Fake YouTube Site Strikes Visitors With Three-Staged Attack

By Robert Westervelt
August 26, 2013    3:24 PM ET

Security researchers have discovered a malicious website posing as a legitimate YouTube page that uses social engineering, drive-by downloads and ransomware to lock a visitor’s machine in an attempt to extort money from the victim.

Read the amazing rest of story here.

You must be vigilant. DO you have a key logger program on your computer? Do you knwo how to check for one? Have you installed Malware protection on your computer? If not, connect with me, and I can guide you to solutions.

The FBI has seen an increase in cyber criminals who use online photo-sharing programs to perpetrate scams and harm victims’ computers. These criminals advertise vehicles online but will not provide pictures in the advertisement. They will send photos on request. Sometimes the photo is a single file sent as an e-mail attachment, and sometimes the victim receives a link to an online photo gallery.

The photos can and often contain malicious software that infects the victim’s computer, directing the user to fake websites that look nearly identical to the real sites where the original advertisement was seen. The cyber criminals run all aspects of these fake websites, including “tech support” or “live chat support” and any “recommended” escrow services. After the victim agrees to purchase the item and makes the payment, the criminals stop responding to correspondence. The victims never receive any merchandise.

The FBI urges consumers to protect themselves when shopping online. Here are a few tips for staying safe:

• Be cautious if you lose an auction on an auction site but the seller contacts you later saying the original bidder fell through.
• Make sure websites are secure and authenticated before you purchase an item online. Use only well-known escrow services.
• Research to determine if a car dealership is real and how long it has been in business.
• Be wary if the price for the item you’d like to buy is severely undervalued; if it is, the item is likely fraudulent.
• Scan files before downloading them to your computer.
• Keep your computer software, including the operating system, updated with the latest patches.
• Ensure your anti-virus software and firewalls are current—they can help prevent malware infections.

If you have fallen victim to this type of scam, file a complaint with the Internet Crime Complaint Center at www.ic3.gov.

If you need education and resources to protect your identity click on http://www.theidentityadvocate.com/identity-advocate-services.php

Intelligence Note
Prepared by the Internet Crime Complaint Center (IC3)
October 12, 2012
SMARTPHONE USERS SHOULD BE AWARE OF MALWARE TARGETING MOBILE DEVICES AND SAFETY MEASURES TO HELP AVOID COMPROMISE

The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user’s device. The malicious application steals contact details from the user’s address book and the infected device’s phone number.

FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located. FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update.

Loozfon and FinFisher are just two examples of malware used by criminals to lure users into compromising their devices.
Safety tips to protect your mobile device:

When purchasing a Smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.
Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.
With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.
Review and understand the permissions you are giving when you download applications.
Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.
Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.
Be aware of applications that enable Geo-location. The application will track the user’s location anywhere. This application can be used for marketing, but can be used by malicious actors raising concerns of assisting a possible stalker and/or burglaries.
Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime a user, application or service runs in “unrestricted” or “system” level within an operation system, it allows any compromise to take full control of the device.
Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.
If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
Smartphones require updates to run applications and firmware. If users neglect this it increases the risk of having their device hacked or compromised.
Avoid clicking on or otherwise downloading software or links from unknown sources.
Use the same precautions on your mobile phone as you would on your computer when using the Internet.

If you have been a victim of an internet scam or have received an e-mail that you believe was an attempted scam, please file a complaint at www.IC3.gov.

Citadel Malware Delivers Reveton Ransomware in Attempts to Extort Money

05/30/12—The IC3 has been made aware of a new Citadel malware platform used to deliver ransomware, named Reveton. The ransomware lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States federal law. The message further declares the user’s IP address was identified by the Computer Crime & Intellectual Property Section as visiting child pornography and other illegal content.

To unlock the computer, the user is instructed to pay a $100 fine to the U.S. Department of Justice using prepaid money card services. The geographic location of the user’s IP address determines what payment services are offered. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.

This is an attempt to extort money with the additional possibility of the victim’s computer being used to participate in online bank fraud. If you have received this or something similar, do not follow payment instructions.

It is suggested that you:

Contact your banking institutions.
File a complaint at www.IC3.gov.

Malware is being Installed on Travelers’ Laptops Through Software Updates on Hotel Internet Connections

Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms.

Recently, there have been instances of travelers’ laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to set up the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.

The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products through their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor’s website if updates are necessary while abroad.

Anyone who believes they have been a target of this type of attack should immediately contact their local FBI office and promptly report it to the IC3’s website at www.IC3.gov. The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The complaint information is also used to identify emerging trends and patterns.