Girl Has a Spider Living Inside of Her Skin! Facebook Scam

A new is rapidly spreading on where users are sharing a video on their timeline with the message "OMG. this is really gross GlRL HAS A SPlDER LlVlNG lNSlDE OF HER SKlN".

OMG Girl Spider in Skin Facebook Spam

The following update is written in all capital letters and has replaced the word "I" with an "L". The video also warns users that it has Mature Content. However, don’t fall for it, since it is nothing but Facebook Spam. The scam is similar to earlier scams like the OMFG: A Girl Raped by Her Teacher in the Classroom and Brother Rapes and Kills His Sister scam.

It tries to generate curiosity in users and then redirects them to a site where they are asked to fill out surveys before they can watch the video. As a user, you might fill out the survey and make money for the scammer, but there will be no video to view in the end.

It is recommended that you DO NOT click on such links or scam messages on Facebook. If you come across this scam message, please delete/remove the scam from your Facebook news feed immediately. Alternately, you can report the scam to Facebook Security.

Here is an article about Avoiding Facebook Likejacking and Clickjacking scams. We have also compiled a list of Most Actively Spreading Scams on Facebook on Facebook for you to look through and avoid.  You might also want to use a security application for protecting you from Facebook scams. As a precautionary measure, always check which applications you use and remove unwanted or suspicious ones. If you aren’t sure how to do it, you can always check our guide on removing apps from Facebook.

Anonymous & LulzSec Tell FBI To Go Fish

Over the past couple of days the FBI has been making arrests in and around New York City with regards to the PayPal breach carried out by Anonymous back in December 2010. Over 14 people were arrested on Tuesday and several more searches are underway.

Back in December 2010, Anonymous had attacked PayPal because they had stopped or closed down accounts of . The shutdown was done because of the leak of classified U.S. documents by Wikileaks. After the PayPal breach, Anonymous continued destructing several other websites including those of MasterCard and Visa.

Also Read: Editorial: LulzSec, AntiSec and Why the Internet is a Sadder Place Now

The FBI had been on trail of suspects since a long time, but they final managed to make some arrests after almost 8 months. However, the arrests have hardly shaken Anonymous and the recently notorious LulzSec, who have grown in popularity over the past few months and had also recently attacked Rupert Murdoch’s newspapers because of the phone hacking scandal.

In a open letter to the FBI, Anonymous and LulzSec have basically asked the FBI to F*** Off. The response came after the deputy assistant FBI director Steven Chabinsky gave the following statement to NPR;

"We want to send a message that chaos on the Internet is unacceptable,  [even if] hackers can be believed to have social causes, it’s entirely  unacceptable to break into websites and commit unlawful acts."

The hacktivists replied to this message by arguing that Governments are lying to their citizens and trying to keep them into control and curtailing their freedom. Along with that, Corporations and lobbyists are conspiring with the Governments while collecting billions in funds for federal contracts.

They have also clearly stated that the "governments and corporations are their enemy" and they will continue to fight them. Additionally, Anonymous and LulzSec seem to have no fear in this world anymore and are claiming to be unstoppable;

We are not scared any more. Your threats to arrest us are meaningless to us as you cannot arrest an idea. Any attempt to do so will make your citizens more angry until they will roar in one gigantic choir. It is our mission to help these people and there is nothing – absolutely nothing – you can possibly to do make us stop.

This is definitely a direct attack on the FBI and their security and will ensure a cat-and-mouse game between the government and the hacktivists. It is definitely not the end and the authorities will have to fight a painful battle on the internet against people they might never be able to catch.

Also Read: LulzSec Takes Down CIA.gov Website, Forwards Prank Calls to FBI

The drama is yet to unfold. The next few months or years will show how this will pan out and who will win the battle. In the meantime, you can read the entire Anonymous & Lulz Security Statement below:

Hello thar FBI and international law authorities,

We recently stumbled across the following article with amazement and a certain amount of amusement:

http://www.npr.org/2011/07/20/138555799/fbi-arrests-alleged-anonymous-hackers

The statements made by deputy assistant FBI director Steve Chabinsky in this article clearly seem to be directed at Anonymous and Lulz Security, and we are happy to provide you with a response.

