Monday, November 23, 2009

Security Smorgasbord, Vol 1, No. 7

iPhone worm targets online banking

Last time, I mentioned the Rickroll worm that targeted jail-broken iPhones. Well now it's no joke:
The second worm to infect jailbroken iPhone users reportedly targets customers of Dutch online bank ING Direct.

Surfers visiting the site with infected devices are redirected to a phishing site designed to harvest online banking login details, the BBC reports. ING Direct told the BBC it planned to warn users' of the attack via its website, as well as briefing front line call centre staff on the threat.

Mikko Hypponen, chief research officer at F-Secure, said the threat had in any case been neutralised. "It [the worm] was targeting ING. The websites it needed for this to work have now been taken down."

Anti-virus analysts, still in the process of analysing the malware, caution that the attack is a bit more complex than simple phishing and seems to involve an attempt to snatch SMS messages associated with online banking transactions.
If you've jail-broken your iPhone, make sure you've changed the default password for ssh. This is also probably a good time to reiterate that online banking from your phone is a Terrible, Horrible, No Good, Very Bad Idea.

-----------------------------------------

Facebook Clickjacking scheme flogs feelthy pixels

So don't click on something that says "Want 2 C something hot? Click da button, baby!" Srlsy. You'll be unhappy if you do.

Of course, I don't have to tell you that, right?

-----------------------------------------

Internet 6 and 7 Day Zero Exploits

Sheesh, you'd think that if you wanted to stay with IE, you'd upgrade to IE 8. This is just another reason for anyone who hasn't. "Day Zero" means that the Bad Guys are attacking it, but there's no fix. El Reg has the scoop:

Tests by Symantec have confirmed the 0-day flaw affects Internet Explorer 6 and 7. IE8 users are reckoned to be in the clear.

Surfers using older versions of IE (why the heck is anyone still using IE6 anyway?) are advised to disable JavaScript and to stay away from untrusted websites. Alternatively they could upgrade to IE8 or use an alternative browser instead.

Upgrade to IE 8 here. Firefox is nice, get it here. I also like Opera. All of them for the low, low price of free.

No comments: