Yahoo Inc, is working with auction leader eBay Inc and its PayPal payments unit to block fake e-mails to users purporting to be from eBay and PayPal, hoping to spur on an industry that has been slow to fight the scourge of so-called phishing attacks.
Phishers use forged e-mail messages that purport to come from brand name services like eBay or PayPal to dupe computer users into clicking on Web links that lead to phony Web sites. Unsuspecting consumers may then enter personal or account information and passwords under false pretenses. Phishers typically use this information for fraud or theft.
To prevent phishing messages from reaching users of Yahoo Mail, the companies are now using Yahoo's Domain Keys technology in the U.S. to block e-mail messages that claim to come from eBay or PayPal but really originate elsewhere. Yahoo expects to make the system available globally in the next few weeks.
Over the past decade, phishing has been clogging the inboxes of e-mail users worldwide with ever more sophisticated attempts to fool users into clicking on fraudulent sites or giving up personal financial details to commit fraud.
Hackers are depending more on online videos to introduce malicious code into computers. They have chosen this mode since most users are wary of opening suspicious looking emails. But nobody thinks twice about clicking a video link to You Tube. A report on Internet threats released by Georgia Tech Information Security Centre the other day termed the use of online videos a major threat. One code opens a booby trapped website as soon as the user opens a media file. Another malicious programme installs spyware by way of a video link. Social networking sites, blogs and wikis are also becoming fertile terrain for hackers.
Users are reporting that a new update to Apple Inc.'s iPhone is making previously unlocked iPhones unusable. The iPhone 1.1.1 update, released Thursday, breaks phones that have been hacked so that they work with providers other than AT&T Inc., the only U.S. provider Apple has allowed to carry its mobile phones.
Apple warned earlier this week that the iPhone update-which adds access to the iTunes Wi-Fi Music Store and fixes some security flaws-could permanently disable phones that have been already modified for use in networks other than AT&T Inc.,-its exclusive partner's network.
Security researcher Tom Ferris said the new software disabled a phone that had been unlocked using the open-source anySIM software in order to work on T-Mobile USA Inc.'s wireless network. After the update, the iPhone was stuck with an error message and apparently unusable. "It kept saying 'unsupported SIM card,' even with the AT&T SIM card in it," he said. "You can turn the phone off or on, but we just can't figure out how to get past this 'SIM card not supported'," he said.
There were reports online that employees at Apple stores were reviving or replacing some dead iPhones. But Ms. Bowcock. an Apple spokeswomen did not offer much hope to iPhone owners with problems: “If the damage was due to use of an unauthorized software application, voiding their warranty, they should purchase a new iPhone.”
The security researcher who discovered a recently patched QuickTime flaw affecting the Firefox browser says he has found a similar serious flaw in Adobe Systems Inc.'s PDF file format.
"Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!!," wrote Petko D. Petkov, in a blog posting. "All it takes is to open a PDF document or stumble across a page which embeds one."
Petkov confirmed this issue on Adobe Reader 8.1 on Windows XP and he said he would not disclose the code that exposes how this attack works until Adobe provides a patch for the problem, but he has already sent other software developers scrambling for bug fixes over the past week.
Symantec Corp's latest security report says that cyber crime has become an increasingly professional business and that malicious code and services are being sold in open markets on the Internet.
Bank account details command prices of up to US$400, while credit card details sell for between $0.50 and $5, e-mail passwords from $1 to $350 each, and e-mail addresses from $2 to $4 per megabyte, according to Symantec's Internet Security Threat Report.
The Internet Security Threat Report (ISTR), Volume XII covers the period from Jan. 1, 2007, through June 30, 2007 and finds that professionally developed toolkits are being sold in the underground economy. Credit cards continued to be the top commodity sold by cyber criminals accounting for 22 percent of all advertisements, while bank accounts totalled 21 percent.
A computer program was used to access the employers' section of the website using stolen log-in credentials. Personal details stored on Monster.com, a website that lists job vacancies, were taken after a raid by hackers who posed as employers to gain access to the site. Having stolen the information, hackers e-mailed the victims claiming to have infected their computers with a virus and threatening to delete files unless demands for payment were met. The details, which included names, surnames, e-mail and home addresses, as well as phone numbers, were then used to send 'phishing' e-mails to members, apparently from Monster.com, encouraging them to download a tool known as 'Monster Job Seeker'. The tool was in fact a malicious 'trojan' program called Infostealer.Monstres, which encrypted the files on the victim's machine, making them inaccessible to the computer owner. A message was left requesting that money be paid to the attackers before the files – which could include photos and other personal documents – would be decrypted. As an initiative for prevention Symantec said users should always limit contact information posted to job websites and to use a disposable e-mail address.
