To ply online banking accounts, Russian hackers rely on viruses that record keystrokes as customers type log-ins and passwords. Russian-made viruses are believed to be behind several major online heists, including the theft of $1 million from Nordea Bank in Sweden in 2007 and $6 million from banks in the United States and Europe that same year.
The best part is her email address is from japan! hahahahahaFrom: Stella OlieverDear Beloeve one
Based on your profile, l am happy to request for your assistance because I beleive that you are not going to betrayed the trust which I am going to lay on you Dear Beloved i pray all is well with you and Other members of your family.
My name is Stella 20 years old and the only daughter of my late parents Mr.and Mrs Oliever, My father was a highly reputable busnness magnet-(a cocoa merchant) who operated in the capital of Ivory coast during his days. It is sad to say that he passed away mysteriously in France during one of his business trips abroad on 12th.November 2005.Though his sudden death was linked or rather suspected to have been masterminded by an uncle of his who travelled with him at that time, but God knows the truth!
My mother died when I was just 6 years old, and since then my father took me so special. Before the death of my Father on November 12th 2005 he called the secretary who accompanied him to the hospital and told her that he has the sum of (USD$17.5 000 000) Seventeen Milion five hundred thousand dollars left in a metalic trunk trunk box, wich he deposited in a Security Company here in abidjan, that he registered it as family valuable items for security reasons, he told the secretary that I should contact the Company for them to know me as his next of kin wich I have did as he instructed,
He also told the secretary that I should not let any of his relations to know about this because he was kiled by them and if they know about it, that they will do nothing but to kill me in other to take hold of every thing, He told her that I should seek for a foriegn partner abroad who will help me retreived the trunk box and also travel with him or her in other to continue my Live and Education and also to start a Bussines relationship with the person whom can take cear of me in the fucture,
My dear, this is why I have come in contact with you in order to help me retreive that trunk box from the Security Companys custody and send it direct to your country and also to make an arrangement for me on how I will come over to your country in other to continue my Live and Education and also to go into bussines relationship with you hence I am still a child and I dont know any thing about bussines,
I am just 20 years old and a university undergraduate and really don't know what to do. this is because I have suffered a lot of set backs as a result of incessant political crisis here in Ivory coast. The death of my father actually brought sorrow to my life, My dear, I am in a sincere desire of your humble assistance in this regards and your suggestions and ideas will be highly regarded.
Now permit me to ask these few questions:
1. Can I completely trust you?
2.Can you accept me as your own blood Sister (Or Doughter)?
3.What percentage of the total amount in question will be good for you?
Consider this and get back to me as soon as possible with your full assurance that you will not disapoint me in this issue so that i can give you the contact of the Security Company where my late Father deposited that trunk box for you to contact
them on how the trunk box will be retreived from their custody and deliver to your country,
Thank you soo much for your understanding and may almighty God bless you and your Family to the Glory of God Almighty,
My sincere regards,
Miss Stalla.
The cross-site scripting (XSS) error can be plainly demonstrated here and here. It allows a miscreant to trick a user into believing he is visiting Facebook when the vast majority of the content is being supplied by a website of the attacker's choice.The danger of it is - a person can believe they are logged into Facebook and the scripts running on that page will be from the hackers website collecting information. hmmm - not good!
A CSRF attack on a DSL router could be launched from a social networking site, Hamiel says, using an image tag on a MySpace page, for example. 'Everyone who viewed my MySpace page with AT&T DSL and the Motorola/Netopia DSL modem would be owned,' he says."
... the report puts the market value of the traded goods, including financial credentials, at around $275M. This total market value is dwarfed by the potential amount of cash that can be extracted by the underground using these accounts.see the full report here -->
"Identity theft victimized 8.1 million Americans last year and 8.4 million in 2006, according to data compiled by Javelin Strategy & Research, a financial services research firm in Pleasanton, California. Unauthorized transactions cost consumers as much as $45 billion in 2007, Javelin reported."
This paper will help you configure your web browser for safer internet surfing. It is written for home computer users, students, small business workers, and any other person who works with limited Information Technology (IT) support and broadband (cable modem, DSL) or dial-up connectivity.if you've read their recommendations and have questions - email me - Dave@myinternetsecurityguy.com
Just like every decent marketer out there, vendors of commercial malware tools are very good at positioning their tools. However, their pitches often contradict with themselves in a way that what’s promoted as a Remote Administration Tool, has in fact built-in antivirus software evading capabilities, rootkit functionality and tutorials on how to remotely infect users over email.
