Phishing scam/virus warning

Ray · Jan 07, 2010, 11:36:16

There seems to a spate of fake invites to Social network sites doing the rounds at the moment, I've received 2 this morning from Hi5.com and Twitter in the format shown below: -

[attachment deleted by admin]

Rik · Jan 07, 2010, 11:37:50

Thanks, Ray. No chance of me responding to one of those.

Ray · Jan 07, 2010, 11:39:14

Nor me, Rik, I avoid that sort of site like the plague.

Tacitus · Jan 07, 2010, 11:40:17

Quote from: Rik on Jan 07, 2010, 11:37:50
Thanks, Ray. No chance of me responding to one of those.

Nor me, but possibly this is more serious.

I think it unlikely that too many people would be caught since several factors need to come into play simultaneously. However, it does show that a lot of the Web2/Interactive Web hype is going to bring a whole load of security problems that few seem to be addressing.

Rik · Jan 07, 2010, 11:40:42

Quote from: Ray on Jan 07, 2010, 11:39:14
Nor me, Rik, I avoid that sort of site like the plague.

And there are so many of them. I honestly can't think that people would want to know what I am doing minute by minute, and the inverse is true.

Rik · Jan 07, 2010, 11:43:27

Quote from: Tacitus on Jan 07, 2010, 11:40:17
Nor me, but possibly this is more serious.

I think it unlikely that too many people would be caught since several factors need to come into play simultaneously. However, it does show that a lot of the Web2/Interactive Web hype is going to bring a whole load of security problems that few seem to be addressing.

I wonder how much longer before we have dedicated machines for web access, and do everything else on a separate machine?

Tacitus · Jan 07, 2010, 11:52:12

Quote from: Rik on Jan 07, 2010, 11:43:27
I wonder how much longer before we have dedicated machines for web access, and do everything else on a separate machine?

You may be correct. I expect we will get our machines from the Government owned store and they will of course have built in tracking devices to limit what we can get up to....

somanyholes · Jan 07, 2010, 12:07:26

QuoteI wonder how much longer before we have dedicated machines for web access, and do everything else on a separate machine?

Generally this would only work if the non web box was on a completely separate network infrastructure, preferably no network at all (even then there are still options), in the majority of cases this isn't really feasible in our connected world, so many app's require some form of network comm's these days as functionality increases.

It's not far off being impossible to provide unbreakable security, and in my opinion it's only going to get worse.

Rik · Jan 07, 2010, 12:10:58

I've long since favoured security at source, So, with ISPs providing it. Do you think that's feasible?

Fox · Jan 07, 2010, 12:45:04

No security system is 100% reliable as humans are involved in it at some point - try reading The Art Of Deception by Kevin Mitnick . If you have the time and resources you can break anything, but for most home users a good anti-virus plus a good malware package will be enough to prevent most problems that people will encounter. Plus most people are connected to the internet via a router and almost all routers provide a NAT firewall and stateful packet inspection on top of any security you have installed.

If you think about it, what do have have on your PC that a professional hacker (as opposed to the numerous script kiddies out there) will want/need? I doubt the copy of Word and your electronic copy of your phone bill will be of much interest. The pro's target large corporate and government networks because thats where the juicy stuff is. Afterall, why spend a week trying to get a credit card number from a protected home PC when you could spend the same amount of time hacking a retail chain and get thousands of numbers if successful.

I have been online since the days of dial-up bulletin boards and so far (through luck or good judgement) I have never had a virus. Unfortunately as part of the human condition people like to play with settings, if that is combined with a lack of technical knowledge, then your home PC or your corporate network is vunerable. Add social engineering combined with hacking into the equation........ and I am suprised the internet still even exists

Glenn · Jan 07, 2010, 12:49:09

I get them from Facebook too

somanyholes · Jan 07, 2010, 12:57:51

It would definitely raise the bar, but there is no way it would provide complete security

ISP's could to the following

1. Block certain ports .e.g file and printer sharing, tcp/139, tcp/445

2. Perform deep packet inspection and look for malicious code.

3. Setup honeypots

4. Provide central proxies that perform security checks on web traffic etc.

and many more

Now the negatives for the above

1. You may end up blocking legitimate requests

2. Privacy issues here, slowdown of traffic, false positives, also remember AV etc is fairly easy to bypass.

3. Privacy issues again

4. Privacy issues again, risk of customer's being blocked from legitimate sites etc.

Any filtering down on the ISP level will end up with increased support costs, it is also Orwellian

Ray · Jan 07, 2010, 13:22:10

Just received another one from twitter and Eset AV has zapped it saying it contains the following threat:- Invitation Card.zip - Win32/Merond.O worm - deleted

somanyholes · Jan 07, 2010, 13:43:51

QuoteThe Art Of Deception by Kevin Mitnick

Good book that, shame his other books weren't as good

If you liked that book this site will be of interest http://www.social-engineer.org/ . It covers all things social engineering podcasts, integration into metasploit etc etc.

QuoteIf you think about it, what do have have on your PC that a professional hacker (as opposed to the numerous script kiddies out there) will want/need?

You have many things on your box they want.
Card details, bandwidth power, computing power, virtual gaming goods, passwords, anonymous relays, I could go on and on and on.

QuoteThe pro's target large corporate and government networks because thats where the juicy stuff is. Afterall, why spend a week trying to get a credit card number from a protected home PC when you could spend the same amount of time hacking a retail chain and get thousands of numbers if successful.

While large corporations are hit such as Gonzalez hitting tk maxx etc, the majority of hackers go after low hanging fruit the easier it is the happier they are, why make things more complicated than they need to be is a hackers perspective on all this. It can take considerable time to penetrate an enterprise network however a worm/botnet can be created with minimum effort and big results. Large enterprises have raised the bar security wise they had to, so many hackers have moved on looking for safer easier game. SME's are taking the brunt of it now.

QuoteUnfortunately as part of the human condition people like to play with settings, if that is combined with a lack of technical knowledge

Bad default config's has a large part to play here. Also as tacitus said joe blogs stands no chance against these web2 related attacks, the majority of techies also wouldn't stand a chance. People just visit a normally perfectly safe webpage and get owned.

Gary · Jan 08, 2010, 09:36:00

Quote from: Ray on Jan 07, 2010, 11:39:14
Nor me, Rik, I avoid that sort of site like the plague.

I use facebook to keep in touch with old friends, I just use an alias email and dont open links from people. Also i have all the privacy things locked down so no one can search for me, I can however search for them