admin on August 7th, 2008
McAfee SiteAdvisor has released a warning about the website back32.org which has been using a phishing email to exploit internt users’ computers with adware, spyware, or viruses.
The attack is launched in a phishing email spam from designed to look like it’s originated from CNN. Called “The Daily Top 10″ which comprises some of the top stories featured at CNN, the email attempts to lure victims to click on a link and visit a spoofed site where they will see something like below :
Top 10 Stories
1. Ex-Google engineers debut ‘Cuil’ way to search
2. Ryan Seacrest survives California shark attack
3. US beef unsafe for consumption
4. Learn how to be a guru in finding G-spots
5. Boy thrown outside window in school
6. 5 more arrested from west Texas polygamist sect
7. Air force one crashes in Iraq
8. Madonna admits to 12 different affairs
9. Madonna admits to 12 different affairs
10. Murderer on the loose after cop bungle in Iowa |
Top 10 Videos
1.A-Rod to wed Madonna in September
2. IBM to file for bankruptcy
3. Private plane travel to be banned
4. Maggie Q seen with Brad Pitt
5. Massive earthquake in Japan kills thousands
6. IBM to file for bankruptcy
7. Mass suicide of prisoners in US cell
8. Bush plans to kill prisoner
9. Hillary finds ladies’ stuff in house, storms off in a huff
10. Madonna seduced Timberlake on set |
The phishing email also contains a footer section that appears to be legitimately from CNN, complete with unsubscribe links :
Cable News Network LP, LLLP. One CNN Center, Atlanta, Georgia 30303
© 2008 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines. Contact us.
You have agreed to receive this email from CNN.com as a result of your CNN.com preference settings.
To manage your settings click here.
To unsubscribe from the Daily Top 10, click here.
|
If you do click one of the links you’ll get an innocuous-looking CNN-branded video player and an error message with a notice “Video ActiveX Object Error. Your browser cannot play this video file.” The message then prompts you to install an ActiveX Object… which, of course, is actually a Trojan horse. You can read more about the specific threat here. (Essentially it opens a door to allow for even more malware to be installed.)
If you get one of these emails, DO NOT click on the links and under no circumstances should you allow the site to install the ActiveX component.
Firefox users are not affected by this exploit.
admin on June 23rd, 2008
The Federal Trade commission has weighed in on Spyware and clearly states that Spyware is a major nusiance and that consumers must have the ultimate choice whether or not to install software.
For Release: June 11, 2008
FTC Testifies on Spyware
The Federal Trade Commission today told the Senate Committee on Commerce, Science, and Transportation that “legislation authorizing the Commission to seek civil penalties in spyware cases could add a potent remedy to those otherwise available to the Commission.” In testimony to the Committee, Eileen Harrington, Deputy Director of the FTC’s Bureau of Consumer Protection, said that when other enforcement options – seeking consumer redress or making the operators give up their ill-gotten gains – are not appropriate or sufficient remedies to deter spyware distributors, “a civil penalty may be the most appropriate remedy and serve as a strong deterrent.” The testimony states that the agency supports legislation that would provide “the Commission this valuable law enforcement tool.”
The testimony notes that while it is often challenging to locate and apprehend perpetrators who plant spyware on consumers’ computers, the FTC has “successfully challenged the distribution of spyware that causes injury to consumers online,” initiating 11 spyware-related law enforcement actions since 2004.
The testimony states that the Commission’s law enforcement cases targeting spyware reaffirm three key principles.
“The first is that a consumer’s computer belongs to him or her, not to the software distributor, and it must be the consumer’s choice whether or not to install software. This principle reflects the basic common-sense notion that Internet businesses are not free to help themselves to the resources of a consumer’s computer,” the testimony says. Several FTC cases alleged that the defendants downloaded spyware onto computers without consumers’ knowledge or consent.
The second principle holds that spyware downloaders cannot bury disclosures of material information needed to correct otherwise misleading impressions. “Specifically, burying material
information in an End User license Agreement will not shield a spyware purveyor . . .” the testimony states. It notes that in two FTC cases, “the defendants failed to disclose adequately that the free software they were offering was bundled with harmful software programs.”
The third principle is that if a distributor puts a program on a computer, a consumer should be able to uninstall or disable it. The testimony notes that in two FTC cases, the companies downloaded adware that displayed frequent pop-up ads. The agency alleged that “the companies deliberately made these adware programs difficult for consumers to identify, locate, and remove from their computers, thus thwarting consumer efforts to end the intrusive pop-ups.” Settlements required the companies to provide a readily identifiable means to uninstall the adware.
The testimony notes that the agency has coordinated some law enforcement initiatives targeting spyware with criminal enforcers. “Many of the worst abuses connected with spyware are criminal, and, in appropriate cases, the Commission coordinates closely with the Department of Justice.”
In addition to the FTC’s spyware law enforcement initiatives, the agency has made consumer education a priority. “In 2005, the Commission and a partnership of other federal agencies and the technology industry launched a multimedia, interactive consumer education initiative, OnGuard Online, along with a Spanish-language version, AlertaenLinea.” The site attracts more than 350,000 unique visits a month, and many other organizations have adapted the materials for their own use.
“The FTC will continue its aggressive law enforcement and innovative consumer education programs in the spyware arena,” the testimony states.
The Commission vote to approve the testimony was 4-0.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.
MEDIA CONTACT:
Claudia Bourne Farrell,
Office of Public Affairs
202-326-2181
(6-11 spyware)
Source :
http://www.ftc.gov/opa/2008/06/spyware.shtm
admin on February 13th, 2006
Spyware is a form of computer software that is installed on a personal computer, without the owner’s knowledge, designed to intercept or take some sort of control over the owner’s interaction with their computer. Spyware is most commonly found on the PC platform and is most commonly associated with Windows based operrating systems.
Although the term spyware suggests that the hidden software secretly monitors the computer owner’s use of their PC, the functions of spyware can and will extend well beyond simple monitoring. Spyware programs can collect a wide array of personal information, such as the computer owner’s internet surfing habits, sites that they have visited and potentially reveal browser saved passwords. Spyware can also interfere with control of the infected computer in other ways, such as installing additional software, redirecting a web-browser to other websites the owner would not normally visit and accessing dangerous websites that will cause more harmful viruses or trojans to be installed without the PC owner’s knowledge. Spyware can also be manipulated to divert advertising revenue to a third party.
In some cases, spyware can also change computer settings, resulting in slow connection speeds, set different home pages, cause a loss of internet access and possibly disable other programs (including anti-virus and spyware removal software). In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.
