Computer Security Articles

Google+ Project Vs Facebook Safety Features

CSA — Fri, 05 Aug 2011 21:30:15 +0000

Today there are many social networks on the internet and everyday new ones are being introduced with new and better features. They have unique and useful features, which makes it easy for users to remain updated with friends. They also offer apps for different smartphones providing even easier access to friends and other useful information. [...]

PSN update now live across the U.S., go change your password now

CSA — Sun, 15 May 2011 21:12:37 +0000

In case you missed it — and you very well might have considering what time this ball got rolling — Sony has officially flipped the switch on the PlayStation Network, restoring service in a limited capacity as a gradually filling map of the United States. charted the progress of the rollout through the night. The [...]

Poisoned Google image searches becoming a problem

CSA — Mon, 09 May 2011 19:02:41 +0000

If you are a regular user of Google’s search engine you might have noticed that poisoned search results have practically become a common occurrence. Google has, of course, noticed this and does its best to mark the offending links as such, but they still have trouble when it comes to cleaning up its image search [...]

Facebook scammers go back to using Javascript

CSA — Sat, 07 May 2011 17:26:03 +0000

Facebook scammers know that in order to keep users falling for their scams, they have to use a variety of approaches. For example, there was a time where rogue applications were the scammers’ preferred method of making sure that the scheme is propagated through the social network. Before that, they were more partial to trying [...]

Malware sites already capitalizing on announcement of Osama Bin Laden’s Death

CSA — Mon, 02 May 2011 08:08:48 +0000

Within hours of the announcement of Osama Bin Laden’s death, we are already seeing malicious sites emerge to capitalize on the news. One Spanish language site displays a purported photo of a murdered Osama Bin Laden and includes a story about the US led operation. Farther down the page, the reader is presented with a [...]

Tom Tom sounds the privacy drum – road safety or no road safety!

CSA — Mon, 02 May 2011 08:06:12 +0000

Dutch GPS and navigation software giant, Tom Tom, recently took what I consider to be a small privacy step for the company, but a giant privacy step for mankind.Faced with evidence that the Dutch police have been using anonymised trip data from Tom Tom users to assist in enforcing speeding laws, Tom Tom CEO Harold [...]

Osama bin Laden dead – so watch for the spams and scams

CSA — Mon, 02 May 2011 08:05:46 +0000

Google’s top-trending Anglophone search term right now is, understandably, “osama bin laden dead”. Google officially describes its hotness (you couldn’t make this stuff up) as volcanic.The short version, according to the LA Times, is that bin Laden was tracked to a “comfortable mansion surrounded by a high wall in a small town near Islamabad, Pakistan’s [...]

TDL4 rootkit is coming back stronger than before

CSA — Mon, 02 May 2011 08:03:02 +0000

After some months since the last blog post about the TDL rootkit, we have to come back and write again about this nasty threat that is targetting both 32 bit and 64 bit versions of the Windows operating system, succesfully bypassing all the security countermeasures implemented in the 64 bit version of Windows that should [...]

Facebook Scam: ‘Wired News: iPhone 5 – First Exposure’ leads to Adware

CSA — Mon, 02 May 2011 07:59:01 +0000

From likejacking to photo-tagging, Facebook scammers are constantly searching for new ways to get their scam campaigns to spread through the social network. Early this weekend, we observed a new type of scam, this one leveraging Facebook’s new social plugin for websites that allow for comments. This is being exploited by scammers to get their [...]

2 FREE Southwest Airline Tickets!

CSA — Mon, 02 May 2011 07:43:29 +0000

Scam Signature Message: 2 FREE Southwest Airline Tickets!Scam Type: Click-Jacking, Bogus OfferTrending: May 2011Why it’s a Scam:Clicking the wall post link takes you to the following page: Clicking the “Comment” click-jacks your account and presents the following bogus offer:If you read the fine, you must complete a total of 13 Sponsor Offers. Not only is this a ridiculous hoop to jump through, and [...]

Father walks in on his Daughter… EMBARRASIN!

CSA — Mon, 02 May 2011 07:19:24 +0000

Scam Signature Message: Father walks in on his Daughter… EMBARRASIN!Scam Type: Survey Scam, Click-JackingTrending: May 2011Why it’s a Scam:Clicking the wall post link takes you to the following page: On this screen you really don’t have to click the right answer – any input will do. Clicking submit click-jacks your account and loads the following survey scam:Here we see the [...]

TDL4 revisited

CSA — Mon, 02 May 2011 07:15:10 +0000

I just saw an article by Mathew Schwartz for Information Week focused on a series of articles by Aleksandr Matrosov, Eugene Rodionov and myself for Infosec Institute.The articles are actually based on previous analyses of TDL3 and TDL4 by Aleksandr and Eugene, but even if you’ve seen those, you might find the aggregation of older and [...]

