Warning: Johnny Depp Death Video
By Davey Winder in Editorial
Posted in Twitter, phishing, Search, Blog, Spyware, Security, Spam, Internet on
I’ve been all over the Johnny Depp is NOT dead story this weekend like a nasty rash. Seriously, how this could have spread quite so quickly is beyond me. It has run broad as well as deep, which is unusual for a Twitter hoax. However, it does serve to demonstrate not only how important Twitter is becoming as a breaking news source but also how badly things can go wrong if you treat Twitter Trending Topics as gospel instead of Chinese Whispers.
It only took me a few minutes of Googling to dig up the fact that the supposed car crash was actually an old hoax resurrected from 2004, and it wasn’t a very good one back then to be honest. The lazy hoaxer just pasted an image over an existing CNN news story page but couldn’t be arsed to remove the original text. So one minute it was talking about Depp in an alcohol fuelled death crash and the next about some British Navy types having a lucky escape from a caving accident. Sigh.
Sure, I had the advantage of being an online news guy so am blessed with one of those ‘I’ve heard that somewhere before’ kind of memories which comes with the territory. So when my wife woke me up and was all “the man I love is dead” on my ass I knew it was a hoax. Obviously I also knew my marriage was not, perhaps, as secure as I had thought but that’s another story.
What else I knew, once I’d done my investigating and written it up in the forlorn hope it might help stem the tide of misinformed tweets (it didn’t) was that it wouldn’t be long before the RIP Johnny Depp malware hit the web. Another forlorn hope that a security journalist warning the public to be alert might stop link clicking idiots doing just that. Still, the news stories went out yesterday.
Today the inevitable has happened and Graham Cluley over at Sophos has the video evidence of malware scammers using the web to direct people expecting to find video footage and news of the Johnny Depp death crash to something even nastier. Part of me wants to say that look, if you are searching for video footage of a celebrity perishing in a car crash then you deserve everything the malware scumbags throw at you. But then again, I’ve seen how devoted Depp fans react to the news that their idol may be dead (waves at wife across the office) and know that logic can often be thrown out of the window in an attempt to get at the truth.
To save you the trouble, here is the truth:
Depp did not die in a car crash in 2004 or 2010 and there is no video footage as a result.
Twitter should not be treated like News at Ten, but more as a load of people down the pub - and you wouldn’t necessarily believe Bob at eleven when he tells you that Gordon Brown has resigned over a sex scandal and he knows it is true because Fred told him and he heard it from the barman. Would you?
Rated: 60% (2 votes)
Loading ...
The £2.61 billion online robbery
By Davey Winder in Editorial
Posted in Blog, phishing, Spyware, Spam, Security, Internet on
With some 12% of the UK population falling victim to online fraud within the last 12 months alone, I guess it should come as no surprise that as far as the online version goes crime does pay. The extent to which is pays, of course, is another thing altogether. New research from YouGov and VeriSign (commissioned to launch the VeriSign UK Fraud Index) suggests that the average cost per victim of online ID fraud is £463. If you are one of those who have been mugged in this manner, I feel for you - unless you have acted like some greedy village idiot in which case consider it an expensive but effective lesson in trust.
Truth be told, less than £500 per person on average doesn’t sound too frightening. I imagine that, like the three people I randomly asked about the survey this morning, you thought that victims of Nigerian 419 and Canadian Lottery scams got fleeced for thousands at a pop. But remember these are averages we are talking about, and quite apart from the highs and lows of such math, you also need to take into account the huge numbers of people concerned. Multiply the average by millions, because that’s what we are talking about here, and the figures start to get very worrying indeed.
The survey shows that in the last 12 months some £2.61 billion was stolen online from UK consumers. This despite 82% of them claiming to only buy from sites with enhanced security settings. Obviously they are not doing enough checking, and not applying enough common sense to avoid being defrauded though.
It also revels that only 5% of 18-24 year olds have been defrauded, suggesting that younger folk are not only more street-wise but also more web-wise. People aged 45-54, however, are defrauded the most with some 14% claiming to have fallen victim to online ID fraud.
Looked at from a geographical perspective, it is Londoners who are most careless when it comes to buying stuff online with 18% of them saying they just don’t bother checking site security settings before purchasing. That compares to just 9% in Northern Ireland, for example, who ranks as the safest. Welsh folk are the biggest victims of online fraud, however, with some 20% percent stating that they had experienced ID fraud in the last year, while only 8% of Scots said the same.
