"SPAMfighter News" - 10 new articles
Users of Australian Recruitment Company Attacked With Resumes Containing TrojanOn June 4, 2008, the MessageLabs Researchers revealed that hackers are exploiting an option of mail forwarding used by many recruitment companies, which sends an appropriate CV to customers when a new candidate uploads his resume to the site of recruitment company. The attackers make use of an authentic ad on an anonymous site of an Australian recruitment agency to apply for a job by filling the online form and attaching a covering letter. MessageLabs discovered an outbound Word (RTF) document from the recruitment firm (company's name disclosed) which also included an attached PDF file, containing information of an applicant applying for the post of accounts officer. But it contained a harmful executable software made to open user's computers for back-door Trojan attacks. If the recipient clicks on the PDF file, nothing happens on the screen, but in the background the harmful file installs itself on the system and left a window open for attackers to invade corporate details. Unfortunately, the attackers are trying to break the trust between companies and recruiter. The recruitment company has been restricted from auto forward the mail, which is sent to every member looking for qualified candidates and appeared to have come from an authentic source. The MessageLabs Spokesperson said that there is a possibility of danger who has established that option. As a company sign up for the service of not to receive threats, a possibility of getting a clean mail increases. This method is a modification of earlier scams. In September 2007, MessageLabs noted an increase in attacks aimed at businesses by forwarding C-level employees mails appearing to be from recruitment companies. The mails also contained the same RFT documents that were fixed with harmful screen saver files. The researches also revealed that the perfect attacks are a zero-day attacks accessing rootkit-cloaked Trojan sent to a HR manager, who, because of policy of company, is bound to open the document. The Spokesperson also added that these are scary cases as it is hard to safeguard against them. He also said that they have to use OFFICE, EXCEL, POWERPOINT and RTF files. He advised that it clearly depicts the signature based anti-virus is not sufficient. There should be more advanced technology. • Email to a friend • Related • Australia Suffers More From Cyber Crime Than Rest of The WorldA research by AVG, the maker of security software, revealed that the increasing number of online purchasers, who make the payments but never get the ordered goods, has made Australia the top hotspot for cyber crime for global spammers, as reported by SmartCompany on June 10, 2008. According to the study, more than 39% of Internet users had been victims of one or another form of online crime. The study found that the Australian women were likely to be more trusting compared to men, while other researches revealed that men fell more to Internet fraud. The survey further revealed that women were victims of unfavorable financial impact due to phony e-mails, theft of online banking details and credit card frauds, while men seemed to be more vulnerable to phishing scams and did not receive the goods they ordered via eBay or similar sites. Also, according to the Australian respondents, evasive online auctions based on spam mails and fake advertisements appeared top on the list of cyber crime with 16% of online purchasers not getting the items they had sent payments for over the net. Further, in 14% of cases, 'advanced fee-frauds' was the reason for causing financial damages, while phishing scams followed at 10%. Other reasons included not getting goods ordered on the Internet (8%), payment card fraud (5%) and illegal bank transfers (3%) and these appeared as the highest forms of online theft Aussies suffered from. Moreover, according to the Australian Consumer Fraud Taskforce, the Australians are tricked into parting from over $ 700 Million per annum through spammers' online scams, while the Australian High-Tech Crime Center regards malicious programs as the most serious cyber threat country is facing. Lloyd Borrett, Marketing Manager, AVG, said that the research indicates that 99.5% of home computers are connected with broadband connection, and the Australians use the Internet more for banking, booking tickets, shopping, and paying bills, as reported by PCWorld on June 10, 2008. Hence, the AVG Researchers suggested that comprehensive security solutions should be adopted to protect online users against phishing scams in addition to spreading awareness. • Email to a friend • Related • Symantec Released its State of the Spam report for June 2008The monthly State of Spam Report for June 2008 by Symantec showed that spam mails accounted for around 80% of total mails. A lot of these mails were about IRS stimulus packages, disasters in Asia and weak economy of US. The Security Experts of Symantec said that in spite of awareness in users about spam and proper security of their mailboxes, the above-mentioned topics helped the hackers in 2008 to launch an attack. As of May 30, 2008, Symantec said that the amount of mails identified as spam increased by almost 20% as compared to January 2008. The State of the Spam Report for June 2008 informs about different categories of spam. The leading share is acquired by product offerings with 27%, followed by financial services offerings at 16% and schemes like get-rich-quick at 17%. Though these were the small quantity of