A few days a go we published a post about a hacking tool that was developed and started attacking jail-broken iPhones. This week again news out there suggests that there has been another developed tool which targets and attacks vulnerable jail-broken iPhones. The most affected ones with this new tool are those which have SSH installed in them, also if the default password was not changed, this makes it even easier for the attack to propagae. So, this worm gains access to the vulnerable iPhone, changes the default password to something 'unmentionable', then spreads itself out or throws up a funny picture. What kind of damage it does? Well, just like the other one, the worlm steals your information and send it to servers somewhere and that's how crooks gets access to your personal data and start the stealing spree. If you are one of the people with that kind of phone, you may want to read the previous post on how to protect your phone and also learn how to protect your phone from this new attach via Paul Ducklin's blog blog. This news info was obtained from Chester Wisniewski’s blog and http://eset.com/threat-center Kisa hiki hakijanitokea mimi bali kimepokelewa toka kwa mtu ninayemfahamu. Soma na upate maarifa ya kuchukua tahadhari pindi utakapojikuta katika hali ya utata kama hii. Ndugu wapendwa, Story ifuatayo ni ya kweli maana imenitokea mimi binafsi jana tarehe 11/11/2009. Najua kwa kiasi fulani itakuwa inaninizalilisha kwa kutokuwa makini lakini naona ni vyema niwashirikishe rafiki zangu ili msije mkatapeliwa kama mimi na wengine wengi wameshatapeliwa kama vile ndugu yake Galeba, laiti Galeba angeweza kutuelezea yaliyomsibu ndugu yake labda na mimi ningeweza kuepuka utapeli huu. Kinchosikitisha matapeli wenyewe ni watu wanaotufahamu vizuri. Mnamo muda wa saa tano asubuhi nikiwa nyumbani (nipo likizo) nikapokea simu nisiyoifahamu kutoka kwa mtu ambaye alijitambulisha ananifahamu, na kwa jinsi alivyonitaja kwa jina na career background details zangu sikuwa na shaka kwamba hanifahamu. Mazungumzo yalikuwa kama ifuatavyo: How to avoid DV Green Card Lottery scams 11/13/2009
DV Green Card Lottery is FREE! You may need to pay for internet access at internet café, or photo processing if you don't have means to do it youself but the DV Green Card Lottery itself is NOT FOR PAY. Laziness and reluctance in reading some WARNINGS and INSTRUCTIONS may result in loss of money, personal data or a combination of all, and even more. A reader by the name Blackmannen left a warning message in the previous posts urging people to take note of DV lottery and Green Card scams. I agree and strongly support his message. Recognize and stay away from scams! That sentence can not be over emphasized, even though it has been written before and covered by many websites, people are still getting ripped off by crooks and scammers who pose as agents of the popular US DV Green Card Lottery. Here is the correct information you need for USA's DV Lottery The ONLY VALID and CORRECT website address for USA's DV Lottery is http://www.dvlottery.state.gov NOTHING LESS. NOTHING MORE. If the domain name does not END in .gov it is NOT a US government site. For extra security, when starting filling out the form, opt for the SSL Entry The SSL is encrypted in order to provide protection of your personal information. The protection feature is denoted by the letter 's' just next to 'http'. It will therefore be: https://www.dvlottery.state.gov/application.aspx Here are websites that has detailed information on how to avoid scams US Department of State Warns of Impostor or Fraudulent Websites, Emails or Print Advertisements http://travel.state.gov/visa/immigrants/types/types_1749.html#Imposter US Federal Trade Commission Diversity Visa Lottery: Read the Rules, Avoid the Rip-Offs http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt003.shtm Here are some 'stay away' warnings Any person or website saying one or a combination of the following sentences is a crook, a thief and a scammer. Keep far from anybody, any group, any company, any agency, any organization, any website, any email and anything which convinces you that:
Just learning from Trend Micro that the Koobface botnet has just invaded Google Reader (definition) and now it hosts images that link to a malware. Koobface computer worm that targets users of the social networking websites such as Facebook and MySpace. Reading backwards, you will realize that Koobface is a rewording of the word Facebook i.e Koob for Book and putting 'face' at the end instead of, the usual, at the beginning. Read more about Koobface by clicking here. Koobface engineers have spoofed YouTube videos, attaching an image that encourages the reader to click on it. Once clicked, a message pops out wanting you to update your Flash Player in order to see the video. Once you click on it Koobface downloads into your computer start it's malicious attack. The two images below shows how the Koobface mimics YouTube and install Flash Player windows.   How to avoid roguewares 11/09/2009
