http://www.mxlogic.com/ MX Logic Inc. is a leading managed security services provider of email and Web security services. MX Logic's patented technology and commitment to creating the most user-friendly security solutions in the industry make MX Logic the best choice for businesses that want enterprise-grade service and performance without enterprise-level complexity and cost. Subscribe with My Yahoo!Subscribe with NewsGatorSubscribe with My AOLSubscribe with BloglinesSubscribe with NetvibesSubscribe with GoogleSubscribe with Pageflakes http://www.mxlogic.com/securitynews/web-security/the-pirate-bay-hit-by-ddos-attacks-on-news-of-sale546.cfm
The Pirate Bay website was down for long periods of time on Tuesday, fueling speculation that hacker-members were launching attacks, according to Tomshardware.com.

Peter Sunde, one of the company's four founders - each of whom are facing prison time for illegal file sharing - said on his Twitter account that the reason for the down time was a DDOS.

"Yup, DDOS. Understand the people doing it as well. I hope people will calm down and understand what it means logically instead," Sunde Tweeted, according to Tomshardware.com.

Some of the Pirate Bay's 20 million users have asked to have their accounts canceled since the announcement of the sale.

"Many people have asked about having their account removed and we will not force anyone to stay on of course," the company said on its blog Tuesday.

After acknowledging the sale, the company said on its blog that profits will go into a foundation to support freedom of speech, freedom of information and "open[n]ess of the nets."
]]> Thu, 02 Jul 2009 18:12:00 -0600 http://www.mxlogic.com/securitynews/spam/michael-jackson-spam-email-proliferates-spreads-viruses544.cfm
Web security firm Symantec said in a blog post Wednesday that spammers have largely abandoned Fourth of July-themed spam that typically picks up around the holiday weekend, likely because Jackson's death continues to drive web traffic like nothing else.

"Surprisingly, it looks as if spammers are less passionate about spawning Independence Day spam this year. The probable reason for this neutrality could be the spam spike related to the death of pop star Michael Jackson," Symantec researcher Samir Patil said in the post.

Malware disguised as YouTube videos and other files purporting to contain missing Jackson songs and photos have been reported.

Scams have also proliferated, including one claiming to come from a concert ticket office based in London that requests the recipient's information for ticket reimbursement, information that could be used for identity theft and fraud, Symantec reported.

IT security firm Sophos also spotted malware in Jackson-related email, including one from a phony Italian YouTube site that asks users to download an update to their Flash player that executes the Trojan malware ZBot.
]]> Thu, 02 Jul 2009 18:11:00 -0600 http://www.mxlogic.com/securitynews/web-security/mozilla-will-issue-security-fixes-for-firefox-35555.cfm
The company said it plans to fix at least three bugs and "topcrashes," how the company refers to bugs that cause the most-reported crashes.

"[The] goal of this release should be a quick turnaround that fixes topcrashes and bugs we almost held ship for," Mozilla said, according to Computerworld.com.

Mozilla reports in its Firefox 3.5 release notes that several flaws for Windows, Mac OS X and Linux operating systems include a flaw in the browser's Java to Javascript communication, which may not work properly. Some sites with Flash can cause problems with the Cookies dialog.

Users who encounter strange problems relating to bookmarks, downloads, window placement, toolbars, history or other settings are advised to try creating a new profile and attempting to reproduce the problem before filing bugs.

Some of the browser's new features include improved tools for controlling private data, including a private browsing mode. Conversely, the browser also has location aware browsing to allow users to identify their location on certain sites.

Firefox 3.5 has been downloaded more than 6.5 million times in the first 36 hours of its release.
]]> Thu, 02 Jul 2009 14:29:00 -0600 http://www.mxlogic.com/securitynews/web-security/online-security-fears-affect-consumers-more-than-economy695.cfm
Tim Dowling, vice president of McAfee's web security group, said security concerns are the driving force behind whether an online transaction is completed or terminated.

According to the survey, 63 percent of online consumers won't purchase from a website that does not display a trustmark or security policy.

A trustmark is a seal, logo or icon displayed on e-commerce websites to show that merchants are making an effort to protect their customers.

The Harris Interactive study also showed that 90 percent of consumers are concerned about their security when shopping on new or unknown sites and 47 percent of consumers look for trustmarks to feel safe when shopping on a lesser known site.

