Blackhole Exploit Kit Spam Campaigns Disguised as Top Service Brands

Spam campaigns based on the Blackhole Exploit Kit send messages that contain links to compromised legitimate websites, which serve hidden iframes and redirections that exploit vulnerabilities across operating systems–from Android to Windows. Spam themes we have seen vary rapidly and are disguised to appear as legitimate messages from familiar services. Campaigns spoofing Facebook, LinkedIn, American Read more…

Make money fast via torrents

      No Comments on Make money fast via torrents

Several months ago I wrote a blog post about an adware downloader which after execution downloaded a few adware programs and installed them on the computer, giving no chance for the user to skip or bypass their installation. This time, we will analyze an application, which installs similar types of adware programs on user computers. […]

Boston Marathon Bombing Used in Malicious Spam Campaign

Contributor: Christopher Mendes
On the afternoon of April 15, 2013, just when many people were on the cusp of conquering another personal milestone by completing the Boston Marathon, they were hit hard by an act of cowardice. Two bombs struck near…

SHA 256 Support For Symantec Code Signing Certificates is Here

Secure Hash Algorithm 256 (SHA-2 or SHA-256) support on Symantec Code Signing for Individuals and Symantec Code Signing for Organizations is available starting April 1st, 2013 on the following Symantec Code Signing platforms: Microsoft® Authenticod…

The Annual Social Media Clean-Up

My four boys detest cleaning up. The groans, grunts and comments come thick and fast: “No-one else’s mother makes them clean up like you do”. “I’m sure the UN would consider this illegal – it’s forced child labour”. Well, too bad boys – clean-ups are here to stay!! But with school holidays just a few Read more…

Telugu Movie “Brindavanam” Featured in Phishing Attempt

Contributor: Avdhoot Patil

Phishers continue to target Indian movies with phishing scams. The phishing site featuring the movie “Bodyguard” is one example, and this month Symantec observed a phishing attack in which phishers used a song from the Telugu movie “Brindavanam” as bait.

image1.jpg

The phishing site displayed a picture of a musical number from the movie “Brindavanam” starring Telugu actresses Samantha and Kajal Aggarwal in the left side of the phishing page. There is also a plot summary of the movie below the image. The phishing page then encouraged users to enter their login credentials stating that, after logging in, they could watch the video. The pictured musical number from the movie was taken from the legitimate movie website. After login credentials are entered, users are redirected to this legitimate movie website which features the same video. Due to the popularity of this musical number, and the star cast, phishers were probably hoping for a large audience, increasing the number of user credentials they could steal.

The phishers’ redirection to a legitimate Web page is to create the illusion of a valid login for duped users. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes. The phishing site was hosted on server based in Montreal, Canada.

Users are advised to adhere to the following best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages
  • Do not provide any personal information when answering an email
  • Do not enter personal information in a pop-up page or screen
  • Ensure the website is encrypted with an SSL certificate by looking for the padlock, “https”, or the green address bar when entering personal or financial information
  • Update your security software frequently (such as Norton Internet Security which protects you from online phishing)

Phishers Spoof Bank’s Security Guidance Web Page

Contributor: Sandeep Ingale
When it comes to financial organizations, being informed about best security practices is every customer’s right. Many organizations provide this information on their websites to help their customers learn how to take …

5 Signs You Are About to be Scammed

      No Comments on 5 Signs You Are About to be Scammed

Smart people are scammed every day because they think it can’t happen to them or they just aren’t aware of the scams. And the scammers have gotten very good at disguising their scams, so it’s often hard to recognize them. Scamming generally involves a form of social engineering. Social engineering is the act of manipulating Read more…

2013 ISTR Shows Changing Cybercriminal Tactics

The Symantec Internet Security Threat Report (ISTR) 2013 reveals how the threat landscape is evolving, compiling information from more than 69 million attack sensors in 157 countries around the world. This year’s report shows more targeted attack…

Four Types of Parents

      No Comments on Four Types of Parents

When Online Safety Expert Taylor Tompkins and I speak with parents about how to keep their kids safe online we encounter these four types of parents.  Which one are you? Type 1:  Hopeless hapless OMFG we are doomed!!!!! Defining traits: Overrun, intimidated “My kid has found out how to stream illegal movies from our home Read more…