“OMG!! Guys, you have to see this: This mother went to jail for taking this pic of her son! —> [URL]” one of the spam messages reads. Clicking on the link takes users to a rogue Facebook profile with a name similar to the message.

This profile has a page called ‘SEE HERE!’ which instructs users to “Like” it in order to see the intriguing picture. Furthermore, to entice people even more it promises that “Your jaw will drop to the floor!”

Liking the page will get users no closer to seeing a image and will instead ask them to spread more spam, this time by posting the original message on their wall for all their family and friends to see. Users who are gullible enough to accept this, will finally get a link to allegedly see the elusive picture.

Unfortunately, following it doesn’t have the expected result and prompts users to take one of four surveys as a “security check.” Taking a survey is definitely not a good idea as there are high chances of ending up being billed for some sort of premium service and compromised personal information.

The second scam is almost identical in concept as the first, but uses a different lure. In this case the spam message reads “OMG!! McDonalds might soon shut down because of this, you have to see this! –> [URL]” and no, it’s no better than the first. If you are a victim of any of them make sure to delete the rogue messages from your profile and remove the fake pages from your Like list.

“I really feel like despairing that the general public will ever learn to avoid dodgy links like this. Far too many people are prepared to endorse and share links on Facebook without properly thinking about what they are doing. In this case they’re doing it before they have any clue about what lies behind the page,” Graham Cluley, senior security at antivirus vendor Sophos, commented.

Online gaming credentials are valuable items for cyber criminals, who sell them in bulk on the black market. World of Warcraft accounts in particular are in high-demand. According to research from Symantec released earlier this year, WoW credentials can rack up from $35 to $28,000, depending on how well the associated characters are developed.

“A World of Warcraft account could be a gold pot for phishers, depending on the player’s achievement. In-game items are in demand and could be sold for real cash value, making WoW accounts a favorite phishing target,” the F-Secure researchers, who intercepted the latest phishing campaign, explain.

The fake emails have their “From” field spoofed to appear as if they originate from a generic address on the blizzard.com domain. The messages masquerade as automatic notifications regarding suspicious account changes, however, the poor spelling is strongly indicative of their rogue nature.

“[...] blizzard to investigate the recent theft of a large number of players missing account, we may be on your World of Warcraft account. Your password has been modified recently to restore the password We recommend that you log on to restore the password verification: http://[censored]-surveyus.com,” part of the ambiguous phishing message reads.

A more close investigation of the headers reveals that the emails are sent through a @hotmail.com address, which was probably hacked. The researchers point out that a real Battle.net account changes verification process requires more than simply supplying the password. A valid ID such as driver’s license, birth certificate, state ID, passport and in the case of minors, parental consent, is necessary.

Some of the main features that have been integrated into the company’s latest solution, McAfee has highlighted the following: Artemis and TrustedSource Technology integration, integrated URL filtering, appliance clustering with load balancing, and more. The unit has been designed to provide a simple installation process, by auto-detecting network settings and providing a user-friendly configuration wizard. According to the company, its Email and Web Security Appliance deliver a better than 99 percent spam-detection accuracy, making it a valid choice for SMB users.

Although no pricing details have yet been released, the company announced that the Email and Web Security Appliance will be available globally later this quarter. In addition, users will be able to take advantage of the company’s 30-day “Buyer’s Assurance Program,” but available only in the US, Canada and Latin America.

Technological and managerial procedures applied to computer systems to ensure the availability, integrity and confidentiality of information managed by the computer system. Computer security also imposes requirements on computers that are different from most system requirements because they often take the form of constraints on what computers are not supposed to do. Here are some typical approaches to improving computer security:

• Physically limit access to computers to only those who will not compromise security.
• Hardware mechanisms that impose rules on computer programs, thus avoiding depending on computer programs for computer security.
• Operating system mechanisms that impose rules on programs to avoid trusting computer programs.
• Programming strategies to make computer programs dependable and resist subversion.

The “From” field of the emails is spoofed and one of them reads “Thank you for shopping at our internet store! We have successfully received your payment. Your order has been shipped to your billing address. You have ordered Toshiba Satellite U400D. You can find your tracking number in attached to the e-mail document. Please print the label to get your package.” This technique has probably been chosen in order to avoid detection from basic spam filters. A randomly named .zip archive file is attached to every email.

The extracted ZIP archive contains a D*****.exe, of approx 36 kB, where * stands for random numbers and letters. The executable file is actually the Bredolab installer, which is a new computer trojan discovered by security researchers back in May. Once installed on the system, its purpose is to infect it with additional malware. So far, the trojan has been observed to download malicious applications from the FakeAV family. Users are strongly advised to keep their antivirus solutions updated with the latest definitions.