Web Security Review

For readers with a MySpace or Facebook account, please be vigilant and careful when accepting apps or widgets from your friends; they main contain Trojan viruses that steal information from your site and then send it all back to the one who created it. They usually do this by sending Trojans through apps or widgets that your friends sent you. According to researchers at Finjan, cyberattackers are now going to these social networking sites such to get more victims.

“Attacks will become more sophisticated by combining several services in order to heighten infection ratios and decrease the detection rate, while providing more robust and scalable attack frameworks,” Yuval Ben-Itzhak, chief technology officer, Finjan, said in a news release. “The focus will be on trojan technology as it enables maximum flexibility in terms of command and control. This adds another potentially malicious element to the “legitimate” web traffic that needs to be examined by security solutions.”

In short, before installing the app or widget that your friend sent you, confirm if it came from them. If it didn’t, kindly delete it immediately. If it did come from them, research on the app or widget from previous users.

Source

Scareware, or a form of malware that tricks customers with bogus messages that leads users to sites that install fake security software for a fee. These tactics have long been used by hackers to get hard earned cash from people’s pockets for nothing. The software you install in turn asks you to get more and more software till you finally get it that the whole thing was a sham, with your cash long gone and the errors they were reporting. Many of these sites have been targeted by law enforcement in the past few years but there are still some persistent ones that manage to survive the best efforts of law enforcement agents. Continue Reading »

A long standing botnet was closed with it’s manager arrested and subsequently charged with cyber-crimes leaving him to deal with a 5 year sentence of which he is to serve 2 in jail and the rest on conditional release. He will be allowed out on the conditions he would have limited access to computers and the internet, seemingly to follow the movie “Hackers”. This victory comes after a hosting firm based in California was ordered shut by the FTC and FBI after it was proven to have hosted malware spreading sites and spamming botnets. He even when as far as selling the services of his botnet, using “bots4sale” as a catch phrase to people he knew were going to use it for spamming of close to half a million computers the world over. Continue Reading »

Image source: www.blog.webreakstuff.com
This is an alarming news, everyone. We all know about Youtube, right? Well, it’s dangerous as MySpace, FaceBook, or any online community now. Given that Youtube also allows “pg 13” stuffs, but that’s not the danger we’re talking about. That’s right. Some of the pages in Youtube have links that opens malicious machines into your computer. These machines have the ability to save your computer’s keystrokes, copies data, or even control your computer for another hacking scheme. Some people can separate the real and the fraud just by looking in the URL in the status bar, but it is much safer if you just search it in youtube itself. You know why? Some hackers make their preys open these links by making them their friends first. They just did this just because this is the time of election in the US, and youtube-users provide videos about the election, or their insight.

by mheo soriano

What to do if you get “phished”

If you think that you may have fallen prey to the methods mentioned above and might have spilled important information about your organization, the wisest thing to do is to report right people within the organization, people in charge and the network administrators also. By doing this, your bosses may be aware of the “spying” being done in the company so that they can come up with a solution to counter it.

And if you suspect that your financial accounts are in danger, immediately contact your financial institution to close the accounts you think you may have leaked information about. Watch out for any suspicious changes or transaction involving that account.

Immediately contact the police and inform them about the incident

by mheo soriano

Be Careful on the sites you browse, some contain self installing programs designed to get information from you such as account numbers and passwords

Never send sensitive information in the Internet before checking a web site’s security policy. Also be sure to check the URL of the website as some websites are designed to appear to be the real sites.

You can confirm if the email request is legitimate, by contacting the company directly for verification. Of course don’t use the one provided in the email.
Always keep an anti-virus installed and maintain your computer system’s firewalls and email filters to lower chances of getting infected.

To be continued…

by mheo soriano

Be cautious of the people who contact or attempt to contact you.

You may never know, today’s advanced technology can also be used as instruments of deception.

Never entertain unsolicited phone instant messages, email messages or any other type of communication from unknown individuals/parties asking for information especially private and undisclosed ones. Some may even request information about your company so unless you are certain about the person’s authority, never supply the information.
Some people would try to “fish” for financial information using the email, never respond to these especially email solicitations for this information. Beware of the links and documents attached with the message following links sent in email.

To be continued…

by mheo soriano

What is a phishing attack?

Phishing is done by people who desire to obtain information, be it personal or most oftentimes financial to be used for their own motives. People who perform phishing attacks usually make use of email or web sites. They may send emails from a reputable institution such as bank accounts asking for information. And when the recipient of the message responds with the requested information, they will be able to use it to access to the accounts.

This leads to several net crimes, they can invade your accounts to extract personal information, pretend that you are them or even steal money from your bank account.

Thousands of cases like these were reported in the past years. So it would be wise to be cautious in who we spill our private information.

To be continued…