OT/WARNING BBC link used to entice cyber victims FYI

Discussion in 'Fibromyalgia Main Forum' started by victoria, Mar 31, 2006.

  1. victoria

    victoria New Member

    Someone clever is using BBC to hack into people's 'secure financial transactions' - beware - the story basically from BBC's website:

    BBC used to entice cyber victims

    The e-mails direct users to a fake BBC News website
    People are being warned about spam e-mails containing BBC News stories designed to trick them into visiting malicious websites.

    Cyber criminals are using the messages to exploit a recently discovered flaw in Microsoft's Internet Explorer.

    If users click on the link, they are taken to a fake website that installs a piece of software that can monitor online financial activity.

    People who receive the e-mails are advised to not follow the link.

    The alert, from security firm Websense, comes less than a week after security firms found three flaws in the popular browser.

    ...The fake e-mails entice readers with excerpts from current BBC news stories and include a link to "Read More".

    When the user clicks on the link they are directed to a spoofed BBC news website that installs a piece of software known as a keylogger.

    "The keylogger monitors activity on various financial websites and uploads captured information back to the attacker," said the Websense alert.

    "We saw a similar approach last year after Hurricane Katrina with e-mails sending requests for help purportedly from the Red Cross," he told the BBC News website.

    ...Security firms say hundreds of web links are trying to catch people out using the loophole.

    On Microsoft's security blog, the company said it had been very active in working with the law enforcement to take down malicious websites.

    Microsoft said it would produce patches for the vulnerabilities in its next security update due on 11 April.

    However these could be released earlier if the threat grows significantly. For now, two firms, eEye Digital Security and Determina, have separately produced software patches that close this loophole.

  2. victoria

    victoria New Member