March 2012 - Posts
Intuit has a special security page alerting its users of potential scams circulating by email or malicious web links
Intuit - Product and Tax scam alerts for 2012
http://security.intuit.com/security-alerts.php
Facecrooks security warns of yet again scam actively circulating
Facebook Scam - Which Celebrity was born on the same Day as you
http://facecrooks.com/Scam-Watch/which-celebrity-was-born-on-the-same-day-as-you-facebook-scam.html
Scam Type: Rogue Application, Survey Scam
Trending: March 2012
Why it’s a Scam: Clicking the wall post link takes you to the following Facebook application installation screen. Clicking “Allow” will give the permissions shown above to the scammer. The application will be able to post to Facebook as you. This will allow them to spam their scam messages to all of your friends. Do you really want to let an unknown developer have this much access to your Facebook information? This particular application is called “Celebrity”, but scams like this are known to use multiple Facebook apps.
Safety Tip: Anytime you install a third party Facebook application, you give the application developer access to your personal data. Always be very selective on the apps you install, and only install them from well-known, trusted sources.
CNet is warning of a new Facebook scam that is circulating. I've personally had multiple invitations to participate, so this one is out there:
Facebook Scam - Apple IPhone-5 Testers wanted
http://news.cnet.com/8301-27080_3-20062055-245.html
QUOTE: Spammers lure victims on Facebook with what looks like link to news about next-generation iPhone. If you see this post on Facebook, don't click on it. Facebook users are being duped into unwittingly spreading spam by clicking on what looks like a link to news entitled "First Exposure: iPhone 5." A version of the scam, exploiting peoples' interest in the next-generation iPhone, went around Facebook earlier this month, and it's back today with minor changes.
The scam starts when you see someone in your social network comment on a link in a post that looks like it leads to a news story about the iPhone 5 at a Web address of "greatlakesnews.info." Clicking on the link takes you to a different Web page, which provides a captcha window where you're asked to verify a word, ostensibly to prove that you are not an automated bot.
Once you click to verify, a message is posted to your Facebook stream notifying all your friends that you commented on the item and providing them with the bogus iPhone 5 link, in a type of attack known as "clickjacking." Then you're asked to choose from a list of items that then lead to a survey which is really marketing, according to this M86 post.
Clickjacking can be a problem on any Web site, but social networks are particularly susceptible because people share so many links. Facebook's advice to not click on strange links even if they are from friends would cut out many of the legitimate links people share on Facebook. It's good idea to try to avoid getting news from sources that aren't known news sites. But a big red flag is the captcha window--legitimate sites don't typically make you prove you're human to read a news item.
Facecrooks security firm warns of a new scam circulating that invites Facebook users to select using a message of "What does your Birthday color say about you?"
Whats your Birthday Color!
http://facecrooks.com/Scam-Watch/whats-your-birthday-color-facebook-scam.html
QUOTE: Please note the following:
Scam Type: Rogue Application, Survey Scam
Trending: March 2012
Why it’s a Scam: Clicking the wall post link takes you to the following Facebook application installation screen: Clicking “Allow” will give the permissions shown above to the scammer. The application will be able to post to Facebook as you. This will allow them to spam their scam messages to all of your friends. Do you really want to let an unknown developer have this much access to your Facebook information? This particular application is called “Birthday Color”, but scams like this are known to use multiple Facebook apps.
Safety Tips: Anytime you install a third party Facebook application, you give the application developer access to your personal data. Always be very selective on the apps you install, and only install them from well-known, trusted sources.
The Facecrooks security site shares the following warning:
Receive 4 Free Six Flags Tickets (Limited Time Only)
http://facecrooks.com/Scam-Watch/receive-4-free-six-flags-tickets-limited-time-only-facebook-scam.html
QUOTE: Please see following warning:
Scam Type: Survey Scam
Trending: March 2012
Why it’s a Scam: Clicking the wall post link takes you to the following page designed to look like Facebook. After leaving a comment, the following survey scam loads. If you did make the mistake of sharing the scam link, then you are now spamming your friends with the very same message. Clean-up your newsfeed and profile to remove references to the scam. (click the “x” in the top right hand corner of the post).
SAFETY TIPS: Never complete surveys to unlock videos or other content on Facebook. Scammers use these tricks to either spread malware, obtain personal identification or earn commissions from marketing companies. Don’t pad their pocket and possibly open yourself up to harm! Some of the surveys require you to download files to your computer. Never do this! If you did so in error, then run a complete system scan with a good anti-virus software program. The I.Q. Quiz scam has been around for a while, and it typically requires you to enter your cell phone number to receive the results. The scammers then bill you for premium services. Keep an eye on your phone bill for bogus charges.
Below are recent tests of AV Test for Android AV products
AV-Test Rates Over 40 Android Antivirus Products
http://securitywatch.pcmag.com/security-software/294976-av-test-rates-over-40-android-antivirus-products
QUOTE: PCMag has long relied on test results from AV-Test.org and others to help identify the best PC antivirus products, especially dynamic whole-product tests. A report released today extends AV-Test's reach into the Android antivirus market, with over 40 products tested. The report opens with a review on the state of Android malware. The Android Market holds over 450,000 apps now, compared to fewer than 100,000 in July of 2012. The rate of new malware threats is rising, and the overall count of threats is rising steeply. Per AV-Test's chart there are nearly 12,000 distinct threats.
