Gee Thanks! I’ve been working out! …..oh wait a minute! What video??? CLICK!!!!

That was probably the script the culprit had in mind …and who knows how many times it played out.

I received the following message in my email inbox earlier from a cousin on Facebook.

It was so obviously malicious. Never mind the spelling issues. That is a trick typically used to get by email filters. My first reaction was to log in to Facebook and verify that it was indeed the source. I was reminded of an article I read about a similar fake LinkedIN email attack. In this case, the message was right there with a slight difference. The link now was more obvious.

One of those shortened bit.ly links that could lead you anyway. Without clicking the link, I clicked “reply” asking ” Did you send this?” . I already knew the answer but hey!  I immediately got the following response from one of the sender’s friends.

The plot thickens…

I sent the cousin a message advising a change of Facebook credentials. The message was apparently sent to many other users.  I’ve read and blogged about compromised Facebook account being used to spread malware and/or lure users to malicious sites but this is my first such experience. I’m not the average Facebook user though, since I only use it to cross-post blog updates.  I didn’t have to time to investigate what’s on the other side of that bit.ly link but just thought I’d share the experience.

Beware fellow Facebook users!

I recently overheard a comment by a co-worker ( shoutout Ben A.) that we read and listen to news reports and assumed the report knows what they are  talking about until they turn to a topic we are familiar with in some depth and realize that report spouting off to potentially millions of people don’t have a clue what they are talking about.  How true!

I ran into this article today  titled ” Botnet exploits Linux users’ ignorance“. The writer makes the point that ” a lack of knowledge and awareness about how to use Linux mail servers could be contributing to the disproportionately large number of Linux machines being exploited to send spam”.

I wholeheartedly agree with this. Companies see open source technologies as a means of saving money but do not have staff adequately trained to secure these systems.

The second point I noticed was that the report from Symantec’s Hosted Services referenced in the article pointed out that ” Linux based machines are 5 times more likely to send out spam than Windows based computers”.

The writer quotes a Symantec Malware Analyst as saying:

“…..one reason there is so much spam from Linux could be that many companies that have implemented their own mail servers, and are using open-source software to keep costs down, have not realised that leaving port 25 open to the Internet also leaves them open to abuse.”

Alas, another day, another Facebook security alert.

As soon as you install this malware, it will tag every single one of your friends in a photo in batches of about 20. It then posts that photo to your wall.

This is what the photo looks like:

If a Friend looking through the photos then clicks on the app’s  link, they’ll see this:

If you have a lot of friends, you might end up with a series of albums like this:

Apart from the wall spamming, another obvious indication that this is a virus itself, is the url:

http://apps.facebook.com/kxetyegpgkxdwfy/

A valid application is not going to have a url with a bunch of jumbled letters at the end.

If you have been tagged in  the photo by one of your friends (remember, they did not really do this – the app did automatically), you can remove the tag.

1. Open your photos
2. Click the offending picture
3. Look for your name in the list of people tagged
4. Click the ‘Remove Tag’ link that appears beside your name

The photo will then automatically be removed from your photo list.

Source:

http://www.f-secure.com/weblog/archives/00001920.html

http://thefacebookinsider.com/2010/03/warning-facebook-antivirus-will-virally-spam-your-friends/

I”ve previously warned of fake security software or scareware. Here’s a second helping. Beware of the following:

XP Security Tool 2010 is a rogue virus protection program. It reports false scan results and fake security alerts to scare you into purchasing this rogue program. XPSecurityTool2010 claims that your computer is infected with worms, trojans, adware or other malware and that you should purchase XP Security Tool 2010 to remove the infections that actually don’t even exist. Most of the time, this fake program comes from fake or infected video sites or fake online scanners. But may be also promoted on such popular sites as Facebook or MySpace.

Vista Security Tool 2010 is a rogue anti-malware program that usually comes from fake online scanners and fake video websites. While running, this fake program will run a fake system scan and report numerous spyware infections to make you think that your computer is infected with various malware. Then it will ask you to pay for a full version of the program to remove the infections which as well already know don’t even exist.