You state:

  "We want to send a message that chaos on the Internet is unacceptable,   [even if] hackers can be believed to have social causes, it’s entirely   unacceptable to break into websites and commit unlawful acts."

Now let us be clear here, Mr. Chabinsky, while we understand that you and your colleagues may find breaking into websites unacceptable, let us tell you what WE find unacceptable:

* Governments lying to their citizens and inducing fear and terror to keep them in control by dismantling their freedom piece by piece.

* Corporations aiding and conspiring with said governments while taking advantage at the same time by collecting billions of funds for federal contracts we all know they can’t fulfil.

* Lobby conglomerates who only follow their agenda to push the profits higher, while at the same time being deeply involved in governments around the world with the only goal to infiltrate and corrupt them enough so the status quo will never change.

These governments and corporations are our enemy. And we will continue to fight them, with all methods we have at our disposal, and that certainly includes breaking into their websites and exposing their lies.

We are not scared any more. Your threats to arrest us are meaningless to  us as you cannot arrest an idea. Any attempt to do so will make your citizens more angry until they will roar in one gigantic choir. It is our mission to help these people and there is nothing – absolutely nothing – you can possibly to do make us stop.

  "The Internet has become so important to so many people that we have to ensure that the World Wide Web does not become the Wild Wild West."

Let me ask you, good sir, when was the Internet not the Wild Wild West? Do you really believe you were in control of it at any point? You were not.

That does not mean that everyone behaves like an outlaw. You see, most people do not behave like bandits if they have no reason to. We become bandits on the Internet because you have forced our hand. The Anonymous bitchslap rings
through your ears like hacktivism movements of the 90s. We’re back – and we’re not going anywhere. Expect us.

Everything You Need to Know About Malware and Microsoft’s Defense

Malware, popular term for malicious software, is a software program designed to damage a user’s computer, a server, or network; or to steal personal or sensitive information of a user or defrauding the user through online scams.

What are Different Types of Malware?

  • Rogue security software: Rogue security software masquerades as legitimate security software or Microsoft Update user interface. Fake alerts scare users into thinking that their computer has been compromised and clicking the suggested link to resolve the issue which instead stealthily   downloads malware to the computer.
  • Password stealers: A password stealer transmits personal information such as user names and passwords that an unsuspicious user enters while browsing the web or using applications on the computer.
  • Keyloggers: A keylogger sends keystrokes or screenshots to an attacker. The information can be then used to ascertain passwords, bank account numbers, or any sensitive information that a user types.
  • Rootkits: A rootkit performs functions that a system administrator cannot easily detect or undo. A rootkit is often installed as part of a bundle of malware, where it hides itself and other malware that performs a more
    dangerous activity.
  • Viruses: Viruses are malware that replicate by infecting other files on the computer, thus allowing the execution of the malware code, and its propagation when those files are activated.
  • Worms: A worm is a self-propagating program that can automatically distribute itself from one computer to another.
  • Trojan horses: A trojan horse is an application that appears legitimate and useful, but performs malicious and illicit activity on an affected computer.
  • Spyware: Spyware collects information, such as the websites that a user visits, without user’s knowledge.

Why is Malware a Serious Problem?

Malware is a common weapon for cyber-criminals against individuals and organizations. Malware writers use constantly evolving techniques to make detecting and removing their software difficult. Often malware are deployed together as part of a large, sophisticated assault to recruit vulnerable computers into botnets. Botnets are attractive to criminals because they are easy to hide behind. Botnets harness the processing power, storage, and bandwidth of attacked computers to generate vast amounts of spam, hack websites, and commit online frauds.

Microsoft’s Strong Pursuit of Rustock

Microsoft has taken its pursuit of the operators of the notorious Rustock botnet to the next level by offering a monetary reward of $250,000 for any information about them that leads to their identification, arrest, and criminal conviction.

