eSoft Network Security Blog

Hackers may have had access to resort's credit card system for eight months

sbaker@esoft.com (Steve Baker) — Fri, 07 Jun 2013 11:07:38 -0600

The financial information of guests at Callaway Gardens was stolen by cyber-thieves who implanted malware on the Pine Mountain, GA resort’s credit and debit card systems. A Callaway Gardens official said it is unknown how many guests may be affected after its credit card security system was compromised over the last eight months. "We have just started a more in-depth investigation so the number of accounts has not been determined yet," said Rachel Crumbley, a spokeswoman for the resort in Pine Mountain. Crumbley said Saturday a breach in its credit card security system started in early September and lasted until Thursday when a credit card processing company identified multiple companies, including Callaway Gardens, with fraudulent credit card activity.

Cyberattacks could be fatal to small companies, U. S. Congressman warns

sbaker@esoft.com (Steve Baker) — Wed, 22 May 2013 11:33:08 -0600

WASHINGTON DC – Cybersecurity threats have come a long way since hackers temporarily crippled the computer system at one of Chris Collins’ businesses a few years ago. For that reason, Collins – now U.S. Congressman Rep. Chris Collins, (R-NY) dedicated his first hearing as chairman of a House Small Business subcommittee to the growing danger of cyberattacks, which he deemed an often ignored threat that can put companies out of business. “Although attacks on small businesses don’t make the headlines, a recent report shows nearly 20 percent of cyberattacks are on small firms with less than 250 employees,” Collins said. “Unlike a large company, small businesses may not be able to survive a cyberattack.” That’s because those attacks cost so much, Collins said, citing FCC reports show that the average annual cost of cyberattacks on small and medium-size businesses was $188,242. Not surprisingly, then, nearly 60 percent of small businesses that are hit by cyberattacks close within six months of the problem, he added, citing a 2011 report by Business Insider.

HIPAA Regulations to Bring Compliance Challenges for Providers and Business Associates

sbaker@esoft.com (Steve Baker) — Fri, 10 May 2013 10:39:21 -0600

Providers have about six months to comply with the changes to privacy and security practices mandated by the HIPAA omnibus rule. The new rules could give some organizations headaches, and not just because they represent technical challenges. Speaking at the HealthTech Council meeting in Chicago, Kirk Nahra, partner at the law firm Wiley Rein LLP, said the new privacy and security regulations will force providers to make significant changes to some of their processes, but often without much actual benefit to the patient.

Customer Service in a Network Security World

lgraves@esoft.com (Lee Graves) — Thu, 14 Feb 2013 10:53:07 -0700

As the network security market becomes more important and mature, IT Pros have begun to examine the intangibles as key difference makers when making a purchase decision. Now, more than ever before, they’re looking at things like technical support, training, documentation, self-help tools, integration support and more. With this increased focus on customer support in network security, the question becomes, how can we provide the customers with outstanding customer support to complement our products?

SiteFilter and Web ThreatPak Critical Software Update

lgraves@esoft.com (Lee Graves) — Tue, 18 Dec 2012 10:49:51 -0700

CRITICAL SOFTWARE UPDATE - ACTION REQUIRED Customers with subscriptions to eSoft’s SiteFilter and Web ThreatPak will need to update to the latest software release to ensure proper functionality. This update resolves problems downloading the latest web filtering database. Full release notes are available by following the link for your product below.

eSoft Maintenance Window Notification - December 14, 2012

lgraves@esoft.com (Lee Graves) — Thu, 13 Dec 2012 13:23:25 -0700

Beginning Friday December 14th at 6pm MST, eSoft will be performing maintenance on its network infrastructure. While we do not anticipate major issues, customers may experience minor interruptions in service level during maintenance window. The major impact of this change will be the reassignment of eSoft's SoftPak Director IP Addresses. While DNS updates will take care of the any issues contacting the eSoft's SoftPak Director, customers that have hard-coded the old IP range will need to do necessary updates. Please contact eSoft should you have any questions or concerns.

eSoft Named as SC Magazine’s 2013 Excellence Award Finalist

lgraves@esoft.com (Lee Graves) — Tue, 04 Dec 2012 12:21:12 -0700

eSoft has been named a finalist in the Excellence category of the 2013 SC Awards for outstanding leadership and achievement in information security. eSoft Customer Support is recognized in the Best Customer Service category, which acknowledges companies with superior customer service that help customers tackle today’s most pressing information technology (IT) challenges. The winner will be announced at the 2013 SC Awards U.S. ceremony to be held on Feb. 26, 2013 in San Francisco.

