The email offers news of Barack Obama's speech, recorded the day after the election results were published. Clicking on the link leads the user to a purposely registered domain which advises the user that they need to install the latest version of Adobe Flash player before the video can be viewed. The malicious Web site actually links to a file called 'adobe_flash.exe'
Why Law Departments Should Beware Super-Sized Firms
http://www.law.com/jsp/ihc/PubArticleIHC.jsp?id=1202425818568&rss=newswire
Adobe fixes 6 flaws in Flash For the second time in two days, Adobe Systems has issued a security update to fix multiple vulnerabilities in one of its most-popular programs, Flash Player. Read more...
Opinion: Card breaches shake faith in e-payments
Ex-Intel worker indicted on $1B trade secrets theft
Once thought safe, WPA Wi-Fi encryption is cracked
A smaller Window for Internet attacks
A jailbreak for Google's Android
Malware Piggybacks on Obama Win
http://voices.washingtonpost.com/securityfix/2008/11/malware_piggybacks_on_obama_wi.html
Cyber criminals are blasting out massive amounts of spam touting a video of President-elect Barack Obama's victory speech. Recipients who click the included link are taken to a site that prompts visitors to install an Adobe Flash Player update. The bogus update, however, is actually a data-stealing Trojan horse.
The messages, with such subject lines as "election results winner," and "the new president's cabinet?", and "fear of a black president," direct recipients to a site featuring a picture of Obama beneath an official U.S. government seal and the domain name america.gov (the real domain names used to host these fraudulent sites appear to differ from message to message). Beside Obama's visage is an embedded video player that reads "loading player." A few seconds after the site loads, the visitor is prompted to download the malware, disguised as "adobe_flash9.exe".
http://www.microsoft.com/security/portal/sir.aspx
The Latest Microsoft Security Intelligence Report
The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows users, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications. The fifth volume of the report is now available:
SIR Volume 5 (January through June 2008) and Key Findings Summary
No comments:
Post a Comment