Sophos | Social Media Blog

Jul
27

Google+ misses an opportunity – Privacy is an important part of openness

Category: Social, Technology Tags: facebook, google, google+ privacy, LinkedIn, Mark Zuckerberg, Privacy, social network, Social network service, Sophos, twitter Leave a Comment

Image representing Google as depicted in Crunc...

Image via CrunchBase

Article from Sophos authored by Chester Wisniewski

Google‘s new “Plus” social networking service attracted more than 10 million users within a week of its public beta. That is a remarkable number of people signing up for an unfinished social network when the field of options is already quite crowded.

Why would so many people flock to Google+? The one thing almost everyone that I know references is privacy and control, or at least the hope that it might achieve that end.

‘Boy reaction after his Ex girlfriend posted’ clickjacking Facebook scam

Category: Social, Technology Tags: clickjack, Confidence trick, facebook, firefox, Justin Bieber, likejack, Mozilla Firefox, NoScript, Sophos, Wikipedia, youtube 1 Comment

Image via Wikipedia

It sometimes feels like the number of scams spreading across Facebook is never ending. Here is the latest one that was brought to my attention by members of Sophos’s Facebook page:

Boy reaction after his Ex girlfriend posted on his wall
[LINK]
lol What true pain both are having at this moment.

It’s another survey scam, of course, which earns commission for the folks who created the webpages and kicked off the campaign in the first place.

How a free breakfast day at McDonalds can lead to malware danger

Category: Social, Technology Tags: Confidence trick, EXE, Fast food, McDonald's products, McDonalds, Sophos, SophosLabs, There ain't no such thing as a free lunch, Trojan horse (computing), Trojan Horses, ZIP (file format) Leave a Comment

Image by bradlauster via Flickr

If you’re the sort of person who wakes up in the morning, and the first thing you long for is a McDonalds‘ breakfast – but if you are, you might just be exactly what malware authors are looking for.

Researchers at SophosLabs have seen a malicious email that has been spammed out across the world in the last couple of days pretending to come from McDonalds.

The email claims that the fast-food giant is offering free breakfasts in each and every of their many thousands of restaurants around the globe. Chances are that there are many people who would love the prospect of munching on a McDonalds first thing in the morning.

Visit the New Facebook scare spreads on Facebook

Category: Social, Technology Tags: Amy Allen, Betting in poker, chainletter, Computer security, Confidence trick, facebook, Getty Images, Hacker (computer security), Hayden Panettiere, Online Communities, Rihanna, social network, Sophos Leave a Comment

SAN FRANCISCO - NOVEMBER 15: Facebook founder...

Image by Getty Images via @daylife

Warnings are being posted across Facebook, warning users to beware messages from friends that invite them to “Visit the New Facebook”.

Although these messages are being shared by Facebook users with the best of intentions, the warning about the risk of being locked out of your own Facebook account may in fact be more of a nuisance than the alleged hacker attack itself.

Here’s a typical message seen on Facebook:

PLEASE RE-POST FOR EVERYONE!!!!!!!!!THIS NOTICE IS DIRECTED TO EVERYONE WHO HAS A PAGE ON FACEBOOK: IF SOME PEOPLE IN YOUR PROFILE OR YOUR FRIENDS SEND YOU A LINK WITH WORDS "VISIT THE NEW FACEBOOK ' DO NOT OPEN! IF YOU OPEN IT YOU CAN SAY GOODBYE TO YOUR PAGE. IT'S A HACKER WHO STEALS YOUR DETAILS AND REMOVES YOU FROM YOUR OWN PAGE. COPY AND SPREAD THE WORD

However, Sophos researchers have found no evidence that the threat is real. We simply haven’t managed to uncover any reports of any users hit by such an attack.

As such, it appears that this is just the latest chainletter spreading across the social network. We’ve certainly seen plenty of similar examples of hoaxes spread by well-intentioned people in the past.

Remember, a genuine alert would be likely to contain a link to a legitimate security firm’s website – detailing the true nature of the threat.

Remember to always get your computer security advice from a computer security company. Friends may be well-intentioned in passing on warnings, but it’s always good to check your facts before forwarding them any further.

