Maximum PC phishing RSS Feed

Researchers Claim Phishing is on the Decline, but is Being Replaced by Key Loggers

Justin Kerr — Sun, 11 Oct 2009 13:24:53 -0500

Email spam is on the rise, no surprise there, but new information is suggesting that these emails could be coming from good old mom and dad as well. According to researchers over at Websense, personalized spam emails are being sent from tens of thousands of compromised accounts spanning all of the usual suspects including Yahoo, Gmail, and Hotmail.

Security researchers have suggested that given the sheer volume of spam emails being observed, the recent leak of some 10,000+ Hotmail accounts obtained through a phishing scam isn’t the only source of compromised email addresses, and it is very likely malware key loggers have helped to contribute to the rise in fraud. "The quantity of people hit makes me think that it was key logging — the success rate for phishing is only about one in 1,000," said Shulman, chief technology officer for security firm Imperva. "Secondly, when I went through the list of email account credentials, there were entries with the same username, but a slightly different password, which suggests that they're typos.

According to Patrick Runald from Websense “"Generally phishing is declining and being replaced by key logging, and considering the number of compromised accounts, it could be a combination of both." Apparently it also helps if your password isn’t 1-2-3-4-5. Time to go change the combination on my luggage!

10,000+ Hotmail Accounts Compromised in Phishing Campaign

Paul Lilly — Tue, 06 Oct 2009 08:15:17 -0500

In what security experts are calling one of the biggest security breaches of all time, Microsoft on Monday confirmed that several thousand Windows Live Hotmail account usernames and passwords were leaked to the Web. The Redmond company says the breach was likely the result of an elaborate phishing campaign.

"We determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts," a Microsoft spokeswoman said in an email to Computerworld.

Neowin.net first reported the incident, claiming that "more than 10,000" credentials had been compromised. But the number could actually be much, much larger. Neowin.net said it only saw a partial list representing usernames starting with the letters "A" and "B." Dave Jevans, the chairman of the Anti-Phishing Working Group (APWG), surmises that the actual number could be over 100,000 accounts.

"A 0.5 percent rate, which is what 100,000 users would represent, isn't unreasonable for 10 to 20 million users," Jevans said. "They wouldn't have to spam every user to get that."

According to Microsoft, Hotmail stands at 400 million registered users strong, though the company didn't say how many of those are active users.

Image Credit: serc.carleton.edu

Twitter Spam a Result of Phishing Scheme

Jason Barry — Thu, 24 Sep 2009 18:29:46 -0500

A Twitter phishing scam tore across the micro-blogging site over the past few days. It all started with direct messages sent to Twitter accounts saying “rofl this you on here? http://videos.twitter.secure-logins01.com.” The link leads to seemingly innocuous Twitter login page. However, to the keen observer of the URL you can see that it is obviously not an official Twitter site.

Once on the fake login page, if you entered credentials you were taken to a “Too many tweets page” explaining that Twitter is having technical trouble (is it that hard to believe?).

A day or two later, if you logged into your Twitter account you will have found hundreds of get-rich-quick, earn-money-at-home spam messages sent on your behalf.

If you are a victim, you had best change your credentials to your Twitter account and any other sites using similar login information. If you are a casual onlooker, try not to point and laugh.

Phishers Attempt to Attack via Bogus Live-Chat Customer Support

Pulkit Chandna — Fri, 18 Sep 2009 10:14:57 -0500

Phishers have added another trick to their copious arsenal. RSA, the security division of EMC, recently discovered a new type of phishing attack targeting online banking customers. It discovered phishing sites that contain fake live chat support for plausibility’s sake. RSA put its appellative faculties to good use to come up with a name for this new form of phishing attack: “Chat-in-the-Middle."

The attack proceeds in a routine way with unsuspecting online banking customers being led to a phishing page designed to extract their account details. After these gullible visitors are through with the first page, instead of being sent to another phishing page or to the genuine website, they are lead to a fake live-chat support window. The fraudster at the other end, posing as a customer support personnel, then tries to extract more account details from them through social engineering.