By displaying a trustmark, the lesser known site can prove credibility to potential customers and gain market share from larger sites, McAfee said.
]]> Wed, 01 Jul 2009 15:49:00 -0600 http://www.mxlogic.com/securitynews/web-security/cyber-vigilante-arrested-for-ddos-attacks-on-news-sites601.cfm
Raisley allegedly used a botnet - a collection of compromised PCs - to launch the DDOS attacks to overwhelm the websites with traffic in order to shut them down.

According to the criminal complaint filed in the New Jersey U.S. district court, Raisley targeted specific pages at websites including rollingstone.com and radar.com that hosted one of two articles about his falling out with the cyber vigilante group Perverted Justice, which works to identify sexual predators.

The article allegedly targeted by Raisley - called To Catch a Predator: The New American Witch Hunt, which originally appeared in Rolling Stone - reported that Raisley had a falling out with the leaders of Perverted Justice, who sought revenge against him for criticizing their tactics. To pay him back, one man allegedly pretended to be a woman online and lured Raisley into a relationship to embarrass him.

The complaint, with signed testimony by FBI special agent Susan Secco, said one of the compromised computers used by the botnet to launch the attacks belonged to a Slovenian network security group that tracked the malware back to Raisley's IP address.
]]> Wed, 01 Jul 2009 15:10:00 -0600 http://www.mxlogic.com/securitynews/identity-theft/trojan-malware-on-the-upswing-for-data-theft396.cfm
The IT security vendor reported that Trojans' share of data-stealing malware grew to that figure in Q1 2009, up from 87 percent in 2008. In 2007, 52 percent of data-stealing malware were Trojans.

Cybercriminals use Trojans to steal proprietary information such as online banking credentials, credit card numbers, social security numbers and passwords from compromised networks and PCs.

"As a threat category, data-stealing malware is experiencing tremendous growth because it serves the needs of financially motivated criminals who leverage the internet for what it does best - provid[ing] valuable information," said Jamz Yaneza, threat research manager for Trend Micro.

Security researchers last week spotted spam emails exploiting the death of Michael Jackson to spread malicious links to files that appeared to be YouTube videos, but were actually Trojan downloaders.

Websense said last week that a file called Michael.Jackson.videos.scr located on a legitimate site hosted in Australia would download three malicious files when executed.

Another spam email spotted last week purporting to be a "critical update" for Microsoft Outlook and Outlook Express contained a link to download a Trojan called ZBot.
]]> Wed, 01 Jul 2009 14:05:00 -0600 http://www.mxlogic.com/securitynews/web-security/web-security-report-q2-spam-averaged-88-percent140.cfm
Spam from compromised PCs, known as botnets, accounted for 83.2 percent of all spam in June. One of the largest botnets, Cutwail (also known as Pushdo), had resumed spamming just hours after the shut-down of the botnet's command-and-control server Pricewert/3FN by the Federal Trade Commission.

"Cutwail's recovery to one-third of its original levels, after only a few hours, highlights the progress spammers have made since the McColo shutdown in November," said Paul Wood, MessageLabs Intelligence Senior Analyst. "Spammers have learned the importance of having a backup for command and control channels."

The report also identified a rise in the threat of malicious links in instant messages, to 1 in 78 IMs containing links, an increase of .78 percent over the past six months. At the current rate, 1 in 80 IM users may expect to receive a malicious instant message each month.

MessageLabs Intelligence said a growing number of threats target the healthcare sector. Email-borne malware attacks targeting the healthcare sector have more than doubled since the start of 2009.
]]> Tue, 30 Jun 2009 16:44:00 -0600 http://www.mxlogic.com/securitynews/spam/new-spam-tactic-spam-profiles-on-social-networks128.cfm
Some fake profiles include popular pharmaceuticals as the profile name, but savvier spammers have begun to use real names and realistic data to fly under the radar and populate the network with bad links.

"To make sure their newly-minted gibberish profile shows up in searches they will also generate links on hacked sites, comment spam and yes, other spam profiles," Morrison said on the blog. "This results in a lot of bad content on your domain, unwanted incoming links from spam sites and annoyed users."

Morrison warned that spammers can exploit bulletin boards and content management systems such as vBulletin, phpBB, Moodle and Joomla that generate member pages for every user that creates an account.

Webmasters can cut down on spammers exploiting their websites through anti-spam features such as CAPTCHAs and user reporting of suspect profiles.

