A Russian hacker is believed to have stolen 1.5 million Facebook logins, meaning one out of every 300 accounts.  The hacker, who calls himself “kirllos” and currently lives in New Zealand, says he can sell you 1,000 Facebook logins for $25 or an account for as little as 25 cents each.  Pricing depends on how many friends the account holder has.  About 700,000 accounts have been sold so far on an underground website but it is unknown if they are legitimate accounts for real Facebook users.

According to Facebook’s Simon Axten, Facebook is investigating the specific accounts kirllos has put up for sale and will block access to those that have been hacked until they can be restored to their original users.  In one previous Facebook scam, criminals sent out messages from a compromised account telling friends that they were trapped in a foreign country and needed money.  Hackers also send out links to malicous software to friends of the account holder.

Someone can obtain a Facebook account for very cheap.  There are 400 million users worldwide and many fall victim to scams each day.  Only add friends that you know, make sure your privacy settings protect your personal information, and don’t click on suspicious links.

Changing your passwords regularly is important, right?  Frequent password changes are intended to increase computer security, but users hate having to do it.  The most commonly used passwords are password, 12345, qwerty, and abc123.  Surprisingly, a recent study done by a Microsoft researcher states that changing your password is not necessary for password security.  He claims user education is not working and scheduled password updates offer little benefit in exchange for the effort and time they require.

In the report, Cormac Herley says “Security advice is a daily burden, applied to the whole population, while an upper bound on the benefit is the harm suffered by the fraction that become victims annually. When that fraction is small, designing security advice that is beneficial is very hard. For example, it makes little sense to burden all users with a daily task to spare 0.01% of them a modest annual pain.” The full report can be found here.

Some websites even prompt users to change their password often.  Passwords can be stolen through phishing or keylogging and once a password is stolen, the strength of it is irrelevant.  If a hacker obtains a password they will most likely use it immediately and not hold onto it for weeks or months.  Use different, complex passwords for each of your accounts and consider using a password manager that can generate them for you.  Some users even write their new password on sticky notes and put them on their computer, which is not a good idea.  Have a password that is easy for you to remember but not easy to guess.  The strongest passwords contain both letters and numbers and have some upper and lower case letters.  Many websites even show password strength meters, which give users an idea of the quality of their password.  The study also calculates that a task like changing a password and requiring one minute per day from every working adult in the U.S. costs about $15.9 billion per year.

Online users are still opening spam email intentionally, despite awareness of the consequences.  The Ipsos Messaging Anti-Abuse Working Group (MAAWG) conducted a 2010 survey in the US, Canada, and Western Europe and found some shocking results.  They found that almost half of all North American and Western European users admitted to having opened spam intentionally to either unsubscribe, out of curiosity, to complain to the sender, or out of actual interest in the products or services offered.  About 18% wanted to “see what would happen” if they opened spam, while 4% are actually replying to spam.

Out of all six countries that were surveyed, 84% were aware of computer bots.  One-third say they consider it likely they will be infected but one in five are unsure how they would recognize a bot infection on their computer.  The continuous actions done by email users that receive spam are leading to the increase in botnets.  Less than half of email users think that stopping viruses is their own responsibility.  Nine in ten said their antivirus software was updated regularly, with 46% saying it is done automatically.  A good 43% report they would turn to their antivirus software company to get their computer repaired.  About 44% consider themselves “somewhat experienced” when it relates to internet security, while 20% considered themselves “very experienced.”   Many users do not even flag or report spam.

Who should be responsible for stopping the spread of viruses, fraudulent email, spyware, and spam?  About 65% feel it’s the ISPs and ESPs responsibility, 54%  feel antivirus companies are responsible, and 48% hold themselves responsible.  A great deal of importance is placed on emails containing receipts or shipping details for purchases (70%).  Those under the age of 35 are more likely to think billing notifications and marketing materials are important, while those aged 55 and older feel newsletters are important.  The survey also found that Canadian users are most likely to avoid posting their email address online, whereas more internet users in the US, Canada, and Germany are likely to set up another email address to avoid receiving spam.  How often do you click on a spam message?

