Category Archives: Malware Advisories

Comodo’s Free Site Inspector –Malware and Blacklist Detection For Website Owners

imageComodo recently released SiteInspector, a free service which has been designed to automatically check owner operated websites on a daily basis to ensure the sites remains malware free and, has not been captured by a blacklist. If the worst happens – Comodo will immediately notify the website owner by email, so that corrective action can be taken.

Despite the fact that the free service is restricted to checking 3 pages on a domain, it’s a tool worth considering if you are a webmaster. Any free service that can help web site owners keep the malware hounds at bay – is worth considering.

You certainly don’t want a prospective visitor to see this!

image

Signing up for the service is a simple process, as the following screen captures indicate.

Following initial sign up you will receive a receipt notice.

Comodo Site Scanning

While on the SiteInspector screen, click on “Manage Subscriptions” ……..

image

to set up both the site you wish to cover, and the form of coverage.

image

Any after the fact changes, require a sign in to your account.

image

The first report from Comodo – click to expand.

image

Fast Facts:

Daily Malware Scanning – SiteInspector scans your website for potential malicious code injection on a daily basis and notifies you if any such event has occurred, so that you can take action against them in a timely fashion, before the injected code starts affecting your visitors’ computers.

Blacklist Monitoring – Comodo SiteInspector checks major blacklists such as Google Safe Browsing, PhishTank, Malwaredomainlist, Malcode, Clean MX every day to make sure your website is not listed. If it is, you will be immediately alerted so that you can take remedial action and remove your site from blacklist, minimizing the downtime.

Immediate notifications means you react faster – Immediately after a problem is discovered, we’ll dispatch an email notification alerting you. Your support technicians don’t have to wait for angry customers to complain that your site contains malicious content

Independent external testing from your customer’s perspective – SiteInspector connects to your website in the same way that a customer would. If it discovers any problems with your website, it is likely your customers will be affected too.

No software downloads. No complicated set up – SiteInspector is a website checking service that runs remotely from secure servers managed by Comodo, so the user is not required to install software on their machine or network. Account management is done via our 100% online interface. All you need to do to take advantage of this great service is sign up, configure your tests and let SiteInspector do the rest.

The Comodo sign up page is here.

Advertisements

5 Comments

Filed under Blogging Tools, Comodo, Don't Get Hacked, Freeware, Malware Advisories, Web Hosting

Pssst – Let’s Talk About, Uh…. Porn

imageI’ll talk to you about porn. Your friends probably won’t – other than to deny that they watch it – or, perhaps to decry its prevalence on the Internet. If you want to see your friends scramble for cover –  if you want to see some terrific open field running  – ask them specifically, if they watch porn on the Internet.

Yes, I know, they don’t. But, someone’s watching. Run a Google search for “porn” and you might be surprised to see that there are considerably more than One Billion search results.

image

Click graphic to expand.

Despite its popularity and huge profitability – the pornography industry has revenues larger than the revenues of the top technology companies combined – that’s right, the combined revenues of Microsoft, Google, Amazon, eBay, Yahoo!, Apple, Netflix …. – it’s still seen, by many (at least publicly), as a back room activity.

Although porn has almost reached a level of respectability (I’ll focus on the almost), or perhaps because of it there are those who would rather see porn back in the gutter, and dark alleys, where they think it belongs.

But not Kyle Richards. Richards is a 21 year old Michigan jail inmate who believes he’s being subjected to cruel and unusual punishment because he can’t access pornography. Alleging that denying his request for erotic material subjects him to a “poor standard of living” and “sexual and sensory deprivation”, he’s suing.

image

Macomb County Jail; Getty

Rather than referring to Kyle as an idiot, which he undoubtedly is – I’ll give him the benefit of the doubt (at least I’ll pretend I am). Could it be that he’s a porn expert – that he knows pornography has always been a force to be reckoned with. From prehistoric rock paintings depicting sex, through to the Greeks, Romans, the Renaissance period ( in which it flourished), and on to the mass production of pornography in the early 20th century. Yeah, sure!

Purveyors of pornography have always been quick to adapt to new technologies – especially mass production opportunities. No surprise then, to see the distributers of sexually explicit material almost immediately adopted the Internet as the preferred method of  mass distribution –  a technology which allows uncontrolled (by moralists, governments, and others), and anonymous access to explicit sexual content. Not a bad business model!

