Phishers and scammers use bleak economic news to lure victims

* Scammers using gloomy economic news to lure victims * Patches from Mandriva, Ubuntu * Prominent Web sites found to have serious coding flaw, and other interesting reading

Lots of Phishing, Spam and Scam news today. Looks like the down economy is proving to be a lucrative lure for scammers, who are using the stock and credit market woes in phishing attacks featuring Bank of America and pump-and-dump scams for penny stocks. Also, 419 scammers are hacking e-mail accounts and sending out a plea for money to "friends" of the hacked account. Different, but still slimy.

Today's malware news:

Scammers using gloomy economic news to lure victims

Not surprisingly, scammers and spammers (or are they one in the same?) are jumping on the bleak economic news as a means of delivering their wares. Network World, 10/02/2008.

419 Scammer Via Skype

Well that's typical, I go on holiday and the moment I switch a PC on to check something, this appears in Skype. The SpywareGuide Greynets Blog, 09/29/2008.

Did You Catch Some Phish?

The evolution of a phishing attack is quite straightforward. At first, the fraudsters compromise a vulnerable server and deploy a package called a "phishing kit," which contains a clone application of the targeted institution. Symantec Security Response, 09/29/2008.

419 Scammers Hack Email, Target Friends & Family With Request For Money

This is a particularly disturbing scam that's been passed my way, courtesy of reader MTGarden. The scammers in question hacked a colleague's e-mail account, then sent out a request for money to the people on the hacked account's contact list, claiming they were overseas and without cash. The SpywareGuide Greynets Blog, 10/01/2008.


Today's bug patches and security alerts:

Two new patches from Mandriva:

pam_mount (authentication bypass)

OpenAFS (denial of service)


Two new updates from Ubuntu:

nasm (one off vulnerability, code execution)

Thunderbird (multiple flaws)


From the interesting-reading department:

Prominent Web sites found to have serious coding flaw

Two Princeton University academics have found a type of coding flaw on several prominent Web sites that could jeopardize personal data and in one alarming case, drain a bank account. The type of flaw, called cross-site request forgery (CSRF), allows an attacker to perform actions on a Web site on behalf of a victim who is already logged into the site. IDG News Service, 09/30/2008.

FAQ: Clickjacking - should you be worried?

Last week, a pair of security researchers spread the news that a new class of vulnerabilities, called "clickjacking," puts users of every major browser at risk from possible attack. Computerworld, 09/29/2008.

Also: Clickjacking vulnerability to be revealed next month

Five mistakes security pros would make again

Ten years ago, Michael Riva was network administrator for a top-five American consultancy. Employees were downloading graphic pictures and videos onto the network. Riva told his boss a proxy server with content filtering might be in order; his boss laughed and suggested they put in a bigger file server instead. CSO, 09/29/2008.

A pro's tips on ATM fraud

A bank-machine hacker who reportedly was arrested earlier this month in Turkey gave would-be fraudsters tips on how to install rogue card-reading devices, including advising them to target drive-through ATMs and avoid towns with fewer than 15,000 residents. IDG News Service, 09/29/2008.

Security risks rise as smartphones become smarter

As wireless devices become more numerous within businesses, their convenience will be counterbalanced by an increasing potential for security problems, according to a Gartner analyst. IDG News Service, 09/29/2008.

Enterprises overpay for antivirus software, says analyst

Enterprises continue to pay too much for security software -- while the software vendors aren't doing enough research to keep up with fast-changing threats on the Internet, a Gartner analyst said Monday. IDG News Service, 09/29/2008.

How to minimize the impact of a data breach

Thirty-one percent of customers -- nearly one-third of a company's client base and revenue source -- are terminating their relationship with organizations following a data breach, according to a recent study by the Ponemon Institute. CSO, 09/30/2008.

IronKey adds remote wipe feature for USB drives

A new service called Silver Bullet from encrypted thumb-drive vendor IronKey will let administrators wipe out or lock the data on USB sticks in the field. IDG News Service, 09/30/2008.

Researchers develop bug-blocking chip monitor

Researchers at the University of Michigan have developed technology that can fence off microprocessor bugs and keep them from seizing up a PC. IDG News Service, 09/30/2008.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

IT Salary Survey: The results are in