American security experts are warning that ‘Phishers’ – people who send emails designed to lure someone towards a ‘poisoned’ website which can damage your computer’s security – are taking advantage of the concerns about the global financial crisis. The effect could be compromise of a computer with software that would allow them to steal your financial data and to install malicious software. Although it’s currently reported as an American phenomenon, it could spread to UK users once the idea becomes popular amongst the hacking community.

America’s Federal Trade Commission has urged Internet users to be on guard against e-mails that look as if they come from a financial institution that recently acquired a consumer’s bank, savings and loan, or¬† mortgage. These messages may be from ‘Phishers’ looking to obtain personal information – account numbers, passwords, Social Security numbers – to run up bills or commit other crimes in a consumer’s name. With the rapid nature of the merger and acquisition activity in the financial sector that happened over
the last few weeks and the lack of communication between financial institutions and their customers, Phishers and hackers have an ideal opportunity to prey on uninformed banking customers.

Scammers also are using targeted techniques, addressing recipients by name and including other details that can increase the apparent authenticity of the Phishing mail. More than 20,000 fraudulent Phishing websites were established in the first half of 2008, almost trebling (up 180 per cent) the figure from 1H07, according to the latest figures from UK banking association APACS. On-line banking losses came in at £21.4m for the first six months of 2008, a big increase from £7.5m last year, which APACS blames largely on Phishing and spyware-related scams.

It’s recommended that you don’t open attachments in e-mails that you weren’t expecting, even if they appear to come from an institution you know. Banks will never ask for any personal information via e-mail and they
won’t ask customers to install anything on their computers. Some email programs – for example Microsoft’s ‘Outlook’ product – have ‘junk’ filtering and a message placed in the Outlook ‘Junk’ folder will be expanded to show whether any links to websites in an email are what they say they are. Typically, in a Phishing email, the link description shown on the email is quite different from the actual link you would be sent to if
you clicked on it and this is made obvious when a message is in the Junk Filter folder or is dragged there by you as a precaution.

Google has released a new Windows web browser called ‘Chrome’ but on its first day as a Beta release, a security researcher has already discovered a ‘carpet-bombing’ vulnerability that could expose Windows users of the new browser to serious security attacks. This is the same vulnerability that was originally discovered in Apple‚Äôs Safari browser four months ago.
Read the rest of this entry »

Mozilla plans to release a security update for its Firefox browser next week which will repair a long-standing security flaw in the software. This will take Firefox to version 2.0.0.10. The update is being tested now and should be released to the public next week.

The issue was first reported last February, but it gained widespread attention earlier this month when researcher Petko Petkov pointed out on his blog that the flaw could be used to launch a cross-site scripting attack against the Firefox browser. The flaw has to do with the fact that Firefox does not properly check files that are compressed using the .jar
(Java Archive) format. Attackers could sneak malicious code into the Jar-compressed documents, which would then be run by the victim. This attack could be launched against Google users, giving them access to victims’ Gmail accounts, Google searches and other sensitive data stored on the Google Web site.

All recent versions of Firefox 2.0.0.x will detect the availability of the update when it is released and offer to install it automatically.

A researcher has warned that thousands of PC users have been duped into surrendering sensitive information and installing malicious software after falling victim to a complex scam that continues to plague well-known websites.
Read the rest of this entry »

Sophos has reported a flood of Spam emails containing a doctored PDF file with a Trojan payload. It is aimed at exploiting unpatched Adobe Reader
systems. If successful this will allow your machine to be compromised and possibly taken over for malicious purposes.
Read the rest of this entry »