Ono
04-02-2006, 09:58 PM
Fake 'BBC News' spam emails are a phishing scam
Take user to a website that installs keylogger spyware
-------------------------------------------------------------------------------------
Suggested protection for this is:
A) Do not open any emails containing BBC News stories, or click on any links in those emails.
B) Use a browser other than MS Internet Explorer, like Opera or Firefox.
C) Install the third-party patches to fix the vunerability until Microsoft releases their own fix.
eEye Digital Security security bulletin and patch:
http://www.eeye.com/html/research/a...AL20060324.html
Detrmina security bulletin and patch:
http://www.determina.com/security_c...rch272006_1.asp
D) Disable active scripting in Internet Explorer.
Microsoft Knowelge Base article on disabling active scripting:
http://support.microsoft.com/kb/q154036/
__________________________________________________ ___________
BBC used to entice cyber victims
BBC News
Friday, 31 March 2006
People are being warned about spam e-mails containing BBC News stories designed to trick them into visiting malicious websites.
Cyber criminals are using the messages to exploit a recently discovered flaw in Microsoft's Internet Explorer.
If users click on the link, they are taken to a fake website that installs a piece of software that can monitor online financial activity.
People who receive the e-mails are advised to not follow the link.
The alert, from security firm Websense, comes less than a week after security firms found three flaws in the popular browser.
Spoof sites
The new threat takes advantage of one of these vulnerabilities.
The fake e-mails entice readers with excerpts from current BBC news stories and include a link to "Read More".
When the user clicks on the link they are directed to a spoofed BBC news website that installs a piece of software known as a keylogger.
"The keylogger monitors activity on various financial websites and uploads captured information back to the attacker," said the Websense alert.
Other websites known to exploit the bug can install spyware and Trojan horses on unprotected computers.
Using global brands like the BBC to lure people to malicious websites is common practice according to Mark Murtagh, technical director of Websense.
"We saw a similar approach last year after Hurricane Katrina with e-mails sending requests for help purportedly from the Red Cross," he told the BBC News website. "We are also already seeing the World Cup brand being used in the same way".
Taking down sites
This is not the first time the BBC's name has been used by malicious hackers.
"We have had people creating spoof pages of our site before," said Steve Herrmann, editor of the BBC News website.
"But using them in this way to attack people's online security is particularly troubling to us and a cause for serious concern."
Security firms say hundreds of web links are trying to catch people out using the loophole.
On Microsoft's security blog, the company said it had been very active in working with the law enforcement to take down malicious websites.
Microsoft said it would produce patches for the vulnerabilities in its next security update due on 11 April.
However these could be released earlier if the threat grows significantly. For now, two firms, eEye Digital Security and Determina, have separately produced software patches that close this loophole.
__________________________________________________ ___________
Spyware aims to exploit BBC and Microsoft
Phoney 'news stories' hit Internet Explorers as they type...
http://software.silicon.com/security/0,39024655,39157722,00.htm
By Joris Evers
C-Net News, via Silicon.com
Friday 31 March 2006
Cyber criminals are spamming email messages to trick people into visiting malicious websites that exploit a recent Internet Explorer flaw, experts warned on Thursday.
The websites take advantage of the vulnerability in the omnipresent Microsoft web browser to install a keystroke logger on vulnerable computers, according to San Diego-based Websense Security Labs.
Websense said in an alert: "This keylogger monitors activity on various financial websites and uploads captured information back to the attacker."
The malicious software could capture log-in names and passwords for the sites, information criminals could sell or possibly use to plunder a victim's account.
The email messages used to lure people to the websites contain excerpts from BBC news stories and offer a link to "read more," Websense said. This link leads to a forged BBC webpage where the malicious software is dropped onto a vulnerable PC by exploiting the "createTextRange()" vulnerability in IE, according to Websense's alert.
The vulnerability has to do with how Internet Explorer handles the createTextRange() tag in Web pages. Since the flaw was disclosed publicly last week, more than 200 websites have been found to exploit it. These sites typically install spyware, remote control software and Trojan horses on vulnerable PCs.
Microsoft has said it is working on a fix for the browser. That update is currently scheduled for delivery on April 11, Microsoft's regular monthly patch day. However, the Redmond, Washington, company has said it's considering an earlier release.
Meanwhile, two security companies have beaten Microsoft to the punch. eEye Digital Security and Determina both released unofficial fixes for the IE flaw earlier this week. Experts, however, have warned users to be cautious with non-Microsoft fixes and instead suggest using a Web browser other than IE, or disabling Active Scripting, which is also Microsoft's advice.