Microsoft Digital Crimes Unit

In 2010, the  Microsoft Digital Crimes Unit (DCU), in cooperation with industry and academic experts, had successfully taken down the botnet Waledac in an operation known as Operation b49. This successful operation against Waledac paved the way for future shutdowns in cases where criminals are abusing anonymity to victimize computer users around the world. The Rustock takedown was the next, and the biggest success till date. In March 2011, the Rustock botnet was taken down with help of industry partners and law enforcement. In an operation known as Operation b107, this was a joint effort between the DCU, the Microsoft Malware Protection Center, and Trustworthy Computing known as Project MARS (Microsoft Active Response for Security). Since that time the botnet has stayed dead.

Last month, Microsoft published notices in two mainstream Russian newspapers, the Delovoy Petersburg and The Moscow News, to notify the Rustock operators of the civil lawsuit. The quarter-page ads ran for 30 days to make a good faith effort to contact the owners of the IP address and domain names that were shut down when Rustock was taken offline. Microsoft also created the noticeofpleadings.com website specifically dedicated to the case.

However, Microsoft has made clear that keeping the botnet dead or taking action against the perpetrators of this botnet isn’t the only focus. Microsoft intends to effectively reduce digital crime globally by deterring the criminals who seek to profit from botnets. This huge cash bounty testifies to Microsoft’s insistence that the Rustock botnet is responsible for a number of criminal activities.

Rustock was a spam giant with a capacity for sending 30 billion spam mails every day. DCU researchers watched a single Rustock-infected computer send 7,500 spam emails in just 45 minutes a rate of 240,000 spam mails per day. The spam mails included fake Microsoft lottery scams and offers for fake and potentially dangerous prescription drugs. The botnet was estimated to have approximately a million infected computers operating under its control.

Computers are recruited into botnets when malware is installed on them. Botnets are known to be the tool of choice for cybercriminals because they are easy to hide behind. Botnets harness the processing power, storage, and bandwidth of infected computers and can be used to to send spam, conduct denial-of-service attacks on websites, spread malware, facilitate click fraud in online advertising and much more.

The United States had the most botnet infections (2.1 million), far ahead of Brazil, which had the second greatest number of infections (550,000). Korea had the highest rate of botnet infections (14.6 bot computers cleaned per thousand).

The Only Good That Came out of Lulzsec- Good Publicity for CloudFlare

Over the last few months, LulzSec has ransacked through the Internet causing mayhem. They started out with some bright zeal but their downfall was full of pathos. As time went by, it became clearer- they were a group of immature hacktivists who will lay their hands on just about anything. At the end,  their Lulz boat hit rock and this caused their hasty exit. Long story short, their disoriented nature brought upon them a sense of aimlessness.

cloudflare-lulzsec

This debacle might result in stringent laws that would curb many freedoms people enjoy online. However, in the midst of all this fiasco, a company specializing in web caching and spam security got all the attention they ever needed. CloudFlare was the unsung passive hero in this LulzSec affair and it deserves applause here.

The  CloudFlare blog starts the story with,

Thursday, June 2, 2011 was an otherwise unremarkable day in our office until we got word that LulzSecurity.com, a site that had quietly registered for CloudFlare earlier the same day, had allegedly published information it obtained from hacking the Sony Pictures’ website.

Within hours of the publication, we got notes from concerned individuals asking us to remove LulzSecurity.com’s website.

CloudFlare gives excellent protection against spam. However, it has also resulted in additional benefits, like a drastic increase in website performance and massive bandwidth saving for many websites. Overall, CloudFlare is on hot wheels after the LulzSec affair. I am not highlighting LulzSec and its deeds in this post.  LulzSec has been ridiculed enough already! CloudFlare was questioned a lot on it providing service to the LulzSec website. What I am definitely advocating here is how CloudFlare handled the matter with utmost care  both at an administrative and at a technical level. Neither did they allow themselves to be bullied into censoring content they serve, nor was their network compromised after repeated attempts. Better still, they utilized the attempted hacks on them to define a  better ruleset. You can read all about in their official announcement.  Also, read  Netcraft’s analysis of CloudFlare traffic from this affair.

