The blossoming of web 2.0 social networking sites like Twitter and Facebook is benefitting many businesses that have tapped into them for viral marketing, but web security threats from spam to malware and identity theft are putting these same firms at risk, reports web security firm Sophos.
In Sophos' latest internet security report, the firm states that web 2.0 companies "are concentrating on growing their userbase at the expense of properly defending their existing customers from internet threats."
"What's needed is a period of introspection," said Graham Cluley, senior technology consultant at Sophos. "The honeymoon period of these sites is over."
Last week, a hacker who gained access to a Twitter employee's personal email account was able to infiltrate the company's Google Apps account to steal confidential documents, which were then published by some websites.
Facebook is attempting to clamp down on spam, phishing and malware by requiring users who have been hacked to go through a verification process when they attempt to access their profile again.
Sophos said businesses are worried about employees putting their employers at risk by exposing too much information on social nets, which is how Twitter's vital information ended up splashed across the internet.
One-quarter of organizations have been exposed to malware from social nets, Sophos said.
Tag Archives: Sophos
Phony Erin Andrews video spreads malware
Filed under Security News
Tagged as Erin Andrews, ESPN, Mal/EncPk-IF, Mal/FakeAV-AY, OSX/Jahlav-C, Sophos, YouTube
Tagged as Erin Andrews, ESPN, Mal/EncPk-IF, Mal/FakeAV-AY, OSX/Jahlav-C, Sophos, YouTube
Cybercriminals are exploiting curious voyeurs hoping to watch a video purporting to show hidden "peephole video" camera footage of ESPN reporter Erin Andrews by hosting malicious web pages that contain Trojan malware, according to web security experts at Sophos.
Andrews, a popular sideline reporter for the sports cable network, was reportedly videotaped nude in a hotel room by a voyeur who posted the video on YouTube. The video has since been removed from the site.
Graham Cluley, senior technology consultant at Sophos, reported on his blog that websites spoofing CNN and other sites claiming to host the video are cropping up, which ask visitors to download a video player that is actually malware that can infect the user's PC or Mac.
Mac users who download the phony video player would be infected by the Trojan OSX/Jahlav-C while Windows users would download either the Trojan Mal/EncPk-IF or a fake antivirus program, Mal/FakeAV-AY, Cluley reported.
Cluley said hackers are increasingly setting up malicious sites that can determine if users are visiting from a Mac or PC "and serve up the right flavor of malware accordingly."
Andrews, a popular sideline reporter for the sports cable network, was reportedly videotaped nude in a hotel room by a voyeur who posted the video on YouTube. The video has since been removed from the site.
Graham Cluley, senior technology consultant at Sophos, reported on his blog that websites spoofing CNN and other sites claiming to host the video are cropping up, which ask visitors to download a video player that is actually malware that can infect the user's PC or Mac.
Mac users who download the phony video player would be infected by the Trojan OSX/Jahlav-C while Windows users would download either the Trojan Mal/EncPk-IF or a fake antivirus program, Mal/FakeAV-AY, Cluley reported.
Cluley said hackers are increasingly setting up malicious sites that can determine if users are visiting from a Mac or PC "and serve up the right flavor of malware accordingly."
Spam report: U.S. tops Q2 list of spam-sending countries
Spam email relaying PCs - called bots or botnets - typically reside in a handful of high-tech countries with plenty of internet users. In the second quarter of 2009, chances were better than one-in-six that a spam email was sent from a PC in the United States, according to internet security firm Sophos.
In its quarterly list of the top 12 spam relaying countries, called the "dirty dozen," Sophos said the U.S. ranked first, sending 15.6 percent of all spam. In contrast, Russia, a former spam superpower, fell from second last year to ninth in the most recent survey, sending just 3.2 percent of spam.
Sophos said the problem continues to be the number of unprotected PCs in the U.S. that have been infected by malware programmed by cybercriminals to send out junk email.
"If America could clean up its compromised PCs it would be a considerable benefit to everyone around the world who uses the [internet]," said Graham Cluley, senior technology consultant for Sophos. "All web users need to properly defend their computers from attack and pledge to never act upon spam messages."
A recent survey by the Messaging Anti-Abuse Working Group found that 12 percent of non-expert computer users have responded to spam because they were interested in the product or service offered.
