Spyware, viruses, & security forum: NEWS - March 12, 2012

Well, we hope you've all been good boys and girls lately: porn site Digital Playground has been hacked by a new hacktivist group, which says it's stolen the financial and personal details of tens of thousands of customers.

Digital Playground's website is managed and run by Canadian firm Manwin, which took it down for several hours as a result.

The new group, The Consortium, describes the company's security as 'a joke'. It claims it's accessed the credit card numbers, names, CCV numbers, and expiration dates for 40,000 users of the site, as well as the e-mail addresses, usernames, and passwords of 72,000 users.

The card numbers, card expiration date, cvv and all customer billing address and contact info were in plain text, they say.

"We did not set out to destroy them but they made it too enticing to resist," it says in a statement. "So now our humble crew leave lulz and mayhem in our path."

Continued: http://www.tgdaily.com/security-features/62019-porn-site-hacked-by-new-group

Also:
Porn site Digital Playground hacked, hackers say "too enticing to resist"
Digital Playground porn passwords exposed by hackers
Porn site breached in hack attack

In order for a Facebook survey scam to be successful, it has to make users do two things: propagate the scam further by "endorsing" it and complete at least one survey.

Even though there are always users who fall for the most basic scams, most of them learn fast and scammers have to constantly think of new lures and new ways of making the victims inadvertently spread the offending links.

In a survey scam recently spotted by BitDefender, the scammers have decided to trick the victims into promoting it by using a bogus CAPTCHA test.

The lure is a common one: "PHOTO! Girl accidentally sends dad SMS about her FIRST time! (This is the funniest thing ever!)"

In order to see what it's all about, the victims are asked to verify their identity by solving a CAPTCHA: [Screenshot]

Continued : http://www.net-security.org/secworld.php?id=12575

"Is the president really calling you at home? Probably not."

Most people have faith that the information that they see on their Caller ID is real.

If the Caller ID reads "MICROSOFT SUPPORT - 1-800-555-1212" or something similar, then most people would tend to believe that the person on the other end of the line is really from Microsoft. A lot of people don't realize that scammers are using Voice Over IP technology and other tricks to fake or "spoof" Caller ID information.

Scammers use Caller ID spoofing to help make their scams seem more believable.

How do scammers spoof their Caller ID information?

There are several ways in which scammers spoof Caller ID information. One of the most popular ways that scammers spoof their Caller ID is through the use of special internet-based caller ID spoofing service providers. These spoofing services can be purchased cheaply and are often sold as a re-loadable calling card.

The typical Caller ID spoof works like this:

Continued : http://netsecurity.about.com/od/securityadvisorie1/a/Caller-Id-Spoofing.htm

From the Symantec Security Response Blog:

It takes time and dedication for cybercriminals to be able to place their mobile malware somewhere on the Internet that will result in a high number of downloads. Target locations for cybercriminals include the official apps market, third-party markets, and even fake app markets. Other locations may include websites that are designed to specifically host a particular malware or serve a variety of malware masquerading as authentic apps.

However, the cybercriminals also need to carry out some advertising in order to direct traffic to wherever the malware resides. Some use forums to add comments with malicious links, while others use search engine optimization (SEO) to list malicious sites at the top of search results. Tweets are also used to lure mobile users to the malicious sites. In fact, we have noticed that tweeting is proving a popular method used to direct users to the infamous Android.Opfake malware.

Users can potentially end up infecting their mobile devices with Android.Opfake by searching for tweets on subjects such as software, mobile devices, pornography, or even dieting topics to name a few. Android.Opfake is not hosted on the Android Market (Play Store) and these tweets lead to malicious websites developed for the Opfake application. These tweets typically contain short URLs and the message is mainly in Russian with some English terms included. Once the user visits the site, they are prompted to install the malicious application. ..

Continued : http://www.symantec.com/connect/blogs/attempts-spread-mobile-malware-tweets

.. Requests

Another scam is causing panic among Facebook customers. This time the false message claims that if a user clicks No when he's asked if he knows the person that sent a friend request, the latter will be banned from performing basic operations for up to 30 days and maybe even permanently.

The scam message provided by Hoax-Slayer reads:

VERY IMPORTANT: PLEASE READ: Nice people are getting banned from facebook and it could happen to you, too - the reason is because when you get a friend request, if you click the "not now" button, you will automatically recieve a request from Facebook saying, "Do you know this person?"

if you click no, that person will automatically be suspended from group chats, blocked from sending friend requests, and other nasty things for 7-30 days, and if it happens enough - permanently.

So please.. if you get an unwanted friend request, just ignore it. If you accidentally click the "not now" button, then ignore the request from facebook asking if you know them - do not respond to it. Please pass this around so we can protect our friends (and ourselves!).'

In reality, if a Facebook customer sends too many friends request to unknown people and many of them deny knowing him/her, the social media site will ban the spammer from sending friends requests and messages for a short while.

Continued : http://news.softpedia.com/news/Scam-Facebook-Bans-Customers-Who-Send-Unanswered-Friend-Requests-257996.shtml