In what appears to be the latest example of hackers jumping on the coat-tails of a hot trending search topic, criminals have created malicious webpages which pretend to be a CNN news report about Bill Cosby's supposed death - but really display fake warnings about security problems on your computer.

These poisoned webpages are appearing high in search engine results - bringing the hackers a steady stream of traffic in the form of unsuspecting computer users searching for information about Bill Cosby.

The warning messages attempt to scare unsuspecting users into downloading a fake anti-virus program onto their computers and possibly handing over their credit card details.

The incorrect rumours about Bill Cosby dying appear to have started on Twitter, with innocent users ironically fuelling the flames (and possibly sending others into danger when they searched for more information) by retweeting the "news").

Bill Cosby himself has posted a message on his website, claiming that he was not dead.

In the past, hackers have exploited rumours of the death of stars such as Kanye West and Johnny Depp.

There are lessons here for everyone: stop spreading "news" of hot breaking stories without checking your facts from a reputable website, be cautious of clicking on links to unknown sites, and always ensure you have up-to-date anti-virus protection in place to scan every webpage you visit.

Sophos detects the malware attack as Mal/FakeAV-BW.

According to a security notice on AMO's blog, the Master Filer add-on was infected by the LdPinch password-stealing Trojan, and Sothink Web Video Downloader version 4.0 was infected by a version of the Bifrose backdoor Trojan horse.

Judging by the statement on the Mozilla Add-ons blog, a fair few people could have found that their Windows computers were infected:

Master Filer was downloaded approximately 600 times between September 2009 and January 2010. Version 4.0 of Sothink Web Video Downloader was downloaded approximately 4,000 times between February 2008 and May 2008. Master Filer was removed from AMO on January 25, 2010 and Version 4.0 of Sothink Web Video Downloader was removed from AMO on February 2, 2010.

Versions of Sothink Web Video Downloader greater than 4.0 are said not to be infected. Furthermore, both Trojans were specifically written for Windows, meaning they could not infect on Mac OS X and Linux installations of Firefox.

This isn't the first time malware has slipped through Mozilla's security procedures. In May 2008, users who downloaded Firefox's Vietnamese language pack were warned that it had contained a malicious script designed to display irritating advertising messages.

Mozilla says that in light of the security lapse it has strengthened its systems, scanning all add-ons with additional anti-virus tools.

Personally, I would recommend that all computer users remember not to rely on someone else doing the virus scanning for them, and ensure they have anti-malware protection running on their computer.

Members of the public are unwittingly forwarding the hoax warning, believing it to be true, warning that the dangerous emails refer to "Gordon Brown smiling or even 'looking happy'", and that all computer users should be on their guard.

The warning, however, is bogus. It's just the latest in a series of email virus hoaxes that we have seen over the last 20 years or so - taking advantage of users' desire to help their friends, family and colleagues by passing on a warning without properly checking their facts.

A typical version of the email hoax reads as follows:

Emails with pictures of Gordon Brown actually smiling are being sent and the moment that you open these emails your computer will crash and you will not be able to fix it!

If you get an email along the lines of Gordon Brown smiling or Gordon Brown even "looking happy" don't open the attachment.

This e-mail is being distributed through countries around the globe, but mainly in England , Wales and Scotland

Be considerate & send this warning to who ever you know.

PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS:

You should be alert during the next few days:
Do not open any message with an attached file called 'Invitation' regardless of who sent it.

It is a virus that opens an Olympic Torch which 'burns' the whole hard disc C of your computer.

This virus will be received from someone who has your e-mail address in his/her contact list, that is why you should send this e-mail to all your contacts.

It is better to receive this message 25 times than to receive the virus and open it If you receive a mail called 'invitation' , though sent by a friend, do not open it and shut down your computer immediately.. This is the worst virus announced by CNN, it has been classified by Microsoft as the most destructive virus ever.

This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus.
This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.
SEND THIS E-MAIL TO EVERYONE YOU KNOW

If you receive a message like this, the best thing to do is tell your friend that it's a hoax and then delete it.

Gordon Brown's smile has made news headlines before, of course. He was widely ridiculed in the British press last April after releasing a YouTube video discussing MP's expenses, with moments of uncharacteristic "friendly" smiling. Indeed, such was the negative feedback that 10 Downing Street closed comments on the video:

After the video was released even former deputy Prime Minister John Prescott labelled Gordon Brown as the owner of "the worst bloody smile in the world".

It's possible, of course, that the Gordon Brown virus hoax was started by someone as a joke, taking the mickey out of the notoriously dour Prime Minister. And it's true to say that the hoax contains content very similar to the well-known "Olympic Torch" virus hoax.

The problem with email jokes related to computer viruses, however, is that sometimes people don't see the funny side and before you know it thousands of people are forwarding it to each other as a real security warning. That's not just a waste of time and bandwidth, it also might result in users taking drastic actions to clean-up their computer from a virus infection which may never have ever existed.