Computer botnets are extremely dangerous and are facilitated by rootkit infections. A botnet is a network of infected computers that can be used for sending out spam, stealing personal information, altering files, changing processes, cyber terrorism, etc.  Hackers use these for various illegal and criminal activities.  It is estimated that over 60 million computers worldwide are infected by botnets.  Rootkits are one of the most complex and insidious type of malware that are extremely difficult to detect and remove.  They can download updates to keep ahead of malware detection tools, as well as download new virus payloads that they install inside their encrypted folders to avoid detection.

Tizer Secure™ has done in-depth research on these botnets and rootkit infections and is providing sophisticated new tools developed utilizing proprietary technology for Windows users to combat them.   The most recently updated dangerous rootkits are Rustock, 4DW4R3, and TDL3 and we offer new tools to detect and safely remove them for free.

Tizer™ Rootkit Razor is our most advanced rootkit removal tool and the newest release is able to detect and safely remove rootkits Rustock and 4DW4R3.  It is compatible with Windows XP, Vista, and 7 (32-bit only) and the newest release is available for download at http://www.tizersecure.com/about_tizer_rootkit_removal.php.

Our team was able to come up with a newer technique to combat the latest version of TDL3 and we have launched a new free tool to detect and remove this particular rootkit called Tizer™ TDL3 Razor.  TDL3 is one of the most dangerous rootkits that will infect Windows XP machines.  It was updated recently over the internet by its developers, making it nearly impossible to detect or remove through traditional security solutions.    TDL3 Razor is able to detect and safely remove the rootkit TDL3 on Windows XP machines with Intel processors and hard disks that use atapi.sys or iaStor.sys drivers.  To the best of our knowledge, TDL3 Razor is the only tool available today that can detect and remove this nasty rootkit infection on both of these drivers.  Microsoft has a malicious software removal tool that appears to include a utility to remove Alureon (another name for the TDL3 rootkit), but in our testing it was able to detect but unable to remove it.  Tizer™ TDL3 Razor can be downloaded for free at http://www.tizersecure.com/about_TDL3_rootkit_detect_remove.php.

Fake emails that claim to be from Facebook are being sent to users that read “Facebook Password Reset Confirmation, Customer Support,” encouraging them to click on an attachment to view their updated password.  What happens when you click on the attachment to retrieve your new password? It downloads a “password stealer” that will steal not only your Facebook password, but any other stored passwords you may have including email and banking passwords.

Hackers are utilizing Facebook because it is the most popular social networking website with about 400 million users.  The Facebook security page on the company website warns users of the spoofed email going around and reminds you that Facebook will never send a new password in an attachment. They suggest social networking users warn their friends about the scam.  The attachment in the email infects computers without any clear signs of what is happening so the user has no idea.  This spam is believed to have been sent using botnets  Cutwail and Rustock, which have the ability to control groups of computers to send out spam like this.  Tizer™ Rootkit Razor was just updated to be able to detect the latest rootkits Rustock and 4DW4R3 that have these hacker capabilities.  Download it free here to scan your computer.

You can expect that out of 400 million Facebook users, a good 10% will click on the attachment and be infected by this malicious virus.  That would mean 40 million computers infected, giving hackers such a large amount of personal information.

According to FBI reports last week, losses from online fraud rose from $264.6 million in 2008 to $559.7 million in 2009. Last year the Internet Crime Complaint Center (IC3) received 336,655 complaints, a big 22.3% increase from the year before. The IC3 is a partnership between the FBI and National White Collar Crime Center.

The highest percentage of complaints, 16.6%, were email scams that falsely claimed to be from the FBI to gain personal information. The top five categories of reported offenses included non-delivered merchandise and/or payment at 19.9%, identity theft, 14.1%, credit card fraud, 10.4%, auction fraud, 10.3%, and computer fraud, 7.9%.

One popular scam was a phone pitch made by someone sounding like President Barack Obama, encouraging people to visit a website for government stimulus money. Those who visited and paid the $28 in fees after handing over their personal information did not get the promised stimulus check. Another commonly reported scam was fake pop-up ads for malicious anti-virus software. Victims receive ads warning them of threatening viruses on their computer that end up downloading malicious code to their computer after clicking.

