Earthquake in Chile/Tsunami in Hawaii, California, etc: Malware warning

Like many other events of public interest and international news, the 8.8 earthquake and resulting tsunami has resulted in malware attacks. Computer users will start to see spam/phishing emails about the event. Malware authors have already started poisoning search engines to steer the curious to infected websites and socially engineered attacks.

There is a reasonable expectation that promises of “live video” in Hawaii will start popping up as the first “wave” is expected to strike Hawaii after 4:00 PM EST. Of no surprise will be reports of recorded video of surfers and sail boats. That will be followed by calls for donations to fake relief efforts using credit cards, toll-charge telephone calls, or cell phone text messages.

Fake domain name registrations are also expected as casualty numbers in Chile climb and as the tsunami waves race across the Pacific ocean towards other areas like New Zealand, Japan, etc.

Computer Security Firm tracking new botnet

The Computer Security Company NetWitness announced earlier in the week that they have been tracking a variant of the Zeus botnet. Even more disturbing were the details (75,000 systems and 2,500 organizations around the world). In their news release, Netwitness said that they first discovered the botnet in January, 2010 and have labeled it the Kneber botnet; named after the username that connects it to the network of world-wide infected computers.

“Deeper investigation revealed an extensive compromise of commercial and government systems that included 68,000 corporate login credentials, access to email systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials, 2,000 SSL certificate files, and dossier-level data sets on individuals including complete dumps of entire identities from victim machines”, according to the press release.

Facebook spam and “hoaxes”

References to the term “Viral marketing” is often used in a good light. Many people took the message and passed it on to everyone they came in contact with. I liken it to something that is often infectious; again, in a good light. After all, the literal term of infectious would be a good thing if you advertising or selling a product.

The problem is that we, as consumers, are often exposed to marketing efforts that we don’t like, don’t want, or can’t control. When applied to “free content”, it is often a price we have to “pay”; lest we really have to pay. That would be true (and acceptable) in cases like Hulu or other online video content. We’ve seen similar examples in Internet Services Providers like AOL and NetZero. In each case, they offered a service that was paid for by advertizing that was “pushed” to the user. Users found that model acceptable and there was a level of trust that was formed.

Where viral marketing took a turn for the worse was in the delivery of spam and/or hoaxes. This deployed carefully crafted and socially engineered messages that were not all that hard for people to believe. With email spam, they are pretty easy to identify because the message usually come from someone you don’t know, and in a country foreign to where you live or people you know. In cases of hundreds of thousands of emails were sent out, it only took a small percentage to “pass it along to all (his/her) friends” because IBM/Microsoft, CNN, or (insert your favorite source here) said to. Then came “Urban Legend” sites that started to knock these down as users became more educated and suspicious of these.

Now, Web 2.0 and popular social media sites that have attracted large populations of users have also attracted those looking for the fast buck. Those just trying to keep in touch with friends, family, favorite causes are being constantly bombarded with spam, hoaxes and malware through this new media. But, like all new media, users are far too trusting and quick to click. Through issues and causes that are attractive to users (advertising free Facebook, dislike buttons, “the old look”, and “free Facebook Gold” accounts) we are exposed to hoaxes and offers that don’t live up to what they represent. Facebook Groups on popping up and requiring users to refer all their friends to the group or they won’t be accepted to the offer, or the bypass won’t work, or the toolbar won’t be effective.

In a few cases that have been checked, modifications are made to the users browser which modify the page that the user was trying to view. This is done using an ActiveX control (only for IE users) or a plug-in (for Firefox users). Users visiting the same page doesn’t see the “dislike” designation because it doesn’t really appear on Facebook’s site/content. Another modification changes the advertising that Facebook displays to advertising that offered (and injected) by the toolbar author. Anything that changes the content on a page also changes the trust that the user can have in the site. By some definitions, that’s hijacking; a method that is all too popular among malware/greyware/junkware authors.

Change your Twitter password

Twitter has pushed out password resets on accounts that have had a sudden surge of followers. The Internet Storm Center (ISC) reported in a diary that this is due to a phishing campaign that has led to a compromise of numerous accounts.

Real or not, you may get an email telling you to reset the password. DO NOT CLICK ON THE LINK. Instead, copy and past the TEXT of the link or simply type https://twitter.com in your browser. NOTE: If you type httpS://www.twitter.com, you may get an error about the certificate. It is only registered for twitter.com.

On their status blog, Twitter posted about the password resets being populated. You can read it at : http://status.twitter.com/post/367671822/reason-4132-for-changing-your-password.

Whether you are part of the phishing campaign or not, it’s always a good idea to have separate passwords from site to site. An account compromise on one site, can (and will) lead to easy access on other sites.