Source: SANS Internet Storm Centre Diary
A useful collection of ways in which social engineering has been utilised in recent attacks. More diverse than you may think.
Tuesday, 27 October 2009
FBI: Cyber Crooks Stole $40M From U.S. Small, Mid-Sized Firms
Source: Security Fix
"Normally, the FBI isn't eager to discuss losses, or even acknowledge the existence of specific cases. What's more, the agency is keen to avoid making any statements that might spook consumers or businesses away from online banking. But Chabinsky said the FBI is taking the unusual step of floating financial loss figures in order to grab the attention of those most at risk so they can adopt safeguards."
"Normally, the FBI isn't eager to discuss losses, or even acknowledge the existence of specific cases. What's more, the agency is keen to avoid making any statements that might spook consumers or businesses away from online banking. But Chabinsky said the FBI is taking the unusual step of floating financial loss figures in order to grab the attention of those most at risk so they can adopt safeguards."
Saturday, 10 October 2009
Malware Distributors Mastering News SEO
Source: eWeek Security Watch
This particular problem has been on the rise for a while, but this article provides a useful snapshot of the status quo. Malware authors, particularly fake antivirus peddlers, are using Search Engine Optimisation techniques (SEO) to place their wares high on the search results for breaking news stories such as the recent Samoan Tsunami. These techniques are proving quite powerful, giving the miscreants "five or six of the top ten results on the Google search results page".
This particular problem has been on the rise for a while, but this article provides a useful snapshot of the status quo. Malware authors, particularly fake antivirus peddlers, are using Search Engine Optimisation techniques (SEO) to place their wares high on the search results for breaking news stories such as the recent Samoan Tsunami. These techniques are proving quite powerful, giving the miscreants "five or six of the top ten results on the Google search results page".
Tuesday, 6 October 2009
Bank Botnet Serves Fake Info to Thwart Researchers
Source: Threat Level
The URLZone trojan mentioned in the previous post has another interesting feature. When researchers attempted to install the trojan on their own system and use it to obtain account details of mules, they were sent red herring account details. These misleading accounts are genuine accounts which have been used as the targets of legitimate funds transfers on URLZone-compromised systems.
The URLZone trojan mentioned in the previous post has another interesting feature. When researchers attempted to install the trojan on their own system and use it to obtain account details of mules, they were sent red herring account details. These misleading accounts are genuine accounts which have been used as the targets of legitimate funds transfers on URLZone-compromised systems.
Subscribe to:
Posts (Atom)