Support Portal Upgrade Announcement

lgraves@esoft.com (Lee Graves) — Thu, 01 Nov 2012 11:33:33 -0600

In an effort to make our customers’ and resellers’ lives even easier, eSoft is pleased to announce the launch of our new Support Portal. The eSoft Support Portal allows customers and eSoft resellers to create and update technical support cases in an efficient and effective platform. The new Support Portal offers all the same features as the previous portal, with added advantages of closer integration to the eSoft CRM, improved attachment handling, and enhanced email notifications.

Cast Your Vote for eSoft

lgraves@esoft.com (Lee Graves) — Wed, 10 Oct 2012 08:17:48 -0600

SC Magazine Awards is the network security industry's leading global awards program, organized to honor the professionals, companies and products that help fend off the myriad security threats confronted in today's corporate world. eSoft is proud to announce the nomination for the following SC Magazine Readers Trust Awards: Best Customer Service Readers Choice UTM CAST YOUR VOTE NOW! - http://bit.ly/O8hUNn

iTunes Receipt Malware Scam Launched with Apple Event

lgraves@esoft.com (Lee Graves) — Wed, 12 Sep 2012 12:21:14 -0600

Cybercriminals are very good at taking advantage of the latest news to help further their intentions. Apple is in the middle of their latest product announcements and we’ve already gotten some malicious emails trapped in our spam traps. Clicking the links in this email leads them to a malicious website, delivering exploits and malware along the way. Below is an example of the iTunes receipt email, complete with all of the imagery to make it look authentic.

Windows Update Phishing Scam Steals Your Online Accounts

lgraves@esoft.com (Lee Graves) — Fri, 24 Aug 2012 13:34:21 -0600

Be on the lookout for this new phishing threat making the rounds today. This tricky attack warns the user about a “deadly virus” that will damage the users hard drive. The link in the email leads a phishing website asking the user to log into their Yahoo, Gmail, Windows Live, AOL, or other email account, stealing the users credentials along the way.

Popular Security Protocols Under Fire at Defcon

lgraves@esoft.com (Lee Graves) — Mon, 30 Jul 2012 10:18:15 -0600

PPTP (Point-to-Point Tunneling Protocol) has long been used by SMBs to create secure connections and access resources at the corporate network. While PPTP VPN connections have been a simple and workable solution for SMBs, many in the security community have scrutinized the protocol as insecure. This year’s Defcon security conference has taken that scrutiny to the next level, releasing tools that can be used to crack PPTP encryption in under a day. This means any traffic sent through the PPTP connection can be decrypted and an attacker can view the entire session including user credentials and data.

eSoft Joins the Spiceworks Community!

lgraves@esoft.com (Lee Graves) — Tue, 12 Jun 2012 11:36:17 -0600

eSoft has now joined the Spiceworks Community! Spiceworks is a great site for IT professionals, offering community forums, reviews and chatter from over 2 million IT professionals. Spiceworks also offers free IT management applications to manage everything from IT Inventory to Help Desk trouble tickets. This software is easy to use, flush with features and has an excellent price point (free). For those of you not already part of the community, head over to spiceworks.com and sign up for an account. Be sure to follow eSoft for the latest discussions, product updates and more! http://community.spiceworks.com/pages/esoft

AT&T Wireless Bill Turned Malicious

lgraves@esoft.com (Lee Graves) — Fri, 20 Apr 2012 09:52:01 -0600

Everyone dreads paying their wireless bill, but imagine getting a wireless bill for over $1600 dollars! This latest threat does just that, sending you a wireless bill for an exorbitant amount pushing you to click the link in the email and find out what happened with your bill. Any links in the email redirect the user to malicious distribution points dishing out exploits for Microsoft and Adobe vulnerabilities. The cybercriminals pervading this threat do an excellent job of spoofing legitimate AT&T wireless bill notifications. The image below (click to enlarge) shows both the real and fake notifications for comparison.

