[Microsoft: Windows 8 won't require a new PC]

Microsoft: Windows 8 won't require a new PC

But not all the new capabilities in Windows 8 will be available on existing hardware

The new OS is designed to be touch-enabled, so people without touch screens obviously won't get all the benefits of the new OS. It will also work with a wider variety of sensors for detecting things like motion and proximity, and those sensors will not be present in existing PCs.

But Angiulo said the new interface, which has large colored icons and resembles Windows Phone 7, can still be navigated smoothly using a mouse and a keyboard. The page up and page down buttons can move through the application tiles on the screen, a mouse click will open applications, and the Windows shortcut key on a keyboard will take users back to the desktop.

To prove the point he showed Windows 8 running on a handful of existing PCs, including a Samsung Series 9 laptop and an L Series Sony Vaio.

story & video .. http://www.pcadvisor.co.uk/news/desktop-pc/3283653/microsoft-windows-8-wont-require-a-new-pc/?cmpid=HTML-DN020611&olo=daily%20news

[Webmail buggers attack Yahoo!, Hotmail users]

Webmail buggers attack Yahoo!, Hotmail users

Gmail phishing assaults spread to MS and Yahoo! Users

The high-profile phishing campaign targeting the private Gmail accounts of government officials and political activists is part of a wider pattern of attacks also targeting Hotmail and Yahoo! Mail, according to net security firm Trend Micro.

Trend said that whether or not the attacks were related, they were all aimed towards bugging webmail accounts. Some of the current wave of assaults against webmail accounts also use techniques designed to find out what sort of security software victims are running as a prelude to deeper running assaults.

The initial phase of many of these attacks (include the Gmail assault) is a targeted email redirecting users to a fake site designed to con users into handing over their login credentials. Once accounts have been compromised, the attacker surreptitiously changes webmail settings in order to send emails to a drop account under their control

Read more here: http://www.theregist...webmail_attack/

[Hackers Steal Customer Data from Acer's European Webs...]

Hackers Steal Customer Data from Acer's European Webs...

A hacker group called Pakistan Cyber Army (PCA) claims to have broken into the European website of hardware manufacturer Acer and stolen the personal information of 40,000 customers.The Hacker News reports that in addition to customer information, PCA also stole proprietary source code and had complete access to the site's FTP account.According to screenshots released by PCA, the compromised customer information includes full names, email addresses, full home addresses (with postal code, city and country) and phone numbers.The data is organized by country in individual Excel spreadsheets. Judging by the names of the files listed in as...

[read more >>] http://news.softpedi...te-204261.shtml

[Mac Defender mutates past security update]

Mac Defender mutates past security update

The security update published on Wednesday for Mac OS X 10.6.7 contains a quarantine function for the OSX.MacDefender.A malware. A new mutated version that is not detected by the original security update appeared just a few hours later; Apple reacted by adding the new OSX.MacDefender.C to its signatures.

The whack-a-mole game between malware authors and security programmers is heating up. The daily signature updates that Apple has announced are therefore all the more important.

Mac security specialist Intego has discovered a flaw in the security update that The H's associates at heise Security were able to reproduce. Changes made on the "security" tab under System Preferences – where the new option "Automatically update safe downloads list" is located – are not saved if the tab is left open for more than 30 seconds. Users are advised to double check that the new option is actually set.

Story & screenshots: http://www.h-online.com/security/news/item/Mac-Defender-mutates-past-security-update-1254574.html

[New Scareware Campaign Uses Fake Firefox Security Alerts]

New Scareware Campaign Uses Fake Firefox Security Alerts

Security researchers from Sophos warn of a new scareware campaign that directs Firefox users to rogue pages mimicking the security alerts normally issued by the browser.<br style=""> <br style="">

When a rogue page is opened in Firefox, the browser displays a security alert informing the user about the request being blocked and providing them with several options.

