You must be familiar with the term phishing, or phishing scam. It is an online hacking attack where an individual involved in online hacking tricks a victim into giving away secret information such as log-in details, financial data and so on, without the latter realizing the true nature of the scam.

So you can understand the potential use of phishing to online hacking criminals who wish to perpetrate identity theft. The term itself originates from phone phreaking, a word that traces its way to early hacking incidents reported in the media and identity theft cases. Though based on a simple underlying concept, perpetrators can weave an elaborate con aimed at ‘phishing’ the identity details of a target. These may then be used to mail bomb another target, other online hacking activity or even to access the target’s financial data.

Online Hacking: How Phishing Scammers Operate

Phishers try to con you into providing them with sensitive info such as email/ login data, which they can then put into their nefarious online hacking skills and use it to make money out of the system.

One very vulnerable target for phishers is your PayPal account. PayPal is a web-based payment processing system that lets you transfer money to and from your PayPal account with your credit or debit card, thus avoiding the risk of revealing your credit card details to every e-commerce website you shop at.

This does make PayPal a particularly meaty target for online hacking. If you wanted to take money out of other people’s PayPal accounts, all you would really need is their email address and password. Then you sign in to their account, and send the money to an account you have set up.

What phishers will do is email PayPal customers with an email that looks like an official email from PayPal. It will have the PayPal logo and format and will look exactly like official PayPal emails to customers. It may even come from an address that looks like PayPal’s official website. It will go on to say it is a random security check or some other technical procedure and that you are required to type in your user name and password. It will then thank you and say the check or whatever other scheme it claims to be is complete. In the meantime, the phisher will have your password and can clear out your account.

While this is a basic example, there are countless variations of increasing complexity that will be used to try and entice customers to give out bank account details, credit card details or other sensitive information. It can often be next to impossible for the average customer to detect that the email or website is not the official one of the company it is supposed to be from and they are therefore very dangerous.

Any suspect email that has even a remote possibility of being a phishing attempt must be immediately notified to the concerned party that is being mimicked; often your bank or credit card company or PayPal account. You need not be a Sherlock Holmes to spot such a scam: no bank or payment processor would ask for your password in an email, so if a purported bank or bank employee requests such information then its time to hit the panic button.

Keep watching this online hacking weblog for the  latest online hacking news.

Last year, 34 percent were born in all the malware that has ever been, according to security company Panda Software on-line.

Statistics released as part of the company’s Annual Security Report 2010 has revealed the biggest threat yet to the Trojans, which included 55.91 percent of the beneficiaries of malware.

The data from PandaLabs also showed spyware made up less than one per cent of malicious software online, whilst 11.6 per cent was fake antivirus software known as ‘rogueware’.

PandaLabs said email spam had still been a major problem in 2010 forming around 95 per cent of all email traffic globally. However, within the year, the figure dropped to 85 per cent.

The survey cited proactive measures such as the dismantling of botnets as helpful to the reduction, saying this had reduced the number of computers being used as zombies to send out spam remotely.

The report states, as well as social networking sites and the growing popularity of smartphones in 2010, the attacker was seen to take advantage of them, using fake Web sites and applications.

It was also the year in which cyber terrorism and cyber-activism, “hacktivism” or become a serious problem. Clearest Stuxnet worm attack nuclear facilities in Iran, Aurora Operation Trojan was launched in large multinational companies and the various functions of the Anonymous hacker group.

Kaspersky Lab presents its assessment of malware action on users’ computers and on the Internet for December.

In December 2010, analysts of the company once again recorded a high level of subversive activities. Kaspersky Lab products blocked over 209 million network-level attacks in recent months, over 67 million groped to infect computers across the network are detected and neutralized over  the 196 million malicious software and recorded nearly 71 million heuristic judgments.

Social engineering and the exploitation of vulnerabilities in legitimate software remained the main methods employed by cybercriminals, though it appears they never cease to hone their skills in other areas. They certainly didn’t pass up the opportunity of jumping on the ‘shortened URL’ bandwagon. Users are increasingly using Internet addresses that have been shortened with the help of special URL shortening services, and they don’t always know that malicious links may be lurking among them. In December the top trends on Twitter’s main page included a number of entries with links that had been shortened using popular services such as bit.ly and alturl.com. After several redirects these links eventually led to infected websites.

