The Barracuda Labs Internet Security Blog

Fake AntiVirus Scams Add MacOS Support

May 19, 2011

by Luis Chapetti & Dave Michmerhuizen – Security Researchers

Fake antivirus scams are designed to scare innocent computer users with exaggerated displays of virus activity in the hope that they will hand over their credit card numbers to make it go away. They’ve been around for years and the most prevalent ones use a freely available JavaScript design that mimics the Windows user interface, as seen here:

Fake Antivirus that mimics Windows

When these pages pop up on Macintosh computers, it’s immediately obvious that something isn’t right.

Last quarter, Apple set a new record (3.47 million sold in the quarter) with a growth rate of 33% over the prior year’s quarter. Apple has about 10% of the computer market in the United States, and that doesn’t even include iPads.

That market share has been noticed by the fake antivirus scammers, and this week they have added a new JavaScript design that mimics the Macintosh interface, as seen here:

Fake antivirus that mimics Macintosh

Drive-by download sites now serve up this page if they detect access from a MacOS computer while Windows users still see a Windows style page. The example above is called “Apple Security Center” but similar templates have been seen named MacDefender.

Since this is just JavaScript, the correct move at this point is to refuse the download and browse elsewhere. Accepting the download and running it installs “Mac Protector” which displays pornographic images and promises to remove them for a credit card payment.

The initial infection vector is poisoned entries in Google search results. We’ve talked extensively about poisoned search results and this represents another example of where otherwise normal Web sites are compromised and made to serve up bogus pages that are well ranked by Google. When one of these links is clicked, the compromised Web site detects a visit from Google search results and sends the visitor to a server that presents the fake antivirus. The recent change in Google content ranking has not stymied these attacks – the malicious link we tested was on page 1 of our search results:

Malicious link in Google results

Past Search Engine Optimization campaigns targeted very popular search terms such as celebrity sightings or breaking news events. The poisoned links mentioned in this post are more likely to show up in the results for more mundane search terms so as to attract less attention, but they’re still getting plenty of traffic.

This is turning out to be a big problem for Apple. It has been conventional wisdom for years that one of the simplest Internet security solutions is to “just buy a Mac” and stop worrying. Now that the most common drive-by attack vectors are serving up malware, unwary Mac users are being exposed to the harsh world that Windows users have dealt with for years, and are going to have to learn the same lessons. Don’t believe everything that pops up on your screen, and don’t run any software unless you know where it came from and what it will do.

Barracuda Networks Barracuda Web Filters and the Barracuda Web Security Flex stop the download of this threat.

Tags: Internet Security, Rogue AV, search engine malware, Security, SEO Poisoning, Web Security
Posted in Security, SEO Poisoning, Uncategorized, Web Security | No Comments »

Facebook survey scams reappear as Verify Your Account wall posts

May 12, 2011

by Dave Michmerhuizen – Security Researcher

Facebook survey scammers who had recent success with JavaScript cut and paste pages have changed their approach and turned loose a fast-spreading “Please verify your account” campaign that appears as a wall post from a friend…

Barracuda Labs recently reported on versions of this scam that required you to cut and past a bit of JavaScript into your URL bar. The attack above uses the same JavaScript but embeds it in a link attached to the wall post.

There is another version that we have no sample of which posts an obscene message to your wall which then claims that the only way to remove the obscenity is to press a “Remove this app” button that is part of the post.

As was the case in the cut and past attack, if the link is pressed the JavaScript executes in the context of your Facebook page and has access to all of the APIs and credentials of your Facebook page. The attacking JavaScript takes advantage of that context to post the same scam to the walls of all of your friends.

The end result is the same as our previous report – a sham survey that attempts to sign you up for some unwanted service or get your cell phone number in order to send premium SMS messages to it.

Eliminating the convoluted cut and paste instructions makes this version of the JavaScript attack much simpler and more convincing and it has been spreading across Facebook like wildfire. We can only assume that at some point Facebook will sanitize links in wall posts and not allow use of the “javascript:” scheme. Until then, expect to see waves of these scams using every social engineering attack in the book.

In the meantime, don’t click on links that are part of unusual items posted to your wall – delete them instead. Visit the Facebook account settings pages to take care of account related issues.

As always, Barracuda Networks recommends you exercise special care when visiting links posted in your social network feeds. Barracuda Web Filters and the Barracuda Web Filtering Service block access to these sites.

