Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
Facebook has just announced that applications on Facebook Platform can now be able to take advantage of the site's built-in chat functionality, which launched last spring. Developers will now be able to present users with a list of their Facebook Chat buddies, tailoring the list to best suit their application (for example, they can choose to only present friends that already have the app installed). Facebook users have been able to use Chat and their Facebook apps simultaneously since Chat launched (one of its biggest selling points is that it remains open at the bottom of the screen, no matter where on the site you go). But until now applications didn't really have a way to tap into the power of Facebook Chat to help make their applications more social. Aside from adding an enhanced social element to applications, the new feature could also help apps go viral much more quickly than they would using the standard Email invite system most Facebook apps employ. Developers can now present users with a list their friends who are online (even those that don't necessarily have their apps installed), who they can then send invites via chat messages. Invites sent over chat have a greater sense of urgency and intimacy, so it's likely that they'll be more effective than invites sent through the site's Email system. Of course, integration with Chat gives apps on Facebook yet another way to try to spam you. In the dark ages of Platform, when every app seemed to spam users with reckless abandon, I might have been more concerned about this, but I suspect Facebook already has some measures in place to prevent abuse. And even if they don't, you can always just sign out of Chat if things get bad.
By JORDAN ROBERTSON – 41 minutes ago SAN FRANCISCO (AP) — A staple of the spammer's arsenal — those come-ons for job offers — is getting a makeover because of the recession as online identity thieves concoct clever new ways to sneak onto people's computers. One tactic the bad guys are trying is a twist on an old standby: e-mails purporting to come from legitimate companies that say they're still hiring. The messages are loaded with links to the company's official Web site to throw off suspicious recipients. However, they are also packed with a dangerous surprise — a computer virus — hidden in an attachment that is supposed to be a job application. One message, supposedly from Coca-Cola Co., trumpets that "We are hiring!" All the recipient has to do is fill out the attached application to get started. There are some tip-offs, though, that the message is fraudulent: the English is choppy, the company promises 12 weeks of paid vacation and that "None of the positions require any kind of education or work experience!" Another tactic represents the flip side of that deception. Spammers are sending e-mails pretending to reject people for jobs, instead of trying to recruit them. Those messages say the recipients weren't selected for a particular job, so the company has sent back their application — disguising the malicious program. "What they're trying to tap into is human curiosity," said Dermot Harnett, principal analyst of anti-spam engineering with Symantec Corp. "Maybe people have lost their jobs, or they're looking for another job, and they're looking at their e-mail constantly to see if they have responses from potential employers."
Malware is targeting social-networking sites, with Facebook hit the hardest, according to Trend Micro. The Koobface.AZ variant of the WORM_KOOBFACE.AZ steals user information and has appeared on 300 servers and up to 20,000 PCs. Jamz Yaneza of Trend Micro warned that open social-networking apps make it easy for cybercriminals. Trend Micro, a computer security firm, is warning that social-networking sites are under attack from a new wave of malware Relevant Products/Services, worms and rogue applications. Although a number of the leading social-network sites have been targeted, the problem has hit Facebook hardest. "We didn't see a lot of these until recently," said Jamz Yaneza, the threat research manager for Trend Micro. "So far, they don't seem to be affecting users that much, although at least one Facebook group has been started by malware victims." Yaneza said there is particular concern about a new variant of a dangerous worm, WORM_KOOBFACE.AZ. Within a very short period of time, the setup file for Koobface.AZ appeared on more than 300 servers, mostly in Asia, and Trend Micro expects that number to rise quickly. Researchers also estimate that as many as 20,000 PCs are being infected each day.
Facebook has launched a lawsuit against infamous junk mail merchant Sanford "Spamford" Wallace. Wallace, along with co-defendants Las Vegas night club manager Adam Arzoomanian and Scott Shaw, face charges of violating the CAN-SPAM Act of 2003. Mediapost adds the the suit covers allegations that Wallace and his business associates spammed Facebook members with wall posts that posed as messages from their friends. The gang allegedly hacked into accounts using phishing techniques before sending the offending messages. Facebook's legal action comes three months after the social networking site was awarded $873m in a suit against Adam Guerbuez and his firm Atlantis Blue Capital for violations of US federal anti-spam laws. Guerbuez did not contest the action, which would otherwise have cleared up the undecided legal point on whether or not the CAN-SPAM Act applies to messages sent through social networking websites. Wallace is no stranger to accusation of malicious marketing activities on social networking websites. Wallace and business partner Walter Rines were ordered to pay $230m to MySpace last May after a court held them responsible for using malware and social engineering to promote porn and gambling sites. That action was also uncontested by the defendants. ®
A new Trojan horse attack is making the rounds, and this one impacts Microsoft Excel files. But there's a twist: Both Windows PCs and Macs running Excel are at risk of infection. The attack surfaced early last week but has been gaining steam ever since. Called Trojan.Mdropper.AC, the Trojan hides inside a regular .XLS file. When the infected file is opened, an executable is created via Excel's scripting system. That executable runs and from there it can be coded to do pretty much whatever the attacker wants, which usually means giving complete control over the computer to the attacker. (Symantec has additional information on how it works if you're interested.) The attack affects only .XLS files, not the new .XLSX files that are standard on the most recent version of Excel. But because the new Excel can still open the old .XLS files, it's still vulnerable. In fact, all versions of Excel are vulnerable dating back to Excel 2000 on the PC and both Excel 2004 and 2008 for the Mac. Right now, reports of actual exploits using Mdropper are low, but that could change. Microsoft has issued a Security Advisory on the attack but as of March 1 it has not issued a patch for Excel to foil it. Most antimalware software should now be patched to detect and block any attacks using Mdropper, however, so make sure your security software is up to date. Again, I know most Mac owners don't use antivirus software, so if you're still "playing loose," be especially cautious when opening Excel files at least until the appropriate patches are released.
