News, Fraud

Playstation 2 gaming fans were targeted by Trojan linked to scareware scams.

Downloads posing as Playstation 2 emulators that let games designed for Sony's console  be played on PCs instead deliver only a Trojan.

Madoff Ponzi scheme victims are being further tricked into another scam. The Securities and Exchange Commission is alerting investors about a Web site that falsely claims to have recovered $1.3 billion in funds hidden by convicted Ponzi schemer Bernard Madoff in Malaysia.

Victims are asked to provide their personal information to verify that they are on a refund list. But in fact the data are used by the con artists for ripping off these financial fraud victims.

As it became known, Tuesday about 25% of the servers linked to Zeus-related botnets suffered superb blow after the ISP taken offline. This represented continuation of a recent trend of takedowns hitting some of the world's most scummy cyber operations.

The Merchant Risk Council (MRC), a merchant-led trade association focused on electronic commerce risk and payment strategies, reported the results of its Annual Merchant Fraud Survey, which was sponsored by CyberSource Corporation.

The report reveals that MRC Platinum Members (200+ of the largest online retailers in the world) set best in class sample at how to reduce revenue losses due to cyber theft.

The survey shows:

Twitter microblogging service announced that it is implementing a new anti-phishing feature which enables Twitter’s Trust and Safety team to monitor all links submitted through the service for potentially malicious attacks. The new functionality will involve the use of Twitter’s link shortener twt.tl, which may now start popping up in some of your emails and direct messages. Still it remains unclear which links in particular will be converted into a shortened format.

On their official company blog Twitter wrote the following:

Last week Internet community rejoiced over the take down of the Mariposa and Waladec botnets. Still many security experts think this is not the definitive victory and in fact the winning is too small. It is the prosecution of the orchestrators behind such criminal schemes that will make the fight against botnents efficient.

According to US Federal Deposit Insurance Corporation data, small businesses computer scam made up $25 million in the third quarter of 2009.

Online banking fraud involving the electronic transfer of funds has been increasing since 2007 and reached the volume of over $120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC.

In a move to provide customers with more comprehensive and functional security software Kaspersky Lab has launched a new product which integrates its current consumer security suite with new capabilities such as encryption, backup, password management, and the ability to manage the product across a network.

The new software called Kaspersky Pure offers a number of additional security tools apart from already existing features. The product replicates Kaspersky antivirus and antispam capabilities. Still it is different.

Last week Department of Homeland Security's US-CERT reported that the Energizer Bunny infects PCs with backdoor malware. Researchers at US-CERT (United States Computer Emergency Readiness Team) have found that the software accompanying the Energizer DUO USB battery charger has a Trojan which allows total access to users’ PCs to hackers.

Energizer Holdings which confirmed the software contained the Trojan horse said that the Energizer DUO, a USB-powered nickel-metal hydride battery recharger, has been discontinued.

Facebook members are being tricked into a new scam related to iPad. As Apple has scheduled to launch its iPad later this month with the 3G model to come in April users are deceived they can obtain their own computer tablet before the official launch date. Graham Cluley's Sophos blog explained the principle of the fraudulent scheme.

An online security vendor M86 Security reported that many URL filters and antivirus applications fail to recognize a big volume of malicious URLs. The conclusions were made on the basis of the test performed by the company.

M86 Security used three leading but unnamed antivirus products against 15,000 malicious URLs and found that only 39% were blocked successfully.

Having screened the set of malicious URLs against a URL filter the company found that only 444, about 3%, were correctly detected.

As it became known, Spanish authorities eliminated the world's largest botnets infiltrated more than half of the Fortune 1000 companies, having arrested three of the ringleaders of the the botnet, named Mariposa.

The alleged haven’t been identified by name, but they're described as Spanish citizens with no criminal records whose internet names and ages were "netkairo," 31; "jonyloleante," 30; and "ostiator," 25.

Dedicated World of Warcraft players may fall victims to a sophisticated attack orchestrated by cyber crooks. Hackers have developed a man-in-the-middle-attack designed to circumvent authentication kit used by the gamers.

Players are lured into installing Trojans disguised as gaming ad-ons. As soon as the installation is successful the malware provides hackers with an access to capturing and relaying authentication commands next time a victim logs on to Blizzard's servers.
 

According to a recent report by the Identity Theft Resource Center the top cause behind the data breaches is hackers. Previously information was stolen due to lost laptop with unencrypted data or even a lost briefcase. In 2009 the situation changed to that one out of every five data breaches had a hacker behind it.

A security vulnerability in older versions of Windows operating system is being investigated by the Microsoft team according to the company’s Jerry Bryant. The flaw allows attackers to execute malicious code on end user machines.

The vulnerability under probe combines scripts based on Microsoft's Visual Basic language with Windows help files for Internet Explorer. Attacker hosting a malicious website can remotely run arbitrary code by convincing the user to press the computer's F1 key in response to a popup window.