As an Internet security blogger, I have a certain level of concern with respect to pornographic Websites. Just to be clear – I’m not a member of the Morality Police, and I hold no religious, or political views, on the availability of pornography on the Internet; except of course, pornography which is clearly illegal, or morally reprehensible.

Instead, my main concern is focused on the primary/secondary use, that many of these sites are designed for – as a vehicle for the distribution of potentially harmful malware applications that can be surreptitiously dropped onto unwitting visitors computers.

With that in mind, over the years I’ve written a number of articles dealing with this issue  including – Dangerous Porn Sites – Tips on How to Avoid Them, Porn Surfing – Put a Software Condom on Your Computer!, Kate Middleton Nude – As If!, and Nude Pics Of Your Wife/Girlfriend Attached – Click Here.

I’ve no idea why precisely, but lately (the last 2/3 months), these articles have been getting an unusually high number of hits – generally from search engine referrals. Whatever the reason, it’s a good thing. Hopefully, it’s an indication that surfers are beginning to recognize at least one of the many potentially unsafe activities on the Internet. Hopefully!

A selection of  those search engine referrals  – most are multiples of 30/40 or more (sex, porn, nude, dangerous, safe ….), to this site on a typical day. Some of them are just a little strange – I think. But then, who am I to judge what’s strange?  

porn eskimo, safe porn sites, dangerous porn, dangerous porn sites, most dangerous porn sites, dangers of porn surfing, safe sites for porn, safe porn sites, are pornography websites safe, how can i protect my computer from porn, safest porn sites, porn sites safe, how many porn sites are dangerous, safe porn sites to visit, sex in malware, porn sites without malware, what is a safe porn site, visiting porn sites, pornsites, you porno, how common is illegal pornography, safe porn site recommendation, how to avoid seeing porn, what porn website are safe, porn eskimo (have to admit this one made me LMAO), cam 4 porno gratissurfing (no idea what this one means), 18 teens sex, upskirts webcams, sex with horse by girls, girls sex with horse, the free earlybird wake up local free sex web on one on one cam, nude photo revealing kate middleton, kate middletonnud, kate middletonnude, wife nude pics, share your wife nude pics, i saw your wife nude

I’ll admit that this post rambles a bit – but, I just had to reference the Kyle Richards (I need my porn) story, somehow. More and more often, I find myself shaking my head at just how eerily crazy this world really is.  Smile

This article was originally posted July 5, 2011.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Don't Get Hacked, Malware Advisories, Online Safety, Point of View, Tech Net News

Cyber Crooks Taking Another Crack At Yahoo Instant Messenger

imageI’ve been known to  stare at my monitor, humming a few bars of  – “IM malware go away, and come back another day”, from time to time. Doesn’t seem to work though.  🙂 IM malware never goes away – it just fades into the malware background chatter.

Despite the fact that Instant Messenger malware (which has been with us since 2005, or so), doesn’t create much of a fuss, and seems to prefer to stay just below the horizon, it’s as dangerous as it’s ever been.

In business, when something works, why bother to reinvent the wheel. A little nip here; a little tuck there and hey – you’re still in business! No surprise then, when we see that cybercriminals subscribe to this business philosophy.

–   Yahoo Instant Messenger Under Attack Again or Still? (May 4, 2010)

It’s easy to forget about the risks associated with Instant Messaging precisely because of this lack of profile. Until, that is, IM malware comes knocking – hard – like now!

BitDefender’s, Bogdan Botezatu, reports in a recent Blog post, that Yahoo Messenger is currently under attack – and, taking a hard knocking.

From the Blog:

New Yahoo Messenger 0-Day Exploit Hijacks User’s Status Update…and spreads malware, of course!

A newly discovered exploit in version 11.x of the Messenger client (including the freshly-released 11.5.0.152-us) allows a remote attacker to arbitrarily change the status message of virtually any Yahoo Messenger user that runs the vulnerable version.

Since you’re an astute and educated user, none of this comes as a surprise, I’m sure. But, what about a typical user – would he/she be surprised, do you suppose?

Let’s take a look –

In a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users – just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Unfortunately, the only surprise here is – this is not a surprise.

The harsh reality is, from a security perspective, Instant Messaging applications can present considerable security risks. So naturally, cyber-criminals use Instant Messaging as a primary channel to distribute malware and scams.

We’ve talked about IM security a number of times here, but with this ongoing attack, a quick refresher might be in order.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Instant Messanger changed Above all, if you are a parent, take exceptional care with the access that your children have to these programs.