Facebook, under attack from spammers using hijacked accounts, filed a lawsuit in February against notorious "spam king" Sanford Wallace, claiming they violated CAN-SPAM and won a restraining order in March banning them from the site.
]]> Mon, 29 Jun 2009 16:42:00 -0600 http://www.mxlogic.com/securitynews/identity-theft/hackers-hijack-britney-spears-twitpic-account123.cfm
The hacked accounts were discovered Sunday after TwitPic, the largest service for posting photographs to the micro-blogging site Twitter, noticed phony messages, including one that said Spears had died.

Twitpic, which is not owned or affiliated with Twitter, said on its Twitter feed that the company had "implemented a fix for the email posting vulnerability."

Hackers have increasingly hijacked user accounts on Facebook and Twitter to spread viruses and spam and to phish other users' account information.

Web security experts say phishing attacks on social networking sites are up to 10 times more effective than those sent via email.

A recent survey found that 30 percent of users of social networks had been subject to cyberattacks. Many users leave themselves open to attacks but publishing personal information that could be used for identity theft.

Among younger users, 51 percent use the same password on multiple sites and two-thirds share personal information that may compromise online privacy, the survey found.
]]> Mon, 29 Jun 2009 16:41:00 -0600 http://www.mxlogic.com/securitynews/web-security/ftc-settles-with-rogue-antivirus-vendor-bytehosting471.cfm
In its judgment of nearly $1.9 million against James Reno and ByteHosting Internet Services, FTC agreed to reduce the amount to $116,000 due to the defendants' inability to pay. FTC said the full judgment represented the gross revenues realized from the alleged scam.

FTC said Reno and ByteHosting were part of a massive deceptive advertising scheme that tricked consumers into buying rogue web security products, including WinFixer, WinAntivirus, DriveCleaner, ErrorSafe and XP Antivirus.

The scheme allegedly relied on deceptive advertisements featuring bogus computer scans that falsely claimed to detect viruses, spyware and illegal pornography on consumers' computers.

Reno and ByteHosting are prohibited from using deceptive scareware advertising tactics and from installing malicious programs on consumers' computers. The settlement also permanently bars Reno and ByteHosting from ever again doing business with their co-defendants.

Microsoft said earlier this month that infections by scareware spiked dramatically worldwide in the second half of 2008.
]]> Mon, 29 Jun 2009 13:53:00 -0600 http://www.mxlogic.com/securitynews/viruses-worms/green-dam-web-filter-still-vulnerable-to-exploits263.cfm
China's government insists that the software is necessary for blocking access to pornographic content, but researchers using the software said it also blocks political content and tracks online activity.
Earlier this month, security researchers from the University of Michigan identified two security flaws that could have allowed remote parties to execute arbitrary code and take control of the computer, which the software maker has since patched.

But the researchers said last week they had discovered another security hole on the latest version which a maliciously-crafted website could exploit to take control of the computer. It took them only an hour to find the bug, they said.

The researchers wrote that making Green Dam safe from exploits will require substantial changes and careful retesting.

"It is unlikely that the required changes can be completed … before China's July 1 deadline for mandatory distribution of Green Dam with new PCs," they wrote.

Another security researcher has posted attack code to the Milw0rm website, which has been circulating in the wild for a week, according to CNET News.
]]> Fri, 26 Jun 2009 18:04:00 -0600 http://www.mxlogic.com/securitynews/web-security/iranian-hackers-hijack-university-of-oregon-network397.cfm
The Associated Press reported that visitors to the university's web system during a 90-minute window Wednesday were taken to an 89-word pro-Iranian message that warned President Obama to stay out of Iranian affairs.

The hackers used the university's network to send the message to AP and others. The message addressed the president as "Hey Stupid Fly Catcher Obama!"

Diane Saunders, spokeswoman for the university, told AP that the hackers were able to gain control of the site through third-party software that had not been updated. Saunders said the computers of visitors to the site were not compromised.

Rob Housman, executive director of the Cyber Secure Institute, a research and advocacy firm, said the hack highlighted how the United States is engaged in a "low-level conflict" across cyberspace.

Housman said it reveals the extent to which U.S. network security is inadequate.

"[C]onsider the damage possible if the attackers weren't less sophisticated Iranian protestors but the Chinese military's cyber-special-forces or the legions of Russian cyber-irregulars," he said. ]]> Fri, 26 Jun 2009 14:42:00 -0600 http://www.mxlogic.com/securitynews/spam/spammers-exploit-michael-jacksons-death265.cfm
In these messages, the spammer claims to have "vital informations" about the death of "Michael Jackson's" to share with recipients of the email. The body of the email does not contain any call-to-action links, but a spammer can easily harvest recipients' email addresses via a free live email address if computer users reply to the spam message.
This type of breaking news story that spurs widespread popular interest is the perfect vehicle for spammers to snare vulnerable computer users, said Graham Cluley, senior technology consultant at Sophos.