According to the Sophos researchers, the people behind this recent scareware distribution campaign have cloned the page and modified it to appear as if a computer scan is also performed and infections are found. "Mozilla Firefox recommends you to install proper software to protect your computer," the phishing page says and presents users with a "Start Protection" button. Clicking the button will prompt people to download and install a rogue antivirus application whose purpose is to scare them into paying for a license to allegedly clean the fictitious infections. The scam is browser-aware and will direct Internet Explorer users to a different page mimicking a classic Windows Explorer window.

"If you are a Firefox user and see a warning about viruses on your computer, you will know it is fake. Firefox does not include a virus scanner inside of it and it will only warn you about visiting malicious pages," advises Chester Wisniewski, a senior security advisor at Sophos.

Using fake Google Safe Browsing pages is not a new trick. The same technique has been used in a series of campaigns last year, with different pages mimicking alerts displayed by each browser. Scareware pushers have also targeted Firefox users through fake "what's new" pages that are usually displayed after the browser is updated to a new version.

http://news.softpedia.com/news/New-Scareware-Campaign-Uses-Fake-Firefox-Security-Alerts-203305.shtml

[Mac Scareware Pushers Begin Targeting Facebook Users]

Mac Scareware Pushers Begin Targeting Facebook Users

Scareware pushers have started using Facebook to spam out links that lead users to pages distributing fake Mac OS X antivirus software.

The scammers hope to exploit people's interest into the recent news that IMF chief Dominique Strauss-Kahn faces rape charges in New York.

Rogue messages posted from compromised accounts claim to distribute a link to a video showing Mr. Strauss-Kahn sexually assaulting a hotel maid.

"[...] When I visited the page on my Apple Mac I was rapidly redirected to a 'Mac Defender'-style fake anti-virus attack, written specifically with the intention of infecting my computer," warns Graham Cluley, senior technology consultant at Sophos.

The company's free antivirus product for Mac detects and blocks the threat as OSX/FakeAVZp-C using heuristic signatures. Similar spam messages are being used by scammers to lure Facebook users every single day and past experiences tell us that they are quite successful. Mac users have recently been hit hard by scareware attacks which caught them off-guard due to years of indoctrination that Macs are virus-free.

http://news.softpedia.com/news/Mac-Scareware-Pushers-Begin-Targeting-Facebook-Users-203488.shtml

[Skype installs third party software against users' wishes]

30 May 2011, 18:04

Skype installs third party software against users' wishes

Over the weekend, a Skype partner firm used the VoIP software's auto-update function to install a program on users' systems – even against users' express wishes. EasyBits has been responsible for online gaming on the Skype platform since 2006. Now, the company's stand-alone "EasyBits Go" games centre has been installed on Skype for Windows users' computers via a games update.

Users were given the option to abort the installation – but the program was installed regardless. The unwanted program created a separate program folder and proved difficult to uninstall. Although it appeared in the list of installed programs and could be uninstalled from there, the program folders and their contents as well as the Skype plug-in remained in place.

http://www.h-online....es-1252543.html

[Microsoft Suggests Using Private Browsing Mode Until IE Cookiejacking Patch]

Microsoft Suggests Using Private Browsing Mode Until IE Cookiejacking Patch

Microsoft is planning to patch a recently disclosed IE vulnerability that facilitates session hijacking attacks and suggests using the browser's private mode feature until then.

The new type of attack, dubbed cookiejacking, was demonstrated at the recent Hack in the Box 2011 conference in Amsterdam by Italian security researcher Rosario Valotta.

It leverages a bug in all versions of Internet Explorer that allows the contents of session cookie files to be loaded in iframes if the attackers know their full paths.

Clickjacking and social engineering techniques are then used to trick users into dragging the contents of the rogue iframes to containers on the same page controlled by the attackers. For the demo, Mr. Valotta used a basketball game where the user was asked to drag a ball through a hoop. The ball was hiding the contents of the targeted session cookie.

http://news.softpedia.com/news/Microsoft-Suggests-Using-Private-Browsing-Mode-Until-IE-Cookiejacking-Patch-203090.shtml

[Free Microsoft Standalone System Sweeper Beta for Widows 7 SP1]

Free Microsoft Standalone System Sweeper Beta for Widows 7 SP1

A free security solution from Microsoft is designed to deal with the most severe infections that leave computers virtually unusable, save for a clean install of Windows after a hard drive formatting.

