Hacked GOP Site Infects Visitors with Malware
The now-infamous Storm Trojan horse is using new distribution methods to attack unsuspecting victims. Where it once used e-mail attachments or embedded links in spam, it has now turned to website exploits, recently infecting PC users through a Republican party website in Wisconsin, USA.

Read More

Germany Arrests 10 in Global Internet Scam Raids
After an 18-month probe, German police have arrested 10 people in Russia, Ukraine, and Germany in connection with an international Internet scam that may have cost hundreds of thousands of Euros from victims. The accused used phishing techniques to lure bank customers into answering fake Ebay or Deutsche Telekom e-mails, and then installed a Trojan horse to record their personal data.

Read More

Great Firewall of China More Like Chain-Link Fence
Researchers at the University of California at Davis and the University of New Mexico have proven that banned terms can slip through the government-imposed firewall for Internet surfing in China. Even with the occasional slip in security, most citizens still avoid searching for banned terms and concepts for fear that their Internet activity is being monitored by the Chinese government.

Read More

Financially Motivated Malware Thrives
As malware becomes more and more lucrative, software programs are being released that allow any unskilled hacker to earn a living sending spam. In September, a group of Russian hackers released a malware kit for $200 U.S. with information on how to become a master spammer.

Read More

They are sleek, they are powerful, and they are a wish list standard.  Smartphones, like iPhone and BlackBerry, are creating a collective buzz that can be heard worldwide.

The hype is well deserved.  Mobile devices have matured and with their coming of age we now have capabilities that seemed far-fetched only a few years ago.  For employees and executives the world over, smartphones make corporate data and applications available anytime, anywhere.

But just as a smartphone is now capable of downloading data and applications wirelessly, so can it download viruses, spyware, even pornographic content, without a user’s consent.  The use of flash memory cards on some phones opens yet another door for malware to spread to these devices.

The threat is real and growing.  A recent PC World article reports that malware writers are ramping up their activity in the mobile arena, learning from proof-of-concept threats and fine-tuning the amount of user interaction required to propagate the damage.

According to SMobile Systems, a company that specializes in mobile security, there are over 400 wireless threats currently, and more are predicted to arise by year’s end.  The threats can take many forms.  Among the attacks are those that attempt to delete data, those that record a user’s phone calls, and those that send SMS text messages with links to malicious web sites.

It is a simple equation:  greater use equals greater exposure.  The explosion in smartphone use and the productivity gains that come with it have increased the security risks for corporations.  Given their functionality, smartphones should be treated as an extension of the computing network system, just as desktops and laptops are.

Until recently, enterprises were wary of pushing business applications onto mobile devices.  Security concerns were also a primary focus for corporate users given the potential consequences and cost of exposing sensitive data.  But strong demand has begun to turn the tide.  In this endeavor, it is critical that IT organizations address security issues early on.

Different types of suppliers are working to deliver solutions – smartphone manufacturers, mobile networks, and security vendors – and increasingly finding that by coming together they have a better chance to prevent security issues from compromising the uptake of mobile technologies.

Matt Hines from InfoWorld recently spoke with several security executives. From Kara Hayes, a senior product manager at Nokia, he reports that encryption is one solution that is generating great interest.  And from Scott Totzke, from Research in Motion, the maker of the BlackBerry, he reports that customers are increasingly demanding ways of protecting data. The InfoWorld article quotes Totzke on customer’s needs:  “They want tools to kill information or lock it down when a handheld is lost, they want to encrypt sensitive data in transit and at rest, and there are growing concerns about compliance.”

Providers of security solutions are extending their reach by working directly with mobile operators.  One of them, Finnish company F-Secure offers security bundles through mobile operators, such as T-Mobile and Swisscom, and mobile handset manufacturers such as Nokia.

Time will tell if mobile threats escalate as is assumed that they will.  But following security best practices should be an equally wise move, whether using a smartphone or any other type of computing device.

“We suspect an unauthorized transaction on your account.  To ensure that your account is not compromised, please click the link below and confirm your identity.”

An e-mail communication that reads like this has probably appeared in your inbox recently.  Sounds official, doesn’t it?  Judging from the header on the e-mail, a trusted source has sent it – a government agency, your bank, your Internet service provider.

What will you do?

Anytime you receive an online request for personal information, you should treat it with a healthy dose of suspicion.  What appears to be a trusted source may, in fact, not be what it claims to be.  Chances are high that you have become a target of a highly individualized and persuasive attempt to steal your personal information for malicious purposes.  Phishing, as this type of attack is called, has become increasingly common.

A phishing attack can originate when personal data is stolen. Not much is required.  Bits of data can be simple enough, such as your e-mail address, telephone number and birthday. But those bits hold the potential for creating a profile of you that can be easily expanded through access to other sources of online information.

Resumes and CVs are a reservoir of useful data.  As recently as August of this year, resumes and CVs were the target of an attack on Monster, a popular employment website.  The attack, which began with stolen login credentials, enabled hackers to gain access to the Monster site and gather the personal information of over a million of its users.  According to news agency Reuters, Monster responded by shutting the server that was used to access the information, and contacting the affected users.

But the Monster security breach was only the start of the phishing attack.

Phishing e-mails can be tailored to exploit the information at hand.  For example, a Monster user could receive an e-mail that claims to be from a recruiter.  Upon clicking a link in the e-mail, the user could be directed to a fraudulent website that looks legitimate. From there the possibilities for acquiring additional data are limitless.

Some phishing e-mails contain software that can harm your computer or others, or track your activities on the Internet without your knowledge.

How can you avoid being the victim of a phishing scam?   The U.S. government, through its OnGuardOnline.gov website and National Cyber Alert System, has some practical tips to keep you safe online.

Responding to E-mail – If you are not sure whether an e-mail is legitimate, try to verify its identity.  Contact the source directly by using any previously obtained information – telephone number or type in the correct web address – instead of using the information provided in the suspicious e-mail.

Providing Information – Do not provide personal or financial information in an e-mail, or by clicking on a link included in an e-mail. E-mail is not a secure form of communication and legitimate companies do not ask for information in that way.  Also, do not send sensitive information over the Internet before checking a website’s security policy or looking for evidence that your information is being encrypted.

To help identify a malicious website, take note of its URL and see if it uses a variation in spelling or domain (such as .com versus .net).

Checking your Records – Review your bank and credit card statements as soon as you receive them and check for unauthorized charges.  Since victims of phishing can also become victims of identity theft, check your credit report periodically to see if any new accounts have been opened in your name.

Reporting Phishing Scams – Report these by sending an e-mail to reportphishing@antiphising.org.  The Anti-Phishing Working Group, a consortium of security vendors, financial institutions and law enforcement agencies, uses that information in their fight against phishing.