Primer on Internet Scams

This basic Internet scams primer appeared on The Next Web today. It goes over four (five if you include the Nigerian Prince scam) methods scammers use to trick their victims, concentrating on email as the vector of choice to reach their marks. Focusing on email makes sense; many, if not most, malware infections come from email attachments and links to web sites containing malicious code.

Prevention of malware infection starts with wariness toward every email that comes in. Malware can relatively easily be prepared to refer to you by name, appear to come from someone you know, or take on the exact outward appearance of an email from a reputable source. Usually, the giveaway is that the email contains an unnecessary attachment, or links to a web site other than the one it appears to be coming from (determine where links go by hovering over them with your mouse; the destination address will appear in the status bar on all major email programs).

The linked article isn’t exactly news, but it’s definitely worth a read as a reminder to be careful with email links and attachments.

Red Cross Site Used in Phishing Attack

The Ethiopian Red Cross’ web site appears to have been compromised and is being used in a phishing attack targeting Google login credentials.

Sophos’ Naked Security reports that they received an email directing the reader to click on a link taking them to a fake Google Docs login page, designed to harvest usernames and passwords. The twist is that this page is served from within the web site of the Ethiopian Red Cross. From the content of the email, it appears as though the attackers have not targeted the Red Cross directly; the site was simply hacked and its use in this attack seems to be a coincidence (the attack would have been much more dangerous if its email and landing page were adjusted to take advantage of its presence on a legitimate Red Cross site).

Sophos has informed the Ethiopian Red Cross of the security breach.

Office 2013 Pricing Announced

Microsoft Office 2013 pricing has been announced, the first to include a monthly subscription option. Microsoft’s licensing and pricing, especially for “Enterprise” software products, can be Byzantine, so it comes as little surprise that the first version of Office to have both boxed and Software-as-a-Service options will be available in no less than nine distinct editions: University, Home Premium, Home & Student, Small Business Premium, Home & Business, Midsize Business, Standard, Enterprise & Government, and Professional Plus.

The Next Web compares Office 365 to Office 2013 in an attempt to unravel the pricing knot. The conclusion is that total cost will end up being much greater for the Office 365 service for everyone but students, assuming a life cycle of 36.5 months, though a reader of the linked article has pointed out that Office 365 includes five licenses compared to Office 2013’s two.

There are alternatives to Microsoft Office altogether. Historically Apache (formerly Oracle, formerly Sun) OpenOffice has been the preferred Office replacement, but recently LibreOffice (actually an OpenOffice fork) has emerged as a strong competitor. Both are free, open source software and are capable of reading and writing Microsoft Office formatted files as well as exporting documents directly to PDF.

“Red October” Attack Described by Kaspersky

Kaspersky has recently released a detailed description of the “Red October” attack, an espionage operation involving the infection of hundreds of computers targeting government networks, embassies, and scientific organizations. The victims have mostly been in Eastern Europe, according to Securelist, but computers around the world have been infected, including some in the United States.

The Kaspersky report linked above is fairly technical, but a number of other outlets have provided useful summaries of the analysis of Red October, including this article from TechNewsWorld and Securelist’s article linked above.

Reportedly, the attackers who wrote the code appear to be Russian-speaking. Red October also includes elements that have previously been used in attacks against Tibetan activists and other Asian military and energy targets.

Oracle Java Patch Released

Oracle has released a Java patch to address the major vulnerability reported a few days ago. Everyone is strongly recommended to install the update.

Sophos’ Naked Security blog offers this article that includes information about the vulnerability and the patch.

Oracle’s page for the the patch, Java 7 Update 11, includes technical details of the fixes for this and another vulnerability. Downloads for the latest version of Java, including this update, are located at

RIM’s Blackberry Service Suffers Another Outage

Blackberry users in the UK and Ireland experienced an outage that lasted through the morning on Friday, in another blow to RIM’s reputation.

The Independent reports that the service was back up by lunchtime, but any outage is bad news for RIM’s already shaky reputation. A number of system problems over recent years have weakened the confidence of its customers and caused some to jump ship to other mobile devices such as Apple’s iPhone or one of the many smartphones running Google’s Android operating system.

Java Vulnerability Found

A new 0-day Java vulnerability has been discovered that is already being used in malware distribution kits “in the wild.” No update to fix the problem is yet available.

Naked Security has provided an overview of the vulnerability along with links to instructions on how to disable the Java extensions in all major browsers until an update is released. These extensions are the vector for attack via malicious web sites, so it may be a good idea to disable them, at least temporarily.

For convenience, here are the links for each browser:
Internet Explorer
Google Chrome

The first line of defence, of course, is always to be careful not to visit suspicious web sites in the first place.

Adobe Briefly Gives Away Free Creative Suite 2

For a short period on Monday, Adobe Creative Suite 2 (CS2) was made available for free download without any activation requirement. As this Ars Technica post points out, it was a nearly brilliant move that turned out to have been done by mistake.

When Adobe shut down the activation servers for Creative Suite 2, there was no longer any way for users of the software to permanently reinstall it. Strangely, rather than offer a patch to make activation unnecessary, a full copy of the software package was made available for download along with a working serial number. Beyond that, all that was required was a free-to-create Adobe ID. The news of this spread quickly through Twitter and CS2 was downloaded an untold number of times.

Instead of rolling with it, as the linked article argues they ought to have, Adobe put out a clarification and removed the download page, thus putting an end to free CS2 downloads.

Microsoft Discontinuing Messenger

Microsoft has announced that it will be discontinuing its Windows Live Messenger on March 15th, 2013. All users aside from those in mainland China will be required to switch to Skype, which Microsoft acquired in 2011.

As this OnSoftware blog post notes, this is an unusually bold action for Microsoft, which normally puts great effort into maintaining older software.

Some additional information about the switch along with a sample of the mail sent out to Messenger users about the change is up on The Next Web.

Major Yahoo Mail Vulnerability Discovered

A significant Yahoo Mail vulnerability has been discovered that has reportedly already resulted in a number of compromised accounts. The attack was first demonstrated by a hacker named Shahin Ramezany, who now claims that Yahoo’s initial fix is easy to work around. The last link even includes a video explaining how the cross-site-scripting (XSS) vulnerability works.

The Next Web closes its articles about this vulnerability with a couple of useful tips: Yahoo users should change their passwords immediately and take care not to click on suspicious links, even from senders they know (their friends’ accounts may already be compromised, allowing the attacker to send email from them).

This particular attack relies on persuading the victim to click on a link directing them to a site that harvests the contents of their Yahoo Mail cookies. The attacker then replaces the contents of two of their own cookies with those of the victim, allowing the attacker to effectively use Yahoo Mail’s “Remember Me”-style feature to bypass the password entry screen.