Sophos

Cybercriminals are relentlessly attacking Twitter. Over the past few days, Twitter has noticed an increase in phishing attempts and is working feverishly to reset passwords for affected accounts. British politicians are the latest to fall victim to the scams.

Twitter users who have received a direct message or see tweets with phrases like "This you???" or "LOL is this you" followed by a link are warned not to click through because the destination is a crafty phishing site designed to steal personal information.

Facebook and Twitter users are under attack by cybercriminals -- and the incidents are rising, Sophos says in its its 2010 Security Threat Report released Monday. In the past 12 months, Sophos says, cybercriminals have focused more attacks on social-network users. Spam and malware are leading the charge.

Fifty-seven percent of users surveyed reported getting spammed via social-networking sites -- an increase of 70.6 percent from 2008. And 36 percent say they have been sent malware via social-networking sites, a 69.8 percent increase.

People who use a symbol -- a rubber duck or a pair of cats, for example -- as their profile photo on Facebook couldn't be all bad.

That must have been what quite a few recent Facebook users thought when they received friendship requests from people with just such profile photos. They accepted them without checking who they were and thereby got themselves into some unpleasant business. That's because not every friend request is from a person of a similar age and with good intentions.

Just two weeks after Apple iPhone users in Australia reported jailbroken iPhones came under siege by attackers, a new version of the iPhone worm is posing a threat. Symantec reports the new worm targets jailbroken iPhones running SSH that are still using the default password. The worm can reportedly steal data stored on the iPhone as well as connect back to the attacker, giving them control of the phone.

Conventional wisdom calls for IT managers to wait for the first service pack before installing a new Windows operating system. But since Windows 7 builds on all the security improvements Vista made over Windows XP, there may be a temptation to ignore the rule.

That could be a problem because Windows 7 is far from secure, security firm Sophos says. In a company blog, Chester Wisniewski wrote that Windows 7 is highly vulnerable to the latest viruses.

Apple iPhone owners Down Under are reporting their jailbroken iPhones have been hit with a worm that hijacks their wallpaper, changing it to an image of 1980s pop star Rick Astley, and eats up their bandwidth. Although the worm may have spread beyond Australia, there are no confirmed reports yet.

The hacker, who calls himself ikex, claims to have infected 100 iPhones with the malware. The true identity of ikex is 21-year-old Ashley Towns, who shows no public remorse about the hack.

You might think your password protects the confidential information stored on Web sites. But as Twitter executives discovered, that is a dangerous assumption.

The Web was abuzz after it was revealed Wednesday that a hacker had broken into the e-mail account of a Twitter employee and had exposed corporate information. The breach raised red flags for individuals as well as businesses about the passwords used to secure information they store on the Web.

With recent celebrity deaths, spammers are shifting strategies in hopes of cashing in on the misfortunes of others. Although several celebrities have passed away in the last few weeks, pop star Michael Jackson's death is driving the greatest spam volume.

Less than eight hours after Jackson's untimely death, Sophos began to intercept spam campaigns using the singer's name. Sophos also discovered cybercriminals taking advantage of 1970s TV icon Farrah Fawcett's death to spread fake antivirus software.

Mass Mailing Worms

Computer security firms are warning users to be vigilant about spam messages capitalizing the sudden death of U.S. pop star Michael Jackson.

The 50-year-old "King of Pop" was pronounced dead on Thursday afternoon at the Medical Center of the University of California in Los Angeles, after he was in a full cardiac arrest.

Security firm Sophos on Friday reported that about eight hours after Jackson's death, its experts witnessed the first wave of spam messages taking advantage of the breaking news in the subject line and body of the email.

Apple has issued patches for its QuickTime and iTunes software. The patches fix critical vulnerabilities and a bug that was partially revealed in a book, The Mac Hacker's Handbook, by Charlie Miller and Dino Dai Zovi, released in March.

In all, the updates fix 10 QuickTime vulnerabilities and one bug in iTunes. The flaws affect Windows and Mac users alike. The patches came bundled in the QuickTime 7.6.2 and iTunes 8.2 releases Apple published on Monday.