According to RSA, the fake live chat support window is powered by Jabber, an open source instant messaging protocol. “While at this point RSA has witnessed only a single instance of this attack, we are recommending extra vigilance to operators of all online banking websites and other websites where user credentials are targeted,” RSA wrote on its blog.

Image Credit: RSA

IBM Finds Phishing on the Decline, Trojans on the Rise

Paul Lilly — Thu, 27 Aug 2009 09:08:48 -0500

According to IBM's semi-annual security report, hackers and other cyber miscreants are spending fas less time phishing as they shift their attention to other technologies to swipe your personal data.

"The decline in phishing and increases in other areas (such as banking Trojans) indicate that attackers may be moving their resources to other methods to obtain the gains that phishing once achieved," IBM said in its Internet Security Systems 2009 Mid-Year Trend & Risk Report.

Trojans, which include downloaders and info-stealers, are now the most commonly used tools of the trade accounting for 55 percent of the new malware seen, says the report. That's an increase of 9 percent over last year. The rise can partially be attributed the existence of "public-available toolkits" that malware distributors advertise as being easy to use.

More info here.

Image Credit: nssit.com

Internet Explorer 8 Adjudged Most Secure Browser by Microsoft-funded Report

Pulkit Chandna — Tue, 18 Aug 2009 06:06:45 -0500

In July, a company named NSS Labs conducted two tests to determine the most secure browser among Internet Explorer 8, Google Chrome 2, Apple Safari 4, Mozilla Firefox 3 and Opera 10 Beta. To Microsoft’s delight, Internet Explorer was adjudged the most secure browser.

It was found to have blocked 81% of live malware threats during the tests. The figure seems more imposing once you learn that the runner-up, Firefox 3, only managed to block 27% of malware threats. To boot, Microsoft’s browser also managed to block 83% of phishing URLs, with Firefox finishing second with 80%.

But Ars Technica has cast doubts over the veracity of the tests. The heavily lopsided nature of the results is not the only thing to blame for its skepticism. Amy Barzdukas, General Manager of Internet Explorer, told Ars Technica that the tests had been sponsored by Microsoft. Apparently, it ended up becoming the lone sponsor, as other companies didn’t respond to NSS Labs’ call for funding. Microsoft claims to have had no control over the results.

"We invited Google, Mozilla, Apple, Opera to participate, but they didn’t even bother to respond, except for Opera, which stated they “don’t really focus on malware," NSS Labs’ president, Rick Moy, told Ars Technica.

Image Credit: Tech-New

Spammers, Scammers Jump on the Swine Flu Hype-Wagon

Andy Salisbury — Wed, 29 Apr 2009 17:01:52 -0500

If you thought that the television news networks were the only ones trying to get the best out of a panic, you thought wrong. Those ever-persistent cretins that inhabit the Internet are fast at work, scheming their way to a quick buck, all thanks to the Swine Flu.

It looks like most Swine Flu related scams that have been circulating by means of email that typically contain a link to a phishing website, or have an attachment with malicious code. One such email features an Adobe PDF named “Swine influenza frequently asked questions.pdf,” according to representatives with Symantec. This PDF contains Bloodhount.Exploit.6, which is known to place InfoStealer code onto the victim’s computer.

So, aside from watching your real back, make sure to watch your virtual one as well. The Swine Flu is no joke, and neither is your personal information.

Image Credit: CNET

Monster.com Warns Users against Fresh Security Breach

Pulkit Chandna — Tue, 27 Jan 2009 08:40:36 -0600

Leading jobs portal Monster.com has warned its users against a fresh instance of private information theft, which happens to be the second such case in the past 18 months. The security breach has not only tarnished its security record further but also dealt a heavy blow to the trust that users have posited in it.

It issued the warning on its website, in what appears to be a less-frequented section, and opted against directly contacting the users. The company began its statement by downplaying the security breach: “as is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database.”

It claims to have taken the necessary “corrective steps” immediately after discovering the security breach. It has asked users to reset their passwords on their own, though they will eventually be forced to make the change. The company says that the exposed data includes user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. Resumes and sensitive data is said to be safe.

Monster.com has also advised users that they need to be more vigilant and watch out for specious emails claiming to be from the company.