Amazon is used to send order confirmation Emails to its customers who purchase goods from Amazon.com. A couple of people reported that they get fake Amazon.com order confirmation Emails with url of malicious website. This is a new version of Email attack that i have ever seen. The text in Email looks like

Dear Customer, Your order has been sucessfully confirmed. For your reference, here’s a summary of your order: You just confirmed order #2341-23483720-38123 Status: CONFIRMED.

At the end of the e-mail follows a link to a malware site, labeled "ORDER INFORMATION".

A number of different domains have been seen used so far.

Source : http://isc.sans.org/diary.html?storyid=8344&rss

Today i got a forged E-Mail saying that my Facebook password is changed and the changed password is mentioned in attached document. While downloading the attachment i got following error message saying that the attachment contains virus program.

Following Email i got in my mail box

Dear user of facebook,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
Your Facebook.

As Valentine week is going on and a lot of people using search engines to find gifts, cards and screensavers to their Valentine and at the same time malware authors and cybercriminals are ready for it. According McAfee some Valentine’s Day searches for poisoned terms and found some nasty ones very quickly. Screensavers and ecards are always popular:

Valentine Day E-Card search results

Even Rolex watches on Valentine’s Day are not safe:

Some of the poisoned terms I have seen today:

• Valentine’s Day Screensavers

• Valentine’s Day Downloads

• Valentine’s Day Wallpaper

• Valentine’s Day Rolex

• Valentine’s Day eCards

• Animated Valentine’s Day

• Valentine’s Day Greetings

• Valentine’s Day Cupids

• Valentine’s Day Gift Ideas

Make sure you surf safely with SiteAdvisor and keep that machine updated

Mozilla has removed two Firefox add-ons from there website. Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found to contain Trojan code aimed at Windows users. Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose Trojan. Both of these add-ons are now removed from Firefox Add-on download website.

This vulnerability is known to affect Firefox on Windows only, if either Master Filer or Version 4.0 of Sothink Web Video Downloader are installed. Versions of Sothink Web Video Downloader greater than 4.0 are not infected. Master Filer was downloaded approximately 600 times between September 2009 and January 2010. Version 4.0 of Sothink Web Video Downloader was downloaded approximately 4,000 times between February 2008 and May 2008. Master Filer was removed from AMO on January 25, 2010 and Version 4.0 of Sothink Web Video Downloader was removed from AMO on February 2, 2010. AMO performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such. This scanning tool failed to detect the Trojan in Master Filer. Two additional malware detection tools have been added to the validation chain and all add-ons were rescanned, which revealed the additional Trojan in Version 4.0 of Sothink Web Video Downloader. No other instances of malware have been discovered.

Here is a list of antivirus programs known to detect the trojans found in the affected add-ons.

• Antiy-AVL
• Avast
• AVG
• GData
• Ikarus
• K7AntiVirus
• McAfee
• Norman
• VBA32

Source : Mozilla Blog

Twitter and YouTube is one of the most popular web 2.0 websites and spammers are using these websites to spread spam messages. Earlier spammers use Plain text, html, instant messaging, images, pdf, even in MP3 to spread messages via Email but users are able to learn and find these are spam messages and don’t open it. Let’s see how spammers using Twitter and YouTube to spread spam messages.

Spammers generally retweet messages on twitter with any message and malicious url.They will usually use a URL shortener, such as bit.ly, both to make it shorter and to obfuscate the destination. Once you click on the link, you are redirected to YouTube.

User is redirected to YouTube website, its a real YouTube website. it won’t ask you to install any codec and user will see real video. Well, as you can see is the spam message recorded in a video and uploaded to YouTube

If you go to the advertised website, you’ll see this:

Source : Panda Labs

Avast has released three new security products including Avast Free Antivirus, Avast Pro Antivirus, and Avast Internet Security. These three products are fully compatible with Windows7. Customers will be able to download Avast! Free Antivirus 5.0 either as a standalone product, and update to version 4.8, or through the Google Pack.

A new website is also released with these three new products . The website is in English and French. Over the next 10 days or so, Avast will be releasing the products and website in additional languages (German, French, Spanish, Portuguese, Czech, Russian, Polish, Chinese, Japanese, and possibly Korean, and Arabic). Other languages will then be added.

Vince Steckler, chief executive officer of Alwil Software, the makers of Avast Said,

Avast! Free Antivirus.

