Wednesday, May 4, 2011

Bin Ladin's Death spurrs Bin Ladin Scams

A tip came in about this, I haven't seen this personally but be wary of links related to Bin Ladin's death:


A link which claims to point to a shocking video of the death of bin Laden is already spreading virally across Facebook just hours after his death was announced. The messages, posted as updates on Facebook users’ walls, claim to point to banned video footage of bin Laden’s death. But instead of a shocking video, users are presented with a survey which gives scammers money every time it is completed.


Paul Ducklin, Head of Technology in Sophos Asia Pacific, advises computer users to watch out for scams related to bin Laden’s death not just on Facebook but on other parts of the internet too.


couple tips to avoid scams:
  • Don’t blindly trust links you see online, whether in emails, on social networking sites, or from searches. If the URL and the subject matter don’t tie up in some obvious way, give it a miss.
  • If you go to a site expecting to see information on a specific topic but get redirected somewhere unexpected – to a “click here for a free security scan” page, for instance, or to a survey site, or to a “download this codec program to view the video” dialog – then get out of there at once.  Don’t click any further as it is a scam.

Tuesday, May 3, 2011

Browser Exploit: See what you'll look in the future!

A new browser exploit has surfaced, this one takes control of a users browser without them knowing. It sends messages to all of their friends and posts messages to their walls.

This exploit says " hahah mine is hilarious!!! check yours out :)
See what you'll look in the future!
 
aging-4.info
This cutting-edge technology will show you exactly how your face will look in the future!"


This scam spreads very virally as it tries to put out links that users would likely click as well as take over the inftected users chat and send messages to everyone in their friends list.

First things first, if you use Internet Explorer, stop using it, it's the least secure browser and things like this WILL happen to you again if you don't.

Set your Facebook account to use SSL(basically it's military grade encryption, this makes it super difficult for hackers to attack you). If you wish you may also set your account to send you an email when someone else logs into your account.
Unfortunately now it's time for the clean up. Start an anti-virus scan, and while it's scanning go on Facebook, look through all of your out-going posts(you can see these by clicking on your name(this takes you to your profile page)) delete all of the malicious posts, and bulk message ALL of your friends let them know this happened and tell them to ignore any links that your account sent to them. Otherwise your friends will all get infected too as the scam spreads.

Now that you've done that, change your Facebook password, it is possible that it was stolen.

Monday, May 2, 2011

Mac users hit with Anti-virus scam when using Google Image Search.

This article is a direct reposting of an article by Sophos. All images and content in this message are from them unedited, I claim no rights to their content, simply spreading the word.
A massive SEO poisoning attack has hit Google, targeting Windows and Mac users alike. From rather innocuous terms related to global warming, to hot topics like Osama bin Laden's death, users are being hit with fake anti-virus programs, this time delivering payloads to users of Apple's Mac OS X.
JavaScript Fake AV scannerStrangely when surfing to the compromised URLs you are first prompted with a JavaScript-based fake scanner that appears to show an infected Windows XP computer, even when surfing from a Mac.
When you click or close the fake scanner page you are prompted to download a .zip file onto your Mac with a filename like "BestMacAntivirus2011.mpkg.zip".
Some of the downloads are a package installer that installs the fake software; others simply a contain ready-to-run Mac application.
Fake AV for Mac installer/download
In a similar social engineering trick as we have seen in Windows fake scanners it pretends to be a legitimate Mac anti-virus program calledMacDefender.
The scanner doesn't actually touch the hard disk while "scanning", although on a Mac it can be hard to know without a hard disk light.
It pretends to find some very important things that may have been compromised, such as the Terminal application and the standard Unix utilitytest, also known to Unix shell programmers as [.
Mac fake scan results
Credit card at risk warningIt uses a lot of social engineering including redirecting your browser to rather offensive porn sites, although it does not appear they are doing this to make money, simply to imply that you are infected.
It also uses scare tactics like your credit card data being at risk. The reality is that your credit card is only at risk if you actually try to purchase the fake software.
Buy fake Mac AV