Football star David Beckham is the latest victim of a worrying scam by online fraudsters using the popular social networking phenomenon, Twitter, as a vehicle for spam advertising.
According to Candid Wueest, senior threat researcher at Symantec, the fraudsters create a fake Twitter account, often in the name of a celebrity, and then attempt to become followers of legitimate Twitter account holders.
“In this case, the false David – an online Chinese retailer – followed over a thousand accounts with a single common link – the account name contains the word ‘candid’.
“The credibility of the fake account is bolstered by other fraudulent accounts linking back to it and by cross-following legitimate Twitter accounts, which have been hacked,” he says.
Wueest confirms that this type of malicious activity is fast becoming common practice and adds that the rogue tweets often include short links pointing to infected websites.
“This proves that spammers are keeping abreast of new technologies. Twitter users are advised to carefully check out the details of all prospective followers and never to respond to ‘suspicious’ direct messages,” he says.
Peter G Rae
But while it seems that David Beckham is increasingly likely to miss the World Cup due to injury, the cybercrime underworld are certain to be gathering their cohorts to spam and scam the unwary out of their hard earned cash. This is not anything new of course; cybercriminals regularly hide behind major news events like disasters and sporting events to spread their malicious activities. Whether it be phishing, spam, malicious downloads, poisoned searches, or anything else, they are trying to get hold of one thing – money!
Symantec recently launched a new website – www.2010netthreat.com – which will host up-to-date data and information specific to security threats and scams around the world cup in South Africa. Now we’ve developed a new video in the popular series ‘Symantec Guide to Scary Internet Stuff’ called Net Threats which seeks to educate users to the potential scams and threats cybercriminals use to hide behind major sporting events like the world cup. Please take a look and tell us what you think?
The weather may still be cold in London, but San Francisco has been hot this week, especially for the security industry. The USA RSA Conference is one of the premier security events, educating and connecting security professionals from around the world.
Symantec’s CEO Enrique Salem took the stage earlier in the week as one of the keynote speakers.
He discussed the information economy, and how this decade will change the way we think about it. The two major trends Enrique thinks will change the information economy significantly are the adoption of cloud computing and the explosion of digital devices. Along with the rise of social media, these trends make a trio that are linked and will accelerate the need for an information-centric approach to security.
All three rely on trust, and that trust requires security, privacy and compliance measures in place so that information can be accessible by the right people, on any device and from any place in order for the information economy to reach its full potential.
I found this really interesting. Enrique said that security is not only about putting up higher walls around information or locking down devices, it is about delivering solutions that provide trust and confidence. And he also spoke about how it is an opportunity for the security industry to enable, nurture and navigate through this future of the information economy.
It would be great to know what you are you doing in your organisation to securely allow information to flow freely between the right people. What has changed over the past five years and what predictions do you have for the next five?
As the country gears up to the impending General Election the question of what role social media will play in targeting the increasingly web savvy population is growing in importance. Of course this isn’t a war that will be fought and won solely online, but there is no denying that with projects such as WebCameron and the Labour YouTube channel the battle lines are being drawn both on and offline.
The victory of President Obama was credited in part to his presence on and use of social media tools such as Twitter, and although as David Worsfold points out, it will have an impact on the UK campaigns, it is unlikely to play a pivotal role.
Using social media for any campaign throws up a host of potential security issues as we covered in our Security Response blog back in September. Of course, many users will be well versed in social media and know to only click on links from trusted sources but there is likely to be an influx of new users who trial social media on the back of these high profile campaigns.
Cyber criminals are getting increasingly savvy and are able sometimes able to infiltrate official streams in order to trick users into clicking on malicious links. It is vital that both veteran social media users and newbies understand the risks as well as the benefits in order to get the most out of web in what is set to be one of the hardest fought elections in recent times.
It is certainly powerful stuff to see on national TV the perpetrator of a diabolical scam running in terror when confronted by a BBC camera crew – http://news.bbc.co.uk/1/hi/uk/8517243.stm after they traced him to Spain.
Allegedly, according to the BBC, this ‘gentleman’ was involved in yet another of the numerous scams and hoaxes trying to get well intentioned people to give their hard earned money to what they think it a worthy charity – in this case to support the needy in Haiti following the disastrous earthquake last month – but actually it is going to criminals.
But as we have warned repeatedly, this sort of scam is all too common. Whether it be the death of a well-known celebrity, like Michael Jackson last year; or rumours of the death or injury of a star like Johnny Depp earlier this year; or indeed the outpouring of support when the poorest in the world suffer disasters like in Haiti; criminals are all to quick to capitalise and scam or con the unwary.
Indeed just this week, in the latest Symantec Spam and Phishing Report, we highlighted that spammers were using the Haiti disaster to scam people within 24hours of the news breaking. They started with ’419 type spam’, asking users to donate money to a charity. When users send their donation, the money disappears into an offshore bank account.
Then we saw spammers taking advantage of this tragedy to deliver malware. They sent out links to apparent video footage regarding the tragedy to lure people in, but when the user clicks on the link to view the video, a Trojan is downloaded instead.
- Avoid clicking on suspicious links in email or instant messages as these may be links to spoofed, or fake, Web sites.
- Never fill out forms in messages that ask for personal or financial information or passwords. A reputable charitable organization is unlikely to ask for your personal details via email. When in doubt, contact the organization in question via an independent, trusted mechanism, such as a verified telephone number, or a known Inter-net address that you type into a new browser window (do not click or cut and paste from a link in the message).
Symantec’s January State of Spam and Phishing report has highlighted that an astounding 92 percent of adult phishing scams are now taking place on social networking sites. The report has also highlighted a new trend in adult oriented phishing which tempts users to enter personal credentials in return for free pornography. Once the site has this data, users are redirected to a pornographic website that then leads to a fake antivirus website containing malicious code.