This is our new flagship product and replaces Avast Home Edition (we changed the name to emphasize the product is free). We focus this product on users that use the internet for web browsing and email. If that is what you do on the internet, this is the product you need. We are very proud of this product and we stack it up against anyone else’s paid antivirus—in fact, we have recently started submitting this product in lieu of our paid products to all of the industry standard tests. Virus Bulletin, one of the most respected journals, recently called this product “….nothing short of a miracle” (see separate blog post). Google selected this product for incorporation in many of their Google Packs. You can download this product here

Avast! Internet Security.

This is our brand-new product and is focused on users that do on-line banking or shopping or that have sensitive data on their computer. We believe that these users need some extra layers of protection and developed this product to provide three more layers. This product takes the free antivirus and adds a 2-way silent firewall, a sandbox, and anti-spam. The firewall ensures that only trusted applications are able to receive or send data across the internet. The sandbox provides a means of executing your browser (or any other application) in a protected environment—thus even if you get infected, the infection does not leave the sandbox and does not harm your computer. And the anti-spam helps you get rid of all that irritating email you receive every day. And, we have made this product attractive to consumer users—a single license can be used on 3 computers in your household. This link will take you to the product and download page

Avast! Pro Antivirus

This is the update to the old Professional Edition. We focus this product on individuals that want to customize their security and on businesses. It is the same as Internet Security but without the firewall or anti-spam. This allows world-class security using your own personal choice of firewall and anti-spam. Here is how to get this product

• Avast! Free Antivirus 5.0  is available for download here.

• Avast! Pro Antivirus 5.0 is available for download here.

• Avast! Internet Security 5.0 is available for download here.

What is the purpose of this alert?

This alert is to notify you that Microsoft has released Security Advisory 979682 – Vulnerability in Windows Kernel Could Allow Elevation of Privilege – on January 20, 2009.

Summary

Microsoft is investigating new public reports of a vulnerability in the Windows kernel. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-band security update, depending on customer needs.

Affected Software

Facebook announced a year long partnership with McAfee to offer a 6 month free subscription to 350 million Facebook users. Facebook users can take advantage of this offer by visiting the Protect Your PC tab on the McAfee Page on Facebook. currently this offer is not available in India but Indian Facebook users can install McAfee by selecting USA or UK from country selection drop down.

For the rare case in which an account is compromised, we’ve developed a unique process that requires the account owner to take steps to secure the account and learn security best practices. We’ve also incorporated custom McAfee software into this process for people identified as having infected computers. Now, if your computer is infected, you will be asked to run a scan like the one shown below and clean it before accessing Facebook. We’re not aware of another free Internet service that takes this much responsibility for helping people keep their accounts secure.

Security Tips Published on Facebook Website

• Don’t open attachments in emails that look suspicious or come from an unknown or untrustworthy source.
• Don’t open attachments unless you know what they are, even if they’re from friends.
• Delete chain mail and spam from your email and Facebook inboxes.
• Be cautious when downloading files from the Internet.
• Be cautious of any message, post or link you see on Facebook that looks suspicious, requires an additional login, or asks you to download or upgrade software.
• Use an up-to-date browser that features an anti-phishing blacklist. Some examples include Internet Explorer 8 and Firefox 3.0.10.
• Choose unique logins and passwords for each of the websites you use.
• Check to see that you’re logging in from a legitimate Facebook page with the Facebook.com domain.

Websense security Labs has found that search results on Microsoft Office website can lead to rouge antivirus website. This time attackers targeted Microsoft Office website.

Microsoft sent this message from Jerry Bryant, senior security program manager lead, Microsoft:

Microsoft is aware that some search results on the www.office.microsoft.com Web site redirected people to a malicious site offering fake antivirus software. The redirection to this malicious site was produced after a third party tutorial offered on the site was compromised. The redirection no longer works and Office search results for the affected third-party tutorial have been removed.
Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-727-2338 (PCSAFETY). Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov.

Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at: www.microsoft.com/protect.

Today i got three fake and well crafted Email asking to verify my Punjab National Bank Account details but the funny thing is that i am not  having any bank account in Punjab National Bank. The subject line of Email is Important Security Measures:- Security Verification Alert.

When i clicked on the it redirects me to an website ,  domain name belongs to .au