In its quarterly list of the top 12 spam relaying countries, called the "dirty dozen," Sophos said the U.S. ranked first, sending 15.6 percent of all spam. In contrast, Russia, a former spam superpower, fell from second last year to ninth in the most recent survey, sending just 3.2 percent of spam.
Sophos said the problem continues to be the number of unprotected PCs in the U.S. that have been infected by malware programmed by cybercriminals to send out junk email.
"If America could clean up its compromised PCs it would be a considerable benefit to everyone around the world who uses the [internet]," said Graham Cluley, senior technology consultant for Sophos. "All web users need to properly defend their computers from attack and pledge to never act upon spam messages."
A recent survey by the Messaging Anti-Abuse Working Group found that 12 percent of non-expert computer users have responded to spam because they were interested in the product or service offered.
Erin Andrews ‘peephole video’ spreading malware
Cybercriminals are exploiting curious voyeurs hoping to watch a video purporting to show hidden "peephole video" camera footage of ESPN reporter Erin Andrews by hosting malicious web pages that contain Trojan malware, according to web security experts at Sophos.
Andrews, a popular sideline reporter for the sports cable network, was reportedly videotaped nude in a hotel room by a voyeur who posted the video on YouTube. The video has since been removed from the site.
Graham Cluley, senior technology consultant at Sophos, reported on his blog that websites spoofing CNN and other sites claiming to host the video are cropping up, which ask visitors to download a video player that is actually malware that can infect the user's PC or Mac.
Mac users who download the phony video player would be infected by the Trojan OSX/Jahlav-C while Windows users would download either the Trojan Mal/EncPk-IF or a fake antivirus program, Mal/FakeAV-AY, Cluley reported.
Cluley said hackers are increasingly setting up malicious sites that can determine if users are visiting from a Mac or PC "and serve up the right flavor of malware accordingly."
Andrews, a popular sideline reporter for the sports cable network, was reportedly videotaped nude in a hotel room by a voyeur who posted the video on YouTube. The video has since been removed from the site.
Graham Cluley, senior technology consultant at Sophos, reported on his blog that websites spoofing CNN and other sites claiming to host the video are cropping up, which ask visitors to download a video player that is actually malware that can infect the user's PC or Mac.
Mac users who download the phony video player would be infected by the Trojan OSX/Jahlav-C while Windows users would download either the Trojan Mal/EncPk-IF or a fake antivirus program, Mal/FakeAV-AY, Cluley reported.
Cluley said hackers are increasingly setting up malicious sites that can determine if users are visiting from a Mac or PC "and serve up the right flavor of malware accordingly."
Michael Jackson spam email proliferates, spreads viruses
Surging popular interest in the wake of Michael Jackson's death last week has set off a bonanza of related spam email, some of which contains malicious links, viruses and scams designed to ensnare curious recipients.
Web security firm Symantec said in a blog post Wednesday that spammers have largely abandoned Fourth of July-themed spam that typically picks up around the holiday weekend, likely because Jackson's death continues to drive web traffic like nothing else.
"Surprisingly, it looks as if spammers are less passionate about spawning Independence Day spam this year. The probable reason for this neutrality could be the spam spike related to the death of pop star Michael Jackson," Symantec researcher Samir Patil said in the post.
Malware disguised as YouTube videos and other files purporting to contain missing Jackson songs and photos have been reported.
Scams have also proliferated, including one claiming to come from a concert ticket office based in London that requests the recipient's information for ticket reimbursement, information that could be used for identity theft and fraud, Symantec reported.
IT security firm Sophos also spotted malware in Jackson-related email, including one from a phony Italian YouTube site that asks users to download an update to their Flash player that executes the Trojan malware ZBot.
Web security firm Symantec said in a blog post Wednesday that spammers have largely abandoned Fourth of July-themed spam that typically picks up around the holiday weekend, likely because Jackson's death continues to drive web traffic like nothing else.
"Surprisingly, it looks as if spammers are less passionate about spawning Independence Day spam this year. The probable reason for this neutrality could be the spam spike related to the death of pop star Michael Jackson," Symantec researcher Samir Patil said in the post.
