Fraud

Vodafone Spain admitted about 3,000 customers were potentially vulnerable to malware after Mariposa botnet agents strayed onto the HTC Magic smartphone.

Vodafone has launched a probe into the infection. The company maintains that the whole losing business is "isolated and local". Actually, there's no evidence that HTC Magic smartphones supplied by Vodafone elsewhere in Europe are injured. Meantime, new figures suggesting 3,000 users were exposed to the malware make it one of the biggest incidents of an IT supplier shipping pre-pwned mobile kit.

Users of Facebook were warned by the social networking website about a bogus password reset scam. Members are sent an email where they are falsely told that their password has been changed because of a supposed security incident.

The fraudulent messages recommend the users to open an email attachment for more information. And this email attachment, naturally, turns no other than a malware which is a keystroke Trojan. Once it is installed on your PC it steals every password you type.

It was found that there is a dedicated network that keeps most notorious botnets always-on connections and virtually immune from takedowns. Researchers at RSA have identified the network of the servers that shepherd tens of thousands of infected PCs so they continue to send spam, spread malware, and stay updated with the latest bot software.

Card details of many customers who made purchases at the Hancock Fabrics chain store in August and September might have been compromised as a result of a fraudulent scheme where perpetrators used bogus payment card processing terminals at multiple locations operated by the Hancock.

In a letter to customers Hancock warned that the personal identification number pads were stolen in August and September and "replaced with visually identical, but fraudulent PIN pad units”.

The mostly costly scam in 2010 according to McAfee report will be fake antivirus applications that prompt Internet subscribers to download malicious software under guise of anti-virus protection and pay their own money for such bogus products.

The report reveals that cyber crooks earn more than $300 million from luring unwitting users into downloading scareware. Over the past two years scareware grew by 660% while during the past 12 months it increased by 400%.

Playstation 2 gaming fans were targeted by Trojan linked to scareware scams.

Downloads posing as Playstation 2 emulators that let games designed for Sony's console  be played on PCs instead deliver only a Trojan.

Madoff Ponzi scheme victims are being further tricked into another scam. The Securities and Exchange Commission is alerting investors about a Web site that falsely claims to have recovered $1.3 billion in funds hidden by convicted Ponzi schemer Bernard Madoff in Malaysia.

Victims are asked to provide their personal information to verify that they are on a refund list. But in fact the data are used by the con artists for ripping off these financial fraud victims.

As it became known, Tuesday about 25% of the servers linked to Zeus-related botnets suffered superb blow after the ISP taken offline. This represented continuation of a recent trend of takedowns hitting some of the world's most scummy cyber operations.

The Merchant Risk Council (MRC), a merchant-led trade association focused on electronic commerce risk and payment strategies, reported the results of its Annual Merchant Fraud Survey, which was sponsored by CyberSource Corporation.

The report reveals that MRC Platinum Members (200+ of the largest online retailers in the world) set best in class sample at how to reduce revenue losses due to cyber theft.

The survey shows:

Twitter microblogging service announced that it is implementing a new anti-phishing feature which enables Twitter’s Trust and Safety team to monitor all links submitted through the service for potentially malicious attacks. The new functionality will involve the use of Twitter’s link shortener twt.tl, which may now start popping up in some of your emails and direct messages. Still it remains unclear which links in particular will be converted into a shortened format.

On their official company blog Twitter wrote the following:

Last week Internet community rejoiced over the take down of the Mariposa and Waladec botnets. Still many security experts think this is not the definitive victory and in fact the winning is too small. It is the prosecution of the orchestrators behind such criminal schemes that will make the fight against botnents efficient.

According to US Federal Deposit Insurance Corporation data, small businesses computer scam made up $25 million in the third quarter of 2009.

Online banking fraud involving the electronic transfer of funds has been increasing since 2007 and reached the volume of over $120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC.

In a move to provide customers with more comprehensive and functional security software Kaspersky Lab has launched a new product which integrates its current consumer security suite with new capabilities such as encryption, backup, password management, and the ability to manage the product across a network.

The new software called Kaspersky Pure offers a number of additional security tools apart from already existing features. The product replicates Kaspersky antivirus and antispam capabilities. Still it is different.

Last week Department of Homeland Security's US-CERT reported that the Energizer Bunny infects PCs with backdoor malware. Researchers at US-CERT (United States Computer Emergency Readiness Team) have found that the software accompanying the Energizer DUO USB battery charger has a Trojan which allows total access to users’ PCs to hackers.

Energizer Holdings which confirmed the software contained the Trojan horse said that the Energizer DUO, a USB-powered nickel-metal hydride battery recharger, has been discontinued.

Facebook members are being tricked into a new scam related to iPad. As Apple has scheduled to launch its iPad later this month with the 3G model to come in April users are deceived they can obtain their own computer tablet before the official launch date. Graham Cluley's Sophos blog explained the principle of the fraudulent scheme.