A triple-payload e-mail attack that uses a fake shipping confirmation notice with a supposed attached label is making the rounds.A write-up from the company describes a social engineering ruse designed to nail someone who wasn’t paying close attention, with a .zip file attachment that contains an executable disguised with an Excel file icon. The text of the e-mail tells the recipient to open the attachment to print a shipping label (one big clue that this is a scam).
The Default Windows behavior to show file extensions can help thwart the common trick of using a fake document icon to disguise an executable file, assuming that the attached file made it through your anti-spam and antivirus programs. You’d have the chance to see that the supposed Excel file ended in .exe.
In XP, as Brandt describes, change that by opening Explorer, clicking Tools up top, and then unchecking “Hide extensions for known file types.” In Vista, start with Organize, then choose Folder and Search options. For either Vista or XP, be sure to click the “Apply to Folders” button to apply the change to all folder, not just the one you’re looking at.
[click to continue…]
A new, unique type of phishing attack targeted against online banking customers was recently discovered by the RSA FraudAction Research Lab. RSA has coined this as a “Chat-in-the-Middle” phishing attack and it is first executed through routine means but then presents a more advanced layer of perpetrating online fraud. The phishing attack may dupe bank customers into entering their usernames and passwords into an ordinary phishing site but the addition of a bogus live chat support window can obtain even more credentials via a live chat session initiated by fraudsters.
During the live chat session, the fraudster behind the attack presents himself as a representative of the bank’s fraud department and attempts to dupe customers who are online into divulging sensitive information – such as answers to secret questions that are used for online customer authentication. This attack is currently targeting a single U.S.-based financial institution.
Upon detecting the attack RSA immediately informed the affected financial institution and commenced a standard phishing attack shut-down procedure through the RSA Anti-Fraud Command Center and its RSA FraudAction service. (RSA cannot identify this bank in order to protect its security and privacy.) The attack is hosted on a well-known fast flux network for “hire” from fraudster to fraudster, which hosts a wealth of malicious websites such as phishing attacks, Trojans infection points, mule recruitment websites, and more.
[click to continue…]
Facebook comes voice chat. Sometime in the next few weeks, the social network’s tens of millions of users will begin to be able to have high-quality voice conversations, even as its third-party developers are able to start including voice in their applications. The new technology is not being offered by Facebook itself, however. Instead, it’s from Vivox, a Boston-based company that provides the integrated voice service for virtual worlds like Second Life and EVE Online, and which already has more than 15 million users worldwide. The service, which is currently in closed beta, will allow Facebook users to have high-fidelity conversations with anyone on their friends list. Each user, however, will have to download Vivox’s plug-in. But once installed, the service works almost seamlessly with Facebook, and is intended for everything from one-to-one chat to large group discussions.
Further, even non-Facebook users will be able to participate, as Vivox plans to offer free dial-in numbers that will allow anyone to call into an existing conversation, much as is possible today with call-in phone conferences.
Perhaps more importantly, according to Vivox co-founder Monty Sharma, the company is making its technology available to any third-party Facebook application developer, meaning that almost any app, from games to utilities, can have a voice component.
[click to continue…]
The world’s biggest social networking site has launched a slimmed-down version for people with slow or poor internet connections.
Facebook has said the Lite site will be faster and simpler because it offers fewer services than the main site.
Initially it is meant to support users in developing countries and where bandwidth constraints make the current version too slow to use. At the moment it is only available in India and the US.
The company said around 70% of its more than 250 million users were from outside America. Countries in Southeast Asia and Europe are seeing a massive increase in growth where fast internet connections are more common.
News that Facebook was testing the Lite site was first leaked in August.
The options on Facebook Lite are limited to letting users write on their wall, post photos and videos, view events and browse other people’s profiles. There are no apps or special boxes.
“It appears, at a quick glance, to be a better site for Facebook newbies or for anyone who finds the current site overwhelming and noisy,” said Rafe Needleman at technology website Cnet.”The new layout feels almost Twitter-like.” Terence O’Brien at Switched.com gave the slimmed-down version of what he called “ol’ blue” the thumbs-up because it “strips away distractions”.
[click to continue…]
