AllThingsD » Sophos

Facebook Working With Antivirus Vendors to Ward Off Spam, Malware

Lauren Goode — Wed, 25 Apr 2012 17:23:39 +0000

Facebook has partnered with a handful of antivirus software vendors to add their security services to its URL blacklist system, meant to protect users against spam and malware. Six-month antivirus software licenses from Microsoft, McAfee, TrendMicro, Sophos and Symantec will also be available to Facebook’s 900 million users for free.

Fake Angry Birds Slingshot Malware Onto Android Phones

Ina Fried — Fri, 13 Apr 2012 12:00:19 +0000

Some folks are getting more villains than they bargained for when downloading software claiming to be Angry Birds Space.

Gamemaker Rovio and antivirus firms are cautioning of malware-laden software disguising itself as the latest installment of the popular game series.

“As you get ready to pop pigs in zero gravity, watch out for fake versions of Angry Birds Space, and make sure to download safe by getting the official game from Rovio,” the Angry Birds maker warned on its Web site Thursday.

Sophos warned that a program purporting to be the Android version of the game actually installs malware and could render infected phones vulnerable to control by hackers. The malware-laden titles showed up on various alternative Android app marketplaces, not the official Google Play store.

“The Trojan horse, which Sophos detects as Andr/KongFu-L, appears to be a fully-functional version of the popular smartphone game, but uses the GingerBreak exploit to gain root access to the device, and install malicious code,” Sophos senior technology consultant Graham Cluley said in a blog post. “The Trojan communicates with a remote website in an attempt to download and install further malware onto the compromised Android smartphone.”

The space version of Angry Birds has soared to the top of the charts since being made available last month for Android, iOS, Mac and PC. Rovio said 10 million copies were downloaded in the first three days after it was made available on March 22.

What Connect.me–the Sign-up Page That Got 50K Users in a Day–Actually Does (Video)

Liz Gannes — Tue, 22 Mar 2011 17:42:27 +0000

A certain type of social Web user is virtually rabid for the new hotness. Connect.me’s page had all the right hooks: A cute and simple domain name and design, the enticing header “Reserve your username and get early access,” and rewards for getting connections from your social network to sign up as well.

And it worked. 50,000 users signed up in a day earlier this month, each of them giving the site credentials for one or more of their Facebook, Twitter or LinkedIn accounts.

The viral frenzy earned a quick backlash of criticism, most notably from the Sophos Naked Security blog, which warned of the potential for identity theft and cybercrime from an outfit that didn’t even have the decency to tell would-be users what it planned to do.

But in fact, the San Francisco-based Connect.me team is an earnest group of online data portability and personal identity nerds. The two founders met while collaborating on XDI, “a data structure for context graphs.” Co-founder Drummond Reed was previously the director of three separate non-profit open identity foundations and consortiums.

But Reed and his fellow user-centric identity advocates have mostly been at the fringes of the social Web, with corporate outfits like Facebook Connect overpowering efforts to spread more distributed and independent alternatives.

Reed said in an interview with NetworkEffect that he feels it’s time to turn all this work into a commercial project that gets something done. We ducked into a relatively quiet room out of the South By Southwest hubbub to shoot a video about his company.

[ See post to watch video ]

So what is Connect.me? Reed describes it as a personal network, rather than a social network, where users control the information they want to share with a vendor. So instead of a brand creating a page on Facebook and getting people to “like” it within that corporate-owned context, the brand and user could have a peer-to-peer relationship. And brands may pay a premium to access these voluntary users. Connect.me has raised $300,000 in angel funding and plans to launch in May.

The problem–ironic considering the viral success of Connect.me’s sign-up page in comparison to other companies’ social networks–will be how to grow a sort of anti-social alternative in the face of massively social competition. If you lose the social part of an online network, you lose the carrot that gets people to participate in the first place: their friends.

Further, how can Connect.me communicate its concepts to users in a way that resonates and seems accessible and useful? Reed said he’s hopeful that media attention to users’ loss of online privacy–like the Wall Street Journal’s “What They Know” series about tracking technology–will bring the masses in his direction.

But for the moment, Reed is using geeky descriptors like “a trust framework around the way we exchange personal data.” In fact, the company’s platform is to be branded the Respect Trust Framework.

On the other hand, the one thing we can say for certain about Connect.me is it has an aptitude for getting the word out.

Twitter Still Attracting New Users, Phishers

Peter Kafka — Mon, 22 Feb 2010 12:33:32 +0000

Twitter’s astonishing growth doesn’t just generate awe and giant valuations, it attracts scammers who want to prey on the service’s ever-expanding user base.