Windows customers might already be familiar with such technologies as the Microsoft Safety Scanner or Microsoft Security Essentials 2.0.

Malicious code and malware attacks have evolved considerably from those of the past century. At the core of this evolution is the cybercriminals' focus on making money rather than rendering PC useless.

While viruses are a dying bread, rootkits, spam bots, Trojans, scareware, etc. are thriving. However, there are scenarios in which malware infections are so severe that users are left with dead machines.

This is where the Standalone System Sweeper Beta comes in. The security solution can be used to put together a bootable CD, DVD or USB – a clean computer needs to be used for this.

http://news.softpedi...P1-203177.shtml

[Free Xbox 360 4GB with Windows 7 PCs Now Through More Retailers]

</h3>

<h3>Free Xbox 360 4GB with Windows 7 PCs Now Through More Retailers

Microsoft has expanded the list of retailers which offer customers the chance to access a great deal when purchasing a new Windows 7 PC, by also getting a free Xbox 360.

The “Buy a PC, Get an Xbox” offer is now also available to users purchasing new Windows 7 PCs via Amazon.com and HP.com, in addition to the retailers that were already on boars with the software giant since last week.

The Redmond company introduced its back-to-school special deals early this year, getting a jumpstart on the competition.

While the “Buy a PC, Get an Xbox” offer will be live for the coming months, students shopping for a new Windows 7 PC and willing to spend at least $699 on the machine, will also automatically get an Xbox 360 4GB console free of charge.

http://news.softpedia.com/news/Free-Xbox-360-4GB-with-Windows-7-PCs-Now-Through-More-Retailers-202942.shtml

[Student collects 15 million Gmail addresses]

</h1>

<h1>Student collects 15 million Gmail addresses

More than 7,100 sets of 5,000 links to Google profiles may be just what spammers are looking for. In his blog, a student from the University of Amsterdam reports that he gathered around 15 million Gmail addresses from Google user profiles within a month. Matthijs Koot analysed just under 35 million profile links from Google's profile site map, which is easily accessible on the company's servers. Koot says he used the same IP address for all of the 35 million queries, but Google didn't attempt to stop the mass download. A Google spokesperson told British IT news source The Register that the site map does not make any information available that is not already publicly accessible.

The site map contains URLs to more than 7,100 text files with 5,000 profile links each. Site maps help other Web services map a web site's structure – in this case, for the indexing of Google profiles. In a lot of cases, Koot was not only able to get the Google user's user name (from which the person's Gmail address can be derived), but also the person's real name, information about education, employment history, current employer, place of residence, links to Twitter and LinkedIn accounts, and the profile holder's Picasa photo albums. Spammers, for example, could use this data for personalised advertising attacks.

More plus screenshot: http://www.h-online.com/security/news/item/Student-collects-15-million-Gmail-addresses-1251356.html

[Contrary to Reports – Cookiejacking Presents a Major Risk]

May27

Contrary to Reports – Cookiejacking Presents a Major Risk

In a recent Reuters article, Italian security researcher Rosario Valotta described a new 0-day attack on Microsoft’s IE browser, that he’s named “Cookiejacking”. The main idea of Cookiejacking has actually been around for several years now – better known names for this technique are “side-jacking” or session hijacking; however what Rosario has discovered is a new delivery for this attack that is based on social engineering users to help the attacker exploit a bug in IE.

According to the report, the vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system and to exploit the flaw, the hacker must persuade the victim to drag and drop an object across the PC’s screen before the cookie can be hijacked.

