Chuck Norris Dies, but Only in Malicious Scam

Facebook members may be offered a link to a video that shows how Chuck Norris died, but instead of a video, they’re either served with a survey scam or a malicious browser component.

Graham Cluley provided a variant of the scam that urges users to click on a link that redirects them to a survey scam which offers tons of prizes in return for some clicks and personal information such as email address, name, postal code, telephone number and birth date.

“[video] Chuck Norris dies at age 71! Not a Joke.[LINK] See the video to find out how he died. News today of Chuck Norris death at age 71 has been met with confusion and humour, but sadly it is true,” reads the scam message.

Another variant we’ve found is much more dangerous than this. It leads the unsuspecting victim to a malicious website that tries to replicate a Facebook page.

A video window urges the user to install a “Youtube Player update” in order to view the video. Of course, as in many similar cases, instead of a genuine component update, the site pushes a browser extension called youtube.xpi.

Once it’s installed, the malicious element may give cybercriminals control over the victim’s browser and assets.

The phony website that hosts the scam is called appddd.info and it’s designed to dupe visitors into believing that a few thousand people Liked the page.

Users are advised to ignore fake news and check out their validity from trusted sources before rushing to click on suspicious links.

If by mistake you’ve already shared the scam with your friends, make sure to remove it from your wall. On the other hand, if you fell victim to the second variant and installed the malevolent browser extension, access the application’s settings menu and remove it before it can cause any damage.

Source:
News.Softpedia.com

Browser toolbars – at first a blessing, then a curse

You have surely seen these notifications during the installation of a program that ask you to install a toolbar. The first specimens of this species may have been useful and popular, but nowadays there is a real deluge of senseless and annoying toolbars that breaks down onto the Internet user community. The reason behind all this is very often economy-related. This article will lay out what toolbars are and why there are so many of them by now.

The word toolbar is derived from “tool” and thus supposed to help you. A toolbar is like a tool kit for your browser that is always at hand to provide easy access to general and frequently used functions. The basic idea behind it all is good, which is why there are so many very useful toolbars. For instance, there are millions of people who use Google’s Toolbar, which enables them to use the search engine without having to open their website in the first place.

For a few years now, there have been toolbars all over the place, though. If it is while setting up a new program, with a download or even while installing a driver – you are regularly asked to install one of these little toolbars. One very common specimen is the Ask Toolbar associated with the search engine Ask.com. Numerous software providers ask you to install it with their own products, among them are a lot of well-known names like the burning software Nero.

Why is that? – It is very simple. Ask offers to pay one or two dollars to the providers for every installation. Given the great number of downloads, this makes quite a lot of money and quite some cash on the side that only few company can resist. This expense pays off quite well for Ask.com, since as soon as you are using their search engine, display of ads makes their registers ring.

You may ask yourself if there is anything immoral or bad about this. Ask.com is at least within legal boundaries, as they do not oblige the users to install the toolbar. But as you can see from the picture, you have to deactivate three check boxes in order not to install the Ask Toolbar and not to change your browser’s homepage and default search engine. This is not exactly what one calls unintrusive. Most of us will not read carefully the license agreement and data protection policy, either. For, by installing the toolbar, i.e. regular software, you enable Ask to access your PC and thus to collect statistical data and create user profiles.

Even big software companies do not refrain from collecting user data.

And Ask.com is widely-spread, and not at all a rare case. Even the giant software company Microsoft’s search engine Bing got all eyes on it last year as the associated Bing Toolbar is suspected of stealing Google search results. From Internet Explorer 8 on, Bing has been recommended for installation, which gives access to everything that is going on in or around your browser. In a way, this enables Microsoft to track and log anything you type in for search or on any link you click. Microsoft denies this data theft of course.

If you have installed Internet Explorer, we are quite sure you also accepted this collection of data – by accepting to participate in the “Consumer Experience Program”, i.e. Microsoft’s program that aims at improving their usability. This check box is activated by default and sounds at first quite promising. On the other hand, you allow Microsoft to monitor all inputs and settings in your browser and save them for their purposes.

If even big software providers do not refrain from this kind of behavior, you may wonder what it is with all these small toolbars. The number of websites that offer their own toolbar has been increasing at the speed of light: no matter if it is online shops that promise you more simple purchases, different forums or supposedly useful applications like weather gadgets or phone books. The good news: the number of pure malware or adware toolbars has been decreasing by far. On the one hand, this may be due to the fact that there is no longer as much money in advertising as there used to be some years ago, and on the other hand, due to the fact that pop-up ads are not exactly unremarkable. If ever you see lots of pop-up windows opening the whole time, you may very well start to be skeptical and get your hands on a virus scanner.