Malware disguised as YouTube videos and other files purporting to contain missing Jackson songs and photos have been reported.
Scams have also proliferated, including one claiming to come from a concert ticket office based in London that requests the recipient's information for ticket reimbursement, information that could be used for identity theft and fraud, Symantec reported.
IT security firm Sophos also spotted malware in Jackson-related email, including one from a phony Italian YouTube site that asks users to download an update to their Flash player that executes the Trojan malware ZBot.
Spammers exploit Michael Jackson’s death
The death of pop icon Michael Jackson on Thursday is already being exploited by cybercriminals sending spam emails with subject lines and messages related to the news, IT security firm Sophos said.
In these messages, the spammer claims to have "vital informations" about the death of "Michael Jackson's" to share with recipients of the email. The body of the email does not contain any call-to-action links, but a spammer can easily harvest recipients' email addresses via a free live email address if computer users reply to the spam message.
This type of breaking news story that spurs widespread popular interest is the perfect vehicle for spammers to snare vulnerable computer users, said Graham Cluley, senior technology consultant at Sophos.
Cluley said the firm has also seen spam piggy-backing on the news of Farrah Fawcett's death to spread fake antivirus software.
"The fact is that cybercriminals have no respect for taste and decency," Cluley said. "The only thing they are interested in is making some money for themselves."
In March, the sudden death of British actress Natasha Richardson inspired a wave of malicious search-optimized websites for spreading rogue antivirus products.
In these messages, the spammer claims to have "vital informations" about the death of "Michael Jackson's" to share with recipients of the email. The body of the email does not contain any call-to-action links, but a spammer can easily harvest recipients' email addresses via a free live email address if computer users reply to the spam message.
This type of breaking news story that spurs widespread popular interest is the perfect vehicle for spammers to snare vulnerable computer users, said Graham Cluley, senior technology consultant at Sophos.
Cluley said the firm has also seen spam piggy-backing on the news of Farrah Fawcett's death to spread fake antivirus software.
"The fact is that cybercriminals have no respect for taste and decency," Cluley said. "The only thing they are interested in is making some money for themselves."
In March, the sudden death of British actress Natasha Richardson inspired a wave of malicious search-optimized websites for spreading rogue antivirus products.
Mac users targeted by porn site malware
Filed under Security News
Tagged as Apple Mac, Mac OS X, senior technology consultant, Sophos, web browser, web security, X. Graham Cluley, YouTube
Tagged as Apple Mac, Mac OS X, senior technology consultant, Sophos, web browser, web security, X. Graham Cluley, YouTube
A web security firm has spotted two new malware attacks that target Mac OS X and Windows users who visit a website that presents itself as a portal for porn videos.
The malware comes as a pop-up that tells users they need to download a plug-in to watch the videos. Users who click on it download the malware.
Sohpos said on its blog yesterday that it spotted two versions of this type of malware - one specifically designed for Mac OS X. Graham Cluley, senior technology consultant for Sophos, said Mac users need to be aware that they are not immune from the threat.
"Some Mac users may have thought that it was safe to surf for porn on their Apple Mac, but they were wrong," he said.
The booby-trapped websites determine if the victim's web browser is running on Windows or Mac OS X and serve up malware specifically designed for the visitor's operating system, Culey said.
Porn sites seem to be a favorite among cybercriminals for spreading malware. Last month, a security firm found close to 5,000 videos on YouTube with malicious links in the comments offering to take users to porn sites that contained malware.
The malware comes as a pop-up that tells users they need to download a plug-in to watch the videos. Users who click on it download the malware.
Sohpos said on its blog yesterday that it spotted two versions of this type of malware - one specifically designed for Mac OS X. Graham Cluley, senior technology consultant for Sophos, said Mac users need to be aware that they are not immune from the threat.
"Some Mac users may have thought that it was safe to surf for porn on their Apple Mac, but they were wrong," he said.
The booby-trapped websites determine if the victim's web browser is running on Windows or Mac OS X and serve up malware specifically designed for the visitor's operating system, Culey said.
Porn sites seem to be a favorite among cybercriminals for spreading malware. Last month, a security firm found close to 5,000 videos on YouTube with malicious links in the comments offering to take users to porn sites that contained malware.