I run a few WordPress websites and they all have a firewall set up that also monitors and reports suspicious behaviour. In the last few days I have seen a new URL appear in the logs; /index.php?option=com_simpledownload&controller=../../../../../../../../../../../../../../../proc/self/environ%00 A quick Google of [Simpledownload & Controller] brings up several websites that talk about Joomla, so it looks like this is just some automated robots sniffing for vulnerabilities in Joomla websites (Joomla being another popular open source content management system). There is a useful thread on Cnet.com from 2010 that talks about the Joomla SimpleDownload Component “controller” File Inclusion Vulnerability. As this is an old thread now we can assume that it is an old vulnerability that has now been fixed in Joomla, but hackers are still using bots to find sites that have not been updated. Old Vulnerabilities are the best to hack! In some ways it is advantageous for a hacker to target old vulnerabilities only. Generally, if someone has not updated their software then it is more likely that have stopped actively managing the website. This means that any attacks are more likely to remain for longer before a webmaster takes action to remove them. Moderately critical – Vendor Patch Fixes A quick [...]

If you use Facebook you are probably very used to sort of hoax virus alerts. I am still not sure what the point of them is. Here is the one I saw today: Please forward this to all e-mails. VIRUS COMING ! Hi All, I checked with Norton Anti-Virus, and they are gearing up for this virus! I checked Snopes ..... is it real?

News in that the latest gaming console business to get hacked is Nintendo. A group has already claimed responsibility - Lulz Security. This is the same group which attacked Sony recently. The hacking took place on one of its affiliated servers but on this occasion no client data was compromised. Hacking seems to be on the rise at the moment which further indicates that hackers are developing more advanced tools and systems to make successful attacks. It is not clear what the motives of Lulz Security is, maybe they are just setting out to highlight the security issues with many large commercial servers. According to their own Twitter page - twitter.com/#!/lulzsec – “We love Nintendo and Sega, if anything we’d hack *for* them.” They have also attacked PBS and InfraGard this year. Infragard is a company affiliated with the FBI which works in computer security. Lulz Security said that the attack was a direct response to the American government’s increased efforts to stop hackers. Suggested Reading:Attack of the Zombies and the Shadowserver FoundationLockheed Martin Defends Against Massive Cyber AttackMicrosoft Knocks $50 Off The Xbox 360 Console to Compete with WiiApple iPhone Security Problems Resoled (I meant Resolved) in Latest Software UpdateMicrosoft Warns Of A New Bug in [...]

Lockheed Martin has admitted that it was recently a victim of what it called a major cyber attack. Lockheed are not revealing the details of the attack but have said that they managed to keep their systems secure. Lockheed Martin described the attack as “significant and tenacious”. Lockheed Martin have shut down some of their systems as a precaution against further attacks and are working hard to ensure that employees will be able to regain access soon. Who Hacked Lockheed Martin? This is the first time that such a large attack has been made on military systems and marks a bold move on the part of the hackers which indicates that their methods are not only getting more advanced but they are becoming more skilled in hiding their identity. The punishment for hacking a military computer system would be severe. It is not know at the moment what the purpose of the attack was. How Did The Hackers Attack Lockheed Martin? Again, there is not much information, although over at Cafemom.com one blogger called stormcris says that the attack was carried out by using falsified RSE SecurID electronic tokens to gain access to systems. This information seems to have actually first been posted by Endgadget [...]

Microsoft seems to have a tough time really. They go to great lengths to make better software for the mass market, and people go to greater lengths to sniff out any security vulnerabilities and the publish them to the net. In the news today is a report of the latest security vulnerability in the Internet Explorer browser. This new bug apparently, according to reports, affects every IE user, which suggests that it is present in all versions from IE6 through to the latest IE9. This is not any minor bug either, as if the reports are true, it can allow hackers to take control of your PC. That is really only one step from making your computer blow up in your face, as once someone controls your computer, they control all your personal data. The problem is in Windows really, but the “attack” will come as a result of IE. This explains it a little better, I think: “When the user clicked that link, the malicious script would run on the user’s computer for the rest of the current Internet Explorer session. Once the computer had been hijacked, hackers could use it to steal personal data or send users to fake websites, she added.  Such [...]

