Phishers and scammers use bleak economic news to lure victims

Scammers using gloomy economic news to lure victims Patches from Mandriva, Ubuntu Prominent Web sites found to have serious coding flaw, and other interesting reading

Today's malware news:

Scammers using gloomy economic news to lure victims
Not surprisingly, scammers and spammers (or are they one in the same?) are jumping on the bleak economic news as a means of delivering their wares. Network World, 10/02/2008.

419 Scammer Via Skype
Well that's typical, I go on holiday and the moment I switch a PC on to check something, this appears in Skype. The SpywareGuide Greynets Blog, 09/29/2008.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Today's malware news:

Scammers using gloomy economic news to lure victims
Not surprisingly, scammers and spammers (or are they one in the same?) are jumping on the bleak economic news as a means of delivering their wares. Network World, 10/02/2008.

419 Scammer Via Skype
Well that's typical, I go on holiday and the moment I switch a PC on to check something, this appears in Skype. The SpywareGuide Greynets Blog, 09/29/2008.

Did You Catch Some Phish?
The evolution of a phishing attack is quite straightforward. At first, the fraudsters compromise a vulnerable server and deploy a package called a "phishing kit," which contains a clone application of the targeted institution. Symantec Security Response, 09/29/2008.

419 Scammers Hack Email, Target Friends & Family With Request For Money
This is a particularly disturbing scam that's been passed my way, courtesy of reader MTGarden. The scammers in question hacked a colleague's e-mail account, then sent out a request for money to the people on the hacked account's contact list, claiming they were overseas and without cash. The SpywareGuide Greynets Blog, 10/01/2008.
**********

Today's bug patches and security alerts:

Two new patches from Mandriva:

pam_mount (authentication bypass)

OpenAFS (denial of service)
**********

Two new updates from Ubuntu:

nasm (one off vulnerability, code execution)

Thunderbird (multiple flaws)
**********

From the interesting-reading department:

Prominent Web sites found to have serious coding flaw
Two Princeton University academics have found a type of coding flaw on several prominent Web sites that could jeopardize personal data and in one alarming case, drain a bank account. The type of flaw, called cross-site request forgery (CSRF), allows an attacker to perform actions on a Web site on behalf of a victim who is already logged into the site. IDG News Service, 09/30/2008.

FAQ: Clickjacking - should you be worried?
Last week, a pair of security researchers spread the news that a new class of vulnerabilities, called "clickjacking," puts users of every major browser at risk from possible attack. Computerworld, 09/29/2008.

Also: Clickjacking vulnerability to be revealed next month

Five mistakes security pros would make again
Ten years ago, Michael Riva was network administrator for a top-five American consultancy. Employees were downloading graphic pictures and videos onto the network. Riva told his boss a proxy server with content filtering might be in order; his boss laughed and suggested they put in a bigger file server instead. CSO, 09/29/2008.

A pro's tips on ATM fraud
A bank-machine hacker who reportedly was arrested earlier this month in Turkey gave would-be fraudsters tips on how to install rogue card-reading devices, including advising them to target drive-through ATMs and avoid towns with fewer than 15,000 residents. IDG News Service, 09/29/2008.