Category Archives: trojans

Why Do Users Keep Falling for Scams?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.


*Social engineering: refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access — Wikipedia

wps_clip_image-25719

It’s unfathomable to me why so many people still get caught out by social engineering techniques, being tricked into clicking that link or opening that attachment.

Social engineering is one of the most prevalent methods used by cybercriminals to infect a system and/or gain a user’s sensitive information. Ransomware, phishing emails, scams, all generally involve an element of social engineering. Why? Because it’s simple, effective, and lucrative. It stands to reason then that the most potent method for eradicating these types of threats would be to make them less effective and less lucrative. The question is; how to achieve that?

You’ve no doubt come across the saying “education is key” – and, when it comes to social engineering, nothing could be truer. Because of the changing nature of socially engineered exploits, security software cannot always protect users from themselves. That’s why Tech blogs are repeatedly issuing the same advice/warnings – don’t click on links in emails from unknown senders, don’t open email attachments from unknown senders, etc., etc., etc. In fact, I recently published yet another list of do’s and don’ts  “10 Golden Rules to Defeat Scammers” . Yet, despite all this, so many people are still falling victim to social engineering.

A large part of the problem I suppose is that the users who need this type of advice the most are generally not the sort of people who tend to visit and read Tech blogs.

I was recently perusing a well-known freeware site and came across a comment from someone complaining that, despite being protected by a commercial grade antivirus, his company’s computers had been infected by ransomware… twice. On both occasions the infection was initiated by an employee clicking on something he or she shouldn’t have clicked on. I suggested to him that perhaps his company needed to review and strengthen its staff training program. Education is key.

My own clientele consists largely of elderly folk and, in my experience, many are highly susceptible to phishing and scams in general. I have a theory about this; I’m sure it’s because they were brought up in an era when trust was inherent; leaving the front door to the house open, leaving the car unlocked and keys in the ignition. Do you know what I mean? It’s not so much that they are gullible, more overly trusting.

These people also tend to be not so computer/security savvy, so rather than hit them with a long list of do’s and don’ts, which might be difficult to follow, I condense it all down to just three rules for them to remember:

1. Treat each and every unsolicited phone call and/or email as highly suspicious.

2. Always be very wary about giving out sensitive personal information over the internet.

3. If it sounds too good to be true, it almost certainly is.

If the more savvy among us would only take the time to pass this type of advice around their own particular circles of family, friends, and acquaintances, I believe that we, collectively, might just make a difference.

image

Advertisements

10 Comments

Filed under cybercrime, Don't Get Hacked, Education, Internet Safety for Seniors, Online Safety, Safe Surfing, System Security, trojans, Viruses, worms

Microsoft Security Essentials –“Here I Come To Save The Day”

imageOh, the embarrassment of it all! I haven’t had to deal with a malware issue (other than self infecting in AV product testing), for more than 2 years – until this past week. No big deal, except perhaps, for the way I got infected – that old, old, old, malware attack vector – an infected search engine result.

The manipulation of search engine results, exploiting legitimate pages, and the seeding of malicious websites among the top results returned by search engines in order to infect users with malware, continues to be a major threat to system security. And, why not? It bloody well works!

Over the years, I’ve written more than a few articles on search engine malware – the last – Search Engine Malware – The Same Old, Same Old – this past August.

From that article:

Here’s how the cyber crooks do it:

Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code.

When a potential victim visits one of these infected sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

So there I was, happily bouncing along the Internet highway Googling a phrase I had read on another blog. Choosing the first Google return proved to be a very bad idea indeed, since I immediately stepped into an infected iFrame.

But thankfully, all was not lost – Microsoft Security Essentials (which incorporates antivirus, antispyware and rootkit protection), halted the malware – Trojan:JS/BlacoleRef.K – in its tracks!

image

So what’s the lesson here?

A couple really – AV settings are very important. In this case, as per the following screen shot – nothing moves into, or out of this machine, without being scanned. Microsoft Security Essentials makes it so simple – no esoteric choices.

image

The second lesson – a MOST important lesson – absolutely, positively, without fail, come hell or high water, ensure that AV definitions are updated at least daily. Preferably, more often.

You might be surprised to learn, that on the day I stumbled, while MSE recognized the intruder, the vast majority of AVs did not – as per the following VirusTotal report (partially reproduced here).

image

Since it was preposterous to assume that MSE had in fact eradicated the Trojan (paranoia has its upside don’t you know?    Smile), I then ran a full scan with Kaspersky Rescue Disk – a free Linux-based antimalware application (a live CD), which scans from the outside looking in. Malware generally can’t hide if it’s not running.