March Madness Website Blocking

lgraves@esoft.com (Lee Graves) — Thu, 15 Mar 2012 12:58:45 -0600

The NCAA Basketball Championship tournament is arguably the most exciting sports event of the year. Office pools and water cooler talk along with video streaming and real-time game updates are commonplace in businesses across the nation. What everyone is talking about is the impact on productivity to American business:

Gateway Security vs. Desktop Security

swise@esoft.com (Scott Wise) — Mon, 20 Feb 2012 10:09:08 -0700

People sometimes question whether Desktop or Endpoint Security (for example anti-virus software) should be installed if a company wide security solution (such as eSoft) is installed. Or the other way around. All security conscious personnel know a layered approach provides the best protection. Yet questions often arise about the necessity of one or the other. Below is a discussion of why company wide security policy should include both. People can easily imagine why desktop protection is important. Hackers target elements of a desktop that a Gateway device simply cannot inspect (such as memory, cookies and registries). With the huge increase in laptop and other mobile computing devices, more computers leave the in-house network than ever before. They must have some form of protection from “off-line” usage at the hotel, coffee shop, home, etc. If this is true, why do you need protection at the Gateway too? To understand the requirement of Gateway Threat Protection, all you need to do is ask a simple question. How many people have gotten infections on computers even though they have Desktop Security? Virtually everyone.

Dubious PayPal Phish Lures Users

lgraves@esoft.com (Lee Graves) — Mon, 13 Feb 2012 20:57:27 -0700

In the latest phishing spree on PayPal users, cyber criminals use some crafty techniques to evade detection and trick users. As typical, the scam starts with an email asking the user to update their account, providing a realistic spoof of an authentic PayPal communication.

Fake Invoice Spam Delivers Malware and Exploits

lgraves@esoft.com (Lee Graves) — Wed, 08 Feb 2012 09:44:01 -0700

eSoft is alerting users to some fake invoice spam hitting inboxes with an attachment delivering malware. The trick to this is that the attachment is a simple htm file that many users might open, then delivering the malware through an exploit.

Top 10 Security Mistakes SMBs Make

lgraves@esoft.com (Lee Graves) — Fri, 02 Dec 2011 09:06:53 -0700

A recent survey revealed half of SMBs don't think they are a target for cyberattacks. The fact is attacks on SMBs are increasing, not only in volume but in complexity and sophistication. It’s important for SMBs to get away from the mindset that they can’t or won’t be attacked. Dark Reading’s Ericka Chickowski recently posted the Top 10 Security Mistakes SMBs Make. The article highlights the increasing attacks that SMBs are facing while pointing out the top 10 areas where SMB security can and should improve.

Spammed YouTube Service Requests Link to Pharmafraud

enewvine@esoft.com (Eric Newvine) — Thu, 17 Nov 2011 14:02:41 -0700

One of the most popular sites on the Web, YouTube, has again become a target of Cyber Criminals. Similar to the myriad other service request emails that have been circulating over the past couple years, the hapless email recipient receives an email similar to the one shown below.

DHL Shipment Notice Malware

() — Fri, 11 Nov 2011 10:41:06 -0700

Below is an example of a recent malware infected email attempting to spread the Bredolab (bredozip) trojan. Similar versions of failed delivery notification spam using other shipping companies are now standard threats that users should be aware of as a security threat. In these attacks, the recipient of the email gets a notice of a package shipment that looks very authentic. When they open the email attachment, or click an embedded web link, the virus infects the host pc...

Cyber Security Awareness for Small Businesses

lgraves@esoft.com (Lee Graves) — Mon, 24 Oct 2011 11:32:01 -0600

SMBs are under attack. Last year, small and medium sized businesses (SMBs) were attacked and suffered more breaches than any other segment. In fact, 63% of breaches occurred at businesses with fewer than 100 employees. Add to the mix new web based threats, phishing threats and targeted attacks and SMBs are at a higher risk now than ever before. Why are cyber criminals targeting SMBs? Simply put, SMBs are easier targets. Quite often, SMBs don’t have the budget, equipment, time, or expertise to combat threats. For example, 50% of SMBs do not have any web security technology to prevent web based attacks. With 85% of infections being spread via the web it’s clearly important to employ such technology. Businesses cite resource constraints as the primary reason for not implementing this important layer of security.

Cyber Security Awareness - Cyber Crime

lgraves@esoft.com (Lee Graves) — Wed, 19 Oct 2011 07:25:20 -0600

Cyber Crime is this weeks’ topic for National Cyber Security Awareness Month. A recent study by Norton calculated the annual cost of global cybercrime at $114 billion dollars. Add in the time expense in dealing with cyber crime experiences and this amount surges to $388 billion dollars, impacting over One Million users each day. Truly staggering amounts and figures slated for continued growth. There are a number of factors contributing to problem. Organized crime in the US and overseas is becoming more and more involved in the lucrative cyber crime industry. With increased financial backing and profits, threats have become more sophisticated. Banking Trojans like Zeus and Spyeye continue to run rampant, with very low anti-virus detection. In fact, AV effectiveness against these Trojans is generally less than 50% and found by Trusteer to be only 23%. Targeted attacks using trojans and vulnerabilities are becoming more mainstream as cyber criminals go after one-hit big paydays.

