Get Smart about Business Spending
A new e-mail that is circulating looks like it comes from CNN and links to a fake CNN Web page offering "graphic" video related to the Israel-Hamas conflict but instead hosts a Trojan that steals sensitive data, RSA said on Thursday.
When someone clicks on the video link on the fake CNN site an error message pops up urging the visitor to download the latest version of Adobe Flash Player. Clicking on the download link installs an "SSL stealer" Trojan that captures financial and other sensitive information, RSA said in a blog.
The Trojan looks for encrypted communications between the computer and known financial institutions and when it sees data being sent it diverts it to a malicious third-party, said Sam Curry, vice president of product management and strategy at RSA.
The social-engineering attack is different in that the e-mail pretends to come from a media company and then tries to steal financial data, he said. "Normally when you get phished they send you an e-mail pretending to be from a bank or other financial institution," he said.
RSA discovered the attack early on Wednesday and has worked with others to get the fake site shut down. At a peak on Thursday as many as 80,000 of the phishing e-mails were being sent out, according to Curry.
This screen shot shows the error message that pops up on the fake CNN Web site. Instead of a legitimate download of Adobe Player a Trojan that steals sensitive data is installed.
(Credit: RSA)
Ho-ho-ho. This isn't an offer for a real coupon book from McDonald's. It's a new mass-mailing e-mail worm.
(Credit: Websense)On Tuesday security vendor WebSense issued an alert warning that holiday coupon e-mails from familiar companies may be malicious code in disguise, in this case a mass-mailing e-mail worm.
The warning cites one spoofed McDonald's e-mail that claims to present their latest discount menu, and asks the recipient to print out the attached coupon. A similar mailing pretending to be from Coca-Cola asks recipients to print out details about their new online game, and also offers recipients a chance to win Coca-Cola drinks for life. Websense says the attached zip file contains files named either coupon.exe or promotion.exe, both of which contain dropper files for remote access Trojan horses.
Previously, Websense issued an alert for a holiday-themed animated postcard.
This cute holiday card could install a worm on your PC, says McAfee.
(Credit: McAfee)On Wednesday, McAfee identified a third holiday-themed e-mail using the Hallmark brand. McAfee has named the malware used as W32/Xirtem@MM and says this particular worm carries a built-in SMTP engine that mass-mails copies of itself to e-mail addresses harvested from an infected machine.
In all cases the e-mail appears to be legitimate, using images taken from the McDonald's, Coca-Cola, and Hallmark sites.
To avoid compromise, antivirus experts recommend not opening e-mail attachments as well as keeping your desktop's antivirus protection up-to-date.
If you think there are a lot of phishing scams cramming your e-mail in-box now, just wait--fraudsters have more tricks up their sleeve.
That's the message from McAfee Security Journal, due out Monday. Most of the articles deal with ways in which scammers use social engineering --not hacking--to dupe people into downloading malicious software to their computers or giving out their personal information, passwords, and bank account details to malicious Web sites.
One of the more interesting articles is titled "Vulnerabilities in the Equities Markets."
McAfee Avert Labs' Anthony Bettini, author of "Vulnerabilities in the Equities Markets."
(Credit: McAfee)There have been headlines about people scamming the equities market by circulating false news in the hopes that stocks will move up or down (the false report that Apple's Steve Jobs had a heart attack being just the latest). What about investors losing or winning based on security news events?
It's already happening, writes Anthony Bettini, a senior manager at McAfee Avert Labs.
He notes that Microsoft's stock price tends to go down on "Patch Tuesday," the day it issues its monthly batch of security fixes, and when it issues an advance notification of the security bulletins for the month. Then on "Exploit Wednesday," which is the day after "Patch Tuesday," there is, on average, an uptick in the stock price.
"This is probably because institutional investors or market makers feel Microsoft was oversold the day before because of the bad news and that, in reality, Microsoft's value as an investment was only negligibly affected," he writes. "Note that this trend has been consistent during the past three years and continues today."
There's nothing really scary with that. But the notion that stock price fluctuations are occurring after vulnerability and patch announcements could give rise to more serious threats. "What would happen if a person built up a short position in a major software company and posted a handful of vulnerabilities with exploits to the Full Disclosure mailing list?" Bettini writes, before speculating on the legal consequences of such an action.