This may be a little unethical, but it is a barely legal and therefore less visible way of making much more money. We are sure you are aware of the first possibility that consists in logging user data. No matter if it is justified with technical improvements, for selling statistical data or in order to offer you specific products. The range of possibilities is huge, and the implementation will very well pay off. Some may take it even further by not only logging your browser activities, but also logging your activities in social networks plus your login details.

MyWay Toolbar, generally classified as adware, even asks you to enter your Facebook and e-mail password – of course in order to make your life as a user easier, this goes without saying. MyWay may claim that the new version does not log any data, but one way or another, we recommend you not to use such toolbars and the integrated Facebook and e-mail functions in particular. For, even if there is no abuse intended, there may still be a security risk. Improperly written source code may be enough to open up your PC to hackers.

Source and full article:
Emsisoft.com

Experts Warn of Windows Security Phone Scams

After realizing that in many cases some social engineering can be far more efficient than a piece of malware that looks for zero-day vulnerabilities or unpatched weaknesses, cybercriminals began making phone calls to unsuspecting individuals, warning them of false threats and urging them to install specially crafted software that gives them access to a system.

David Jacoby, a Kaspersky Lab Expert, witnessed firsthand how these crooks operate and how they try to convince users into installing shady apps on their computers. This certain incident took place in Sweden which means that these fraudulent organizations expanded their activities to other countries besides the US and the UK.

Jacoby explains that he received a suspicious phone call from a man pretending to be a technician from the Windows Security Support Department.

“When I started to talk to him he asked me in English with a indian accent if I had a computer at home, and of course I said ‘yes’. Then he started to explain that my computer had been compromised and that my firewall was just protecting me against external threats and not internal threats,” he writes.

“At this time I knew that something strange was going on, and I started to ask more questions about the malware and trying to get more information about them, then at this point he immediately hung up the phone.”

While these scams are not exactly new, the crooks realized that there’s a potential gold mine that needs to be exploited and that’s probably why their activities were amplified and expanded to target other countries.

In certain situations, you may receive a call from someone that speaks the national language of your country, but you may also be called by someone who wants to talk to you in English. In the latter scenario, most likely you are being targeted by an international scheme.

Whichever the case may be, you are advised never to install software after being requested by someone over the phone, except for the situation where you reached out first to a legitimate company.

Source:
News.Softpedia.com

PayPal Email Address Modification Alerts Hide Phishing

PayPal, one of the most popular names utilized by phishers in their malicious campaigns, is once again used to send unsuspecting internauts an email that alerts them of an account email address modification.

“You have added [EMAIL ADDRESS] as a new email address for your Paypal account,” reads the message provided by Graham Cluley.

“If you did not authorize this change, check with family members and others who may have access to your account first. If you still feel that an unauthorized person has changed your email, submit the form attached to your email in order to keep your original email and restore your Paypal account.”

Once the form attached to the email is opened, the user is required to provide personal and account information that will later allow the hackers to take over the victim’s assets.

To make sure people understand exactly what they have to do, the crooks even recommend a number of browsers that can be used.

“NOTE: The form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9).”

Like all the cleverly crafted messages, this one comes with an apology, but also with a threat.

“Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience. If you choose to ignore our request, you leave us no choice but to temporary suspend your account.”

Remember that PayPal and other organizations that handle bank accounts or online transactions, never ask for such detailed information.

Also, beware of emails that come with attachments. PayPal legitimate alerts never come with attachments and they always point to the official website instead of something that only resembles the genuine page.

Since they realized that their services are highly targeted by hackers, PayPal even issued an advisory in which they precisely explain how users should identify phishing scams.

Source:
News.Softpedia.com

Starbucks Gift Card Spam Moves from Facebook to Twitter and Email

The Starbucks scheme is widely utilized by cybercrooks to direct unsuspecting internet users to the survey websites that earn them tons of affiliate cash, but now, instead of spreading only through Facebook, emails and tweets are being sent with the same fake advertisements.

In the hoax messages, internauts are promised free giftcards from Starbucks in return for a few clicks and some personal information. Unfortunately, the scheme seems to be working so well that the crooks decided to expand their operations; therefore, they started sending emails to random individuals, hoping that they’ll fall for the false promises.

