More than 1,000 hacked sites serving up phony update; Adobe issues warning

By Gregg Keizer

More than a thousand hacked Web sites are serving up fake Flash Player software to users duped into clicking on links in mail that's part of a massive spam attack masquerading as CNN.com news notifications, security researchers said today.

The bogus messages, which claim to be from the CNN.com news Web site, include links to what are supposedly the day's Top 10 news stories and Top 10 news video clips from the cable network. Clicking on any of those links, however, brings up a dialog that says an incorrect version of Flash Player has been detected and that tells users they needed to update to a newer edition, said Sam Masiello, vice president of information security at Denver-based security company MX Logic Inc.

One distinguishing feature of the attack, Masiello added, is the endless loop it uses to frustrate victims. If user clicks "Cancel" in the dialog that prompts for an update, another pop-up appears, said Masiello, that tells the victim that they have to download it to view the video. Clicking "Cancel" there returns the user to the first dialog.

Posted by Greg Hewitt-Long in Adware, Spyware and Trojans at 09:06

One of Google's latest features can be manipulated to spread malware, a pair of researchers said Wednesday at the Black Hat conference in Las Vegas.

Google gadgets are small applications, such as a currency converter, calendar or weather forecast, that can be added to iGoogle on a user's homepage or the computer's desktop.

The problem lies in the fact that the mini-modules are created by third-party developers, who can embed malicious JavaScript to redirect users to hacker websites, security researcher Robert “RSnake” Hansen told several hundred people in attendance.

Posted by Greg Hewitt-Long in Adware, Spyware and Trojans at 08:58

By Bill Magee

UK BANKS and other financial institutions are being warned to be extra vigilant following the release on the internet of a new so-called "PC super bug" designed to steal online banking log-on details on an unprecedented scale.

Cyber criminals have let loose a virus called Limbo 2 Trojan, which, according to security experts, is an extremely nasty bug developed specifically to worm its way into finance websites in order to cause maximum damage.

Posted by Greg Hewitt-Long in Adware, Spyware and Trojans at 07:57

Phorm factor

OUR FAVOURITE POLITICIAN Viviane Reding is making herself unpopular in the hallowed halls of Westminster once again.

The tech crusader who famously forced greedy mobile telcos to cut extortionate data roaming charges, has given the UK Government until next month to fess up about the use of Phorm, a sneaky bit of spyware which tracks internet usage under the guise of an advertising targeting system.

Posted by Greg Hewitt-Long in Adware, Spyware and Trojans at 07:50