Twitter discontinued support for basic user authentication in third-party applications yesterday morning. Good. It’s always best to never share your password with a third-party. Even if you trust them, their database could be compromised, and your password along with it. The discontinuation of basic user authentication also removes the vector of brute force password attacks via Twiter’s API. All third-party applications must now use... 

Wikipedia’s affiliate marketing entry includes the following sentence: “Although many affiliate programs have terms of service that contain rules against spam, this marketing method has historically proven to attract abuse from spammers.” This is very true — affiliate marketing methods definitely attract abuse from spammers. Our recent posts on Facebook and YouTube spam linked to cost per action ( CPA ) affiliate networks.... 

Someone has been trying to pose as us again , and send an e-mail that looks like this: From: Account Support Date: Saturday, August 28, 2010 4:33 AM To: none Subject: Account Alert!!! An HTK4S virus has been detected in your Email Account, and your email account has to be upgraded immediately to our new F-Secure HTK4S anti-virus/anti-Spam version 2010 to prevent damage to the email and important files in your email account. You are therefore required... 

One of our Safe and Savvy bloggers, Melody-Jane , recently asked me about some “free” offers for F-Secure Internet Security 2010 that she spotted on YouTube. She thought the videos, and their associated links, looked just a bit more than suspicious. So I decided to check them out. What I discovered was Cost per action (CPA) spam. The same sort as I’ve recently been investigating on Facebook . (I’m …  Read More →

In the past days, a class of exploits that fall under the category of DLL hijacking (or “binary planting”) have gotten a lot of attention. Apple’s iTunes had problems , and a lot of other applications seem to be falling for the same thing. The problem is really quite simple. An attacker will try to trick someone into opening a data file (for example, an MP3 file in the case of iTunes) from a folder while at the same time placing... 

Last week, the lab identified a curious set of spammed malware; files signed with a valid Authenticode code signing certificate. This is something we’ve seen before. But this case seemed odd because the contact information appeared very genuine. Usually a valid but malicious certificate uses clearly bogus or dubious details. I searched for a company that matched the name and address in the certificate and found small consulting firm that... 

Today we have an example of yet another Facebook spam (YAFS). This particular spam links to a Facebook Page called “I May NEVER TÊXT AGAIN After Reading THI$!!”. As you can see, there are over 200 thousand likes. The Facebook user must click the Like button in order to continue. But not really. Let’s skip step 1 and take a look at the selection source. Step 2 requests (but doesn’t enforce) sharing the Page and step 3... 

Facebook spam (erroneously called scams) has been making headlines recently… And with all the attention on “virally spreading” links, we wondered, just how effective is it? What’s the conversion rate? Links spread virally — but so what? That’s only one step in the process. How many people actually fill out the CPA surveys that make the money? Here’s one recent example of spam attempting to use English... 

For those of our readers who follow PlayStation 3 discussions, it would have been hard to miss the discussion about a new “jailbreak” for PS3. News of a USB dongle that breaks the security model of the game console to enable execution of third party software (as well as pirated games) have been going around like wildfire. Not surprisingly, online miscreants are trying to exploit the excitement. The real USB jailbreak gadget is not... 

” Computer viruses may have contributed to the Spanair passenger plane crash which killed 154 people in Madrid two years ago “, reports the Spanish newspaper El Pais. ” The Spanair central computer which registered technical problems in airplanes was not functioning properly because it had been contaminated by harmful computer programs “, the magazine continues. We cannot confirm whether malware played a part, nor …  Read More →

Zeus continues to be one of the most common malware we run into. Just now we’ve been watching a spam run with malicious ZIP files attached to them. Inside the ZIP is always the same Zeus variant (md5 92671afe999e12669315e220aa9e62c2) but the name varies. So far, we’ve seen these filenames:  Read More →

Another malicious application has been found from the Android Market. A game called Tap Snake isn’t just a game, it turns out to be a client for a commercial spying application called GPS SPY . The Tap Snake game looks like an average “Snake” clone. However, there are two hidden features. First, the game won’t exit. Once installed, it runs in the background forever, and restarts automatically when you boot the phone. And... 

Facebook’s “People You May Know” feature appears to be using profile search history when making its recommendations. I frequently search for spam related keywords, and today, two spam accounts were recommended to me. Elma and Drema? I don’t know anybody by those names… Searching for the name “Elma Fewell” yielded a few doppelgängers. Checking incremental Facebook IDs yielded even more. All of these... 

Honestly, how many times have you won free stuff by clicking on links? And no… those spam, trojan, and spyware do not count as free stuff. We recently found a scam that promises a free iPad to application testers. Apparently, the site lures the person into joining an iPad application testing program while the site owner makes profit from SMS fee charges and affiliation programs. To enroll in the program, “testers” are required... 

Apple has today patched the jailbreakme vulnerability. This was done via a new iOS operating system update. The new operating system versions are 4.0.2 for iPhone and iPod Touch and 3.2.2 for iPad. Installing the new operating system version is not mandatory. However, it is offered to all iPhone users as they connect their handset to their computers. The operating systems are also available for direct download from these locations (about 300MB...