Here is an explanation of how CloudFlare takes your website to the very next level. You can catch the video at Vimeo here.

Electronic Arts/BioWare Hacked, Customer Information Stolen

In a continuing pattern of attacks on high profile targets, Electronic Arts has suffered a breach of security. The attack, which occurred on June 14, effected the message board system for one of the companies older titles.

According to EA, the server hosting the message board for Neverwinter Nights, a 10-year old game by BioWare, suffered a “highly sophisticates and unlawful” attack. In a post dates June 23, EA reports that, while no sensitive personal information like credit card or social security numbers were taken, a large amount of user’s personal data is at risk. This data included user names, encrypted passwords, e-mail addresses, mailing addresses, and phone numbers.

BioWare Ea Hack Homepage

While the full extent of the hack is unknown, EA is assuring its users that they have re-secured the server and are working hard to inform anyone they believe to be affected by the attack. The company wrote in its forum post that it is e-mailing “all potentially affected users.”

If you are an active user of the Neverwinter Nights forum and do not receive an email from EA, then you may be one of the lucky ones who were unaffected. That doesn’t mean you can relax, however. It is important to remember that security measures are important.

With the recent surge in attacks on popular websites, we should all remember to practice good security practices. That includs being wary of who we give sensitive information to, as well as changing our passwords frequently.

As of this writing, no group has stepped up to claim responsibility for the hack. EA is continuing to investigate in hopes of discovering the full extent as well as the identity of the individual or group responsible.

[Update] Suspected Lulzsec Mastermind Arrested in Essex, Will They Lose Their Lulz Now?

After a joint operation by the FBI and the Scotland Yard, the police have made a  successful  arrest of a 19-year-old teenager who is suspected to be a LulzSec mastermind. Whether he really is a LulzSec mastermind is not confirmed yet and he is just a regular suspect. He deserves the benefit of doubt and it would be wrong to call him an offender.

lulzsec-logo

The joint operation by the FBI and Scotland Yard follows from the Sony, (probably) Lockheed Martin and the UK Census data leaks. This has resulted in what is being seen as the first arrest of any LulzSec member which can reveal some interesting facts about this Anonymous regroup.

The Metropolitan Police website has a statement on the arrest too. It reads as,

Officers from the Metropolitan Police Central e-Crime Unit (PCeU) have arrested a 19-year-old man in a pre-planned intelligence-led operation.

The arrest follows an investigation into network intrusions and Distributed Denial of Service (DDoS) attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.

The teenager was arrested on suspicion of Computer Misuse Act, and Fraud Act offences and was taken to a central London police station, where he currently remains in custody for questioning.

Searches at a residential address in Wickford, Essex, following the arrest last night have led to the examination of a significant amount of material. These forensic examinations remain ongoing.

The PCeU was assisted by officers from Essex Police and have been working in co-operation with the FBI.

What follows next might be an extradition to the US. We are expecting some update on this from the Team WebNinjas and from the LulzSec Twitter stream. Keep an eye on Twitter for real-time updates.

Update: LulzSec claims that the person arrested by the FBI and Scotland Yard is not a member and some of the tweets appearing in this image have been deleted by them so they are exclusive.

lulzsec-deleted-tweets

While LulzSec is Enjoying 211,000+ Twitter Followers, Someone is Watching Over Them

LulzSec started out as the self-appointed online vigilance  commission. Now, it has replaced Anon as the next organized hacker group taking down websites. Anonymous suffered a  rift over leadership issues and went MIA. The Anon era might be past but its members and competitors are still out there and the most popular one of them  th3j35t3r is not happy at LulzSec. LulzSec has pissed off almost everyone by now.

anon-lulzsec

You all might remember  th3j35t3r as the guy who was taking down WikiLeaks a few days back. The same  th3j35t3r  is blowing their cover as it can be seen in  this Blogspot blog. He has published their chat logs from inside the IRC channels and has even gone so far as to expose some of those LulzSec members. The blogspot blog in question has entire conversations put up from IRC channels. As you read up the posts, you will numerous find individual profiles at the end of the blog as well with photographs and home addresses.

