Guy Kawasaki, a former Apple employee, venture capitalist, web site owner and book author, has spoken on many occasions about using Twitter as a social marketing tool. Kawasaki calls Twitter the most powerful marketing tool seen since television.

Unfortunately for this Twitter marketing professional and his followers, about 140,000 of them, had malware trolls attempt to get his followers to link to a rogue website that contained a fake sex tape involving “Gossip Girl” actress Leighton Meester. In addition to this, the domain prompted visitors to download malicious software in the form of video codecs which is a well-known tactic for spreading malware.

The online security software and hardware company, Sophos, managed to catch the malware on video. They have uploaded a live demonstration to the video sharing website YouTube in order for people to understand the threat and hopefully protect themselves against it.

Kawasaki made a formal apology for the accident and a possible larger issue as stated in the Wall Street Journal:

“Mr. Kawasaki isn’t the only victim of this attack (it’s one of several malware schemes popping up on Twitter), but his relative celebrity on the microblogging service makes such an incident even more troublesome since so many people see it, said Graham Cluley, a senior technology consultant at Sophos. “It has the potential to do much more damage than if maybe 14 people were following him.”

According to MessageLabs, a security research firm, spam levels have remained the same since the month of May which is said to be 90% of all email traffic for the month of June. The majority of the spam messages are a result of botnets which accounts for about 83% of the spam messages. The remainder portion of spam remains to be sourced from compromised mail servers or hacked webmail accounts.

Spam messages are basically a serious epidemic when you take into consideration the number of botnets that perform automated tasks in such a manor to account for 90% of all email traffic. Botnets from the Conficker worm to Mebroot, which was designed to steal personal data, have seriously plagued the internet through their ability to run uninterrupted automated tasks. Using such automated tools puts hackers in a position to spread malware via spam messages like never before.

The ultimate goal of a spammer is to gain some type of monetary gain for his or her efforts. Recent spam messages are known to take advantage of popular news stores, offer a computer user some type of bogus software or even exploit the death of Michael Jackson. Just recently the release of the new iPhone and Iran were used as subjects for spammers to cash-in on.

Image spam is now being blamed for a considerable rise in spam activities since the month of May. An image spam message is one that comes with an attached image instead of one hosted remotely. Many of these messages include background noise patters which are automatically generated. Computer users are usually totally unaware of such an attachment which could lead to the installation of malware or redirecting them to a malicious site.

Spammers and cyber attackers will always find new ways of spreading their malicious files and applications through bogus email messages. What ways have you found to combat the massive amounts of spam messages sent through email lately?

In recent activities discovered by security researchers, spammers are using the popular Iran election stores and news about Apple’s newest iPhone 3.0 software or iPhone 3GS release to flood Twitter with misleading tweets.

No doubt that Twitter and the iPhone are some of the most talked about “things” of this year. Many times cyber criminals will uses these “popular items” to their advantage and that is just what they are doing.

Spammers are sending out a slew of Twitter messages that say things like, “iPhone OS 3.0 Just Launched. Here are 20 Things To Do With It”. In addition, Twitter messages similar to this, are being posted by hacked Twitter accounts. The messages are apparently popping up when the popular search terms related to the iPhone is entered. Then they message may redirect you to a malicious site that may ultimately prompt the download of a .Zip file that contains malware.

Not only is the iPhone topic raiding Twitter messages by hackers, but the spammers are using the Iranian election as a popular topic to gain attention and increase the chances that unsuspecting computer users clicking on their tweet.

Is this anything new?

Nothing about these tactics is really new except for the new news topics used by the spammers lately. The use of social media sites such as Twitter and Facebook have risen to unprecedented levels even so to the point of abuse by hackers and spammers is common nature. Even so, some companies are restricting or banning the use of popular social networks such as Twitter and Facebook due to the fact that they are the culprit of spreading new viruses which could harm corporate networks.

To top it off, fake invitations to join Twitter are being sent out by spammers as well. The possibilities are almost endless for these hackers if something isn’t done very soon. Both Twitter and Facebook are aware of various threats that could spread malware and they have already advised users to use caution and have provided a page to report spam messages or senders on.

Have you been the victim of a spam message on Twitter of Facebook that used a popular new story to get your attention?

