Monday, January 5th, 2009
Phishers unleashed a concerted attack on Twitter users this past weekend, once more underscoring how cyber criminals invariably transfer their tried-and- true scams to any Web-based service that attains mass popularity.
A variation of email phishing, the Twitter campaign involved the mass spreading of direct Twitter messages, purporting to come from friends, and directing the recipient to click to a Website with funny pictures or with free offers like this one, which used the iPhone as bait.
“Having hacked into some Twitter accounts it appears that the criminals then used the Twitter identities of their victims to pass on the message to even more Twitter users,” says Graham Cluley, Sophos Senior Technology Consultant.
In addition to harvesting valuable personal data to sell in criminal markets, these phishers apparently are on the lookout for any celebrity logons they can snare as trophies. CNET is reporting that CNN anchor Rick Sanchez, a Twitter-aholic, fell for the ruse.
CNET reports that Sanchez’s Twitter account displayed the hacked message “i am high on crack right now might not be coming into work today.” Other celebrity Twitter users hacked and mocked: Bill O’Reilly and Britney Spears.
Friday, December 26th, 2008
More Europeans than ever are using their mobile phones to do wireless banking. A comScore M:Metrics survey commissioned by Airwide Solutions found that 5.6 million people in the EU access financial information from their mobile phones - a 23.6 % year- over-year increase.
Seaton
It is starting to look like the emerging market for cellphone security products could, indeed, be a robust part of the tech market in 2009, as I predicted in this June 2008 news story. Cyber gangs have saturated the Internet with data-stealing, Trojan-spreading botnets. So it’s simple logic that the elite gangs will follow people as they e-mail, text message and begin doing financial transactions from their mobile devices.
As the general populous goes more mobile, so will cyber criminals. The pattern is all too familiar. Jay Seaton, Airwide’s chief marketing officer points to a steady rise in global SMS spam that is beginning to morph into “snoopware that enables the hacker to listen in on conversations, install spyware that allows him to access phone logs and contacts, and send text messages and multimedia spam to other devices.”
It doesn’t take a soothsayer to predict that cyber criminals will gravitate to mobile devices as an attack vector to do more corporate intrusions — which are scaling up, as I revealed in this November investigative cover story.
“The most frightening aspect about mobile malware is its potential to use an infected smartphone or other device as a proxy or gateway into an organization’s core network,” says Seaton. “Hijacking a handheld device, hackers can breeze past a traditional firewall and make their way onto a company’s mail server, customer database, CRM tools, and other critical parts of the network. And this damage may result from something simple, such as an employee receiving a message to download a free game or antivirus update.”
Tuesday, December 23rd, 2008
Symantec has commenced selling anti-virus subscriptions for Macs — another sign the current generation of virulent Trojans circulating in e-mail and instant message spam, infesting Facebook and MySpace ; and lurking on millions of tainted web sites, are platform agnostic.
Mac users can now buy Norton Internet Security for Mac, which Symantec describes as “a next-generation security suite that integrates an all-new firewall and antivirus protection with tools to help protect against identity theft.” Symantec also launched Norton Internet Security for Mac Dual Protection, “securing Mac users running Boot Camp or other Windows virtualization software - programs that allow users to run both Mac OS X Leopard and Windows operating systems.”
Rowan Trollope, Symantec’s senior vice president, Consumer Business Unit, opines, “Even Mac owners are susceptible to online threats, and when it comes to phishing, it doesn’t matter what platform you’re using.” Symantec’s malware tracking data shows “that Macs can be a target for viruses and malware,” he says.
Don’t expect Apple to react. Tech industry Rob Enderle has given the best explanation I’ve seen for how Apple can continue to stand aloof from the rest of the tech security community. Enderle observes: “Apple doesn’t really talk about its exposures; it focuses its efforts on making its product appear invulnerable. It doesn’t cooperate with security firms and seems to actually recommend folks don’t use security products . . . Apple keeps its own security folks locked away working quietly on security problems. It patches quietly, as well, trying to limit or eliminate any sustained coverage of the problems that it too clearly has.”
–Byron Acohido