Wire Transfer Phishing Threat

() — Thu, 13 Oct 2011 09:41:13 -0600

This morning I almost fell victim to a new phishing “lure” that is based on a wire transfer notification email (see below). The email was sent to a “generic” distribution list that forwards a copy to me. What made me particularly susceptible to this was partially due to: 1. We rarely do wire transfers 2. Coincidentally (I think) we had a wire transfer recently that was close to the date mentioned in the email.

Cyber Security Awareness - Workforce Education

lgraves@esoft.com (Lee Graves) — Tue, 11 Oct 2011 11:25:30 -0600

This weeks’ subject for National Cyber Security Awareness Month is workforce education. Awareness is one of the largest issues facing cyber security today. Many users simply don’t know what dangers they face online. Most security threats involve some sort of human element, making it very important to educate users about the risks and how to spot these attacks.

Skype VoIP Calls Pushing Scareware

lgraves@esoft.com (Lee Graves) — Wed, 05 Oct 2011 14:53:19 -0600

Today, eSoft is alerting Skype users to a new scam pushing Fake Anti-Virus malware. The scam uses a VoIP call initiated to the Skype user. Users that answer the call hear a pre-recorded message indicating their “security service” is not active. To activate the user is urged to visit a website which leads to the fake anti-virus. Throughout the day, eSoft has received reports from several users receiving these messages. If a user does visit the website, they receive the typical security warnings and infection notices associated with Scareware and Fake Anti-Virus.

Stop. Think. Connect.

lgraves@esoft.com (Lee Graves) — Mon, 03 Oct 2011 10:17:00 -0600

STOP. THINK. CONNECT. This simple process can be a lifesaver when it comes to online security. The message is all about taking the time to think and stay secure when engaging in online activities. By taking an extra moment to look for warning signs, spot potential problems and avoid risks users can be much more secure on the Web.

National Cyber Security Awareness Month

lgraves@esoft.com (Lee Graves) — Fri, 30 Sep 2011 11:57:05 -0600

National Cyber Security Awareness Month is a national public awareness campaign conducted every October encouraging everyone to protect their computers and our nation’s critical cyber infrastructure. Our reliance on digital systems continues to grow in all areas of infrastructure from communication to ecommerce to manufacturing. At the same time, network security threats to this infrastructure continue to grow and become more sophisticated. This year, National Cyber Security Awareness Month is broken out into four topics highlighted each week throughout the month. eSoft will provide weekly tips related to each theme and suggestions for business network security. ...

New Worm Spreading via RDP Connections

lgraves@esoft.com (Lee Graves) — Thu, 08 Sep 2011 14:56:59 -0600

Since its discovery last week the Morto worm has received quite a lot of attention, primarily for becoming the first worm to use Remote Desktop Protocol (RDP) as an attack vector. Remote Desktop Protocol (RDP) is commonly used on Windows Servers and Workstations to allow remote connections and control of a machine. Morto doesn’t exploit any specific vulnerability in RDP, it uses a brute force password attack to gain access to systems and then replicate itself.

Is Web Security on Your Back-to-School List?

lgraves@esoft.com (Lee Graves) — Tue, 30 Aug 2011 14:25:01 -0600

As schools continue the move toward smart classrooms, students are provided with near constant access to the Internet and web usage is growing at an exponential rate. As an IT admin, this leaves a big responsibility for providing safe internet access to the network for students, teachers and faculty alike.

Scrutinize Your Whitelist Entries

lgraves@esoft.com (Lee Graves) — Tue, 16 Aug 2011 13:53:34 -0600

Business network security and particularly web security can be tricky. On one side you’re trying to make sure users are happy, productive, and can get to all the websites and files they need to download – on the other, you’ve got to secure the network and prevent infection. One common mistake we see with web security is when administrators try to whitelist or allow a domain. Rather than being specific and allowing just what they need, they end up opening up the floodgates for infection or data loss.

Spoofed NACHA Emails Delivering Malware

lgraves@esoft.com (Lee Graves) — Tue, 02 Aug 2011 13:04:23 -0600

NACHA manages the development, administration, and governance of the ACH Network, the backbone for the electronic movement of money and data. Overnight, eSoft received an influx of spoofed NACHA emails reporting a canceled transaction. Following the link leads to an infected download, and once opened you can be sure your money and data is no longer safe.

