Web Security

Fake Twitter Invites Spread Worm

From MediaPost (Laurie Sullivan)
A wave of fake Twitter email invitations sent in hopes of luring people to unzip a file to find out who invited them has been hitting unsuspecting victims. The message carries a mass-mailing worm. It looks around on infected computers and sends emails to addresses it finds.
The message appears as if it came from a Twitter account, but unlike a legitimate Twitter message, there is no invitation URL in the body of the email. Instead, the user sees an attachment that appears as a .zip file containing an invitation card. When the zip file is opened, the virus spreads. Read the full story [mediapost.com]

Facebook Scam: I’m Stranded In London. Send Money!

From DarkReading (Gadi Evron)

Facebook users are facing a new threat, 419 scams in chat form, masquerading as friends.
I know because it just happened to me (think: 419 scam). An “acquaintance” sent me a message using Facebook chat that said, “Hi.” Easy enough. I replied in kind. Then she told me a horror story of being held at gunpoint and stranded in London.  Read the full story [darkreading.com]

From InfoWorld (Roger Grimes)
Talk about a turnaround. It’s always hard to recognize the larger, slow-moving paradigm shifts as they happen. But after a decade of bad press regarding its commitment to software security, Microsoft seems to have turned the tide. Redmond is getting consistent security accolades these days, often from the very critics who used to call it out. Many of the world’s most knowledgeable security experts are urging their favorite software vendors to follow in the footsteps of Microsoft. Read the full story [InfoWorld.com].

From The Wall Street Journal (Emily Steel)
On a Saturday night at the end of May, visitors to the forums section of Digital Spy, a British entertainment and media news Web site, were greeted with an ad that loaded malicious software onto their computers. The Web site’s advertising system had been hacked.
A number of such attacks have occurred this year, as perpetrators exploit the complex structure of business relationships in the online advertising, with its numerous middlemen and resellers. Web security experts say they have seen an uptick in the number of ads harboring malware as the economy has soured and publishers, needing to boost their ad revenues, outsource more of their ad-space sales.  Read the full story [wsj.com]

From Just Ask Gemalto (Dennis Fisher)
Computer users have been conditioned over the last few years to recognize and avoid many of the more common scams and threats on the Internet: email viruses, phishing, spam, Nigerian 419 ploys and work-at-home money-mule schemes. You know that an email promising funny pictures of Britney Spears is probably more likely to install malware on your machine than to brighten up your day with more of Britney’s zany antics.

From Computerworld (Gregg Keizer)
A URL-shortening service that condenses long Web addresses for use on micro-blogging sites like Twitter was hacked over the weekend, sending millions of users to an unintended destination, a security researcher said today. Read the full story [cio.com]  Also see commentary from Roel Schouwenberg [viruslist.com]

A collection of some of the top names in the security community has sent a letter asking Google to force users of its online applications to use secure connections by default. And Google has responded quickly, saying that it is investigating the possibility of enabling HTTPS connections by default for users of Gmail, Google Calendar and other applications.

A security researcher who specializes in browser and Web 2.0 vulnerabilities plans to use the month of July to expose serious vulnerabilities in the Twitter ecosystem.
The Month of Twitter Bugs, a project which launches on July 1, is the handiwork of Aviv Raff.  It will disclose a  combination of cross-site scripting (XSS) and cross-site request forgery (CSRF) flaws that put Twitter users at risk of malicious hacker attacks.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.