NATO’s Allied Command Transformation Website Running Outdated and Unsupported Version of Joomla

NATO ministers meet last week and discussed improving their cybersecurity. A bad sign for their current handling of cybersecurity is the website of NATO’s Allied Command Transformation, which is running an outdated and unsupported version of Joomla:

NATO Allied Command Transformation Website is Running Joomla 1.5

Security updates for Joomla 1.5 ended in September of 2012, so the website should have been migrated to a supported version of Joomla – currently versions 2.5 and 3.1 – some time ago .

Keeping the software powering a website up to date is a basic measure needed to be taken to keep it secure and it is relativity easy in comparison to what NATO needs to do to fully secure all of their systems.

It might be reasonable to cut NATO some slack on their failure to keep up to date considering that Joomla is still running Joomla 1.5 on a number of their websites:

Joomla Extensions Directory is Running Joomla 1.5Joomla Community Portal is Running Joomla 1.5Joomla Resource Directory is Running Joomla 1.5

Scammers Take Advantage of Dance Grand Prix Europe 2013

Contributor: Vivek Krishnamurthi

The International Dance Competition “Dance Grand Prix Europe” is set to begin June 12 and will be hosted in Spain. The purpose of the competition is to showcase all the top dancers from various dance schools and this major event attracts choreographic talent from around the world. Spammers also don’t want to miss this event and the opportunity to circulate a scam.
 

image1_0.jpeg

Figure 1. Dance Grand Prix Europe 2013 spam
 

To grab the reader’s attention, the spam email reveals some appealing facts about the event along with "only a little fee" required but no additional charges for participation in the event. Clicking the URL will automatically redirect the user to a website containing a bogus offer.
 

dancescam-fake2.png

Figure 2. Pirated website looks like original, changed contact information (green box)
 

dancescam-real.png

Figure 3. Original and legitimate event website
 

Interestingly, to trick users into trusting the fake website, spammers also added a widget at the bottom left of the page that monitors online visitors and displays a random number of users online. The main motive of these spam campaigns is to lure recipients and acquire their personal and financial information. Users should be careful and avoid clicking the links.

Some of the subject lines observed in this spam campaign include the following:

  • Subject: DanceGrandPrixEurope from the 12th to 16th June 2013. Competition for Dance Schools/Groups from all over.
  • Subject: Grand Prix Spain. Competition for Dance Schools&Groups from the 12th to 16th June 2013.
  • Subject: Greetings from all of us at Dance grand Prix Europe Season 2013! As Holiday Season approaches. GIFT YOURSELF & Your School/Groups a "DanceYear" 2013 to remember! Book our European Dance Competitions now!

Symantec advises users to be cautious when handling unsolicited or unexpected emails related to the Dance Grand Prix Europe 2013 and to update antispam signatures regularly. Symantec also monitors spam attacks around-the-clock to ensure users are kept up to date on the latest threats.

Syrian Crisis Reminds Us to Beware of ‘Charity’ Scams

The dismal situation in Syria has gained considerable sympathy in the rest of the world. Unfortunately, playing on our emotions is a typical strategy of cybercriminals. Today I received an email calling for donations to be made to the United Nations High Commissioner for Refugees (UNHCR) to help Syrian refugees.

FP_BLOG_130610_1

This mail appeared very professional and quite plausible. When I clicked on “donate now,” I arrived at a well-formatted donation page. However, my curiosity also made me directly visit the UNHCR site. And there I discovered a similar page. Both are shown here:
FP_BLOG_130610_2
Can you choose the real one from the rip-off? I can’t be sure, unless we look at the URLs and choose HTTPS.

FP_BLOG_130610_3

After the Haitian earthquake in 2010, the FBI reminded Internet users to apply a critical eye before responding to charity requests. Since then, such scams have flourished. We saw an updated wave after the recent tornadoes in Oklahoma. McAfee Labs will repeat some useful advice:

  • Do not respond to any unsolicited (spam) emails, including clicking links contained within those messages, because they may contain computer viruses.
  • Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via email or social networking sites.
  • Beware of organizations with copycat names similar to but not exactly the same as those of reputable charities.
  • Rather than following a purported link to a website, verify the existence and legitimacy of nonprofit organizations by using various Internet-based resources.
  • Be cautious of emails that claim to show pictures of the disaster areas in attached files, because the files may contain viruses. Open attachments only from known senders.
  • To ensure that contributions are received and used for their intended purposes, make donations directly to known organizations rather than relying on others to make donations on your behalf.
  • Do not be pressured into making contributions; reputable charities do not use coercive tactics.
  • Be aware with whom you are dealing with when providing your personal and financial information. Do not give your personal or financial information to anyone who solicits contributions. Providing such information may compromise your identity and make you vulnerable to identity theft.
  • Avoid cash donations if possible. Pay by debit or credit card, or write a check directly to the charity. Do not make checks payable to individuals.
  • Legitimate charities do not normally solicit donations via money transfer services.
  • Most legitimate charities maintain websites ending in .org rather than .com.

 

Beware of Fake Gift Offers for Father’s Day

A lot of people are counting down the days until they can express their appreciation and love towards their dads by giving them gifts for Father’s Day, which is celebrated on June 16. Last month we published a blog called Spammers Continue to Exploit Mother’s Day, now it’s the turn of Father’s Day, as spam messages have started flowing into the Symantec Probe Network. Most of the spam emails attempt to encourage users to take advantage of product offers, fake surveys, and replica watches. Clicking the URL contained in the spam message automatically redirects the user to a website containing a bogus offer.

Figure1_1.png

Figure 1. Gift offer spam

Figure2_0.png

Figure 2. Product spam related to Father’s Day

Spammers will always try to take advantage of unsuspecting users by asking them to input personal information to avail of bogus offers for purchasing products. Symantec recently blogged about the rise of .pw URLs in spam messages and we are currently observing an increase in spam messages containing the .pw top-level domain (TLD) URLs in and around the times of major events, festivals, and holidays. Below are some examples of the From header, using .pw URLs, that have been observed in Father’s Day spam:

Figure3_0.png
Figure 3. Fake discount spam using Father’s Day as a lure

Spammers invite users to purchase the advertised product with a bogus coupon code and make false promises such as claiming the “materials used are the same as original.” The discount codes used in the spam attacks, such as dad[RANDOM NUMBERS] and father[RANDOM NUMBERS], attempt to lure users into clicking a link in order to take advantage of the Father’s Day offer.

Figure4_0.png

Figure 4. Fake product discount spam

Symantec is observing an increase in spam volume related to Father’s Day, which can be seen in the following graph.

Figure5.png

Figure 5. Volume trend of Father’s Day spam

Below are some of the subject lines used in this latest spam campaign:

  • Subject: 15 Cigars for 29.95 (68% off Fathers Day sale!)
  • Subject: The perfect gift for Fathers day only costs 32% of the original price!
  • Subject: Regarding Father's Day orders
  • Subject: Personalized Gifts for All The Dads In Your Life
  • Subject: Top Personalized Fathers Day Gifts
  • Subject: Get relief from chronic spine conditions. Father's Day Discount Available
  • Subject: Don't forget your father
  • Subject: Don't forget about your father
  • Subject: Complete our Father's Day Survey and Claim a $25 xxx Gift Card
  • Subject: Endoscopic alternative to neck and back surgery is here. Father's Day Discount Available

Symantec advises users to use caution when receiving unsolicited or unexpected emails. We are closely monitoring Father’s Day spam attacks to ensure that users are kept up to date with information on the latest threats.

Have a safe and happy Father’s Day!