Total Win 7 Security is a fake anti-spyware program that is promoted through the use of trojans and other malicious software. Most of the time, TotalWin7Security comes from fake online scanners, fake video websites or bundled with other malware. Once installed,Total Win 7 Security will imitate a system scan and display numerous infections that can’t be removed unless you first purchase the program.

For more information on how to rid your systems of these and others of their elk, check out http://www.2-spyware.com/

Email is a very common vector for attack nowadays. Security folks always scream ” Don’t download the attachment. Don’t download the attachment!” Here are some examples of a targeted email attack taken from a blog called  Contagio Malware Dump .

More at contagiodump.blogspot.com

If it sounds like a horror movie….well, that’s because is really is. Microsoft is reporting yet another Internet Explorer bug.

In the latest episode of this never-ending saga, there is an unpatched bug in VBScript that hackers can use to drop malware on 32-bit Windows XP machines running IE 7 and 8. I know what you are saying: ” But we told them to upgrade from the nine year old IE6! ”

According to Microsoft’s Senior Security Communications Manager Lead Jerry Bryant, an exploit “was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 [or help] key in response to a pop up dialog box.”

Is it time to change your browser? Maybe the EU has it right.

Microsoft is warning users that a Trojan is masquerading as the company’s popular free Microsoft Security Essentials package.

“One of the oldest tricks used by rogue antivirus products is to use a similar name as, or have a similar look and feel to, legitimate security software,” Microsoft said in a post on the MMPC’s Threat Research & Response Blog. “So it was inevitable that the day would arrive when a rogue would masquerade as something similar to Microsoft Security Essentials.”

The masquerading rogue security tool goes by the name Security Essentials 2010, which is very similar to the actual name of Microsoft’s suite, though the real suite does not have a date in its name.

Read full story: http://www.esecurityplanet.com/features/article.php/3867556/Trojan-Pretends-to-Be-Microsoft-Security-Suite.htm

As a follow up to my previous post on online banking security products, a UK company, Network Intercept,is now selling a product called Secure-Me, which could be distributed on a USB key and  fires up a “secure” web browser which encrypts all traffic traveling to and from a user’s device. The product also features malware scanning, file encryption capabilities, virtual keyboard, and keystroke interference software to thwart hardware and software key-loggers. It currently supports Windows XP, Vista, Windows 7 and Mac OS X operating systems and  Android, iPhone, Symbian and Windows Mobile platforms.

Social Network attacks are becoming more popular as daily we receive news of accounts being compromised or credentials stolen and sold. What do you do when you find yourself fallen victim to such as attack? NetworkWorld has some suggestions:

Acknowledge the attack to anyone who might have been adversely impacted; Be detailed: Tell them what message they might have received as a result of the malware/phishing and what might have happened as a result; Caution your contacts: Use this as an opportunity to remind everyone that just because they think a message comes from someone they know, there really is no way of telling for sure. If they ever do click a link that then leads to a login page or to a video codec install, they should close the page immediately and contact their friend via some other method to inquire (and possibly alert them) about the seemingly malicious link.

When Twitter accounts are phished, the 140 character limitation makes it a bit harder to convey the message. Using as few words as possible, try to include enough details about the message sent so folks can identify it, ended with a brief “I’m sorry”. Don’t ever include a link in that apology; after all, it was clicking on a link that got folks in trouble in the first place.

IronKey has come up with a USB drive that can be used to access accounts virtually without involving the operating system or applications that cause so many of today’s security problems. The drive runs a walled or ‘hardened’ Linux virtual environment inside the PC’s OS. It comes complete with its own browser hardwired to access only a particular bank service, and incorporates RSA Secure ID tokens for authentication.

This allows users  simply plug the drive into any PC, and without the need for any additional drivers or software, after which the host PC was given a precautionary scan for malware, including specialised banking Trojans such as Zeus. The virtualised environment run from the drive could resist browser based  attacks, session hijacking, and accessed the bank via a hosted service network run either by IronKey or from a dedicated server. This solution is currently mainly targeted for companies that want increased protection in access their accounts but it could very well be the future.