Posted in Social Networking, Uncategorized | No Comments »

Facebook infested with cut and paste Javascript survey scams

May 10, 2011

by Dave Michmerhuizen – Security Researcher

The Social Networking monitors at Barracuda Labs are reporting a virulent outbreak of survey scams on Facebook. These attacks use a variety of social engineering topics and spread via different Facebook APIs, but all use the same initial “cut and paste JavaScript” exploit to spread within the Facebook ecosystem.

Osama Death Video	500 Facebook Credits
Free McDonalds	Official Time Spent App
See you in 20 Years	Dad walks in on daughter
Who hacked your Facebook	Who Visited 1.01

How it works

All of these pages exploit a poorly understood feature of modern web browsers – the ability to execute Javascript entered into the URL bar. You can demonstrate this yourself by entering the following in the URL bar of your browser

javascript:alert("Thanks for reading the Barracuda Labs blog!")

and pressing the Enter key.

JavaScript executed in this manner does so in the context of the currently loaded webpage. If that’s Facebook and you’re logged in, then the JavaScript has access to all the APIs and credentials that the authenticated Facebook page has. You can even demonstrate that by putting this example in the URL bar

javascript:alert(document.cookie)

The resulting message box displays the cookie (if any) that is associated with the currently loaded web page.

These scam pages all try to trick you into copying a bit of JavaScript onto the clipboard and pasting it into the URL box like so

Typical Cut & Paste instructions

It’s no accident that this looks confusing since the scammer doesn’t want you to think too hard about what you’re actually doing. “Just follow the instructions!” is what they say. What this particular snippet does is to tell the currently loaded web page to load and run a much larger JavaScript file from elsewhere on the Internet, in this case, http://hapenceiver.info/lock.js.

The JavaScript file that is loaded in goes right to work spreading the scam to your friends. There are a number of these files in circulation, all of them parameter-driven, so easy to use that would-be scammers don’t even need to know how the script works. Just change the fake message and the scam landing page and they’re good to go, like in this small sample of one script

JavaScript sample

The bulk of the JavaScript spreads the scam virally using various Facebook APIs such as messages, invitations and posts to friends walls.

At one time these sorts of survey scams were spread via Facebook applications that attempted to trick you into “liking” them. A Facebook application requires scammers to apply for an AppID and to have a server. This “Cut and Paste JavaScript” approach only needs a cheap domain or even a Facebook page. Either are easy to set up, and with such a lowered bar to entry the scams are showing up everywhere. Prompting users to cut and paste JavaScript isn’t new but it’s sure meeting with a lot of success.

What happens

Executing the JavaScript file that the code sample is from will post a message to every one of your friends walls, like so

Post on friends wall

If a friend clicks through, they see the attack page, hosted on Facebook

attack page

and if that friend follows the directions, not only do they spam their friends, but they proceed on to a survey page, in this case disguised as a “security check”.

Fake "Security Check"

Following one of these all the way through lands you on the payoff screen.

Cell Phone number reqested

The “security check” says it wants to send the results to your cell phone. Your cell phone number is really being requested in order to sign you up for a premium SMS service, as shown in the small type at the bottom of the page. This is how many Facebook survey scam pages make their money and why they are so prevalent.

Barracuda Networks recommends you exercise special care when visiting links posted in your friends’ news feeds. Barracuda Web Filters and the Barracuda Web Filtering Service block access to these sites.

Posted in Social Networking | No Comments »

Osama Bin Laden Death Picture Spam on the Rise

May 4, 2011

by Dave Michmerhuizen & Luis Chapetti – Security Researchers

The spam honeypots at Barracuda Labs have detected the first of what we suspect will be a wave of spam that takes advantage of the curiosity surrounding the death of Osama Bin Laden. Not so long ago spam emails would have been the first to exploit such a current event. However, as we posted recently, Facebook now has that distinction.

The spam offers up some pretty gruesome photos:

Spam

The Portuguese text reveals that these spams target residents of Brazil. A rough translation says that the photos visible in the email are not real, (they are indeed fake) but that real photographs are available from the attached link.

Following the attached link leads the user to malware, not photos, as shown here:

Malware, not photos

This should certainly ring all sorts of alarm bells. Users do not “Run” photos; however, this file is a version of Trojan.Banload, downloader which installs additional malware. As shown below, it downloads another file, a variant of Trojan.PWS.Banker, that settles onto the user’s PC and intercepts online banking usernames and passwords.