The most recent example: A new wave of phishing attacks, which are generally–but not always–sent via the service’s “direct message” feature. And which generally–but not always–feature language like “LOL is this you” in the message.

Like most phishing attacks, this one has some telltale signs, if you’re the kind of person who’s inclined to see them. There’s the odd text in the message itself. And the “bzpharma” text that appears in the URL address is a big giveaway.

But! As with many other phishing attacks, if you’re not looking for this stuff or you’re just clicking quickly, it’s easy enough to get duped. The fake Twitter homepage created by the phishers looks real enough, as does the “fail whale” message you get after entering your info.

One easy step you can take to arm yourself against this kind of thing: Follow Twitter’s “Spam Watch” account, which does a decent job of keeping people informed attacks like these. But while that account has 148,368 followers, and tends to get retweeted a lot, the majority of Twitter users still won’t learn about this stuff in advance. Maybe it’s time for Twitter to build some equivalent of the emergency broadcast system.

Meanwhile, if you don’t like reading, the video below from the Sophos security firm (via Mashable) gives you a good idea of what this is all about.

Twitter: We Reset Some Passwords as Security Measure

John Paczkowski — Tue, 02 Feb 2010 13:31:23 +0000

According to Sophos’s 2010 Security Threat Report, there has been a dramatic rise in attacks on social networks in the past year. So reports this morning from a number of Twitter users claiming they’ve received an email from Twitter asking them to reset their passwords after a suspected phishing attack are certainly cause for concern–either because they have indeed fallen victim to a phishing attack or because they’re about to fall victim to one by following the email’s instructions (see text below; click to enlarge).

Certainly, it’s difficult to determine if the email is genuine. After all, its subject line is “Please change your twitter password,” and conventional wisdom is to never click a password-reset link in an email. That said, Twitter users who received it and followed its instructions have regained access to the service after being locked out.

So, if you’ve received such an email, tread carefully.

As of this writing, Twitter has not commented on these reports on its blog or status page, though that doesn’t necessarily mean anything. In any event, I’ve asked the company for an explanation and will update here if and when I receive one.

UPDATE: Twitter just sent me the following comment:

As part of Twitter’s ongoing security efforts, we reset passwords for a small number of accounts that we believe may have been compromised offsite. In one case, a number of accounts posted updates indicative of giving their username and password to untrusted third parties. While we’re still investigating and ensuring that the appropriate parties are notified, we do believe that the steps we’ve taken should ensure user safety. We’ll continue provide updates as warranted at @safety and @spam. We do, as always, encourage our users to read our help pages on what to do if your account is compromised: http://twitter.zendesk.com/forums/10713/entries/31796 and how to stay safe on Twitter: http://twitter.zendesk.com/forums/10711/entries/76036.

[Image credit: Andrew R.H. Girdwood]

Internet Explorer: Should You Stay or Should You Go?

Nick Wingfield — Tue, 19 Jan 2010 08:30:32 +0000

French and German government agencies have told people they should ditch Microsoft’s (MSFT) Internet Explorer browser, at least temporarily, because of a security hole that hackers are thought to have exploited on recent cyberattacks against Google and other companies. What should you do?

Switching to an alternative Web browser like Firefox or Google (GOOG) Chrome is one possibility. For now, security companies like McAfee (MFE) have only identified the latest security exploit as an Internet Explorer issue, but there’s no guarantee that they won’t find vulnerabilities in other browsers that were involved in the broad attack on Google and others.

Generally speaking, a browser switch is going to be a lot easier for an individual than it will be for corporate users, where IT policies often dictate which browser people use on their computers. Graham Cluley, a senior technology consultant and security firm Sophos, said in a blog post Monday that companies may cause “more problems than it’s worth by summarily switching browsers” because of the potential for employee confusion and Web site compatibility problems caused by the new software.

Read the rest of this post on the original site

Bit.ly Inks Malware-Spotting Deals

Andrew LaVallee — Wed, 02 Dec 2009 09:00:17 +0000

As popular as link-shortening services are, security experts have been warning users that they put themselves at risk of malware infection by using them, since a suspicious-looking Web address just becomes another Bit.ly or TinyURL link once it’s shortened.

On Monday, Bit.ly announced partnership with several security firms, including Websense (WBSN), Sophos and VeriSign (VRSN), that it said helps to address that.

The three of them will provide malware and spam-detecting services designed to keep fraudulent links from making their way into Bit.ly URLs, which in turn are used extensively on Twitter, email and social-networking sites like Facebook and MySpace.

Read the rest of this post on the original site

Cybercrime Capitalizes on Swine-Flu Fears

Marisa Taylor — Wed, 18 Nov 2009 18:48:13 +0000

Cybercriminals are capitalizing on swine-flu fears by pitching sales of fake Tamiflu, security firm Sophos said.

