Posted 11/12/09 at 01:15:35 PM by Paul Lilly

Trend Micro has issued a warning that the Koobface botnet has begun pushing out a new component capable of automatically registering a Facebook account and confirming an email address in Gmail to activate the fake persona. Once Koobface becomes part of the social network's community, it begins randomly joining Facebook groups, adding friends, and posting messages to people's walls.

"Overall, this new component behaves like a regular Internet user that starts to connect with friends in Facebook," says Trend Micro. "All Facebook accounts registered by this component are comparable to a regular account made by a human. The details provided about the account are complete such as a photo, birth date, favorite music, and favorite books, among others. In addition, every account registered is unique in such a way that the details vary for every account registered."

That's pretty wild, and it's done using Internet Explorer to create and register the account, according to Trend Micro. But what's interesting is that the Koobnet botnet halts its dastardly deed if the affected user is kicking it old school with IE6.

So how do you avoid being duped by a fake friend? You could become a loner, but that might get, well, lonely. Common sense applies - be sure you know who it is you're adding. And as usual, be wary of clicking on links. Trend Micro says the messages posted through Facebook's wall contain a link that leads to the fake Facebook or YouTube page hosting the Koobface loader component.

Read More

Posted 11/10/09 at 06:30:15 PM by Ryan Whitwam

Security firm FireEye has reportedly struck a massive blow against spam. The so called “Mega-D” or “Ozdok” spam botnet was effectively dismantled by these intrepid security researchers. After studying the beast, FireEye launched an attack by notifying ISPs, having command and control (CnC) domains removed, and then registering unused CnC domains.

Almost immediately, the spam ceased. No small feat, considering Ozdok was probably responsible for one third of the world’s spam. This takes the load off ISPs which were forced to filter the spam from this botnet. Individual users probably won’t notice much difference.

FireEye found that over 246,000 zombie machines were reporting to the CnC domains in their possession after the takedown. The security firm plans to work with ISPs to indentify the owners of the PCs so they may remove the malicious software.

Read More

Posted 11/06/09 at 09:04:10 AM by Paul Lilly

Some changes are coming to Twitter that the microblogging site hopes will help curtail the amount of spam that flows through its Trending Topics area, the social networking site announced in a blog post.

"As Twitter grows and the number of tweets each day continues to astound us, we’ve noticed an increasing amount of clutter in the public timeline, especially with trending topics," Twitter noted. "Trends began as a useful way to find out what’s going on but has grown less interesting due to the noisiness of the conversation."

Twitter's solution is to start experimenting with ways of ranking retweets, though the service didn't say how this would work. If we had to guess, we'd say it would be based on some kind of algorithm that gauges a user's popularity, among other factors, rather than a manual approach.

According to the blog post, any initial changes will be minor and "the improvement won't be very noticeable at first."

Read More

Posted 10/30/09 at 12:35:46 PM by Paul Lilly

If only spammers had the dough to pay their court-appointed fines, Facebook could make a full-time living in the courtroom. The social networking site slapped Internet marketer Sanford Wallace with a lawsuit alleging he was accessing Facebook accounts without permission and posting fake messages on users' Walls. The judge didn't take kindly to Wallace's actions and awarded Facebook with a little over $711 million in damages.

Not a bad day in court for the social networking site, but Facebook doesn't stand to receive anywhere close to that amount, and it knows that.

"While we dont' expect to receive the vast majority of the award, we hope that this will act as a continued deterrent against these criminals," said Sam O'Rourke in a company blog post.

Maybe it will, maybe it wont.  Last November, Facebook won an $873 million judgment against Adam Guerbuez and Atlantis Blue Capital for a phishing scheme, but has yet (if ever) to collect on that. And therein lies the problems with these judgments.

Getting back to Wallace, the exorbitant fine may not be the only thing he has to worry about. The judge in the case referred Wallace to the U.S. Attorney's Office requesting that he be prosecuted for criminal contempt, so it's possible he could serve some jail time.

Read More

Posted 10/21/09 at 08:32:30 AM by Paul Lilly

You and I might call it spam, but small businesses who promote their products on social networking sites like Facebook and Twitter call it smart advertising. No matter what you call it, don't expect those product plugs to go away any time soon. In an online survey, Internet2Go found that 45 percent of some 2,400 small business respondents with fewer than 100 employees said they use social networking tools to push their services or wares.

"For these guys, costs was a big factor," said Greg Sterling, an analyst for Internet2Go. "They either need to hire a dedicated person or need more resources and don't have it.

We're talking really small businesses here, as most of the respondents -- 8 out of 10 -- had four or fewer employees and annual marketing budgets less than $5,000. Nearly half of all respondents said they spend less than $1,000 on advertising and marketing, so it makes sense they would flock to Facebook and other essentially free venues.

"We are going to see more and more of this behavior from other small businesses because it's free and you don't have to have expertise to set up these pages," Sterling said.

Read More

Posted 09/24/09 at 06:29:46 PM by Jason Barry

A Twitter phishing scam tore across the micro-blogging site over the past few days. It all started with direct messages sent to Twitter accounts saying “rofl this you on here? http://videos.twitter.secure-logins01.com.” The link leads to seemingly innocuous Twitter login page. However, to the keen observer of the URL you can see that it is obviously not an official Twitter site.

Once on the fake login page, if you entered credentials you were taken to a “Too many tweets page” explaining that Twitter is having technical trouble (is it that hard to believe?).

A day or two later, if you logged into your Twitter account you will have found hundreds of get-rich-quick, earn-money-at-home spam messages sent on your behalf.

If you are a victim, you had best change your credentials to your Twitter account and any other sites using similar login information. If you are a casual onlooker, try not to point and laugh.

Read More

Posted 09/24/09 at 09:34:56 AM by Pulkit Chandna

The world’s leading search engine has made a fresh addition to the Google Toolbar. Called Sidewiki, it is a universal commenting and annotation system. It is meant to supplement, and not supplant, a website’s existing commenting system. Online denizens can freely drop and post comments on any website of their choosing using Sidewiki.

It appears in the form of a window on the left side of the browser. Spam and indecorum are two of the biggest problems afflicting website administrators and readers. The search engine giant firmly believes there is an algorithm for every problem tormenting humanity, including the above-named issues.

“I’m sure some publishers will have some objections to something like this but (at the same time) many traditional publishers also objected to blogs,” Aseem Sood, product manager at Google, told PaidContent.org. He believes Sidewiki will lead to an increase in return visitors to a particular site and so website administrators have nothing to fear from it. He also added that his company has no plans to taint its new comments system with ads. “Right now, our goal honestly is to increase the engagement of users on the web.”

Read More

Posted 09/16/09 at 07:29:32 PM by Pulkit Chandna

The most defining feature of Web 2.0 is arguably its enhanced level of interactivity. But “the very aspects of Web 2.0 sites that have made them so revolutionary” have also made them highly vulnerable to abuse, according to web security firm Websense. The San Diego-based company published its biannual “State of the Internet” on Tuesday.

The report (PDF) reveals that 95% of comments that appear on blogs, chat rooms and online forums fall into two broad categories: spam and malicious content. Cyber scoundrels now seem more focused on targeting Web 2.0 websites with user-generated content than ever before. Many of the most frequented internet properties are sites that tolerate user-generated content. And 61% of the top 100 sites either host malicious content or link to it, according to the report.

Spam and malicious content seem to go hand in hand, for Websense Security Labs found that 85.6 of spam mails in circulation during the first half of 2009 contained links to malicious sites.

Read More