Malware traffic

Once the banking Trojan is successfully installed, a message is sent back to the malware authors:

There are similar families of malware optimized for stealing online banking credentials from American and European computer users, and appealing social engineering strategies for delivering them, Osama Bin Laden’s death being only one of many. Do not open or run email attachments.

Barracuda Networks customers using the Barracuda Spam & Virus Firewall are protected from these emails.

Posted in Email Security, phishing, Security, Uncategorized | No Comments »

Cyber criminals continue to capitalize on current events – Osama Bin Laden dead!

May 2, 2011

by Nidhi Shah, Security Researcher

Along with media, homeland security and Al-Qaeda supporters, another group of people got to work immediately after Osama Bin Laden was killed: malware authors. This is not surprising given malware writers propensity to take advantage of the day’s current events as a way to reach the largest number of eyeballs and victims.

This news is no different. We noticed multiple campaigns taking advantage of the news within hours of its announcement. One such campaign showed up on Facebook offering a video of the killing:

Wall from account spreading fake videos

Clicking on the link leads the user to a fake blog with video, which in turn requires the user to “Like” it in order to get to the video. However in doing so (“liking”), the user is authorizing the malware to post on his/her wall and fill it up with other “Like” messages that were never authorized. “Like” messages are shared automatically via the Facebook newsfeed on a user’s network; therefore, these messages quickly become viral and spread via trusted channels.

Newsfeed from victim account

There are multiple other campaigns taking advantage of this news and also creating new related headlines to get more attention. Like this campaign (again on facebook):

Wall from another account trying to promote sites with fake headlines

Clicking on that link will lead you to the blog full of such fake headlines.

Blog from fake headline campaign

While this one did not directly lead to any malicious impact, clearly the headlines are fake. That leads us to believe that we might have encountered it while malware authors were still in the process of preparing their next malicious campaign. Or that they could be taking advantage of current events and user curiosity for increasing search engine ranking for these pages.

Our advice to readers is to be cautious while browsing the Web to look for more details related to this event and any other major news in general. We recommend visiting the major news channels directly to get more information rather than click on links in Facebook or Twitter, even if they are seemingly posted by friends or trusted sources.

Posted in Purewire Trust, Research, Security, SEO Poisoning, Social Networking | No Comments »

Paypal account statement emails: Do as we say, not as we do.

April 28, 2011

by Dave Michmerhuizen and Denis Kieft – security researchers

Barracuda Labs researchers have recently seen emails from PayPal Inc. that initally seem to be phish but ultimately appear to be a security fail by a company that surely should know better.

It is a well-accepted email security best practice to never click on links in emails. Most businesses, particularly ones that are phishing targets, explicitly advise their users not to click on emails. As you would expect, PayPal does so on their website.

Warning on PayPal website

Consider that warning and then take a look at this email from Paypal, via servers at responsys.net, a software service that allows marketers to manage email campaigns…

PayPal "enhanced account statement" email

The email contains ELEVEN hyperlinks, all pointing to an email response servelet which records your click and then transfers the browser to the PayPal login screen. “At first I was sure it was a phishing email,” commented a Labs researcher who received one of the emails. Although PayPal has declined to comment on the email, close examination shows no malicious content. Instead, this appears to be a case of a Marketing department in need of a little security education.

It’s unfortunate that this is the case, because security professionals have been trying to teach good email security practices for years. An email from a bank or online service should be considered suspect by default. PayPal’s own advice is the safest advice, always open your web browser and type in the URL you intend to visit – never click on a link embedded in an email.

Given that email is still the primary vector for identity theft and that PayPal is one of the most phished brands on the Internet, we would expect them to be particularly sensitive to this issue. Phishing emails like this one are so common that only a blanket rule against clicking on embedded links can be effective. When PayPal sends out their own emails containing links they confound customers who have been long been told not to click on those very links.

Barracuda Networks customers using the Barracuda Spam & Virus Firewall are protected from phishing emails.

