If you happen to see a too-good-to-be-true offer to watch the latest Harry Potter movie online for free, watch out.

According to anti-malware software maker PC Tools, opportunistic crooks are using poisoned blog comments and dirty search engine optimization tricks to highlight lures such as 'Watch "Harry Potter and the Half-Blood Prince" online free. Clicking a link would take you to a post that would then attempt to fool victims into downloading and installing a "streamviewer" to see the movie, which is of course actually malware. Online crooks have used fake video codecs and viewers for years as a favorite social engineering tactic.

While you're at it, keep an eye out for malware-spreading e-mail that attempts to foist the "Zbot" Trojan onto victim PCs. The bad guys are using a variety of e-mails, including some that warn of a supposed critical update for Microsoft Outlook, or declare that you've received an eCard. TRACElabs has a number of screen shots of the fake e-mails in their post. Some e-mails link to a malicious download, while others link to it directly.

There are tell-tales in the e-mails for an astute surfer, but they're hidden behind a layer or two of obfuscation. For example, the displayed link to the fake Outlook update shows as http://update.microsoft.com/...., and checking the actual URL by moving your mouse over the link might initially look legit as well, until you notice that the real URL is http://update.microsoft.com.[fakedomain].com...

Such links are another favorite bad-guy tactic. To guard against all this evil social engineering, your best bet by far is to always send downloads and attachments to Virustotal.com (the site the pros use) for a free multi-engine malware scan before running them on your PC.

Our Comment: It seems we have to be wary of everything now and check all of it out.

Original Article

Posted by Nancy Pursley in Virus & AntiVirus News at 09:54

Guy Kawasaki -- a Silicon Valley venture capitalist who was partially responsible for marketing the Macintosh in 1984 -- has almost 140,000 Twitter followers. Many of those followers likely thought it was strange that Kawasaki was suddenly into shilling porn, when a link purporting to host a pornographic video of "Gossip Girl" star Leighton Meester appeared on June 23. Anyone who downloaded the video discovered a virus that ravaged both PCs and Macs.

Antivirus organization Sophos posted a YouTube video explaining how the attack worked. As the Sophos video shows, the attack affected Macs. It can be taken for granted that the malware also infected PCs, because, well, everything infects PCs.

The malicious link has been disabled and no longer prompts visitors to download viruses.

Kawasaki claimed no responsibility for spreading the malware. He told his followers that his account was not hacked, but rather a page or its feed that he linked to was hacked. Kawasaki's Twitter account is hooked up to NowPublic, a user-contributed news site, and this tasty tidbit was filtered through into his account. Kawasaki also claims to have no idea who Leighton Meester is.

Twitter is no stranger to malware. Earlier this month, Twitter spam spread a worm that crippled Windows-based machines. There were also the Twitter worm attacks of April and May.

Twitter itself does not, and will not, filter links. It's the responsibility of the user and the reader to make judgment calls about whether they'd like to read about the Iran elections or expend pent-up energy on porn. The difficulty comes in the form of condensed URLs -- many users have no idea what they're clicking on, and by the time the mistake has been uncovered, it may be too late. It's particularly troubling when infected links appear on ultra-popular user sites that many people have grown to trust.

The Kawasaki Incident shouldn't tarnish your trust of all Twitter users, especially the megalithic ones. But if Oprah sends you off to scope out a raunchy video of Twilight's Edward Cullen, exercise a little self-restraint.

Our Comment: Be careful what you click on.

Original Article

Posted by Nancy Pursley in Virus & AntiVirus News at 02:36

I've received several phishing e-mails that look surprisingly authentic and professional.

I do not know about you, but for the past couple of days my inbox has received several e-mails claiming to be from Microsoft while touting links to updates for Microsoft Outlook and Outlook Express. :>) Naturally, I clicked on those links right-away and installed me some updates (not).

However, in all honesty, I was surprised at the level of effort that the sender went through in making this phishing e-mail look more "authentic". For example:

•§ First, the message itself is formatted to look like a Tech Bulletin from Microsoft.

•§ There are links within the e-mail that link off to valid addresses on the Microsoft site.

•§ Lastly, the sender took care in crafting the update (phishing) URL such that it almost appears to be going to update.microsoft.com and has a valid query path for the update.

In other words, at first glance, the e-mail looks valid. And, thanks to the sender's efforts within the social engineering arena, I'm sure that the number of people falling for this e-mail is much higher than the normally lame phishing e-mails that are sent out. Thus, unless the e-mail was blocked by some kind of inbound gatekeeper, it's up to the receiver to determine how to handle this e-mail: delete it or fall into trap.

In other words, for organizations and even consumers, the best defense in this case is awareness, training, knowledge, etc. and not some fancy security software. Ah... if only all solutions were so simple.

Our Comment: Make sure that when you do updates that you go to the site not click on a link from an email.

Original Article

Posted by Nancy Pursley in Virus & AntiVirus News at 11:13

I've received several phishing e-mails that look surprisingly authentic and professional.

I do not know about you, but for the past couple of days my inbox has received several e-mails claiming to be from Microsoft while touting links to updates for Microsoft Outlook and Outlook Express. :>) Naturally, I clicked on those links right-away and installed me some updates (not).

However, in all honesty, I was surprised at the level of effort that the sender went through in making this phishing e-mail look more "authentic". For example:

•§ First, the message itself is formatted to look like a Tech Bulletin from Microsoft.

•§ There are links within the e-mail that link off to valid addresses on the Microsoft site.

•§ Lastly, the sender took care in crafting the update (phishing) URL such that it almost appears to be going to update.microsoft.com and has a valid query path for the update.

In other words, at first glance, the e-mail looks valid. And, thanks to the sender's efforts within the social engineering arena, I'm sure that the number of people falling for this e-mail is much higher than the normally lame phishing e-mails that are sent out. Thus, unless the e-mail was blocked by some kind of inbound gatekeeper, it's up to the receiver to determine how to handle this e-mail: delete it or fall into trap.

In other words, for organizations and even consumers, the best defense in this case is awareness, training, knowledge, etc. and not some fancy security software. Ah... if only all solutions were so simple.

Our Comment: Make sure that when you do updates that you go to the site not click on a link from an email.

Original Article

Posted by Nancy Pursley in Virus & AntiVirus News at 11:13