Networks of fraudsters use spam and malware to direct Web traffic to phony pharmaceutical sites, wrote Graham Cluley, a technology consultant for Sophos.

“Although unwitting buyers do often receive some kind of drug as result of the transactional exchange, at best the drug doesn’t work and at worse it can pose serious health risks,” he added. Cybercriminals are “putting their customers’ health, personal information and credit card details at risk” with these counterfeit versions of Tamiflu.

Many of these fraudulent pharmaceutical sites originate in Russia, Sophos’s Dmitry Samosseiko noted in a paper on the topic. One network called GlavMed, for example, has more than 120,000 online pharmacy sites selling generic drugs under the name of Canadian Pharmacy.

Read the rest of this post on the original site

Beware the Michael Jackson Spam

Andrew LaVallee — Fri, 26 Jun 2009 23:20:18 +0000

It didn’t take long for fraudsters to exploit Michael Jackson’s death, as online security firms began reporting email scams using his name to attract victims.

One message contains links supposedly of unpublished photos and a YouTube video of the singer, but the link prompts recipients to download a file that, when opened, opens a legitimate Web page while downloading and installing malware, according to San Diego-based security provider Websense.

Elsewhere, an email is circulating that reads: “Vital informations after the death of Michael Jackson’s I really need some one trusted & secretive to speak with with informations i have in my possession before its too late Kindly reply me and i will immediately respond back,Its for just secret between both of us,” warned Graham Cluley, a senior technology consultant at security firm Sophos.

Read the rest of this post on the original site

Don't Be Evil–Just Serve Ads on It

John Paczkowski — Thu, 24 Jul 2008 16:49:31 +0000

Looks like Google’s Blogger is a more popular blogging platform than WordPress and Moveable Type, after all–in some circles, anyway. Internet security outfit Sophos says it detects just over 16,000 malicious Web pages each day, and nearly 2 percent of them are hosted on Blogger. “The number one host for malware on the web is Blogger (Blogspot.com), which allows computer users to make their own Web sites easily at no charge,” Sophos said in its 2008 Security Threat Report (PDF), adding that between malicious blogs and malicious comments posted to otherwise benign blogs, Blogspot.com accounts for two percent of all of the world’s malware hosted on the Web.

And Google (GOOG) is serving up ads on it.

To be fair, though, it’s no easy task for the search giant to keep Blogger malware-free. So in some sense, the fact that the service hosts just two percent of all malware and not 20 percent is an achievement, as Sophos’s Graham Cluley notes. “If you think about it, Blogger/Blogspot’s position is probably not surprising–it’s a phenomenally popular platform for people to create their own Web pages (blogs), and gives Internet users the ability to comment on other people’s blogs,” Cluley said in a post to his blog. “Inevitably, there are ne’er-do-wells out there who will try and abuse a great service like that, and try and plant malware and malicious links. For its part, Google–the company who own Blogspot–takes security seriously, and works hard to shut down Web pages serving up malware.”

Don't Be Evil–Just Serve Ads on It

John Paczkowski — Thu, 24 Jul 2008 16:49:31 +0000

And Google (GOOG) is serving up ads on it.

Survey: 41% of Facebook Users Total IDiots

John Paczkowski — Tue, 14 Aug 2007 18:22:09 +0000

In an experiment, 41% of Facebook users were willing to divulge highly personal information to a complete stranger. This according to IT security firm Sophos, which invited 200 randomly selected Facebookers to befriend a bogus Facebook user named “Freddi Staur” (an anagram of “ID Fraudster”). Of those queried, 87 responded to the invitation, among them 82 people whose profiles included personal information such as their email address, date of birth, address or phone number. In total:

72% of respondents divulged one or more email address
84% listed their full date of birth
87% provided details about their education or workplace
78% listed their current address or location
23% listed their current phone number
26% provided their instant-messaging screen name

Yikes. You’d think institutional privacy concerns would be enough to make folks think twice about expanding their Facebook networks with reckless gusto, wouldn’t you? Guess not.

“It certainly doesn’t bode well when you’re talking about privacy concerns,” Ron O’Brien, a senior security analyst at Sophos, told InformationWeek. “The information they’re offering up could be just as valuable as credit card information for someone trying to build a profile of you. People need to be more selective about whom they provide information to. … Collecting ‘friends’ is encouraged by social-networking and business-networking sites,” he added. “It’s a status thing to see how many friends or contacts you can rack up. … This was intended to demonstrate to the average user that they need to exercise a lot of caution. The Web is a doorway and it shouldn’t be constantly open.”