The risk here goes beyond malware, as sadly, they could come into contact with undesirable individuals. The risk is low of course, but……..

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software, Parental Control Bar,  to help you do just that.

BTW, you can hum “IM malware go away, and come back another day”, to the new version of that old familiar tune – Rain Rain Go Away.    Smile

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on Cyber Crooks Taking Another Crack At Yahoo Instant Messenger

Filed under Cyber Crime, Instant Messenger Safety Tips, Interconnectivity, Malware Advisories, Online Safety, Yahoo

3..2..1 – UPS Malware Blasts Off!

imageMy friends over at Commtouch, got me on the horn to advise me that the UPS email scam (with malware attached), has bounced up significantly. From what I can see, the malware is a Fake Alert Tojan which installs a rogue security application. So, be on your guard.

I’m on vacation this week, so I’ll post the Commtouch Café blog article verbatim.

A wild malware rollercoaster – over 500% increase

The UPS name is once again being used to spread vast amounts of email-attached malware.   The last week has seen an extraordinary increase – over 5.5 times the average level before the outbreak.  The attack closely resembles the large outbreak reported on at the end of March.  The graph below illustrates the increase:

image

There are numerous versions of the email text – some examples:

Good afternoon!

Dear Client , Recipient’s address is wrong

Please fill in attached file with right address and resend to your personal manager

With best regards , Your USPS .com Customer Services

Good afternoon!

Dear User , Delivery Confirmation: FAILED

Please print out the invoice copy attached and collect the package at our department

With respect to you , Your UPS Services

GOOD AFTERNOON!

Dear Client , We were not able to delivery the postal package

Please fill in attached file with right address and resend to your personal manager

With Respect , Your UPS .COM

ATTENTION!

DEAR CLIENT , RECIPIENT’S ADDRESS IS WRONG

PLEASE PRINT OUT THE INVOICE COPY ATTACHED AND COLLECT THE PACKAGE AT OUR DEPARTMENT

With best wishes , Your USPS .us Customer Services

These emails also come with a range of subjects such as:

  • USPS Attention 060532
  • USPS: DELIVER CONFIRMATION – FAILED 17592718
  • USPS id. 182407
  • USPS DELIVERY CONFIRMATION 7264145
  • From USPS 4009717
  • Your USPS id. 44531036
  • USPS ATTENTION 44123265

In the previous attack the filenames were quite limited – unlike this attack – some examples:

  • “ups_NR9Yl2673.zip”
  • “Ups_NR5pY500268590.zip”
  • “UPS_NR5Da3052.zip”
  • “MyUps_NR9hN8574.zip”
  • “MYUPS_NR5gX736615890.zip”

Reminder: In the last series of attacks the subjects were changed to use the DHL brand a few days after the initial attack.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Cyber Crime, Don't Get Scammed, Don't Get Hacked, email scams, Malware Advisories

PC Tools Exposes “Harry Potter and the Deathly Hallows Part 2” Cyber Threat

imageThe waiting game is almost over for Harry Potter fans who are hungry to feast their eyes on the much-anticipated final chapter in the Harry Potter franchise – Harry Potter and the Deathly Hallows Part 2.

There are always those of course who won’t wait – in this case until July 15. You know the type – the buttinskis who push ahead of you in line, or cut you off on the expressway – the ones you’d like to clunk upside the head.

Unfortunately, the obnoxious dimwits who behave in this way, tend to repeat this behavior across a broad range of personal activity, and I suspect, that the niceties of copyright law is well below their personal radar horizon.

The reigning experts in social engineering – cybercriminals (who, in my view, could teach “legitimate social engineering experts” a thing or two), are well aware of the “can’t wait buttinskis”, and in a perfect replay of the old “there’s no honor amongst thieves”, have made available through free torrent downloads –Harry Potter and the Deathly Hallows Part 2, except

ExceptPC Tools, the company which brings you PC Tools Firewall Plus (free), ThreatFire (free), and of course a complete line of award-winning commercial grade security offerings, has discovered that these free torrent downloads are nothing more than a new online malicious scam. Gotta admit – I love Karma payback!

I’m posting the bulletin PC Tools sent me yesterday on this, since it’s very instructive in terms of just how much effort cybercriminals will go through, in order to penetrate a target’s computer.

It’s not often possible to capture an online attack as it occurs, but in this case, PC Tools managed to do just that – see images and links listed below.