A security advisory published by Microsoft warns of a vulnerability in multiple versions of Internet Explorer, the world's most popular browser, which could lead to information disclosure.

The flaw was demonstrated at the recent Black Hat conference in Washington DC by security consultant Jorge Luis Alvarez Medina, who showed that exploiting the vulnerability allowed him to examine the contents of every file on a user's computer.

Microsoft says the group of users at highest risk are those Interent Explorer users still running Windows XP or who have turned off the browser's Protected Mode feature.

Of course it would be bad news if malicious hackers took advantage of this flaw, as there is no patch yet available from Microsoft. It remains to be seen how quickly Microsoft can roll-out a proper fix for the problem, but hopefully it will be sooner rather than later as it does sound as though the vulnerability is trivial to exploit.

Much more detail can be found in Microsoft's advisory - go check it out before any hackers try to exploit this flaw.

The warning claims that entering your Privacy Settings on Facebook, and hunting for "Automation Labs" under Block Users, will display approximately 20 people you don't know.

A typical version of the warning reads as follows:

All FB friends. This is important. Do this asap! Go to settings. Click on privacy settings. Click on block users. in the name box enter 'automation labs'. A list of approx 20 people you dont even know will come up. Block each one individually. These people have access to your facebook account/profile and spy on what You do!

And it's true, you will see about 20 names - however, it doesn't mean that they have any kind of special access to your Facebook profile and your security has not been breached as I explain in the following video:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

As you can see, this is a scare and the people distributing the warning are actually forwarding a chain letter without checking their facts. *Whatever* name you search for Facebook will make suggestions for you as to who you might want to block, it *doesn't* mean that those people currently have access to your Facebook profile.

So, the "Automation Labs" scare is a storm in a teacup - but there are real security issues on Facebook, as with any other social network. Make sure you read our guidelines for better security and privacy on Facebook.

Oh, and you might want to become a Fan of Sophos on Facebook too!

Many of the affected Twitter users had previously registered on P2P file-sharing sites - and hackers had been able to enter the sites through a backdoor and grab their account information (including email address and password).

Although a username and password for a torrent-downloading website may not seem very valuable, it does have a significant worth if the same email address and password is being used for a social networking site like Twitter too.

As we've explained before, you should never use the same username and password on multiple websites. It's like having a skeleton key which opens every door - if they grab your password in one place they can try it in many other places.

Also, you should ensure that your password is not a dictionary word, and is suitably complex that it's hard to break with a dictionary attack.

Here's a video which explains how to choose a strong password, which is easy to remember but still hard to crack:

Don't delay, be sensible and make your passwords more secure today.

* Image source: canonsnapper's Flickr photostream (Creative Commons)

But here's another way in which criminals can make money out of your mobile, with no hacking required.

28-year-old Kathryn Mills-Webb, a PR manager from Greenwich, London, has found herself in a fight with her mobile phone company after it tried to charge her £1400 for calls made on her mobile phone after it was stolen.

The spare phone was just one of more than a 100 items which were stolen from the house Kathryn shares with her husband Tom during a recent burglary. They hadn't used it for months, and hadn't noticed at first that it was missing at all.

That didn't stop the burglar, of course, making £1400 worth of calls to Colombia in just 72 hours!

Kathryn writes on her company's blog:

Why doesn't T-Mobile (and the others) have the technology in place to prevent this sort of crime from the outset? While not compulsory, most banks have regular checking systems in place that alert them to any potentially fraudulent activity on the account) - surely this kind of technology could and should be easily transferred to check for unusual activity on mobiles too?

In fact, I'd argue that mobile operators have a similar duty of care to their customers. Just as banks can temporarily put a hold on credit and debit cards in the interests of fraud prevention, phone companies should automatically block the SIM card when the bill goes over a certain level or when the activity does not fit with general usage patterns.

I have to agree with Kathryn. This was an old mobile phone, that hadn't been used for months. For it suddenly to make so many expensive calls to a country it had never contacted before should have set alarm bells ringing in the mobile phone company's systems. After all, if my credit card was being charged in such an unorthodox fashion I would have expected my bank to put the brakes on.

Isn't it time that mobile phone companies, who in Britain at least have never been slow to make a quick penny out of their users, took greater care of them? (And while they're at it, they might want to get their own house in order regarding theft.)

In the meantime, my advice to anyone who has an old mobile phone lying around for occasional use is to switch it to a pay-as-you-go scheme - at least that will help limit the impact of a homesick Colombian burglar.

Kathryn is understandably miffed about being held responsible for the charges, and has set up a Facebook page calling on others to pressure T-Mobile (and other phone companies) into seeing sense.

Every day Sophos discovers over 50,000 newly infected webpages, and its findings reveal that the problem of compromised websites is truly global.

Top ten countries hosting malware on the web, January - December 2009:

So, the USA is still the dirty man of the web world - hosting more dangerous infected websites that any other country.

While China and Russia continue to provide some strong competition for the top position, China’s share has dropped considerably from second place with 27.7% in 2008 to third behind Russia with just 11.2% in 2009.