“Research reveals that there isn’t a relationship between the number of people who check a website’s security and those who have been scammed” Martin Mackay, VeriSign’s vice president of EMEA reckons. “There are still too many out there who simply don’t know the danger signs to look for when buying online. We’re committed to measuring fraud in the UK to raise awareness of this issue, and promise to educate the public with regular campaigns on what they should be looking for before buying online.”
Rated: 100% (1 votes)
Loading ...
Hong Kong named and shamed on web danger list
By Davey Winder in Editorial
Posted in Blog, Spyware, Security, Internet on
McAfee Inc has named Hong Kong as the most dangerous country domain on the web, jumping up 28 places from this time last year. According to the Mapping the Mal Web Revisited report, McAfee says that Tokelau, a tiny island of 1,500 inhabitants in the South Pacific, has lost its crown as king of web danger. Apparently, 19.2 percent of all websites ending in the .hk domain pose a security risk to users. China is close behind in second place, while Finland, Ireland and Japan are the safest places to surf.
The research compared ratings of sites found in each of 265 country and generic domains, ranking them by way of the number of risky Web sites found in each domain using SiteAdvisor technology which contained adware, spyware, viruses, spam, excessive pop-ups, browser exploits or links to other ‘red-rated’ sites.
Other key findings from the report include:
- Your chances of downloading malware from surfing the web has increased by 41.5 percent since last year.
- The Philippines has seen a 270 percent increase in overall riskiness.
- Spain has seen a 91 percent increase in overall risk.
“For administrators of top-level domains this study should act as a wake-up call. Last year’s report spurred Tokelau’s domain manager to re-examine its policies,” said Jeff Green, Senior Vice President of Product Development & Avert Labs. “Not all domain managers are as accommodating so our mission is to educate consumers of the dangers and protect them in every way they enjoy the Web whether through their PC, the Web itself, or mobile phone.”
Rated: 100% (1 votes)
Loading ...
Crimeware toolkit targets 10,000 trusted sites
By Davey Winder in Editorial
Posted in Data Protection, Blog, Spyware, Security, Internet on
The Finjan Malicious Code Research Center is reporting that a crimeware Trojan named ‘random js toolkit’ is threatening to turn highly trusted websites into lucrative money making traps for the online underworld. It has identified in excess of 10,000 sites in the US which have been infected by the toolkit Trojan in December alone, and the actual figure is likely to be much higher as it is an extremely elusive little bugger which can avoid detection unless some kind of real-time code inspection technology is being used.
The payload, unsurprisingly, is the theft of data from the machines of those unlucky enough to get infected. Data such as documents, passwords, surfing habitats, pretty much anything and everything required to do the identity theft thing.
Finjan has published an in-depth report covering a random js toolkit attack, but the basics are as follows:
The random js attack is performed by dynamic embedding of scripts into a webpage.
Rated: 100% (3 votes)
Loading ...
One million Facebook users exposed to Zango worm
By Davey Winder in Editorial
Posted in Blog, Spyware, Facebook, Security, Internet on
Given the popularity of Facebook applications, those annoying widgets which people in your network naturally assume you will be interested in (even though most are banal even by widget standards), it was only a matter of time before the trend was exploited by those with a less than social motive. And so it is that security threat researchers at Fortinet have uncovered a malicious widget which has already found its way onto the computers of 3% of Facebook users - or a million people if your prefer.
The Secret Crush application spreads by Facebook users getting a notification from someone in their network who has already installed the widget, which informs them that one of their friends has the hots for them. The wording is such that suggests it might be the friend who sent the invitation, but the only way to find out is to install the application itself. At this point the plot thickens, because using an escalation of commitment strategy Secret Crush the widget once installed will only reveal the identity of your secret admirer once you have invited another 5 of your friends to install it. According to Fortinet, even after inviting those 5 friends there is no revelation other than an invitation to download a ‘crush calculator’.
Fortinet has examined the page source of the advertising frame that is displayed and discovered it is hosted at zango.com, within the affiliates section. Downloading the application actually leads directly to a copy of Zango, the in famous adware/spyware that used to be known as 180Solutions. Download this and rather than a secret crush you will find yourself being courted by adverts.
Although there is no way of knowing the exact figures, the authors of Secret Crush are likely to be getting a few pence for every download, which multiplied by a million or two clicks soon adds up.
Fortinet CMO Richard Stiennon included “malicious Facebook widgets” in his list of security threat predictions for 2008, and it looks like he was right on the money. There seems to be no mechanism in place at Facebook to protect users from this kind of malicious application. Hackers could implement a similar scheme but replacing the Zango IFrame with a drive-by install engine instead.
