I've been traveling and otherwise preoccupied the last weeks of October so no posts for over a week, but on-line threats have taken no breaks.
I've received several highly targeted phishing emails asking for login credentials to Facebook and Linked-in social networking sites. The Facebook email had a zip file loaded with the Bredolab Trojan.
Here is the email I received:
-----Original Message-----
From: The Facebook Team
Sent: Tuesday, October 27, 2009 12:14 AM
To: [deleted]@[deleted].com
Subject: Facebook Password Reset Confirmation.
Hey steve goodbarn,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
The Facebook Team
Trojans are poppping up everywhere these sdays and they are looking for money. Here is a good slide show from eWeek that highlights some of these attacks: Network Security & Hardware: How Notorious Trojans Hit Banks and Steal Your Money.
An obvious step to protect yourself is to delete password reset emails and never open a file from an unknown source. What bothered me most about this email is that it was a known scam yet it came through both network and PC SPAM and anit-virus filters and hit my inbox. I could have opened it simply through carelessness.
At the end of the day our security is left to our own diligence. Not the best for consumers
Denial of service attacks also continue to pick up. Yesterday there was a major attack in Sweden: DDoS attacks topple 40 Swedish sites. It does not matter how secure a site is if no one can reach it.
Comments