Cluley said the firm has also seen spam piggy-backing on the news of Farrah Fawcett's death to spread fake antivirus software.

"The fact is that cybercriminals have no respect for taste and decency," Cluley said. "The only thing they are interested in is making some money for themselves."

In March, the sudden death of British actress Natasha Richardson inspired a wave of malicious search-optimized websites for spreading rogue antivirus products.
]]> Fri, 26 Jun 2009 13:53:00 -0600 http://www.mxlogic.com/securitynews/disaster-recovery/stolen-cornell-laptop-contained-45000-ssn337.cfm
The Cornell Daily Sun reported Wednesday that a member of the Cornell IT staff left the laptop in a physically unsecure environment, which violates university policy. New York state police have begun an investigation into the theft and told the paper the employee was not a suspect.

The university said it has begun sending emails and letters to the individuals whose information was on the computer. They will be offered one year of free credit monitoring and identity restoration services.

"In response to incidents of theft like this one and the increasing number of internet-enabled computer attacks, the university is continually enhancing its systems and practices," Polley A. McClure, vice president for information technologies, said in the letter.

Last June, a university computer was hacked, leading Cornell to warn 2,500 students and alumni that their personal information had potentially been stolen, the Daily Sun reported.
]]> Thu, 25 Jun 2009 14:57:00 -0600 http://www.mxlogic.com/securitynews/identity-theft/google-urged-to-adopt-default-data-encryption-for-gmail271.cfm
Google already uses Hypertext Transfer Protocol Secure (HTTPS) encryption technology to protect customers' login information, which is available as an option for users of Google's webmail and other cloud-based services.

However, encryption is not enabled by default to protect data sent by users of Google Mail, Docs or Calendar. As a result, the security experts said, Google customers who use a public connection such as open wireless networks "face a very real risk of data theft and snooping."

Alma Whitten, from Google's security and privacy teams, responded on the Google public policy blog that the company is planning a trial in which it will move small samples of different types of Gmail users to HTTPS "to see what their experience is and whether it affects the performance of their email."

The group Consumer Watchdog said Google should be praised for agreeing to offer improved security but asked why the company waited so long to act.

The group is calling on other online companies like Yahoo, Microsoft, Facebook and MySpace to offer the same protection.
]]> Thu, 25 Jun 2009 14:34:00 -0600 http://www.mxlogic.com/securitynews/web-security/security-worries-spam-dog-mobile-finance195.cfm
Mobile spam, including phishing attacks seeking personal information, was also shown to be impacting about 44 percent of mobile device owners.

"The prevalence of spam will only continue to rise as financial gain for spammers continues to increase," said Jamie de Guerre, CTO of Cloudmark. "For new services to succeed, it will be imperative for mobile operators to assure their customers of a secure environment for transactions and to ensure that mobile spam does not impact the delivery of legitimate messages."

Nearly half (46 percent) of those who said they were concerned about the IT security of their devices said their worries prevented them from conducting activities on their mobile device. The most impacted service is mobile transactions such as paying bills.

The survey found 79 percent of mobile device owners who have never sent or received confidential information of any kind through their device, Cloudmark said.

Wireless users in the US received more than 1.1 million spam text messages in 2007, a 38 percent increase from 2006, according to Senator Olympia Snowe, who is sponsoring legislation called the m-Spam Act to strengthen anti-spam enforcement.
]]> Thu, 25 Jun 2009 13:59:00 -0600 http://www.mxlogic.com/securitynews/web-security/identity-theft-more-likely-for-younger-social-networkers349.cfm
The growing prevalence of spear-phishing attacks, spam and worms across social networks could be attributed to the more relaxed attitudes about privacy and web security displayed by young people ages 18-29.

Surveying over 1,100 members of Facebook, LinkedIn, MySpace, Twitter and other popular social networks, Webroot said huge numbers of users put their identities at risk.

Among younger users, 51 percent use the same password on multiple sites, versus 36 percent overall; 40 percent accept friend requests from strangers, versus 28 percent overall; and greater numbers share more personal information that may compromise online privacy (67 percent share birth date, versus 52 percent overall).

Because of these risks, younger users experience a security attack at a greater frequency - nearly 40 percent of younger users have been hit by cyberattacks versus 30 percent of all users.

