ZERO DAY A film about cybercrime and threats to the Internet

http://www.prodefence.org/index.php/topic/3950-zero-day-a-film-about-cybercrime-and-threats-to-the-internet/

Worm Uses Facebook PMs and Instant Messaging Apps to Spread

Social media platforms and popular instant messaging (IM) apps are great mediums for cybercriminals to spread their malicious elements. Trend Micro experts provide a great example of a worm that’s making its way to computers using such methods.

The researchers report that the piece of malware, identified as Worm_Steckct.evl, is distributed via a link that’s sent in private messages on Facebook and IM programs.

The shortened links contained in the posts point to an archive called “May09- Picture18.JPG_ www.facebook.com.zip” which hides a file named “May09-Picture18.JPG _www.facebook.com.” The .com extension reveals that in fact this is an executable file.

Once it’s run, the worm steps into play and terminates all the processes and services created by security software, thus ensuring that antivirus applications cannot disrupt its evildoings.


Steckct.evl then downloads another worm, detected as Worm_Eboom.ac, which monitors the victim’s browsing sessions.

The worrying part is that it doesn’t only log the posts and private messages the customer creates or deletes on Facebook, MySpace, Twitter, WordPress, or Meebo, but it can also spread by utilizing the user’s active session on these sites.

“Facebook and IM applications are tools to share and connect. Cybercriminals’ use of these tools is nothing new, but there are users who fall prey to these schemes. We recommend users to be conscious with their online behavior, in particular on social media sites,” Cris Pantanilla, Threat Response Engineer at Trend Micro writes.

As the expert highlights and as we’ve highlighted numerous times before, internauts must be wary of links that point to shady-looking websites or suspicious files.

In this particular case, it’s clear that the alleged picture taken on “May09” is not a JPG file, but an executable that’s not even so cleverly masked.

softpedia.com

Phishers to Hotmail Users: Your Account Has Been Blocked

Hotmail customers are advised to be on the lookout for emails entitled “E-mail account alert!” which notify them that their accounts have been blocked. These messages hide a link which points to a malicious website that urges the potential victim to provide his login credentials.

Here’s part of the shady notification, provided by the folks from Hoax Slayer:

This e-mail has been sent to you by Hotmail to inform you that your account has been blocked.

Why are you seeing this? Someone may have used your account to send out a lot of junk messages (or something else that violates the Windows Live Terms of Service). We're here to help you get your account back. What do you need to do?

We'll ask you to login to our secured activation page by following the link below and re-activate your account.
[Link]

If you have already confirmed your account information then please disregard this message.


Users who fall for the scam and click on the shady link are taken to a website that almost perfectly replicates the genuine Windows Live login webpage. Once the username and password are provided, the unsuspecting victim is taken to the legitimate website.

This might make him/her believe that the login simply failed. When they do sign on to their account, they may think that the re-activation process was successful.

While it is true that cybercriminals use compromised accounts to send out spam and other malicious notifications, internauts shouldn’t rush to trust every email they receive.

On the contrary! With all the malevolent plots making the rounds online, users should see every alert as a potential threat.

There are a few simple steps that can be taken to verify a notification’s legitimacy. First, look at the sender’s email address. Even though many of them are spoofed to look like they originate from a legitimate address, in some cases you will see that the sender is something like hotmail-notifications@yahoo.com.

The name of the site that hides behind the link is also very important. If the hyperlink points to any other URL than the company’s official one, it’s most likely a scam.

softpedia.com