MSN Messenger Shutdown Inspires Malicious Fakes

Microsoft’s announcement that it intends to shut down its long-running MSN Messenger service and replace it with Skype has inspired enterprising malware developers to start offering fake installers.

The original announcement came late last year, but only recently as the cut-off date of April 8 (April 30 in Brazil) approaches have these attacks appeared in significant numbers.

Kaspersky’s securelist.com offers some additional details, including some of the domains involved.

Prince William Photos Show Passwords

Publicity photos of Prince William covering his day-to-day work as a search-and-rescue helicopter pilot were released with computer passwords visible in the background. In at least one photo, login information is shown printed on a sheet of paper tacked to the wall behind the prince’s head.

Sophos’ Naked Security blog has a good write-up with the sensitive details blacked out, and mentions the importance of changing to much stronger passwords immediately. The Guardian reports that the passwords shown have indeed been changed.

Zombie Warning Issued from Hacked TV Station

A hacker seems to have broken into a Montana television station’s systems and used that access to issue a fake emergency alert that the dead were rising from their graves.

According to this article from ComputerWorld, a standard Emergency Alert System message appeared along the top of viewers’ TV screens. After the warning sounds, a male voice announces that “the bodies of the dead are rising from their graves and attacking the living.”

Anonymous Hacks Federal Reserve

Following another recent attack in which the loosely-organized Anonymous hacking collective released the credentials of over 4000 American bank executives, it is now being reported that Anonymous has published additional documents indicating that they have penetrated much further into the US Federal Reserve’s computer systems than previously revealed.

ZDNet reports that the documents, obtained as part of Anonymous’ Operation Last Resort (a series of retaliatory attacks on US government systems following the suicide of Aaron Swartz), were themselves disseminated from a hacked yacht club website. It appears that this is a follow-up attack to the bank executive document release of last week, brought on by the Federal Reserve’s dismissive response.

Emergency Update for Adobe Flash

In response to two zero-day vulnerabilities, Adobe has released out-of-band emergency updates for their Flash Player.

Since last fall, Flash has formally been on a regular update schedule like many large software projects, but InfoWorld reports that this emergency fix constitutes the first patch since the schedule was established. Adobe identifies the update as “critical” as the vulnerabilities it fixes are being actively exploited in the wild on both Windows and Mac OS X.

CNET also has an article about this update, and includes a convenient list of recommendations for end users.

Twitter Password Data Hacked

Twitter has reported that encrypted password data for 250 000 users has been compromised. It appears that the attack was highly sophisticated, but engineers were able to stop it while it was still in progress.

Ars Technica reports that the affected users have been notified by email and their passwords automatically reset as a precaution.

In response to news of this attack, CIO offers an article about strong password creation. SlashGear also reports on Twitter’s rumoured intent to implement two-factor authentication.

WhatsApp Subject of Privacy Investigation

The popular smartphone instant messaging app WhatsApp has been the subject of a joint Dutch-Canadian probe into breaches of the privacy laws of both countries.

Sophos’ Naked Security reports that this is the first time two countries have worked together to investigate privacy breaches. Linked from the article is the Canadian report from the Office of the Privacy Commissioner.

There are a number of allegations in the report, notably that WhatsApp uploaded full contact lists without allowing end users to select which contacts they wanted to share, retained information about those contacts even if they did not use WhatsApp themselves, and failed to inform users that their own status would be made available to all of their contacts who were users of WhatsApp.

WhatsApp appears to be working toward fixing the problems identified in the report. It has released an update for the iOS version of the app to allow selective uploading of contacts, and plans to roll out updates for all other versions as well.

Three Charged Over Gozi Virus

Three men from Russia, Latvia, and Romania have been indicted in the United States for creating and spreading the Gozi virus, designed to steal banking information from victims.

The LA Times reports that Nikita Kuzmin, Deniss Calovskis, and Mihai Paunescu are accused of programming the virus, creating various “injects” such as fake bank login pages, and making the virus available for distribution via spam email and maliciously crafted PDF documents. At least 40 000 computers in the United States were infected along with others in Turkey, Poland, Finland, and other countries.

Among the American victims was apparently NASA, where 190 computers were infected with the Gozi virus between 2007 and 2012.

Primer on Internet Scams

This basic Internet scams primer appeared on The Next Web today. It goes over four (five if you include the Nigerian Prince scam) methods scammers use to trick their victims, concentrating on email as the vector of choice to reach their marks. Focusing on email makes sense; many, if not most, malware infections come from email attachments and links to web sites containing malicious code.

Prevention of malware infection starts with wariness toward every email that comes in. Malware can relatively easily be prepared to refer to you by name, appear to come from someone you know, or take on the exact outward appearance of an email from a reputable source. Usually, the giveaway is that the email contains an unnecessary attachment, or links to a web site other than the one it appears to be coming from (determine where links go by hovering over them with your mouse; the destination address will appear in the status bar on all major email programs).

The linked article isn’t exactly news, but it’s definitely worth a read as a reminder to be careful with email links and attachments.

Red Cross Site Used in Phishing Attack

The Ethiopian Red Cross’ web site appears to have been compromised and is being used in a phishing attack targeting Google login credentials.

Sophos’ Naked Security reports that they received an email directing the reader to click on a link taking them to a fake Google Docs login page, designed to harvest usernames and passwords. The twist is that this page is served from within the web site of the Ethiopian Red Cross. From the content of the email, it appears as though the attackers have not targeted the Red Cross directly; the site was simply hacked and its use in this attack seems to be a coincidence (the attack would have been much more dangerous if its email and landing page were adjusted to take advantage of its presence on a legitimate Red Cross site).

Sophos has informed the Ethiopian Red Cross of the security breach.