"It is possible people are already using zero-day threats for financial gain, not simply for embedding them within password-stealing Trojans but for taking short or options positions in equities and derivatives," he writes. "It's clear that spammers have figured out ways to profit from securities markets: we have received lots of penny-stock spam."
Ben Edelman, assistant professor at the Harvard Business School, writes about typosquatting in the McAfee Security Journal.
(Credit: McAfee)Another article in the McAfee Security Journal deals with the prevalence of spam and phishing attempts that piggyback on news events to grab the attention of people. For instance, malware writers exploited the broad interest in the Olympic Games to distribute e-mails that dropped malicious software on the recipient's computer that creates a back door for remote attacks, according to an article titled "A Prime Target for Social Engineering Malware."
There also has been a jump in the number of malicious programs posing as updates or software from security vendors, writes Elodie Grandjean, a virus researcher for McAfee Avert Labs in France. The programs lure people into downloading malicious software that instead of protecting the computer infects it with malware and interferes with legitimate security software actions. Such "scareware" has prompted Microsoft and the attorney general of Washington to file lawsuits.
Ben Edelman, assistant professor at the Harvard Business School, writes about the problem of incorrectly typing a Web address. "Typosquatting" is the practice of registering domains that are very close to popular Web site domains in order to get traffic from people who make a spelling error or typo in the URL address bar. The Web sites that appear when you make such a wrong turn on the Internet could have malware on them, but more likely are just making money off ads.
The most popular domain for typosquatting, spawning 742 offshoots, is "freecreditreport.com," followed by "cartoonnetwork.com," "youtube.com" and "craigslist."
However, lawsuits against typosquatters are making the practice less desirable, Edelson writes. Microsoft has received more than $2 million in typosquatting settlements, he says.
The report is on McAfee's Web site.
This screenshot shows code from the backdoor Trojan hidden in a PDF file related to the Olympics that was e-mailed to a pro-Tibet group. It allows an attacker to compromise the computer.
(Credit: McAfee Avert Labs)NEW YORK--Kevin Mitnick knows that the weakest link in any security system is the person holding the information.
As a young fugitive hacker, he went to jail for breaking into computer networks, mostly by using his cunning and persuasion than his tech skills. He was an early master of the science of social engineering--manipulating people into doing what you want, such as giving out passwords and other information that unlocks sensitive information on networks.
Kevin Mitnick takes the stage at the Last HOPE conference.
(Credit: Elinor Mills)Mitnick and a panel of other hackers discussed their social engineering pranks and gave live demonstrations at the Live HOPE (Hackers on Planet Earth) conference late on Saturday.
"Everything happened more than five years ago" and the statute of limitations has passed, he said. "I never said I didn't deserve to be punished, but it really went overboard putting me in solitary confinement" for eight months.
Mitnick, who was released in 2001 after serving five years in jail, announced that he has a contract to write his life story and showed a preview for a reality-based TV series in development in which he would test corporate networks by trying to break into them. As part of his plea agreement, he was banned from writing a tell-all until 2007. He also runs a security consulting firm and lectures.
Dubbed the "most dangerous hacker in the world," Mitnick was put in solitary confinement and prevented from using a phone after law enforcement officials convinced a judge that he had the ability to start a nuclear war by whistling into a pay phone, he said.
Mitnick didn't do any whistling on Saturday, but in his keynote following the panel he talked about how he listened in on FBI phone calls during the three years he evaded the FBI, left them doughnuts when he narrowly escaped raids and was chased down by a helicopter. He also demonstrated how to be able to see the phone numbers of callers on caller ID even when they have their number set to be blocked.
Below are some videos taken during the panel:
Mitnick and HOPE organizer Emmanuel Goldstein swap stories about using social engineering to get IDs and directories out of workers at telephone central offices.
Mitnick tells attendees at the Last HOPE conference about how he used social engineering on workers at a Hollywood telephone company central office in the middle of the night.
Goldstein does a live phone prank on a Starbucks employee offering aid for laid off employees from the fictional "Last HOPE Foundation" during a social-engineering panel at Last HOPE.
- prev
- 1
- next