“OMG, Starbucks Corporation is handing out new cards. Hurry fast, Don’t hold off a second. Here’s the link. There only 294 more!!!” reads an example provided by Trend Micro.

Once the link is clicked, the user is taken to the previously seen pages, but instead of urging the victims to share the ad on Facebook, they are also given the opportunity to share it with their Twitter friends.

To make it even more complex, the next step in the winning process replicates a Youtube page that promises even more prizes in the form of cool mobile apps.

The survey page itself promises an XRAY Scanner application in return for a simple mobile phone number, but what victims don’t know is that by handing over the information they can easily end up being part of a premium rate SMS sending scam.

Each SMS message sent to a phone number specified by the crooks could seamlessly inflate the user’s bill.

This is precisely why people are advised to purchase mobile applications only from trusted app markets that verify their applications before putting them up for sale. Mobile software offered through shady looking websites will most often bring with it a piece of malware that steals sensitive data and the phone numbers from the contact list.

Source:
News.Softpedia.com

FBI Threatens to Jail Users for Not Answering to Emails

Internet users might find in their inboxes a message that allegedly comes from the Anti-Terrorist and Monetary Crimes Division of the Federal Bureau of Investigation, threatening them with imprisonment if they didn’t pay a certain amount of money.

This turns out to be a scam in which someone invested a lot of effort, since the email makes numerous threats that are very likely to attract some attention.

Cyberwarzone provided a copy of such a fake email in which an FBI agent that considers himself a “good Christian and an honest man” is giving the recipients a last chance after they failed to answer to previous inquiries.

The victim is actually accused of plotting with a Nigerian man in what seems to be a classic 419 scam.

The weird thing is that the recipient is given two options. He either pays $99 (70 EUR) and receives a compensation fee of $10 million (700,000 EUR), or he is fired, arrested and have his bank account forcefully emptied.

“Note/ all the crimes agencies have been contacted on this regards and we shall trace and arrest you if you disregard this instructions,” the so-called agent warns.

The message threatens that even the FBI’s director knows of the situation and that he’s really set on arresting the user that got the email. Furthermore, they are prepared to contact the victim’s employer to make sure he remains jobless.

“We would also send a letter to the company/agency that you are working for so that they could get you fired until we are through with our investigations because a suspect is not suppose to be working for the government or any private organization,” reads the phony email.

This is one of the most outrageously funny fake notices I’ve ever seen, but with the large number of threats someone could actually believe the FBI is after them.

Users are advised to avoid such emails since state law enforcement officials have a lot of better things to do than to go around threatening people after which handing them over millions.

Source:
News.Softpedia.com

Worm Comes as Office Genuine Advantage Checker on IM

An executable file that usually comes through instant messaging applications, pretending to be an Office Genuine Advantage Checker, turns out to be a malicious worm that opens a backdoor to allow attackers to take over the controls of a machine.

Bitdefender researchers report that the file, programmed in Visual Basic, comes as an executable called office_genuine.exe and even though Microsoft retired its OGA program almost a year ago, the application that pretends to check the legitimacy of Office products is still circulating.

The piece of malware, identified as Win32.Worm.Coidung.B, doesn’t come by itself, instead it brings a guest in the form of a file infector detected as Win32.Virtob. It’s not yet certain if they were combined on purpose or if the latter got a piggyback ride by mistake.

As soon as it’s executed, the worm disables the operating system’s firewall and opens a gateway through which the mastermind behind the operation sends his malevolent commands. After gaining control of the system, the attacker can basically do anything from DoS to data theft.

By copying itself into several hidden locations, including the registries and the start-up folder, the virus makes sure that every time the computer starts, it gets to perform its evil mission.

Virtob on the other hand is no angel either. Even though it seems that he’s just in to observe what Coidung in doing, it’s actually very harmful, especially for web applications.

Virtual machines and emulators are avoided by the virus which feeds on ASP, HTM and PHP scripts while it waits further commands from its master.

Even though malware that presents itself as being a Windows Genuine Advantage Validation Notification tool or even a Windows Genuine tool is not new, they always come with new malicious elements attached and that’s why an up-to-date anti-virus database is always recommended.

Source:
News.Softpedia.com

ACH Bank Refusal Scam Comes with Trojan

ACH is once again the subject of a massive spam campaign that recently started landing in the inboxes of internet users.

MX Labs reports that they recently intercepted a lot of emails that warned internauts of certain banks that didn’t accept payroll payments or transfers.

