July, 2010

Imperva uncovered a new, automated, cloud-based phishing kit.  Our Application Defense Center found this kit on a hacker forum.

Unlike previous phishing kits that have been available for years, this new approach lives in the cloud and relies on hackers exploiting other hackers.  And with the new cloud-based approach the infrastructure for this phishing kit never goes away.  Why?  In traditional schemes when you take down a server you take down not only the web page but also the back end data collection capability. In this cloud version, data collection is hosted separately from the phishing web sites which means hackers only need to repost the web front end in a new location to be back in business.  (It's like whackamole).

Dell said human error was to blame for mistakes which led it to ship a number of replacement server motherboards to customers pre-loaded with spyware.

The company declined to say whether it was running anti-virus software at its factory but said it had taken 16 steps to improve processes.

The infection hit replacement PowerEdge 310, 410, 510 and T410 boards. The direct seller said less than one per cent of boards were affected and complete new server systems were quite safe.

Dell is still not admitting how the W32.Spybot worm got into its systems and onto its hardware.

A Dell spokesman said the problem was worldwide but all infected motherboards had now been removed from the supply chain and it was already shipping clean boards.

Read More.

Facebook  has revamped the way its users share information with third-party applications and Web sites in an effort to make the process easier, the company said Wednesday.

With the changes, a new permissions box will pop up whenever a Facebook user installs a new application or first logs into an external Web site through their Facebook account, wrote Bret Taylor, the social-networking site's CTO, in a blog post.

About 550,000 applications work within Facebook and about 1 million Web sites are integrated with the site, Facebook said.

"In order for these applications and Web sites to provide social and customized experiences, they need to know a little bit about you," Taylor wrote. "We understand, however, that it's important you also have control over what you're sharing."

Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.

Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.

"Those initial exploits were targeted and fairly limited. In the past week, however, attacks have picked up."

The attacks, which are being launched from malicious Web pages, are concentrated in the U.S., Russia, Portugal, Germany and Brazil, Microsoft said.

PCs based in Russia and Portugal, in particular, are seeing a very high concentration of these attacks, Microsoft said.