On Facebook, the most popular of the sites with an estimated 200 million users worldwide, cybercriminals have recently targeted users with password-stealing phishing attacks and malware worms including Koobface and several spread through the domains mygener.im, ponbon.im and hunro.im.
]]> Wed, 24 Jun 2009 15:53:00 -0600 http://www.mxlogic.com/securitynews/network-security/cisos-see-insiders-as-greatest-human-threat-to-data-security132.cfm
The survey by NetWitness Corporation and MIS Training Institute revealed that 80 percent of CISOs and CSOs feel insiders are the greatest human threat.

Sara Hook, conference director at MIS Training Institute, said the survey findings are "alarming," in that there is a "misperception that traditional security approaches alone can protect against information leaks and that some CISOs were not sure what they need for data protection or were not planning to focus any money in that area this year."

Although CISOs are at least thinking about insider threats, another recent survey of business managers found that executives seemingly don't think about insider threats to data security from ex-employees.

A Courion Corporation survey revealed that 93 percent of business managers are confident that terminated employees pose no risk to their network security, even though many have limited knowledge of the systems to which their employees have access.

Courion said companies show "unwarranted confidence" that their systems are secure from former employees gaining access through "zombie accounts."
]]> Wed, 24 Jun 2009 14:46:00 -0600 http://www.mxlogic.com/securitynews/disaster-recovery/tjx-settles-with-states-for-975-million-over-data-breach028.cfm
State attorneys general sued the company in 2007 alleging that TJX's data security systems contained vulnerabilities that allowed hackers to compromise the system, which went undetected for "an unacceptable duration," Massachusetts attorney general Martha Coakley said yesterday.

The settlement includes funds for data protection efforts by the states and $2.5 million to fund a Data Security Trust Fund to be used by the state attorneys general to advance enforcement.

TJX also agreed to upgrade all Wired Equivalency Privacy (WEP) based wireless systems in TJX retail stores to wired systems or Wi-Fi Protected Access (WPA) wired systems; and to segment customer data from the rest of the company's systems through firewalls and other protections.

As part of the agreement, TJX will "not store consumer data any longer than necessary for legitimate business purposes," Coakley said.

Jeffrey Naylor, chief financial and administrative officer of TJX, said yesterday that the company believes it did not violate any consumer protection or data security laws.

"The sheer number of attacks by cybercriminals demonstrates the challenges facing the U.S. payment card system in protecting sensitive consumer data," Naylor said.

]]> Wed, 24 Jun 2009 14:14:00 -0600 http://www.mxlogic.com/securitynews/identity-theft/facebook-fan-blog-hacks-user-profiles-to-reveal-security-hole119.cfm
The bloggers at FBHive published data from the user profiles of Facebook founder and CEO, Mark Zuckerberg, Digg founder Kevin Rose and others. In an update post on Tuesday, the blog revealed that FBHive ("two twenty-something guys who are avid fans of Facebook") had hacked the private profile information containing the user's networks, sex, birthday, hometown, siblings, parents and relationship status.

Security experts said the personal information such as birthdates could be used to attempt to steal login and password information for email accounts or other social networking sites.

The exploit involved fooling the "Edit Information" section of a user profile to display another user's "Basic Information" page, which was the only section of the site the FBHive guys could access with their hack.

"By using the Tamper Data add-on for Firefox, we were able to change our profile ID number to that of Mark Zuckerberg, and voilà! His basic info appeared in our own profile," the blog reported.

Last September, hackers were able to use the serial number of any Facebook user and a hack through Firefox browsers to access private photos on the site.

Facebook fixed that security flaw after being alerted by CNET News about the hack.
]]> Tue, 23 Jun 2009 16:02:00 -0600 http://www.mxlogic.com/securitynews/spam/fake-microsoft-outlook-update-contains-virus-for-id-theft031.cfm
The spammers use legitimate links to Microsoft sites in the email body to make the email appear genuine, but a link appearing to direct users to a Microsoft site for the "update" actually downloads a Trojan horse called ZBot.

ZBot accesses a website to download information directing the virus to monitor certain websites and where to send stolen data, the security firm's blog said.

Web security researchers discovered that the Trojan monitors websites of banking institutions and social networking sites like Facebook and MySpace. If a user accesses any of these website, the Trojan logs keystrokes to steal the user's passwords and other sensitive information such as credit card numbers.

