Wednesday, July 27, 2011

Credit card one week overdue? Malware disguises itself in spam attack

Credit card one week overdue? Malware disguises itself in spam attack: "
Credit cardHave you received an unexpected email telling you that your credit card is one week overdue, and that you must pay the debt within two days or face additional charges?

Well, don't rush to open the attached file - or your computer could be struck by a malware attack.

The emails, which have been spammed out widely, try to frighten you into opening an attached file called Report#113.zip.

Overdue credit card malicious email

Dear Customer,

Your Credit Card is one week overdue.

Below your Card information

Customer 0066594169

Number XXXXXX

Card Limit XXXXXX

Pay Date 27 Jun 2011

The details are attached to this e-mail.

Please read the financial statement properly.

If you pay the debt within 2 days, there will be no extra-charges.

In 2 days $25 late fee and a finance charge will be imposed on your account.

Please do not reply to this email, it's automatic mail notification.

Thank you.

Note that the customer number quoted in the email appears to be randomly chosen, so may differ in the emails you receive.

Subject lines which have been used in the malware campaign include 'Your financial debt overdue', 'Payment by credit card overdue', 'Credit Card is one week overdue', 'Credit card payment of overstayed', and 'Credit card overdue'.

If you do make the mistake of opening the attached file, you run the risk of infecting your Windows computer with malware that Sophos detects as Troj/Invo-Zip.

Cybercriminals use social engineering tricks to fool you into making unwise decisions.

Whether it's making you believe that you're about to see a sexy video, win a pair of free air tickets or discover what company has been debiting your credit card, the intention is the same with malware attacks like this - to dupe you into running dangerous code on your computer.

Sophos products intercept the malicious emails as both malware and spam.

Follow @gcluley



"


Posted by at No comments:
Labels: , , , , , , , , , , , , , , , , ,

Is your Twitter account hacked and sending out 'Beach Body' spam?

Is your Twitter account hacked and sending out 'Beach Body' spam?: "
Thousands of Twitter users are seeing unexpected messsages from hacked online friends promoting a weight loss supplement that will, allegedly, 'get the beach body you've always wanted'.

Get the beach body you've always wanted, now you can with this weight loss supplement

Get the beach body you've always wanted, now you can with this weight loss supplement [LINK]

The messages link to what pretends to be a news website, but is really designed to promote an Acai Berry 'miracle diet' marketed as 'Power Slim'. The product claims to have been seen in the pages of Women's Health, Elle, Marie Claire, Oprah, Cosmopolitan and other magazines.



If the miracle diet pills are doing so well at getting media coverage, it seems strange to me that it also has to be promoted through spam via compromised Twitter accounts - but there you go.

It's currently unclear how the Twitter accounts have been hacked. It could be that the users' passwords have been compromised, similar to another Acai Berry spam campaign we saw on Twitter at the end of last year following the Gawker password breach.

Too many users (perhaps as many as a third) are still using the same password for every website they access.

Password chart

If your account on Twitter has been compromised, make sure you change your password to a non-dictionary word - and be sure to also change any other online accounts where you might be using the same password. Far too many people use the same passwords on multiple sites, which obviously increases your chances of becoming hacked.

Not sure how to choose a password that's memorable but also hard for the hackers to guess? Watch this video:


(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

If you want to be kept up-to-date on the latest security threats on Twitter and elsewhere on the net, follow me on Twitter.

Follow @gcluley



"

Posted by at No comments:
Labels: , , , , , , , , , , , , , , , ,

Your Facebook Profile Stalkers exposed? No, it's a rogue application spreading virally

Your Facebook Profile Stalkers exposed? No, it's a rogue application spreading virally: "
Messages are spreading rapidly on Facebook claiming to reveal a way to find out who has been secretly viewing your profile.

Here are a couple of examples:

Profile stalkers on Facebook

Brilliant!! Now u can see all your profile stalkers! --> [LINK]

and

Profile stalkers on Facebook


WOW!! I can't believe that you can see whose viewing your profile. I've just seen my top 10 profile peekers and I'm shocked on whose Viewing my Profile. You can also see whose viewing your FACEBOOK PROFILE HERE: [LINK]

Clicking on the links takes you to a splash screen for a rogue application, and you are fooled by the promise of discovering who has been viewing your Facebook profile to give permission for a third-party application to access your account.

Profile stalkers on Facebook

Want to see who views your Facebook profile?

This is amazing!

Now you can see who is viewing your profile and find out how many profile views you got. Just use our application and press button below and then Allow to analyze your Facebook profile!

Obviously you shouldn't grant permission on the following screen for the application to access your Facebook profile, but an alarming number of users appear to have no qualms about exposing their confidential information and degrading their security in this way.

Profile stalkers on Facebook

The problem is that this isn't a legitimate application request. A rogue application wants access to your account so it can spread the messages and its link even further, spreading the campaign virally across the social network. The goal? To earn money by driving traffic to an online survey.

Profile stalkers on Facebook

Notice that the survey presents itself in a convincing Facebook style, which may trick some users into believing that it is legitimate.

If you've been affected by this scam, you should clean up your account before any further damage is done.

I've made a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams on Facebook:


(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Make sure that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 100,000 people regularly share information on threats and discuss the latest security news.

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.

Follow @gcluley



"


Posted by at No comments:
Labels: , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)