The researcher cited an example where he used social engineering in the form of a puzzle, to entice users to “undress” a photo of an attractive woman. For those of you interested in reading the full details of the attack, you can find it here. http://sites.google.com/site/tentacoloviola/cookiejacking

Story here: http://blog.trendmicro.com/

[Cyber-crooks eye Apple Macs with fake anti-malware]

Cyber-crooks eye Apple Macs with fake anti-malware

NEW YORK | Tue May 17, 2011 1:39pm EDT

NEW YORK (Reuters) - The days when Mac users need not worry about their computers getting infected with malicious software may be coming to an end.

To date, hackers have focused on writing malicious software for machines running Microsoft Corp's Windows operating system, which inhabits more than nine of every 10 PCs.

But Macs grow in number, they are becoming more attractive targets.

"Only once a platform has a certain level of market share does it become profitable for malware to attack it," said Dino Dai Zovi, co-author of The Mac Hacker's Handbook. "As the Mac becomes more popular there will be more and more threats."

A spokesman for Apple declined comment.

Story: http://www.reuters.com/article/2011/05/17/us-apple-malware-idUSTRE74G60M20110517

[Majority of Android Devices Vulnerable to Session Hijacking Attacks]

May 17, 2011 6:45 PM PDT

How to protect your Android on public Wi-Fi

Android phones and tablets running version 2.3.3 and earlier suffer from a calendar and contact information vulnerability on public Wi-Fi networks, according to a new report. However, there are some concrete steps you can to protect yourself.

Here's how it works. The vulnerability is in the ClientLogin Protocol API, which streamlines how the Google app talks to Google's servers. Applications request access by sending an account name and password via secure connection, and the access is valid for up to two weeks. If the authentication is sent over unencrypted HTTP, an attacker could use network sniffing software to steal it over a legitimate public network, or spoof the network entirely using a commonly-named public network, such as "airport" or "library." While this won't work in Android 2.3.4 or above, including Honeycomb 3.0, that only covers 1 percent of in-use devices.

Of course, the safest solution is to avoid using public, unencrypted Wi-Fi networks by switching to mobile 3G and 4G networks whenever possible. That's not always an option, especially for Wi-Fi-only tablet owners or those on tight data plans.

... Read full post & comments - http://download.cnet.com/8301-2007_4-20063792-12.html

[Majority of Android Devices Vulnerable to Session Hijacking Attacks]

Majority of Android Devices Vulnerable to Session Hijacking Attacks

Security researchers have discovered a vulnerability in Google's ClientLogin authentication protocol which allows potential attackers to execute session hijacking attacks against Android users.

The security hole was identified by researchers from the Institute of Media Informatics of the University of Ulm in Germany and builds on the findings of Rice University professor Dan Wallach.

In February, Mr. Wallach discovered that many Android applications sent data in clear form, a problem on unsecured wireless networks where attackers can freely sniff out traffic. The Rice University professor concluded that "an eavesdropper can definitely see your calendar transactions and can likely impersonate you to Google Calendar."

"We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis. The short answer is: Yes, it is possible, and it is quite easy to do so," said Bastian Könings, Jens Nickels, and Florian Schaub from the German university.

"Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs," they added.<br style="">

<br style="mso-special-character:line-break">

Full story here: http://news.softpedia.com/news/Majority-of-Android-Devices-Vulnerable-to-Session-Hijacking-Attacks-200822.shtml

[Mozilla moves to aggressively end Firefox 3.5's life]

Mozilla moves to aggressively end Firefox 3.5's life

Mozilla has created a plan to aggressively end the life of Firefox 3.5 by using auto-update. According to Mozilla there are approximately 12 million people still using Firefox 3.5, despite numerous prompts through the default Firefox/Google search page, whatsnew and firstrun prompts and other broad hints to upgrade. Ideally, Mozilla would like to upgrade them to Firefox 4 or the forthcoming Firefox 5, but would be happy with them moving to the latest Firefox 3.6.