spam received, the maximum amount of spam, informs Symantec, hailed from the US. Russia and Turkey come next making the list of top 3. Senior Manager of Operations for Symantec Security Response, David Cowings said that ever hacker aims at delivering spam to mailbox of the user, convincing them to click on the attached link, and finally taking users to the fraudulent site, as reported by DMNews on June 10, 2008. David also said that this could accelerate the chances of seeing the spam mails if the users browse for hot topics that could return some of these spam mails. The monthly report of Symantec also talked about the worldwide nature of cross-border network through Internet. Similarly, in another report, Symantec, on June 11, 2008, cautioned about a recent spam that attacks users of IM (Instant Messaging) tools such as MSN messenger of Microsoft and Yahoo Messenger. Surprisingly, IT Pros at Symantec and many others are advising users that they should establish an extra or secondary mail account that bears no connection with their private accounts and work to draw spam mails. • Email to a friend • Related • Social Networking Users Concerned About Spam Than Security of Personal InformationEuropeans using social-networking sites are more frustrated by advertising and spam (36%) than they are concerned about the safety of their personal information (11%), according to a new research by Wadja, the provider of web, messaging and media services, as reported by PrNewsWire on June 9, 2008. According to the Security Officials at Wadja, the survey of 500 people using social-networking sites across Europe revealed that nearly 19% of users are frustrated because they are not able to connect their friends due to increasing activities of spam. Alex Christoforou, Managing Director, Wadja, said that the majority of social networks are too confined with features and applications designed to be used by close groups of friends. He said that users are fed up on account of these restrictions and would soon succeed to move their friends and profiles from one site to another to have the appropriate Web applications and tools, as reported by Sys-Con on June 9, 2008. Further, according to the research, there is a dissatisfaction with the number of programs like advertisements and pop-ups on the sites as they obstruct usability. Also users of social networking (14%) referred to profiles that are too complex and which consumed too much time to load. Other key concerns are having a lot of applications and games (7%) through advertisements and pop-ups. The researchers also revealed that spam promoted through social networking sites is the same as those promoted through e-mail and punted by the same surfers. People generally think they wouldn't be hit with spam, as an implicit faith works while social networking. Also, spam through social networking could be e-mail messages exchanged between users, posts, or other applications of similar nature. Spammers on social-networks most generally compromise accounts using false log-in pages. Tactics like phishing, guessing passwords or using keystroke-intercepting Trojans also dominate. Further, in related news, Harris Interactive confirms that spam through social networking is increasing and users are worried about it. As in a poll of users of social-networking sites, 66% said that they would switch to a different social-networking site if too much spam continued to arrive. • Email to a friend • Related • Phishing E-Mail Seeks Details of Penn State Account HoldersAccording to Robin Anderson, Director of Multimedia Technology at Information Technology Services (ITS), staff members of Penn State University including employees of its office received phishing e-mail, as reported by Collegian on June 9, 2008. According to the officials, the e-mail seemed to have come from the Penn State e-mail address, info@psu.edu, although it was dispatched from outside Penn State. The sender possibly used the Penn State address to disguise his/her actual e-mail ID and to make the e-mail appeared legitimate to recipients. According to Anderson, Senior Systems Analyst John Corro of Penn State had previously used the info@psu.edu address as a pseudonym of the official e-mail address, which the phisher used in the scam. However, a couple of recipients replied to the fake e-mail. Also, as accords to the University officials, online crimes such as phishing are frequently run offshore, which makes it difficult to track their origins. Phishing relates to a method of an e-mail fraud in which legitimate looking e-mails are sent in attempts to collect the recipients' financial and personal information. Typically, the e-mail messages seem to arrive from reputable and trusted Websites such as the one of Penn State University. According to security professionals, phishers apply various kinds of e-mail spoofing and social engineering tricks to try and dupe their victims. Therefore, the experts warn users to be wary of any legitimate looking e-mail that asks the recipient to update his financial or private information. Experts also urged recipients to visit the company's Website to check out the authenticity of request. The officials also said that people, who reply to such scam e-mails, might end up with someone access their username and passwords that could unlock further sensitive information. The experts further said that Penn State University would never request its account holders to provide their username or password. Apart from assuring that the school would not request for user IDs or passwords, the officials