Several spam emails are circulating on the internet that use the Ford Foundation name, logo and web address, the nonprofit philanthropy warned on its website Tuesday.
Spammers claiming to be from the Ford Foundation invite recipients to register for overseas conferences, offer free travel and medical insurance from the foundation. other emails claim the recipients have won foundation grant money and to contact an office in London to claim the prize.
"These emails, websites and accompanying materials and claims are in no way associated with the Ford Foundation or any foundation employees," the organization said. "We recommend not responding to emails making such claims."
The only time the foundation will ask for any information from grantees is through a secure Grantee Access website.
Phishing attacks and spam email scams recently target small businesses with phony shipping, IRS and banking emails that appear legitimate. The emails mimic the design of corporate or organization websites, brands and logos to spoof the legitimate sources.
People tricked by the emails give away their account information, which criminals use to steal online funds and to infect computers with malicious software. Anti spam and phishing filters protect against these type of scams.
Monthly Archives: October 2009
US-CERT warns of BlackBerry PhoneSnoop spyware application
A free BlackBerry smartphone application created by a security researcher installs spyware on the phone for listening to calls, the U.S. Computer Emergency Readiness Team warned Tuesday.
An attacker who tricks a BlackBerry user into installing the PhoneSnoop application, such as in an attachment in an email, could use the app to call the victim's phone and listen in on private conversations, according to US-CERT.
CNET News reported that the app was created by Sheran Gunasekera, a security consultant from Jakarta, Indonesia, who told CNET the app was intended to show the security vulnerability in BlackBerrys.
"My intention was to raise awareness that even though the BlackBerry is one of the more secure platforms, there are still means where its users can be spied upon," Gunasekera said, according to CNET.
US-CERT tells users downloading BlackBerry applications to only access apps from trusted sources and to password protect and lock their BlackBerry devices.
An attacker who tricks a BlackBerry user into installing the PhoneSnoop application, such as in an attachment in an email, could use the app to call the victim's phone and listen in on private conversations, according to US-CERT.
CNET News reported that the app was created by Sheran Gunasekera, a security consultant from Jakarta, Indonesia, who told CNET the app was intended to show the security vulnerability in BlackBerrys.
"My intention was to raise awareness that even though the BlackBerry is one of the more secure platforms, there are still means where its users can be spied upon," Gunasekera said, according to CNET.
US-CERT tells users downloading BlackBerry applications to only access apps from trusted sources and to password protect and lock their BlackBerry devices.
Defense department looking at flash drive, social networking security
The Department of Defense may partially lift a ban on USB flash drives, which had been abolished in November 2008 because of worms and viruses spreading across defense networks from infected USB thumb drives.
Military officials enacted the ban to protect sensitive information from data theft, but the blanket ban on flash drives causes inconveniences for troops using the devices to carry data in the field, CNET News reported.
Robert Carey, chief information officer for the Department of the Navy, posted on the Navy's CIO blog that some uses of flash drives will be permitted, although the department is assessing whether to allow personnel to access social networking sites (SNS).
"The benefits of access to SNS and other user generated content sites are great; however, the risks also must be weighed and factored into decisions," Carey said on the blog.
Flash drives can carry forms of malware that jump to the drives from infected PCs and can spread by downloading from the memory stick onto new computers.
The Conficker worm has spread to potentially millions of PCs jumping from USB flash drives onto machines. Worms also spread rapidly on SNS through hacked accounts.
Military officials enacted the ban to protect sensitive information from data theft, but the blanket ban on flash drives causes inconveniences for troops using the devices to carry data in the field, CNET News reported.
Robert Carey, chief information officer for the Department of the Navy, posted on the Navy's CIO blog that some uses of flash drives will be permitted, although the department is assessing whether to allow personnel to access social networking sites (SNS).
"The benefits of access to SNS and other user generated content sites are great; however, the risks also must be weighed and factored into decisions," Carey said on the blog.
Flash drives can carry forms of malware that jump to the drives from infected PCs and can spread by downloading from the memory stick onto new computers.
The Conficker worm has spread to potentially millions of PCs jumping from USB flash drives onto machines. Worms also spread rapidly on SNS through hacked accounts.
Windows 7 security feature knocked by experts
With the arrival today of Microsoft's much-hyped new operating system Windows 7 on retail shelves and online stores, security experts said the OS contains a carry-over from Vista in the form of User Account Control (UAC) that could pose security risks.
