Engadget for the iPhone: download the app now
AOL Tech

Beth Jones

Member since: Sep 11th, 2009

Beth Jones's Latest Comments

Blog Activity
Blog# of Comments
Download Squad5 Comments

Recent Comments:

Forget malware infections, hackers want to ransom your files and devices (Download Squad)

Nov 6th 2009 12:54PM We talked about this here:


As we stated in the article, the hacker did take down the link and reportedly returned the money. But the concept has been proven.

We've seen this tactic before. Back in 2006 we saw a Trojan that
encrypted the contents of My Documents and then dropped a file that had
"instructions" on how to get your stuff back. It usually involved
sending money or buying stuff from a CanPharm page. Here's the post if
you are interested:

and here's the money tactic:

Fake Facebook password-reset emails are a botnet attack (Download Squad)

Oct 29th 2009 10:33AM This shows that people are simply too trusting. Just because an email seems to come from Facebook, or Twitter or your bank doesn't make it so. If you are uncertain, you can always contact the support group of whoever seems to have sent the email and ask them to confirm the email came from them. Nine times out of ten, it won't be.

Users shouldn't be afraid to question anything that looks suspicious or even slightly dodgy that's asking for sensitive information.

Bad guys now launching attacks through hacked Facebook apps (Download Squad)

Oct 21st 2009 11:22AM There's a trust factor on Facebook, and many other social media sites. People feel that their little corner of the world is safe. They feel like these games and apps shouldn't be compromised because "Why? What value is in hacking Aquariumlife?" Kids using Facebook certainly don't think about security threats. They are simply looking for something to do.

This is exactly WHY these attacks are so successful right now, just as the first email worms were 10+ years ago. Cyber-criminals know how to exploit this trust to infect more people. In time, the trust will erode to a healthy skepticism, just as it has for email and web browsing.

Feel free to check out http://www.sophos.com/security/topic/facebook.html and http://www.sophos.com/security/best-practice/facebook.html to see how to lock down your Facebook access. In addition, the same best practices such as having up-to-date security software, applying OS patches, whether Mac or Windows, changing your passwords frequently (and not using the same one for everything) and simply being vigilant can go a long way.

Beth Jones,SophosLabs

Gmail, Hotmail, AOL and Yahoo! users fall victim to phishing scheme (Download Squad)

Oct 7th 2009 2:10PM Bear in mind this probably wasn’t a single phishing attack. From what we
here at Sophos have seen, it was more than likely a multi-vectored
attack, using email phishing, keylogging botnets and rogue social
network applications, given the number of “fake” email addresses, as
well as a list of “kid culture” passwords. See our blog posts:


The rogue applications is definitely worth noting. While people may be
wiser to email phishing attacks, social media sites are much newer so
the trust factor is still high. Remember what the trust factor was like
in the 1990’s with email? I am on several of the social media sites and
I see rogue applications that are collecting email addresses and
passwords at least a couple times a month. The whole “If you liked this
application, send it to your friends” is really a phishing attack - it
asks for your email address and password to “send” to your friends. The
phishers then have your information.

As stated above, we have also seen in the list a lot of kid culture
passwords, which lends credit to the multi-vectored attack. An email
phish wouldn’t work on a small child, but a “send this application to
your friends” would.

Please be careful out there. Treat your passwords as you would your underwear:
- change them often
- don't share them
- and don't leave them lying around for other people to see

Keep your Mac software up to date with AppFresh (Download Squad)

Sep 11th 2009 11:56AM There is a need to keep your software up to date, whether it be by Sparkle, AppFresh or Software Update. I personally have used this and it's a good tool. I want to try Sparkle as well, but the important thing is to make sure that the software that you use is up to date, and if you don't use it, uninstall it.

Beth Jones, SophosLabs US