Saying the host site was serving malware to users, Google (GOOG) has removed a controversial photo of First Lady Michelle Obama from Google Image Search. The site itself, however, remains listed in Google web search results without any visible malware warning.

Welcome to the murky world of free speech, politics, and Google.

Read the rest of this post on the original site

Cybercriminals are capitalizing on swine-flu fears by pitching sales of fake Tamiflu, security firm Sophos said.

Networks of fraudsters use spam and malware to direct Web traffic to phony pharmaceutical sites, wrote Graham Cluley, a technology consultant for Sophos.

“Although unwitting buyers do often receive some kind of drug as result of the transactional exchange, at best the drug doesn’t work and at worse it can pose serious health risks,” he added. Cybercriminals are “putting their customers’ health, personal information and credit card details at risk” with these counterfeit versions of Tamiflu.

Many of these fraudulent pharmaceutical sites originate in Russia, Sophos’s Dmitry Samosseiko noted in a paper on the topic. One network called GlavMed, for example, has more than 120,000 online pharmacy sites selling generic drugs under the name of Canadian Pharmacy.

Read the rest of this post on the original site

Twitter quietly started checking the URLs that its users post, a security measure aimed at weeding out links to known malware sites.

As online security firm F-Secure points out, the microblogging service “is increasingly targeted by worms, spam and account hijacking” and can easily filter links posted through it.

Twitter hasn’t announced this initiative and didn’t respond to a request for comment about it.

Now, when posting a link to a fraudulent site, it deletes the tweet and flashes the message “Oops! Your tweet contained a URL to a known malware site!”

Read the rest of this post on the original site

It didn’t take long for fraudsters to exploit Michael Jackson’s death, as online security firms began reporting email scams using his name to attract victims.

One message contains links supposedly of unpublished photos and a YouTube video of the singer, but the link prompts recipients to download a file that, when opened, opens a legitimate Web page while downloading and installing malware, according to San Diego-based security provider Websense.

Elsewhere, an email is circulating that reads: “Vital informations after the death of Michael Jackson’s I really need some one trusted & secretive to speak with with informations i have in my possession before its too late Kindly reply me and i will immediately respond back,Its for just secret between both of us,” warned Graham Cluley, a senior technology consultant at security firm Sophos.

Read the rest of this post on the original site

You may have heard about Conficker, the rogue computer program that might do something dreadful on April 1. The truth is that the threat posed by Conficker is almost entirely theoretical, and that only a handful of dedicated professionals will notice anything out of the ordinary when that date comes around.

Conficker is the latest example of a type of malware called a botnet, which gives a cyber criminal control over an infected computer. The criminal can steal information stored on the computer or make it do things like send spam emails. In some cases, criminals amass millions of computers to command.

Researchers estimate that a couple million computers could be infected with Conficker, which makes it a large botnet, but not the largest. What sets Conficker apart is that it’s more sophisticated than any previous piece of malware. It uses a new form of cryptography, can be controlled by criminals in multiple ways, and updates itself. This scares security researchers. So does the fact that the bad guys haven’t done anything with the computers they control yet, which means they could do, well, anything.

Read the rest of this post

Basketball fans, beware.

Hackers are taking advantage of bracket-related Web surfing and initiating some madness of their own, with tactics as sneaky as spreading malicious software through March Madness blog posts.

Online security company Websense discovered two March Madness-related malware scams earlier this week, one in the form of URLs posted in blog comments that took users to a phony anti-virus scanning site, and another as a search engine optimization scam that infected basketball-related terms and pushed them to the top in Google (GOOG).

It’s a clever and common tactic, particularly for an event like the NCAA tournament, which has fans checking sports sites, blogs and mobile devices for updates on their favorite teams. Websense’s chief technology officer, Dan Hubbard, says that hackers try to capitalize on popular events or stories on the Internet, whether it’s a major athletic event such as the Olympics, the recent presidential election, or a celebrity breakup that drives Web traffic. Users need to be wary of links to fake anti-virus scanners that urge installation. “Just because something comes up on your screen and tells you to install it doesn’t mean you have to actually do it,” he says. “That’s a really hard message to get across to the consumers.”

Read the rest of this post

Bewildered Google users frenetically posted inquiries on blogs and message boards wondering what to do when, for a brief window of time on Saturday morning, the search giant deemed every search result to contain malicious software and warned users that clicking on any one of them “could harm your computer.”

As it turned out, the issue was “human error,” as noted by Google exec Marissa Mayer on the official Google blog.

But Mayer updated her blog post after Maxim Weinstein, manager of the nonprofit malware watchdog organization, StopBadware.org, wrote on the group’s blog that Google (GOOG) had erroneously implied that its list of malware URLs comes directly from StopBadware, a claim that indirectly caused the nonprofit to take heavy flak for Google’s malware snafu. To clarify the relationship between the two, he wrote, Google partners with StopBadware to create the criteria that determine which sites make its malware list, but does not actually come up with specific sites that should be there.

Read the rest of this post

Computer security professionals say many net forums are populated by teenagers swapping credit card numbers, phishing kits and hacking tips.

The poor technical skills of many young hackers means they are very likely to get caught and arrested, they say.

Youth workers added that teenagers getting a criminal record would be putting their future at risk.

“I see kids of 11 and 12 sharing credit card details and asking for hacks,” said Chris Boyd, director of malware research at FaceTime Security.

Many teenagers got into low-level crime by looking for exploits and cracks for their favorite computer games.

Read the rest of this post

Of all the methods scammers use when hunting for victims, phishing is one of the most difficult to guard against. Phishing attacks are designed to exploit societal vulnerabilities more than technical flaws, and, in some cases, are extremely difficult to block. Even the best anti-malware software suite can’t stop an end user from willingly revealing personal information, particularly if the Web site being used to collect the data doesn’t trip any high-alert security alarms.

The Federal Trade Commission has taken an interest in educating consumers on the dangers of phishing. To that end, the government organization has prepared three separate 60-second videos on the ways and scenarios a consumer might possibly encounter a phisher.

Read the rest of this post

Internet griefers descended on an epilepsy support message board last weekend and used JavaScript code and flashing computer animation to trigger migraine headaches and seizures in some users. The nonprofit Epilepsy Foundation, which runs the forum, briefly closed the site Sunday to purge the offending messages and to boost security.

Read the rest of this post