Tuesday, 27 October 2009

Social Engineering in Real-World Computer Attacks

Source: SANS Internet Storm Centre Diary

A useful collection of ways in which social engineering has been utilised in recent attacks. More diverse than you may think.

FBI: Cyber Crooks Stole $40M From U.S. Small, Mid-Sized Firms

Source: Security Fix

"Normally, the FBI isn't eager to discuss losses, or even acknowledge the existence of specific cases. What's more, the agency is keen to avoid making any statements that might spook consumers or businesses away from online banking. But Chabinsky said the FBI is taking the unusual step of floating financial loss figures in order to grab the attention of those most at risk so they can adopt safeguards."

Saturday, 10 October 2009

Malware Distributors Mastering News SEO

Source: eWeek Security Watch

This particular problem has been on the rise for a while, but this article provides a useful snapshot of the status quo. Malware authors, particularly fake antivirus peddlers, are using Search Engine Optimisation techniques (SEO) to place their wares high on the search results for breaking news stories such as the recent Samoan Tsunami. These techniques are proving quite powerful, giving the miscreants "five or six of the top ten results on the Google search results page".

Tuesday, 6 October 2009

Bank Botnet Serves Fake Info to Thwart Researchers

Source: Threat Level

The URLZone trojan mentioned in the previous post has another interesting feature. When researchers attempted to install the trojan on their own system and use it to obtain account details of mules, they were sent red herring account details. These misleading accounts are genuine accounts which have been used as the targets of legitimate funds transfers on URLZone-compromised systems.