Christmas Bo(g)us

Well, it didn’t take long for the Christmas E-Card scams to start. Recently we have seen email messages pretending to be from Hallmark, suggesting that you have received an E-card from a friend. The complete email message looks like this:You have recieved a Hallmark E-Card from your friend.To see it, check the link below:’s something …

Christmas Bo(g)us Read More »

Dangerous web searches

Don’t go there. There are a lot of rogue downloaders hiding in those links. Yahoo CEO Carol Bartz, speaking at the UBS Media and Communications Conference in New York, said the Tiger Woods sex scandal was a better traffic generator than the death of Michael Jackson, according to the ZDNet blog.

Naked elves distract nerds

What’s the best way to distract an online gamer while you drop some undesirable files onto their system? We saw what’s probably a pretty effective method today in Troj/Lneage-A. This particular Trojan leaves the user viewing a slideshow of topless elves while it drops a file designed to steal their gaming info. Given that the …

Naked elves distract nerds Read More »

Security hole in Adobe Reader and Acrobat

Adobe is currently investigating a new security hole in Reader and Acrobat. Cybercriminals are currently spamming emails with prepared documents which lead to an infection of the computer with malware. The PDF document abuses a buffer overflow in a new place within the Adobe programs. There is a JavaScript object included in the PDF which …

Security hole in Adobe Reader and Acrobat Read More »

SecurityTool rogue is trying to be a moving target

The SecurityTool rogue security product, which first turned up early in October, is still active and trying to avoid countermeasures by setting up 12-24 download sites per day. It comes in two flavors online scanner scam: and fake codec scam: For more information Click Here.

Beware of fake Microsoft updates coming through email

Email is still the most common method used for security update notifications from all major vendors, but it is also the most commonly used trigger for launching the chain of infection attacks by malware writers. When I came to work today I found in my Inbox a message from Microsoft with the Security Bulletin Advance …

Beware of fake Microsoft updates coming through email Read More »

New social engineering technique: use Microsoft support to sell rogues

Sunbelt analyst Adam Thomas came across this ugly new social engineering technique when he analyzed the DefenceLab rogue security product. It does the usual scare-ware stuff: a fake scan and fake “Windows Security Center” alert: Then it directs the potential victim to a Microsoft Support page, but injects html code into the page in his …

New social engineering technique: use Microsoft support to sell rogues Read More »