UAC's default setting in Windows 7 alerts users with a pop-up when a change is being made to the OS by third-party applications, an improvement over the feature in Vista, which issued pop-up warnings for any change to the system, which impacted usability.
But security experts have warned that the UAC default settings could be exploited by malware that is designed to turn off UAC, while security researchers have seen malware that attempts to spoof UAC notifications to get users to elevate privileges, CNET News reported.
Security researcher Ray Dickenson explained on the SafeCentral Blog that changes to UAC in Windows 7 make it easier for a Trojan malware that infiltrates the PC to turn off the UAC notification.
Researchers said the greatest malware threat remains cyber attacks from the web - through compromised websites that leave users open to "browse-and-get owned" drive-by attacks and Trojans hidden in executable files. Anti-virus filters can't always recognize those attacks.
UAC's default setting in Windows 7 alerts users with a pop-up when a change is being made to the OS by third-party applications, an improvement over the feature in Vista, which issued pop-up warnings for any change to the system, which impacted usability.
But security experts have warned that the UAC default settings could be exploited by malware that is designed to turn off UAC, while security researchers have seen malware that attempts to spoof UAC notifications to get users to elevate privileges, CNET News reported.
Security researcher Ray Dickenson explained on the SafeCentral Blog that changes to UAC in Windows 7 make it easier for a Trojan malware that infiltrates the PC to turn off the UAC notification.
Researchers said the greatest malware threat remains cyber attacks from the web - through compromised websites that leave users open to "browse-and-get owned" drive-by attacks and Trojans hidden in executable files. Anti-virus filters can't always recognize those attacks.
Gumblar Trojan exploits Adobe Reader and Acrobat security hole
Filed under Security News
Tagged as acrobat, adobe, Gumblar, hole, reader, security, trojan, vulnerability
Tagged as acrobat, adobe, Gumblar, hole, reader, security, trojan, vulnerability
A security flaw in Adobe Reader and Acrobat is being actively exploited by cyber attackers with malicious PDFs. Security researchers at IBM's web security labs have seen a surge in attacks on this security vulnerability.
IBM researchers said on the Frequency X Blog that variants of the Gumblar Trojan are attacking security holes in Microsoft Office, web browser and Adobe products, but most of the attacks are aimed at Adobe Acrobat and Reader.
"Here in Managed Security Services, we've noticed a considerable elevation in our global hits on malicious PDF files," the IBM researchers said on the blog. "More specifically, the signature used to detect the latest Adobe Reader Remote Code Execution has picked up most of the activity."
Adobe disclosed the security vulnerabilities in its October 13 batch of security patches and recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2.
The security bulletin from Adobe on the flaw said remote code execution could allow an attacker to take control of a user system if a victim opens a PDF file infected with the virus.
IBM researchers said on the Frequency X Blog that variants of the Gumblar Trojan are attacking security holes in Microsoft Office, web browser and Adobe products, but most of the attacks are aimed at Adobe Acrobat and Reader.
"Here in Managed Security Services, we've noticed a considerable elevation in our global hits on malicious PDF files," the IBM researchers said on the blog. "More specifically, the signature used to detect the latest Adobe Reader Remote Code Execution has picked up most of the activity."
Adobe disclosed the security vulnerabilities in its October 13 batch of security patches and recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2.
The security bulletin from Adobe on the flaw said remote code execution could allow an attacker to take control of a user system if a victim opens a PDF file infected with the virus.
Mozilla and Microsoft tangle on Firefox plug-in security
Microsoft and Mozilla got their signals crossed last week over a Windows plug-in called .NET Framework Assistant included by Microsoft in the Firefox browser for activation of add-on programs. Mozilla is blocking one vulnerable Microsoft add-on and blocked then unblocked another.
On Friday, Mozilla blocked the .NET Framework Assistant add-on for Firefox 3.5, citing difficulties some users had entirely removing the add-on, "and because of the severity of the risk it represents if not disabled," according to Mike Shaver, Mozilla's vice president of engineering, on the Mozilla security blog.
Shaver said Mozilla contacted Microsoft "to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism," according to the blog post. But on Sunday, Mozilla was trying to unblock the add-on for .NET Framework Assistant, as Shaver said the add-on did not pose a security vulnerability.
"We received confirmation from Microsoft this evening that the Framework Assistant add-on is not a mechanism for exploiting the vulnerabilities detailed in the earlier post, so we've removed it from the blocklist," Shaver said in his blog.