Like other Trojans, Sinowal uses an HTML injection feature that effectively injects new Web pages or information fields into the affected victim's Internet browser -- and these injections seem like legitimate pages to the victim.
I talk to a lot of people about identity theft and fraud these days. Most individuals and companies don't really know, but somehow think they are protected.... text message phishing, occurs when customers receive a text message from what seems to be a reputable financial institution prompting them to call a telephone number due to a possible fraudulent transaction on their account.
Internet safety tips
•Don’t put a computer in the child’s room. It’s better to have it in a room where parents can monitor activity.•Check out parental controls. Some are free.
•Get your kids to educate you about the Internet.
•Communicate with them and assure them they won’t lose Internet privileges for reporting inappropriate messages and images.
the Silent Banker Trojan login page will steal your keystrokes with a keylogger & then send your passwords & login information to a server that is operated by cyber hackers or even cyber terrorists who need funding...
That's old news.
The latest problem with the Silent Banker Trojan is this...
It now apparently has added a rootkit that will let the Silent Banker Trojan load before your virus detections software rendering it useless.
"Russia is one of the most capable countries when it comes to launching system intrusion hacking attempts, distributed denial-of-service attacks, and operation of botnets," said Don Jackson, director of Threat Intelligence for SecureWorks. "Yet you'll notice the number of attacks coming from Russia are very low."
...
On the SecureWorks list, the United States has more than 20 million botnet compromised PCs. The next highest is China at roughly one-third that number, or 7 million. At first glance that may seem due to the size of each country and the number of computer users. Jackson said that isn't necessarily the case
The FBI was recently revealed to be operating an online forum called DarkMarket, as part of a sting operation against criminals buying and selling stolen identities and credit card information online.see the whole story from cnet here
For about $8,000, skimmers can have their own ATM overlay capable of transmitting 1,856 cards via SMS. Bulk pricing is available. And if they don't want the information sent card by card, they can dial into the device and download the data at their convenience.
full article hereA random keyword “on fire” like gwen ifill wheelchair indicates that 55 minutes ago a malware serving blog has been successfully crawled and is now appearing within the first 10 results thanks to the high page rank of Windows Live Spaces. Upon clicking the link, the user is exposed to the typical ActiveX Object Error message that is attempting to trick them into installing TrojanDownloader:Win32/Zlob.AMV with 10 out of 36 AV scanners currently detecting it (27.78%).
A program circulating online helps hackers build those fake pages. Users who follow an e-mail pointing them to one of the pages would see an error message that claims the video they want won't play without installing new software first. That error message includes a link the hacker has provided to a malicious program, which delivers a virus.
Once activated the Trojan installed a program that allowed such control of a computer that it could stream back live pictures via the computer's web cam (which it could switch on) or allow the hacker to record the sound from its microphone.
tem - just like Yahoo and others, we wanted to allow a person that forgot their password an easy way to recover it. To do this we created a stack of questions so people can choose a few best suited to them. Somewhere in the middle of this design I had one of those "Homer Simpson" moments - DOH! The easier I make it for the embarassed user to recover his own password, the easier I make it for the hacker to take it over - DOH!!!
So how does Debix work in the real world? Say you are at a car dealership and you need to finance a new car. Shortly after the salesperson leaves the showroom floor, your mobile phone should ring. That's Debix; you know it because it's your voice saying a secret code. Then Debix asks if you indeed are seeking to establish a new account. If yes, you type in a secret personal identification number.pretty cool, eh? :)
"Contrary to the all-encompassing impression created through LifeLock's
advertisements, the protection it claims to provide only extends to limited
instances of identity theft," claims the complaint filed against the company in
New Jersey's Middlesex County Superior Court. The complaint also asserts that
LifeLock actually has failed to protect Davis' identity, saying that his
personal information has been misappropriated in at least 20 separate identity
theft incidents.
Prevention guidelines
AAP and Microsoft partner on online safety for children
The AAP sees 96 million school-age children a year. That's why Microsoft asked them about keeping children safe online.
Using family contracts
See a sample of a contract you can copy and customize to clarify your family's "house rules."
10 things to teach kids
Want to talk to your kids about the Internet, but not sure where to start? Here's a list of subjects to consider.
School is in: 7 computer security tips for students
Help protect the computers you use for school from viruses, hackers, spyware, and other attacks.
4 steps to improve your family's Web security
Get tips for how to protect your children’s privacy and safety when they use the computer.
Online predators: Minimize the risk
Know the risks of online communication and become involved in your kids’ Internet activities.
