f-secure

Scam targets Apple App Store customers

One of the latest scams floating around cyberspace is aimed at people who recently bought items at Apple's App Store.

As described yesterday by security vendor F-Secure, scammers are sending out phony messages to users claiming that a recent order at Apple's App Store has been canceled.

F-Secure's blog post intimated that the scam was specifically targeting actual App Store customers. But instead the scammers seem to be employing the usual shotgun approach, targeting many people in hopes of hitting a certain percentage who actually just bought something through the App Store, Sean Sullivan, a security adviser … Read more

Sony Thailand site used for phishing

Sony has been hacked, and one of its servers used to host a phishing site, according to Finnish company F-Secure.

The hack, which is not connected to Sony's problems with its PlayStation Network, has placed a phishing Web page on the Sony Thailand site, F-Secure chief research officer Mikko Hypponen told ZDNet UK today. F-Secure notified Sony, the company said in a blog post today.

"The phishers are looking for credit card details and log-ins," said Hypponen.

Read more of "Sony site used for phishing" at ZDNet UK.

Chinese firms behind 'Sexy Space' Trojan

F-Secure has identified three China-based companies as the creators of the "Sexy Space" Trojan, which was identified last week to have passed through Symbian Foundation's digital-signing process.

XiaMen Jinlonghuatian Technology, ShenZhen ChenGuangWuXian Technology, and XinZhongLi TianJin cloaked the malware, also known as Yxe, and submitted it to the Symbian Foundation under its Express Signing program, security company F-Secure said Wednesday in a statement.

Developers are required to submit mobile applications to the Symbian Foundation for evaluation, before the applications are accepted and enabled for handsets running the Symbian operating system. The apps are first automatically scanned for … Read more

F-Secure says stop using Adobe Acrobat Reader

With all the Internet attacks that exploit Adobe Acrobat Reader people should switch to using an alternative PDF reader, a security expert said at the RSA security conference on Tuesday.

Of the targeted attacks so far this year, more than 47 percent of them exploit holes in Acrobat Reader while six vulnerabilities have been discovered that target the program, Mikko Hypponen, chief research officer of security firm F-Secure, said in a briefing with journalists.

Just last month, Adobe issued a fix for an Acrobat Reader hole that attackers had been exploiting for months, after issuing a patch for a critical … Read more

F-Secure provides details on Web site breach

Helsinki-based security firm F-Secure said on Thursday that a breach of its Web site earlier in the week by a Romanian hacker site was limited in scope and impact.

On Wednesday the HackersBlog site said it had used a SQL injection and cross-site scripting attack to get access to data on an F-Secure Web site. Earlier, the site had launched similar attacks on a site of security firm Kaspersky and one belonging to a partner of BitDefender.

F-Secure said the problem with its site was due to a bug in a Web application and not related to an unpatched system.… Read more

Hacker site claims breach of third security firm Web site in a week

A Romanian hacker site said on Wednesday it was able to breach the Web site of Helsinki-based security firm F-Secure just as it had gained access to the sites of two other security companies earlier in the week.

F-Secure is "vulnerable to SQL Injection plus Cross Site Scripting," an entry on the HackersBlog site said. "Fortunately, F-Secure doesn't leak sensitive data, just some statistics regarding past virus activity."

An F-Secure spokesman said the company had taken the affected server down and that it was a low-level server that was not critical to the company and … Read more

Obama-themed malware on the rise

Within hours of settling the U.S. presidential election on Tuesday, spam seen worldwide began incorporating the name and image of Barack Obama, according to various security vendors. The U.K.'s Sophos reported 60 percent of all spam seen by the lab on Wednesday was in some way Obama related.

One piece of spam alleges to contain a link to video of Obama's acceptance speech. If you follow the video link within the e-mail message you will be taken to a Web page where you'll be asked to update your Adobe Flash Player with a file, adobe_flash9.… Read more

Security Bites 119: Does the Internet need its own Interpol?

In this week's Security Bites podcast, Robert Vamosi spoke with Patrik Runald, chief security adviser at F-Secure, about the need for a new international agency to handle cybercrime. Although there have been several high-profile arrests--such as that of "Chao," an alleged Turkish ATM skimmer-- Runald said, "the message we're sending today is not enough."

With a budget of only about $90 million (U.S.), Interpol was created, in part, to fight drug trafficking and human trafficking worldwide, and now it has taken on Internet crimes without any direct increase in funding. Runald concludes, &… Read more

Carpet bombing networks in cyberspace

While Operation CyberStorm is intended to improve our ability to defend against a foreign cyberattack, the Air Force is talking openly about our ability to launch a preemptive attack in cyberspace.

In the May 2008 issue of Armed Forces Journal, Col. Charles W. Williamson III wrote that "America needs a network that can project power by building an af.mil robot network (botnet) that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic. America needs the ability to … Read more