Clearly, no one finds the LulzSec lulzworthy anymore. They are trying desperately to cover their tracks with obvious methods, like encrypting drives and using Virtual private networks to stay behind closed doors. Let us see how far this level of anonymity works for them.

Another interesting observation in the expose is  Barrett Brown  of the (supposed) members of LulzSec who is a writer at Vanity Fair, Huffington Post and Onion. My understanding is that he is not really a LulzSec member and came into the crossfire when researching on something to write. Maybe he was just watching over the IRC like  th3j35t3r. Whether this is  th3j35t3r or not is well doubted but this blog makes one thing clear. LulzSec is a ruthless group hated by its own kind and pretty much everyone by now. You can follow this reddit discussion for continuous updates.

 

Friending Unknown People on Facebook Could Lead to House Robberies

Social Networking is a fad, and I dare say growing fad because it has gone beyond it. We make friends with people on sites like and . However, we might not know most of them personally and might have never met them too.

Facebook Scams

On one hand Twitter is safer for anonymous or unknown friends because your profile does not have information about your actual location (unless you specify it explicitly in your bio). However, Facebook on the other hand provides detailed information about your location, home address, telephone numbers and more to your friends depending on how you have set up your privacy settings.

Now, this information would be great if you want your friends to find you and visit you. However, it could also be used by thieves to visit your house and rob you.

Must Read: Read about Facebook Scams, How To Avoid Facebook Scams and Removing Unwanted Apps from Facebook.

According to the Daily Telegraph, a recent spate of robberies in West Sussex, London have been credited to users friending unknown people on Facebook. The thieves have been friending people on Facebook to find out when they are going out on vacations and then ransacking their houses. Considering that it is summer, there are bound to be several hundred targets who update their Facebook page to tell everyone when and where they are going on a vacation.

This information is then used by those thieves to rob their houses while they are away. Scary right?  Almost 12 houses have been robbed in the past four months and they might continue to happen if you decide to share critical information without checking your privacy settings and friending unknown people.

This incident might not just be limited to West Sussex though since Facebook makes is easy for users to find people from a particular location. Take for example, the screenshot below which shows how easy it is to find people in a particular area using their search options.

Find Friends On Facebook using Location

If you publicly share  your location information, you will end up being shown in the search results and become a ripe target for the thieves who are looking to find an opportunity.  This information is not shared without user consent (well, you can argue about Facebook privacy settings). However, you can restrict it from being made available by changing your privacy settings.

In the end, it is up to you to know what information is being shared. If something untoward happens a website will simply show that you had an option to change everything but did not. In many cases, users are uneducated about such things. I will briefly touch upon how you can stay safe and avoid such things in the section below.

What Can You Do to Avoid Being Robbed and Stay Safe on Facebook?

Don’t Friend Unknown People

Facebook Mutual Friends

Don’t friend anonymous people. Facebook provides an easy way to see if you have mutual friends between the person asking to be your friend and yourself. Take a look at those mutual friends and see if you can make connections. If you can’t make connections or the connections don’t seem known to you, just ignore the friend request.

Update your Privacy Settings to Friends Only

Custom Facebook Settings

Facebook wants your information to be discoverable and they keep the privacy settings such that people other than your friends along with search engines can see it too. However, it is not necessary. Go to Accounts -> Privacy Settings and Customize your settings such that it is viewable only by your friends. At the most, make your name, school information and work information public. For the rest, let those strangers become your friends before they can view that information.

Please understand that you still have to follow the first step and not friend unknown people to keep your information private from strangers.

