News Items (E99.Nov-2010)

Noted by Cipher

Simple email evades suspicion.

KSL.COM, Sarah Doloff
November 10, 2010

A particularly effective email trick has been making its way through some locales (e.g., Utah). Apparently based on breaking into email accounts on popular email sites, it sends a short message to a few people at a time on a user's contact list. There is no subject, and the content is simply a URL. This simple trick is remarkably effective in bypassing the normal spam filters and suspicions of users. Because the email is from a known contact, and because there is no text, no advertising, no enticement, users seem to trust the link. Experts warn that the action may lead to malware installation and possible augmentation of a botnet.

Facebook faces down a botnet.

New York Times
Published: November 14, 2010

Successful web services attract malware, and Facebook has been aware of one that targets its site for some time. Riva Richmond of The New York Times reports on how Joe Sullivan, Facebook's security chief, has battled the Koobface worm.

Although the worm's objective is to build a botnet for advertising services, the bulk of the money comes not from designer watches but from fake anti-virus software. The operators may have been netting $200K per month in such sales.