This is not the first time something of this nature has taken place. Hackers have even compromised websites to capitalize on the Swine Flu in order to pitch bogus medications in the past. In the recent case, several UK based websites including those of schools, local government, Forestry Commission and others, were hacked via several exploits. Some of the exploits used to hack into the legitimate sites are comprised of site scripting and the exploitation of loopholes in sites using outdated or poorly designed software.

Computer users who may use a search engine to seek information on cialas, Viagra or the entertainment of pornography, may be infected with malware if they visit a UK based web page that has been compromised. Recent hacking occurrences are aimed at these websites that hackers use to flood Google search results, which could ultimately lead computer users to dangerous links or malware downloads.

Government websites usually get good placement on Google search results so hackers are using similar websites to attack because they are already trusted on search engines. In other words, this saves a hacker from creating a malicious site from scratch and having to obtain decent search engine placement.

The use of Cross-site scripting (XSS) has enabled hackers to inject malicious code into various legitimate web pages that are viewed by a large number of users. About 80% of all documented security vulnerabilities carried out on websites as of 2007, are a result of cross-site scripting.

What is being done about this?

UK government agencies are aware of possibility of their websites being attacked. Where they will take the immediate action to resolve the issues is in question. The UK government or .gov.uk domains, are not the only ones limited to the attacks. A large number of .ac.uk websites, which is a domain reserved for academic organizations such as schools and colleges, are targeted as well.

It may be the case where a government agency or institution is presented with a lawsuit before anything is actually done to complexly resolve this issue. Hackers will always continue to attack vulnerable websites. In response to that, webmasters can always take the necessary actions and precautions to fight that attacks. It is possible that it boils down to the agencies not wanted to spend the funds and time needed to fix a corrupted PC.

The hacked pages remain to show up on search engine search results. Until action is taken by the owners of many of these sites, they will continue to spread infections.

Internet Antivirus Pro is known as a rogue anti-spyware program that sets out to take your money through various deceiving tactics. Like other rogue applications, Internet Antivirus Pro alerts of an imaginary computer infection you through fictitious system scans and popup messages. Internet Antivirus Pro is also able to download password-stealing malware that seeks out FTP usernames and passwords so the creators can install malware onto web servers.

Microsoft has targeted the Internet Antivirus Pro rogue application through a recent update to the Windows Malicious Software Removal Tool (MSRT). Not only can computer users use the Microsoft security tool to eliminate threats from some older malware threats, but they can remove a few targeted rogue applications due to Microsoft’s diligent actions to take aim at rogue antispyware programs.

Can Microsoft Keep-Up with the Rogue Creators?

Because Microsoft noted that Rogue antispyware or rogue antivirus software was amid the most detected software on Windows computers during part of the year 2008, they have taken measures to start combating this type of malware. Microsoft’s actions against rogues may not be fast enough to keep up with the rogue creators.

Internet Antivirus Pro is related to more recent rogues such as Personal Antivirus and General Antivirus. Part of Microsoft’s Monthly updates to the Malicious Software Removal Tool included an update that is able to assist in removal of Internet Antivirus Pro from Windows PCs. Even though the MSRT program is now able to remove Internet Antivirus Pro, which has been out since mid 2008, it is not an effective tool for detection and removal of many other rogues. In the past, Microsoft has updated its MSRT to tackle other rogues such as Winwebsec and FakeSecSen. It seems Microsoft is systematically adding rogues to the list of computer parasites that the MSRT is able to remove but unable to keep up with the rate that hackers are creating them because Internet Antivirus Pro has been out for about a year now.

As part of Microsoft’s security updates this month, they released several patches to fix about 31 vulnerabilities within Microsoft products such as Internet Explorer, MS Office and Windows. Many times, included in a Microsoft Windows security update is a revision to the MSRT. Although the MSRT is not updated near as often as many other security tools on the market, which are able to detect and remove rogues, it remains to be a free tool that Windows PC users can use in conjunction with other security software. It never hurts to have extra protection.

Do you think Microsoft’s MSRT will ever be as effective as other popular security software on the market in removal of rogue anti-spyware or rogue antivirus applications in the future?