The report also showed a high volume of Haiti related spam and phishing in January 2010 as spammers used the tragic event for their benefit. Unsurprisingly, Valentines related spam was also high in January, however it failed to match the levels of seasonal spam seen in the run up to Christmas.
Both scam and phishing categories doubled as in percentage of all spam in January 2010 compared to December 2009. With 419-Nigerian spam – whereby scammers request users host large sums of money while they move country with the promise of substantial returns – becoming more prevalent again. This accounted for 21 percent of all spam, which is the highest level recorded since the inception of this report.
Link to new report – State of Spam and Phishing
If anyone is in any doubt about the power of social media sites I will relay some of the stats which Tim Bradshaw at the Financial Times was sending out this morning on Twitter from a press event with Facebook….
- Facebook has 350 million users globally
- Facebook has 23 million users in the UK alone
- 25 minutes is the average length of time users visit Facebook every day
- 10 million users become fans of brands on Facebook – A DAY
The numbers are vaste and that’s just one social media channel.
Today’s business are increasingly looking to how they can utilise social media channels, and what level of access they provide their increasingly social media aware staff. However, web-based attacks are now the primary vector for malicious activity over the Internet and many of these are increasingly coming via social networks. By hiding behind the reputation and brand trust built by legitimate social networks, spammers are able to distribute an increasing number of malicious and phishing emails, something that recent research by Symantec shows is only set to grow over time. With employees increasingly accessing social networking sites on their business PCs and laptops, any attack via social networking platforms can place company data directly at risk.
So how to best protect yourself?
1. Don’t click on unknown links: Sharing links social sites is a common act but avoid clicking on blind links where the destination website cannot be seen in the url (as is increasingly common with URL-shortening applications such as bit.ly).
2. Don’t share personal information: Avoid including personally identifiable information when communicating online, such as date of birth, postal address and certainly not bank details.
3. Set strong passwords: Simple acts such as developing strong passwords, which you change at least every 45-60 days, can dramatically improve IT security with minimal intrusion on time.
4. Beware fake friends: A common phishing attack that users are seeing occurs when criminals hi-jack social networking accounts and distribute messages to all the contacts in that individual’s contact book.
5. Invest in security software: Don’t cut corners when it comes to anti-virus software and better still use security software which provides multiple layers of defence.
Last year we embarked on producing an occasional series of short video’s looking at common internet threats and issues. So far they have covered: Phishing, Botnets, The Underground Economy and Drive-by Downloads.
We wanted them to be educational and have some humour to better educate people using the web at home and at work about how to protect themselves from common threats and risks. So far the initial 4 video’s have gone down well, being posted on sites like YouTube and Facebook, as well as the Symantec website and even a number of online retailers.
The lastest two video’s in the series have just been finished. They are:
- Symantec Guide to Scary Internet Stuff – No 5 Misleading Applications
- Symantec Guide to Scary Internet Stuff – No 6 Denial of Service Attacks
Please have a look at them, and also the other videos in the series, and if you have any thoughts for new topics we should cover, let me know.
We have detected, yet another variant of the Koobface worm. This variant, detected as W32.Koobface.C, installs the misleading application detected as AntiVirus2008, and is propagating on Twitter. Now, this worm is not new, since it was discovered last year in August 2008, but it has come back again to spread on Twitter.
Symantec’s response analysis and investigation into this attack has confirmed that this new version of Koobface contains functionality to search for users who have Twitter accounts.
If Koobface finds a suitable user (by searching for Twitter cookies), then it will contact a command and control server which will then send down a version of Koobface which contains functionality to log into Twitter and add a tweet to the victim’s account. We also believe that it looks for cookies for other social networking sites. When the user clicks the link, they are redirected to a fake video web site, then asks the user to download a codec to watch the video. This codec is a copy of W32.Koobface.A. and this then downloads the misleading application detected as AntiVirus2008.
So, at the end of the day, the guys that are peddling this attack are trying to see if they can make money on the back of it. What you can do to protect yourself is careful what you click on – we advise Twitter users to avoid clicking URLs on tweets, especially if the tweet advertises a home video. Additionally, arm yourself with strong and updated security software to catch and prevent malware from downloading.
As the world mourns the loss of a musical hero, spammers are jumping on the bandwagon and using it as a tactic to distribute spam. Since his death on June 25, several spam and malware campaigns have taken shape. The spam subject headings used have been as creative and emotive as ever, with the likes of, ‘Jackson is still alive: proof’ and ‘Jackson ordered to close Neverland’, being used. As the media interest surrounding MJ’s life and death continues, we are likely to see plenty more Michael Jackson related spam traffic hitting the web.
Image spam made an unwelcome return last month. Spammers manipulate images by using geo-metric shapes and figures in the background and mutate images to include cartoon visual comparisons of the male anatomy along with the advertised website.
The State of Spam Report also includes the following highlights:
- 4th of July holiday brings fireworks and more spam campaigns
- The origin of spam from different regions
- Mass-mailing worm in fake Twitter account invite
In addition, the July 2009 State of Phishing Report highlights the following trends:
- A 21 percent increase from the previous month in all phishing attacks
- A 9 percent increase in the total number of phishing URLs generated using phishing toolkits. However, when compared against all phishing attacks the proportion of phishing URLs using toolkits actually reduced to 38 percent. This decrease can be partially attributed to a significant increase in the total number of phishing URLs utilising free Web-hosting services.
- More than 143 Web hosting services were used, which accounted for 10 percent of all phishing attacks; a staggering increase of 96 percent from the previous month
- A 21 percent increase in non-English phishing sites
- A new phishing tactic used in an attack targeting the Australian Taxa-tion Office