Bunch of Alerts on Computer Security Threats

Scam Alerts
October 1, 2009 3:36 pm

Wow, today is a busy day. So many news and threats to alert you about.

I decided to combine today’s stories on computer security to this one post so I don’t bombard you, RSS subscribers, with too many articles. Okay, let’s get started with the first news.

Internet More Dangerous than Ever, Report Say

Rogue Anti-Malware Programs 1st Half '09 According to Anti Phishing Working Group, the number of fake antivirus programs detected grew by 585% between January and June this year.

Some more numbers showing the proliferation of malware on the internet.

  • Number of banking trojans, designed to steal account information for financial sites, increased 186%.
  • Number of phishing websites reached 49,084, the second highest number recorded since the record of 55,643 in April 2007.
  • Number of hijacked brands hit an all-time high of 310 in March and remained at a high level through June.
  • Number of infected computers rose by more than 66% between Q4 of 2008 and the end of June 2009 to reach almost 12 million. That’s a whopping 54% of the computers scanned.

“The Internet has never been more dangerous,” said APWG Chairman David Jevans in a statement. “In the first half of 2009, phishing escalated to some of the highest levels we’ve ever seen. Of even greater concern is the skyrocketing sophistication and proliferation of malicious software designed to steal online passwords and user names. New malicious software such as the Zeus trojan, exhibit a level of sophistication that would make the best software programmers envious.”

Read the full report here.

AND…

Finjan Inc., a provider of secure web gateway products and web security solution for the enterprise market, unveiled new research from its Malicious Code Research Center (MCRC), which uncovered new techniques used by cybercriminals to rob online bank accounts.

Cybercriminals have been using the LuckySploit cybercrime toolkit to compromise legitimate websites to infect the computers of website visitors.

Based on screenshots the company obtained of one criminal gang’s LuckySploit control panel, the gang managed to attract 90,000 visitors in 22 days and to infect 6,400 of them – a 7.5% success rate.

The cybergang earned about €300,000 during this 22 day period and estimates that it could make $7.3 million annually at that rate.

See also: http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=220300558

Bing Fights Misleading Internet Scams with New Ads

bingMicrosoft Corp., in collaboration with the Federal Trade Commission (FTC), the U.S. Postal Inspection Service (USPIS) and Western Union, today launched a series of online public service announcements (PSAs) designed to help protect consumers from scams related to mortgage foreclosure rescue offers and promises of credit repair and advance fee fraud, also known as lottery scams. The search advertising-driven PSAs will appear on Bing.

First Microsoft sues malvertisers. Now, MS is using their new search engine to promote internet scam awareness. Whether Microsoft is doing this to simply enhance their public image is irrelevant to me. As long as big companies like Microsoft  are motivated to fight the internet bad guys by limitimg their avenues such as search engine ads, it’s all good.

We’ll see how big of a campaign this will be. It is only PSA after all. I’ll try to use Bing more often and see.

Also, in case you didn’t know, Microsoft released its Security Essentials available for free. The early impressions seem to be positive. I’ll try it out when I get a chance. I don’t know if it can co-exist with my trusty Avast. Don’t really want to uninstall it. Anyways, try it out and see if you like it. It’s supposed to be easy on the resources.

What’ next?

Samoa Earthquake Can Hurt You Wherever You Are

If you do a Google search on “Samoa earthquake”, you may see a result like this:

Samoa Earthquake Search Result

Don’t click on the red-boxed links. Those will lead you to a yet another scareware, and it will try to install a rogue anti-virus on your computer. Remember the two articles above. Yup, it’s one of those.

For more on this warning, visit F-Secure Weblog.

Also, there are a couple more alerts from F-Secure Weblog.

No Trial Mounts for You

First is to World of Warcraft players. It’s similar to the story you saw here on Scam Free Internet. Scammers advertise links in the chat window promising free trials for new mounts. Sorry, I don’t know what those are.

You visit the site and you’ll see a fake login page. Type your login information there, and you’ve just become the latest victim of a phishing scam.

XSS Worm on Reddit

I love Reddit. It’s been good to my website. I get no Digg love at all, but get a little bit of StumbleUpons.

An XSS worm has been spreading via comments.

What is XSS?

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users.

This screenshot tells the story:

Reddit XSS Worm

Webroot Warns of Rogue Anti-Virus Scamware

Yeah yeah, we know about rogue anti-viruses already. But here’s an interesting find.

Delving into the research reveals that over 50% of advanced users encountered a fake Windows Security Centre alert, versus 33% of novice users.

On top of this, 26% of advanced users encountered a fake security / anti-virus scan, compared to approximately 10% of less experienced users

And 23% of advanced users clicked on a fake alert and in some cases purchased rogue security products such as fake anti-virus; conversely, 10% of novice users did the same.

The report is based on 1200 respondents of all ages and IT skill levels, and concludes that IT-savvy users are actually more susceptible than internet newbies to the fake alerts and scam reports that these types of rogue anti-virus applications create.

I don’t know about this one. I didn’t read the original full report. But isn’t this because newbies don’t know what is and what isn’t a fake alert? How do you survey these people? Do you ask a newb who is infected with all kinds of malwares, “Have you ever seen a fake security message?” How is the newb supposed to know?

A Few More

While looking for stories, I cam across many warning for WoW players from phishing to worms to trojans, you name it. It’s rough world out there for you, WoW players. Or, is it “world IN there?”

And, came across a few more news articles on hackers stealing money from your bank account. Hacker have been trying to rob banks for a long time now, but they are getting more sophisticated. You need to be extra careful.

Phew, that’s all folks.

Read the article, 10 ways to keep your computer safe and be safe.

This article was written by KVNPark on Thursday, October 1, 2009 at 3:36 pm. You can follow any responses to this entry through the RSS feed. You can leave a response, or trackback from your own site. Tags:

No Comments

Leave a Reply