Recently, phishing emails have been circulating that appear to come from Microsoft and ask recipients to reconfigure their Outlook account by clicking on a link to a website where users are asked to fill in their account information, including their mail server address.
]]> Tue, 23 Jun 2009 15:23:00 -0600 http://www.mxlogic.com/securitynews/web-security/iran-accuses-cnn-of-training-hackers813.cfm
"They officially trained the people to come and hack Iran's government websites," spokesman Hassan Qashqavi said during a press conference, according to CNN.com. "This is a cyber war. This, with, isn't it a cyber war of the media with an independent government? They asked people to use the DOS system to hack our websites."

The network responded on its website Monday in a statement, calling the accusations "completely false" and stating that "CNN is beholden to no government in its reporting."

Some Iranians had been using Twitter to launch DDOS attacks on Iranian websites. Richard Stiennon, a network security consult, said he had seen messages on Twitter that included links that could directly launch DDOS attacks, which can overwhelm a website with repeated requests.

Many commentators on Twitter and blogs are cautioning that participating in cyberattacks could end up backfiring and hurting Iranian dissidents by slowing down or disabling the country's internet connections.

One Twitterer posted a message Monday that said: "Please, surgically hack bad sites in Iran, NO DDOS! DDOS only harms freedom fighter bandwidth."
]]> Tue, 23 Jun 2009 13:59:00 -0600 http://www.mxlogic.com/securitynews/spam/chinese-pennystock-spammers-plead-guilty847.cfm
According to the U.S. attorney for the eastern district of Michigan, the spam operation sent billions of illegal spam advertisements in 2004 and 2005 to pump up Chinese penny stocks in order to reap profits by causing trades in these same stocks while others bought at the inflated prices.

Alan M. Ralsky and his son-in-law Scott K. Bradley, both of Michigan, pleaded guilty to conspiracy to commit wire fraud, mail fraud and to violate the CAN-SPAM Act. Ralsky and Bradley also pleaded guilty to wire fraud, money laundering and violating the CAN-SPAM Act.

"Alan Ralsky was at one time the world's most notorious illegal spammer," said U.S. Attorney Terrence Berg. "Using the internet to manipulate the stock market through spam email campaigns is a serious crime."

Under the terms of his plea agreement, Ralsky faces up to 87 months in prison and a $1 million fine while Bradley faces up to 78 months in prison and a $1 million fine, prosecutors said.

John S. Bown, 45, of Fresno, California, pleaded guilty to conspiring to commit computer fraud by creating a botnet and violating the CAN-SPAM Act.
]]> Mon, 22 Jun 2009 22:59:00 -0600 http://www.mxlogic.com/securitynews/spam/fake-twitter-invites-spreading-email-worm017.cfm
Instead, the user will see an attachment that appears as a .zip file that purportedly contains an invitation card. The file is actually a malicious attachment known as the Ackantta worm, which gathers email addresses from infected computers and spreads by copying itself to removable drives and shared folders, Symantec said.

"As Twitter continues to gain popularity among social networking users, people are regularly receiving invitations and email updates from fellow users," Symantec researcher Sammy Chu said in a blog last week. "We expect that spammers will continue to use Twitter and other popular social networks as bait in their attacks."

Symantec had spotted an e-card virus attack in February that was used to spread the same Ackantta worm.

Twitter's booming popularity has also made it a growing target of phishing attacks and other types of spam.

Earlier this month, researchers spotted messages on Twitter that directed users to go to a YouTube spoof site to see a "best video." Users who visited the site could have had their PCs infected through vulnerable versions of Adobe Reader.
]]> Mon, 22 Jun 2009 15:57:00 -0600 http://www.mxlogic.com/securitynews/web-security/dating-spam-uptick-may-mean-users-are-easily-duped012.cfm
The subject lines of the phishing spam include phrases such as "I'm emailing you because I like you," "wanted to let you know about my profile" and "you have been invited to join." The emails provide a link to an adult dating website that contains a clickable ad that says, "CLICK HERE TO CHAT FOR FREE."

Following the link takes the visitor to a registration site for providing an email address and password and continues to other registration sites where users are asked to fill out personal details, including a request for credit card information.

Although the chat is supposedly "free," the website claims a credit card is needed to prevent minors from trying to log in.

Trend Micro said the simplicity of the scam could mean two things - cybercriminals are running out of new ideas, or this kind of phishing attack simply works too well.

In its June spam report, web security firm McAfee noted that spam of this sort is effective because many users have become overly dependent upon spam filters for detecting scams.
]]> Mon, 22 Jun 2009 15:55:00 -0600