Skip content and go to navigation bar

Archive for the ‘Syndicated’ Category

When Looking for News Stories About the Olympics, Stick with Mainstream News Sites

Wednesday, February 17th, 2010

Cybercriminals exploiting luger’s death, Winter Olympics

Cybercriminals have been capitalizing on the world’s interest in the Winter Olympics in Vancouver to spread malware, experts warned.

Attackers have been using Twitter and black hat search engine (SEO) optimization tactics to promote fake Olympics videos that are spreading malware.

Within hours after Friday’s death of Georgian luge athlete Nodar Kumaritashvili, searches for “Olympic luge crash video” were poisoned to yield a malicious link near the top of search results, Roger Thompson, chief research officer at anti-virus vendor AVG Technologies, told SCMagazineUS.com on Tuesday. Users who visited the site were told they needed to download a codec to watch the video. The codec was actually malware.
During the middle of last week, cybercrooks began poisoning general Winter Olympics search queries, but significantly ramped up their efforts following Kumaritashvili’s death, Thompson said.

By Tuesday, the SEO campaign appeared to be winding down, but some search queries related to the Olympics still yield malicious links, Thompson said. Some of the poisoned search queries have included: “Sports Illustrated Olympic preview,” “luger who died video,” “luge accident video” and “luge tragedy video.”

“These guys organize a campaign and they treat it like a business,” Thompson said.

Cybercriminals also used Twitter over the weekend to lure users to a fake Olympics video that was propagating malware. Within minutes after the opening ceremonies ended Friday evening, cybercriminals began posting tweets from an account called “gamesvancouver,” Michael Sutton, vice president of security research at web security vendor Zscaler, told SCMagazineUS.com on Tuesday.

The postings read: “2010 olympics vancouver opening ceremony video,” and included a shortened URL, Sutton said. Users who followed the link were diverted to a site that mimicked the official website for the 2010 Vancouver Olympics. To view the supposed video of the opening ceremonies, users were told to download a codec, which was actually a trojan.

The malicious site was taken down by Sunday evening, Sutton said.

“It looks like they set it up solely for this attack and ran it for about a 24-hour period,” Sutton said. “This was a very methodical attack, where they were planning to take advantage of the hype around the ceremonies.”

Users should be cautious over the next few weeks of similar cyberthreats exploiting the Winter Games, experts said.

“I think end-user diligence is absolutely critical here,” Sutton said. “All these attacks — they aren’t actually taking advantage of a vulnerability — they are social engineering attacks convincing you to download a trojan.”

When looking for news stories about the Olympics, stick with mainstream news sites, Thompson recommended. And as a rule of thumb, don’t ever download a codec to watch a video.

“The attackers follow current events pretty closely,” Sutton said. “As soon as a story emerges on the news wire, you can guarantee there will be social engineering attacks taking advantage of it.”

Poisoned search results generally include a jumble of keywords, whereas legitimate search results typically include a full, coherent sentence, Thompson said.

February 16, 2010

Source: http://www.scmagazineus.com/cybercriminals-exploiting-lugers-death-winter-olympics/article/163849/

Crooks try to romance users with Valentine’s Day spam

Tuesday, February 2nd, 2010
February 01, 2010

Eat your heart out, cupid. Valentine’s Day still is nearly two weeks away, but the lover’s holiday is already attracting the attention of the web’s criminal element.

Researchers at Trend Micro on Monday said they have spotted two spam campaigns — one promoting a fake gift card promotion, the other counterfeit watches — in the wild, Maria Alarcon, an anti-spam engineer, said Monday in a blog post. As Valentine’s Day nears, internet users should expect the scams to get more malevolent.

“Every special occasion and/or holiday is, in today’s threat-laden internet landscape, not just a time for people to celebrate but also a time for spammers to scam unwitting users with their devious scams,” Alarcon said, adding that in more malicious cases, the fraudulent emails show up containing links or attachments to viruses.

And if previous holidays and media events are any indication, users also should be on the lookout for poisoned search results, also known as black hat search engine optimization (SEO). Attackers use this tactic to get their malicious links near the top of search results so users are fooled into believing the results are legitimate.