New Phishing Attack Spreads on Twitter

lgraves@esoft.com (Lee Graves) — Sat, 09 Jul 2011 13:17:20 -0600

A new phishing attack is making the rounds on Twitter. The attack is spread through direct messages with the familiar ‘is this you in the video?’ hook line including a link to the supposed video. The message uses a shortened URL as is typical of Twitter links, and the user is unaware the link they’re about to click leads to a phishing page.

Protecting Against the Latest Federal Reserve Malware

lgraves@esoft.com (Lee Graves) — Thu, 23 Jun 2011 21:00:21 -0600

In the last 24 hours, eSoft has received a few reports of business networks being infected by the latest round of Federal Reserve malware being passed through email. After some quick investigation it turns out most of these infections were completely preventable using secure web filtering and real-time reputation analysis, however, these infected systems were the result of misconfigured systems. Let’s take a quick look at the threat first, and we’ll come back to how to prevent this threat on your network.

Is That HTTPS: Site Really Secure?

() — Mon, 02 May 2011 15:53:05 -0600

Most people assume that when they see the HTTPS: address they are on a secure site. Discover why this is actually antiquated & far from secure.

SMBs are New Target for Hackers

() — Wed, 20 Apr 2011 08:06:21 -0600

Verizon’s 2011 Data Breach Report indicates that attackers are moving their sights from Enterprises to smaller targets

The Password Part 2 - How to Survive

jcaswell@esoft.com (Joseph Caswell) — Tue, 19 Apr 2011 14:55:03 -0600

This is Part 2 of a 2 part series on passwords and network security for businesses. Check out Part 1 - The Password - Your Passport to Information. Then on to Part 2 - here, to learn about how you can protect your business network.

Latest Outlook Web Access (OWA) Phishing Attempt

lgraves@esoft.com (Lee Graves) — Fri, 15 Apr 2011 11:33:23 -0600

eSoft has received an influx of Outlook Web Access (OWA) phishing emails attempting to steal login credentials for corporate email access. There are number of dangers...

On First Base with Stolen Email Addresses

() — Mon, 11 Apr 2011 09:08:00 -0600

The recent compromise of Epsilon emails is just the first step to identity theft – but this is something you should do to protect yourself.

The Password - Your Passport to Information

jcaswell@esoft.com (Joseph Caswell) — Mon, 14 Mar 2011 12:37:46 -0600

Account logins are nearly universal in today's networks. The combination of user name and password is equivalent to a passport when a computer needs to identify a user. This means that anyone who has your login information can effectively become you as far as the computer is concerned. If the password is poorly selected, it becomes identity theft made easy. Granted much of this 'identity theft' is only used to foist spam on your unsuspecting friends and contacts, but the potential consequences can be far more dreadful, especially if you've used the same password for, say, a bank account or company database.

Is Internet Usage Reporting Important? Ask the SEC

() — Thu, 10 Mar 2011 08:36:47 -0700

The Denver Post recently reported that two dozen U.S. Securities and Exchange Commission employees at seven offices were "counseled or disciplined for accessing pornography sites" on government computers, the agency said in newly released documents.

Securing Your Smartphone

lgraves@esoft.com (Lee Graves) — Mon, 07 Mar 2011 20:10:09 -0700

Smartphones and mobile devices continue to grow in popularity and securing these devices is now becoming a vital part of business network security. Fox News reports on smartphone security including comments from eSoft CEO Mike Donnell.

Spammers Infiltrate Unsecured Webmail Accounts

lgraves@esoft.com (Lee Graves) — Tue, 08 Feb 2011 18:51:14 -0700

Over the last few months spammers have taken focus to webmail accounts, using compromised webmail accounts to camouflage their malicious intent. eSoft has received numerous reports of hacked webmail accounts used to blast spam throughout the web and user address books.

Buying the Security Farm

() — Thu, 27 Jan 2011 08:28:06 -0700

The landscape of network security is a world of transition. However, one thing we know for certain is that the threats are becoming more organized, more advanced, and more focused. Find out what your business needs to do to be prepared.

Adobe CS7 Searches Saturated With Dangerous Results

lgraves@esoft.com (Lee Graves) — Thu, 29 Jul 2010 12:00:00 -0600

Looking to save a few bucks on software will almost always lead users down a dangerous path. Users either end up at "OEM Software" sites offering unlicensed and illegal software, or to downloading cracks or keygens laced with malware.

Widespread Compromise Impacts Thousands of Legitimate Websites

lgraves@esoft.com (Lee Graves) — Mon, 19 Jul 2010 12:00:00 -0600

The eSoft Threat Prevention Team has detected a new widespread compromise, with tens of thousands of domains infected. Cybercriminals have used stolen credentials, placing specially crafted pages into legitimate websites that lead visitors to malicious payloads.