That may surprise some people, as so much emphasis is given in the media to cybercrime and hacking attacks originating from China. But you need to remember that just because the malware is planted on the web in these countries doesn't necessarily mean that the hackers themselves are based in the same place.

Cybercriminals will attempt to infect websites anywhere in the world - it's perfectly possible for a website in Tooting to be infected by a hacker in Timbuktu.

China's drop down the chart continues a trend set in 2008, when China’s figure had dropped from 51.4% in 2007. The remainder of malicious pages are scattered all over the world, with Peru moving strongly up the list to fourth place with 3.7%.

The graph of the Top 10 malware-hosting countries comes from Sophos's latest Security Threat Report, exploring the last 12 months of attacks against computers and what the future might hold for threats. If you haven't already downloaded it - I'd recommend you do so straight away.

The traditional method of web attack was for hackers to create maliciously crafted sites and lure victims in with promises of desirable or salacious content - and this technique still continues to flourish. But it is now rivalled by the huge problem of criminals injecting viral code into legitimate sites that have not been properly secured.

These hacked sites are particularly dangerous because of the large amount of traffic they may already receive, and because visitors may feel they can trust any unusual popups they see.

One of the growing methods through which hackers exploited legitimate websites during the last 12 month was the placing of malicious adverts (known as "malvertising"). Websites that fell victim to malvertising attacks, and thus passed infections on to their readers, included the New York Times and technology website Gizmodo.

Other compromised legitimate websites seen in the last year have included the sites of musician Van Morrison, the UK's leading fish-and-chip chain Harry Ramsden's, and foreign embassies. Many of these sites served up fake anti-virus scans, designed to scare visiting users into believing that their computer had a security problem and trick them installing dangerous software or handing over their credit card details for a 'cure'.

Webmasters need to take much better care of their sites, ensuring that they are securely coded and properly patched against hackers injecting malicious software into their pages.

Meanwhile, all computer users should be protected by a security solution that scans every webpage visited, and every link clicked on, to see if it could contain dangerous content. You scan your email for viruses - you should do the same for websites.

Maybe the USA would do well to get its own house in order, for the benefit of all of us.

The petition, hosted on the official Downing Street petitions website, follows calls from many experts for Internet Explorer 6 to be ditched in favour of alternative browsers or a more up-to-date version of IE.

There does seem to be groundswell of opinion right now, hardening its stance against Internet Explorer 6. There are numerous websites explaining to webmasters how to pop-up messages urging visitors running IE6 to update, even Facebook groups dedicated to IE6's destruction.

Just a few days ago it was revealed that Google would no longer be supporting Internet Explorer 6 for its Google Docs and Google Sites services, with other features such as Gmail dropping IE6 support later this year.

Internet Explorer 6 was first launched in 2001, and should probably have been killed off some time ago. As Tom Espiner at ZDNet recently reported, The Department for Work and Pensions (DWP), the Department of Health (DoH) and the Department for Business, Innovation and Skills (BIS) are amongst the UK government departments that use Internet Explorer 6.

You have to question the wisdom of using Internet Explorer 6 to surf the web when Microsoft itself recently urged IE6 users to upgrade to Internet Explorer 8 (as a mitigating step to avoid an attack by a zero day vulnerability).

Of course, upgrading or switching browsers isn't something that a government department can do overnight - the IT teams responsible for managing a network will need to ensure that the computers can properly handle the new version, and that existing web applications work properly.

But if you want to support the petition urging the British government to switch from Internet Explorer 6 sooner rather than later, then this petition certainly won't do any harm.

As a result, the police force has been unable to carry out checks on criminals and suspect vehicles since the virus entered its computer network on Friday.

Officers have been warned against using unauthorised USB flash drives - a common method for the Conficker worm to enter an organisation.

According to Dave Thompson, Assistant Chief Constable of Greater Manchester Police, the public has not received any difference in the level of service they have received as a result of the virus infection.

"The virus is not destructive and no data has been lost but due to the speed it has spread we have temporarily cut off our access to the Police National Computer and other Criminal Justice systems to prevent further infection," Thompson is reported as saying. "A team of experts is now working on removing the virus, and will not reconnect until we are sure there is no further threat."

Conficker, which was first encountered in late 2008 and created a hystericane of media interest in March last year, spreads via a variety of methods - but my guess is that it's most likely that it infected the police systems via an infected USB stick. After all, they've had well over a year to put the Microsoft patch in place.

Malware like the Conficker worm can spread via infected memory sticks, taking advantage of the AutoRun facility to execute on computers, and has been a common route for virus distribution in recent years. The problem was such that it encouraged Microsoft to improve the way AutoPlay worked in Windows 7.

Although companies can't strip search employees in order to prevent USB memory sticks being brought into their organisations, they can take steps to help fight the problem of unauthorised devices being attached to their network. More and more organizations are looking to control access to USB ports - it doesn't just help stop malware, it can stop sensitive data from leaking out too.