Phishing attacks are on the rise again, and the targets — Facebook, Twitter, and other social networking sites, as well as large webmail sites — all seem at a loss as to how to protect their clients. I read a fascinating article on Byron Acohido’s “Watchdog on Internet security” blog which goes into the growing threats in some detail (the article was too long to repost, it is excerpted below). But what all these attacks have in common is the growing need for some new thinking on login protection. Being able to filter out automated login attempts by ... more

Facebook users are under attack (again) from spam which tells them their passwords have been reset for security reasons. When the unsuspecting user clicks on an attachment (to see “your new password”), what they get instead is the Bredolab Trojan on their machine. This will then connect to a server, and download Cutwail, multiplying the malware loaded. Such social networking spam is a growing problem, but one that could be solved with better bot detection software. ZDNet has a blog post up with a nice image of the spam email, for those interested. EWeek has a ... more

Before we get started today, I have a quick update to yesterday’s column. It seems the Zeus/Zbot botnet Trojan horse is being disabled by a rival botnet, Bredo. A falling out amongst thieves, it seems. Anyway, MX Logic has a blog post on the situation, for those interested. Meanwhile, in the legal world, a federal judge has raised some eyebrows in a ruling which has denied a proposed settlement between TD Ameritrade and the 6.3 million customers who had their personal data breached by lax security at the company. TD Ameritrade had proposed a year of free ... more

The folks behind the Zbot botnet have gotten better at creating creative phishing attacks. Using a twist on the “you have an infection” tactic, the botnet spam not only warns of a Conficker infection (complete with convenient “cleanup tool” for you to run), but also has been trying an “upgrade your computer” email as well. The insidious thing is they’ve taken the trouble to create a very authentic-looking domain name which makes the user (at larger companies) think the message is coming directly from their own IT department. This shows a level of sophistication which isn’t usually seen ... more

Click fraud numbers were just released for the third quarter of 2009, and the usage of botnets to generate such fraud is on the rise — up to almost 43 percent of all click fraud is now automatically generated from botnets. This is up from around 27 percent a year ago, it should be noted. But the most insidious thing in the report is that these attacks are getting a lot more sophisticated, by spreading relatively low volumes of clicks across as wide a network of botnet-infected computers as possible, to “fake” more normal traffic patterns than the old, ... more

This is a different kind of post for me, so I ask you to bear with me for a day here. Because I read something recently which showed in a poignant way the frustration felt by those with small blogs or interactive web sites when they have to deal with comment spam. It’s not a technical article, so I will only provide a small excerpt here, but the whole thing is short enough to read in a few minutes, so I encourage people to read the full post. The author is Danny Sullivan, who has been described as one ... more

CNN ran an interesting story today on how social networking sites have been recently plagued with spam, phishing, and other online fraud. For those of us in the network security field, this is not exactly news — but stepping back a bit from such tunnel vision, we have to remember that it is indeed news to a lot of the users of such sites. So while the article itself is fairly basic and beginner-level when it comes to online security, what is interesting is that it is being presented to such a wide general-interest audience. So, for ... more

Yahoo has reportedly settled a class-action lawsuit against it, for the princely sum of twenty bucks. Well, twenty bucks each. But still, it seems they got off fairly cheaply. The suit claimed Yahoo was serving their ads up to some mighty shady sites, such as parked domains and typosquatting sites (which are slightly-misspelled URLs of legitimate sites). This led to a lot of click fraud, and a lot of angry advertisers. If you’re interested in the details, you can check out the court documents just filed in the case. Of course, there are third-party click fraud ... more

Cutwail has been, for the past year, the most successful botnet to inspire fear among security professionals, but up until now it hasn’t really done much in terms of actively sending out malware to the universe of infected sites it controls. That may all be changing. MessageLabs is reporting that the Cutwail botnet is now sending out the Bredolab Trojan, which takes complete control of targeted machines. The scheme is simple, and an old one — sending phishing-type requests out that inform hapless users that a package tracking number is having some problems, and all the end-user has ... more

Comcast has announced a new service for those who use them as an Internet Service Provider — virus detection, delivered to the end-user. So far, it is just a test program in Denver, but once it gets through beta, it will likely be provided to all Comcast customers. The way it works is fairly simple — if Comcast detects unusual activity from your computer, especially to known botnet sites, it will inform you of the fact through your browser, and direct you to their anti-virus site, so you can disinfect your machine. Of course, this isn’t the only ... more