WHO declares Phase 5

From the WHO at :

http://www.who.int/mediacentre/news/statements/2009/h1n1_20090429/en/index.html

"Statement by WHO Director-General, Dr Margaret Chan
29 April 2009
Swine influenza

Ladies and gentlemen,

Based on assessment of all available information, and following several expert consultations, I have decided to raise the current level of influenza pandemic alert from phase 4 to phase 5.

Influenza pandemics must be taken seriously precisely because of their capacity to spread rapidly to every country in the world. "

Phase 5 is characterized by human-to-human spread of the virus into at least two countries in one WHO region. While most countries will not be affected at this stage, the declaration of Phase 5 is a strong signal that a pandemic is imminent and that the time to finalize the organization, communication, and implementation of the planned mitigation measures is short.

Phase 6, the pandemic phase, is characterized by community level outbreaks in at least one other country in a different WHO region in addition to the criteria defined in Phase 5. Designation of this phase will indicate that a global pandemic is under way.

Fake site from email link looks like Facebook

If you get an email notice where the message YOURFRIEND (possible using a name) sent you a message and the link points to fbaction.net, don’t click on it. Phishing emails are circulating trying to get people to click on the link and enter their facebook info. From some of the posts on the techcrunch.com site, people are already falling for the trick.

Unfortunately, we put way too much trust in the social web sites and blindly accept the links and applications. Users have clicked their way to complacency. This attack is just a demonstration.

The good news is that this is already being caught by anti-phishing measures, like those in IE8 and anti-virus programs like Kaspersky Internet Security. You can find it here.

You can read the article on techcrunch.com here.

Swine-flu domains being registered

It didn’t take long. Numerous domain names have been registered that are expected to be bogus. F-Secure has listed them here.

This means that the spam/phishing emails and web site pop-ups are soon to follow. Make sure your AV signatures are up to date!

Watch for Swine Flu misinformation and malware

Like any other global or highly publicized events, those that wish to capitalize on the natural curiosity of the public are expected to register domain names and generate phishing/spam email for unsuspecting computer users. Currently the W.H.O phase of the pandemic alert is 4 (of 6).

Expect and treat emails that you receive as suspect. Popups on infected web sites are certain to materialize, and it would not be unrealistic for some low-life to create a virus/trojan/worm that bears some popularity of the event.

Avoid misinformation and google searches on this. The best sources for updates are:

http://www.hhs.gov/

http://www.dhs.gov

http://www.cdc.gov/swineflu/

http://www.who.int/csr/disease/swineflu/en/index.html

Are you prepared?

The recent news of an outbreak of Swine Flu has emphasized the need for us to be prepared. The question is, are you? By you, I mean you personally, your family, and/or your business. The government help a Sunday news conference early this afternoon. You can read about it here.

As a family, do you have your WRITTEN plan on what to do? Does everyone now the plan? Have you executed the necessary preparations?

The same questions apply to a business. Add to them, are you prepared to run your business elsewhere? Can it run in the dark? Have you taken the security measures to protect your business should social unrest pop up?

The unfortunate truth is that most are not prepared. And if you answered "no" to any of these questions, I’d submit that you are not prepared.

Since 911, the government has been pushing some awesome programs to get us prepared. You can find them at http://www.ready.gov/.

Google fixes severe Chrome security hole

 

Google released a new version of its Chrome browser Thursday to fix a high-severity security problem.

The problem affects Google’s mainstream stable version of Chrome and is fixed in the new version 1.0.154.59 (download). Google has built Chrome so it updates itself automatically with no user …

Twitter worm author strikes again; rewarding bad behavior

http://news.cnet.com/8301-1009_3-10222373-83.html

Remember the teenager that blamed boredom that lead to his mischievous authoring of worms on Twitter? And remember that after seeing what he had done, someone hired him?

Well, after landing his new job, the teenager, who coded a site that looks like Twitter, released a fifth worm which exploits a cross-site scripting vulnerability at the site. He told reporters of CNET.com that he’s doing this now to show the vulnerability so that Twitter will fix it.

Computer Security company Sophos reports on the worm in a recent blog post by Graham Cluley. It’s great information if you hang out on social web sites like Twitter. These kinds of things are sure to be a popular attack method for quite a while; especially as other script kiddies see this kind of behavior keeps getting rewarded and the competition grows to "one up" another author.

SMS messages could be used to hijack a phone

 

Be careful who you give your mobile phone number out to. An attacker with the right toolkits and skill could hijack your phone remotely just by sending SMS messages to it, according to mobile security firm Trust Digital.

In the Trust Digital demo on YouTube, an attacker sends an SMS

… The story on Cnet.com

ALERT: Please treat advertising from beyond.com with extreme caution

 

Note: the malicious SWF has been reported to beyond.com.

Beyond.com is displaying a malicious advertisement with this URL:
ads.beyond.com/banners/jobfox_468x60.swf

Adopstools test results for jobfox_468x60.swf:
http://www.adopstools.com/index.asp?section=quicklink&id=4K57pJYUj1f874Sr

"The file has a sprite/movieclip which is containing Malware actionScript code."

The malicious advertisement uses MovieClip.getURL to load the following URL:
measurehits.com/?cmpid=<<redacted>>

The measurehits.com URL redirects victims the following URL:

crustat.com/ts/in.cgi?<<redacted>>

Which redirects to one of several URLs:

truconv.com/?<<redacted>>
olinredr2.com/?<<redacted>>
traff-direct.com/?<<redacted>>

Then to domains such as:

go-uniq.com/in.cgi?<<redacted>>
top-name.cn/in.cgi?<<redacted>>
pyani.com/in.cgi?<<redacted>>

Eventually the victim ends up at one of several fraudware URLs, including:

removespywarethreats.com/<<redacted>>
desktoprepairpackage.com/<<redacted>>
pcantimalwaresolution.com/<<redacted>>
total-virusprotection.com/<<redacted>>
offer-provider.com/<<redacted>>

Twitter worm troubles continue

Last week, we mentioned the worms that are
circulating on Twitter through friend profiles. Trend
Micro reports that the public interest in the attack are now serving up the
malware through search engines through the text Twitter worm and the name of the
"bored" teenage that wrote the first worm.

 

On a sad note, it seems the worm author has
accepted a job with a web applications development firm. This begs the
question of what motivation there is to hire someone that "infected" many
thousands of users. If that is considered to be "credentials", one can expect
there to be more of these kinds of attacks coming as these social networks are
used for commercial interests. By the way, fake anti-virus, registry
"optimizers" and the likes are commercial interests.