For Sophos, Mark Stockley describes how scammers are using RDP, a tool intended to cut down network and system administration costs for companies by allowing sysadmins and help-desk operators to access their customers’ systems remotely, to give them almost unlimited potential to reconfigure apps and services, making installing and executing ransomware a breeze.
On this site, I tend to focus on tech support scams in the context of telephone scams. However, here’s an interesting article by Bill Brenner for Sophos that focuses on other types of telephone scam:
IRS tax scams
Payday loan scams
Government grant scams
The callers seem to be based in India and tend to impersonate government officials, and either threaten victims with tax-related fines and penalties or deportation, or promise services such as grants or loans (on payment of a ‘worthiness’ fee. Here’s the article:
The horrific Russian suicide bombings have, inevitably, generated a load of blackhat SEO (search engine optimization) attacks, not to mention Twitter profile attacks, using topical keywords to lure victims into running malicious code. I’ve blogged on that elsewhere recently – e.g. “Here come (more of) the Ghouls”, at http://www.eset.com/blog/2010/03/30/here-come-more-of-the-ghouls – so I won’t repeat myself here.
However, I hear from that nice Mr. Cluley at Sophos that there’s an awfully good paper available about “Poisoned search results: How hackers have automated search engine poisoning attacks to distribute malware”, by Fraser Howard and Onur Komili.
It is a good paper, and it will interest a lot of the people who read this blog. And it should interest quite a few people who probably won’t read it. 🙁
David Harley FBCS CITP CISSP
Security Author/Consultant at Small Blue-Green World
Chief Operations Officer, AVIEN
ESET Research Fellow & Director of Malware Intelligence