Source :- http://nakedsecurity.sophos.com

Visit the New Facebook? Hacker warning spreads like wildfire on social network (pratyushkp.wordpress.com)
Jason Allen / Amy Allen virus hoax spreads on Facebook (blogoholic.in)
Visit the New Facebook? Hacker warning spreads like wildfire on social network (blogoholic.in)
Facebook phishing: Can you spot the difference? (blogoholic.in)
Facebook Dislike button spreads fast, but is a fake – watch out! (pratyushkp.wordpress.com)
Spam from your Facebook account? Malware attack poses as official warning (pratyushkp.wordpress.com)
Rihanna and Hayden Panettiere sex video spreads Mac malware on Facebook (blogoholic.in)
Dad catches daughters on webcam: Beware viral Facebook video link (pratyushkp.wordpress.com)
Hottest & Funniest Golf Course Video scam spreads virally on Facebook – beware! (blogoholic.in)

Jun
9

By pratyushkp

Fake anti-virus cloaks itself to appear to be Microsoft Update

Category: Social, Technology Tags: AntiVirus, microsoft, Microsoft Windows, Mozilla Firefox, Rogue security software, Sophos, Spamdexing, Windows, Windows Update, Windows XP 1 Comment

Original post on Sophos. Author – Chester Wisniewski

We are seeing the criminals behind fake anti-virus continuing to customize their social engineering attacks to be more believable to users and presumably more successful.

Last week I wrote about fake Firefox malware warnings leading users to rogue security software. This week they’ve started to imitate Microsoft Update.

The page is nearly an exact replica of the real Microsoft Update page with one major exception… It only comes up when surfing from Firefox on Windows. The real Microsoft Update requires Internet Explorer.

The same site was also hosting the traditional Windows XP explorer scanner we have seen for years, as well as a new Windows 7 scanner.

Similar to spam messages that have corrected their grammar and use correct imagery and CSS, the attackers selling fake anti-virus are getting more professional.

They use high quality graphics and are using information from our UserAgent strings that are sent by the browser to customize your malware experience.

Just like visiting your bank you should only trust security alerts in your browser if you initiated a check with Microsoft, Adobe, Sophos or any other vendor for updates to their software.

Blackhat SEO and Fake anti-virus – Like chocolate and peanut butter (blogoholic.in)
More Mac malware – top tips for avoiding infection (nakedsecurity.sophos.com)
Microsoft Updates Bing Mobile (thenextweb.com)
Saving Your Computer from Attack! (godofnothingnow.wordpress.com)
New Microsoft Safety Scanner tool cleans over 20,000 machines in a week (winrumors.com)
How do I protect my PC while surfing the net? (ask.metafilter.com)

Jun
9

By pratyushkp

Received a malicious Christmas card – in June!

Category: Social, Technology Tags: Antivirus software, Christmas, Christmas card, Graham Cluley, Greeting card, Microsoft Windows, Sophos, Trojan horse (computing) Leave a Comment

Image via Wikipedia

Original post on Sophos. Author – Graham Cluley

We’re having an uncharacteristically sunny June day here in Britain, making it feel all the more incongruous to see Christmas cards are being sent out via email.

But you should be careful, because these aren’t just badly timed emails wishing you season’s greetings – these emails have a malicious payload designed to infect your Windows computers.

Here’s a typical example of the type of message that has been intercepted by SophosLabs:

Subject: You have received a Christmas Greeting Card!

Message body:
You have just received a Christmas greeting card!
To see your custom card and who sent it, please click the attachment

Attached file: Christmas Card.zip

Although the email claims to come from 123greetings, a legitimate and well-known ecard website, the reality is that the bad guys have forged the headers in this email in an attempt to trick you into clicking on the attachment.

The danger is, of course, that you may be bemused by the notion of receiving a Christmas card in June and click on the attachment out of curiousity. That would be a big mistake, however, as it contains the Mal/CryptBox-A Trojan horse.

So you should have trusted your instincts. There’s always going to be something odd about a Christmas card arriving in June – and like any other unsolicited attachment it should be approached with caution.

Make sure that your anti-virus software and email protection is in place, and make sure you’ve had a good healthy helping of common sense next time you receive an out-of-season greeting.

I’ve just received a malicious Christmas card – in June! (nakedsecurity.sophos.com)
Fantastic Ideas for Homemade Christmas Cards (kleenexmums.com.au)
Christmas Card Garland (casasugar.com)
Make the most of Christmas in Australia (kleenexmums.com.au)
My Somewhat Childish Christmas Décor (casasugar.com)
A Christmas control beater (nickcouldry.com)

Social Media Blog

Subscribe to Blog via Email

Recent Posts

Meta

Google+ misses an opportunity – Privacy is an important part of openness

‘Boy reaction after his Ex girlfriend posted’ clickjacking Facebook scam

How a free breakfast day at McDonalds can lead to malware danger

Visit the New Facebook scare spreads on Facebook

Related articles

Fake anti-virus cloaks itself to appear to be Microsoft Update

Related articles

Received a malicious Christmas card – in June!

Related articles

Subscribe to Blog via Email

Recent Posts

Tags

Meta