"Never disclose sensitive details such as your social security number, passport or driver's license numbers, bank account information to prospective employers until you have established they are legitimate," said the firm.
Google has announced it's new Web site to serve as the single source for all click-fraud and ad traffic-quality-related information. Google developed the new Ad Traffic Quality Resource Center primarily to give its advertisers a single place to find Google's information about click fraud, said Shuman Ghosemajumder, business product manager for trust and safety at Google, on Friday. In the pay-per-click format, advertisers pay every time someone clicks on their ads, which are linked to a Web page. Click fraud happens when companies click on competitors' ads to drive up their ad spending. Another common click-fraud practice is for Web publishers to click on their sites' ads to increase their commissions.
The group decided to prioritize organizing a click-fraud forum for Google advertisers that was held at the company's headquarters in May, he said. A similar event will be held later this month in Google's New York City offices, he said.
Already in place is a service called IP Filtering, which lets advertisers "blacklist" certain IP (Internet Protocol) addresses for whatever reason, such as suspicion of click fraud or simply because their clicks never lead to a sale, he said.
Security experts have detected a mischievous worm which slips into computers and destroys all MP3 music files. It does no other damage. Graham Cluey of security research firm Sophos said that the worm could be the brainchild of teenaged geeks since it only feeds on MP3 files. It is suspected that the music eater enters computers through USB devices.
The worm, which has been named 'W32.Deletemusic' [Symantec], 'W32/Deletemp3.worm' [McAfee], 'W32/DelMP3-A' [Sophos], does not discriminate between illegally downloaded MP3 files and legally purchased ones. It just eats them all up happily. There are also speculations that some do-gooder who wants to save the music industry from piracy may be the author of the worm. “We need not lose too much sleep over it,” said Cluey. Say that to music lovers.
Mozilla has released a new version of its popular open source browser Firefox three days ago fixing security problems which occur when it is combined with Microsoft's Internet Explorer on desktops.
Secunia, an Internet security firm, had discovered that hackers were using a loophole in Firefox to download malicious data on to the computer. The malware then makes use of the Internet Explorer to create trouble.
The new Firefox 2.0.0.6 version contains a security patch which reduces the risk of malware being passed on.
Mozilla and MS initially blamed each other for the security flaw. However, Mozilla later decided to release a new version of its browser and not just an update. But MS has not done anything to sort out a similar problem in Internet Explorer, though security experts have put the blame on both.
Mozilla has released a new version of its popular open source browser Firefox fixing security problems which occur when it is combined with Microsoft's Internet Explorer on desktops. Secunia, an Internet security firm, had discovered that hackers were using a loophole in Firefox to download malicious data on to the computer. The malware then makes use of the Internet Explorer to create trouble. The new Firefox 2.0.0.6 version contains a security patch which reduces the risk of malware being passed on. Mozilla and MS initially blamed each other for the security flaw. However, Mozilla later decided to release a new version of its browser and not just an update. But MS has not done anything to sort out a similar problem in Internet Explorer, though security experts have put the blame on both.
Well its time to really check if your computer is personal or not!
Over 1 million computers have been made 'remote controlled' by hackers. They do so by making use of malicious software riding piggyback on spam emails. The beauty of this fact is that the (hacked-PC) users dont even know that their PC is being hacked and that they become part of Automated Crime Networks. The Federal Bureau of Investigation (FBI) is now in the job of searching those 'hijacked' computers. To solve this global threat, FBI team have tied up with agencies in 60 countries.
The hackers use their hijacked computers or so called zombies to send innumerable spam emails to people all over the world. Also they use it to get personal information (phishing) and for digital stealing. Over the past few weeks, three people have been arrested in the US for hijacking computers and using them for malicious purpose. Robert Soloway, one out of the three accused, is known for his spamming ability and being called 'The Spam King'.
Press Ctrl+D to Bookmark this site. Keep updated with all the news that happens around the world of Technology!