Over 86.7% of complaints reported to law enforcement showed a loss of $5,000 or less. The median dollar loss was $575. More than half of the complaints came from males, and 92% came from the United States.  Anyone who uses the internet can be a victim of cybercrime.  Tizer Secure™ offers internet security protection to help keep your personal information safe.

The full internet crime report can be found here.

Apple’s iPad is scheduled to hit stores April 3, 2010. Social media users need to be cautious and watch for “free iPad” offers circling around. Scammers are using this new product release to confiscate personal information. The scam claims to offer you a free iPad (or to be a beta tester), but requires a credit card number and cell phone number. Social media users are even encouraged to invite their friends to the fake pages to increase their chances of being selected to try the iPad. It signs you up for a cell phone service, and you will start being billed $10 per week.

Expect these scams to circulate not only through social media, but through email and normal search engines. Be cautious when you see anything offered for free, especially if it’s a new product. If something sounds too good to be true, it most likely is.

Reports say hackers are using the story of the killer whale that killed Dawn Brancheau, a US SeaWorld trainer, to try to infect computers and steal people’s credit card information. Hackers have taken the opportunity to use our internet curiosity against us. They have created webpages that supposedly contain video footage of the tragedy showing the killer whale Tilikum. Searching for terms such as “killer whale video pictures” and “Dawn Brancheau video” will lead to malicious search results. After clicking on a link, website visitors get a fake antivirus alert. They are told there is a security problem on their computer, and are urged to download the antimalware program. The visitor is then prompted for their credit card details, and this alert is hard to remove and will often freeze up a computer.

It is horrible that hackers would try to profit from the death of an innocent woman. She definitely didn’t deserve this, but why are so many people drawn to see such horrible footage? Perhaps the malicious hackers thought they were targeting people who wanted to see a gruesome video and deserved something to happen to them. Be sure to go to established news sites if you want to get information on events.

The number of attacks on corporations is so large and their sophisitcation so great. Many organizations have trouble determining which threats post the grestest risk. New ways to conduct internet fraud are constantly unleashed.

A research study shows exactly what CEO’s perceptions of threats are.

• 82% reported their organization had suffered a breach
• 50% reported attacks occur on a daily or hourly basis
• 48% believe their organizations are rarely attacked
• 68% consider the CIO responsible for information security
• 24% of other C-level executives consider the CIO responsible for information security
• 64% of executives believe their organizations will be breached in the next 12 months

Internet security should be a top priority. Organized crime is on the rise, as we saw with the discovery of 75,000 corporate computers worldwide hacked by the Kneber BotNet. Social networks and applications being hosted as services online are opportunities for hackers to attack. Internet security is a global concern, as the number of websites tampered exceeded 42,000 in 2009. 50% of CEOs reporting attacks are occurring on a daily or hourly basis is something to be concerned about.

The newest, massive hacking network “Kneber BotNet” has breached more than 75,000 PCs around the world. Hackers gained access to private data at nearly 2,500 companies and government agencies. Criminals use a botnet to control an army of computers and usually distribute massive amounts of spam and malware.

With this particular botnet, analysts believe hackers aren’t interested in money, but they have built a secret underground network to rent out or sell stolen personal information to cybercrooks. This botnet is gathering logins for financial systems, social networking, and email and reporting it back to the criminal. Social networking sites can easily be used to spread malware, as Facebook and Yahoo accounts have been hacked the most. Investigations report 68,000 corporate logins were compromised. These criminals have also poisoned search results. If you search for “Kneber BotNet removal” you will likely get results that will contain fake anti-virus software.

Several large companies like Paramount Pictures have been attacked. It is becoming easier to become a cybercriminal as tools for creating these malicious infections are becoming available on the underground economy. Corporations should monitor outgoing traffic. Stay up to date on security software and you will be protected. The Tizer Secure™ behavioral scan will search for unusual botnet behavior. Download the free 14-day trial.