Aetna, a large insurance company, found out about a website breach earlier this month when several people started to receive spam messages that appeared to have come directly from Aetna and complained to the company. The spam messages resembled a response to a job inquiry asking for additional personal information from the recipient.

Since the discovery of the breach, Aetna has contacted 65,000 current and former employees whose social security numbers could have been stolen. In addition to those 65,000 persons contacted, 450,000 applicants who utilized the Aetna job application web site may have had their phone numbers, e-mail addresses and mailing addresses compromised. Aetna’s spoke person, Cynthia Michener, said that the social security numbers for the 450,000 applicants were not stored on the website because it was handled by an outside vendor.

Details of the data breach will reveal that the spam campaign clearly identifies that the hackers were able to harvest email address from the web site. As of now it is not certain if any social security numbers of the 65,000 current and former employees were stolen but as a preventative measure Aetna has sent letters to all of them offering free credit monitoring for one year.

As for moving forward, Aetna has hired an IT forensics company to figure out how the breach happened so they can make changes so it will not happen again.

If you visit the Aetna job site you may notice posted alerts warning people of the spam campaign.

Have you used the Aetna job site to fill out an application or to apply for a job? Have you received a spam message in the past month that appeared to have come from Aetna? Does this breach sound familiar to other instances where a big company’s website was attacked?

According to security researchers, Conficker worm is managing to still infect systems at a rapid rate which includes systems in Fortune 1000 companies. Researchers at Symantec have said Conficker is infected about 50,000 new PC’s each day. Systems located in the U.S., India and Brazil have been hit the hardest which was confirmed in the same report from researchers at Symantec.

The hype that circulated Conficker worm over two months go, has died down and is almost non-existent. The fact of the matter is, Conficker is still a viable threat and remains to be very active.

Conficker, Downadup or Kido, first started spreading in late 2008 where it took advantage of the MS087-067 vulnerability within the Microsoft Windows operating system. Since then, Conficker has evolved into several other variants including Conficker.B, Conficker.C and even Conficker.E. All versions combined, have managed to infect millions of computers. A good portion of the millions remain to be infected.

Many companies have spent millions of dollars to prevent infections such as Conficker over the course of several years. Even after the preventative measures were put in place, many systems were still infected with Conficker since it’s conception. Conficker is a significant botnet. As you may know with a botnet infection, the creators have a certain degree of control over the infected computers. That means the compromised systems can be instructed to carry out malicious actions at any time.

What should be done in the mean-time about Conficker?

Actions need to be taken to ramp-up prevention and removal of the Conficker infection before a viable attack is initiated on the infected systems. Security researchers have continued to warn companies and network administrator groups to take the necessary precautions in lue of Conficker currently not being in the headlines of the news media. If Conficker continues to infect upwards of 50,000 computers a day, just think of the ramifications of an orchestrated attack using the massive botnet formed by all of the compromised PC’s. This could be one of the biggest attacks that may leave networks infrastructures crippled for months.

Is it possible that the attackers or creators of Conficker purposely waited for the “calm after the storm” to initiate their ultimate attack? Do you think we will see a serious attack conducted by Conficker infected machines in the near future?

Just in the past few days, security researchers have noticed a high volume of Casino related spam emails that are designed to trick computer users into subscribing or joining Casino websites. After the user joins the Casino site they are asked to download an executable program that is identified as RoyalClubCasino.exe, which is recognized as a malicious file by many antivirus and antispyware detection tools.

The emails identified as spam messages related to Casinos, use attractive subjects promising money to the computer user if they play an online Casino game. Included in the spam email messages are links to various websites that may be associated with the creators of this scam. Below is a list of the malicious links noted on the novirusthanks.org website.

• wonderfuloasiscasino.com
• wonderfuloasiscasino.com/it
• planetparadisecasino.com/it
• planetparadisecasino.com
• cazingmonster.com
• cavinomonster.com

At least two of the websites above will redirect you to another site, colocationcasino.com, to initiate the download of RoyalClubCasino.exe. Further research of the RoyalClubCasino.exe malicious file will reveal that it is a downloader application that has the ability to download and install other unknown software from the Casino website that could be harmful to your system.

Have you ever received spam email related to a Casino website? Did you click on any links within the Casino email and it later downloaded an application onto your computer?