Posted in Email Security, ID Theft, Internet Security Tips, phishing, Uncategorized | 1 Comment »

Anatomy of a SQL Injection Attack

April 26, 2011

Posted by: Oliver Wai, product marketing manager

As you probably heard from our previous blog posting, Barracuda Networks suffered a breach from a SQL Injection attack on the weekend of April 8. While the overall impact of the breach turned out to be relatively minor (only contact names, including names and emails), such an event always involves a post-mortem. As is often the case in events such as data breaches or data center outages, there is never one single error that leads to the outage or attack but rather a series of interrelated errors that ultimately results in a failure or vulnerability that can be exploited. Taken individually, each event is usually accounted for by the organization and there are redundancies in place to handle any failure issues. However when taken together, the unexpected – in this case an attack on our site – occurs. In analyzing the attack, we observed:

In the rush to continually add timely and fresh content to the corporate Web site, a few mistakes were made in the PHP code.
Code vulnerability scanning of the affected part of the Web site was scheduled but had not yet occurred.
The Web Application Firewall that was put in place to harden the Web site was put into Passive Mode by human error during a maintenance window.

So while there were redundancies in place to secure our Web site, an unfortunate confluence of events last weekend left a vulnerability in our Web site exposed; this resulted in the SQL injection attack by a group we believe to be originating in Malaysia. The upside? Since the Barracuda Web Application Firewall was still inspecting traffic even in Passive Mode, it gave us a detailed audit trail of the SQL Injection probe and the subsequent attack. This gave us the necessary forensics to quickly analyze the breach, contain the damage and reach out to those affected.

Analyzing the Attack

From our Barracuda Web Application Firewall logs we determined that there were two clients used to probe and attack the barracudanetworks.com Web site:

Using the information reported by the Barracuda Web Application Firewall, we were able to quickly filter and find the corresponding entries on our Web server logs:

( NOTE: the Web server logs use Greenwich Mean Time (GMT) whereas the Web Application Firewall uses Pacific Daylight Time (PDT) zone)

Drilling down into details of each entry on the Barracuda Web Application Firewall logs gives us clues on the attackers and the tools used in the attack:

The first attack started at 5:07pm PDT on April 9 and had an IP address of 115.134.249.15 which resolved to somewhere near Kuala Lumpur, Malaysia. This confirms online reports of the hacks originating from Malaysia. We also noticed that the attackers launched the attacks using a modified version of a pentest tool designed by “white hats” to probe Web sites for SQL injection vulnerabilities. This also seems to corroborate reports that the hackers responsible for the attacks hung out on “white hat” online communities. Looking at our Web server logs, we also see the same entries, enabling us to trace down what was attempted and what succeeded on our backend systems.

(NOTE: the Web server logs use GMT whereas the Web Application Firewall uses PDT)

From the recorded logs, it was clear that the first attacker used the automated tool to recursively crawl through the barracudanetworks.com Web site and blindly injected a series of SQL commands against each input parameter to find potential vulnerabilities. The SQL Injection tool finds the first vulnerability at 5:16pm PDT but continues to probe the Web site. At 8:10pm PDT a second client using the IP address of 87.106.220.57 joined the attack. The second IP address resolved to a server in Germany but it is unclear at this time if the server was a relay point or if it was a second attacker. Nevertheless, activities from the second IP were recorded and logged by the Barracuda Web Application Firewall:

Below is the screenshot of the corresponding Web server log:

(NOTE: the Web server logs use GMT whereas the Web Application Firewall uses PDT)

From the logs captured in the Barracuda Web Application Firewall, it seems that the attacker used the second client to launch manual attacks against discovered vulnerabilities while the primary attack script continued to scan the Web site for vulnerabilities. Ultimately, the attackers focused their efforts on a single line of weakness in a peripheral Web page where the input parameters were not properly sanitized. Here is the pseudo-code of the underlying vulnerability:

<?=Foo_Function( $_GET['parameter'] )?> //Takes user input

By not sanitizing the input value, it gave the attackers the ability to inject SQL commands into the HTML input parameter to attack the underlying database.

All developers are taught to never trust user inputs and that all inputs must be sanitized before sending it to underlying servers. However, what you can see from this example is that it is often not obvious to the naked eye that there is anything wrong with the code. This is why in addition to using defensive coding, Barracuda Networks also uses code scanners and our own Web Application Firewall to guard against possible vulnerabilities. Unfortunately in a Web site of tens of thousands of lines of code, all it takes is a single mistake. We have since fixed the code to protect against future attacks by adding a single line of code to sanitize the inputs on the affected page:

$parameter = @is_sanitized($_GET['parameter']) ? $_GET[' parameter '] : 0;

<?=Foo_Function($parameter)?>

From Vulnerability to Breach

Once the attackers found the vulnerable page, they attempted to steal the database user accounts. Over the next 10 hours, they tried a number of different attacks in an attempt to break into the underlying database but failed each time. At 3:06am PDT, the attackers changed strategy to focus on the underlying database schema. This proved to be a correct strategy and by 3:19am PDT the first set of database records containing contact email addresses was stolen.

