CANCUN–Facebook is a lot of things, and one of the things that it’s become of late is a fertile green field for attackers and scammers of all stripes. The Koobface worm is perhaps the most famous threat to hit the network, but the more mundane ones, such as scammers generating fake profiles automatically to spread spam and malicious URLs are becoming more and more prevalent, researchers say.
Browsing Category: Social Engineering
A new email-based threat is capable of infecting a machine even without opening any attachments within, according to a report from the Daily Mail.
Researchers have identified a strain of malware that’s being used in a string of targeted attacks against defense contractors, government agencies and other organizations by leveraging exploits against zero-day vulnerabilities. The attacks may have been going on since 2009 in some form and the emails containing the malicious attachments are specifically targeted at executives and officials in various industries using fake conference invitations.
A new banking Trojan variant can bypass CAPTCHA, as demonstrated by a video posted today by security firm Websense on their Security Labs blog.
Google, Yahoo, AOL and a group of other large email senders and receivers have banded together to develop a new framework for sending and receiving email that is designed to stop phishing attacks and other email-borne scams. Called DMARC.org, the new group has come up with a specification called Domain-based Message Authentication, Reporting and Compliance that implements message authentication through the mail-transport agent and not the sender or user agents.
Spammers are cashing in on the (modest) popularity of Google+ by sending out fake emails inviting users to try out Google+ Hangouts by downloading a malicious file posing as a Google+ Hangout plug-in.
A fake version of the popular Camera+ iPhone application was offered on Apple’s App Store over the weekend, according to a post by Glyn Evans on the iPhoneography blog on Saturday, just the latest example of suspicious and malicious applications to slip through Apple’s shadowy application vetting project.
A report from Websense finds that spammers are cleaning up on misspelled domain names for prominent sites. A network of such typo squatting sites is driving millions of visitors to a Web site controlled by the spammers, making it one of the most traffic sites on the Internet.
Dennis Fisher talks with long-lost Threatpost editor Ryan Naraine about the intricacies of the disclosure of the identities of the alleged Koobface gang members, whether we’ll see more of that kind of action and whether the recent trend toward disclosing 0-days in SCADA systems will continue.