Security & Privacy- Page 266

Hacker breaks into jailbroken iPhones, asks for $7

A hacker in the Netherlands broke into some jailbroken iPhones and sent text messages to the owners asking them to pay to find out how to secure their phones, according to postings in a Dutch forum called Tweakers.net.

One of the victims posted a screenshot from his iPhone of the SMS received. It said: "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files."

The URL provided now displays a message indicating that it was reported for spam or phishing abuse and has been deactivated.

Ars Technica reports that before the page was removed, it asked that victims send 5 euros ($7.36) to a PayPal account and then await an e-mail with instructions on how to secure the phone. The fix probably would involve restoring the factory settings, according to the Ars Technica post.

"If you don't pay, it's fine by me," the hacker's page said. "But remember, the way I got access to your iPhone can be used by thousands of others--they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It's just my advice to secure your phone."… Read more

Malwarebytes accuses rival of software theft

Malwarebytes is accusing China-based computer security firm IObit of intellectual property theft, but IObit denied the allegations and said there were problems with its malware submission site.

Malwarebytes claims IObit stole from its database of signatures of malicious applications that its software uses for detecting malware on customer computers.

Malwarebytes discovered that IObit's Security 360 free anti-malware software was flagging a specific key generator piece of code for Malwarebytes' Anti-Malware software and using the same naming scheme, which includes the phrase "Don't Steal Our Software," according to a blog post on the Malwarebytes.org site.

After … Read more

Security firm M86 acquires Finjan

The security industry consolidation continues.

Web and e-mail security provider M86 Security was set to announce on Tuesday the acquisition of Finjan.

Finjan brings to the table a secure Web gateway product and software-as-a-service solutions, M86 said in a statement. Under the merger, which is effective immediately, Finjan will maintain a development center and operations in Netanya, Israel.

U.S.-based Finjan SW will remain an independent company to retain its malware detection intellectual property, according to a statement.

M86 was created a year ago with the merger of Marshal and 8e6. In March 2009, the combined company acquired behavioral … Read more

Spammy scams surfacing on Twitter, Facebook

Twitter and Facebook users were getting hit with scams on Monday.

Twitter users warned about direct messages that said, "I make money online with google. i learned how here [link]," according to Twitter users.

A Twitter representative said it was not a phishing scam because the site to which the spam links does not ask for a username and password, or look like a Twitter page.

"We're on it and fixing accounts as fast as possible," she wrote in an e-mail. "You can keep posted on known issues as well by checking in on … Read more

New Trojan encrypts files but leaves no ransom note

Symantec is warning about a new Trojan horse that encrypts files on compromised computers but offers no ransom note like other software designed to hold data hostage for a fee.

Instead, a Web search for terms related to the Trojan horse leads to a company offering a way to remove the malware. The company offering the product used to charge for it but now offers it for free.

Trojan.Ramvicrype uses the RC4 algorithm to encrypt files on systems running Windows 98, 95, XP, Windows Me, Vista, NT, Windows Server 2003 and Windows 2000, according to Symantec's Web site. … Read more

Phishing, worms spike this year, say Microsoft and McAfee

Scammers are targeting social networks with phishing scams and relying more heavily on worms and Trojans to attack computers, according to security trend reports to be released Monday by Microsoft and McAfee.

Phishing attacks saw a big spike in May and June, primarily because of campaigns targeting social-networking sites, according to Microsoft's report covering the first half of 2009. Gaming sites, portals, and Web sites of banks and retailers were also popular targets for phishing attacks, the report said.

Trojans, including rogue security software, remained the most prevalent category of threats, while Microsoft statistics show that worms rose from … Read more

File sharing's mysteries again stump Uncle Sam

The accidental disclosure of a House ethics investigation has kicked up quite a fuss on Capitol Hill as it turns out that more than 30 congressman and aides are under investigation. But after committee chairman Zoe Lofgren (D-Calif.) disclosed the breach on the House floor late Thursday, her colleague, Rep. Jo Bonner (Ala.), who is the committee's ranking Republican, spoke next, telling fellow members that the breach was an isolated incident.

Not exactly.

In February, a company that monitors P2P networks said that it had found blueprints and avionics about the president's helicopter, Marine One, on a computer … Read more

Kaspersky tool detects malware in Twitter links

Kaspersky unveiled a new tool on Thursday called "Krab Krawler" that analyzes the millions of tweets posted on Twitter every day and blocks any malware associated with them.

The tool looks at every public post as it appears on Twitter, extracts any URLs in them and analyzes the Web page they lead to, expanding any URLS that have been shortened, Costin Raiu, a senior malware analyst at Kaspersky, said in an interview.

The company is scanning nearly 500,000 new unique URLs that appear in Twitter posts daily, he said. Of those, anywhere between 100 and 1,000 … Read more

Twitter users warned about new phishing attack

Twitter warned on Wednesday about a new phishing attack in which direct messages to users link to a fake log-in page that steals passwords.

"We've seen a few phishing attempts today; if you've received a strange (direct message), and it takes you to a Twitter log-in page, don't do it!" the Twitter spam warning says.

The direct messages say: "hi. this you on here? http://blogger.djh****.com," Sophos reports in a blog post. The full URL is obscured to prevent people from unwittingly visiting the phishing site.

Clicking on the link takes … Read more

Bank Trojan botnet targets Facebook users

On the heels of one fake Facebook e-mail scam, a researcher warned on Wednesday of another such campaign in which users of the popular social network are being tricked into revealing their passwords and downloading a Trojan that steals financial data.

In the latest scam being blasted to e-mail in-boxes, a legitimate-looking Facebook notice asks people to provide information to help the social network update its log-in system, said Fred Touchette, a senior security analyst at AppRiver. When the user clicks the "update" button in the e-mail, they are directed to a fake Facebook log-in screen where their … Read more