The result? The Kaspersky Rescue Disk scan was clean. MSE had in fact, sent Trojan:JS/BlacoleRef.K to malware hell. Yes!!

I suppose there’s one more lesson that can be dug out of this experience, and that is – those tech journalists who absolutely insist that “pay for” antimalware applications are superior to all free AVs (often, without ever having tested the damn product in real world conditions), should take a step back and reconsider their speculative approach to antimalware application ratings.

Worth repeating: Despite the fact that I’m provided with a free license for all the security applications I test (and then some), I have chosen to run with the following FREE  applications.

Microsoft Security Essentials (free) – an all-in-one antimalware application.

Immunet Protect – a free Cloud based companion antimalware application.

ThreatFire (free) – this application is built around a Host Intrusion Prevention System (HIPS), and behavior based blocking combination.

WinPatrol (free) – another HIPS application with considerable additional functionality. WinPatrol is the elder statesman of this application class and, it just keeps on getting better. A must have application.

PC Tools Firewall Plus (free) – PC Tools Firewall Plus is advanced Firewall technology designed for typical users, not just experts.  The “plus” refers to a HIPS component. Generally, if the ThreatFire HIPS component is triggered on my machine, PC Tools Firewall Plus is triggered as well.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

16 Comments

Filed under Anti-Malware Tools, Cyber Crime, downloads, Free Anti-malware Software, Freeware, Immunet Protect, Microsoft, Software, trojans, Windows Tips and Tools

Search Engine Malware – The Same Old, Same Old

In the News within the past 3 days

Web security firm Armorize – over 6 million e-commerce web pages have been compromised in order to serve malware to users.

Ed Bott Report – criminal gangs that specialize in malware love search engines, because they represent an ideal vector for getting Windows users to click on links that lead to potentially dangerous Trojans. The latest attack targets ads, and the social engineering is frighteningly good.

Not in the News

The specifics may be news but, this particular malware attack vector is so old I’m surprised that more Internet users aren’t aware of it. No, I take that back – based on a conversation I had just last night.

Me: “So, what antimalware applications are you currently running?”

She: “Well, I can cut and paste and I can get on the Internet, but I don’t worry about all that other stuff. I don’t understand it anyway.”

I’m well past the point where I allow myself to show surprise when I hear this type of response – it’s just so typical. Given that level of knowledge, it’s hardly surprising then, that consumer confidence in the reliability of search engine results, including relevant ads, is taken for granted.

I’ve yet to meet a typical user who would consider questioning a search engine’s output as to its relevant safety.  It’s been my experience, that typical Internet users blindly assume all search engine results are malware free.

This, despite the reality that the manipulation of search engine results, exploiting legitimate pages, and the seeding of malicious websites among the top results returned by search engines in order to infect users with malware, is a continuing threat to system security.

Here’s how the cyber crooks do it:

When a potential victim visits one of these infected sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

Let’s take, as an example, a typical user running a search for “great vacation spots” on one of the popular search engines.

Unknown to the user, the search engine returns a malicious or compromised web page as one of the most popular sites. Users with less than complete Internet security who visit this page will have an extremely high chance of becoming infected.

There are a number of ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate. In the example mentioned earlier, the web page would appear to be a typical page offering great vacation spots.

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The following comment (posted here March 15, 2011), illustrates perfectly the issues discussed in this article.

Funny you write about this today. I was reading about the spider issue Mazda was having and wanted to know what the spider looked like so I Googled it, went to images and there it was. There was also a US map that had areas highlighted, assuming where the spiders exist, and before I clicked on the map I made sure there was the green “O” for WOT for security reasons.

I clicked on the map and BAM I was redirected instantly and hit w/ the “You have a virus” scan malware. I turned off my modem then shut my computer off. I restarted it and scanned my computer w/ MS Security Essentials and Super Anti Spyware. MS Essentials found Exploit:Java/CVE-2010-0094.AF, and Trojan:Java/Mesdeh and removed them. I use WOT all the time, but now I’m going to be super cautious.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Application Vulnerabilities, Browser add-ons, Cyber Crime, Cyber Criminals, Don't Get Scammed, Don't Get Hacked, downloads, Interconnectivity, Internet Safety, Internet Security Alerts, Malware Protection, Online Safety, Search Engines, Software, trojans, Windows Tips and Tools

Scareware Video Codecs – Another Money Maker For The Bad Guys

imageScareware and Rogue applications (essentially one and the same), once installed, are usually in the victim’s face with an immediate demand for money. Pay me nownot later, is a common theme encountered by those unlucky enough to be trapped.

The ever creative malware clan though, which seems to be always tinkering with delivery methods, has just released a combo threat in an effort to enhance what is already a mature and lucrative business model.

