Category Archives: Aladdin

Social networking strikes again

Posted on by
Reply

A lot of write-ups have been covering this, so here are a few from InformationWeek, Dancho, SCMagazine and McAfee.

Besides saying the ever satisfying “told you so”, nothing much to add here. More bogus profiles enticing users to connect to them, look at the content, and catch the same old nastiness – only packaged in another format. Just remember that social networks, just like in real life, can be a great playground for eCriminals – this is just the tip of the iceberg. What would have happened if you were to see the profile of a person you actually know on LinkedIn (or any other network for that matter), and click on a link from it that is actually malicious? That would be much more effective, and not that far-fetched wouldn’t it?

Who owns your online identity? Facebook squatters on the rise

Posted on by
Reply

I have just read a couple of excellent posts (on SquaredPeg, and InsideFacebook) that talk about something I have been preaching for a while – your online identity and how easily it can be manipulated (or falsely created). The posts talk about Facebook groups and accounts that have been created for the class of 2013 for quite a few colleges in the US. While in fact none appeared to be legitimately affiliated with the incoming class at any of the colleges

Motive? In this incident, it’s mostly marketing – getting ahead start on the right audience can go a long way nowadays.

This is not the last of it. In what may have been the first more publicly exposed online identity “squatting” (remember the domain name cyber squatters of the 90s…) I do expect a lot more to come on that front. So , if you haven’t got a Facebook/LinkedIn/MySpace/ Bebo account yet,  you probably want to make sure you get one soon enough. You’d never know who may be creating an online persona of yourself now. The implications are grave; just thinking of what kind of damage someone could do if he was to create an account for me, connect to my friends and business partners, and start communicating on my behalf is mind-boggling.

So don’t just be safe out there. Be out there!, that is to say, knowing what’s out there under your name is the first step in protecting your online identity.

Update (12/24/08): As noted to me by my colleague Andrew Lindell, this is also true for your real identity as it is manifested online in other means. For example – online banking, bill payments, and online credit card management. If you do not have an account for these – get one now! It’s overly simple to obtain a bank statement or a bill, and use it to set up online banking on your behalf. Even if you don’t plan to use online banking – get an account, put a decent passowrd on it and tuck it away. That way you can be sure that noone can create that account for you using some old banking statement!

Christmas shopping online – make sure you get what you PAY for

Posted on by
Reply

In the line of our ongoing “education”, we all know by now that eCrime is no longer lurking right there waiting for victims to come knocking, but is rather working vigilantly to ensure that whatever picks up the most interest online at any given moment is being used to boost the profitability of eCrime.

Having said that, starting to look for online shopping sites and figuring out what’s the best Christmas e-tailer to hit on was a bit too much of a hard work. The target picked for this season’s eCrime heist was a payment provider nonetheless. Checkfree.com had their DNS records hacked in an attempt by eCriminals to catch onto the beginning of the month bill payments. Customers trying to use the Checkfree service have been redirected to a server hosted in Ukraine which presented them with a blank page and attempted to exploit their browsers and install a Trojan into their systems.

Just like in any other seasonal event (1, 2), we were all expecting the Christmas shopping season to be littered with eCrime attacks (and we are still seeing a rise in the number of threats related to online shopping sites), but this one is really a step up in the level of audacity exhibited by cybercriminals.

AIRC Threat report and the link to McColo

Posted on by
Reply

As promised, the AIRC Threat Report for November is out.

And as also promised, the link to McColo is revealed here – during the time when we were looking at the criminal server, we have had the opportunity to observe that someone is logged onto the server at the same time, and the connection came from… McColo.

For those of you who are wondering – no, we did not “hack”, “infiltrate” or “break” into the server. Sometimes the simplest things let you see what’s behind the mirror (and legally).

Hosting provider crackdown?

Posted on by
2

Recently, there has been a lot of focus from the security research community on a hosting provider named McColo corporation (out of San Jose, CA). Reports on spam, phishing and connections to Malweb distribution amongst other have been accumulating (including our own malicious server analysis which has been spotted to be administered from a McColo address).

It seems like the combination of law enforcement investigations with a recent story by the Washington Post have made their mark and McColo IP addresses have gone silent since yesterday. We’ll be looking forward to additional coverage on this in the coming days, as we are finalizing our own threat report on the eCrime server that has been analyzed, and on which we found the 200,000 compromised FTP credentials.