The Panda antivirus software say the phishing attacks are geared towards collecting personal bank details from people’s computers and the popular Apple iTunes service is in the firing line.

The phishing attack centres on emails which are sent to people and masquerade as genuine iTunes receipts for goods not purchased. The email contains a link that the person clicks and asks them to download a malicious and fake PDF reader. If the user agrees to the download, then they are directed to other websites that download all sorts of malware.

Hackers have identified iTunes as a multi-use platform which every day has millions of people loading credit and debit card details, as well as conducting a huge amount of transactions. The potential number of victims is worrying large parts of the computers security industry.

At the heart of the ‘con’ is a genuine attempt by people concerned that they have received an incorrect receipt for a purchase they never made. The natural reaction is to click the link, identify the nature of the receipt and then try and put matters right. Of course, the hackers are in the meantime directing their victims to websites that have nothing whatsoever to do with Apple, but are there to download nefarious malware.

And once the malware has been downloaded – mostly banking trojans in this case – the viruses get to work copying a person’s bank and personal details, which then gives the hackers complete control of various financial transactions. This might range from making purchases, to draining a bank account completely.

The skill of the phishers is to replicate almost perfectly an iTunes email and then release these to millions of unsuspecting computer users.

Security experts remind people that the best way of avoiding such tricks is never to enter a supposed site by way of an email link, unless the source of the email can be completely guaranteed. As always, a suspicious mind is one of the best ways to defeat such tricks.

Luis Corrons, the Technical Director of PandaLabs, creator of Panda antivirus software range of applications, said:
“Phishing is nothing new. What never ceases to surprise us is that the techniques used to trick victims continue to be so simple, although the design and content is often very well worked. It’s often difficult not to fall in the trap. That’s why it’s absolutely crucial that when you use platforms such as iTunes, and you receive these types of notifications, never go to the website through the email, but rather from the platform itself. You can check your account status in real time from the account itself. And in this case you would therefore realize it is an attempt at phishing.”

Guest Article by Neil Camp 

Microsoft sent out ten alerts which covered 34 separate vulnerabilities and these came together with a number of other updates and additional fixes. Only three of these security patches were ‘critical’ and they affected media decompression, ActiveX and their web browser, Internet Explorer.

Adobe has recently had to fix a long line of weaknesses with security patches in their product line-up and the latest was uncovered in the Flash Player. This effects multiple platforms and will also create impacts on the Adobe Reader and version Nine of the Acrobat. Although a fix has been issued, not all elements are covered and some platforms will have to wait for help.

Security patch experts say that the older versions of the PDF handling software are safe from the problems. Those users of Reader and Acrobat are being told they can work around the problem, but they have to make inoperative, delete, or rename the component called ‘authplay.dll.’ This provides the Flash function within the PDF documents.

As well as Microsoft and Adobe, Apple has also had its fair share of security patch problem fixing. They have had some problems with their latest version of the Safari browser which is said to have numerous issues inherited from older versions. Not least is a long-discovered weakness which enables malicious sites to harvest history data from the Safari browser.

Computer security officials are again warning computer users to accept security patches sent by the creator of the software in order to protect themselves against all manner of malware programmes.

And they stress that only those security patches from reputable, known companies should be downloaded. A common tactic is to trick computer users into thinking that they need a patch, only to find that it is in effect a malicious programme.

Guest Article by Neil Camp

And the names leaked included a number of senior US Government officials, celebrities and businessman.

The attack on the iPad was first announced by the website Gawker. It reported that a group going by the name of Goatse Security had succeeded into hacking into AT&T’s subscriber data, obtaining the sensitive details from about 100,000 email addresses.

AT&T admitted the attack and said that the flaw had been corrected and what’s more, that only those email addresses which had a security weakness had been exposed by the hackers. AT&T didn’t comment on the role of the FBI.

A less shy FBI spokesman said: "The FBI is aware of these possible computer intrusions and has opened an investigation to address the potential cyber threat.”

Observers see this as a passing embarrassment for AT&T and by no means a crippling blow. The general feeling was amongst security professionals that the breach was not catastrophic and that it had little to do with the iPad’s basic set-up. Furthermore, others pointed out that whenever Government and VIP addresses get hacked, the Feds usually get a call and have to be seen to be pro-active.

AT&T has the exclusive US rights to carry the iPad and the iPhone. This exclusivity hasn’t won it many friends in certain quarters of a jealous industry. There are also subscribers who complain about the quality of the AT&T network.

This won’t dent the incredible success already experienced by the iPad, already selling over two million units worldwide since its launch in April. And the iPad is being seen as Apple’s major battering ram to enforce its international growth strategy. Last month Apple over took its rival Microsoft to become the world’s most valuable technology stock.

Rival models to the iPad are expected soon from Dell and Hewlett Packard, although experts see them playing a game of catch-up.

Guest Article by Neil Camp

Basically, as the ability to mobile surf becomes the norm, mobile phones will become just as vulnerable to attack from malware as desktops and laptops.

And what’s more, the popularity of the App Store makes the chance of malware infiltration far higher than before. Experts say that the problems being encountered by PC users now on a daily basis (spam, viruses and identity theft), could become commonplace on mobile phones.

The experts are worried that smartphones, effectively complex multimedia devices which have a number of ways of communicating, and which are updated on a very regular basis, are leaving the security industry trying to play catch up.

So the best solution, claim the experts, is rather than the onus being on the mobile user protecting themselves, is to get the network operators to take control of the situation. They should introduce sophisticated security techniques including anti-flooding technology, anti-spam and virus filtering software, and, blacklisting programmes.

Whether the network operators agree that one of their roles is to act as policemen against malware threats remains to be seen. But if someone doesn’t get a grip on developments soon, warn the security companies, then the situation will get out of hand and mobile surfers will become a happy hunting ground for the cyber criminals.

Guest Article by Neil Camp

McAfee, which is the world’s number two security software company in the world, has also just told investors that business, whilst hard during the start of the year, has actually improved over the last two months.

The McAfee CEO was in an upbeat mood as he revealed that the company had experienced a virtual freeze in January and February 2009, but added that March was better, with April better still and that currently, things had virtually returned to normal spending levels.

And McAfee is also developing products for the design-led computer group Apple. A comprehensive security suite was currently in development for both Mac computers and the iPhone family.

In particular, McAfee believes that as more and more applications become available for the iPhone, from thousands of software developers, so the threat to security will increase dramatically. Avoiding identity theft and data loss will become big worries for the iPhone user. It has been reported that since its launch in July, 2008, over one billion programmes have been downloaded from the Apple App Store.

Although confirming that such an Apple security suite was in development, McAfee didn’t let on when it would be released.

Guest Article by Neil Camp