The current plan aims to see Firefox 3.5 out of widespread use by the end of June by offering Firefox 3.6.18 to both Firefox 3.6.17 and 3.5.19 users on 21 June, the same day as Firefox 5 is to be released. The update will appear as a minor update so any user with auto-update enabled will see the new version downloaded ready for installation when the browser is restarted. This will be the first time that Mozilla has auto-updated users between major versions of the Firefox browser.

More details: http://www.h-online.com/security/news/item/Mozilla-moves-to-aggressively-end-Firefox-3-5-s-life-1243869.html

[Backwards Unicode names hides malware and viruses]

Backwards Unicode names hides malware and viruses

Windows can handle right-to-left by default since Vista.

Source: Norman AV vendor Norman has discovered malware that camouflages its file name via special Unicode characters. For instance, they may show up as exe.importantdocument.doc in the email client or in Windows Explorer. However, an executable (EXE) file that will still be treated as such by the system, and launched when double-clicked, is hidden behind this file name.

Norman's virus analyst, Snorre Fagerland, says that this effect is caused by such Unicode characters as 0x202E (right-to-left override) and 0x202B (right-to-left embedding). When located in the right place, a file name such as cod.stnemucodtnatropmi.exe suddenly turns into some "important documents". The telltale "exe" at the beginning can be hidden further. For instance,

Read more here plus screenshots: http://www.h-online.com/security/news/item/Backwards-Unicode-names-hides-malware-and-viruses-1242114.html

[The H Week - Linux 2.6.39 approaches, Google I/O, WebGL insecurity, Flash 10.3 fixes holes]

The H Week - Linux 2.6.39 approaches, Google I/O, WebGL insecurity, Flash 10.3 fixes holes

Glyn Moody discussed what Microsoft's acquisition of Skype means for FOSS and The H published a new edition in the Coming in 2.6.39 Kernel log series. Google kicked off its I/O developer conference with Android, the German Foreign Office explained its elimination of open source and Ubuntu 8.04 LTS reached its end of life on desktops. Researchers published details of a security hole in WebGL, Sony delayed reopening PSN and Adobe released version 10.3 of Flash Player, closing several security vulnerabilities.

Read full details here: http://www.h-online....es-1242904.html

[Geek.com Infects Visitors with Malware]

</h3>

<h3>Geek.com Infects Visitors with Malware

Security researchers from cloud security provider Zscaler warn that technology website geek.com was compromised and many of its pages are executing drive-by download attacks against visitors.

Geek.com is one of the oldest technology news websites around, dating back to 1996, the dawn of the commercial World Wide Web.

Attackers have managed to inject rogue IFrames into different portions of the site, both within articles and the site's main pages like home, about us, etc. According to Umesh Wanve, a senior security research engineer at Zscaler, there are multiple infections and the iframes take visitors to different malicious websites.

One example is the rogue code injected into a May 13 article about Call of Duty: Modern Warfare 3 details being leaked, which redirects visitors to an exploit kit. These kits perform various checks to determine what versions of certain program users have installed on their computers and then serve exploits for vulnerabilities in those products.

The most commonly used applications like Java Runtime Environment, Flash Player, Adobe Reader or the browser itself are usually targeted.

Full details: http://news.softpedia.com/news/Geek-com-Infects-Visitors-with-Malware-200476.shtml

[Dangerous Linux Denial of Service Vulnerability Disclosed as 0-Day]

Dangerous Linux Denial of Service Vulnerability Disclosed as 0-Day

Greyhat hackers from Goatse Security have published the details of a dangerous denial of service (DoS) vulnerability affecting many Linux distributions.

The flaw can be exploited by tricking users into opening an overly-long, specially-crafted apt:// URL in a browser that supports the protocol.

"This bug is delightfully trivial to deploy. Just write a normal HTML page containing an iframe that takes a 10000 character apt:// URL as its source," the hackers write.

