The Facecrooks security sites warns users to avoid installing apps that report to watch user profile information (as they currently do not exist)
QUOTE: Clicking “Allow” will give the scammer access to your Facebook data at any time and the application will be able to post to Facebook as you. This will allow them to spam their scam messages to all of your friends. This particular application is called “Pr0file Watcher”, but scams like this are known to use multiple Facebook apps. Anytime you install a third party Facebook application, you give the application developer access to your personal data. Always be very selective on the apps you install, and only install them from well-known, trusted sources.
QUOTE: We often have readers ask us questions about specific Facebook applications. Some apps generate an enormous amount of spam and can annoy your Facebook friends. Others are outright scams and should be avoided entirely. For example, any application offering to show you who has viewed your profile, who your Facebook stalkers are etc., are guaranteed to be fraudulent. Facebook doesn’t allow developers access to the data required to create apps like this.
QUOTE: Last week, we posted a blog informing Android users of the discovery of new versions of Android.Tonclank, which we have named Android.Counterclank. The blog generated a bit of discussion over whether these new versions should be a concern to Android users. When classifying applications, our focus is on whether users want to be informed of the application’s behavior, allowing them to make a more informed choice regarding whether to install it.
Android.Counterclank – SYmantec Malware description
Zscaler analyzes the safety associated with website links as noted below:
PC Magazine: Zscaler – Analyzes URL safety
Zscaler – Analyzes URL safety (Home Page)
QUOTE: Security experts constantly warn you to avoid clicking links in tweets, emails, Facebook posts, and so on. Even if the sender is a friend, the link might have been added by a virus. So does that mean you can never check out the latest viral video? Sure, you can do that. Just check the URL with ZScaler’s free Zulu URL Risk Analyzer first.
This PC Magazine article share good protective approaches:
SuperBowl – Six ways to avoid online scams
QUOTE: Six methods of protection include:
1. Buy tickets from legitimate or licensed resellers
2. DON’T leave sight of the site
3. Pay using encryption (SSL)
4. Scrutinize your ticket
5. DON’T share personal information
6. 6. DON’T fall for online scams
For more, see 11 Tips for Safe Online Shopping
Trend Labs shares an important holiday warning to be cautious in selecting any link, app, or theme:
FaceBook – Valentines Malware themes circulating
QUOTE: It’s never too early to get ready for Valentine’s day, it seems, even when it comes to malicious attacks. Recently, I came across a scam in Facebook that leverages the upcoming occasion. The said attack begins with a post on affected users’ wall inviting other users to install a Valentine’s theme into their Facebook profile
Trend Labs documents early developments for malware attacks that exploit the Windows Media Player vulnerabilities patched under MS12-004 during the Microsoft January updates. Corporate and Home users should patch promptly and avoid all suspicious objects offered in email or websites
MS12-004 Early malware attacks starting to appear in wild
MS12-004 is rated as a highly critical security patch by Microsoft & ISC
QUOTE: Earlier today, we encountered a malware that exploits a recently (and publicly) disclosed vulnerability, the MIDI Remote Code Execution Vulnerability (CVE-2012-0003). (Ed. Note: addressed in MS12-004). The said vulnerability is triggered when Windows Multimedia Library in Windows Media Player (WMP) fails to handle a specially crafted MIDI file, consequently allowing remote attackers to execute arbitrary code.
The security firm Facecrooks documents a new scam circulating
What does your name mean? Find out here – Facebook Scam
QUOTE: What does your name mean? Find out Here – > Installing the application gives the developer access to your basic information. You are also asked on the next screen if you would like to give the application the ability to post to your Facebook Wall. (How nice of them to ask – usually they don’t give you the option The end game of the scam is the follow survey:
The new Android Counterclank BotNet has been downloaded over 1 million times and may have infected a large number of users:
Android Counterclank BotNet – Over 1 million downloads
QUOTE: Symantec has discovered a new Android botnet that is still thriving in the Android Market and has already been downloaded several million times this year. The Trojan ‘Android.Counterclank’ was packaged in at least 13 free games published by three different publishers, making it harder to trace. Symantec notified Google on Thursday and at press time, 9 of the apps were still available in Google’s official app store.
According to Symantec researcher Irfan Asrar, ‘Counterclank’ can carry out commands from a remote control center on your mobile device. According to Symantec’s virus definition, it steals information and can potentially display ads on your device. “When the package is executed, a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen,” Asrar wrote. No information on geographic scope has been given, but Asrar said that the sheer number of downloads, 1-5 million, makes it the most widespread piece of mobile malware found so far this year.
Users should avoid spam messages titled as “Banking security update” and in general be careful with all Spam email messages. A sophisticated HTML based attack has surfaced which uses a malicious JS agent. Plain text viewing of email messages may also improve user safety.
Getting infected just got a whole lot easier, researchers say
The current wave of drive-by spam contains the subject “Banking security update” and has a sender address with the domain fdic.com. If the email client allows HTML emails to be displayed, the HTML code is immediately activated. The user only sees the note “Loading…Please wait,” eleven says. In the meantime, the attempt is made to scan the PC and download malware.