Week in Geek: European Dropbox Users Being Spammed, Investigation Yields No Clues

By Akemi Iwaya on July 22nd, 2012

Our latest edition of WIG is filled with news link goodness covering topics such as no Office 2013 support for XP and Vista, a new Chrome Dev Channel feature frees web apps from the browser, one in five hacked logins match Microsoft Accounts, and more.

Weekly News Links

Security News

Note: We have three articles on the Dropbox problem from different sources to share with you (listed in reverse chronological order).

  • Dropbox finds no intrusions, continues spam investigation
    After some Dropbox users started seeing a sudden increase in spam, even if they only use their e-mail address for the file storage service, Dropbox launched an investigation and even hired experts to further look into the issue. The company has posted an update on its findings so far: zip, zero, zilch.
  • Dropbox hires “outside experts” to investigate possible e-mail breac
    Dropbox users have been complaining for a couple of days about spam delivered to e-mail accounts they created solely to log into Dropbox. There have been no reports of unauthorized activity on Dropbox accounts, but it’s happening to enough users that Dropbox is investigating the matter with its internal security team. The company has also brought in “outside experts” to find out if there has been a breach.
  • Spam attack on Dropbox users
    Spammers are currently sending large volumes of spam to users of cloud storage service provider Dropbox. In almost all cases, the spam is for suspicious-looking online casinos.
  • Skype squashes bug that sends messages to random contacts
    Skype has fixed a bug in its client that sent users’ private instant messages to other contacts whom the messages were never intended for. Microsoft has started releasing hotfixes for the affected versions, starting with Windows and Linux.
  • Trojan attack on Maplesoft customers
    Cyber criminals have used an elaborate multi-stage concept to attack Maplesoft customers: the perpetrators accessed the software company’s customer database and then asked customers to install a malicious “security patch” on behalf of the company.
  • Virus warning: Someone tagged or added a photo of you on Facebook
    Scammers are spamming a new e-mail that claims you were tagged in a photo added on the social network. The e-mail includes a link to a webpage that uses the Blackhole exploit kit to put malware onto your computer, before quietly redirecting you to a Facebook profile as if nothing was amiss.
  • Microsoft also warns of fake Skype malware app on Android
    Cybercriminals recently created a fake Skype app for Android that is really malware in disguise. Microsoft, which owns Skype, has finally caught on and is warning its users about the threat.
  • New contacts stealing Android malware spotted in the wild
    Security researchers from NQ Mobile’s Security Research Center have detected a new Android malware that silently steals the contacts of infected devices, and sends them back to the malicious attackers.
  • Security hole in Amazon’s Kindle Touch
    The web browser built into Amazon’s Kindle Touch eBook reader contains a serious security hole: when a user navigates to a specially crafted web page, the Kindle will execute arbitrary shell commands as root.
  • New Yahoo app vulnerability explains Android spam
    After a Microsoft engineer claimed an Android botnet was sending out spam from Yahoo accounts, Google denied the allegations. Now a newly discovered vulnerability in the Yahoo Mail app for Android explains how an attacker could be sending out the spam from the mobile devices.
  • Apple Mac in-app purchases hacked; everything free like on iOS
    While Apple is working hard to fight the hacking of its In-App Purchase program for iOS, the same hacker has pulled off almost an almost identical scheme for the Mac. Just like on iOS, this means you can purchase in-app Mac content without actually paying.
  • Move over, Flame: New Messiah-themed malware targets Iran, Israe
    Researchers have discovered another piece of espionage malware targeting sensitive organizations in the Middle East, this time siphoning e-mails, passwords, computer files, and nearby conversations from more than 800 PCs operated by critical infrastructure companies, financial institutions, and government agencies.
  • NVIDIA hackers publish user data
    Late last week, NVIDIA confirmed that the database for its forums web site had been broken into by unauthorised third parties, with data from more than 400,000 registered users affected. A hacker group calling itself “Team Apollo” has now claimed responsibility for the breach which caused NVIDIA to take the site down.
  • One in five hacked logins match Microsoft Accounts
    About 20 percent of compromised credentials, exposed via hacks on other service providers, match Microsoft Account logins due to password reuse.
  • Q2 2012: Flashback infects 10% of Macs, Android malware up 300%
    A new Q2 2012 report finds that the Flashback Trojan infected 10 percent of home networks with Mac computers during the month of April while Android malware numbers quadrupled during the quarter.
  • Online identity theft up 200% since 2010
    Following the recent slew of attacks against various websites that resulted in millions of user accounts being compromised, comes this little statistic: fraudsters traded 12 million pieces of personal information online in just Q1 2012.
  • Cyberheist Smokescreen: Email, Phone, SMS Floods
    Brian Krebs shares his experiences with a hacker attack against his Gmail account where it was being ‘used’ to beta test a private service now offered openly in the criminal underground. A service that can be hired to create highly disruptive floods of junk email, text messages and phone calls.
  • When good Android apps go bad — a security lesson
    After loading a legitimate Android app onto Google Play, researchers were able to update it with malicious functionality without triggering the malware detection system. Whoops.
  • Companies unlikely to pursue ‘active defense’ strategy
    There are pros to actively defending corporate networks from cyberattacks by creating “honeypots” and other distractions, but most companies unlikely to have budgets or right manpower to do so, observers note.
  • Senators call for probe of electric grid cybersecurity
    After a CNET article reports potential security vulnerability with the electric power grid, two U.S. senators call for a federal investigation.

Random TinyHacker Links

Super User Questions

How-To Geek Weekly Article Recap

Geeky Goodness from the ETC Side

One Year Ago on How-To Geek

How-To Geek Comics Weekly Roundup

How-To Geek Weekly Trivia Roundup

Akemi Iwaya is a devoted Mozilla Firefox user who enjoys working with multiple browsers and occasionally dabbling with Linux. She also loves reading fantasy and sci-fi stories as well as playing "old school" role-playing games. You can visit her on Twitter and .

  • Published 07/22/12
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!