Kids and the Internet FAQ
Strategies and tools to help deal with parents’ top concerns.
Video: Teach your kids to be safe online
Watch this video to find out more about what
you can do to help keep your kids safer as they explore the Internet.
When a visitor reaches one of the hacked sites, the malicious JavaScript loads a
file from the malware-hosting server, then redirects the browser to a different
page, also hosted on the Chinese server.
"Once loaded, the file attempts
eight different exploits," noted the Websense warning, including one that hits a
vulnerability in Internet Explorer's handling of Vector Markup Language (VML) that
was patched in January 2007.
Its designers trick people into saving it by telling them they need a new piece of software to watch video online.hmm - reminds me of infostealer - that piece of malware that'd auto-magically call your bank for you and relieve you of that troublesome cash sitting in your account.Once installed, it bombards people with pop-up messages and bogus flashing warnings that their computer is infected.
The messages say: "Your computer is infected! Windows has detected spyware infection. Click here to protect your computer."
The trojan then sends adverts offering to sell rogue anti-spyware on sites that could expose customers to credit card fraud. Microsoft said the problem is global and linked to organized criminal gangs.
NSTeens - Terrible tEXt
Some teens say and do terrible things to each other online
because they don’t see the direct effects of their actions. So what should you
do if you’re cyberbullied? Watch the NSTeens
in their latest video, “Terrible tEXT,” about a
young girl who is troubled when a cyberbully sends mean text messages to her
cell phone at all hours of the day and night.
Visit NSTeens.org.
the company caused some people surfing the net to receive a torrent of pop-ups that advertised porn links and other sketchy sites ...With end users' nerves rattled by the mysterious pop-ups, the company would then send out a new batch of notifications that were designed to look like official Windows alerts. They warned that the computer was vulnerable to malware attacks and directed the end user to reduce the threat by installing one of the software titles.
Here’s a question that was recently passed on to me –
Can anyone advise me on a good, safe internet search engine for kids?
Sure! Here’s a resource written by an expert in the field. I’ve used Danny Sullivan’s work many times when trying to figure out how to get Search Engines to find the website I’m working on! I figure if he knows how to make one find something, he’ll also know the ones that won’t find the things you don’t want.
Of the group, I like the sound of this one
Looksmart's Kids Directory
http://search.netnanny.com/?pi=nnh3&ch=kidsThe Kids Directory is a listing of over 20,000 kid friendly websites that were hand picked by employees of Looksmart subsidiary Net Nanny and vetted for quality. Looksmart also offers a safe search of the entire web, using Net Nanny software to filter Wisenut search results, as well as a free toolbar that uses the same service.
Also, I’d recommend using the NetNanny software as a content filter. That way your computer will constantly verify the content about to be viewed meets up with the standards you established BEFORE jr. started browsing!
There are more extreme measure of computer monitoring, but for pre-teens, this should be sufficient.
I ran into someone who attended one of my lectures the other day, she told me the single thing that stood out to her the most was when I pointed out that most bad guys don’t pick your computer to attack, they’re invited in.
‘what do you mean?’
Well when you visit a website, and see a pop up window that says ‘ most computers are not properly protected, click here for a free virus scan’ they might be legit, then again, they might not be. By clicking ‘ok’ you’re giving the owner of that application permission to do something to your computer. It’s like a stranger knocking on your door and you letting them in, and then not watching them. Once the stranger has access to your home or computer, it’s up to them what they’ll touch – not you.
No one knows for sure where computer viruses, Trojans, or malware comes from. These days I’m reading more about it coming from the manufacturer pre-installed! But one thing is for sure, the more time spent on websites that you wouldn’t want your mom to see, the higher your chances are in getting infected.
My kids are getting to the age of independence and wanting to explore more online than just the websites I’ve found for them. They are good kids, so I really have no reason to be too concerned. But the other day when we were driving home from baseball practice my son tells me – ‘hey dad, guess what Bobby showed me today – he helped me find cheat codes for Lego Star Wars on the Wii!’
Ya gotta love the friends that have older siblings and just know more about the world.
I just ran a couple of searches on ‘wii cheats’ and found a TON of pages. I wasn’t really looking for the codes my found – I was looking for who ever else was using those pages as bait for kids! Using Google and McAfee Site Advisor I found most of the pages weren’t known hazards, but a few had been tagged as having excessive popups. (yellow) All in all, no biggie, but it was a nice ‘heads up!’ to me from him that there will be times when he innocently searches for something that may not be entirely safe!
