Like something right out of George Orwell’s 1984, it turns out that Big Brother, or Big Hacker in this case, may in fact be watching you—through your television. Recent research shows that Smart TVs are just as vulnerable to a hacking attack as your home computer. After months of research and working with Smart TV Read more…
Using your mobile’s built-in global positioning system (GPS) functionality allows location-based services (or geo-location) to locate and publish information about your whereabouts. Applications like Foursquare, Facebook and Yelp allow you to “check in” at places using your mobile phone, and then share your location with friends or on social networks. The application knows where you Read more…
It may sound strange, but one surefire sign that the economy is on the mend is an increase in stock spam. Yes, stock spam is a bellwether signal of an economic revival and if you want proof, check your email. Scattered in your bulk folder, you may find a myriad of such spam promising you ‘an opportunity of a life time.’ Rearing its ugly head every time there is a hint of an economic recovery, stock spam never misses an opportunity to try and con victims out of their hard-earned cash.
Over the years, stock spam has evolved, honing its method of psychologically hustling a victim into buying a particular stock that will ‘imminently’ be pumped up by some sort of syndicate. Stock spam creates an unwarranted urgency and promises a pot of gold at the end of it all.
Stock spam relies on a strategy called ‘pump and dump,’ where spammers create pseudo hysteria, beckoning victims to invest in penny or sub-penny stocks that would give astronomical returns overnight. It takes full advantage of a widespread human trait, greed.
After millions of these spam emails are dispersed, the stock in focus suddenly increases in value and then falls drastically, leaving investors stranded. Stocks are then dumped after creating hysteria and subsequently bought back at a lower price, which means more profit for the manipulators rather than those invested who are trapped at higher levels.
From a spam perspective, the modus operandi has been constant – create hype, make a profit, then disappear into oblivion! This is done systematically, keeping the sociopolitical situation in mind.
The subject lines used are altered and recycled with a few cosmetic alterations in order to evade spam filters. The following are some sample subject lines used in stock spam:
The email body contains some brief information on the targeted stock and its trading ticker ID (which is usually obfuscated).
Figure. Sample stock spam email
So, what’s the best practice here?
The next time you see unsolicited emails cluttering your mailboxes, make sure that you don’t fall for this type of scam. Remember, if something sounds too good to be true, it usually is!
Symantec advises users to update their antispam signatures regularly. We are closely monitoring these spam campaigns and will continue monitoring this trend to keep our readers updated.
To the pilot who knows no storm! Thanks Samir.
8 月 4 日、Freedom Hosting(Tor ネットワークを介して匿名ホスティングサービスを提供するサービスプロバイダ)が運用する Web サイトで、不正なスクリプトのホスティングが見つかりました。これは、Freedom Hosting の代表と見られる人物の引き渡しを米国当局が要請したことに関する、8 月 3 日のメディアレポートに続くものです。
見つかったスクリプトは、Firefox の脆弱性を悪用します(この脆弱性はすでに Firefox 22 と Firefox ESR 17.0.7 で修正済みです)。この脆弱性が選ばれた理由は、Tor Browser Bundle(TBB)が Firefox ESR-17 をベースにしているためと思われます。シマンテックでは、これらのスクリプトを Trojan.Malscript!html として検出しています。
図: 攻撃のプロセス
攻撃者は侵入に成功すると、当該コンピュータからネットワークカードの固有 MAC アドレスとローカルホスト名を取得し、そのデータを IP 65.222.202.54 に返送します。返送されるデータの例を以下に示します。Host はローカルコンピュータ名を表し、Cookie ID は実際には MAC アドレスを表しています。
GET /05cea4de-951d-4037-bf8f-f69055b279bb HTTP/1.1
Host: PXE306141
Cookie: ID=0019B909D908
Connection: keep-alive
Accept: */*
Accept-Encoding: gzip
また、Web サイトを訪れた後に、システム上に独特な Cookie も残されます。攻撃者は固有 MAC アドレス、ローカルコンピュータ名と Cookie を使って、攻撃対象のシステムを特定します。これらの手法が法執行によって使われたならば、ネットワークカードの購入者を追跡してシステムを特定することが可能でしょう。誰がこれを行っているのかとその理由については様々な憶測が飛び交っていますが、現時点ではまだ何も確認されていません。
Tor ネットワークは個人のプライバシーを尊重し、ユーザーの場所や利用状況をトラフィック分析やネットワーク監視から隠すように設計されていますが、この攻撃手法によって、Tor ネットワークの利用者を特定できることが明らかになりました。
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。
Since summer vacation is coming to an end, I am bracing myself for all the new things my two girls will be doing, plus the new activities and connections us parents add to our crazy lives these days. As we pick out first day dresses and get our pencils sharpened, this is the perfect time for Read more…
Some days it feels like the whole world is going mobile. We tweet, we text, we browse the world from small devices that fit into our hands. People from across the globe can reach out to each other with one message. You can buy a plane ticket while on the bus. There are apps that Read more…
Anonymity affords a precarious, irresistible power to teens online. Ask.fm is one app that’s exploding in popularity by allowing users to ask and answer questions to one another anonymously. While Ask.fm is used by many teens as a digital playground to flirt and just have fun (and confess crushes), the lack of a name or Read more…
Expect more Android security issues in 2013 due to increase in malware, low use of protection
Millions of users access Social Networks every day in order to share, engage, and look for information as well as entertainment. The transparency of social networks come with a risk and we are very often expose ourselves to hackers and scammers that can take advantage of information we share. Social platforms constantly improve security and […]
On August 4, websites hosted by Freedom Hosting, a service provider that offers anonymous hosting through the Tor network, began to host malicious scripts. This follows media reports from August 3 about US authorities seeking the extradition of the man…