told the staff and students to keep such personal information private; however, if for any reason an account is compromised, the owner should change the password and check his account. • Email to a friend • Related • European Computer Users Falling Victims to Cyber CrimeIpsos conducted a research for AVG Technologies in which it revealed that more than one in 5 computer users in Europe are victims of cyber-crime while about 22% of end-users subjected to some form of Internet crime, as reported by Vnunet on June 9, 2008. According to the AVG Officials, the high rate of online criminal activity poses a threat to the economic resources of the European Union. This is evident from the fact that 6 Million computers are infected to connect with botnets, while spam is causing a loss of €65 Billion per year to businesses. The research revealed that the Italians experienced the worst impact of cyber crime with 32% of computer users affected, while UK followed closely at 31%. Almost half (47%) of all German users feel that they could potentially turn into a victim due to increasing Internet crimes. Also, more European users, about 34% feel that they are likely to suffer from the cyber crime, while 25% fear of robbery, 22% burglary and 19% assault as spamming methods are growing on the Internet. According to J R Smith, Chief Executive, AVG Technologies, within a span of few years, cyber threats have transformed from amateurish criminal activity into a profession. As the world appears to flatten and boundaries are disappearing on the Internet, it becomes vital for companies and home computer users to be assured that they are conducting online transactions safely. AVG further pointed out two principal behavioral patterns that are leading European computer users towards cyber crime. These are the increasing use of the net for more sensitive dealings and lack of awareness and protection for home computer users against spam. Incidentally, the low levels of awareness about cyber crime and their prevention has ended up with no antivirus safeguards on 18% of home PCs, while 38% of home users claim that they do not have enough information on cyber crimes and how to overcome them. The lack of information regarding spamming techniques and the ensuing spam mails apparently stimulates the end-users' fear. • Email to a friend • Related • Phishing Scam Hit Another Missouri BankSpammers are phishing on people by using Boone County National Bank's logo in e-mail that directs recipients to follow a link and provides personal information, as reported by The news disclosed online said that the e-mail message, which uses the subject title "Notice", tells the recipient that he could view his bank account statement by clicking on a given link meant for accessing the document. Reports further said that despite the use of correct spelling of Boone County National Bank in the embedded logo, the message actually spells County, wrongly as Country. Meanwhile, as the news of phishing fraud spread that struck the bank , Vice President of Marketing, Boone County National Bank, Mary Wilkerson, said that such phishing scams had not been considered so important few years back. However, she said that the bank is continuously working with its customers to raise awareness of the scam and to advise on ways to avert them, as reported by Columbiatribune on June 10, 2008. Wilkerson further said that they were lucky to halt the attacks. However, according to her, some customers continue to be vulnerable to the fraudulent e-mail asking for confirmation of the recipient's account number as well as other information. Wilkerson added that the phishing message appeared very authentic and legitimate. And while, the attack on Boone County National Bank is the most recent case of a bank being targeted in Missouri, another scam, reported in the early days of May 2008, was against Central Missouri Bank. In that, the phishers used the Srizbi botnet to wage similar attacks against accountholders. Meanwhile, security experts and analysts describe phishing as an escalating problem shaking financial institutions such as banks and other financial firms because institutions' databases tempt spammers to launch the phishing assaults through botnets or simple e-mails. However, in the recent phishing case, Wilkerson suggested that customers, who get suspicious e-mail, contact the customer service of the bank or forward the messages to report_phishing@centralbankcompany.com or customer_service@boonebank.com. • Email to a friend • Related • Phishing & Spam Incidences Declined on Hong Kong DNSThe Hong Kong Domain Name Registration Company (HKDNR) compiled in a report named ".hk Domain Name Spamvertising & Phishing Report" disclosed that a daily average of phishing and spam cases fell from a record of 38 in 2007 to just 3 during January to May 2008, as reported by MisWeb on June 10, 2008. Hence, according to the security specialists, HKDNR has now implemented some very strict policies and measures to tighten and minimize the incidences of security hazards. According to Jonathan Shea, CEO, HKDNR, the company has been working in co-operation with the Office of the Telecommunications Authority, HK-CERT (Hong Kong Computer Emergency Response Team) and the Hong Kong Police to monitor and control the situation, as reported by MisWeb on June 10, 2008. Meanwhile, on account of these initiatives, HKDNR suspended over 14,000 '.hk' domain names by the end of May 2008. Of these, around 85% associated with spamvertising activities while around 15% associated with phishing Websites. The