Red Button SEO Poisoning and Malware Campaign

lgraves@esoft.com (Lee Graves) — Tue, 29 Jun 2010 12:00:00 -0600

eSoft researchers have been tracking a new campaign by cybercrooks, compromising and creating websites for use in SEO poisoning and malware distribution. Thousands of these sites have been detected which use elaborate techniques to trick search engines and are ready to serve malware in an instant.

What Drives Organizational Web Filtering?

lgraves@esoft.com (Lee Graves) — Thu, 24 Jun 2010 12:00:00 -0600

Network administrators and businesses install web filtering on networks for a variety of reasons ranging from compliance and legal requirements to worker productivity issues.

Introduction to Rogue Anti-Virus

lgraves@esoft.com (Lee Graves) — Wed, 23 Jun 2010 12:00:00 -0600

If you follow the Threat Center Blog, you’ve heard us talk about “Rogue AV,” but may not fully understand what we’re referencing. This post is for those users who are not already familiar with this widespread and common threat.

Alert to Web Security Researchers: Malicious scripts masquerade as Google Analytics

lgraves@esoft.com (Lee Graves) — Mon, 14 Jun 2010 12:00:00 -0600

eSoft's Threat prevention team has detected attacks that are masked to look like standard Google Analytics code. Google Analytics issues snippets of javascript code that dynamically adds a script tag for a page.

135,000 Fake YouTube Pages Delivering Malware

lgraves@esoft.com (Lee Graves) — Mon, 07 Jun 2010 12:00:01 -0600

The eSoft Threat Prevention Team has uncovered thousands compromised web servers hosting fake YouTube pages. Attempting to play the video on these fake pages prompts the user to install a ‘media codec’ which then infects the machine with malware.

New Email Phish Targets Twitter Users, Abuses Google Groups

lgraves@esoft.com (Lee Graves) — Mon, 07 Jun 2010 12:00:00 -0600

A new twitter spam campaign is making rounds, infecting users with rogue anti-virus malware. The spam mail attempts to convince the user that someone was trying to steal their Twitter account information, and to download a “secure module” to protect their account.

Phishing Scams Lure Twitter Users

lgraves@esoft.com (Lee Graves) — Fri, 14 May 2010 12:00:00 -0600

The newest phishing scam on Twitter has snared thousands of users hoping to increase their number of followers. Instead, users are sent off to a phishing page where cybercriminals steal their Twitter logins using them to generate more spam.

Google Groups Latest Hot Spot for Rogue AV and Malware

lgraves@esoft.com (Lee Graves) — Wed, 12 May 2010 12:00:00 -0600

eSoft researchers have been tracking a recent campaign abusing Google Groups to spread malicious links in Spam emails. Users following the link are infected with a Downloader Trojan, silently infecting the machine with various types of malware including Rogue Anti-Virus.

Pharma-Fraud Continues to Dominate Spam

lgraves@esoft.com (Lee Graves) — Thu, 22 Apr 2010 12:00:00 -0600

Have you taken a look inside your Spam folder recently? Without a doubt you’ll find the folder full of pharmacy Spam, pitching everything from Cialis and Viagra to Vicodin and Hydrocodone. The problem is almost none of the linked web sites are legitimate certified pharmacies.

Tiger Woods (Searches) Not to Be Trusted

lgraves@esoft.com (Lee Graves) — Thu, 08 Apr 2010 12:00:00 -0600

Tiger Woods’ personal life and marital affairs have attracted constant attention from the press and has certainly damaged his public reputation.

Affiliate Programs Rising Cause of Fraud and Abuse

lgraves@esoft.com (Lee Graves) — Mon, 05 Apr 2010 12:00:00 -0600

What happens when you offer up money to anyone who can drive traffic to your website? Hackers, scammers, spammers and fraudsters come to your aid.

Obfuscated URLs no match for eSoft SiteFilter

lgraves@esoft.com (Lee Graves) — Mon, 22 Mar 2010 12:00:00 -0600

Researchers at Kaspersky labs have discovered a new banking malware campaign that uses an old trick to obfuscate malicious URLs. Rather than using a domain name or IP address for their malicious link the URL is converted to numerical bases such as octal or hexadecimal formats.

