Malware


Twitter Warns About New Phishing Attack

Twitter warned on Wednesday about a new phishing attack in which direct
messages to users link to a fake log-in page that steals passwords.
“We’ve seen a few phishing attempts today; if you’ve received a strange
(direct message), and it takes you to a Twitter log-in page, don’t do
it!” the Twitter spam warning says. Read the full story [CNet/Elinor Mills]

Internet Phone Systems Become Fraudster’s Tool

Cybercriminals have found a new launching pad for their scams: the phone systems of small and medium-sized businesses across the U.S.

In recent weeks, they have hacked into dozens of telephone systems across the country, using them as a way to contact unsuspecting bank customers and trick them into divulging their bank account numbers and passwords.  Read the full story [IDG News Service/Robert McMillan]

The Story of the First Internet Worm

Robert Tappan Morris was the first person convicted by a jury
under the Computer Fraud and Abuse Act of 1986. The story of the
worm he created and what happened to him after it was released
is a tale of mistakes, infamy, and ultimately the financial and
professional success of its author.  Read the full story [Mark Menninger/transmeet.com]


Hackers using a sophisticated network of banking Trojans money mules have stolen about $40 million from small and medium-sized businesses in the U.S., according to the latest installment in a series by Washington Post writer Brian Krebs.

Visitors to technology blog Gizmodo are being warned that they could have picked up more than tips about the latest must-have gadget. A statement on the Gizmodo website admits that it was tricked into running Suzuki adverts which were in fact from hackers.  Read the full story [BBC News]

Virus hunters are raising the alarm for a large-scale spam attack
that uses fake Facebook password-reset messages to trick PC users into
downloading a dangerous piece of malware. 
The malicious executable is linked to the Bredolab botnet, which has
been linked to massive spam runs and identity-theft related attacks.

Why bother breaking down the door if you can simply ask to be let in? The SANS Diary has an excellent entry on just how valuable social engineering is to attackers — whether during penetration testing or as part of real world attacks.  It explores the techniques used to marry offline social engineering lures with online attacks and the clever real world attack techniques that can end with malware installation on a computer system.  Read the full diary [sans.org]

President Barack Obama has nominated Caryn
Wagner to be the Homeland Security Department s intelligence chief, a
position that oversees information technology systems designed to share
information with federal, state and local officials.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.