Reports in that the Koobface virus/trojan than sometimes plagues Facebook is back on the march again. Of course, these reports may not be very reliable, as they are from personal status updates on Facebook! Just spotted this Facebook status update: “Virus spreading like wildfire on Fb and My Space! It is a trojan worm called koobface. It will steal your info,invade your system and shut it down! DO NOT open the link Barack Obama Clinton Scandal! If SmartGirl15 requests you as a friend, don’t accept it ;it is a virus. If somebody on your list adds her, you get the virus too! Please copy and paste to your wall. Confirmed on SNOPES..please pass it on” OK, a quick Google for that phrase brings up some pretty old pages, so maybe just an old status update worming its way around endlessly inside Facebook. Like Chinese whispers, it keeps coming around, but actually always looks the same…… OK. From Wikipedia, the free encyclopedia, some information on Koobface. Koobface Common name Koobface worm Aliases W32/Koobfa-Gen (Sophos) W32.Koobface.A (Symantec) W32/Koobface.worm (McAfee) WORM_KOOBFACE.DC (Trend Micro) Win32/Koobface (CA, Inc.) Worm.KoobFace (Malwarebytes) Classification Unknown Type Computer worm Subtype Computer virus Isolation December 2008 Point of Origin [Unknown] Koobface [...]

You are probably due an email any day now to let you know that Adobe is upgrading Acrobat with a 2011 edition. It is always wise to upgrade as soon as possible as some upgrades close security exploits than hackers and viruses take advantage of. But wait ….. If Adobe are upgrading Acrobat, why are they not using adobe.com? And why is it coming direct from Tom Norman? And why is it that if you Google “new-2011-pdf-download.net” there are loads of phishing warnings? Why is the copyright status on the website quoted as “Copyright new-2011-pdf-download.net © 2010 – All rights reserved”? It all looks very Phishy indeed! Here is the email that I just got, and wiothout my glasses on (just finished a quick, intensive workout) I almost fell for it myself! Phishing Scam Alert! "Dear Customers, Adobe is pleased to announce new version upgrades for Adobe Acrobat 2011. http://www.new-adobe-2011.com Advanced features include: - Collaborate across borders - Create rich, polished PDF files from any application that prints - Ensure visual fidelity - Encrypt and share PDF files more securely - Use the standard for document archival and exchange To upgrade and enhance your work productivity today, go to: http://www.new-adobe-2011.com [...]

Quick warning – just read about a new phishing scam that targets Amazon customers. This one is a be advanced than the usual, designed in trick more people into handing over their private data to the scammers. In this new Amazon scam you will receive an email which will look genuine. The email address will look a bit like an Amazon one, with a quick glance, and the email design and layout looks a lot like Amazon emails, with the Amazon logo included. There are various different emails, the most  common one is the “Your credit card has been declined”. The basic scam designed to encourage you to input your correct details. What makes this scam more advanced is that the page that you are directed to looks so much like the real Amazon site. You are asked to input your login details and then update your credit card details. Christmas is Season of Good Scamming The phishing scam is on the increase at this time of year as the criminals rely on the fact that you possibly have recently placed an order on Amazon. So many people will buy at least one present on Amazon that by bombarding millions [...]

Today the BBC has reported that consumer protection laws are being exploited by some online ticket sales companies. There is a new ticket scam that is on the increase at the moment, however it is doing the old trick of taking money from customers credit cards but never sending any tickets. It is estimated that the scam generated over £12 million each year. The main market seems to be concert tickets, festival tickets and comedy shows. The BBC shared the following example of an onlinee ticket fraud. This email was received after a person ordered tickets for a Peter Kay show: “Unfortunately we have been let down by our suppliers for the show and will be unable to provide you with the tickets ordered,” the scam email reads. “Due to us not using the merchant terminal that charged you anymore we are unable to issue a refund from our side. To ensure you get the refund owed please contact your card issuer and instruct them to perform a chargeback to retrieve the funds paid… unfortunately we are unable to return the money to you from our side by any means.” So the credit card companies refund the clients and the scammers keep [...]

Had another call today from a firm telling me that my computer was generating errors caused by malware, which was caused because my security warranty was out of date. I had a similar call the other day, and knowing it to be a scam I got rid of them pretty quickly. Today I decided to find out what exactly they are doing, so I played dumb, sounded very concerned at all times, and went along with the whole process while taking notes, just so I could raise awareness here. Many Companies Doing This Scam ******** Update 26 November 2010 - an interjection. Sorry, I should edit this better….. ******** Just want to interject here, as I have had another call today from a company doing the same scam, i.e. telling me my computer is sending them errors. This time I said that it was OK and that my computer was working fine, thanks. They asked if I have an antivirus, and I said that I did. They then said that the antivirus was not able to detect this type of error. The new company is called 360 E Tech Support. I asked for their website details and they reluctantly gave them [...]