Because the Advanced Packaging Tool (APT) is a common Linux software manager application a large number of distributions are affected. These includes the popular Debian, Ubuntu, Fedora, Red Hat Enterprise Linux and SUSE Linux Enterprise Desktop, but also Alinex, BLAG Linux and GNU, CentOS, ClearOS, DeMuDi, Feather Linux, Foresight Linux, gnuLinEx. gNewSense, Kaella, Knoppix, Linspire, Linux Mint, Musix, GNU/Linux, Parsix, Scientific Linux and Ututo.

Successful exploitation of the vulnerability crashes the X session with an "Unexpected X error: BadAlloc (insufficient resources for operation) serial 1779 error_code 11 request_code 53 minor_code 0)" error.

Story: http://news.softpedia.com/news/Dangerous-Linux-Denial-of-Service-Vulnerability-Disclosed-as-0-Day-200668.shtml

[Apple Security Myths — and the Hard Truths]

Apple Security Myths — and the Hard Truths

As Apple's market shares increase, so do the chances of malware being written specifically for the company's devices.

Virgin territory

Apple software is actually ripe for attack. At the 2010 "Pwn2Own" hacking contest, held every March at the CanSecWest security conference in Vancouver, Apple's Mac OS X, the Safari Web browser and an iPhone 3GS were all exploited with surprising ease, falling quicker than their Windows-based competitors.

Five hard lessons

With that in mind, here are five Apple security myths — and the brutal truth behind each:

Myth: I don't need antivirus and spam protection because I work on a Mac.

Truth: The Mac OS X operating system is targeted less frequently by malware only because it's not as widespread as Windows. It's no more secure than any other operating system, said Sorin Mustaca, data security expert at Germany-based Avira.

As for phishing attacks, said Mustaca, "the biggest problem in this case is not the computer itself, but rather it's the user."

Myth: I can't be infected by any malicious software because I get my applications exclusively from the iTunes App Store.

Truth: "We've seen a couple of times already that the App Store is not such a secure fortress as one might have hoped," said Mustaca. "It is extremely difficult to check every single application that is inserted there."

Myth: Mac OS X is inherently more secure than Windows.

Truth: Apple's brand-new products are being hacked almost immediately upon arrival. For example, "jailbreaking" your iPhone is as easy as browsing to a specific website.

"For a while, it was easier to write exploits for Mac OS X systems than it was for Windows, but now they're relatively equal," said Core Security technical specialist Dan Crowley. "Bugs seem to be just as easy — if not easier — to find in Mac OS versus Windows."

Myth: Apple's Safari browser is more secure than Microsoft's Internet Explorer.

Truth: Safari had more than twice the number of reported vulnerabilities in 2009 (94) than did Internet Explorer (41), according to Symantec's Global Internet Security Threat Report.

Myth: iPad users are not susceptible to the same sorts of attacks that Windows users experience.

Truth: According to Anup Ghosh, founder and chief scientist of Fairfax, Va.-based Invincea, Apple released the iOS 3.2.2 software update for the iPad specifically to fix a critical vulnerability in the way it handled PDF files that could be manipulated by malicious hackers.

So what can you do to make your Apple device more secure? First of all, never open an e-mail attachment you're not expecting, even if it's from someone you know.

Always check the URL — the long string of characters that begins with "http" — in your browser address window when surfing the Web, even on an iPhone or iPod Touch. Be very careful about using free Wi-Fi hotspots in coffeeshops, libraries or airports — it's safer to just use your cellular carrier's data service.

There isn't any third-party security software for iOS devices as of yet, but a few Mac OS X applications are available, such as Sophos Anti-Virus for Mac Home Edition (free), BitDefender Antivirus 2011 for Mac (starting at $40 per year), Intego Virus Barrier X6 ($50 per year, two users) and various Norton products (starting at $50 per year.

Story: http://www.securityn...rd-truths-0592/

[Skype for Mac requires manual update to fix security vulnerability]

</h3>

<h3>Skype for Mac requires manual update to fix security vulnerability

Pure Hacking's Gordon Maddern, a tech security writer, has uncovered a zero-day vulnerability affecting Mac users of the popular chat platform Skype. He writes: "About a month ago I was chatting on Skype to a colleague about a payload for one of our clients. Completely by accident, my payload executed in my colleagues Skype client."