The U.S. Department of Defense warned in an annual report released this
week that China continues to develop its abilities to wage war in cyberspace as
part of a doctrine of "non-contact" warfare.
The Veterans Affairs Department today revealed that personal, identifying dataI’m really glad organizations are starting to understand that the reason portable devices were created were to allow for people to have access to their electronic date from more places than just their desktop! Of course once they’re out of the office they are more at risk, but that’s the nature of the beast of being portable.
for as many as 26 million American veterans was stolen from a VA employee's home
in May. The information is a list of all veterans who served in the military and
were discharged since 1975.
Q. you and a friend are in the woods when a Grizzly Bear decides you look
like breakfast and starts to chase you! how fast do you need to
run?
A. Faster than your friend!
Sometimes smart people say that darnedest things …
This morning I got up to write about kids and what we can do to protect them in this wacky internet enabled world, and for a few minutes – I had one of those rare bursts of good news!
I read lots of different blogs, and news streams – everything from MS/NBC to Computerworld, to Schneier on Security. I generally like Schneier on Security and am reading a couple of his books now.
But today I’m not a fan. His headline Fear of Internet Predators Largely Unfounded sounded great!! But then after reading it, it didn’t smell quite right to me. I checked on the sources and found a link to this article from the Crimes Against Children Research Center at UNH and finally a press release from UNH -
Here’s an excerpt
For example, in spite of public concern, the authors found that adolescents' use of popular social networking sites such as MySpace and Facebook do not appear to increase their risk of being victimized by online predators. Rather, it is risky online interactions such as talking online about sex to unknown people that increases vulnerability, according to the researchers.
"what do you mean by this?"
When you or I see someone on the street, or buy something in a store - our eyes and ears can tell us things like "the store is clean, it's been here for years, many people shop here. The owner is here every day, and the merchandise feels like it has a quality to it". Online - we are missing all the tactile senses, and have to develop a sense of validation through other means. eg. other people rate the site highly, they are certified to be who they say they are ...
With meeting people it's the same. I'm coaching kids sports - when they show up for the first practice, I've got a good idea they are who they say they are. If I were to meet the same group online for an online class I'm teaching - then I really wouldn't know.
This 'not knowing' is why I caution the use of the social sites. While many people use them for their daily news, gossip and jokes - as soon as your pool of friends is extended beyond people you've personally 'validated' (seen them etc) it's contaminated. The internet is a great tool - but it is like a sword and needs to be respected.
Back to my thoughts on the article - just like any statistical article, it's great to get some numbers - but the conclusions are suspect. From my perspective, it's great that there aren't as many predators or negitive experiences as perceived - but it's still a risky environment that one should be carefully prepared for.
This free browser plugin, McAfee Site Advisor will check it and the links returned from Google or Yahoo against their DB of known badguys.
I was having lunch with my buddy Nick the other day talking about this blog. Now Nick isn’t in my target audience – he’s an excellent programmer, very aware of security threats and I’m sure he’s running a great hardware firewall at home.
The thing that caught his attention the most was something I discussed a while back in Mmmm, I love hunny – User Ids are being stolen via rootkits (software that is undetectable by your antivirus program) and are then sold to middlemen who then resell them to people who form attacks.
The part where it really gets interesting – MOST people do not create great username/password combinations to begin with, THEN they re-use that same combination on every site they go to!
So – let’s just say I’m running a really simple rootkit (one I can buy for about $75) that’ll tell me all the websites you visit. If any of them (like y! mail) is running non-secure – I can easily nab your username/ password. Then, referencing my handy dandy list of all your websites, I can try out each one to see where it works! Once I login as you, I’ll change the mailing address, or see if I can get money out --- or in a worse case scenario, I’ll sell your good stocks to buy the penny stocks I’m holding, then I’ll sell out of my account when the time is right! (pump and dump, baby)
It gets better – most people I talk to don’t ever change their passwords. Never. Or if they do, they store them in a file called passwords.txt file on their C drive. Not good. Even better are the folks that put them on a sticky and leave it up on their screen 24x7. (uh, other people might just read that!)
Whaddya do? - there are a lot of good solutions in this area – robo-form is interesting, Password Safe looks really good – but so far I’m using another piece of open source software called KeePass. Install it on a USB stick, and carry your passwords with you. Even better, have it generate new, incredibly complex and unique passwords for you and you’ll never have to worry about remembering them!
I’m still experimenting in this area – if you’re interested in more, email me!
Posts
All Comments
