I think this is hilarious.
A group of scammers called Mr Brain provide different phising, scamming tools to would be scammers. The reason the groups scripts are so popular are their ease of implementation, some can be done in as little as a minute. So the little script kiddies can just fill in a few details in the script config file and they think their done. The icing on the cake is these very scammers are themselves being scammed. The scripts also have some other code that is encrpyted that sends all the information gathered, back to the Mr Brain group. So these poor startup scammers just can’t get a break as the big guys already drained all the accounts.

Source: Netcraft

Tags: IT, phising, scammers, script, script kiddies, security, spam, tech

Companies and businesses will always need an IT department, why you ask. Because the people these companies hire just don’t care about security or just don’t know any better. A recent survey of employees revealed that at least 35% have violated IT policies put in place to protect company as well as customer’s data. At least 15% have use P2P networking clients on corporate networks, if thats not asking for trouble I don’t know what is. What you had 100,000 customer accounts in your shared folder, oh well?!

Most employees don’t care about their information either, 3/4 or employees check their personal accounts (email, banking, ebay) from work. Not only does this pose a security problem in the form of spyware, viruses, and other forms of nasties, but puts their personal information out on a public network. That same 3/4 also probably installs the good ol bonzi buddy, and my cool web search. This is why companies will also need IT to clean up the mess their idiotic employees make, oh and to have someone to blame for the whole lost customer account thing.

Source: Net Security.org

Tags: business, IT, security

Yes you heard right. The first malware written for the Mac has been named OSX.RSPlug.A by Intego (a Mac-security company). The malware is disguised as a video-codec that users are tricked into installing in order to watch nasty movies. This malware is written to hijack DNS of the machine it’s installed on, redirecting their web requests to another web page. The thing about this is it only redirects users who attempt to visit one obscure adult website. It could be alot worse, it could have spoofed bank sites, paypal, or ebay.

This malware doesn’t exploit a hole in the Mac OS, instead it relies on good old social engineering. McAfee researchers have already found this on 65 websites, so this is becoming widespread fast. Security has never been a priority to Apple, soon all types of nasty software will exploit holes that do exist in the OS.

Security researcher Gadi Evron
“Apple’s day has finally come, and Apple users are going to get hit hard, OS X is the new Windows 98.”

Source: Wired

Tags: apple, computer, mac, malware, security

It seems that AOL, which has sent me many a wonderful coaster for cold beverages, doesn’t really care about the security of they user base. As we all know AOL users aren’t known for their computer prowess and don’t need any more help giving away personal information. It’s been reported that AOL is truncating passwords to 8 characters even if a stronger 16 character password is used. This makes a brute force password attack much simpler for attackers. Although probably the easiest way to get AOL passwords is to simply ask the user for it in a crudely crafted email phish. Just because it looks like it comes from billing@aol.com doesn’t mean you should give them your first-born child if they ask for it.

Source: ITWire

Tags: aol, IT, security, tech

According to Symantec

U.S.-based credit cards with a card verification number were available for between US$1 to $6, while an identity” including a U.S. bank account, credit card, date of birth and government-issued identification number” was available for between $14 to $18,

To gain access to the information needed for the sale of identities hackers use a combination of social engineering, maliciously crafted word documents, and any of the zero-day exploits being announced all the time. They then send the word document with it’s dubious payload to unexpecting users. Since it is a word document commonly assumed to be safe and since most email servers don’t block these type of attachments, the user happily clicks on it and all is lost.

• Symantec has a video showing how these attacks happen.
• Macworld has the rest of article on this very scary transaction.
• Symantec’s full white paper on the whole deal here. (warning large pdf)
• Itwire also has this article on more of Symantec’s report.

Tags: business, IT, microsoft, security, spam, tech