Xbox Live hackers, Koobface worm

This is something for Xbox Live gamers to think about, especially if they also have computers connected to the home network. If the Xbox Live users at your house are particularly feisty or contentious, they could get booted out of games by hackers who have figured out how to get the offending gamer's IP address. They then use that address to launch a kind of denial-of-service attack that blocks your gamer's access to the game, the BBC reports. It could also affect other Internet connections on the network. "Microsoft is 'investigating' the use of the tools and said those caught using them would be banned from Xbox Live. One preventive measure is try to get Xbox Live users at your house to "play nice." If they do and they still get booted, those are really malicious hackers. Definitely contact Xbox Live customer support! Another security issue this week is the reemergence of the Koobface worm in Facebook and MySpace. Brian Krebs of the Washington Post cites TrendMicro as explaining that what happens is, social networkers get an invitation from a friend or contact, inviting them "to click on a link and view a video at a counterfeit YouTube site." Then they're told they "need to install an Adobe Flash plug-in to view the video," but what they really download, if they fall for it, is a Trojan horse program that lets attackers take over their computer.

Think b4 u click to YouTube videos!

If your kids watch a lot of YouTube videos, suggest they make sure the URL in their browser window actually says "YouTube.com" before they click to that page. Another tip-off to the latest malicious hack against YouTube users is that the fake YouTube page will show "an error message that claims the video they want won't play without installing new software first," according to coverage in the San Jose Mercury News. Almost any kid who's ever watched a YouTube video will know a player's not needed, but it's still good to be put on alert. "That error message includes a link the hacker has provided to a malicious program, which delivers a virus." When I asked YouTube about this, they wrote back saying, "We are aware that there is a malware threat from fake Websites posing as YouTube and inviting users to download a plug-in to watch a YouTube Video." Because the sites are on other servers, of course, YouTube has no control over them.

Watch out for 'clickjacking'!

The problem is, it's hard to detect, and - according to Trend Micro - virtually all Internet users can be victimized by clickjacking. What is it? A computer-security attack that tricks people into clicking on a link that appears only briefly on their screens, such as in a little game (see this illustration on YouTube). Clicking on it could cause your browser to download malicious software or allow malicious hackers "to open the microphone or Webcam on your PC to eavesdrop," CNET reports. TrendMicro says the only good news is that one protective measure is available, but it's kind of a geeky one: install the Firefox browser's NoScript plug-in and enable "Always Forbid iFrames" in its options ("use the latest version of NoScript v1.8.2.1 with the ClearClick technology"). In any case, tell your kids to be really suspicious of offers to play or download little Web games, especially ones they've never heard of before. Here's more from computer-security experts' blog and coverage from NewsFactor.