It looks like I'm dead! In fact I mighthave already been dead for a couple of weeks without even realizing it.That's if I believe the emails I've received (I've received the samemail eight separate times and counting). No, it wasn't a death threatagainst security researchers. It's an email stating that there had beena nuclear accident in Switzerland and everything is now radioactive andcontaminated. Since I live in Switzerland, I had a distinct feelingthat there was something bogus about this message. Even if I wasn'tliving here, all of the grammatical mistakes and the absolute lack ofumlauts in the message text where there should be some would have beenmy early clues that this was yet more spam.
My girlfriend recently bought an mp3 playerthrough eBay. The slim 8GB player, dubbed ”MP3 Player“ by the no-namebrand vendor, reminded me of some other well known player – I… I… Ijust can’t remember the name. But, since it was offered at half theprice of an iPod, we thought that it wasn’t such a bad deal and orderedit. Last week it was finally delivered and while checking it out Iconnected it through USB to my laptop. A moment later my NortonInternet Security informed me that the removable device was infectedwith Backdoor.Graybird.Using a hidden autorun.inf file the back door tried to infect the PCthe player was connected to – if the user was careless enough to openthe drive unprotected. ;-) Not that I believed that we would no longersee any Backdoor.Graybirds after the...
“Because that's where the money is” was apparently the reason givenby Willie Sutton when asked why he kept robbing banks. Even though thatstatement may be correct, Willie Sutton never said it like this – as heexplains in his book “Where the Money Was.” Still, it evolved into oneof those urban myths, quoted many times. But there is an even betteranalogy to be made between the life of this bank robber from the 1940sand today’s online crime.
One of his nicknames was “The Actor,” which he gained aftercommitting robberies in broad daylight, impersonating trustedpersonnel. He varied his disguise from telegraph messenger tomaintenance man to policeman. He had realized that an acetylene torchwas not the best way into a safe – it was much easier to abuse people’strust, as no one really expected such assaults from within their ownranks. It was like an insider job, but without actually belonging tothe team in the first place. Those old-school social engineering tricksare comparable...
If you live in a German-speaking region, then you might have received one or two strange emails last month, which were unlike the huge amount of regular spam often seen. The first type of odd email was multiple instances of alleged invoices that were sent as email attachments by local ISPs or other service providers. The disguised attachment had a .pdf.exe double extension, which was not an invoice document at all, but a Downloader. Some people thought it was a scam asking for payment for a service that was never received (which was not true in this case), but even so the decision to immediately delete the email was the right choice.
At the end of January, another strange email made its rounds. This one claimed to come from the Bundeskriminalamt (BKA), the federal police in Germany. The email text mentioned charges against the user for downloading illegal movies and software and referred to the attachment as a fax form for statements that had to be completed as soon as...
If I remember my math teacher correctly, then 1 + 1 = 2. Or, 2.0, to be trendy. In terms of the Internet today this could mean: Take one interactive Web solution plus one large user community and that will equal the next generation Web application. In 2006, we have seen many companies employing exactly this formula to create new Web services (some of which are very useful, while others are more for entertainment).
But in arithmetic you have to be sure to understand the variables you calculate with. If, like in this case, you deal with a very large active user group, then the chances of encountering people who don’t play by the rules are high. Therefore, it should be of no surprise that we have seen a rise in Web attacks toward the end of this year, especially considering the number of browser vulnerabilities that were discovered.
Jeremiah Grossman and others compiled a list of the...
Mozilla’s Firefox browser is quite popular and it is often recommended when it comes to the question: What is a safe browser alternative? Unfortunately, this does not necessarily mean that you are not susceptible to browser attacks.
Microsoft Internet Explorer is often hijacked by malware that drops browser helper objects (BHO), which will then be loaded every time the user starts Microsoft Internet Explorer. The BHOs can then manipulate data that is sent to the Internet and (for example) steal passwords or monitor user habits. With the Cross Platform Component Object Model (XPCOM), something similar to a BHO exists on the Mozilla side. It is a framework for developers to create modules that access features of the Gecko engine. For example, Firefox extensions are written with XPCOM and can therefore integrate seamlessly into Firefox.
Of course, it shouldn’t be a big surprise that this technique can also be used with malicious intent. Unwanted...
Phishing attacks evolved from simple email attacks quite a long time ago. These days, we still see many attacks with obfuscated links and spoofed Web sites, but the emerging threat is in phishing malware. Even in the malware domain we have seen further developments, from basic key logging to session modification Trojans. The attacks are becoming more sophisticated in order to circumvent the current prevention methods.
Take, for example, the Trojan.Satiloler family. This threat monitors traffic that is sent and received by a Web browser. It can inject script code into received Web pages before they are passed to the user’s browser. If the Trojan finds a predefined online banking Web site, it replaces all of the Web form submit functions with its own functions. This enables the Trojan to control the information flow on that particular site without the user noticing. If a...
