Recently, we blogged about systems compromised by W32.Virut that were observed downloading W32.Waledac.D (Kelihos). Symantec has followed the Waledac evolution for a number of years and have observed the botnet showing considerable resilience against t…
Interest in Bitcoin—the decentralized digital currency—is definitely growing. But as with anything established, it also sparks the interest of scammers. We have seen a few Trojans stealing Bitcoin wallets over the last few years. Also, Trojans installing Bitcoin miners are not that exotic anymore. A case from last week shows how far interest has grown on the criminal side. Reports have emerged about phishing websites impersonating Mt.Gox, the largest Bitcoin exchange site. Mt.Gox has already fought battles in the past—for example when it was on the receiving end of a distributed denial-of-service (DDoS) attack and also when US authorities temporarily seized part of their money.
Of course, as with the nature of phishing websites, the real site has nothing to do with the fake scam site. The scammers just used the same second-level domain (SLD) name, “mtgox”, but with a different top-level domain (TLD)—for example, using .org, .net, .de, or .co.uk domains. The scam site tried to trick users into downloading and installing malware with the convincing MTGOX_Wallet.exe file name, which Symantec detects as Downloader.Ponik.
Figure 1. Phishing website uses alternate TLD
Figure 2. Phishing website
The phishing websites were even advertised using more than one major online advertising service, for example Microsoft’s advertisement network, in order to reach as many victims as possible. This resulted in the scam ad being displayed on many prominent websites.
The ad enticed users by stating “New Century Gold: BITCOIN Protect your money – Buy Bitcoin”—a clever turn-about since the ad links to a scam site that has everything else in mind except protecting your money.
The fact that the phishing site does not use the common Secure Sockets Layer (SSL) security protocol should have been a clear giveaway for any visitor. As with any financial service, regardless of the currency behind it, people should pay due diligence to ensure they are on a real website when entering information. In this case, the scammers left an additional clue inside the HTML of the phishing website for the curious type: they hide the original site’s guidance to change passwords.
Figure 3. Phisher-altered HTML
Symantec recommends all Mt.Gox users change their passwords and verify accounts. Mt.Gox has started to intensify the verification process of its members, allowing deposits or withdrawals only from verified accounts. They appear to be doing as much as possible to comply with anti-money laundry laws in order avoid the same fate as Liberty Reserve, which was shut down by federal prosecutors in May. Despite Bitcoin being substantially different to Liberty Reserve due to its decentralized peer-to-peer structure, and hence much harder to shut down, it is still good business practice to do as much as possible to ensure secure service.
Symantec has recently launched cloud-based Symantec AdVantage to help prevent ads that lead to malware from ever reaching customers. Website owners that include advertising on their websites should also check out the anti-malvertisement guidelines recommended by the Online Trust Alliance (OTA). The OTA is a non-profit organization with the mission to enhance online trust while promoting innovation and the vitality of the Internet. Symantec is a founding member of the OTA.
Many of you as parents may think, “not much” when asked this question. But in reality, it’s probably a lot more than you think. So it should come as no surprise to anyone that McAfee’s 2013 study, Digital Deception: Exploring the Online Disconnect between Parents and Kids, which examines the online habits and interests of tweens, Read more…
Cybercriminals are adopting complex and powerful techniques to “hack,” or take control of online accounts belonging to other people or organizations. Often, they do this by identifying the passwords belonging to an account user. This used to be a complicated task, but, as The Atlantic notes, discovering passwords today can be as simple as running Read more…
As a parent, one of your top priorities is to ensure the safety and well-being of your children. This includes teaching them to look both ways before crossing the street, eating plenty of vegetables and having a healthy dose of skepticism when approached by strangers on the street – but how well are you doing Read more…
Contributor: Avdhoot Patil
Phishers have continued to focus on social networking sites as a platform for their phishing activities. Symantec is familiar with various phishing campaigns related to social networking. Celebrity promotions, fake applicatio…
Mobile devices are also increasingly being used to manage a critical and important asset for all of us: our money. According to the Federal Reserve Board report “Consumers and Mobile Financial Services 2013,” in the United States “48 percent of smartphone owners have used mobile banking in the past 12 months, up from 42 percent Read more…
Being headquartered in the heart of Silicon Valley, we have the benefit of being embedded in an environment that is home to many burgeoning trends. Over the decades, we’ve seen a tremendous amount of disruptive technology emerge and keep our finger on the pulse of the latest trends. Recently, many of these developments have been Read more…
The Online Trust Alliance (OTA) has news today, June 5. The OTA conducts an annual audit of a range of businesses, government agencies, and vendors. This audit looks at how each organization deals with the key points of importance to the OTA; domain, brand and consumer protection; site, server, and infrastructure security (including SSL certificate implementation); data protection, privacy, and transparency. They look at over 750 websites, including the 2013 Internet Retailer Top 500, leading financial institutions (certified FDIC), social networking sites, and OTA member companies like Symantec. The public can go to the OTA’s website, look at their criteria, and see who the OTA recommends for practicing safe online activity in their Honor Roll.
Inclusion isn’t guaranteed, even for partner Certificate Authorities. Symantec Website Security Solutions works with the OTA and its partner group on whitepapers, educational materials, and symposiums. We believe in the importance of having industry leaders get together to determine common grounds of governance, suggested guidelines, and best practices to share with the whole internet ecosystem. The goal of all these efforts is to make the internet a safer place for the consumer to do business, and be protected at work and play. Consumers can use the OTA Honor Roll the same way they review a company’s certification by the Better Business Bureau, Angie’s List, Consumer Reports, and other independent online reviews to evaluate where to spend their money.
This year, the OTA’s criteria expanded to include more details of website security, including the use of 2048-bit certificates, Domain Locking, and the honoring of Do Not Track. Additionally, they have revised the weighting of email authentication to include best practices such as DMARC and DKIM. And because the OTA believes in practicing what they preach, they include their own membership and sponsor list in the audit. Not everyone makes the grade.
Symantec Website Security Solutions shares the goals and principles of the Online Trust Alliance, an organization promoting industry best practices and education to help protect users and increase online trust. We’re proud to be named on their Honor Roll a third year in a row. We believe this achievement represents our dedication to best practices. Internet security is a constantly changing field, and new criteria will be added every year. Staying ahead of the curve is important, and we encourage everyone to maintain, monitor, and keep planning for the future with the right investments in security and safety for users.
Cybercrime is one of the most lucrative illegal businesses of our time, and it shows no signs of slowing down. Over the last decade, cybercriminals have developed new and increasingly sophisticated ways of capitalizing on the explosion of Internet users, and they face little danger of being caught. Meanwhile, consumers are confronted with greater risks Read more…