" hackers "

Social network apps used to aid housebreaking

With the boom in social networks and the numerous applications now available for sharing information across the Internet, global IT vendor Panda Security advises users to take extra precautions in order to prevent falling victim to computer fraud.

“This year we advise users to take particular care with the information they share across social networks”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “This applies particularly to applications used to plan journeys or to locate people geographically through GPS devices, as this information could easily be exploited and used to aid housebreaking.”

These types of applications have become highly popular over the last year. Facebook apps such as Doorpl or Trip Advisor (which show messages describing where you are or where and when you are planning to go); the Twitter geolocation utility (displaying where tweets have been sent from), or services for locating mobile devices through GPS (now widely employed by iPhone or Android users), are just a few examples.

While many of these programs are interesting and fun, the problem lies in the exploitation of this information by criminals. The emergence (and closure) of services like Pleaserobme, which as its name suggests, connects with these applications to offer information about who is not at home, is just one example of the abuse of these applications. “This underlines how careless we can be as users when offering personal information publicly”, adds Matthews.

There are numerous precautions that users are encouraged to take in order to prevent being exploited during the holiday season.

Users who take their PC’s with them on holiday are advised to back up all their information as they face the risk of having their PC’s stolen or breaking down while away. In addition they are advised to have reliable, up-to-date protection with all the necessary security patches installed.  

Although encrypting the information on their hard disks may seem a tiresome or complex task, is another strong security measure Panda encourages users to take as it prevents anyone from accessing data without the right password.

Furthermore, users should never connect to unprotected WiFi networks, as they could be hooking up to a network set up by hackers to steal any information that they share across the Internet. It is always better to use secure, trusted networks, even if it means paying more. Lastly, users are advised to take care with email as phishing attacks and spam are becoming increasingly sophisticated.

In addition to this holiday advice, there are constant precautions that should always be taken.

No one should use applications for planning journeys offered by social networks, to ensure that you can’t be located. Similarly, users shouldn’t accept the geolocation function in Twitter or use this application from their cell phones.

Users who do spend time in chat rooms while on holiday should also never reveal any personal or confidential details to anyone unknown. If users notice any suspicious behavior on social networks (strangers with too much of an interest in your holiday destination, dates, etc.) they should contact the police. All these safety tips should be shared with children, who are more naïve than their parents and therefore make easier targets.

“In addition to the above, it is worth remembering some of the basic security measures at this time of year. Turn off your router when you leave home, beware of typical, holiday-themed phishing, take care with dubious looking websites, as many of them are designed to infect your computer… and, above all, have a great holiday”, concludes Matthews.

More information is available at the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.

World Cup used as bait to spread rogueware

Panda Security has reported the recent appearance of a number of web pages distributing the MySecurityEngine fake antivirus. All of these pages appear in top web search results related to the 2010 South Africa Soccer World Cup.

“The FIFA World Cup is a worldwide event that, logically, hackers are taking advantage of”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. Users looking for information regarding the World Cup are advised to only access reliable websites and be careful when clicking on links returned by search engines. “We expect to see attacks like this increase over the next few days.”

These techniques, called Black Hat Seo attacks, started being used by hackers a couple of years ago. Since then, they have become increasingly sophisticated, managing to place rogue websites among the top’s search results in search engine listings. The system is very simple: when users look for information about major sports events such as this, the results returned correspond to rogue Web pages professionally indexed to rank high. If the user clicks the link, they will be asked to download a file, such as a codec. If they do so, they will be inadvertently installing a fake antivirus program on their computer.

Users are advised to take all the necessary precautions when visiting Web pages through search engines. Making sure that sources are reliable and rejecting all downloads is key remaining uninfected. “The best piece of advice is to use common sense when surfing the Web. Reject requests from strangers and do not open any files that come from unfamiliar sources” says Matthews. “It’s advisable to make sure you have the proper virus protection on your computer and that it is up to date. There are free solutions like Panda Cloud Antivirus that protect computers against this type of threat.”

For more information, visit http://www.pandasecurity.com/.

Facebook accounts “hacked” for $100

“Any Facebook account can be hacked” – so claim the creators of an online service which, for only $100, allegedly provides clients with the login and password credentials to access any account on the popular social networking site. This not only includes accounts belonging to ordinary people, but also celebrities, politicians, or well-known companies.

Uncovered by global IT security vendor Panda Security, the criminal outfit conducts payments online through Western Union, with the money transferred to the Ukraine, further fueling the perception that most Internet mafias are based in Eastern Europe. The domain that hosts the service is registered in Moscow.

The company claims to have been offering this service for four years with only one percent of accounts hack-proof. In these cases, they offer clients a money-back guarantee. However, the domain is just a few days old.

Users can also get extra dollar-credits to spend on the service when they hack more accounts. They can even become affiliates to help hackers reach a broader audience. These affiliates receive 20% of what they sell in credits for hacking more accounts.

“The system’s real purpose may be hacking Facebook accounts as they say, or profiting from those that want to try the service,” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “In any case, the Web page is very well designed. It is easy to contract the service and become either the victim of an online fraud, or a cyber-criminal and accomplice in identity theft.”

Once an intruder hacks into a Facebook account, all personal data published on the site can be stolen. Similarly, those accounts can also be use to send malware, spam or other threats to the victim’s contacts. In the case of celebrities of other well-known entities, they can be used to defame the account holder such as through spreading information in their name.

Find out more at the PandaLabs blog.

“Hackers steal 4.5m users’ info” – News24

According to an AFP article on News24.com today, hackers stole millions of users’ confidential information from an international recruitment agency:

Hackers have stolen the personal details of some of the millions of online job seekers, a recruitment company confirmed on Tuesday, in one of the biggest cases of data theft in Britain.

Global online recruitment company Monster said hackers had taken confidential information from its database including telephone numbers, email addresses, user names, passwords and some basic demographic data.

Users around the world have been affected, including the 4.5 million reportedly registered with monster.co.uk, the British arm of the US-based giant.

The hacking comes after the details of 25 million child benefit recipients went missing in 2007, in the largest data loss in Britain.

This highlights the importance of identity protection, best practice and innovative technology to keep hackers OUT. With so much important data being kept on databases, this has become a prerequisite for both companies and home PC users.

Read the rest of the article here.