But a separate vulnerability exists for a Microsoft add-on that Mozilla said needs blocking for Firefox users. The vulnerability exists in the Windows Presentation Foundation (WPF), which is included in the .NET Framework Service Pack 1. Shaver said via Twitter that the "WPF plugin is the vector for the XBAP vuln via Firefox."
On Friday, Mozilla blocked the .NET Framework Assistant add-on for Firefox 3.5, citing difficulties some users had entirely removing the add-on, "and because of the severity of the risk it represents if not disabled," according to Mike Shaver, Mozilla's vice president of engineering, on the Mozilla security blog.
Shaver said Mozilla contacted Microsoft "to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism," according to the blog post. But on Sunday, Mozilla was trying to unblock the add-on for .NET Framework Assistant, as Shaver said the add-on did not pose a security vulnerability.
"We received confirmation from Microsoft this evening that the Framework Assistant add-on is not a mechanism for exploiting the vulnerabilities detailed in the earlier post, so we've removed it from the blocklist," Shaver said in his blog.
But a separate vulnerability exists for a Microsoft add-on that Mozilla said needs blocking for Firefox users. The vulnerability exists in the Windows Presentation Foundation (WPF), which is included in the .NET Framework Service Pack 1. Shaver said via Twitter that the "WPF plugin is the vector for the XBAP vuln via Firefox."
Black hat SEO rides the Google Wave, Obama Nobel stories
Cybercriminals exploiting popular interest in trending topics on search engines have recently caught on to stories about President Obama's Nobel Peace Prize and Google Wave for distributing malware.
Web security researchers at Websense reported that cybercriminals are poisoning Google search results for Google Wave with search engine optimization (SEO) tactics - or black hat SEO - to lure searchers to their websites laden with malware.
Trend Micro reported on its Counter Measures blog that scammers are offering to sell Google invites to the beta-testing phase of Google Wave, a service that combines instant messaging with email for live communications.
Obama's receipt of the Nobel Peace Prize and the subsequent debate about its merits have also triggered a spam campaign that asks users to visit a website to download a phony report on the issue which contains malware, McAfee reported on its security blog.
Cybercriminals have recently used similar tactics to spread viruses and malware with websites and spam related to news stories such as celebrity deaths like Michael Jackson and Patrick Swayze and earthquakes and tsunamis in Asia.
Web security researchers at Websense reported that cybercriminals are poisoning Google search results for Google Wave with search engine optimization (SEO) tactics - or black hat SEO - to lure searchers to their websites laden with malware.
Trend Micro reported on its Counter Measures blog that scammers are offering to sell Google invites to the beta-testing phase of Google Wave, a service that combines instant messaging with email for live communications.
Obama's receipt of the Nobel Peace Prize and the subsequent debate about its merits have also triggered a spam campaign that asks users to visit a website to download a phony report on the issue which contains malware, McAfee reported on its security blog.
Cybercriminals have recently used similar tactics to spread viruses and malware with websites and spam related to news stories such as celebrity deaths like Michael Jackson and Patrick Swayze and earthquakes and tsunamis in Asia.
Botnets proliferate, making DDoS attacks cheaper
Network security researchers tracking online criminal activity say the underground marketplace for networks of hacked computers - botnets - has become so crowded in recent years that renting a botnet to launch attacks is becoming cheaper.
Botnets, which can be used by bot-herders to send out waves of spam and malware and to launch distributed denial-of-service (DDoS) attacks to take down websites and servers, are traded and rented out to attackers as a kind of black market software-as-a-service.
But as more PCs become infected by proliferating worms and Trojan malware, the price to rent a botnet is becoming progressively cheaper, according to Jose Nazario, security researcher for Arbor Networks.
"The barriers to entry in that marketplace are so low you have people basically flooding the market," Nazario said, according to Computerworld. "The way you differentiate yourself is on price."
Security researchers at Finjan previously discovered a trading platform called Golden Cash that sells batches of 1,000 infected PCs - an infected PC is called a "zombie" or bot - for as liuttle as $25 to $500.
Researchers said not all of the botnet rentals are equally dangerous, so low-end attackers may not be getting much for their money.
Botnets, which can be used by bot-herders to send out waves of spam and malware and to launch distributed denial-of-service (DDoS) attacks to take down websites and servers, are traded and rented out to attackers as a kind of black market software-as-a-service.