Cinderella Story Leads to March Madness Malware

lgraves@esoft.com (Lee Graves) — Sun, 21 Mar 2010 12:00:00 -0600

The first week of March Madness has brought about many compelling stories, with a good deal of upsets and bracket busters. The most newsworthy of these has been the University of Northern Iowa’s ousting of #1 overall seed Kansas

Virus Alert! Twitter, Google, Hallmark and Others Subject To Attack

lgraves@esoft.com (Lee Graves) — Thu, 04 Mar 2010 12:00:00 -0700

The eSoft Threat Prevention Team is warning customers today of a new email scam circulating very quickly. These fraudulent emails claim to be from Google Staffing, Hallmark, Twitter as well as other social networks and legitimate businesses.

Hotmail Users Look for Answers in Dangerous Places

lgraves@esoft.com (Lee Graves) — Tue, 16 Feb 2010 12:00:00 -0700

An outage of the Windows Live ID service affected a large number of MSN users today including users of the popular Hotmail email service.

IRS Tax Avoidance Scam

lgraves@esoft.com (Lee Graves) — Sat, 06 Feb 2010 12:00:00 -0700

Today, eSoft is alerting customers to a new targeted email scam. This newest twist to the common IRS email scam seems to be targeted to organizations, notifying the recipient of a tax evasion complaint being filed against the company.

Fake Firefox Update Pages Push Adware

lgraves@esoft.com (Lee Graves) — Tue, 02 Feb 2010 12:00:00 -0700

Since its’ release on January 21st, the newest version of the Firefox web browser has received a great deal of attention. In just a short time it has achieved over 30 million downloads.

Super Bowl Associations: football, nachos, big screens and … malware?

lgraves@esoft.com (Lee Graves) — Tue, 19 Jan 2010 12:00:00 -0700

The Super Bowl is the one of the biggest and most watched television events of the year in the United States. People everywhere scour the internet looking for predictions, gambling spreads and news before the event and scores, stories and clips after the event.

Lack of Egress Filtering Spurs Success of Injected IFrame Attack

lgraves@esoft.com (Lee Graves) — Mon, 18 Jan 2010 12:00:00 -0700

The security community at large and the eSoft Threat Prevention Team have recently noticed an uptick in sites compromised by a new injection attack that results in an injected iframe.

Live.com Exploited as Pharma-Fraud Cover

lgraves@esoft.com (Lee Graves) — Tue, 22 Dec 2009 12:00:00 -0700

The FDA crackdown on online pharmacy sites has driven a lot of attention to illegal and fraudulent online pharmacies and in particular to their methods for tricking people to visit their sites. These practices include prolific spam and search engine poisoning.

Boeing 787 Searches Hijacked by Rogue AV

lgraves@esoft.com (Lee Graves) — Tue, 15 Dec 2009 12:00:00 -0700

Today, the Boeing 787 Dreamliner jet completed its much awaited first flight. As users searched to find videos and news articles related to the story, blackhats quickly moved in for yet another attack against Google search results.

eSoft Uncovers 1.5 Million Sites in SQL Injection Attacks

lgraves@esoft.com (Lee Graves) — Sat, 12 Dec 2009 12:00:00 -0700

The eSoft Threat Prevention Team has uncovered an additional 1.5 million sites associated with the newest series of SQL injection attacks.

Fraudsters Deliver Another Round of Federal Reserve Emails

lgraves@esoft.com (Lee Graves) — Wed, 09 Dec 2009 12:00:00 -0700

During the last week, the eSoft Threat Prevention Team has detected a number of malicious emails, allegedly from the Federal Reserve Bank.

Scareware Taints Chromium OS Searches

lgraves@esoft.com (Lee Graves) — Fri, 20 Nov 2009 12:00:00 -0700

Yesterday, Google announced the open source project called Chromium OS, a development phase release of the Google Chrome OS. Blackhats have quickly taken advantage of this announcement, poisoning search results to spread scareware.

Blackhats Unleash Another Fake Blog Campaign

lgraves@esoft.com (Lee Graves) — Tue, 17 Nov 2009 12:00:00 -0700

In September, eSoft reported as many as 720,000 compromised sites hosting fake blog pages and being used to distribute rogue anti-virus programs. Many of these sites are still active and continue to plague searches with malicious results.

CoolerEmail Hit by Phishing Scam

lgraves@esoft.com (Lee Graves) — Thu, 12 Nov 2009 12:00:00 -0700

CoolerEmail is notifying customers of a new phishing scam used to steal login credentials. The web based email marketing program carries an impressive client list including Walmart, Toyota, Pepsi and dozens of other big name brands. Any phished credentials can be used to impersonate these companies in additional phishing or malicious emails.