“Keep in mind that, given the odds, people are likely developing Facebook “Platform Applications” for profit rather than just for fun. Now, this does not mean that all widgets are going to be malicious. As in every business frame, honest ways to generate profits surely exist on Facebook, in exchange for providing a service to users who subscribe to it. However, users must be aware of this, and resort to a blend of common sense and protection gear to avoid being scammed and abused” advises Fortinet EMEA Threat Response Team Manager Guillaume Lovet.
Rated: 100% (1 votes)
Loading ...
A quarter of all email includes a vicious link
By Davey Winder in Editorial
Posted in Data Protection, Blog, Spyware, Spam, Security on
That is the perhaps unsurprising warning contained in the MessageLabs Intelligence 2007 Security Report which was published today. In a double whammy of bad news, MessageLabs warn that spam is the most dominant menace on the IT security agenda with spam levels reaching a whopping 84.6 percent across the course of the year, plus of course the fact that 25 percent of email comes complete with a malicious link to take you directly to something very nasty indeed.
Perhaps the most worrying bit of this is that it is a trend that has stormed along, every pun intended because the Storm botnet attacks have played a huge part in the statistics, with only 3 percent of email-borne viruses containing malicious links at the start of the year. To be honest, I find that figure rather low in any case. My mailbox would suggest, from both the malicious link emails I get and the messages from folk who have received them, the problem has been rife for some time. Still, this trend towards malicious links does serve to demonstrate that virus writers are continuing to develop strategies to distribute malware.
MessageLabs also flag up the dangers of social network targeted threats during 2007, warning that this could increase in 2008. Certainly during 2007 there were several significant waves of such targeted attacks which appeared on the radar. Indeed, the report suggests that levels rose from one attack per day in 2006 to more than 1,100 over a 16 hour period during September 2007. The most recent being in November when the first sector specific attack took place with almost 1,000 individual attacks aimed at the Financial Sector.
looking at the year by the numbers, the reports comes up with the following to brighten your day:
MessageLabs identified an average of 1,253 new web sites per day harboring malware, which equates to almost half a million new malicious web sites appearing throughout the year.
The average virus level for 2007 was 1 in 117.7 emails (0.8 percent) which reflects a fall of 0.6 percent since 2006 where levels averaged at 1 in 67.9 emails.
The number of phishing attacks rose to 1 in 156 emails across 2007, compared to 1 in 274.2 emails in 2006.
Rated: 100% (1 votes)
Loading ...
Shocking Spyware Statistics
By Davey Winder in Editorial
Posted in Spyware on
Two sets of spyware survey results passed across my radar today, and both make for the by now usual shocking reading.
The first came by way of Webroot Software, Internet security developer of anti-spyware kit for consumer, enterprise and SME markets. This particular poll surveyed some 3000 consumers with regard to their understanding of external Internet threats to their PCs, something that should be of interest to all IT admins considering that it is just these kind of consumers whose resources are zombified and become part of the botnets that can cause such havoc to the enterprise by way of DDoS attack.
Sadly, despite 87 percent of UK consumers insisting that they do understand the spyware threat and the dangers that it brings, nearly 50 percent also went on the admit to having fallen victim to just such a threat. This suggests that although user awareness is increasing, which is a good thing, advanced spyware development is also on the up, which obviously isn
Not yet rated
Loading ...
Tag cloud
Archives
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
Most commented posts
- Has Microsoft gone mental?
80 comments
- Cuil frozen out: market share drops to next to nothing
- Xbox 360 FAIL
- 80 percent of viruses love Windows 7
- The 24GB RAM Desktop is born
- Use old version of Windows instead of Linux, says teacher
- Microsoft reveals time-based licensing model
- Google to buy Twitter?
- Has the US Army declared war on Windows 7?
- Windows XP: the invincible OS
Highest Rated Blog Posts
- Why ecommerce fails (100%)
- Google Chrome stands alone at PWN2OWN (100%)
- Betting on Hubdub technology (100%)
- Has Google gone insane as GMail goes back to beta? (100%)
- Chinese whispers as government implicated in UK hack attacks (100%)
- Crimeware toolkit targets 10,000 trusted sites (100%)
- Black Hat risk to migrating VMs (100%)
- Tough on cyber crime, tough on the causes of cyber crime (100%)
- Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
- Has the US Army declared war on Windows 7? (100%)