American Express warns of malicious pop-up
American Express is warning customers that attackers are targeting them with a phishing scheme that relies on a fake pop-up screen disguised as a security update. An image of the pop-up screen is included in the company's online advisory.
The advisory explains that the pop-up is a hoax that has been circulating since March 29. The box carries the title of "Security Measures" and requests people provide their date of birth, Social Security number and mother's maiden name.
"Please note that this fraudulent activity may be the result of a computer virus and is not a part of the American Express Web site," the advisory said. "If you received this pop-up box, your computer may have this virus."
Info on 66,000 newspaper subscribers leaked online
Personal data on 66,000 Japanese newspaper subscribers has leaked onto the Web through file sharing software, according to a report on the Slyck News Web site, which specializes in file sharing news.
Slyck noted that the incident is the latest in a long line of serious data leaks in Japan, which have included sensitive military, police and medical records. The newspaper, Tokyo-based Mainichi Shimbun, confirmed that names, addresses and phone numbers were leaked, but not financial data.
The data emerged on a Japanese file sharing network called Share, which is being developed by an anonymous author as a successor to the popular Winny network. Both Winny and Share use code from the amorphous Freenet network to help obscure the link between IP addresses and shared folders, Slyck noted, offering a certain level of anonymity.
The leak was traced back to an employee who moved the data onto his own computer, which had Share installed. Unknown to the employee, the computer also had a virus that shared the whole hard drive on the file sharing network. Ironically, Slyck reported, the leak was discovered by the paper's own reporters, who were investigating cybercrime.
Trojan horse hijacks data; demands ransom
A new Trojan horse prevents victims from accessing their computer data and demands a ransom be paid via Western Union, UK-based AV firm Sophos warned on its Web site.
Troj.Ransom-A threatens to delete one file belonging to the user every 30 minutes until the $10.99 ransom demand is paid. The Trojan also displays pornographic images and the following message:
listen up [expletive]
is this computer valuable. it better not be. is this a business computer. it better not be. do you keep important company records or files on this computer. you'd better hope not. because there are files scattered all over it tucked away in invisible hidden folders undetectable by antivirus software the only way to remove them and this message is by a CIDN number
The Trojan horse continues to explain that a "CIDN number" can be acquired by making a payment via Western Union to the hacker, Sophos said. Once the number has been entered, the Trojan promises to remove itself and restore access to the stolen files.
Sophos said the Trojan circumvents attempts to remove it from infected computers once it has activated. If the affected user presses Ctrl-Alt-Del in an attempt to stop the Trojan from running, another message is displayed:
Yeah, We don't die, We multiply! Ctrl+Alt+Del isn't quite working today, is it? I'm not the sharpest tool in the shed but Crtl+Alt+Del is everyone's S.O.S.