This time around, the bad guys have combined the ever popular missing codec scam (see – Video Codecs – Gateways to Malware Infection – March 2010), with the more usual “Hey, you’re infected” scareware shakedown.

Initially, the unlucky victim gets the usual blunt, and very convincing warning – much like the one below.

image

Courtesy – GFI.

You’ll notice, that unlike the usual “click here to buy” or similar come-on, the potential victim is simply instructed to “Remove all” Trojans. Sounds pretty upfront don’t you think? OK, maybe not to you as an experienced user but, what about your friends/relatives who aren’t as aware as you are? The sad reality is – the victims continue to pile up.

Unfortunately, clicking on “Remove all”, will install a series of malware infected files. The (innocent?) victim will not notice that he’s just been bamboozled – not yet. The victim won’t get the “but wait, there’s more” message, until the time comes to play a Web video.

image

Courtesy – GFI.

And then – booom. Time to pay – as shown in the following screen shot.

image

Courtesy – GFI.

Worth repeating:

If you are attempting to view a site’s video content, and you get a popup advising you that you need to download a new codec to enable viewing – DON’T.

Common sense should tell you, if a website does not recognize a standard codec, there is something wrong. Ask yourself this question; how long would a website stay in business if a visitor is required to download a specific codec to view content? The answer is clearly – not very long.

There is an epidemic of rogue software on the Internet, with much of it being delivered by the constantly evolving Zlob.Trojan, or the  Zlob.Video Access Trojan, which are often hidden in fake, and malicious, codec downloads.

Some good advice from popular guest writer Mark Schneider – “My general rule of thumb for video is: If VLC won’t play it don’t bother.”

So that you can avoid the “missing codec scam”, and to ensure that you have a full set of codecs on your computer, consider downloading one of the following free codec packs. With a full set of codes installed on your computer, any request to download a site specific codec, should be viewed with suspicion.

Windows Essentials Codec Pack – Windows Essentials Media Codec Pack provides a set of software codecs for viewing and listening to many forms of media in Windows Media Player. While this program merely enhances a media player, it does a fine job of accommodating many different and unusual types of videos and music.

Download at: Download.com

The K-Lite Codec Pack – There are several different variants of the K-Lite Codec Pack. Ranging from a very small bundle that contains only the most essential decoders, to a larger and more comprehensive bundle.

Download at: Codec Guide.com

Media Player Codec Pack – The Media Player Codec Pack is a simple to install package of codecs/filters/splitters used for playing back music and movie files. After installation, you will be able to play 99.9% of files through your media player, along with XCD’s, VCD’s, SVCD’s and DVD’s.

Download at: Download.com

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Codecs, Cyber Crime, Cyber Criminals, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Internet Security Alerts, Online Safety, Rogue Software, scareware, Software, trojans, Windows Tips and Tools

PandaLabs Second Quarter Security Landscape Report

imageIn a rather surprising statement, PandaLabs, in its 2011 Second Quarter Security Report, makes the point that there’s a challenging grey area between “Hacktivism” (LulzSec and Anonymous), and Criminality. Frankly, I don’t subscribe to this “blurry lines” view.

I see the issue in rather simpler terms – if security holes exist in critical systems which enterprise, or government, are either unwilling, or unable to address – ultimately creating a host of innocent victims – then I encourage LulzSec and Anonymous to continue their campaigns of outing non-responsive, and non-responsible organizations. I’m more than a little tired of being placed at risk due to organizational ineptness, or failure to adhere to common sense security practices.

Some key findings from Panda’s report (determined from data collected through Panda ActiveScan) include:

Every minute, 42 new malware strains were created.

image

Trojans constitute 70 percent of new malware followed by viruses (10 percent) and worms (8.53 percent). Surprisingly, Adware, which only represents 1.37 percent of all malware, accounted for more than 9 percent of all infections.

image

China, Thailand and Taiwan continue to lead infection rankings.

image

Top 10 least infected countries.

image

So, should these statistics hold any relevancy for you? Should you be preoccupied, or overly concerned, with these numbers? The answer, it seems to me, depends on how aware you are of the overallInternet security landscape, and where you fit into the following user groups.

  • Those who know.
  • Those who think they know.
  • Those who don’t know, that they don’t know.

Hopefully, you are in that small group who can confidently say – “I know”.

Broken record time:

I’ll risk sounding like a broken record, once again, and repeat what I’ve said here numerous times –

“Controlling malware intrusion, while surfing the Net, through the use of a  “virtual” environment rather than operating in a “real” environment, makes sense given the escalating level of cyber criminal activity on the Internet.”