The start of February saw Internet spam levels rise to as high as 79.5 percent of all e-mail messages due to a spike in botnet activity and spammers leveraging the financial crisis and Valentine's Day, according to MessageLabs. This is despite the fact that spam levels declined by 1.3 per cent to an average of 73.3 percent for the same month, states the February 2009 MessageLabs Intelligence Report. MessageLabs is now part of Symantec, a provider of security, storage and systems management solutions. MessageLabs Intelligence is a source of data and analysis for messaging security issues, trends and statistics. "February saw the spammers pulling at both the heart and the purse strings with the emphasis on Valentine's Day and the global recession. Although spam levels declined slightly this month, the level of activity around Valentine's themed spam reached unprecedented highs accounting for nine percent of all spam messages," said Paul Wood, MessageLabs Intelligence senior analyst, Symantec. "With the financial crisis front of mind for many organisations and consumers, spammers and phishers are using this topic to their advantage and targeting people when times are tough."
Malware distributors are taking advantage of Google Trends to earn top billing for their pages, according to security experts. Researchers at McAfee's Avert Labs said that a number of malicious pages have seen their Trend ranking artificially enhanced so that the pages will be returned as top results for a number of Google searches. McAfee senior threat researcher Craig Schmugar said that the malware writers appear to be using the Google service to find the most popular current search topics, then loading the pages with keywords and text to show up on result pages for those terms. "One thing they are doing is to pull the content off the pages that are already ranked high, which makes it a little more transparent when you see the search results," said Schmugar. After clicking on one of the malicious links, the user is redirected to a page which will attempt to exploit a three-year old vulnerability in Internet Explorer, as well as a number of fake 'alert' pop-ups designed to trick the user into installing rogue security software. Schmugar suggests that users exercise extra caution when clicking on search results and avoid following links to unknown or suspicious domains.
Spammers are using the current shaky economic conditions to their advantage, according to information released by Symantec Corp. in its February 2009 MessageLabs Intelligence Report (See also: Spam is More Malicious Than Ever). Spam declined by 1.3 percent to 73.3 percent of all e-mail in February, but levels as high as 79.5 percent were experienced at the start of the month due to a spike in botnet activity and spammers leveraging the financial crisis and Valentine's Day for their latest spam antics, the report states. "With the financial crisis front of mind for many organizations and consumers, spammers and phishers are using this topic to their advantage and targeting people when times are tough," said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec. For the first time in more than a year, February saw the reappearance of search engine re-directs which topically referenced the financial crisis. The 'recession spam' email messages contained text such as "Money is tight, times are hard," "Get 15 percent off these," and "Cheaper than you could imagine." This resurgence of search engine spam comes with a new twist, according to Symantec. The spam comes disguised as email messages which include links to well-known search engines. The links search for the spammer's domain, as opposed to automatically re-directing to the spam site in the hope that the search engine has not yet indexed the target site. By hiding the search for their domain in a legitimate search engine query, spammers can send messages that go under the anti-spam radar, according to a Symantec spokesperson.
Both McAfee and Trend Micro are warning about a recent bump in the use of SEO (search engine optimization) abuse as a tool in the spread of malware. Google Trends is a site that tracks the most popular search terms on Google. As I type here the most popular search is "obama budget". This isn't exactly new, but some outfits using the web to push malware are using Google Trends to find terms for their sites in order to get them into the searches of the most users possible. Both Trend and Mcafee were tipped by a recent event in which searches on a Facebook worm called "Error Check System". The worm was an interesting problem all by itself (the Trend Micro entry talks more about the worm, the Mcafee entry more about the SEO abuse), but what was really interesting is that if you Googled "Error Check System" you were pushed links to malware-infested sites. The recent GMail outage produced a similar problem; Googling "Gmail Down" got you lots of malware. In all these cases, as with other recent attacks such as the eWEEK attack, the end result was to push rogue anti-malware to the user. This really does seem to the star of the malware world in that it directly brings in money.
A teenager who claims he hacked the e-mail and MySpace accounts of Miley Cyrus earned more than $100,000 by accessing other celebrity accounts and using them to send spam, according to an FBI affidavit. Josh Holly, 19, told the FBI that he hacked numerous celebrity MySpace and e-mail accounts, according to a search warrant affidavit, which was first reported by WTVF Channel 5 in Nashville, Tenn. The FBI searched Holly's apartment in October 2008 and seized several computers and an iPhone as part of an investigation into the hacking of Cyrus' e-mail account. Holly told ABC News that he was the one who took racy personal photos of Cyrus from her e-mail account and posted them on the Internet last year, which caused a minor scandal for the previously squeaky-clean teen star.
