avast! Mobile Security came out on top from a pool of thirty mobile security products for Android in AV-TEST’s product reviews and certifications. Protection The testers threw over 2,500 malicious apps, including viruses, worms, and Trojan horses, at each product. avast! Mobile Security earned a score of 100 percent in detection, above the industry standard […]
On June 20, Anonymous will launch the #OpPetrol campaign. It was announced on May 11, shortly after the campaign called #OpUSA began.
These types of attacks are often similar, as we have seen in previous operations, and may include:
There are various ways attackers may target these organizations, including using tools like the LOIC (Low Orbit Ion Cannon) or phishing emails to trick recipients into revealing account login details.
Symantec advises organizations to be prepared for attacks in the coming days.
Organizations should monitor for unusual activities in their networks, particularly any attempts to breach the perimeters. Staff members should be specifically trained on social engineering mitigation tactics along with regular security awareness training. As always, we continue to stress the importance implementing a multi-layered approach to defense.
These recommendations apply to all organizations as best practices that should be carried out regularly as most attackers do not provide warnings in advance to targets.
James Bond is known for having it all: fast cars, the latest spy gizmo, and the smug smirk which lets the audience know that he’ll always come out on top in the end. Web developers can, at times, be a lot like Bond: they can buy fast cars and, thanks to their respective industries, take Read more…
When devices are lost or hacked and your data is exposed, not only is this a pain to deal with, but you could become a victim of identity theft. Not only do victims of identity theft suffer loss of time but they also lose money that may not be able to be recovered . In Read more…
The Hashtag system, created by Chris Messina in 2007, became Twitter’s trademark. The other social networks, notably Instagram, Google+, and Tumbr followed Twitter’s “Hashtag policy”; however it was still not available on Facebook, until now! Finally, users of the biggest social platform can follow and create conversations across the world, by adding a simple Hashtag […]
JustSystems, developer of the Japanese word processor software called Ichitaro, recently announced a vulnerability (CVE-2013-3644) that has been exploited in the wild. Symantec has seen the exploitation being used in targeted attacks since May, but it…
The title of this blog post may make you think that we will discuss the security of your Facebook account. Not this time. However, I will analyze an attack which starts with a suspicious email sent to the victim’s email account. The incoming email has the following subject, ‘Hey <name> your Facebook account has been […]
For sports fans, the most exciting time of the year is the post season. It is when the underdogs have a chance to topple the better teams in the league, or last year’s champions are trying to win it again. Depending on the sport, these events can draw a lot of viewers, whether it is a single event or a seven game series. So, its no surprise there are sites that claim to offer fans the ability to watch these events online.
Right now, we are in the midst of the NBA finals pitting some of the finest players in the league against each other in their quest to win it all. The series was just tied 2-2 before Game 5 on Sunday. On that day, some Facebook users may have seen pages offering a free live stream of the game.
Figure 1. Free live NBA Finals stream posted on Facebook
Facebook users may also see posts about NBA Finals live streams linking to a page hosted on Tumblr.
Figure 2. Free live NBA Finals stream page on Tumblr
When a user selects “YES I AGREE” on the Tumblr page they are redirected back to Facebook and asked to install an NBAFinals Facebook application.
Figure 3. Scam NBAFinals Facebook app, permissions request
This Facebook application requests access to your profile, friends list, and email address. If a user grants permission, the application will request more permissions.
Figure 4. Scam NBAFinals Facebook app requests additional permissions
In addition to posting to your friends on your behalf, the scam Facebook application requests more permissions that do not make any sense for an application to have in order to enjoy free live streaming, such as access to manage your Facebook pages.
Even worse, after the application installs, users are redirected to another Tumblr site and asked to spread the scam on Facebook before proceeding.
Figure 5. Scam NBA Finals site asks users to share on Facebook
Figure 6. NBA Finals scam spreads on Facebook
For the user, after all this, there is no live stream presented. Instead, users will see a video player that doesn’t work. Clicks on the video player redirects users to a plugin install page that earns the scammers money through affiliate links.
Figure 7. NBA Finals scam page contains no live stream
There are some references in the final page to other sites that claim to offer live streams of the game. These pages are not official however, and these types of streaming sites are prohibited.
For the scammers, getting the user to install their Facebook application keeps the scam going because the application posts messages to your timeline on your behalf.
Figure 8. Scam NBAFinals app timeline post on Facebook
In cooperation with Symantec, Tumblr has removed the sites associated with this scam and we have reported the application to Facebook.
Users should be aware which applications they install on Facebook, especially when looking for special features or access to websites that offer live sport streams. If it seems suspicious, most likely it is.
Hospitality is the friendly bonding between the guest and host, especially efforts to make the guest feel comfortable. Spammers exploit hospitality events, and the bond between guest and host, with fake promotional offers. We are currently observing an increase in spam messages which exploit hospitality offered by major events, festivals, and concerts. The spam messages invite users to watch the events at entertaining venues happening in different places. Hospitality spam tries to entice users with bogus offers such as the following:
Figure 1. British Grand Prix hospitality spam
Figure 2. Ashes Series hospitality spam
A variety of subject lines have been observed in the hospitality spam attacks, such as the following:
The “From” address associated with these hospitality spam emails include the following:
The main motive of these spam campaigns is to lure recipients by providing fake promotional offers and asking users to reply with questions about the event to the spam domain which is only registered for a year and hosted in the United Kingdom.
Symantec advises our readers to use caution when receiving unsolicited or unexpected emails. We are closely monitoring these spam attacks to ensure that users are kept up to date with information on the latest threats.
Kids call them “selfies” while parents (likely) call them “image overkill.” A “selfie” is simply a photo that teens (mostly girls) take of themselves while holding the mobile camera at arms length. They often come in floods online—sometimes dozens a day depending on a teen’s exuberance. Posting photos is nothing new, however, selfies are exploding Read more…