Spyware Techie

No sooner than the unfortunate death of Michael Jackson, security researchers expected an increase in spam that exploits this popular news story to spread malware.

Recent and popular events are like holidays for scammers, they are like vultures when it comes to a exploiting a story that is talked about non-stop via the media and internet. Michael Jackson’s death is undoubtedly one of the most popular stories currently and will continue to be for some time. Scammers realize this and they plan on spreading their malicious files and spam messages to unsuspecting computer users while the getting is good.

Exploits of vulnerabilities in Microsoft Windows operating systems is something that may be a serious issue if the attacks start to increase as predicted by the security firm Symantec.

Some of the most recent exploits of vulnerabilities within Microsoft Windows was the infamous Conficker Worm infection. Since then, another bug as arisen and could become a mounting issue according to Symantec.

A bug called DirectShow, was noticed by Microsoft about a month ago, has been added to one web-based attack kit. It is speculated that this may lead to spreading of this bug. A fix has not yet been issued by Microsoft for the DirectShow bug. As of now it has been found that the DirectShow bug affects only Windows 2000, Windows 2003 and Windows XP. A month ago Microsoft issues a security advisory in regards to a “limited attack.”

We found a video of hackers taking over the lighting controls in a skyscraper for the thrill of playing the classic Space Invaders game.

Could this video be proof that hackers are just toying with the cyber world ready to initiate a Cyber Apocalypse when they want?

Security vendor McAfee warns us that hackers or intruders may target utility control systems. Although the video portrayed below appears as a joke, it enters the minds of security analysts as a viable threat to the nationwide energy infrastructure.

New report reveals FAA Systems have been compromised more than one time in the past.

A report has been released revealing incidents where hackers compromised an FAA public-facing computer. The system hacked into was used to gain access to personally identifiable information on FAA employees, such as Social Security numbers. The many hacking incidents happened over the course of a few years dating back to 2006.

The new report showed that it was just last year when hackers took control of FAA critical network servers risking a shut-down and disruption of the agency’s mission-support network.

Will spam volumes continue to decrease or is this a temporary situation?

According to McAfee’s newest research, global email spam volumes have decreased 20% in the first quarter of this year (2009) when compared to last year’s rate during the same time period.

The recent report has some security experts baffled and others are contributing the findings to the November shut-down of the spam-generating McColo site. At one point in time last year, a month after McColo was shut-down, spam was still on the increase despite the demise of McColo. However, the end of McColo did hinder many botnets as the controllers were not able to send out commands to the infected machines in the same fashion. This may be the case as to the recent decline in spam, botnets are not running as ramped as they use too.

Facebook continues to be plagued with phishing and spam attacks in an attempt to steal passwords.

In a recent attack against Facebook, phishers attempted to steal passwords and names through fake e-mail messages that appeared to have come from Facebook Inc. Included in the fake email messages is a link that redirects users to a phishing website. The malicious website was discovered to be Fbaction.net, which appears to look like a Facebook log-in page.

What does the message look like? Victims of the attack have reported a message that has the subject line “Hello,” that appears to have come from a friend on Facebook. Within the message, it invites users to “Visit http://www.facebook.com/l/4253f;http://fbaction.net/” and then redirects them to the malicious Fbaction.net phishing site. Once a user visits the site they are greeted with several warnings and notices to change their password. This is where the scammers are able to retrieve your password.

There is no doubt that Conficker Worm has been a serious threat to the computer security world over the past couple months.

The newest variant of Conficker, Conficker.E, has gained traction since April 8th when it was first discovered to be updated. The main difference in the newer Conficker.E variant would be it’s ability to propagate and infect users over p2p or peer-to-peer file sharing networks. Instead of using Conficker.C or previous versions of Conficker to spread through the 50,000 newly generated domains, it goes the route of infecting computers through P2P networks over the internet.

Conficker.E is suspected to be communicating with a Waledec worm domain which is behind a wave of fake antivirus applications or scamware. Just like rogue anti-spyware applications, rogue antivirus programs are misleading in a way that it cohorts computer users into purchasing a full version of the fake antivirus application. Conficker.E could be a new culprit for aiding to the spread of fake antivirus programs. It may be safe to say that many security experts did not see this coming.

After the hype of the Conficker worm other cyberthieves wish to cash in on the situation by circulating spam messages alerting computer users of a fake Conficker Infection Alert.

Marshal8e6’s TRACElabs researchers have ran into a spam campaign that has fake “Conficker Infection Alerts” which will actually redirect users to rogue security software. With the hype and confusion of the Conficker Worm, messages that are related to Conficker Worm gain a lot of attention. Hackers and cyberthieves are now using this to their advantage.

In the past their have been all types of other spam campaigns from Presidential election messages to fake economic condition emails that claim to help you pay your mortgage. The Conficker Worm, as you may already know, is a serious threat and continues to be a mystery to many security researchers. The latest Conficker.C variant was recently discovered to have dropped a new payload as it awakens well after April 1st.

Is it possible that the authors of Conficker.C forgot something on April Fool’s Day as the Worm did not cause any issues on infected systems?

Could it be possible that the April Fool’s Day worm, Conficker.C, was a dud? Actually, it may be the case of a faulty fuse where Conficker.C was ignited on April 1st but it seems to have been extinguished for now.

All of the hype and concern of the Conficker.C worm causing massive chaos and panic on April 1st has gone down along with the slumping economy. Experts from various security firms are saying the Conficker authors may be extremely disappointed to know that the internet did not come crashing down with all of their efforts put into creating such a potentially devastating botnet.

The week of April 1st marks the time that Conficker.C starts its malicious actions but the damage that it will cause remains to be a mystery to security researchers.

Believe it or not but security researchers are basically clueless when it comes to predicting Conficker’s next move. Next week marks the time that the newest variant of Conficker will start to contact its controllers and many are unsure of what we are to expect.

What is Conficker.C?

Conficker.C is the newest variant of the malicious Worm that infected millions of PCs around the world previously this year. The newer variant, Conficker.C, is expected to use a new communication scheme on April 1st to link to the control servers which are operated by the hackers to initially spread this malware. Some have already called Conficker.C the April Fool’s Day Worm because of the April 1st date that is coded into the worm. April fools may turn out to be a catastrophe for some but no one is 100% certain yet.