Internet Security

Washington state AG and Facebook target social media spammers

by certifiedbug on May 8, 2012

in Internet Security

Alleged “Likejackers” agree to root out Facebook spam

Adscend Media LLC also pays $100,000 in attorneys’ fees to state

SEATTLE – The owners of a California-based online marketing company have agreed to stop spamming Facebook users. The details were revealed today in a settlement – a consent decree – between Adscend Media LLC and the Washington State Attorney General’s Office.

“Today’s settlement puts a stop to Adscend’s ‘likejacking’ and other misleading tactics that led Facebook users to fork over personal information or buy subscription services from sites that appeared to be recommended by friends,” said Washington State Attorney General Rob McKenna.

In January, McKenna’s office and Facebook sued Jeremy Bash and Fehzan Ali, the owners of Adscend Media LLC for initiating posts to Facebook pages that appeared to offer visitors an opportunity to view scandalous or provocative content. However, before being able to view the content, a series of required steps lured Facebook users into eventually visiting commercial websites. Other tactics included “likejacking,” in which Facebook users were tricked into clicking the “like” button, inadvertently spreading the sales pitches to friends.

Adscend, hired to promote products, in turn does business with “affiliates” who create attention-getting marketing messages. Too often, according to the Attorney General’s Office, those messages amounted to social media spam.

http://www.atg.wa.gov/pressrelease.aspx?&id=29716

http://nakedsecurity.sophos.com/2012/05/08/facebook-clickjacking/

{ 0 comments }

Firefox ShowIP add-on privacy concerns

by certifiedbug on May 1, 2012

in Internet Security

Sophos

A popular Firefox add-on appears to have started leaking private information about every website that users visit to a third-party server, including sensitive data which could identify individuals or reduce their security.

Naked Security reader Rob Sanders alerted us to the activities of the recently updated ShowIP add-on for the Firefox browser.

Currently over 170,000 people are said to be using ShowIP.

What the add-on’s description doesn’t say is that since version 1.3 (released on April 19th 2012) it has also sent – unencrypted – the full URL of sites visited using HTTPS, and sites viewed in Private Browsing mode, to a site called ip2info.org.

The user never realises that the data has been shared with a third-party, unless they use special tools to monitor what data is being sent from their computer.

http://nakedsecurity.sophos.com/2012/05/01/privacy-concern-showip-firefox-add-on/

{ 0 comments }

Sabpab Mac OS X backdoor Trojan

by certifiedbug on April 13, 2012

in Internet Security

Graham Cluley
Sophos

“The Sabpab Trojan horse exploits the same drive-by Java vulnerability used to create the Flashback botnet.”
http://nakedsecurity.sophos.com/2012/04/13/sabpab-new-mac-os-x-backdoor-trojan-horse-discovered/

http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx

{ 0 comments }

Researchers Estimate 600,000 Macs infected by Flashback Trojan

by certifiedbug on April 10, 2012

in Internet Security

Apple

8 views…

http://support.apple.com/kb/HT5244

Forbes
4/06/2012

For anyone who doubted that Apple’s long grace period with cybercriminals is over, doubt no more: On Friday, researchers at Russian antivirus firm Kaspersky confirmed findings from another security firm earlier this week that more than 600,000 computers running Mac’s OSX are infected with the Flashback botnet, and half of those machines are in the United States.

http://www.forbes.com/sites/andygreenberg/2012/04/06/researchers-confirm-flashback-trojan-infects-600000-macs-being-used-for-clickfraud/

Krebs On Security

The current custodian of Java – Oracle Corp. – first issued an update to plug this flaw and others back on Feb. 17. I suppose Apple’s performance on this front has improved, but its lackadaisical (and often plain puzzling) response to patching dangerous security holes perpetuates the harmful myth that Mac users don’t need to be concerned about malware attacks.

http://krebsonsecurity.com/2012/04/urgent-fix-for-zero-day-mac-java-flaw/

Forbes
4/09/2012
http://www.forbes.com/sites/andygreenberg/2012/04/09/apple-snubs-firm-who-discovered-mac-botnet-tries-to-cut-off-its-server-monitoring-infections/

Kaspersky Lab

“The three month delay in sending a security update was a bad decision on Apple’s part,” said Kaspersky Lab’s Chief Security Expert, Alexander Gostev. “There are a few reasons for this. First, Apple doesn’t allow Oracle to patch Java for Mac. They do it themselves, usually several months later. This means the window of exposure for Mac users is much longer than PC users. This is especially bad news since Apple’s standard AV update is a rudimentary affair which only adds new signatures when a threat is deemed large enough. Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time! The problem is exacerbated because – up to now – Apple has enjoyed a mythical reputation for being ‘malware free’. Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security.”

http://www.kaspersky.com/about/news/virus?time=1333224000

{ 0 comments }

MasterCard and VISA Warn of Processor Breach

March 30, 2012

Krebs on Security VISA and MasterCard are alerting banks across the country about a recent major breach at a U.S.-based credit card processor. Sources in the financial sector are calling the breach “massive,” and say it may involve more than 10 million compromised card numbers. http://krebsonsecurity.com/2012/03/mastercard-visa-warn-of-processor-breach/

Read the full article →

Tech support phone scams

March 16, 2012

Microsoft Safety & Security Center Computer Security, Digital Privacy, and Online Safety Avoid tech support phone scams Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. Telephone tech support scams: What you need to know Cybercriminals often use publicly available phone [...]

Read the full article →

Technical Support

March 16, 2012

comantra.wordpress.com In a recent interview with the Cyber Law department, Comantra officials carried out a quick recovery channel strategy in how effectively Comantra scams can be delimited. Microsoft in the meantime has agreed to provide advanced far end support to its trusted partner by offering quality benchmarks to Comantra based online computer tech support. Comantra [...]

Read the full article →

Fake Product Support

March 15, 2012

KrebsOnSecurity Aghast at Avast’s iYogi Support The makers of Avast antivirus software are warning users about a new scam involving phone calls from people posing as customer service reps for the company and requesting remote access to user systems. Avast is still investigating the incidents, but a number of users are reporting that the incidents [...]

Read the full article →

“I was at a party yesterday” spam

March 13, 2012

Malicious spam continuing to do the rounds from a random name @ the same domain as your own. Delete without opening any attachments or links.

Read the full article →

Consumer Privacy Bill with Do Not Track

February 28, 2012

February 23rd, 2012 We Can’t Wait: Obama Administration Unveils Blueprint for a “Privacy Bill of Rights” to Protect Consumers Online Internet Advertising Networks Announces Commitment to “Do-Not-Track” Technology to Allow Consumers to Control Online Tracking WASHINGTON, DC – The Obama Administration today unveiled a “Consumer Privacy Bill of Rights” as part of a comprehensive blueprint [...]

Read the full article →

← Previous Entries