In another development, the authors of fake antivirus programs have been busy perfecting their tactics, so much so that two of their creations made it into December’s Top 20 malicious programs detected on the Internet – in 18th and 20th places. Genuine antivirus programs are now so effective at detecting their fake counterparts when they attempt to download to users’ computers that the cybercriminals have moved their wares to the Internet instead. In the latter scenario these rogue programs don’t need to be downloaded to a computer; users just need to be lured to a fake antivirus website, which is a lot easier than bypassing real antivirus protection.

Representatives of the Trojan-Downloader.Java.OpenConnection family remain extremely active. Instead of using vulnerabilities in a Java virtual machine these Trojans employ the OpenConnection method of a URL class – standard functionality of the Java programming language. Two representatives of Trojan-Downloader.Java.OpenConnection were among the Top 20 malicious programs detected on the Internet in December in 2nd and 7th places. At the height of their activity the number of computers on which these programs were detected in a 24-hour period exceeded 40,000.

Topping the list of web-based threats, well ahead of its nearest rival, was the adware program AdWare.Win32.HotBar.dh. As a rule, this program is installed along with legitimate applications and then annoys the user by displaying intrusive advertising. For the first time ever a malicious PDF file that makes use of Adobe XML Forms has made it into the Top 20 online threats. When a user opens the file Exploit.Win32.Pidief.ddl, a script exploit is launched that downloads and runs another malicious program from the Internet. Exploit.Win32.Pidief.ddl occupied 11th place in December’s rating of threats emanating from the Internet.

December also offered virus analysts the chance to monitor cybercriminal activity as it adapted to a new Russian Internet domain. November 2010 saw the beginning of domain name registration in the .ÒÆ (Cyrillic abbreviation for the Russian Federation) zone of the Internet. Online scammers turned out to be most active in the new domain, registering sites that were used to spread malicious programs and make enticing offers of a fraudulent nature.

Three types of malware were detected above all: the music files as false, movies and multimedia, script programs disguised model useful services for the social networking site Odnoklassniki and Trojans to redirect users to pages malicious Web.

Malware Security Report by NSS Labs found in the Windows Internet Explorer 9 Beta catch “extraordinary” 99 percent of live threats, which IE does not pack 80 percent. Mozilla Firefox 3.6 called for 19 percent of direct threats, down 10 per cent of NSS Labs test is performed in the first quarter of 2010.

Protection of IE9 includes SmartScreen URL filtering, which is included in IE8 and reputation of the applications SmartScreen, which is a new IE9. The report noted Apple’s Safari browser has been asked 5-to 11 percent of direct threats, and protection of the public fell by 18 percent in Q1 2010.

Google Chrome 6 caught just three percent of the live threats, down 14 percent from the Q1 2010 test and Opera 10 brought up the rear—the browser caught zero percent of the live threats. The report concluded the browser provides virtually no protection against socially engineered malware.

From an initial list of 8,000 new suspicious sites, 1,209 potentially malicious URLs were prescreened for inclusion in the test and were available at the time of entry into the test. These were successfully accessed by the browsers in at least one run. On average, 124 new URLs were added to the test set per day. NSS Labs then assessed the browsers’ ability to block malicious URLs as quickly as they found them on the Internet, and continued testing them every six hours to determine how long it took a vendor to add protection.

Trends show Safari and Firefox converging at a protection rate just under 20 percent, indicating that while they share the Google Safe Browser feed, there is a difference in each browser’s implementation. The report noted the mean time to block a site (if it is blocked at all) was16.4 hours, and noted Chrome (with a mean time of 17.8 hours) and Safari (nearly 37.5 hours) were above average at adding new blocks. With the exception of Opera, which failed to block a single malware download, all browsers blocked at least one malware download, according to NSS Labs data.

“It became obvious from this test and comparisons to the earlier test that Microsoft continues to improve their IE malware protection in Internet Explorer 8 (through its SmartScreen Filter technology) and in Internet Explorer 9 (with the addition of SmartScreen application reputation technology). With a unique URL blocking score of 94 percent and over-time protection rating of 99 percent, Internet Explorer 9 was by far the best at protecting against socially-engineered malware,” the report concluded. “The 89 percent zero-hour block rate suggests a far superior malware identification, collection, and classification method,” the report noted.

