Email Security

Faux Facebook emails use password reset ploy

Dan Kaplan March 18, 2010

Scammers are trying to infect the computers of Facebook users by claiming their password has been reset and that a replacement credential is contained in an attachment.
 

Web fraud losses more than double in 2009, says report

Dan Kaplan March 15, 2010

Losses related to cybercrime more than doubled from 2008 to last year, according to a report from the Internet Crime Complaint Center (IC3)
 

Waledac demise imminent after shutdown of domains

Dan Kaplan February 25, 2010

The death knell for Waledac may be near after a federal judge ordered the takedown of domains being used by the prolific botnet, Microsoft announced Thursday.
 

Cloudmark to buy messaging platform maker Bizanga

Angela Moscaritolo February 17, 2010

Messaging security vendor Cloudmark on Wednesday announced that it will acquire message processing platform developer Bizanga for an undisclosed sum. Cloudmark said it plans to integrate Bizanga's solutions with its existing security technology, which should result in a more comprehensive and simplified messaging security solution that includes messaging management and end-to-end filtering. — AM
 

Six years later, CAN-SPAM Act leaves spam problem unresolved

Martin Lee, senior software engineer, Symantec Hosted Services February 16, 2010

In 2004 at the World Economic Forum, Bill Gates proclaimed: "Two years from now, spam will be solved." Six years later there is no indication that the spam problem will ever be solved. So what went wrong?
 

Experts warn of fake Valentine's Day e-cards

Angela Moscaritolo February 12, 2010

Cybercriminals will no doubt, begin sending out emails over the next few days that look like Valentine's Day greeting cards, which contain a malicious link or attachment.
 

Disaster recovery: Surge strategies also work for IT staff

Max Huang, founder and CEO, O2Security February 10, 2010

IT departments, when facing the possibility of a disaster, may want to take a page out of the U.S. military's playbook.
 

Mass injection web hacks yield to targeted attacks

Angela Moscaritolo February 05, 2010

During the second half of 2009, attackers shifted their strategy away from mass-injection campaigns and instead focused on launching targeted attacks to infect high-profile websites, Websense found in a new report.
 

Crooks try to romance users with Valentine's Day spam

Dan Kaplan February 01, 2010

Spammers are on the Valentine's Day prowl already, and more ploys are expected, researchers at Trend Micro said Monday.
 

Google enables Gmail encryption for everyone

Angela Moscaritolo January 14, 2010

Google announced on Tuesday that it will enable the setting "always use https," which encrypts email as it travels between a user's web browser and Google servers, by default for all Gmail users. Using "https" helps prevent data from being snooped, especially in public W-Fi hotspots, but could make email functions slower since encrypted data travels slower than unmasked data, Sam Schillace, Gmail engineering director, wrote in a blog post Tuesday. Previously, Google left the option of whether to enable the setting up to the user. — AM
 

Hacker sentenced over sending threatening emails

Angela Moscaritolo January 11, 2010

A Florida man has been sentenced to 90 months in prison and three years of supervised release for hacking into the email accounts of individuals and companies between 2007 and 2009, with the goal of stealing data to commit computer crimes, the U.S. Department of Justice said in a news release Monday. Kyle Tschiegg, 39, of Sarasota, sent threatening emails to thousands of individuals in Florida and Ohio. He also hacked into the email account of a Florida state legislator, identified in reports as Sen. Nancy Detert, and threatened to injure her if she didn't drop out of a 2008 race. — AM
 

Microsoft Office name being used to compromise PCs

Dan Kaplan January 08, 2010

The Microsoft Office name is being leveraged by cybercriminals in two new campaigns meant to infect users' machines. Email security firm Red Condor on Thursday warned of a spear phishing run in which messages appear to be invitations for recipients to update their Microsoft Office Outlook Web Access settings. Following the link, however, leads to the pernicious, data-stealing Zeus trojan. In another scam, searches for "office.microsoft.com" is leading to malicious websites hawking rogue anti-virus programs, internet security vendor Websense said Friday in a blog post. — DK
 

Waldec spreading through fake New Year's e-cards

Angela Moscaritolo December 31, 2009

The Waledac botnet is spreading spam messages that contain the subject line "Happy New Year 2010" and provide a link for what the email claims to be a New Year's greeting card.
 

Malicious cards, Brittany Murphy poisoned search hit web

Dan Kaplan December 21, 2009

Security researchers on Monday began warning internet users of a pair of new threats whose goal is to install malware on the PCs of unwitting users.
 