Spam Tips:

You must remember that spam messages use aggressive techniques to pursued computer users to download a malicious file, disclose personal information or unjustifiably spend their money on something. The Casino spam messages are just one example of a catchy subject used to get computer users to download a malicious program that may later ask for your hard earned money after it promises a service to you. Usually you never get your money’s worth just like in the case of many rogue anti-spyware programs. It is suggested that you use an up-to-date spam filter and keep a running antivirus or antispyware application at all times.

While the Swine Flu continues to spread, security researchers from Websense Security Labs Threat Seeker Network have noticed thousands of new websites related to the swine flu. Details of this new discovery indicate that most of the new swine-flu-related sites are used for advertising, spamming, selling products and spreading malware.

What is the purpose of these malicious sites?

Security researchers believe that these sites were setup to hijack search results when a computer user searches for the term “swine flu”. When using Google to search for “swine flu”, some of these malicious sites are returned as high as the fifth result on the search results.

It was found that many of the malicious sites that show-up on the web search results are the type that redirects users to a web page asking that you install a missing codec to watch a video. This uses the old malicious tactics of offering a video to a computer user and then notifying them to download a piece of software, such as a fake Adobe Flash Player, in order to watch a video on their computer.

Just recently, spammers were discovered to capitalize on the swine flu to pitch bogus medications. Not only are the cybercriminals exploiting swine flu through spam messages, but they have gone as far as to create a large volume of swine-flu-related malicious websites to spread malware.

How do malicious websites show-up on a swine flu web search results?

Basically, cybercriminals have injected their malicious website links into web search engine results through clever SEO tactics using swine flu keywords. Security researchers suspect that the hackers will start to use more advanced SEO techniques to infect more computer users. It is very possible in the near future, that a simple web search for “swine flu”, through popular search engines, will return a number of links to new malicious sites that use illegitimate strategies to ultimately steal money from innocent computer users.

Have you encountered any suspicious websites when you did a web-search for “swine flu”?

10-days worth of information containing 10,000 bank accounts and credit card numbers worth hundreds of thousands of dollars, was discovered by security researchers at the University of California, Santa Barabra. The discovery came about when the security researchers at the University broke into the Torpig botnet, associated with Mebroot or Sinowal.

The Torpig or Sinowal botnet, is one of the more sophisticated networks because it uses malicious software to infect computers in an effort to harvest information such as banking accounts, credit card numbers and email passwords. The researchers from the University were able to monitor more than 180,000 infected or hacked computers by exploiting a weakness within the hackers network that controlled the group of infected computers.

What is Torpig/Sinowal and Mebroot?

Torpig/Sinowal is known to be a botnet that is capable of stealing usernames and passwords from several widely used email clients such as Outlook, Thunderbird and Eudora. In addition to collecting email credentials, Torpig is able to gather passwords from web browsers and infect PC’s through malicious websites via a drive-by download attack method. Torpig/Sinowal is actually installed onto a users system after it is first infected with Mebroot, an older rootkit that first appeared in December 2007. Mebroot is a Trojan known to infect a computer’s Master Boot Record (MBR). The MBR is the first code or data that a system looks for during the boot process to load the operating system. Mebroot also has the capability to download other malicious files or code onto a compromised system.

Hackers, who controlled the botnet or group of compromised computers, were able to gather data for a total of 10 days. After the 10th day they updated the command-and-control instructions. In the allotted amount of time, just 10 days, the hackers were able to gather about 70GB worth of data from the compromised computers. The information consisted of email passwords, Windows passwords, FTP credentials, financial data and credit card numbers.

In figure 1 below, the Torpig botnet was discovered to have gained millions of data items.

Figure. 1 [image source: blogs.zdnet.com]

How is a Botnet like Torpig/Sinowal disrupted?

Security researchers are able to figure out the different algorithms of botnets such as Torpig. They are able to predict which domains the malware will connect too and pre-register them to interrupt the botnet’s impending actions. This process is similar to that used by the ad-hoc group that attempted to put an end to the Conficker worm infection. Conficker generated up to 50,000 domains names a day, similar to the Torpig/Sinowal Botnet.

After this discovery, it was estimated that Torpig’s criminal network profited between $83,000 to an astonishing $8.3 million in just a 10-day time frame.