The test, conducted in September 2010, was the company’s fourth test of Web browser protection against socially engineered malware—which the company said is the most common and impactful security threat facing Internet users today. This report followed the same Live Testing methodology as the tests conducted in Q1 2009, Q3 2009, and Q1 2010.

The report contains validate the empirical evidence gathered during 11 days of 24 x 7 tests done in every six hours, more than 39 discrete test functions, each adding new and fresh malware URL. Each product has been upgraded to the latest available at the time of commencement of the trial, and allows access to the Internet directly.

According to security vendor Fortinet, the spam messages link to typical spam sites such as online pharmacy shops, one of which has been sourced to a web host that also serves content for several pill pushing sites.

Fortinet’s Global Security Research Team warned that Wall posts containing links must be handled with care and recommends they should not be followed.

“While hijacked accounts have not been proved to be utilised for anything beyond posting relatively innocuous spam 2.0, it is not a stretch to think that links to drive-by-install malicious sites could be injected at some point,” warned Fortinet.

Users should be wary of phishing attempts when confronted by a login page or upon clicking a link contained in a friend’s message, carefully check the login page URL, advised Fortinet.

Facebook’s “Wall” feature, allows users to post comments on friends’ profiles.

Meanwhile, the co-author of the book ‘Facebook — Now What???’, Jesse Stay revealed in a blog post last week that the incident may be linked to an application on Facebook known as Secret Crush.

Stay wrote that the application installed Spyware on peoples’ computers and Facebook was forced to remove it in January but two months later it still seemed to be wreaking havoc.

“Doing a search for “crush calculator” on Facebook revealed a few groups users have set up to apologise to their friends for someone hacking into their account and sending messages about the “Crush Calculator”.

Additionally, just last week security researchers uncovered a new wave of attacks in which profiles on Facebook were used to post images – in this case the images were of child torture.

According to Fortinet, Facebook has been notified and is looking into the issue.

Spammers have created sophisticated methods of varying their images slightly with each spam attack, making it even more difficult for most anti-spam technologies to catch this type of spam.

Commtouch’s patented Recurrent Pattern Detection (RPD) technology matches recurrent patterns across similar messages, regardless of the content or language of the message, and regardless of variations in the messages.

The enhanced Commtouch solution can decode images in spam, allowing the RPD technology to block image-based spam.

“Over the past several months, through processing billions of email messages, we identified an increase in this particular subset of spam, containing images only,” said Amir Lev, Commtouch’s Chief Technology Officer.

“Traditional anti-spam technology — such as content-based, Bayesian filtering, Heuristics and URL filtering — is practically defenseless against this image-based spam, leaving organizations open to floods of these types of email,” said Lev.

The team behind the Firefox browser has caution users about a new kind of phishing attack.

The new phishing attack restore an inactive browser tab on the Firefox browser with a hateful phishing page designed to steal user names and passwords for e-mail and bank accounts from innocent users.

Firefox creative team leader, Aza Raskin, said that the attack, which only affects the latest version of Firefox, is simply preventable if users are cautious and check that the URL in the browser address page is correct before proceeding to enter any details.

So use Firefox old version to avoid Phishing scam for some time.

Once again, it’s significant to present you with information concerning the upcoming FIFA World Cup. Cyber criminals are not going to stop until the end of this event – they are launching new attacks of Scam, aiming to trick as many possible victims as possible. Let’s get familiar with two new scam email campaigns revealed by security experts from Trend Micro.

Emails belonging to the first spam campaign inform possible victims about a new “contest” called “Final Draw” and supposedly being organized by the FIFA Organizing Committee. Receivers are asked to download the .doc attachment in order to see all the details of their winning. The aim of the creators of this attack is to gain victims’ personal and financial information and use it for their further nasty activities.

The other spam campaign spreads messages written in poor English and punctual its recipients to open an attached .pdf file. The attachment asks its beneficiary to give certain information “in relation to a fund transfer transaction amounting to a whopping US$10.5 million. Upon agreeing to the bid, the recipient should supposedly get 30 percent of the said amount,” Trend Micro notes.

The tactics of this campaign be similar to well-known 419 scam. The so-called 419 scam (aka “Nigeria scam” or“West African” scam) is one of the most well-liked scams in the world affecting millions of people. It starts with an email asking for help and talented a huge reward for that. However, victimized users just lose their money almost without a possibility to get them back.