Zeus faked as H1N1 alert

Dan Kaplan December 02, 2009

The latest Zeus malware campaign is taking the form of emails claiming to originate from the U.S. Centers for Disease Control and Prevention, according to a post Wednesday on the SANS Internet Storm Center. The messages contain a subject referencing the H1N1, or swine flu, vaccination program. If users follow a link purporting to lead to a website where users can create a "vaccination profile," they are infected with the perilous trojan, also known as Zbot. Previous phishing ploys claimed to come from MySpace, Facebook, the IRS, Microsoft, the U.S. Social Security Administration and Verizon Wireless — DK
 

Law, PR firms targeted

Angela Moscaritolo November 18, 2009

The FBI warned Tuesday of an increase in targeted phishing emails containing malicious attachments or links that are being sent to law and public relations firms. If executed, the malicious payload used in the attack attempts to download and execute the file 'srhost.exe' from the domain 'http://d.ueopen.com,' the agency said in an alert. Any network traffic associated with the domain 'ueopen.com' should indicate a network is compromised. — AM
 

Festi botnet appears

Dan Kaplan November 06, 2009

There's a new botnet in town. Known as Festi, the network of zombie computers now is responsible for three to six percent of daily spam, or about 1.5 to three billion emails, according to the latest MessageLabs research released Thursday. The botnet, which was responsible for virtually no spam as recent as August, has managed to increase its output by recruiting new zombie computers and delivering significantly more spam from each compromised node. The junk mail typically pushes goods, such as male enhancement pills and jewelery. -- DK
 

Spam volume reaches new all-time high at 92 percent

Angela Moscaritolo November 03, 2009

During the third quarter of the year, spam accounted for 92 percent of all email on average, which breaks the previous record-high volume set during the second quarter of 2009.
 

Facebook scam email tries to spread Zeus bank trojan

Dan Kaplan October 29, 2009

Two email ruses claiming to come from Facebook actually attempt to load a trojan on victim PCs.
 

FDIC email hoax spreads

Dan Kaplan October 28, 2009

Phishers are sending malicious emails claiming to come from the Federal Deposit Insurance Corp., the agency said this week in an alert. The messages contain the subject line "check your Bank Deposit" and falsely inform users that the FDIC has taken control of their bank's assets. The emails include links that appear to point to FDIC forms, but clicking on one of them actually installs a malicious executable. The alert said the FDIC is not sure what the executable will do, but that recipients should consider it an attempt to steal personal information. -- DK
 

Facebook spam has trojan

Dan Kaplan October 27, 2009

Researchers at web security firm Websense on Monday warned Facebook users to be on the lookout for a phishing email that attempts to trick them into believing their password was reset, which could lead to their PC being hit with a trojan. The bogus messages, which have been spoofed to make it look like they are coming from Facebook, falsely inform recipients that their password has been changed due to safety concerns. They are encouraged to click on a ZIP attachment to view their new password. However, that file actually contains a poorly detected executable that installs additional malware on the victim's computer and joins it as part of the Bredolab botnet. -- DK
 

Zeus phishing wave targets Outlook Web Access users

Dan Kaplan October 15, 2009

The masterminds behind the Zeus trojan are continuing efforts to target corporate users with the hope of gaining access to business bank accounts.
 

Comcast to alert customers if machines are botted

Dan Kaplan October 12, 2009

Comcast's new move to alert customers if their machines are infected with a bot could prompt ISPs to drop their traditional laissez-faire approach to cyberprotection, according to experts.
 

FBI nets nearly 100 alleged U.S., Egyptian phishers

Dan Kaplan October 08, 2009

The FBI bust of a massive phishing ring, announced Wednesday, marked the first time U.S. and Egyptian authorities have ever worked together on a cybercrime case.
 

Yahoo, Gmail passwords also phished in far-reaching scam

Dan Kaplan October 06, 2009

Microsoft's Live Hotmail was not the only target in what appears to be a widespread phishing ploy targeting unsuspecting webmail users.
 

Facebook cuts off accounts spreading rogue anti-virus

Dan Kaplan October 02, 2009

On the same day that the Internet Crime Complaint Center issued an alert on the ongoing dangers of social networking fraud, a computer security researcher reported on a new Facebook threat in which scores of fake member profiles were attempting to push rogue anti-virus programs.
 

Number of phishing URLs at all-time high

Angela Moscaritolo September 28, 2009

More than 150,000 phishing URLs were established during Q2 of 2009, surpassing previous record-high levels during the first quarter of 2007.
 

Gmail outage prompts Google contrition

Angela Moscaritolo September 24, 2009

Google has apologized after an issue with Google Contacts caused disruption of its Gmail web-based email service on Thursday.
 

Rampant brute-force attack against Yahoo Mail

Angela Moscaritolo September 21, 2009

Attackers are exploiting a web service application to crack into Yahoo email accounts.
 

Google buys CAPTCHA firm

Dan Kaplan September 17, 2009

Google has acquired ReCAPTCHA, makers of technology that creates those squiggly characters -- mostly lifted from scanning old newspapers and books -- that are used to distinguish between human web users andbots, the search giant announced Thursday. ReCAPTCHA, a company that emerged out of the incubator program at Carnegie Mellon University's computer science department, currently serves about 100,000 websites, protecting them from spam and fraud. Google also plans to use the technology to improve its book and newspaper scanning projects. — DK
 

Latest News

Popular Topics
Analyst Reports & Industry Surveys Apple Threats Botnets Breaches & Exposures Browser Flaws Cybercrime Data Leakage Prevention Database Security Email Security Endpoint Protection Government Hackers Hacking Identity Theft Lawbreakers & Cybercrime Malware Patch Management Patch Tuesday Phishing Retail RSA Conference 2010 Spam Virtualization Vulnerabilities & Flaws Vulnerability Management