Looks like Amazon.com plus a number of other web sites such as Wal-Mart and Expedia is under continuous DDoS attack.

Neustar, the company that operates those web server under the brand name UltraDNS said that it managed to handle the attack. Read the rest of this entry »

Spammers are once again turning their efforts to trusted social networking sites to lure in unsuspecting victims, and this time it´s Facebook.

Symantec Security Response has observed that spammers are attempting to use Facebook´s popularity to spread Trojan.Bredolab, a threat that has been consistently and widely distributed this year.  This trojan is capable of downloading password stealers, bots, rootkits, backdoors and misleading applications.

Spammers are misleading users by sending a false Facebook notification email about their password.  Along with the message is a .zip file that contains Trojan.Bredolab.

Read the rest of this entry »

Thanks to Google’s Safe Browsing API, Twitter is now using it to protect its users from the “bad websites”.

Read the rest of this entry »

Look like Secure Sockets Layer (SSL) certificates can be broken and no longer safe now days.

The trick in the latest type of attack is that all a criminal would need to do is put the name of a legitimate Web site before that null character, and the browser will believe that the site it’s visiting – which is under the criminal’s control – is legitimate.

The criminal could then forward the traffic onto the legitimate site and spy on everything the victim does on that site.

Read the rest of this entry »

A researcher said that he will release a tool that will allow hackers to hijack application updates on PC over an unsecured wifi connection by replacing the “update” with malware.

The hijack, believed to be vulnerable to about 100 applications including including CD burners, video players and more. The attack however does not effect application that uses digital signing for updates such as Microsoft apps.

Read the rest of this entry »

I recently discovered a worm called W32 Koobface that was circulating in Twitter.

Koobface has been spreading in the wild throughout the month of June targeting Facebook & MySpace accounts.

IT Security expert Kaspersky Lab claims that the number of Koobface variants detected jumped from 324 at the end of May 2009 to almost 1000 by the end of June 2009.

Once a user is infected, he or she will start spreading

the worm to his or her friends targeting more social networking websites like Bebo, Tagged, Netlog and most recently, Twitter.

Here’s the screen shot taken on Twitter, July 15, 2009:

(click to enlarge)

Users clicking on the malware link (http:\\zoomtox.com\youtube/\) will be redirected to a site that looks similar to Youtube.

Read the rest of this entry »