-not-track list for Web advertisers.
Senate Commerce Consumer Protection Subcommittee Chairman Mark Pryor, D-Ark., said his objective is to give consumers more control over how much tracking they want to allow.
Privacy advocates and Federal Trade Commission Chairman Jon Leibowitz have said they favor creation of a do-not-track list.
Story here: Measure Would Give Consumers More Control Over Web Tracking
Wire $11,000 for bail + $600 handling and don’t tell anybody
The phone or email scam, in which a scammer claims that a friend or relative is stranded in a foreign country, is still out there. Here is a first-person account by a grandmother in northeastern U.S.:
“On Thursday morning, I got a call which I thought was (grandson) — although I said to the voice on the other line ‘This doesn’t sound like (grandson).’
They gave a plausible excuse and I went on from there.
“The voice said they were in jail in Canada and it involved drugs found in their car. They wanted me to send two wires of $5,500 each from Western Union — one in KMart and the other in the Weis store. It was money he needed to get out of Canada and bail money. It was to be sent by Friday morning and I wasn’t to tell anyone because if word got out, (grandson) would have a drug record.
“This contact in Canada was a Sergeant Banyon. He gave me his telephone number and I was given my instructions.
“The so-called sergeant instructed me how I was to get the money out of the bank and if they questioned me about that I was to say it was to buy a car!!!
“This money was to be sent to Miami to a foreign named person. Also, I was to add $600 for wiring.
“Fortunately (son#3 – grandson’s uncle) walked in at that moment and I just couldn’t stand another minute and begged him not to tell anyone about this or (grandson) would suffer. Well, (son#3) called (grandson’s father) and then the ‘you know what’ hit the fan. He was working in northern Pennsylvania. He did take time to tell his company or boss or someone in charge what was going on and they had two company people ready to fly to Canada.
“(Other grandson) said ‘Why don’t you call (grandson’s) cell phone’ — which they did and (grandson) was in class at (college.)
“All the red flags were in place and when they presented the demand that you do this, or ‘this’ will happen, every sane thought drains from your brain. In addition to everything else, I don’t know how I’d have gotten to the bank since I felt too bad to drive and I surely couldn’t have walked.
“At any rate, (grandson’s father) got a chance to curse this caller back with words I can’t repeat. There’s lots more side stories to this, but I think I’ve aged 10 years — which at this point in my life I don’t need.”
Tom Kelchner
The “like” function on Facebook has always seemed such a friendly thing. It’s an Internet-age way for Facebookers to engage in that most primal of conversation pleasantries: “hey, I like that too.”
It’s just amazing that it’s turned into such an effective vector for cheap advertising, affiliate click sucking and bait for rogues and malicious web sites. The words “tawdry” and “silly” also come to mind in the case at hand.
(Click on graphic to enlarge)
Today we checked out what was behind a surge of Facebook “like” messages about a girl committing suicide. This seems to be a theme in the last month. There were several campaigns going on at once and some were “liked” tens of thousands of times.
(Click on graphic to enlarge)
We’ll give away the ending here really fast. In order to see the suicide story you were required to install adware. Your reward was a link to a six-month-old news story on an Indian entertainment news site.
For some odd reason we were required to “verify” our age and when we failed we were required to complete a short quiz, which was really not a quiz:
We are 19 years old according to the goat Facebook account that these folks had access to, but, no matter, we chose to play Pac Man in order to “unlock” the content. That, of course, required us to install an innocuous, though annoying piece of adware.
(Click on graphic to enlarge)
That “unlocked” the premium content.
(Click on graphic to enlarge)
And our prize was…
(Click on graphic to enlarge)
…a link to a February news story on an Indian entertainment news site “NewsofAP” (which has nothing to do with the Associated Press except the cachet of the letters “AP,” we might point out.)
That took us down a rabbit hole into another whole wacky Internet wonderland:
Their “about us” includes the line that they use “’IMPARTIALITY’ as a weapon.” They also write that although they will be reporting “gossips” they assure their readers that they will double check with the “concerned people to make sure they are quite authentic.”
Thanks Wendy and Matt.
Tom Kelchner
We’re seeing quite a few posts on various social networking sites such as Facebook regarding a program that claims to hack the guts out of Modern Warfare 2 on XBox, Playstation and PC before turning you into an unstoppable super soldier of doom.
Click to Enlarge
The “program” is called ModBox, weighs in at 319KB and is completely useless. That doesn’t matter to the creators, who have put up a number of blogs promoting not only the program, but fake “past versions” of said program too:
Click to Enlarge
All very convincing to the average gamer in need of a quick cheating fix.
To get your hands on the program, they follow the well worn tactic of asking you to spam the living daylights out of Facebook, then fill in a Sharecash survey.
Click to Enlarge
28,220 people have hit the “Like” button on Facebook for this so far. I wonder how many of them still liked it after signing their life away to surveys only to see this on the desktop:
Click to Enlarge
Can you say Boom, Headshot?
Christopher Boyd
Since Monday there has been a bit of a deluge of Linkedin scam mails that redirect the end-user to Zeus data theft malware. It’s worth pointing out that these emails are still doing the rounds:
Click to Enlarge
In addition to drive by exploits attempting to install Zeus without permission, some of the sites are using the old “Upgrade your Flash player to continue” trick which will no doubt snare a few more victims. If you absolutely cannot live without using Linkedin via emails, it might be worth forcing yourself to switch to using site based communication only for the time being. Failing that, at least grab Noscript and make your browsing a lot safer.
Christopher Boyd
National Cyber Security Awareness Month — held every October since 2004 — is a “national public awareness campaign to encourage everyone to protect their computers and our nation’s critical cyber infrastructure,” according to the organizers
It’s a cooperative venture of:
— Department of Homeland Security (DHS)
— National Cyber Security Alliance (NCSA)
— Multi-State Information Sharing and Analysis Center (MS-ISAC)
The focus is promoting safe computing practices for home users, schools, businesses and governments to help them protect their computers, children and data.
More information on the Stay Safe Online site here.
Stay Safe Online has a very comprehensive page of security resources here.
Tom Kelchner