But as more PCs become infected by proliferating worms and Trojan malware, the price to rent a botnet is becoming progressively cheaper, according to Jose Nazario, security researcher for Arbor Networks.
"The barriers to entry in that marketplace are so low you have people basically flooding the market," Nazario said, according to Computerworld. "The way you differentiate yourself is on price."
Security researchers at Finjan previously discovered a trading platform called Golden Cash that sells batches of 1,000 infected PCs - an infected PC is called a "zombie" or bot - for as liuttle as $25 to $500.
Researchers said not all of the botnet rentals are equally dangerous, so low-end attackers may not be getting much for their money.
Google provides malware detection tools for webmasters
Google announced Monday that it has added malware details to its Webmaster Tools to help website administrators locate and remove malicious code.
Google's search engine and web browsers including Firefox, Chrome and Safari automatically scan websites for malware, which provides web users with a warning that the page may be infected before directing them to the site.
The company said on its security blog that the Webmaster Tools malware details feature will help site administrators get their websites cleaned up of malware in malicious HTML tags, Javascript and Flash files that may have been injected into the site by attackers.
"While it is important to protect users, we also know that most of these sites are not intentionally distributing malware," Google's Lucas Ballard explained on the blog. "We understand the frustration of webmasters whose sites have been compromised without their knowledge and who discover that their site has been flagged."
Webmasters will see a list of their pages flagged for malware distribution and samples of the malicious content that Google's scanners encountered.
Cybercriminals frequently target legitimate websites for distribution of malware through attacks known as cross-site scripting (XSS) and SQL injection.
The Firefox web browser will soon feature a technology called Content Security Policy which the company said would block XSS hacker attacks from websites injected with malicious code.
Google's search engine and web browsers including Firefox, Chrome and Safari automatically scan websites for malware, which provides web users with a warning that the page may be infected before directing them to the site.
The company said on its security blog that the Webmaster Tools malware details feature will help site administrators get their websites cleaned up of malware in malicious HTML tags, Javascript and Flash files that may have been injected into the site by attackers.
"While it is important to protect users, we also know that most of these sites are not intentionally distributing malware," Google's Lucas Ballard explained on the blog. "We understand the frustration of webmasters whose sites have been compromised without their knowledge and who discover that their site has been flagged."
Webmasters will see a list of their pages flagged for malware distribution and samples of the malicious content that Google's scanners encountered.
Cybercriminals frequently target legitimate websites for distribution of malware through attacks known as cross-site scripting (XSS) and SQL injection.
The Firefox web browser will soon feature a technology called Content Security Policy which the company said would block XSS hacker attacks from websites injected with malicious code.
Internet Explorer security flaw affects Firefox browser
Microsoft's release of its monthly security update on Tuesday contained fixes for three vulnerabilities affecting all versions of Internet Explorer, including one vulnerability that could be exploited on the .NET Framework to infect users of the Firefox browser.
The patch CVE-2009-2529 fixes a vulnerability in the Windows Presentation Foundation (WPF) component that could be exploited in a browse-and-get owned scenario by visiting a malicious website.
"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," Microsoft said on its IE Blog. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."
That means Firefox users with .NET Framework 3.5 who visit a malicious website could have their Windows PCs hijacked using this vulnerability.
Microsoft said a workaround to mitigate the problem involves disabling the XBAP (XAML Browser Application) in the internet zone under security settings.
Firefox users can disable the Windows Presentation Foundation under Tools, Add-ons and then Plug-ins.
The security update is rated critical for all IE versions including IE 5.0, IE 6, IE 6 SP1, IE 7 and IE 8, including the version shipped with Windows 7.
The patch CVE-2009-2529 fixes a vulnerability in the Windows Presentation Foundation (WPF) component that could be exploited in a browse-and-get owned scenario by visiting a malicious website.
"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," Microsoft said on its IE Blog. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."
That means Firefox users with .NET Framework 3.5 who visit a malicious website could have their Windows PCs hijacked using this vulnerability.
Microsoft said a workaround to mitigate the problem involves disabling the XBAP (XAML Browser Application) in the internet zone under security settings.
Firefox users can disable the Windows Presentation Foundation under Tools, Add-ons and then Plug-ins.
The security update is rated critical for all IE versions including IE 5.0, IE 6, IE 6 SP1, IE 7 and IE 8, including the version shipped with Windows 7.