Selectively Update Sensitive Information to a Group of People

Facebook provides you an option to create groups of people. You can create groups and add select people to it. For example, you can create a Facebook Group which consists of your family and close friends who you personally know. You can then directly send your updates to that group instead of everyone.

Customize Facebook Update Recipients

Alternatively, Facebook also provides users to display their updates to a selective set of people. To do that, click on the lock icon under the status update box and click on Customize.

Customize Facebook Update Privacy

You can customize who can see the update and even specify a certain set of people to receive them. Alternatively, you can hide updates from a certain set of people too. Facebook also provides an option to make it your default setting so that you don’t have to change it all the time.

I find the option to select specific people a bit tedious. They do have an option to create a list of friends, however, it is just for the sake of it. It would be great if Facebook allowed you to share certain updates with a set of people included in a list rather than use groups, which is an annoyance at best.

Don’t Share Your Exact Address and Phone Numbers with Everyone (In-fact Anyone)

If someone needs to contact you or come to  your house, they will find a way to get in touch with you and get that information. In fact, Facebook has a private messaging system which could be used for that purpose. For security and other reasons, there is no need to make private and sensitive information publicly available unless you want people to come and visit you or call you often, including thieves.

Go ahead and make those changes to hide that information in your Privacy settings so that only your friends or preferably only you can see that information.

Inform Your Neighbors and Use Security Devices if You Are Going on Vacation

If you plan to go away for a long time, inform your neighbors and use security devices in your home to bulletproof your house. Security systems have become far more cheaper than they were years ago and equipping your house with one will not take more than few days. This is definitely a worthwhile investment and will allow you to enjoy your vacation in peace.

Last but not the least, if you do not follow the above steps you are to the one to be blamed if anything like this happens to you, because the web is something you can’t control. However, you can at-least control what information you share on social networking sites. "Common Sense" can save you a whole bunch of trouble. Stay safe on Facebook and elsewhere.

Lulzsec Gathers Some Lulz for Sure but People Need to Act Seriously

Anonymous is dead (or so it seems) after the rift, the crackdown and the leadership issues. A new hacker group LulzSec has taken the Internet by storms recently and it is replacing Anon in media coverage. This is LulzSec and they are like the young rebirth of Anon. Anonymous was a group of seasoned hackers who knew what they were doing and there was an air of maturity about them. LulzSec is a different breed of hackers. They improvise on their targets every day and try to take down internet services on personal request, all for the lulz.
lulzsec
The operations of LulzSec do not carry that aura about them that Anon had. It is more about lulz and less about playing the righteous police that earned Anon some love. The way they tweet about it openly and the way they operate is being frowned upon by many. A recent statement made by them is available here and you should read it to know what they are thinking.

Well if you ask me, this is just a cunning trick to keep people busy and this is simply their method of getting more attention. The LulzSec knows how it is forcing the Government to lay down stringent rules faster that will curb many freedoms people enjoy online.

They have a valid point too. What they are doing is playing the reverse psychology card that will probably bring security through insecurity. People will start taking passwords seriously and service providers will work on finding and fixing loopholes. People will be apprehensive about everything online and the LulzSec is proud to have brought this mayhem upon people.

There’s always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011. This is the lulz lizard era, where we do things just because we find it entertaining. Watching someone’s Facebook picture turn into a penis and seeing their sister’s shocked response is priceless.

Some more of their rants against whitehats go here.

we just don’t give a living fuck at this point – you’ll forget about us in 3 months’ time when there’s a new scandal to gawk at, or a new shiny thing to click on via your 2D light-filled rectangle. People who can make things work better within this rectangle have power over others; the whitehats who charge $10,000 for something we could teach you how to do over the course of a weekend, providing you aren’t mentally disabled.

As for myself, I will remember LulzSec as the bunch of cowboys, that tamed the Internet for quite some time. Call them the good or the bad, but they are in no way ugly. They are making the Internet a safer place and you can see how. You read a thousand blog posts every month giving you advice on password norms but how many did you take seriously until now?