Tag Archives: sans internet storm center

Scammers Swap Google Images for Malware

May 6, 2011

A picture may be worth a thousand words, but a single tainted digital image may be worth thousands of dollars for computer crooks who are abusing weaknesses in Google’s Image Search service to foist malicious software.

For several weeks, a number of readers have complained that clicking on Google Images search results redirected them to Web pages that pushed rogue anti-virus or “scareware” through misleading security alerts and warnings. On Wednesday, the SANS Internet Storm Center posted a blog entry saying they, too, were receiving reports of Google Image searches leading to fake anti-virus. According to SANS, the attackers have compromised an unknown number of sites with malicious scripts that create garbage Web pages filled with the top search terms from Google Trends. The malicious scripts also fetch images from third-party sites and include them in the junk pages alongside the relevant search terms, so that the automatically generated Web page contains legitimate-looking content.

Exploit Packs Run on Java Juice

January 10, 2011

25 Comments

In October, I showed why Java vulnerabilities continue to be the top moneymaker for purveyors of “exploit kits,” commercial crimeware designed to be stitched into hacked or malicious sites and exploit a variety of Web-browser vulnerabilities. Today, I’ll highlight a few more recent examples of this with brand new exploit kits on the market, and explain why even fully-patched Java installations are fast becoming major enablers of browser-based malware attacks.

Spear Phishing Attacks Snag E-mail Marketers

November 24, 2010

12 Comments

Criminals have been conducting complex, targeted e-mail attacks against employees at more than 100 e-mail service providers (ESPs) over the past several months in a bid to hijack computers at companies that market directly to customers of some of the world’s largest corporations, anti-spam experts warn.

The attacks are a textbook example of how organized thieves can abuse trust relationships between companies to access important resources that are then recycled in future attacks.

Microsoft Plugs a Record 49 Security Holes

October 12, 2010

2 Comments

Microsoft today issued 16 update bundles to fix a record-breaking 49 separate security vulnerabilities in computers powered by its Windows operating systems and other software.

Tool Blunts Threat from Windows Shortcut Flaw

July 21, 2010

32 Comments

Microsoft has released a stopgap fix to help Windows users protect themselves against threats that may try to target a newly discovered, critical security hole that is present in every supported version of Windows.

McAfee False Detection Locks Up Windows XP

April 21, 2010

23 Comments

McAfee’s anti-virus software is erroneously detecting legitimate Windows system files as malicious, causing reboot loops and serious stability problems for many Windows XP users, according to multiple reports.

Unpatched Java Exploit Spotted In-the-Wild

April 14, 2010

33 Comments

Last week, a Google security researcher detailed a little-known feature built into Java that can be used to launch third-party applications. Today, security experts unearthed evidence that a popular song lyrics Web site was compromised and seeded with code that leverages this Java feature to install malicious software.

FBI: Beware Haitian Quake Relief Scams

January 14, 2010

58 Comments

The earthquakes that have wrought so much devastation and death in Haiti this week are moving many to donate to various relief efforts. But security experts and the FBI are warning people to be on the lookout for ghoulish criminals… Read More »

Security Tweaks for Adobe Reader

January 5, 2010

12 Comments

Adobe is planning to ship an update a week from today that fixes a critical vulnerability in its free and widely used PDF Reader program. Unfortunately, according to experts, criminal hackers are starting to step up attempts to exploit the… Read More »