Week in review: Malicious email attachments, phishing trends, China’s cyber army and Halloween attacks

Here is an overview of some of last week’s most interesting news, interviews and articles:

Q&A: Malware threats, Windows 7 and cyber crime
Bo Olsen is a malware Researcher at Kaspersky Lab Americas. In this interview he discusses new malware threats, the problems the anti-malware industry faces today, Windows 7 and organized crime.

Cain & Abel 4.9.35 now available
Cain & Abel is a password recovery tool for Microsoft operating systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Zipped Trojan in email attachment leads to further infection
You should never open attachments from anyone you don’t know or don’t trust: TrendLabs discovered spam emails that hold a .zip attachment with a Trojan.

New patent for encryption key generation method
The newly issued US Patent No. 7,577,987 titled “Key generation method for communication session encryption and authentication system” describes a new encryption key management system integrated with a two-factor authentication protocol.

Serious cyber attacks on the horizon
Which nations possess the cyber capabilities to launch attacks against the US? What are the odds of that happening? How soon will those capabilities be available for purchase to the highest bidder on the black market?

Gawker and Gizmodo visitors preyed on by malicious ads
Gizmodo’s and Gawker’s ad sales teams were fooled into running malicious Suzuki ads through which hackers were trying to peddle scareware.

Understanding the risks of cloud computing: Questions to ask your service provider
Where is my data really being stored? What happens when I delete it – is it really deleted, or is there a backup somewhere I’m not aware of? These are questions that need to be asked by the audit team before negotiations with the cloud service provider begin.

Phishing trends according to the Anti-Phishing Working Group
The Anti-Phishing Working Group issued the results of a survey they conducted in the first half of 2009 and defined the latest phishing trends. The news are mixed: some of them good, other bad.

China raising a cyber army?
An independent report released by the U.S.-China Economic and Security Review Commission shows that China is becoming a major cyber superpower and that it’s bent on building its cyber warfare potential.

New trends in identity theft
Identity theft is America’s fastest-growing crime. Simple credit monitoring is not enough – only 15% of identity theft is credit-related. Hacking is down, but phishing is up, and there is a 100% increase in snail-mail based fraud!

Facebook users targeted by password change scam
A new spam campaign that targets users of the popular social network is under way. If you get an email with “Facebook Password Reset Confirmation” in the subject line, don’t even think about opening the attached .ZIP file.

A closer look at Acunetix Web Vulnerability Scanner 6.5
Web applications are accessible 24 hours a day, 7 days a week and control valuable data since they often have direct access to backend data such as customer databases. Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable vulnerabilities.

UK’s own “three-strikes” anti-piracy law announced
Following the decision of the European Parliament that enables European member states to approve laws that force ISPs to disconnect individuals from the Internet, the UK is planning on enforcing its own version of the “three-strikes” law meant to discourage illegal file sharing.

Careless spammer reveals tricks of the trade
After looking at who knows how many spam-and-scam occurrences, Patrick Fitzgerald of Symantec has struck gold while investigating the latest malware campaigns: a veritable spammer manual!

Trick or treat? Attackers exploit Halloween to infect users
Panda Security has uncovered a new Halloween-related search engine optimization attack. With October 31 just around the corner, and many Internet users searching for issues related to Halloween, attackers have been busy positioning thousands of Web pages among the first results returned by the most popular search engines.

Facebook spammer has to pay big money
Facebook has won the court battle against Sanford Wallace, one of the spammers who obtained access to people’s accounts and used them to spam their friends. He is supposed to pay back $711 million.