Ad: Manage updates with the Download App
December 23, 2009 4:00 AM PST

Net scams prey on unemployed, target social networks

by Elinor Mills

Jump to: Featured stories

The downturn in the economy in 2009 sent people looking for new ways of making money online. Notably, fraudsters tried a variety of tricks to separate people from their money, including preying on unemployed Web surfers with work-at-home and other offers too good to be true.

The year got off to a bumpy start, with news of what was believed to be the largest data breach in U.S. history. Heartland Payment Systems, which processes payroll and credit card payments for hundreds of thousands of businesses, reported that an unknown number of consumer credit and debit card numbers had been compromised. The company was sued over the breach, but the suit was later dismissed. Meanwhile, the alleged ringleader pleaded guilty in that case and another one.

In Europe, malware was discovered on ATMs that enabled criminals to steal account data and PINs, and even empty machines of cash. Researchers said there was evidence that ATMs in the United States had also been compromised.

Scammers also came up with innovative social-engineering tricks to lure Web surfers into downloading Trojan horses that steal bank information, or paying for software they don't need (and would likely never receive) with fake antivirus alerts.

Spammers appealed to the unemployed with vague job offers that turned unwitting citizens into mules for laundering money stolen online. Other scams gathered credit card numbers for work-at-home "kits" that resulted in unauthorized recurring charges on the consumer's card, including a number of misleading ads using the Google name.

Money seemed to be the motivation behind Conficker as well. The much-hyped worm dropped malware masquerading as antivirus software onto computers.

Fraudsters followed consumers onto social-networking sites like Facebook and Twitter. Facebook found itself shutting down rogue apps, and Twitter and Facebook repeatedly had to fend off spam, worms, or phishing attacks designed to drop malware on their machines, steal their log-in credentials, or direct them to dubious marketing sites.

Malware writers also discovered a new outlet for delivering their code to unsuspecting Web surfers--advertisements on legitimate Web sites, including The New York Times.

Meanwhile, security holes in Adobe Systems' Flash and Reader led to exploits targeting the popular programs. And security researchers at the Black Hat conference unveiled serious weaknesses in the way domains are verified on the Internet.

Mobile continued to be the new frontier for attacks, as cell phones became more like computers than phones. Apple's iPhone seemed to be a prime target. After security experts showed how they could attack an iPhone by sending an SMS text message, Apple hurried to fix the hole. Researchers also demonstrated a way to snoop on iPhone calls made via VoIP, or voice over Internet Protocol, connections.

And jailbroken iPhones, modified so they can run unauthorized apps, were targeted with several pranks late in the year. A hacker in the Netherlands broke into some jailbroken iPhones and sent text messages offering to tell the owners how to fix the phone, if they paid a fee.

Several worms hit jailbroken iPhones. One replaced the default wallpaper with a picture of British pop singer Rick Astley. A more serious worm could allow an attacker to steal sensitive data.

--By Elinor Mills

Featured coverage

Payment processor Heartland reports breach

Breach at payment processing company Heartland exposes millions of accounts and could make it the largest security breach ever.

(Posted in Security by Elinor Mills)

Conficker wakes up, updates via P2P, drops payload

The worm is updating itself on infected computers via peer-to-peer and is programmed to stop running on May 3, Trend Micro researchers say.

(Posted in Security by Elinor Mills)

Windows 7 security enhancements

As RSA 2009 kicks off, Microsoft begins education campaign about new security features of Windows 7.

(Posted in Security by Elinor Mills)

Deja vu: New scams hit Facebook and Twitter

Yet another scam on Facebook sends users to a Web site designed to steal their log-in information and download malware, while Twitter suffers its own phishing attack.

(Posted in Security by Elinor Mills)

ATM malware lets criminals steal data and cash

Hidden code on ATMs dating back two years has given criminals the ability to use special cards to steal account data and money from the cash dispensing machines.

(Posted in Security by Elinor Mills)

Two new Mac attacks surface

Trojans target Mac OS users, including one hidden in a porn site.

(Posted in Security by Elinor Mills)

Expert: China's Green Dam software is unsafe

Poor programming practices in Chinese-mandated Green Dam filtering software put users at risk of compromise, security expert says.

(Posted in Security by Elinor Mills)

Researchers: Attacks on U.S., Korea sites came from U.K.

A security firm in Vietnam says it has traced the origin of the denial-of-service attacks to the U.K., contrary to speculation that North Korea was the culprit.