Further tests showed that the payload was only executing in Skype clients on Macs. Windows and Linux appeared to be safe. After using metasploit and meterpreter to produce a proof of concept, Maddern was able to gain a shell remotely using the Skype exploit.

Perhaps alarmingly, this information was brought to the attention of Skype's security team over a month ago, with the only response being a generic "Thank you, we'll get to that soon".

"The long and the short of it is that an attacker needs only to send a victim ...

Read full post & comments - http://download.cnet.com/download-blog/?categoryId=2002

Originally posted at MacFixIt

[Expert: Skype for Mac hole can be used in remote attack]

</h3>

<h3>Expert: Skype for Mac hole can be used in remote attack

A security researcher said today that he found a serious hole in the Mac version of Skype that could be used by an attacker to remotely take control of someone else's computer.

In response, Skype says it released a "hotfix"--a quick fix to hold users over until a full update is ready--for the issue in a minor update released in mid-April, but did not prompt users to update their software because there were no reports that the hole was being exploited in the wild and it was planning on issuing another update early next week.

Gordon Maddern, of Pure Hacking in Australia, says he discovered the vulnerability about a month ago. He was chatting on Skype to a colleague about a payload when the payload executed in the colleague's Skype client accidentally, Maddern writes in a blog post today.

He created a proof of concept that can ...

Read full post & comments - http://news.cnet.com/8301-27080_3-20060609-245.html

Originally posted at InSecurity Complex

[No Consumer Safe Haven from Cybercriminals, Not Even Social Networks]

</h3>

<h3>No Consumer Safe Haven from Cybercriminals, Not Even Social Networks

By Marius Oiaga

There’s no safe haven for consumers to shield them from cybercriminals, not even social networks. In fact, Microsoft reveals that with online attacks increasingly targeting consumers, it has recorded a significant rise in social networking phishing, adware and rogue security software.

The Redmond company just released the tenth volume of the Microsoft Security Intelligence Report (SIR), based on data harvested from in excess of 600 million computers worldwide used by customers in 117 countries.

Fake marketing campaigns and malicious product promotions are tools of the trade for average attackers, and Gullotto revealed some of their results:

“• Rogue Security Software – Rogue security software was detected and blocked on almost 19 million systems in 2010, and the top five families were responsible for approximately 13 million of these detections.

• Phishing – Phishing using social networking as the lure increased 1,200 percent – from a low of 8.3 percent of all phishing in January to a high of 84.5 percent in December 2010. Phishing that targeted online gaming sites reached a high of 16.7 percent of all phishing in June.

• Adware – Global detections of adware when surfing websites increased 70 percent from the second quarter to the fourth quarter of 2010. This increase was almost completely caused by the detection of a pair of new Adware families, JS/Pornpop and Win32/ClickPotato, which are the two most prevalent malware in many countries.”

Link to this article: http://news.softpedia.com/news/No-Consumer-Safe-Haven-from-Cybercriminals-Not-Even-Social-Networks-200121.shtml

[Facebook spam prevention scam spreading like wildfire]

Facebook spam prevention scam spreading like wildfire

Social media worm d'jour

By John Leyden •

The growing prevalence of junk messages on Facebook is been used to bait a new scam doing the rounds on the social network.

Prospective marks in receipt of the fraudulent messages are invited to "verify" their account in order to "prevent spam". Recipients who respond to the message by clicking on a link end up sharing it on their wall as well as spreading highly obfuscated JavaScript.

"With all the unexpected Sharing going on, this message has spread like wild-fire," warns net security firm Sophos. "Instead of preventing spam, this particular campaign has been generating it at astonishing rates."

More details here: http://www.theregister.co.uk/2011/05/12/facebook_spam_prevention_scam/

///////////////////