Blog

$107 for a couple of pizzas and drinks! – I didn’t order this… (especially not the Veggie Lover’s Pizza with chicken topping) There must be some mistake. I’ll click on this “cancel order” link and set things straight…. Our advice is of course not to click. The links redirect to

The last several months have seen a flurry of activity about protecting children from online pornography. Politicians in England, Ireland and elsewhere have come out in favor of requiring Internet Service Providers to block pornography from their customers, unless they explicitly opt in to access it. This would ensure that

“Your message could not be delivered”. It’s one of the oldest methods in the social-engineering-for spam-and malware-emails handbook. You are receiving notice that an email you sent has not reached its recipient – so sad.  And of course the attachment must contain the mysterious email. But it doesn’t. It contains

The text is in Spanish, but it’s quite clear what’s on offer: Some sort of video about girls in bikinis.  “Mira lo que ocurre” translates to “Look what happens”. Clicking on the video link leads to a page with a “video player” surrounded by various forms of Web advertising. The

By far the most common theme for malware emails over the last few weeks has been “interbank payment rejected” or similar. The emails refer to a cancelled or rejected interbank transaction and are alternatively from:  Electronic Payments Association ACH (Automated Clearing House) NACHA (National Automated Clearing House Association) These are

It is certain that the future of the Internet communication belongs to the Internet Protocol version 6, or IPv6. Even though some people might think it is new, it’s been around for quite a while; the first document describing basics of IPv6 (RFC 2460) was published in 1998. The protocol

The email shown below is a current example of “payment rejected” emails that have circulated in large numbers in the past 3 weeks. The links in the email lead to malware similar to that described a previous post .  In the example above the malicious JavaScript files were hidden within the

Facebook has confirmed that a series of pornographic and violent images posted on user walls this week were the result of a self-xss attack. XSS = cross site scripting. Self-XSS means that the malicious script was actually activated by a user and was not part of some hidden webpage code.

A malware-email outbreak in the past 24 hours uses phony Delta airline itineraries to entice users to click on the embedded links.  The social engineering of an attack such as this is very effective – particularly since the email looks very authentic: If you are planning a trip then you