Trend Micro warns of this new scam:
Free iPad 3 Scams Steer Users to Bad Sites
http://blog.trendmicro.com/free-ipad-3-scam-steer-users-to-bad-sites/
QUOTE: Scammers have snatched up the opportunity to victimize people by leveraging the interest and anticipation over the upcoming release of iPad 3. Just days before its supposed launch, we have noted several posts on Facebook that claim to give away free iPad 3s to some “lucky” users. Unlike previous Facebook threats we’ve blogged recently, this one does not involve clickjacking. Some users may have intentionally post this link on their social media accounts like Facebook to increases their points as a referrer and increase their chances of “winning” these items.
The Facecrooks security group warns of a security scam currently circulating in the wild
Facebook Scam - Do you remember this photo?
http://facecrooks.com/Scam-Watch/hey-do-you-remember-this-photo-facebook-phishing-scam.html
QUOTE: The scam message will be accompanied by a bit.ly or other link of some kind. Clicking on any of them will take you a page designed to look like the Facebook login page. Users who let their guard down or who aren’t paying careful attention, may not notice they have been redirected to a scam site. Obviously, if you login on this screen, the scammers can gain total access to your account. Never enter you login information when a web page redirects you without first double checking to make sure you are on the legitimate site. A better option is to bookmark the authentic page(s), and access the site directly. This is a very common phishing scheme on Facebook. Always be suspicious of any links you receive via Facebook Chat, Facebook Message or your separate email account.
F-Secure reports that the DNSChanger Botnet shutdown on March 8, 2012 could cause a number of infected users to loose Internet services until their systems are repaired.
DNSChanger botnet - shutdown March 8, 2012
http://www.f-secure.com/weblog/archives/00002323.html
http://dcwg.org/docs/DNS_Changer_NANOG54.pdf
QUOTE: Back in November, the F.B.I. shutdown servers belonging to the DNSChanger botnet, operated by Rove Digital, which was based in Estonia. The Feds have been running substitute DNS servers since then, but their authority to do so expires on March 8, 2012. And that means tens of thousands of compromised machines may be cut off from Internet services on Thursday. Internet Service Providers in many countries have been working to reach affected customers for weeks, but there are still plenty that haven't yet heeded the call.
KEY TEST SITES to ensure DNS is working properly (last one is USA)
• dns-ok.de
• dns-ok.fi
• dns.ax
• dns-ok.us
Abobe has released their 5th security bulletin for 2012 as follows:
Adobe Flash Update #5 for 2012
http://isc.sans.org/diary/Adobe+Flash+Player+Security+Update/12712
http://www.adobe.com/support/security/bulletins/apsb12-05.html
QUOTE: Adobe today released bulletin with details regarding two new vulnerabilities in Adobe Flash Player. The vulnerabilities can lead to arbitrary code execution and affects all platforms (don't forget Android and Google Chrome patches!). There is no indication at this point that the vulnerability has been exploited yet. However, I believe this is an unannounced out-of cycle release.
F-Secure shares an informative report chockful of graphics that illustrate the need to follow best practices in smart phone safety.
http://www.f-secure.com/weblog/archives/00002321.html
QUOTE: You can download it here: Mobile Threat Report, Q4 2011 [PDF]
F-Secure shares an informative update related to pending US legislation to update the definition of cybercrime in our changing technological landscape.
Cybercrime - Proposed Updated Legal Definition
http://www.f-secure.com/weblog/archives/00002320.html
QUOTE:
PC Magazine notes a new Android malware which will spam pop-up ads extensively to mobile phones. Users should be careful of all links and app installs for mobile devices.
Free Android App Exposes All the Ad Networks On Your Device
http://securitywatch.pcmag.com/mobile-security/294907-free-android-app-exposes-all-the-ad-networks-on-your-device
QUOTE: Have you noticed more and more popup ads and spam texts on your mobile device lately? As consumers adopt smartphones and tablets in droves, mobile advertisers are adopting increasingly aggressive methods of ad delivery. Unfortunately for the consumer, rules of acceptable mobile ad practices have yet to be defined. In January we saw one particularly aggressive ad network used to monetized several free Android apps. Symantec initially identified this as malware called "Android.Counterclank," but hours later, Lookout Mobile Security said the SDK in question was really an aggressive ad network called "Apperhand" that placed a search icon on your mobile desktop without your permission, and pushed ads through the notice bar.
Secunia's PSI tool helps ensure systems are up-to-date on all security patches. At the RSA conference, beta version 3.0 was announced.
Secunia Personal Software Inspector 3.0 Beta
http://securitywatch.pcmag.com/security-software/294750-rsa-secunia-simplifies-free-security-update-manager
http://www.downloadcrew.com/article/27139-secunia_psi_3_beta
QUOTE: Secunia's Personal Software Inspector (PSI) identifies out-of-date applications and helps you get updates. At the 2012 RSA Conference Secunia announced the beta release of version 3.0, which radically simplifies the process. The purpose of the product is to keep users' systems safe by making sure all security patches are applied. Where version 2.0 could only automate installation if the vendor supplied an interaction free script, version 3.0 includes technology to "wrap" the installation process for any update.
More Posts
« Previous page