Malware Abundant in Twitter URLs

As many as one in every 500 web addresses posted on Twitter lead to
sites hosting malware, according to researchers at Kaspersky Labs who
have deployed a tool that examines URLs circulating in tweets.
The spread of malware is aided by the popular use of shortened URLs
on Twitter, which generally hide the real website address from users
before they click on a link, preventing them from self-filtering links
that appear to be dodgy.  Read the full story [Wired/Kim Zetter] Also see this report [CNet/Elinor Mills]

The Evolution of Rogue Anti-Virus

Guest post by Dmitry BestuzhevWe often write about the fact that cybercriminals constantly change their tactics to take account of developments in the security and software industries. And I just came across a great example of this: it shows how the people behind rogue antivirus solutions adapt their “products” to exploit developments and changes in genuine anti-virus solutions.


Clarke: Public Dialogue Needed on Cyberwar

Richard Clarke, a former top adviser on information security and terrorism in the Bush White House, is calling for Barack Obama to initiate an open public dialogue on the use of offensive and defensive information warfare capabilities and what the consequences of a cyberwar could be for the country.

Cybercriminals have found a new launching pad for their scams: the phone systems of small and medium-sized businesses across the U.S.

In recent weeks, they have hacked into dozens of telephone systems across the country, using them as a way to contact unsuspecting bank customers and trick them into divulging their bank account numbers and passwords.  Read the full story [IDG News Service/Robert McMillan]

Robert Tappan Morris was the first person convicted by a jury
under the Computer Fraud and Abuse Act of 1986. The story of the
worm he created and what happened to him after it was released
is a tale of mistakes, infamy, and ultimately the financial and
professional success of its author.  Read the full story [Mark Menninger/]

Mozilla has released Firefox 3.5.4 with fixes for a wide range of serious security vulnerabilities.The most serious issue could allow a malicious hacker to take complete control of a computer by simply tricking a user into visiting a rigged Web page.  In all, Mozilla released 11 advisories, six rated critical. Here’s a list of the security vulnerabilities being addressed:

The U.S. Computer Emergency Readiness Team warned BlackBerry users on Tuesday about a new program called PhoneSnoop that allows someone to remotely eavesdrop on phone conversations.The PhoneSnoop application must be installed on the phone by someone who has physical access to it or by tricking the user into downloading it, the CERT advisory said. Read the full story [CNET/Elinor Mills]

Visitors to technology blog Gizmodo are being warned that they could have picked up more than tips about the latest must-have gadget. A statement on the Gizmodo website admits that it was tricked into running Suzuki adverts which were in fact from hackers.  Read the full story [BBC News]

Virus hunters are raising the alarm for a large-scale spam attack
that uses fake Facebook password-reset messages to trick PC users into
downloading a dangerous piece of malware. 
The malicious executable is linked to the Bredolab botnet, which has
been linked to massive spam runs and identity-theft related attacks.

Why bother breaking down the door if you can simply ask to be let in? The SANS Diary has an excellent entry on just how valuable social engineering is to attackers — whether during penetration testing or as part of real world attacks.  It explores the techniques used to marry offline social engineering lures with online attacks and the clever real world attack techniques that can end with malware installation on a computer system.  Read the full diary []

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.