Trojan attack targets #Facebook users

Security experts have warned Facebook users to be on the alert after the discovery of a new password malware scam linked to the Bredolab Trojan.

Email security firm Websense claimed yesterday to have seen 90,000 instances of the attack, calling it a “new wave of malicious spoof email attacks”.

The messages purport to come from Facebook and are designed to appear as a simple password reset confirmation. However, a .exe file in the mail contains a hidden virus with a nasty payload.

Websense said in a security alert that the .exe file connects to two servers in order to download additional malicious files. The victim’s PC then joins the Bredolab botnet, giving hackers full control.

“This spam email attack is designed to play on the subject at the forefront of users’ minds: their password security,” said Carl Leonard, Websense security labs manager.

“Falling for this scam could lead to the unsuspecting user becoming part of a botnet. With therecent hack of web email accounts, users would feel more compelled to open an attachment that purports to hold their new password, as they’d be worried who changed it in the first place.

“Our advice for users is to always go directly to the web address you have an account with and reset passwords there.”

Graham Cluley, senior technology consultant at Sophos, confirmed that the malicious emails have been spammed out widely across the internet.

“The ‘from’ address has been forged, and the attached file is in fact a piece of malware. Sophos detects the malware as Troj/BredoZp-M or Mal/Bredo-A,” he wrote in a blog post.

“Don’t make life easy for the hackers hell-bent on infecting your computer, stealing your identity and emptying your bank account. Exercise caution when you receive unsolicited emails, and protect your computer with up-to-date security software.”

Its now the turn of Twitter!

A new spammed malware attack is impersonating messages from micro-blogging site Twitter.

Researchers at Symantec said that the attack poses as an invitation to join Twitter with the message: ‘Your friend has invited you to Twitter.’ The message also contains images of the Twitter logo and front pages.

Rather than send the user to Twitter by way of a URL, however, the message asks the user to open an attachment under the name ‘InvitationCard.zip’. On launching the attached file, the user is infected with a malicious worm that attempts to send out mass email messages.

Users are advised not to open the invitation attachments or any other unsolicited or suspicious email attachments.

“As Twitter continues to gain popularity among social networking users, people are regularly receiving invitations and email updates from fellow users, ” wrote Symantec researcher Sammy Chu in a blog post.

“We expect that spammers will continue to use Twitter and other popular social networks as bait in their attacks.”

The practice of disguising malware as email attachments and greeting cards is not new. Attacks such as the infamous Storm worm were routinely spread under the guise of greeting card attachments.

Attacks targeting Twitter have also become more common in recent months as the site has seen its popularity soar. Attacks have ranged from account-stealing hacking attempts to cross-site scripting attacks and malware distribution attacks.

source: http://www.vnunet.com/vnunet/news/2244458/malware-threat-targets-twitter

Apple site hacked!!!

pretty excited with my finding – the apple site http://www.apple.com/asia/buy/locator/svcindex.html if you select a country and then click serach – it takes you to

http://foo.example.com/cgi-bin/tester

thats a comprimize or a REALLY bad upgrade job- like forgetting to remove the gauze from a patient during an operation.