Here’s how the malicious scam works:

  • First, a user searches torrents for free downloads of the final Harry Potter movie
  • Results claiming to offer a free download of the new movie appear
  • Once users download the file, .RAR file and password.txt downloads appear
  • Users receive a message saying, “This video is password protected to stop automated leeching and detection. To get your password, please visit:
  • Here, users are taken through a series of instructions to obtain their password.

One of which is choosing a link for a special offer while the site “verifies” the password

  • Once users click on an offer, a new tab and pop-up open, asking users to save what seems to be a legitimate file
  • After saving the file, cybercriminals have access to your computer—and the movie, of course, never appears on the screen

Harry Potter Threat  Exposed

Here’s what victims find while searching for the Harry Potter and the Deathly Hallows Part 2 movie or videos:

image

Users can discover apparently ripped versions of the new Harry Potter movie on file-sharing websites.

image

It looks like the movie is being downloaded on the victim’s computer.

image

The victim is instructed to decompress the archive.

image

RAR and password.txt files suddenly appear.

image

User is told to visit separate website by password.txt file.

image

The victim then sees this screenshot, claiming to be MovieYT.com.

image

User follows 3-step instructions, which takes them to a verification code check.

image

User clicks on VLC Player and a new tab is opened.

image

When hovering over the download button, the download executable file looks real.

image

Once the user clicks on the file, they are prompted to save it – this, of course, contains malware.

image

While all this is happening, the user is still waiting for the “Verification Check” from MovieYT – but the cybercriminals now have access to the victim’s computer. They have your password and other personal information that they can use to further attack you, your finances, your friends and social networks.

Worth repeating: Consider the trade-offs, and the very real risks involved with Peer to Peer and Torrent applications.

Privacy: When you are connected to file-sharing programs, you may unintentionally allow others to copy confidential files you did not intend to share. So be sure to setup the file-sharing software very carefully.

If you don’t check the proper settings when you install the software, you could allow access not just to the files you intend to share, but also to other information on your hard drive, such as your tax returns, email messages, medical records, photos, and other personal and financial documents.

It’s extremely important to be aware of the files that you place in, or download to, your shared folder. Don’t put information in your shared folder that you don’t want to share with others. Your shared folder is the folder that is shared automatically with others on peer to peer file sharing networks.

Copyright Issues: You may knowingly, or otherwise, download material that is protected by copyright laws and find yourself caught up in legal issues. Copyright infringement can result in significant monetary damages, fines, and even criminal penalties.

Some statistics suggest as many as 70% of young people between the ages of 9 – 14, regularly download copyrighted digital music. If you are a parent, you bear the ultimate responsibility for this illegal activity.

Adult Content: Again, if you are a parent you may not be aware that their children have downloaded file-sharing software on the family computer, and that they may have exchanged games, videos, music, pornography, or other material that may be unsuitable for them. It’s not unusual for other peoples’ files to be mislabeled and you or your children can unintentionally download these files.

Spyware: There’s a good chance that the file-sharing program you’re using has installed other software known as spyware to your computer’s operating system. Spyware monitors a user’s browsing habits and then sends that data to third parties. Frequently the user gets ads based on the information that the spyware has collected and forwarded to these third parties.

I can assure you that spyware can be difficult to detect and remove. Before you use any file-sharing program, you should buy, or download free software, that can help prevent the downloading or installation of spyware, or help to detect it on your hard drive if it has been installed.

Viruses: Use and update your anti-virus software regularly. Files you download could be mislabeled, hiding a virus or other unwanted content. Use anti-virus software to protect your computer from viruses you might pick up from other users through the file-sharing program.

Generally, your virus filter should prevent your computer from receiving possibly destructive files. While downloading, you should avoid files with extensions such as .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.

Default Closing Behavior: It is critical that you close your connection after you have finished using the software. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and will increase your security risk. Be sure to turn off this feature in the programs “preferences” setting.

What’s more, some file-sharing programs automatically run every time you turn on your computer. As a preventive measure, you should adjust the file-sharing program’s controls to prevent the file-sharing program from automatically starting.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under Cyber Crime, Cyber Criminals, Don't Get Scammed, Don't Get Hacked, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, PC Tools, Peer to Peer, System Security, Windows Tips and Tools

Let’s Talk About, Uh…. Porn

imageI’ll talk to you about porn. Your friends won’t – other than to deny that they watch it – or, perhaps to decry its prevalence on the Internet. If you want to see your friends scramble for cover –  if you want to see some terrific open field running  – ask them specifically, if they watch porn on the Internet.

