Web & SpamTitan Blog

A new variant of the Dorkbot malware was discovered on Facebook this week,  the malware
was being used by cybercriminals to harvest users' passwords. According to  Tech Central the criminals exploited a flaw in the file-sharing site MediaFire to spread the malware. The malware is spread through a botnet that uses the Internet Relay Chat (IRC) protocol to spread.The malware sent links to the malicious app to the victim's Facebook friends via the Facebook chat service. Clicking on the link would download and run the malware.

This is not the first time this year for Facebook to suffer issues. Earlier this year Facebook suffered an "error" that had an astounding ripple effect, as users of popular websites were redirected to a Facebook error page. It became clear to people that Facebook Connect could disrupt every site it linked to -- even more troubling was the view it gave us of possible future hacker attacks.

A social media and employment report produced this month by leading law firm William Fry investigates the work practices of employers and employees. The report examines a number of issues arising from the use of social media in the workplace, with the findings showing that over 46% of Irish employers do not have a social media policy in place.As well as the obvious current economic pressures SMBs also seem to be struggling to keep pace with changes in working practices which is leaving many SMBs struggling to balance the benefits and risks of social media.

The popular and widely used Voice over IP service Skype has once again been in the news lately with a spate of new allegations suggesting that its flimsy account recovery policy is presenting hackers and hijackers a like with ample opportunities to maliciously gain access to many Skype accounts from its large and ever expanding user base of approx 700 million users worldwide.

The daily deals website LivingSocial is the latest target for hackers. This latest attack has  compromised the personal information of over 50 million people.The unknown criminal are believed to have attained names, e-mails, birthdates, and encrypted passwords of the majority of LivingSocial customers. The breach appears to have impacted customers in all the countries in which LivingSocial operates, with the exception of Thailand, South Korea, Indonesia, and the Philippines, where the company uses different systems.

The micro-blogging website Twitter is looking at introducing a  two-step authentication process after a serious of high-profile hacking incidents. A two-step authentication is by no means foolproof but it does involve an extra step that may help eliminate all but the most dedicated hackers.  Typically the process requires a user to first log into the required service, they then must enter a password, following this a verification code is sent by text message or app messaging, this is then used to log in.

The Boston bombing claimed the lives of three innocent people on Monday , this tragic  
incident is is already being used by cybercriminals  in an attempt to lure people into clicking malicious links embedded in emails with subject lines related to the bombing. In SpamTitan quarantine reports some of the email titles we have been seeing include “Boston Explosion caught on video “or “Explosion at Boston Marathon containing links that suggest they are pointing to news websites. Unsuspecting users that click on the links are taken to a page that displays YouTube videos covering the bombings.

While there’s nothing malicious about the clips themselves, after a 60-second delay, the website prompts victims to download an executable file called “boston.avi____exe”. Once it infects a computer, this piece of malware attempts to connect to several IP addresses in Taiwan, Argentina and Ukraine. SpamTitan users are protected from these type of attacks. SpamTitan blocks the attack using multi-level detection including Antispam, Baysean analysis, antivirus (AV). The double antivirus in SpamTitan detects the downloaded file and isolates.

In the computing and technology world a hacker is simply someone who looks to exploit network security issues and weaknesses in a computer system.  The reasons hackers dedicate so much time and effort to these activities is that they are motivated by reasons including profit, protest or to simply challenge themselves and gain credibility and reputation.  Companies like Facebook have in the past hired computer programmers that have shown exceptional hacking abilities at the company’s annual hack-a-thon for instance. 

In folklore, silver bullets are the only ones supposed to be effective against witches and werewolves. Unfortunately for system administrators, silver bullets don’t exist. In particular, they do not exist to protect against security threats. An organisation can use what they consider the best spam-filter available only to find out their best friend's account is being used to send spam which then makes it through the filter. There are some very basic steps a system administrator can take to keep most threats at bay.

With social media sites at virtually every employee's fingertips, libel via the internet is becoming prevalent. The unprecedented growth of social media has seen the number of defamation cases involving online content rapidly rise. Several high profile cases are ongoing including Lord McAlpines legal case for defamation against Twitter users who wrongly named him as a paedophile. Social media sites and users including companys using social networks need to smarten up their act as defamation cases are being taken and won.

Do not let curiosity get the better of you (and your network security) if an email arrives  in your inbox suggesting that the CIA or FBI played a role in the death of Venezuelan president, Hugo Chavez. Researchers at Kasperky, which is one of the anti virus components of SpamTitan anti spam, intercepted a spam email the purpose of which was to get  recipients to click one of the URLs in the email body. These links then direct recipients to  a malicious website hosting the BlackHole 2.0 exploit pack. ‘The payload dropped was not disclosed; however, 8/46 antivirus programs were able to detect the exploit code’.