Internet Explorer Flaw- WEB “dive by” attacks
Google security warned the public and Microsoft of the flaw back in January and now the know flaw has become what security folk call a Web Drive-By-Attack.
The flaw, which has not yet been patched, has been used in “limited, targeted attacks,” Microsoft said Friday in an update in its security advisory.
The attack is triggered when the victim is tricked into visiting a maliciously encoded Web page — what’s known as a Web drive-by attack. It gives the attacker a way of hijacking the victims’ browser and accessing Web applications without authorization.
Microsoft has released a ’Fixit tool’ users can download to repair the problem, but has not said when, or even if, it plans to push out a comprehensive security update to all users. Google isn’t saying who exactly was targeted in this latest incident, but Chinese activist groups have been the focus of cyber attacks in the past.
This may be another example of an ongoing and methodical effort to track and steal information from pro-democracy and Tibetan activists.
Now that the flaw is being exploited in attacks, the pressure is mounting on Microsoft to produce a reliable patch for the issue that can be pushed out to hundreds of millions of customers.
“For now, we recommend concerned users and corporations seriously consider deploying Microsoft’s temporary Fixit to block this attack until an official patch is available,” Google said.
On a note closer to Calgary- there have been recent downloads of fixit in the Calgary area. When faced with a browser issue such as this it’s better to be more secure than not.
Massive Influx of Scams Surrounding Japan’s Earthquake and Tsunami
The scams have started to make their rounds and Calgary has seen at least two types of these scams on the internet. Trend Micro noted that its researchers saw blackhat SEO attacks almost immediately after news of the earthquake broke. “One of the active sites that we saw used the keyword “most recent earthquake in Japan” and led to FAKEAV variants we currently detect as Mal_FakeAV-25,” Trend Micro commented in a blog post.
Scams are already spreading across Facebook, which started in a matter of minutes after the news broke of the earthquake in Japan. As this was wrote, scammers are hard at work, registering new domains and cranking out templates for their fake donation sites. This will be followed with massive volumes of email spam, Tweets through Twitter, and Facebook posts, as scammers gear up to solicit donations from around the world. Users also need to be aware that cybercriminals also use these events to help spread malware, via malicious links via spam, twitter and other fake Web sites. If you want to help the people in Japan please go to: www.redcross.ca and donate through this organization. The United States: www.redcross.org/ likewise with this organization. rdcrss.org/ekK3rr has the link or text on how to donate. Remember: The real sites will process your donation through and https:// secure connection and you will have to confirm and will receive a receipt. You can always drop by a Red Cross location and donate in person.
What is FouTube? Viral Facebook clickjacking video scams explored
Viral scams are spreading rapidly across Facebook, tricking unsuspecting users into saying they “Like” a page, which helps the links spread far and wide.
The scams use a technique called clickjacking, often called “Likejacking” when it happens on Facebook. Typically you are presented with a realistic-looking video player, but clicking anywhere on the screen with your mouse actually triggers an invisible Facebook Like of the content.
Examples of the scam video names being used in the last 24 hours include:
From couple to Family in 39 Months
PHOTO! Girl accidentally sends dad SMS about her FIRST TIME
Exclusive Video: Charlie Sheen found dead at his House!
As with all schemes like this: Contact your cell phone provider, if unusual charges appear. Contact your Anti-Virus company to see if they have a solution for you.