Yes, I know, they don’t. But, someone’s watching. Run a Google search for “porn” and you might be surprised to see that there are considerably more than One Billion search results. Then again – maybe you wouldn’t be at all surprised.

image

Click graphic to expand.

Despite its popularity and huge profitability – the pornography industry has revenues larger than the revenues of the top technology companies combined – that’s right, the combined revenues of Microsoft, Google, Amazon, eBay, Yahoo!, Apple, Netflix …. – it’s still seen, by many (at least publicly), as a back room activity.

Although porn has almost reached a level of respectability (I’ll focus on the almost), or perhaps because of it there are those who would rather see porn back in the gutter, and dark alleys, where they think it belongs.

But not Kyle Richards. Richards is a 21 year old Michigan jail inmate who believes he’s being subjected to cruel and unusual punishment because he can’t access pornography. Alleging that denying his request for erotic material subjects him to a “poor standard of living” and “sexual and sensory deprivation”, he’s suing.

image

Macomb County Jail; Getty

Rather than referring to Kyle as an idiot, which he undoubtedly is – I’ll give him the benefit of the doubt (at least I’ll pretend I am). Could it be that he’s a porn expert – that he knows pornography has always been a force to be reckoned with. From prehistoric rock paintings depicting sex, through to the Greeks, Romans, the Renaissance period ( in which it flourished), and on to the mass production of pornography in the early 20th century. Yeah, sure!

Purveyors of pornography have always been quick to adapt to new technologies – especially mass production opportunities. No surprise then, to see the distributers of sexually explicit material almost immediately adopted the Internet as the preferred method of  mass distribution –  a technology which allows uncontrolled (by moralists, governments, and others), and anonymous access to explicit sexual content. Not a bad business model!

As an Internet security blogger, I have a certain level of concern with respect to pornographic Websites. Just to be clear – I’m not a member of the Morality Police, and I hold no religious, or political views, on the availability of pornography on the Internet; except of course, pornography which is clearly illegal, or morally reprehensible.

Instead, my main concern is focused on the primary/secondary use, that many of these sites are designed for – as a vehicle for the distribution of potentially harmful malware applications that can be surreptitiously dropped onto unwitting visitors computers.

With that in mind, over the years I’ve written a number of articles dealing with this issue  including – Dangerous Porn Sites – Tips on How to Avoid Them, Porn Surfing – Put a Software Condom on Your Computer!, Kate Middleton Nude – As If!, and Nude Pics Of Your Wife/Girlfriend Attached – Click Here.

I’ve no idea why precisely, but lately (the last 2/3 months), these articles have been getting an unusually high number of hits – generally from search engine referrals. Whatever the reason, it’s a good thing. Hopefully, it’s an indication that surfers are beginning to recognize at least one of the many potentially unsafe activities on the Internet. Hopefully!

A selection of  those search engine referrals  – most are multiples of 30/40 or more (sex, porn, nude, dangerous, safe ….), to this site on a typical day – last Friday. Some of them are just a little strange – I think. But then, who am I to judge what’s strange.  

porn eskimo, safe porn sites, dangerous porn, dangerous porn sites, most dangerous porn sites, dangers of porn surfing, safe sites for porn, safe porn sites, are pornography websites safe, how can i protect my computer from porn, safest porn sites, porn sites safe, how many porn sites are dangerous, safe porn sites to visit, sex in malware, porn sites without malware, what is a safe porn site, visiting porn sites, pornsites, you porno, how common is illegal pornography, safe porn site recommendation, how to avoid seeing porn, what porn website are safe, porn eskimo (have to admit this one made me LMAO), cam 4 porno gratissurfing (no idea what this one means), 18 teens sex, upskirts webcams, sex with horse by girls, girls sex with horse, the free earlybird wake up local free sex web on one on one cam, nude photo revealing kate middleton, kate middletonnud, kate middletonnude, wife nude pics, share your wife nude pics, i saw your wife nude,

I’ll admit that this post rambles a bit – but, I just had to reference the Kyle Richards (I need my porn) story, somehow. More and more often, I find myself shaking my head at just how eerily crazy this world really is.  Smile 

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

11 Comments

Filed under Cyber Crime, Cyber Criminals, Don't Get Hacked, Internet Safety, Malware Advisories, Personal Perspective, Point of View, Porn, pornography, Windows Tips and Tools