Sophos at SC Congress Toronto 2011

SC Congress Toronto 2011What a great conference!

Sophos was a Platinum sponsor again for the SC Congress in Toronto this year – and in addition to having a busy booth in the exhibition hall, Sophos had the opportunity to speak during one of the technical sessions.

Being the second year that this conference is held at the Metro Toronto Convention Centre, there certainly was a large crowd of attendees. I had a great time seeing old friends and making new ones!

Now I’m back in Chi-town after spending a few days in transcendent Toronto. I spent some time helping out at the booth speaking with customers and security pros interested in learning more about Sophos.

In addition to booth duty, I was able to attend the sessions and had the opportunity to speak on data protection. The title of the session was “Where’s your data?”

The focus of the session was about how data is a prime target of cyber-criminals as well as *internal* criminals. Organizations need to be better prepared for these crimes rather than mostly being concerned about data loss. The conversation went to looking at real life lessons learned vis-à-vis recent data breach headlines from May and early June, third party statistics and which Sophos technologies can help protect their data.

Sophos was also fortunate enough to have Nigel Miranda from OFINA participate during the session with his thoughts on the topics discussed.

Conference BrochureWhile educating people on the topic of the session, I also like to learn from the attendees. The two highlighted nuggets of knowledge I was able to walk away with were around Canadian breach notification laws and DLP.

For a SOPHOS branded T-shirt giveaway I asked the question, “How many Provinces adopted or modified their PIPA to include a breach notification law and which ones?” A slightly trick question as it makes it sound as if there are many.

Only one person was able to raise their hand. Meanwhile behind that person someone made a zero with their fingers.

When I selected the person to answer the question, we all received a much more thorough and deeper response than just zero fingers. The respondent asked me to clarify if I meant Federal versus Provincial and how the notification should be made to the victims.

It felt like a courtroom cross examination, and all I was looking to hear was, “One and it’s Alberta!” but I learned a little about PIPEDA as well.

Bravo and well deserved to the winner! (Who, by the way, later confessed that they were a lawyer).

My other surprise was that when I asked the 75-or-so people sitting in the session, “How many of you know that Sophos has a DLP solution?” – only two half-hearted hands went up.

If given the opportunity to have guessed before the question was posed, I would said that about half the room would have known about Sophos Data Control versus a rough 2.6%.

Curious to know more about the event? SC Magazine made the conference brochure available online. I’m looking forward to the next SC Congress Canada 2012 on April 3rd and 4th!

PS. SC Magazine has made some photos of the event available via its Facebook page. Enjoy!

The Amazing Orgasm Facebook scam (NSFW) – don’t think with your trousers

Facebook scamThe latest survey scam to spread successfully on Facebook is clearly targeting people who have so much blood flowing to their loins that the supply to their brains has been cut off.

It seems when faced with the prospect of seeing a video of a woman having an “amazing orgasm”, common sense goes out of the window for some people and they click the link without thinking of the possible consequences.

Here is the message that is spreading between Facebook users (I’ve pixelated out parts of the image so as not to offend anyone):

Facebook Amazing orgasm scam

Amazing Orgasm

And here’s an alternative version:

Facebook orgasm scam

The links point to pages on Blogspot, where you will then be redirected to a webpage which presents you with what appears to be a sexy YouTube video of what is claimed to be an “Overly Dramatic Orgasm”.

Overly Dramatic Orgasm

The only thing is that they want you to click a couple of times (sharing and liking the video to your Facebook friends) before they’ll let you watch. Curiously, the messages are in Finnish (“Jaa” is Finnish for “Share”). Could the scammer who set up this particular attack be Finnish?

You probably won’t be surprised to hear that the purpose of the whole scam is to earn money – through tricking users into taking online surveys. And through your clicking on the links, you have helped promote the survey (via the sexy video lure) to your online friends.

Facebook orgasm survey scam

My feeling is that the last thing you’re probably in the mood to do, if you want to watch a sexy video, is fill out an online survey. But that’s precisely the kind of social engineering lure that appears to work on so many occasions.

Don’t think with your trousers, show some common sense. I wish when you logged into Facebook it said, alongside asking for your email address and password, “Have you had a cold shower in the last 20 minutes?”

Maybe then folks would show a little more common sense when they see one of these sexy messages appear on their newsfeed.

What are you doing if you’re clicking on this kind of thing from your work computer anyway? Content like that which these links promise is definitely NSFW (not safe for work).

If you use Facebook and want to get an early warning about the latest attacks, you should join the Sophos Facebook page where we have a thriving community of over 90,000 people.

The Last Horcrux Brings More Spam

Harry Potter and the Deathly Hallows - Part 2 is the last movie of Harry Potter novel series and is being released globally on July 15. The movie has another few weeks before it appears in theaters and it has already become a hot topic for spammers. Symantec reported similar spam activity previously for Part-1 in the blog Harry Potter and The Deadly Hallows of Spam.

In the spam sample below related to the new release, spammers are offering free tickets to Part 2. The message says the offer is valid only in the U.S. and that there are limited supplies of the tickets. The email header shows an example of header spoofing, whereby the email purports to originate from the official Harry Potter site. “From: "Movie Tickets" resolves to “[email protected]_address”

Harry Potter scam email

Figure 1. Harry Potter scam email

In the past, Symantec has observed spam promoting the Harry Potter novels and accessories at discounted rates, as well as 419 and online pharmacy scams invoking Harry Potter (see this blog, for example). The goal of these spam campaigns is to harvest personal and financial information.

Because Harry Potter fans are excited to find out what will happen in the final installment, we expect that spammers will continue to distribute more and more Harry Potter spam leading up to the final film's release since this is their last great chance to exploit the Harry Potter magic.

The President is finally taking charge? No, a Facebook phishing attack

A warning to all the Facebook users out there – the scammers are after your login details again, this time by spreading a link which purports to be a video of Barack Obama.

The president is finally taking charge on Facebook

The president is finally taking charge!!
Is this really for real?.

The image used in the message looks like a YouTube video thumbnail, but if you click on the link you are redirected, via a cross-scripting vulnerability on an MIT webpage and then Reddit, to a phoney Facebook login page.

It may look like Facebook, but it’s not the real Facebook. It’s designed to phish your username and password from you.

Incidentally, the page is hosted on an almost identically-named domain to one we’ve previously seen used in a Facebook phishing campaign.

Facebook usernames and passwords are an increasingly valuable commodity for cybercriminals – once they have those, they’ll be able to log into your account, post messages in your name, spread spam and malware and perhaps raid your profile for personal information that they might be able to use for identity theft.

Worst of all, perhaps, they can pose as you and cause tremendous problems for your friends and family.

So, if you think you might have fallen for a scam like this, change your Facebook password immediately and scan your computer with an up-to-date anti-virus product.

If you’re on Facebook and want to learn more about security threats on the social network and elsewhere on the internet, I’d recommend you join the Sophos Facebook page.