Panda labs blog has an update about a rogueware that attack computers and demand ransom before they allow you access to any files in your computer. This particular rogueware will throw a pop up notice demanding a hefty $79 in order to 'remove malware it claim to have found in your computer system'. The truth of the matter is, there is no any malware, instead, this rogueware is going to install some. Good thing is, Panda and may other genuine anti-virus softwares have a cure for it. See the video below. But, probably the best cure for this and many other similar threats will be to NEVER open any suspicious attachment from anybody (people you know or don't know). Also as a rule of thumb, never click a link coming from a person you don't know, if you receive it from a person you might know and it still doesn't feel okay, do yourself a favor and double check with them. Asking if they sent an attachment, what it was and why, could save your computer data and personal information. Read more at: http://pandalabs.pandasecurity.com There is a blog dedicated to reporting about roguewares, you can subscribe for updates. Here is the link http://rogueantispyware.blogspot.com/ This message is posted here 'as is' from ELSEVIER: http://www.elsevier.com/wps/find/authorsview.authors/spam Thanks to Dr. Bruno (LeBron) for the alert. Please take note. It has come to our attention that fraudulent emails are being distributed widely in the scientific community. These spam emails use fake publisher email addresses and attempt to appear as official communications from the publisher. The fraudulent e-mail messages are generally called "Manuscript Submission", "Call for Papers" or "European-Elsevier Scholarships" and are typically sent using e-mail accounts supported by Gmail, Hotmail or other free e-mail providers. Typically, the body of these messages contain a "Call for Papers", requesting that authors submit scholarly articles via e-mail for publication by Elsevier in various Elsevier journals and other publications. These fraudulent e-mails involve a request for the victims to send "handling fees" to cover the processing of the article submitted. Another message called "Editorial/Reviewer Appointment" asks potential reviewers to pay a fee to sign up as a reviewer. Please be assured that Elsevier, Inc. is in no way associated with these fraudulent e-mail campaigns. Elsevier is currently investigating this fraud to identify the persons responsible and to bring them to justice. Elsevier does not solicit intellectual property or sign up fees from authors and reviewers in this fashion, and does not utilize Gmail, Hotmail, or any other free third-party e-mail providers in communications with authors and editors. If you receive any e-mail messages that appear to be a part of this fraudulent solicitation, DO NOT respond to the message and do not open any attachments contained in the message. Rather, please forward the message to Elsevier's Fraud Department at emailabuse@elsevier.com We will use the information included in the message to aid in our investigation. If you know of someone who has received this message, please pass along the above information and ask them also to forward the message to the Elsevier's Fraud Department. The Nigerian government has stepped firmly in the fight against e-fraudulent activities. It haslaunched a 'Project Eagle Claw' that aims at cracking down the crooks. It is reported that they have already made a number of arrests. It is reported that the project is in collaboration with Microsoft, this time expecting it to bear more positive fruits than the previous cracking down attempts. Read more on this announcement at: http://arstechnica.com/tech-policy/news/2009/10/nigeria-actually-arrests-shuts-down-online-scammers.ars Most of us enjoy the free email services from Yahoo! Gmail, Hotmail or elsewhere, but we can not escape the incoming bogus deals from, God knows who, crooks, who request money upfront in the promise that you have some free unclaimed money waiting for you somewhere. They claim to be your cousin from your (unknown) grandpa's side the 3rd twice removed, a Prince or Son of a King, the only Son or Daughter of a wealthy businessman or an heir of somebody rich who died in a fatal accident.... all of these commonly referred to as 'Nigerian Scams' or '419 scam' or 'Advance Fee Fraud' are worthless. They have this appealing nature, so persistent, in making sure that you fall for their (false) promised expectations that you are going to receive a lump sum of money soon or later depending on how fast the two of you work the plan out. Well, one thing is certain and only one thing is true - they are after your money. They are all liars, thieves and criminals. Do not be fooled by them. As we marked the 40th year since the invention of e-communication technology, genuine internet uses have only one wish and one dream - that is - to wake up one day and hear, 'NO MORE SCAMS'. The scams statistics list continue to grow so it the size of indexed number of junk mails sent out everyday. The number of seconds or minutes you waste cleaning your inbox and junk folder each time you open your emails was the extra minutes you needed for your leisure time. Count in the number of bytes downloaded when checking those junk mails for deletion, don't forget that, that adds up to your internet usage you are paying for, and oh, the nuisance of all that junk, that counts towards your health - negatively. Down with scams and junk mails until they die. The PCMag blog has a post about a scam that could turn to potential personal information stealing by internet thieves. Take note of the message below and this alert and refrain from filling out any survey from any bank or institution that stores your sensitive information. Most importantly, do not give out your sensitive information such as your date of birth, place of birth, citizenship, social security number, TIN number, password, Passport ID and details of such. Do not click any link that looks suspicious or seem to come from people you don't know, even if it were to come from a friend or relative (including your parents or kids) it could also be not true. Someone can steal their information and start to send out links containing wrong information, viruses, phishing sites etc. Read more about this banking scam at: http://blogs.pcmag.com/securitywatch/2009/10/bank_survey_phish.php ATM card # skimming and PIN capturing 10/27/2009
Click HERE to see the videos (1. Demo 2. Actual real life stealing attempt). |