Take user to a website that installs keylogger spyware
-------------------------------------------------------------------------------------
Suggested protection for this is:
A) Do not open any emails containing BBC News stories, or click on any links in those emails.
B) Use a browser other than MS Internet Explorer, like Opera or Firefox.
C) Install the third-party patches to fix the vunerability until Microsoft releases their own fix.
eEye Digital Security security bulletin and patch:
http://www.eeye.com/html/research/a...AL20060324.html
Detrmina security bulletin and patch:
http://www.determina.com/security_c...rch272006_1.asp
D) Disable active scripting in Internet Explorer.
Microsoft Knowelge Base article on disabling active scripting:
http://support.microsoft.com/kb/q154036/
__________________________________________________ ___________
BBC used to entice cyber victims
BBC News
Friday, 31 March 2006
People are being warned about spam e-mails containing BBC News stories designed to trick them into visiting malicious websites.
Cyber criminals are using the messages to exploit a recently discovered flaw in Microsoft's Internet Explorer.
If users click on the link, they are taken to a fake website that installs a piece of software that can monitor online financial activity.
People who receive the e-mails are advised to not follow the link.
The alert, from security firm Websense, comes less than a week after security firms found three flaws in the popular browser.
Spoof sites
The new threat takes advantage of one of these vulnerabilities.
The fake e-mails entice readers with excerpts from current BBC news stories and include a link to "Read More".
When the user clicks on the link they are directed to a spoofed BBC news website that installs a piece of software known as a keylogger.
"The keylogger monitors activity on various financial websites and uploads captured information back to the attacker," said the Websense alert.
Other websites known to exploit the bug can install spyware and Trojan horses on unprotected computers.
Using global brands like the BBC to lure people to malicious websites is common practice according to Mark Murtagh, technical director of Websense.
"We saw a similar approach last year after Hurricane Katrina with e-mails sending requests for help purportedly from the Red Cross," he told the BBC News website. "We are also already seeing the World Cup brand being used in the same way".
Taking down sites
This is not the first time the BBC's name has been used by malicious hackers.
"We have had people creating spoof pages of our site before," said Steve Herrmann, editor of the BBC News website.
"But using them in this way to attack people's online security is particularly troubling to us and a cause for serious concern."
Security firms say hundreds of web links are trying to catch people out using the loophole.
On Microsoft's security blog, the company said it had been very active in working with the law enforcement to take down malicious websites.
Microsoft said it would produce patches for the vulnerabilities in its next security update due on 11 April.
However these could be released earlier if the threat grows significantly. For now, two firms, eEye Digital Security and Determina, have separately produced software patches that close this loophole.
__________________________________________________ ___________
Spyware aims to exploit BBC and Microsoft
Phoney 'news stories' hit Internet Explorers as they type...
http://software.silicon.com/security/0,39024655,39157722,00.htm
By Joris Evers
C-Net News, via Silicon.com
Friday 31 March 2006
Cyber criminals are spamming email messages to trick people into visiting malicious websites that exploit a recent Internet Explorer flaw, experts warned on Thursday.
The websites take advantage of the vulnerability in the omnipresent Microsoft web browser to install a keystroke logger on vulnerable computers, according to San Diego-based Websense Security Labs.
Websense said in an alert: "This keylogger monitors activity on various financial websites and uploads captured information back to the attacker."
The malicious software could capture log-in names and passwords for the sites, information criminals could sell or possibly use to plunder a victim's account.
The email messages used to lure people to the websites contain excerpts from BBC news stories and offer a link to "read more," Websense said. This link leads to a forged BBC webpage where the malicious software is dropped onto a vulnerable PC by exploiting the "createTextRange()" vulnerability in IE, according to Websense's alert.
The vulnerability has to do with how Internet Explorer handles the createTextRange() tag in Web pages. Since the flaw was disclosed publicly last week, more than 200 websites have been found to exploit it. These sites typically install spyware, remote control software and Trojan horses on vulnerable PCs.
Microsoft has said it is working on a fix for the browser. That update is currently scheduled for delivery on April 11, Microsoft's regular monthly patch day. However, the Redmond, Washington, company has said it's considering an earlier release.
Meanwhile, two security companies have beaten Microsoft to the punch. eEye Digital Security and Determina both released unofficial fixes for the IE flaw earlier this week. Experts, however, have warned users to be cautious with non-Microsoft fixes and instead suggest using a Web browser other than IE, or disabling Active Scripting, which is also Microsoft's advice.