Week in review: Kaspersky hacked, Facebook privacy breach and the rise of Java exploits

Here’s an overview of some of last week’s most interesting news, interviews, articles and reviews:

Facebook apps send user information to ad agencies
Various third-party applications on Facebook have been found guilty of sending users’ ID numbers and/or names to advertising agencies every time the users click on the ads, and among those are all of the 10 most popular.

Fake Twitter homepages serving malware
A number of bogus Twitter main pages have been popping up and are offering misdirected users a chance to see naked ladies and to download malicious applications.

Private key management: Real world tips
It has always been taken for granted that the entire IT security industry understands that, as part of digital certificate management, it is necessary to manage the private keys associated with those certificates. A recent conversation with an analyst made it clear that this assumption was just that – an assumption.

Seven Deadliest Microsoft Attacks
Part of Syngress’ “The Seven Deadliest Attack Series”, this book introduces the reader to the anatomy of attacks aimed at Microsoft’s networks and software: Windows, SQL and Exchange Server, Microsoft Office, SharePoint and the Internet Information Services.

Suspected money mule arrested in London
Members of the Police Central e-crime Unit arrested a 34-year-old man suspected of organizing money mules to open drop accounts in order to launder the proceeds of online crimes abroad and was taken into custody a central London police station.

Bogus Adobe employees sell fake PDF program
A series of e-mails purportedly sent by Adobe Acrobat Reader Support employees in which the users are urged to activate their “new Adobe PDF Reader” have been hitting inboxes worldwide.

The rise of Java exploits
Sifting through the data collected and analyzed in order to compile the latest Microsoft Security Intelligence Report, senior program manager Holly Stewart came to an interesting conclusion.

Current threats and the evolution of cybercrime
Dr. Eric Cole is a security expert with over 20 years of hands-on experience. He is actively involved with SANS. In this interview he discusses current threats, the evolution of security products, phishing attacks, the future of cybercrime, as well as his SANS “Security Essentials” training course he’s hosting at SANS London in late November 2010.

Kaspersky download site hacked, redirecting users to fake AV
For three and a half hours, it has been providing download links that redirected users to a malicious web page where windows telling them their computer was infected were popping up and they were encouraged to buy a fake AV solution.

The Zeus malware R&D program
Trusteer captured and analyzed a new version (2.1) of the Zeus financial malware and found that it has added sophisticated new mechanisms to commit online fraud and remain the Trojan of choice for criminals.

Global e-crime gang transitions to crimeware
The world’s most prolific phishing gang has completed a transition from using conventional phishing to massively propagating stealthy password-stealing crimeware that does not require user cooperation to surrender financial account credentials, according to a report by APWG.

FBI warns businesses about corporate account take overs
The FBI has issued a fraud advisory to warn businesses about the various bank fraud scams currently employed and offers a bevy of tips for protecting oneself, detecting these attacks and responding to them.

Fake Stuxnet removal tool wreaks havoc
Among the legitimate Stuxnet removal tools that cropped up since then, there are also bogus ones that will do nothing to disinfect your computer – if it is, indeed, infected – and cause only harm.

A closer look at SafeWallet for Mac
SafeWallet (v.1.0) is a password manager in which you can store all your passwords and all your private information that you want to have handy but accessible only to you – such as credit card and bank account information, e-mail and internet provider information, and much more.

Facebook works on solution to stop inadvertent user ID sharing
The recent discovery that various third-party application on Facebook were sending users’ ID numbers and/or names to advertising agencies every time the users click on the ads (by way of HTTP referrers) has seemingly spurred the social network into doing something that would prevent this from happening ever again – well, unintentionally at least.

Past, present and future of Metasploit
HD Moore is the CSO at Rapid7 and Chief Architect of Metasploit, an open-source penetration testing platform. In this interview, he talks about the transition to Rapid7, offers details on the development and different versions of Metasploit and discusses upcoming features.

A “private” banking Trojan competes with ZeuS
The recent surge of brand new banking Trojans continues to give us more things to worry about. The latest one is named “Feodo”, and it has been around for months now, but was probably considered to be a just variant of the more popular ZeuS and SpyEye malware.