English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

0.1
 

There are plenty of fraudulent messages with the content along the lines of “your email address won a million dollars in a lottery, please contact us to claim your prize”. Internet scammers use this trick to trick users into giving away money: before they can claim their alleged prize the “lucky winners” have to pay tax or a bank charge for a money transfer, etc.

We have now come across an interesting variation of this trick, which involves a Facebook account instead of an email address.

Now, why does Eduardo Saverin (a real person and one of the founders of Facebook) need to know my Facebook username if my account has already won a prize? But an unsuspecting user, blinded by the promise of a huge prize, may not think about that – and that’s what the scammers are counting on.

I’m sure the readers of this blog wouldn’t fall for something like a “Facebook prize”, but our relatives and friends have accounts too, and they may not be so experienced in the ways of online fraud. That’s why they should be warned that such letters are nothing but a scam.

comments      Link
0.4
 

Google Chrome users are being targeted these days by a wave of attacks that uses malicious extensions hosted in the official Chrome Web Store. The attack appears to be of Turkish origin and is using Facebook to spread. We saw users of different nationalities infected with the malicious extensions, which the cybercriminals are sending to the official store regularly, in a cat-and-mouse game.

As we already reported in March 2012, Brazilian cybercriminals were able at that time to host a malicious extension in the Chrome Web Store. Since then in June 2012 Google has changed the way users can add third party browser extensions i.e. not allowing the installation that are not hosted on the official Web Store. More recently Google removed the possibility of silent installations, which has been widely abused by third parties.

Maybe for these reasons bad guys started to concentrate their efforts to upload bad extensions to the official store. Now it’s the turn of Turkish cybercriminals; they were able to host several extensions there in the last few days.

Virus Watch|PimpMyWindow - Brazilian adware

Fabio Assolini
Kaspersky Lab Expert
Posted January 25, 11:13  GMT
Tags: Social Networks, Adware, Facebook
0.3
 

Brazilian cybercrime is based primarily on the spread of Trojan bankers. For some time now the country’s bad guys have been investing their efforts in new monetization schemes, the latest includes the use of adware. And the perfect place for distributing this sort of malware? Yes, that’s right – social networks. This is how "PimpMyWindow", an adware and click-fraud scheme that has infected several Brazilian Facebook users in recent days, works.

To spread quickly among innocent users the adware uses a "change the color of your profile" option that recently surfaced. The infected profiles are used to spread automatic messages to your Facebook contacts:

0.3
 

They’re stalking, taking advantage of the anonymity offered by the Internet and using the most advanced techniques to deceive their victims. They pose a persistent threat. They are often very patient and have sometimes communicated with their victims over a number of days, weeks, months and sometimes for over a year before they finally arrange to meet with the young person. They are a new breed of predators.

0.2
 

It is quite rare to analyze a malicious file written in the form of a cross-platform browser plugin. It is, however, even rarer to come across plugins created using cross-browser engines. In this post, we will look into a Facebook worm that was written using the Crossrider system – a system still in beta testing.



Image source: http://crossrider.com

0.4
 

Since November 2011, according to recent statistics, Google Chrome has become the most popular browser in Brazil (more than 45% of the market share).

The same has is true for Facebook, which now is the most popular social network in Brazil, with a total of 42 million users, displacing Orkut.

These two facts are enough to motivate Brazil’s bad guys to turn their attentions to both platforms. This month we saw a huge wave of attacks targeting Brazilian users of Facebook, based on the distribution of malicious extensions. There are several themes used in these attacks, including “Change the color of your profile” and “Discover who visited your profile” and some bordering on social engineering such as “Learn how to remove the virus from your Facebook profile”:

1) Click on Install app, 2) Click on Allow or Continue, 3) Click on Install now, After doing these steps, close the browser and open again

This last one caught our attention not because it asks the user to install a malicious extension, but because the malicious extension it’s hosted at the official Google's Chrome Web Store. If the user clicks on “Install aplicativo” he will be redirected to the official store. The malicious extension presents itself as “Adobe Flash Player”:

0.4
 

At Virus Bulletin 2011, we presented on the exploding level of delivered Java exploits this year with "Firing the roast - Java is heating up again". We examined CVE-2010-0840 exploitation in detail, along with variants of its most common implementation on the web and some tools and tips for analysis. Microsoft’s security team presented findings for 2011 that mirrored ours in relation to Java exploit prevalence on the web – it is #1! At the same time, aside from the recent, well-known BEAST Java implementation, it is striking that it has been very uncommon to see Java backdoors, Trojans and spyware. But that lack of Java malware variety is beginning to change. My colleague, malware analyst Roman Unucheck, identified a new Java bot with some interesting characteristics that we named "Backdoor.Java.Racac".

Events|Facebook, now with more(?) privacy!

Tim
Kaspersky Lab Expert
Posted August 30, 12:30  GMT
Tags: Social Networks, Google, Facebook
0.1
 

When logging into Facebook today, I was greeted with a new set of controls. In the wake of the apparent success of Google+, it seems that Facebook would like to reassure their user base that they too can control who sees what you post, and who you tag. You can now easily tag who you’re with, where you are, and most importantly; who can see your posts.

0.3
 

Airport kiosks have achieved a wide distribution nowadays. They offer the convenience of having access to all sorts of travel related information, IP-telephony as well as to the Internet while on the road. Which is a good thing!

However, when I travelled back from BlackHat and DefCon 19 and checked in at the Mc Carran airport in Las Vegas, one of these machines caught my eye. It showed a website I know pretty well – Facebook! But it wasn't the Login screen - as it should be - but the profile page of a member. Someone had forgotten to logout of his or her account. Anyone in this airport would now have full access to all data and - of course - be able to write status messages on the profile page of the account owner and all people in the friendlist – which could harm this person‘s reputation. Which is a bad thing!

Virus Watch|Google+ fake invites = malware

Fabio Assolini
Kaspersky Lab Expert
Posted July 07, 20:15  GMT
Tags: Social Networks
0.6
 

These days, invites to the new social network created by Google are a popular subject among users that want to try it.

If a subject is popular it also can be used by cybercriminals as a trick to infect curious users – and Brazilian cybercriminals have already started sending fake invites with malicious links pointing to malware, specifically Trojan bankers.

Today we found one of them targeting Portuguese speakers: