According to a report by The Next Web, there’s a hack making its way through some prominent Tumblr blogs, including The Verge and CNet.

Along with the spam on the pages itself, users are getting a popup message that would scare anyone’s mom. Trust me, we get these calls all of the time: “Should I click this?” In a word…NO.

Here’s a statement issued to us by a Tumblr spokesperson on the matter:

There is a viral post circulating on Tumblr which begins “Dearest ‘Tumblr’ users”. If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible. Thank you.

Among the victims are The Verge‘s and CNET‘s Tumblrs, which include a message about a ‘GNAA video’ post. It’s advisable for users to avoid visiting Tumblr blogs directly until the issue is resolved, and definitely not to click on any GNAA posts with a video inside nor accompanying links.

The attack itself appears to come from a group of Internet trolls, posting this message to prominent Tumblr sites:

We have taken the liberty of upgrading your (rather tasteless, we must say) blog to our premier GNAA Deluxe Gary Niger (pictured to the left) Signed Edition! This is in response to the seemingly pandemic growth and world-wide propagation of the most FUCKING WORTHLESS, CONTRIVED, BOURGEOISIE, SELF-CONGRATULATING AND DECADENT BULLSHIT THE INTERNET EVER HAD THE MISFORTUNE OF FACILITATING. However, we do not believe you are beyond redemption! All you have to do is DRINK BLEACH AND DIE
YOU EMO, SELF-INSISTING, SELF-DEPRECATING, SELF-INDULGENT EMPTY HUSKS OF HUMAN BEINGS. REPEAT AFTER ME: I WISH I WAS PROFOUND, BUT I’M NOT! I WISH I WAS ORIGINAL, BUT I’M NOT! I WISH MY IMPENDING DEATH WAS OF ANY CONSEQUENCE, BUT IT IS MOST CERTAINLY NOT! Your last chance for redemption hinges upon your death; your death which was most fortunately prescribed by your most unfortunate birth. Fret not, dear emo, your death will be regarded as a sacrifice to humanity; to die a martyr is a glorious death, and will likely be your highest contribution to society.

SHOUTZ: LITERALKA – DOLPHIN/DZL – BERRY/BRR – RORY – INFID3L – INCOG

P.S. Attempting to delete these posts will delete your tumblr account ;] But, by all means, go ahead!

[PSA] Tumblrs to avoid at the moment: CNET, The Verge, The Daily Dot.

—
Matthew Keys (@TheMatthewKeys) December 03, 2012

We’ve checked our Crumblr, and it looks like we’re ok…but we’ll remain vigilant. So should you.

This is developing.

[Photo credit: Flickr, The Next Web]

Article courtesy of TechCrunch

Skype isn’t exactly immune to malware and spam, but criminals are hoping that its users are perhaps less vigilant about clicking through on random links sent to their accounts. According to multiple reports from security firms, as well as from a community forum thread on Skype.com, the popular communications service is the latest target of a malicious online worm. The worm, identified as “Dorkbot,” has previously infected both Twitter and Facebook, and is known to send out messages that use social engineering tactics to trick users into clicking on links.

For example, if anyone has ever tweeted or messaged you with some variation on “lol is this your new profile pic?” followed by a link, that could have been the Dorkbot worm in action. On security firm Trend Micro’s blog post today, researcher Rik Ferguson refers to the Skype worm as “spreading fast.” He says users have seen messages in both English and German, and links point to a download on Hotfile.com labeled as “Skype_todaysupdate.zip,” containing the payload.

While the emergence of the worm is now leading to several media reports – yes, such as this one – the good news, at least according to competing firm Sophos, is that the worm is not all that widespread on Skype just yet. Sophos tells us that their investigation into the scale of the attack is still underway (as is Trend Micro’s), but so far, they’ve only seen a small number of reports. Still, the firm hedges that they may not have the full picture, since their software is for home users, not for businesses. Historically, however, there have been many variants of the Dorkbot attack on other social networks, and it can also spread on USB sticks and via IM.

The worm’s payload is rather vicious - after compromising the affected machine, it joins the machine to a botnet and locks users out of their computer. While in the past, Dorkbot went after user credentials, this new attack uses what’s known as “ransomware.” Users are informed that their files have been encrypted, and are warned they’ll be deleted if they don’t pay $200 within 24 hours. Sophos’ Graham Cluley describes this as being like “kidnappers shooting hostages one by one, if their demands aren’t met…it’s really creepy, unpleasant behavior – and sadly becoming more common,” he says.

As always, both firms remind users (for like the millionth time) not to click on unexpected links. Unfortunately, those who need to hear that message aren’t generally reading tech blogs. They’re reading Yahoo Answers…sigh.

We reached out to Skype for additional information on the worm’s status first thing this morning, but have yet to hear back. Likely, the response, when and if received, will be something along the lines of the worm not being widespread, or affecting a small number of users, as is usually the case with official statements.

Update, 2 PM ET: Skype has responded with the following statement:

Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable.

Image credit: Sophos

Article courtesy of TechCrunch

In an excellent piece by David Sanger, the NY Times has confirmed what we all suspected: that the US deployed the Stuxnet worm, a powerful worm that targets very specific machines within Iran’s nuclear enrichment program.

Some inkling to the source of the worm came in 2011 when Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, said “we’re glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them.” However, until now the worm, which jumped out of the Natanz facility and into the wild, was considered a rare and effective cyber attack by an unknown party.

The worm took down “1000 of 5000″ of the centrifuges running n the facility. “It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives,” wrote Sanger.

There are two interesting points in this mission, one that could be rightly termed a fiasco. First: cyberwar is real and it is happening now. If this worm can shut down a secure nuclear facility, even through the “air gap” between the Internet and the facility’s internal network, then we are all in danger. I’m not suggesting that we will see reactors explode and planes fall out of the sky. I could, however, see the day when it becomes harder to perform research unpopular to a certain regime. Politics aside, we are living in a world where one nation can perform no end of trickery on another in the name of national security.

Second, this attack shows us that cyberwarfare can cause collateral damage. Because this worm jumped out of the facility and into the wild, it’s clear that even the best laid schemes aft gang agley. Anyone – be it in government, security, or development – who thinks this is a magic bullet akin to the neutron bomb. As we become dependent on the networks that support our lives – visibly or invisibly – a worm that has jumped the rails can (and dare I say will) come to effect all of us at some point. It’s just a matter of time.

Cyberwar has grown up. I hope we learn to use it more wisely than we’ve used other technologies of destruction.

[Image: Ludvig/Shutterstock]

Article courtesy of TechCrunch