Black hat SEO is the new spam, Mike Geide, senior security researcher at Zscaler, a web security firm, said in a blog post last week. The recent Haiti earthquake is a prime example of this, he said.

“It used to be that when you checked your email and/or email spam folder, there would be a slew of messages with links or attachments that would have titles related to the popular subjects of the time, and would be used to spread malware,” he said. “Now the game seems to be that you sip your morning coffee and browse the web — largely driven from search results from Google. However, many of these search results cannot be trusted.”

Google has said it uses manual and automated processes to remove malware from its search index.

Source: http://www.scmagazineus.com/crooks-try-to-romance-users-with-valentines-day-spam/article/162893/

Beware of Tax Refund Scams

Monday, February 1st, 2010
Monday, February 01, 2010

Tax season is upon us and the scam artists are once again looking for a way to dupe unsuspecting individuals to provide confidential information.  Beware of emails purporting to be from the IRS claiming you have a refund. The IRS does not initiate taxpayer communications through e-mail. If you receive an e-mail claiming to be from the IRS or directing you to an IRS site, you should take the following actions:

  • Do not reply.
  • Do not open any attachments. Attachments may contain malicious code that will infect your computer.
  • Do not click on any links. If you clicked on links in a suspicious e-mail or phishing Web site and entered confidential information, visit the IRS Identity Theft page.

For more information or to report receiving email purporting to be from the IRS, go to:  http://www.irs.gov/privacy/article/0,,id=179820,00.html?portlet=1

Source: http://www.msisac.org/daily-tips/

Online Holiday Shopping Tips

Monday, November 23rd, 2009

 The NCSA recommends that Americans employ a small handful of simple behaviors to ensure the online holiday shopping season is safe and successful:

  • Update Core Protections: Take a few minutes to update your core protections — anti-virus, anti-spyware, and firewall — before you get on the information superhighway. Also make certain they are set to automatically update against new threats.
  • Shop Secure Sites: Is there a closed padlock on the browser’s status bar? Does the Web site’s address (URL) change to shttp or https when you are asked to provide payment information? If so, you know the vendor has secured their payment process.
  • Check Sellers Out: Conduct independent research on a seller’s reputation before you buy from a seller you have never done business with.
  • Passwords Are Key: Create long unique passwords incorporating symbols and numbers to increase your security against hackers and others trying to access online accounts.
  • Always Ask WWW: When providing personal information for any purchase, always ensure that you know who is asking for the information, what information they are asking for and why the need it.
  • Not All Money is Created Equal: Credit cards are generally the safest option because shoppers can seek a credit from the issuer of the card if the item isn’t delivered or not what was ordered.

 Excerpt from article:

Americans’ Online Shopping Decisions Affected by Security Concerns, Poll Finds

National Cyber Security Alliance Finds that Security Questions Cause Online Retailers to Lose Sales

WASHINGTON, Nov. 17 /PRNewswire/

Source: http://staysafeonline.mediaroom.com/index.php?s=43&item=54

Staying Safe at Social Media Web Sites

Wednesday, November 18th, 2009
HomeStay Safe Online Blogstaysafeonline’s blog

Staying Safe at Social Media Web Sites

Submitted by staysafeonline on Thu, 10/29/2009 – 5:15pm.

By Brittany Jedrzejewski, JustAskGemalto.com

According to recent data from comScore, the average social media user spends at least four hours a week in social media sites.  Sound like anyone you know?  If anything, that number might even sound low, given the popularity of social media sites today.  Social media offers people a chance to express themselves, meet new people and share their lives with friends…which also means many social media users are willingly exposing private information on public websites.

Do you know how to stay safe and protect your privacy on social networking sites?

Most social media users have at least one personal story or know of a friend who was humorously “burned” by a photograph or comment that circulated to people or places it wasn’t intended.  However, these situations don’t always end humorously.  The speed and visibility of social media makes for a fun experience and great entertainment, but it also creates an opportunity to embarrass yourself or others, jeopardize your employment or, worse still, compromise your safety or your identity.