Japanese Hosting Site Compromised

lgraves@esoft.com (Lee Graves) — Thu, 05 Nov 2009 12:00:00 -0700

The eSoft Threat Prevention Team is today warning users to be wary of sites hosted on g0oo.info, a Japanese hosting site. At this time, all blogs and other web sites hosted by g0oo.info are compromised and currently being used to boost the Google PageRank of various sites including Japanese pornography sites in a technique sometimes called "PageRank Bombing" and also referred to as "BlackHat SEO."

Phishing Criminals Take Aim at Yahoo Ad Services

lgraves@esoft.com (Lee Graves) — Fri, 23 Oct 2009 12:00:00 -0600

Yahoo! Marketing users are the target of a new phishing scam being detected today by the eSoft Threat Prevention Team. Webmasters receive a very believable notification that their Yahoo Marketing account has expired with a link to login and presumably reactivate the account.

Compromised Web Servers Host Koobface Malware Cocktail

lgraves@esoft.com (Lee Graves) — Wed, 21 Oct 2009 12:00:00 -0600

The Koobface gang has struck again using compromised web servers to deliver a potent mix of malware. eSoft threat researchers have found hundreds of newly exploited sites hosting malware which includes downloaders, keyloggers and multiple variants of the Koobface worm.

Unresolved Compromised Fox Sports Host Heading Into Third Week

lgraves@esoft.com (Lee Graves) — Fri, 16 Oct 2009 12:00:00 -0600

eSoft first detected a compromise on the Fox Sports website two weeks ago and as of today, at least one Fox Sports host continues to contain automatic links to a multitude of dangerous exploits. Even with media coverage and direct emails, this compromised host has not been taken offline or cleaned. The threats being hosted have rotated with the most recent threats being remote script links to ackworld.com and nt002.cn.

Fresh Twitter Phishing Campaign via Direct Messages and Tweets

lgraves@esoft.com (Lee Graves) — Wed, 14 Oct 2009 12:00:00 -0600

A fresh twitter phishing campaign is underway and using both tweets and direct messages to spread. The messages contain text such as “hah, I think I seen u on here” and “wow you look different on here” together with a link to a video. The URL hxxp://videos.dskjkiuw.com is one of the ones being used. At this time, eSoft is not detecting malware or exploits on this domain, but the target page presents a good imitation of the twitter login page in an attempt to steal credentials. As such, eSoft has flagged it as “Phishing & Fraud.”

Foxsports.com Used to Serve Malware

lgraves@esoft.com (Lee Graves) — Fri, 02 Oct 2009 12:00:00 -0600

eSoft's Threat Prevention Lab detected malicious code on the foxsports.com website late yesterday. Hackers have once again increased their tally of well known websites recently exploited to serve dangerous content.

Blackhats Quickly Saturate Google With Tropical Storm Ondoy

lgraves@esoft.com (Lee Graves) — Mon, 28 Sep 2009 12:00:00 -0600

Since tropical storm Ondoy hit the Philippine Capital on Saturday, attackers have wasted no time planting malicious pages claiming to host videos of the historic disaster. The city of Manila saw flooding on a level that hasn't been seen in decades and the pictures are jaw dropping. But for surfers looking to see those videos, searching on Google and following search results can be dangerous.

Google Users Targeted By New Malicious Websites

lgraves@esoft.com (Lee Graves) — Mon, 21 Sep 2009 12:00:00 -0600

eSoft’s Threat Prevention Team has been tracking compromised sites that host PageRank Bombs since 2008. The attacker hacks a site, but instead of putting exploits on the hacked site, they put links to other websites in order to boost the search result ranking on various search engines. Initially this was being used for ad sites, porn sites, and pharmafraud sites. Now, however, it is being used to boost the results of malicious sites, but with a new twist that targets Google users.

Fake Blogs Serve Rogue Malware

lgraves@esoft.com (Lee Graves) — Wed, 09 Sep 2009 12:00:00 -0600

eSoft’s Threat Prevention Team has uncovered a massive amount of recently exploited websites, all redirecting to Rogue AV malware. At the time of writing, Google shows over 720,000 compromised URLs. According to VirusTotal, only two of forty-one anti-virus companies are currently detecting the malware.

Chinese Scams Resurface with New Branding

lgraves@esoft.com (Lee Graves) — Fri, 28 Aug 2009 12:00:00 -0600

The Threat Prevention Team has found thousands of URLs and over 200 new domains registered to a group of Chinese scammers. The new sites are the same as the old, but with new branding and promotional products, such as "Acai Power Slim" "Pure Magnum Pro" and "Colo Cleanse Plus". This scam is perpetrated by sending spam messages advertising a "free trial" of the products. In the end, the criminals have made off with personal information, a credit card number and a recurring monthly charge.