Barracuda Networks discovered the breach at 10:30am PDT and the Barracuda Web Application Firewall was re-enabled to Active Mode at 10:39am PDT. Once in place, the Barracuda Web Application Firewall immediately blocked all subsequent attacks from the 115.134.249.15 IP address. The attacker continued to cycle through attacks against the remaining pages for the next few hours, even when the Barracuda Web Application Firewall blocked all of the attacks. This seems to confirm that an automated pentest tool was used to blindly inject SQL commands. In all, a total of 110,892 SQL injection commands from both attacking IP addresses were sent against 175 URLS at a rate of 42 per minute.

In tracing the Web Firewall and Access logs on the Barracuda Web Application Firewall, we determined that the attackers compromised a Marketing database and stole two sets of records containing a total of 21,861 names and emails. However since there were a number of duplicates between the two sets and the fact that many of the entries were from users who are no longer with the original organizations, the number of affected users is substantially lower.

Any breach is a serious issue and we have reached out to the affected users documenting what has happened and any necessary precautions that they may need to take in response. We believe that the users affected by the breach are at minimal risk. We do not store any sensitive information in our Marketing database other than names and email addresses. Moreover, since Barracuda Networks primarily uses this data to send emails on upcoming events, Webinars, or other corporate news, the risk of spear-phishing is low as the all of communications are one-directional and informational in nature. Finally since most users are existing Barracuda Spam & Virus Firewall customers, the vast majority of potential spam would likely be blocked regardless.

Conclusion

In hindsight, it was clear the Barracuda Web Application Firewall would have been able to detect and protect our Web site from the recent SQL Injection attack that occurred. However the reality of the situation is that with most breaches, the weak link is typically not with the technology itself but rather with the human element and the processes associated with security. Unfortunately attackers today have more sophisticated tools at their disposal to find victims. They can now automate the tedious task of finding vulnerabilities and focus solely on the “last mile” once a vulnerability is detected. What this means to the rest of us is that attacks will likely become more common and affect a much wider range of organizations.

The silver lining to this experience was that it helped us to demonstrate the effectiveness of the Barracuda Web Application Firewall in providing the necessary protection and auditing capabilities to defend against SQL injection attacks. The Barracuda Web Application Firewall was able to identify the SQL injection attack and would have blocked the attack if had it been placed in Active Mode. Nevertheless even in Passive Mode, the Barracuda Web Application Firewall was able to gather detailed forensic information that we used to investigate, contain and audit the affected systems. Using this data, we were able to quickly identify how the attacks occurred, what was breached and who we needed to reach out to after the incident.

While we have definitely advised customers on the risks of not securing their Web applications and we certainly have heard the worst-case scenarios from our customers as a vendor, we did not imagine that we would find ourselves having first-hand experience with such a scenario. We learned some valuable lessons in this situation and we hope that our story serves as evidence of how important it is to harden and secure your Web applications.

Posted in Internet Security Tips, Uncategorized, Web Application Security | No Comments »

Why Facebook proxies are a bad idea

April 25, 2011

by Dave Michmerhuizen, Security Researcher

Facebook is immensely successful. It is estimated that nearly 40% of the population of the United States has a Facebook account and that more people visit Facebook than visit Google.

However, many organizations consider Facebook to be both a distraction and a security risk. While it has been very common for Web filtering solutions to block all access to Facebook, many organizations are realizing the need to safely allow access, at least to some degree.

As you might expect, enthusiastic Facebook users aren’t very happy with being kept from their favorite website, even during work or school hours. Some of the more popular searches on Google are for “access facebook” and “unblock facebook.” These searches return lists of Facebook proxy sites.

Proxy software serves as an intermediary for internet traffic. To use a proxy to ‘unblock’ Facebook, users direct their web browsers to send requests to the proxy. The proxy performs the request and sends the results back to the web browser. Since the users do not deal directly with Facebook, blocking Facebook has no effect.

The sites that are returned by searching for “unblock Facebook” usually wrap proxy software with a Facebook-specific web user interface, offering themselves as web proxies so that frustrated Facebook users can sneak around the firewall and make that all important status post.