“I regret to inform you that ACH payroll payment initiated by you or on your behalf was not accepted by Central Trust and Savings Bank,” reads a variant of the scam.

“ACH debit transfer created by you or on your behalf was hold by Yolo Community Bank,” others warn.

The financial institution’s name and the issues vary from one message to the other, the reputations of Eldorado Bank and the Mechanics Bank also being utilized in the hoax.

The one thing all the alerts have in common is a link that allegedly offers further details of the transaction.

Once the link is clicked, the web browser will try to access rogue websites where the victim is immediately asked to download and install Adobe Flash Player. Naturally, the application is served directly by the site, instead of the official Adobe download page.

The update flash.exe file unleashes a trojan that was detected only by 12 out of the 43 vendors present on Virus Total.

After infecting the device, the malicious element, identified by Microsoft as being PWS:Win32/Zbot.gen!AF will try to communicate with the 64.252.17.231 IP address on port 11760, probably to announce its master of its presence.

Users are advised to ignore such emails that warn of unsuccessful transactions or failed payments. Also, when faced with executable files that pretend to be update components for popular applications, internauts are recommended to immediately terminate the browsing session.

A good anti-virus solution will always help, since even if sometimes the threats found in these messages are new, security solution providers will in most cases quickly update their virus definitions.

Source:
News.Softpedia.com

‘Socialbots’ steal 250GB of user data in Facebook invasion

Programs designed to resemble humans infiltrated Facebook recently and made off with 250 gigabytes of personal information belonging to thousands of the social network’s users, researchers said in an academic paper released today.

The eight-week study was designed to evaluate how vulnerable online social networks are to large-scale infiltrations by programs designed to mimic real users, researchers from the University of British Columbia Vancouver said in the paper (PDF), titled “The Socialbot Network: When bots socialize for fame and money.”

The 102 “socialbots” researchers released onto the social network included a name and profile picture of a fictitious Facebook user and were capable of posting messages and sending friend requests. They then used these bots to send friend requests to 5,053 randomly selected Facebook users. Each account was limited to sending 25 requests per day to prevent triggering anti-fraud measures. During that initial two-week “bootstrapping” phase, 976 requests, or about 19 percent, were accepted.

During the next six weeks, the bots sent connection requests to 3,517 Facebook friends of users who accepted requests during the first phase. Of those, 2,079 users, or about 59 percent, accepted the second round of requests. The increase was due to what researchers called the “triadic closure principle,” which predicts that if two users had a mutual friend in common, they were three times more likely to become connected.

Researchers found that social networks were “highly vulnerable” to a large-scale infiltration, with an 80 percent infiltration rate.

Networks’ defense mechanisms, such as Facebook Immune System, are ineffective in identifying and eliminating fake profiles, researchers found. Only 20 percent of the socialbots were blocked by FIS, and that was only because users flagged the accounts as spam.

Researchers cautioned that the data available to the bots could be used for identity theft.

A Facebook representative initially declined to address the specifics of the report, saying that Facebook would use the research as part of its process of addressing new threats and that the network has defenses in place to prevent theft of user data.

Source:
News.Cnet.com

Adobe to fix Flash flaw that allows webcam spying

Adobe is working on a fix for a Flash Player vulnerability that can be exploited via clickjacking techniques to turn on people’s webcams or microphones without their knowledge.

The issue was discovered by a Stanford University computer science student named Feross Aboukhadijeh who based his proof-of-concept exploit on a similar one disclosed back in 2008 by an anonymous researcher.

Technically known as user interface (UI) redressing, clickjacking is a type of attack that combines legitimate Web programming features, like CSS opacity and positioning, with social engineering to trick users into initiating unwanted actions.

For example, clickjacking techniques have been used to trick Facebook users into liking rogue pages or posting spam on their walls by making Like and Share buttons transparent and superimposing them over legitimate-looking ones.

The 2008 webcam spying attack involved loading the Adobe Flash Player Settings Manager, which is actually a page hosted on Adobe’s website, in an invisible iframe and tricking users into enabling webcam and microphone access through it.

The lure used by the exploit was a JavaScript game that required users to click various innocent-looking buttons on the screen. Some of the clicks were part of the game, while others were redirected to the invisible iframe.

Adobe responded at the time by inserting code into the Flash Player Settings Manager page that prevents it from being iframed. However, Aboukhadijeh realized that the settings manager is actually an SWF (Shockwave Flash) file and that loading it directly into an iframe, instead of the entire page, would bypass Adobe’s frame-busting code.

Source:
NetworkWorld.com