In the spirit of this year’s NCSA theme Our Shared Responsibility, it is ultimately up to you to manage your digital identity on social media sites.  As part of the educational effort for National Cyber Security Awareness Month, the team at www.JustAskGemalto.com, has put together a list of guidelines for managing your digital identity on social media sites.

  1. Review and use privacy settings.  Decide how visible you want your contact and profile information, photos, videos and postings to be, and then take the time to learn how to set the right level of control.
  2. Decide how searchable you want to be.  It’s best to make it a conscious choice and set up your profile the way you want, rather than leave it to the default settings.
  3. Configure your tweet settings.  You can restrict tweet delivery to those in your circle of friends or, by default, allow open access.
  4. Keep all tagged photos private.  If you’d like to make tagged (named) photos visible to certain users you can choose to add them in the box under the “Some Friends” option.
  5. Don’t share information that can help people steal your identity or locate you.  Exercise good judgment when posting and sharing personal information.
  6. Check into your ability to opt-out with advertisers and third parties.

If you’re a Facebook fan, or part of the Twitterverse, consider yourself LinkedIn, or in any way part of the social media phenomenon, take the time to read the full article Managing Your Digital Identity on Social Media Sites.  Part of Our Shared Responsibility is to learn how to stay safe and protect our personal privacy, while still having fun sharing with our friends and networking communities.

JustAskGemalto.com is a site dedicated to providing the latest news and tips to keep your personal information safe while enjoying the technology you use every day.

source: http://www.staysafeonline.org/blog/staying-safe-social-media-web-sites

Two New Fraudulent E-mails Pose as Facebook and Federal Deposit Insurance Corporation

Thursday, October 29th, 2009

Two New Fraudulent E-mails Pose as Facebook and Federal Deposit Insurance Corporation

By Matthew Harwood
10/28/2009Two new fraudulent e-mails are trying  to lure unsuspecting victims into installing malware on their computers, says a leading Web and e-mail security provider.

Analysts at M86 Security Labs yesterday publicized two e-mails pumped out by the Pushdo botnet that pose as Facebook and the Federal Deposit Insurance Corporation (FDIC). Each e-mail uses a different trick to download malware onto the target’s computer.

The Facebook e-mail carries a subject line advertising a password reset confirmation. When the e-mail is opened, the message reads that Facebook has changed the user’s password and that her new password is in the attached document.

Continue reading at source: http://www.securitymanagement.com/news/two-new-fraudulent-e-mails-pose-facebook-and-federal-deposit-insurance-corporation-006378

Computer Services Information Security 2009-10-23 11:51:22

Friday, October 23rd, 2009

 

October is National Cyber Security Awareness month!

National Cyber Security Awareness month is now in its 6th year as a coordinated effort of the National Cyber Security Alliance http://www.staysafeonline.info/, The Department of Homeland Security (DHS) http://www.dhs.gov/files/programs/gc_1158611596104.shtm, and The Multi-State Information Sharing and Analysis Center (MSISAC) http://www.msisac.org/.

On October 1, 2009, President Barack Obama signed a proclamation naming October as National Cyber Security Awareness Month: http://www.whitehouse.gov/the_press_office/Presidential-Proclamation-National-Cybersecurity-Awareness-Month/ . President Obama’s proclamation outlines very well the overall cyber security landscape and why each of us has a responsibility to educate ourselves. As our society becomes more integrated with and dependent on technology, it is critical that we all understand our part. The theme for this year is “Our Shared Responsibility”. That means that each of us has a part in keeping our computers, networks and ourselves safe online at home, at work and when we are mobile.

We encourage you to click on the links provided and take a look at the many resources out there – on topics ranging from social engineering and dumpster-diving to social networking and smartphone security – all designed to help understand what steps each of us can take to navigate safely in cyberspace!

On Wednesday October 28th, the Information Security team will have a table setup on the 2nd floor of the PSU with hand-outs and bookmarks that have helpful information on safe computing. Stop by and see us!

Other helpful links:

Federal Government: http://www.onguardonline.gov/

Microsoft: http://www.microsoft.com/protect/

Missouri Cyber Security: http://cybersecurity.mo.gov/