The outbreak of spam that pretends to be a news alert from CNN has now morphed into "BREAKING NEWS" from MSNBC, like this message proclaiming that trading in McDonalds has been suspended.
However, the message is not part of a dump-n-pump stock scam, merely a variant of the basic take-me-to-your-Trojan attack. Indeed, another one of these that I received has the strangely amusing headline: "Study reveals bass players 'every bit as dull as golfers.'" What bass playing recipient could resist checking out that story?
This type of attack looks like it will run for some time (I predict Google will be the next patsy). So information security staff might want to send out a generalized alert to employees warning them to
a. disregard [and delete without reading] any news alerts they have not specifically requested,
b. decline to install any new video players.
And so the world grinds on, with each new technology benefit poisoned by selfish, twisted souls. Sigh...
Public-interest technology, information security, data privacy, risk and gender issues in tech
Wednesday, August 13, 2008
Nasty New Form of Spam: CNN News Alerts
I have received a handful of these in the past few days, messages that look like they could be a CNN news alert that I had signed up for, except I hadn't.
The subject = "Breaking news" and spammers have designed them like this because many of us humans find it hard to resist a breaking news story. This means a lot of people may open these messages before the spam filters and malware detectors are updated and the security staff get out the word to the troops.
The link inside these messages can be quite goofy, like "Titanic sinks again in 2008." But some people will fall for them. And when they click on the story link they will probably find themselves on a web site in Russian or China. They will then get a message saying that, in order to view the video of the news story, they need to download new video player software. A convenient download is provided, but the software it sends you is a Trojan that takes compromises your system. These messages come hot on the heals of the "Daily Top Ten" from CNN that were very convincingly crafted (including an unsubscribe link that actually appeared to work).
There are only two things that will stem the tide of this garbage:
a. Widespread improvement in the general standards of human behavior.
b. Widespread adoption of new email standards.
Sadly both a and b still appear to be a long way off.
The subject = "Breaking news" and spammers have designed them like this because many of us humans find it hard to resist a breaking news story. This means a lot of people may open these messages before the spam filters and malware detectors are updated and the security staff get out the word to the troops.
The link inside these messages can be quite goofy, like "Titanic sinks again in 2008." But some people will fall for them. And when they click on the story link they will probably find themselves on a web site in Russian or China. They will then get a message saying that, in order to view the video of the news story, they need to download new video player software. A convenient download is provided, but the software it sends you is a Trojan that takes compromises your system. These messages come hot on the heals of the "Daily Top Ten" from CNN that were very convincingly crafted (including an unsubscribe link that actually appeared to work).
There are only two things that will stem the tide of this garbage:
a. Widespread improvement in the general standards of human behavior.
b. Widespread adoption of new email standards.
Sadly both a and b still appear to be a long way off.
Monday, August 04, 2008
Laptops in Peril at the Airport
My brother, Mike, has been busy this week, responding to questions about the latest Ponemom Institute survey, which suggests a heck of a lot of laptops are separated from their owners at airports. He did more than a dozen radio interviews in one day!
I've worked with Larry Ponemon in the past and he does a pretty mean survey. So if he says 3,800 computers go missing each week from Europe's 24 busiest airports, I'm inclined to believe that's the case. An even more shocking finding is that more than half of these laptops are never retrieved. People traveling with their laptops should take note.
One of the first things I do when I get a new laptop is tape my business card to the bottom of it (taking care not to block any ventilation ports).
I've worked with Larry Ponemon in the past and he does a pretty mean survey. So if he says 3,800 computers go missing each week from Europe's 24 busiest airports, I'm inclined to believe that's the case. An even more shocking finding is that more than half of these laptops are never retrieved. People traveling with their laptops should take note.
One of the first things I do when I get a new laptop is tape my business card to the bottom of it (taking care not to block any ventilation ports).
Friday, August 01, 2008
Travelers' Laptops May Be Detained At Border
If this wasn't in the Washington Post I would think it was a hoax: Travelers' Laptops May Be Detained At Border. More than anything else, this should awaken those who so far have been complacent to the reality of what our government has been doing to our rights these last 7.5 years.
Subscribe to:
Posts (Atom)