Tag: Google

Anti-Social: Popular WordPress Sharing Plugin Linked To Payday Loan Spam

A popular plug-in for sharing blog content on social networks was discovered to have hidden code that was injecting WordPress blogs with links to phony Pay Day Loan offers and other spam, according to the firm Sucuri. The plug-in, named Social-Media-Widget (SMW) was compromised with malicious code 12 days ago, in concert with an update of the widget. The new version of the plug-in contained a hidden call to a remote PHP script that inserted “Pay Day Loan” spam text and links into WordPress web sites running the plugin. The goal was to infect as many web sites as possible with text that would increase the web reputation and visibility of a web site run by the spammers, according to the post on Tuesday, by Daniel Cid, Sucuri’s CTO. SMW is among the most popular add-ons for Wordpess sites. It allows bloggers who use WordPress to configure sharing buttons that will […]

What’s In Your Bucket? Data For The Taking In Amazon S3 Containers

Security is one of the main obstacles to greater cloud adoption. When it gets right down to it: companies that own sensitive data are reluctant to release control of it to a third party without ample reassurance that it won’t be lost or stolen. Given that’s the case, the results from an analysis of Amazon’s cloud-based Simple Storage Service (S3) by the security firm Rapid7 won’t ease privacy and security fears surrounding cloud-based storage and applications. In that study, Rapid7 researchers surveyed 12,328 Amazon S3 “buckets” – virtual containers for stored data. The results: 1,951 of those buckets were publicly accessible – around 1 of every 6. Within those 2,000-odd public buckets were 126 billion (with a “B”) files. That’s right – 126 billion. The sheer amount of data was too large for Rapid7 to audit each file individually, so the company sampled 40,000 publicly visible files and found that […]

Spammers Using Yahoo, Google To Whitewash Links

If the gigantic distributed denial of service (DDoS) attacks against the spam blacklisting operation Spamhaus wasn’t proof enough: spammers have trouble steering around blacklists and other reputation-based filters. Even if the language in their message is generic enough to avoid detection, dropping a link to a known, malicious- or compromised domain is plenty to get an entire message dropped. Spammers without a legion of 100,000 bots at their fingertips have to get creative about getting their message into the target’s inbox. Lately, a method that’s drawing attention is to leverage low-security redirection services to whitewash a link to a ‘known-malicious’ or merely suspicious sites. Barracuda Networks said that it has captured spam attacks that are combining a Yahoo based URL shortening service with Google’s free Translate service to whitewash links in spam e-mail messages and evade automated detection. The message, which was sent to a Barracuda “honeypot” system  includes a […]

Bit9: 32 Pieces of Malware Whitelisted In Targeted Hack

The security firm Bit9 released a more detailed analysis of the hack of its corporate network was part of a larger operation that was  aimed a firms in a “very narrow market space” and intended to gather information from the firms.   The analysis, posted on Monday on Bit9’s blog is the most detailed to date of a hack that was first reported on February 8 by the blog Krebsonsecurity.com, but that began in July, 2012.  In the analysis, by Bit9 Chief Technology Officer Harry Sverdlove said  32 separate malware files and malicious scripts were whitelisted in the hack. Bit9 declined to name the three customers affected by the breach, or the industry segment that was targeted, but denied that it was a government agency or a provider of critical infrastructure such as energy, utilities or banking. The broad outlines of the story about the hack of Bit9, which sells […]

FTC Forum Will Tackle Mobile Device Threats

The U.S. Federal Trade Commission is continuing to focus its energies on protecting the growing number of consumers using smart phones and other mobile devices. Next up: a public forum to discuss threats to mobile devices. The FTC announced the one-day public forum on Friday and said it hopes to use the event to address problems like “malware, viruses and similar threats facing users of smartphones and other mobile technologies.” The event will take place on June 4th at the FTC’s offices on New Jersey Avenue NW in Washington, D.C. The public forum is just the latest effort by the nation’s leading watchdog to reign in a free-wheeling mobile application marketplace, and put stronger consumer and privacy protections in place. Earlier this month, the agency released a Staff Report that called on mobile OS, mobile device and mobile application firms to provide clearer guidelines to consumers about how their information […]