Christmas gifts of Samsung Digital Picture frames could come with the unwelcome gift of malware, Amazon has warned.

The online retailer cautioned that versions of Samsung's SPF-85H 8-Inch digital photo frame product came with an installer disc contaminated with the Sality worm. The disc is needed to use the kit as a USB monitor on windows XP machines. Users who instal the software are liable to find themselves infected with a strain of malware that includes keylogging functionality.

Posted by Justin Payton in Adware, Spyware and Trojans at 10:12

Britain's Home Office has quietly adopted a new plan to let police routinely hack into people's personal computers without a warrant.

The move, which follows a decision by the European Union's council of ministers in Brussels, has angered civil liberties groups and opposition members of Parliament. They described it as a sinister extension of the surveillance state which drives "a coach and horses" through privacy laws.

The hacking is known as "remote searching." It allows police or intelligence officers who may be hundreds of miles away to covertly examine the hard drive of someone's PC at his home, office or hotel room.

Posted by Justin Payton in Adware, Spyware and Trojans at 16:09

January 5, 2009 (Computerworld) Hackers hijacked the Twitter accounts of more than 30 celebrities and organizations, including President-elect Barack Obama, Britney Spears and Fox News, early on Monday, the company confirmed today.

"This morning we discovered 33 Twitter accounts had been 'hacked,' including prominent Twitter-ers like Rick Sanchez and Barack Obama," Twitter co-founder Biz Stone said in post to the company blog. "We immediately locked down the accounts and investigated the issue. Rick, Barack and others are now back in control of their accounts."

Earlier in the day, the hacked accounts had been used to send malicious messages, many of them offensive. CNN correspondent Rick Sanchez's account, for example, tweeted a message claiming that "i am high on crack right now might not be coming to work today," while Fox News' Twitter update reported "Breaking: Bill O Riley [sic] is gay," referring to the network's conservative talk show host.

According to Twitter, the accounts were hijacked using the company's own internal support tools. "These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the e-mail address associated with their Twitter account when they can't remember or get stuck," Stone admitted. "We considered this a very serious breach of security and immediately took the support tools offline. We'll put them back only when they're safe and secure."

Posted by Justin Payton in Adware, Spyware and Trojans at 09:25

Even Twitter isn't safe from phishing. Phishers are now targeting the microblogging service Twitter to promote a widespread phishing campaign tricking celebrities and other users into submitting their personal information for identity theft and other illegal activities, experts say.

Like similar phishing scams seen on Facebook and MySpace, the latest version of the Twitter attack targets numerous celebrities, including President-elect Barack Obama, Britney Spears, and CNN anchor Rick Sanchez, among others, who have claimed to have fallen for the scam.

Since the weekend, the phishing attack has appeared to evolve into a traditional malware campaign in which users are enticed to click on malicious links for sites that contain keystroke loggers and other information-stealing code, experts say.

"We've already seen it move to a very traditional kind of phishing attack," said Marina Merritt, Internet safety advocate for Symantec (NSDQ:SYMC). "As (attackers) get people to click that link, there are so many exploits."

Like traditional phishing attacks on other social networking sites, the Twitter messages seem to come from someone that the victim knows. The attackers send what appear to be personalized "tweets" containing a link to a Web site impersonating the Twitter login site. In fact, the link leads users to a fake login page designed to trick them into handing over their usernames and passwords. Twitter said that the phishing attack domain appears to originate from China. The news was initially broken Jan. 3 by blogger Chris Pirillo after he received one of the phony Twitter messages used in the attack. Since then, Twitter posted a security advisory on its site warning users of the scam.

Posted by Justin Payton in Adware, Spyware and Trojans at 14:57