officials also said that the government too is actively examining the domain name registration policies and procedures. In particular, the officials have implemented harsher documentary requirements in order to fight against suspicious applications to keep up with the rapidly changing environment of the Internet. Moreover, HKDNR has also taken additional measures to verify online payments for registration of domains. And, the Hong Kong Police regularly informs HKDNR of illegal cases involving '.hk' domains while the HK-CERT helps HKDNR to establish verification guidelines for phishing domains. Furthermore, in related news, McAfee identified the domains hosting the highest number of risky Websites. It found that 19.2% of the '.hk' sites, it checked, were risky or potentially risky. Other risky potentially sites on '.cn' domain rated 11.8% and on '.info' domain -11.7%. • Email to a friend • Related • New Spam Attacks Instant Messenger UsersSymantec, a vendor of security services, has spotted a form of Instant Messaging (IM) spam that pretends to offer the recipient an opportunity to inspect his contact list in the messenger and indicate the name(s) he would want to be eliminated, as reported by Inquirer on June 11, 2008. Also, according to Symantec, these spam mails target people using IM tools such as Microsoft's MSN Messenger and Yahoo Messenger. The messages invite the recipients to click on a URL that notifies the source that removed their name from IM, and then request for their username and password. Symantec also warns that usernames and passwords could be stolen due to the increasing use of IM for both businesses and consumers purposes. The company notes that a lot of people apply the same username and password when they browse the Internet Symantec further revealed that spammers are also targeting Websites like Google that end-users tend to trust. In April 2008, Symantec identified phishing e-mail posing to be from the Google AdWords service with which advertisers can connect with people using Google search. In these phishing e-mails, the recipient is lured to click on a link to verify his billing details and/or to renew his account. The URL in these fake e-mails points to a bogus Website where the user's private information is sought. Symantec estimated that around 80% of all e-mail exchanged globally is spam. Furthermore, with this rate of spam, as observed in May 2008, the economic slack is now an attractive target for spammers, who prey on people's hardship not just in the US but around the world. In May 2008, the US program for economic stimulus and the Myanmar and China natural disasters flooded inboxes with allurements crafted to dupe people into parting from their money or worse still from their financial and personal information by simply dropping a malware onto their computer. Besides, in somewhat similar news, Ipsos, a research company, said that due to viruses, spam and other Internet threats, communication tools like Web meeting or IM are now far less significant than e-mail. • Email to a friend • Related • American Airlines Warned Against a Phishing ScamThe users of AAdvantage frequent flier program has been cautioned by American Airlines of an email scam which appears to have come from the airline and targets their personal details for ID theft and other malicious programs, as reported by Sun-Sentinel on June 8, 2008. Phishing is about taking over of personal data like credit card or login details by pretending to have come from an authentic entity in an e-communication. The members of AAdvantage flier program receive these kinds of phishing mails. This flier program is known to be the American's travel awards program. The sources from American Airlines revealed that the mail contains an incomplete survey and offers $ 50 for completing it. If the user clicks on the attached link, he is taken to a site in Russia. Consequently, private data is exposed. Therefore, the Airline suggested that the link should not be opened and the mail should be erased. Also, the users, who clicked on the link, were taken to a Web page, which looks like the authentic page of AA.com where users were directed to divulge the membership number and PIN of AAdvantage flier program. After that, it lands up on a site with queries about sites of America. And finally, they is taken to a page where the users is asked to give social security number, mother's maiden name, ATM Pin, DOB, expiration date and credit card number. The airlines got the mail from a recipient and the airline informed the IT security personnel of America and AAdvantage department. It was discovered that the message, which appears to have come from AA.com, have been traced down to a server located in Moscow. The Airlines believes that the hackers' main objective was to acquire credit card information instead of accessing AAdvantage details to illegally grab free tickets as regular flyer awards can be easily discovered. Shockingly, it seems that it has inaugurated a new trend in the world of cyber crimes. Just like credit card issuers and banks, hackers also know that frequent flyers are immensely popular with the customers nationwide. That is the reason perpetrators can attack the mileage program users. • Email to a friend • Related • |
Click here to safely unsubscribe now from "SPAMfighter News" or change subscription settings
Unsubscribe from all current and future newsletters powered by FeedBlitz
| Your requested content delivery powered by FeedBlitz, LLC, 9 Thoreau Way, Sudbury, MA 01776, USA. +1.978.776.9498 |
0 comments:
Post a Comment