In order for cybercriminals to launch, spam, phishing and targeted attacks, they would first have to obtain access to a “touch point”, in this case, your valid email address, IM screen name, or social networking account.
In this post we’ll profile a recently released Russian DIY email harvester, and emphasize on the difference between notice and experienced cybercriminals in the context of the tactics and techniques they use to obtain a potential victim’s email address.
Earlier this week, HP’s Software Security Response Team issued a security bulletin, alerting users that certain HP ProCurve 5400 zl switches were shipped with malware installed on the associated compact flash cards. No details were given about the type of malware shipped to unaware customers.
More details on the affected switches, including their serial numbers:
According to Microsoft, the company has already observed targeted malware attacks taking advantage of the MS12-027 vulnerability. In order to mitigate the risks posed by these currently circulating targeted attacks, the company is advising users to disable the ActiveX controls via the Trust Center Settings > ActiveX Settings, option.
According to the latest prenotification security advisory from Adobe, next week, the company plans to issue a ‘security update’ for Adobe Reader X (10.1.2) running on Windows, Linux and Macintosh.
Adobe’s products are under permanent fire from malicious cybercriminals, exploiting known vulnerabilities in Adobe’s products, who succeed, primarily relying on the fact that end and corporate users are not patching in a timely manner.
Recently, I stumbled upon another such service, advertised at cybercrime-friendly web forums, offering potential customers the opportunity to hack a particular Mail.ru and Gmail.com email address, using a variety of techniques, such as brute-forcing, phishing, XSS vulnerabilities and social engineering.