Browser Updates

CSA — Mon, 02 May 2011 07:10:33 +0000

Just a few days ago, two major web browsers have been updated to fix security vulnerabilities which may allow attackers to infect the computer with malware just by visiting a hacked website.Google released version 11 of the Chrome web browser. 18 of the more than 20 security holes which get closed with this release are [...]

Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl

CSA — Sat, 30 Apr 2011 14:52:46 +0000

It’s starting to seem like Facebook can’t win against those who wish to use their service to scam, spam and simply cause trouble. Over the last day or so, a new type of attack has been spreading using the phrase “OMG! I Can’t believe JUSTIN Bieber did THIS to a girl”.It leads to a page [...]

Firefox 4 gets its first security update

CSA — Sat, 30 Apr 2011 14:52:34 +0000

Yesterday, five weeks after shipping Firefox 4, the Mozilla project published the new browser’s first-ever security update. The Firefox version number bumps up to 4.0.1.The update fixes 50-odd bugs in total, amusingly including three fixes listed as specific to OS/2. Ironically, the latest official release of the OS/2 port of Firefox, dubbed Warpzilla, hasn’t yet [...]

OMG! I Can’t believe JUSTIN Bieber did THIS to a girl

CSA — Sat, 30 Apr 2011 14:39:24 +0000

Scam Signature Message: OMG! I Can’t believe JUSTIN Bieber did THIS to a girlScam Type: Survey Scam, Click-JackingTrending: April 2011Why it’s a Scam:Clicking the wall post link takes you to the following page: On this screen you really don’t have to click the right answer – any input will do. Clicking submit click-jacks your account and loads the following survey [...]

Remove Antivirus Center (Uninstall Guide)

CSA — Sat, 30 Apr 2011 14:26:53 +0000

Antivirus Center is a rogue anti-spyware program from the same family as Internet Protection. This malware is installed onto your computer through the use of fake scanner pages and Trojans that pretend to be updates to Adobe Flash. When Antivirus Center is installed onto a computer it will be configured to start automatically when Windows [...]

Malicious Spam on the increase again

CSA — Fri, 29 Apr 2011 17:42:38 +0000

Malware distribution via email is far from dead. While we had a distinctly quiet period from October 2010 to March 2011, our stats show the bot herders are gearing up again with the proportion of spam with malware attachments rising, although still not as high as the peaks we saw mid last year when the [...]

Malware authors: Don’t hassle the Hoff on F-Secure’s watch!

CSA — Fri, 29 Apr 2011 17:39:51 +0000

A while back we noticed that malware authors seem to have a thing for Chuck Norris. And why not: Chuck Norris kicks ass! We have been monitoring the situation carefully and have found several malware that show some sort of interest or tribute towards Mr.Norris.We started thinking; if our automation can detect malware by looking [...]

Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injection, HTML Injection, etc.

CSA — Fri, 29 Apr 2011 17:06:00 +0000

Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL Injection and HTML Injection are security flaws that have been around for years. They are well know vulnerabilities, with well-known solutions. As we’ve seen in recent weeks, even well-established tech companies are not immune to these basic flaws: MySQL was compromised by SQL Injection WordPress.com was compromised by [...]

Google sued over – yes – Android location tracking

CSA — Fri, 29 Apr 2011 17:04:58 +0000

Google has been sued over its Android location tracking practices, days after a similar suit was brought against Apple.According to The Detroit News, two Michigan women have filled a $50 million class-action suit against the web giant, demanding that the company stop offering Android phones that can track a user’s location.Google is using Android phones [...]

The New York Yankees and DSLReports.com responsible for 30,000 more data loss victims

CSA — Fri, 29 Apr 2011 16:54:46 +0000

This message may repeat. This message may repeat. For those of us old enough to have fond memories of the phonograph, the phrase “broken record” may come to mind.Yes, more user information has been leaked and in a totally preventable fashion. A season ticket sales representative for the New York Yankees accidentally emailed a spreadsheet [...]

Compromised ads leading to TDSS rootkit infections

CSA — Fri, 29 Apr 2011 16:54:25 +0000

As we all know, compromised sites play an important role in web distributed malware, acting as the conduit, guiding user traffic to further malicious content. Sometimes, the attackers get lucky, and succeed in compromising a high profile, popular site. Another way to increase the number of users exposed to the attack is to compromise advertising [...]

Data thefts far more common than just Sony and Epsilon

CSA — Fri, 29 Apr 2011 16:54:16 +0000

In the wake of the press reports concerning the recent data breaches at Sony and Epsilon, some organizations are getting the wrong idea about modern online attacks. The media largely chooses to cover mass-scale losses that affect large numbers of consumers from trusted brands.While it is important to raise awareness about keeping your data safe [...]