(Posted in Security by Elinor Mills)

Report finds fake antivirus on the rise

PandaLabs says rogue antivirus software could be infecting as many as 35 million computers a month.

(Posted in InSecurity Complex by Elinor Mills)

Researchers attack my iPhone via SMS

Two security researchers prove to a reporter during Black Hat that they can indeed "Pwn" her iPhone by just sending a text message.

(Posted in InSecurity Complex by Elinor Mills)

Researchers exploit flaws in SSL, domain authentication system

Dan Kaminsky and Moxie Marlinspike explain how flaws in the way domain names are verified on the Internet could allow attackers to impersonate a site and steal information from unsuspecting Web surfers.

(Posted in InSecurity Complex by Elinor Mills)

Report: White House acting cyberspace chief resigns

Melissa Hathaway, who at one point was considered a leading candidate to fill the "cyberczar" post permanently, tells the Wall Street Journal she's resigning for personal reasons.

(Posted in Politics and Law by Michelle Meyers)

Twitter, Facebook attack targeted one user

Accounts of pro-Georgian blogger were targeted in denial-of-service attack that led to outage at Twitter and problems at Facebook, Blogger, and LiveJournal, Facebook CSO says.

(Posted in InSecurity Complex by Elinor Mills)

Three men indicted in largest U.S. data breach

Florida man accused of stealing credit card data from TJX is among those named in breach involving Heartland, 7-Eleven, Hannaford Brothers, and others.

(Posted in InSecurity Complex by Elinor Mills)

Microsoft reports attacks using IIS vulnerability

A flaw that could attack Microsoft's Web server software is now being used to attack machines, the software company reports.

(Posted in Deep Tech by Stephen Shankland)

Ads--the new malware delivery format

"Scareware" and other malicious content are sneaking onto high-profile Web sites via ad delivery systems that are not secure, experts say.

(Posted in InSecurity Complex by Elinor Mills)

Banking Trojan steals money from under your nose

Trojan hijacks your browser, calculates how much money it can steal from your bank account without detection, transfers the money and displays fake balance information to hide its activity.

(Posted in InSecurity Complex by Elinor Mills)

Adobe exploit puts backdoor on computers

New exploit targeting Adobe is Trojan horse hiding JavaScript that drops a backdoor onto the compromised computer, Trend Micro says.

(Posted in InSecurity Complex by Elinor Mills)

Phishing, worms spike this year, say Microsoft and McAfee

Top attacks on computers come from phishing and worms, separate reports from Microsoft and McAfee show.

(Posted in InSecurity Complex by Elinor Mills)

Another iPhone worm, but this one is serious

A new iPhone worm is impacting jailbroken iPhones and iPod Touch devices. The threat, unlike the previous one, is extremely serious.

(Posted in The Digital Home by Don Reisinger)


ie8 fix

More from 2009

Photos

Beautiful but scary cyberthreats

Romanian artist Alex Dragulescu uses code to create art from some of the world's most dangerous cyberthreats.
View gallery

Norton Internet Security 2010 beta

Built upon the Symantec's dramatic performance improvements are deeper integration with other tools and a new one for judging threats.
View gallery

Defcon badge inspires hacks

Likely the most sophisticated around, Defcon conference badges feature customized circuitry, interactive LEDs, and hidden features.
View gallery

ZoneAlarm Extreme Security 2010

Security 2010 is similar to, but has more features than, ZoneAlarm Internet Security 2010.
View gallery

Looking in on the Navy's Command Center of the Future

Spawar Systems Center Pacific is quietly working on a prototype for what could eventually be the Navy's next command centers.
View gallery

Microsoft Security Essentials

The now-free program retains the core features of OneCare but abandons the additional heft of a firewall, performance tuning, and backup and restore options.
View gallery

Security in Windows 7

See what security features are new and improved in Windows 7 in this slideshow.
View gallery

Random Hacks of Kindness

The Hacker Dojo in Mountain View, Calif., hosts a community working on emergency preparedness technologies, and so-dubbed hacking for humanity.
View gallery

Noisebridge hacker collective

At the Noisebridge hacker collective in San Francisco's Mission District doers, thinkers, and makers come together in DIY heaven.
View gallery

PC Tools Internet Security 2010

It includes some important improvements in terms of efficacy, but it's still got room to grow. See what's new.
View gallery

See more photos