I just got an email and the person sending it was promoting (spamming) a product but I was curious about what it was. After my recent virus after opening a Google Alert email I did not want to look at the URL direct, so I Googled a solution How To View TinyURL’s Without Visiting the Website The solution is provided by http://longurl.org/. There are some browser based URL lengtheners and TinyURL have a cookie thing that allegedly makes URLs long again, these require the URL to be on a webpage (mostly used for Twitter really). No good if you get one on an email. Here is an example (using a TinyURL I just made, not the one that triggered this little bit of fun): Long URL not only tells you where the short URL goes to, it displays each step along the way and provides a small image preview of the site. The only criticism is that the preview is a bit too small to really work out what the site is about. The URL I was emailed redirected first to a shopping cart, then to a tracking domain, and finally to an affiliate page for weight loss eBooks (not [...]

Last night I received a Google Alert for one of my websites. For those that do not know what this means, Google Alerts is a service that Google provide for free which will send you an email whenever a word or phrase appears to them for the first time. Google Alerts is handy for research and to keep an eye on your digital media products, including yourself. Set up a Google Alert for your name and you will get an email whenever someone mentions you online. Set one up for your website and you get notified when your URL appears on someone else’s website, this could indicate a link (good) or clumsy content theft (bad). Or it could be a warning that some reputation management is required. So, what happened to me? Last night I received a Google Alert for my main website brand, e.g. Webologist (but not Webologist). So I merrily opened to link to see what people were saying about my brand. That is when I caught the spyware.iemonster virus, the zlob.trojan and rogue.securitytool. The last one seemed to do the most damage, closing down my Anti-virus software and changing a bunch of settings on the computer, and [...]

My Dad called me today to say that he had a problem with his PC. A rogue anti-virus got installed on his PC and has hijacked it. He is running McAfee AV but that failed to stop it, although he did admit that he saw warnings, but really thought at the time that the virus program was a safe one. I have Googled the fix for him and found that Malwarebytes have an automatic removal solution in place already. You can download Malware Bytes from Bleeping Computer (a website devoted to helping people prevent and remove viruses), here is the direct link: Malwarebytes’ Anti-Malware Now, before you go jumping to any conclusions, let me make it clear that I may be adding to the confusion. As this evening I had a comment posted to my Facebook Wall that was obviously a bit suspect. It said “Jon, this is without doubt the sexiest video ever! ” with what appeared to be an embedded YouTube video of a woman with a large behind dancing. Admittedly I did click on it, rather foolishly. The person that sent it to me really is not the sort of person that generally sends such things, and [...]

Last night Ant-Virus software McAfee released a security update that broke Windows. The AV mistakenly thought that part of the Windows operating system is a virus, so locked it down. This resulted in computers being unable to boot up. So what exactly happened? McAfee’s 5958 update wrongly identified the Windows svchost.exe file as the wecorl.a virus. This worm tries to replace an existing svchost file with its own version to help it take over a machine. A fix has been released already, but some PC’s may be stuck in a reboot loop and unable to update. If you are having problems then you will not be able to comment below. Bad luck! A similar problem happened with Avast! home edition not so long ago. Many people woke up to find that Avast! had identified part of Skype as a virus. But, it is always better to be safe than sorry. Suggested Reading:Big Microsoft Windows Update TomorrowConficker Virus Starts Installing Mystery SoftwareGumblar – virus Threat to the Internet – How to RemoveLosing Internet Browser Connection on Windows Vista?I Caught a Virus! Rogue.SecurityTool and Spyware.iemonster – Grain on WordPress May Have Security Holes

Spam is a horrible thing. It is probably what annoys people the most about the internet. And for webmasters, owners / managers of websites, email spam can be horrific. For years spammers have been building “bots” that crawl the internet and seek out email addresses. As many people rely on email for their online business, this is very problematic. If you place your email on your site, you get inundated with so much spam you cannot spot the new customers. If you remove your email address, you lose customers, and lose trust. The first solution to this was the contact form, which allowed new customers to fill out an enquiry form to send an email, usually using PHP mail servers on the webserver. But spammers learnt to hack these. Some people would resort to just writing their email (i.e. not using the mailto: HTML code that allows people to click the link to open their mail client). But then the spammers would learn to seek out any instances of @ followed by a domain and copy that from the page. To combat this, site owners then started using images to show their email, meaning clients would have to read and [...]