Last week we described Facebook malware that was distributed via compromised accounts offering “500 free credits on Facebook”. Now the same techniques are being used but the subject matter has changed to the highly topical death of Osama Bin Laden. As described in the last post the malware cycle is

There’s no such thing as a free lunch – or free Facebook credits. As proof consider the attack described below which has several stages: 1) Users get messages with offers of “free Facebook credits”   2) These trick users into running a malicious JavaScript 3) The infected user is lead to

It’s been almost one month since we reported about the huge increase of email-borne malware attachments. The outbreaks have continued on an almost daily basis since then and we have noted a corresponding dramatic increase of over 70% in the number of zombies.  The traffic graph below shows the continued

How advance-fee-fraud works: You think you’ll make money by helping Suzanne Mubarak – all you want is a small cut of the $2 Billion she wants to get out. After making contact though, you will have to pay some fees for “unexpected” items such as customs clearance, registration, banking charges,

It’s been over a month since we wrote about fake Twitter email messages, and if it worked once for scammers/spammers, they’ll certainly try it again. Commtouch labs is seeing large quantities of – you guessed it – fake Twitter email messages, similar to the one here:  How can the uninitiated

Statistics related to spam levels feature prominently in this Internet Threats Trend Report, as they did in the report about the fourth quarter of 2010. This is due to the wide variations observed during the first three months of 2011, and the takedown of the Rustock botnet – which we

Many of us suffer from email overload, even without including the seemingly hundreds of newsletters to which we voluntarily subscribe. Sometimes, we must step in and say “Enough” and unsubscribe from the emails that no longer provide as much value as we’d hoped in the beginning. The Really Good  Clear,

Update April 17, 2011: Based on some feedback received offline, I would like to clarify: inetbrowse is a proxy, available on the Google App Engine. In other words, anything can be proxied through it. I did not mean to imply that Google was knowingly hosting a phishing site. The intention

Malicious Adobe Flash files are making the rounds of some lucky individuals that have been targeted for spearphishing, according to news reports. Adobe has confirmed that the vulnerability exists in its Flash program, and that the infected files have been distributed (so far) embedded in a Microsoft Word document sent

We recently received an email supposedly from Puremobile – a supplier of unlocked cellphones. Similar emails were also received with “order info” from Bobijou (a costume jewelry designer). The “order confirmation” included a PDF file as shown below.  Our initial analysis of the file found no Javascript. No JavaScript? This