Here’s an example, the home page of accessexists.com

accessexists.com - a Facebook proxy site

The links work fairly well, allowing you to log in to Facebook and use most functions seamlessly.

The problem with using one of these so-called Facebook proxy sites is you don’t know who’s running it, where there are located, or what might be done with your user name and password. Consider what network traffic gets sent in the clear when you use the proxy to log on to Facebook.

Network traffic to accessexists.com

In this case our username and password are part of a POST transaction that is sent. Where is it being sent? WHOIS shows us that accessexists.com is owned by someone named Vladimir in Russia.

accessexists.com whois record

Vlaidmir is saving usernames and passwords, because after a day or so they get around to asking for money.

An unsophisticated user might see this as an immediate solution to an unfair problem, but it carries a great deal of risk. Valid Facebook usernames and passwords are sold to scammers on underground markets for a variety of purposes. One of the most common ones is simply sending spam messages to everyone on your friends list. Another is to use your account to carry out a variant of the Grandmother scam.

Trusting your Facebook username and password to an unknown third party is simply not worth the headaches it can cause.

Barracuda Networks customers using Barracuda Web Filters can restrict access to Facebook within the organization and can also block access to web proxy sites.

Posted in ID Theft, Internet Security Tips, Security, Social Networking, Uncategorized | No Comments »

IRS spam arrives just in time for April 18 tax deadline

April 18, 2011

by Dave Michmerhuizen & Luis Chapetti – security researchers

Just in time for the U.S. tax filing deadline, the Barracuda Labs spam honeypots have detected a surge in spam intended to scare harried tax filers into letting down their guard.

Tax time is stressful and many of us are sifting through piles of forms and receipts. It can be difficult to remember to be skeptical of that official-looking that appears to be from the Internal Revenue Service. Yet skeptical is what you should be, because the the IRS is a favorite target for spammers and phishers to impersonate. Lets look at three samples.

The first spam is from a phishing campaign that has been active since at least 2008. Aimed primarily at immigrants, it presents a dense thicket of poorly written gobbledygook stating that the recipient is not subject to taxes on certain unspecified interest.

Fake non-resident exemption

A PDF of form W-4100B2 is attached and you are encouraged to fill it out and fax it to a number provided in the email. The form asks for practically every piece of sensitive financial information an identity thief could want, including Social Security numbers, debit and credit card numbers with codes and even passport numbers.

However, the fact is that there is no IRS form W-4100B2. The IRS has specifically stated that they “do not request detailed personal information through email.” Messages like this should be ignored.

The second spam has been used for phishing in the past, but in this year’s incarnation it carries a nasty payload.

"Rejected EFTPS" spam

The salutation of “Hello Dear” isn’t very convincing coming from the IRS. Still, the basic message that an electronic tax payment might be rejected might be enough to cause a harried office worker to open up the attachment. That would be a big mistake because although clicking on the attachment does not appear to do anything it actually does install Trojan.Zeus in the background. This Trojan horse runs silently, steals usernames and passwords and in this case sends them to a command and control server in Asia.

The last sample is from a campaign that is noteworthy for how it is carefully targeted to specific individuals. Usually spam campaigns are scatter shot affairs that send out large numbers of emails addressed to “Dear Sir / Madam”, as our first example showed. This “rule change notification” was seen using individual email addresses of real people, addressing them by their real name and company name.

Targeted "Rules Change" spam

Instead of new tax rules, the attached .zip file contains a Trojan.Downloader which installs a variety of other malware.

Again, the IRS has stated that it “does not initiate taxpayer communications through email,” and “does not request detailed personal information through email.” If a taxpayer has questions about emails such as these they should check with the IRS using contact information found in their local phone directory or www.irs.gov.

Barracuda Networks customers using the Barracuda Spam & Virus Firewall are protected from these spam emails. The Barracuda Web Filter, and/or the Barracuda Web Filtering Service block the traffic involved in the attacks.

Posted in Email Security, ID Theft, Internet Security Tips, phishing, Uncategorized | No Comments »

The Barracuda Labs Internet Security Blog

Fake AntiVirus Scams Add MacOS Support

Osama Bin Laden Death Picture Spam on the Rise

Paypal account statement emails: Do as we say, not as we do.

Anatomy of a SQL Injection Attack

IRS spam arrives just in time for April 18 tax deadline

Search

Links

Connect with us!

Recent Posts

Categories

Blog Roll

Archives