BufferZone, is a particular effective and easy to use freeware virtualization application (perfect for casual users), which creates an isolated environment called the Virtual Zone, while you surf the Internet. You can read more about BufferZone, here.

About PandaLabs:

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats.

To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 73,000 new malware strains that appear every day.

This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage.

The full report (PDF), is available here.

Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Adware, Cyber Crime, Cyber Criminals, Don't Get Hacked, Internet Security Alerts, Malware Reports, Panda Security, PandaLabs, trojans, Windows Tips and Tools, worms

Ransom Trojan KDV.153863 – Call Me, Pay The Fee, And I’ll Unlock Your Kidnapped Windows System

imageRansomware is a vicious form of malware, given that that it generally encrypts the victim’s files, or restricts the user’s ability to access the computer in some way. Payment of a ransom fee is the commonality in all ransomware attacks.

According to F-Secure, a new form of ransomware (KDV.153863), which reportedly locks the victim’s computer, leaving the machine essentially unusable, is currently circulating on the Internet .

An infection by KDV.153863 will lead to the following boot screen.

image

Graphic courtesy of F-Secure – click to expand.

In line with previous versions of this type of malware, an unlock code can be had (ostensibly for free), by following a set of specific instructions.

The following graphic sets out the method to be followed by the victim to obtain an activation code. The activation code does, in fact, unlock the victim’s computer. Cybercriminals with a conscience, or just good business strategy?

image

Graphic courtesy of F-Secure – click to expand.

You’ll notice in the screenshot that all of the available telephone numbers are international, and it’s by way of this recovery construction that the cyber crook profits.

The Trojan author, collaborating with rogue call center operators, has designed a four minute message routine which the victim is forced to listen to while exorbitant long distance toll fees are being generated. Similar, in a sense, to the old 900 premium-rate telephone number scams  Apparently, these fees are shared between the cyber crook and the call center operators.

Following the forced four minute message routine, the victim is given an unlock code (1351236) which, according to F-Secure, appears to be the same every time the number is called.

We’ve been dealing with this type of malware, on and off, for years. If previous experience is any indication (and it is), we can expect to see more of this type of malware, in a more general release, through the balance of this year.

Reduce the possibilities of infection by this and other malware, by taking the following precautions:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data. If you are infected this may be your only solution

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

Don’t store critical data on the system partition

Adhering to the best practices, as noted above, is no guarantee that your system won’t be penetrated. All things considered, running your computer in virtualization mode, while surfing the Net, is highly recommended.

Please read Free BufferZone Pro – Maybe The Best Surfing Virtualization Application At Any Price, on this site, for information on virtualization.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under Cyber Crime, Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Security Alerts, Malware Advisories, Malware Alert, Ransomware, Software, trojans, Windows Tips and Tools

PandaLabs Reports – 73,000 New Malware Threats EVERY DAY!

When I start my day, it never enters my mind to consider whether or not I’ll be mugged that day; if my home will be burglarized; or if I’ll be the victim of any type of crime. Except in one circumstance.

Each time I start an Internet session, I consciously consider the odds that I will be a victim of cyber criminals. I know I’ll have to deal with attempts to scam me; attempts to compromise my machine through driveby downloads; infected downloads and applications; infected web sites and redirections – the list goes on… and on …and on.

Little wonder then, that I was not in the least surprised to see PandaLabs reveal in their malware report on the most notable malware trends for the first 3 months of 2011,  that surfers are now exposed to 73,000 new malware threats every day –  an increase of 10,000 over the same time frame last year.

Report highlights:

Incidence of new malware has increased 26 percent over the same period last year.

PandaLabs now observes on average of 73,000 malware samples every day, an increase of 10,000.

Trojans remain the most popular type of threat, accounting for 70 percent of all malware.

Downloaders, a subtype of Trojan, have seen an astounding increase over the last 3 months.

New malware growth from Q1 2010 through Q1 2011.

image

Malware by type.

image

In the following graphic you’ll note that Downloaders, a lightweight Trojan since it contains only a few lines of code (making it harder to detect), have increased dramatically. Downloaders are particularly dangerous, since they are designed to connect to the Net to facilitate the downloading of additional malware.

image

I’ll risk sounding like a broken record, and repeat what I’ve said numerous times here –

“Controlling malware intrusion, while surfing the Net, through the use of a  “virtual” environment rather than operating in a “real” environment, makes sense given the escalating level of cyber criminal activity on the Internet.”

BufferZone, is a particular effective and easy to use freeware virtualization application (perfect for casual users), which creates an isolated environment called the Virtual Zone, while you surf the Internet. You can read more about BufferZone, here.

About PandaLabs:

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats.

To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 73,000 new malware strains that appear every day.

This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage.

Get more information about PandaLabs and subscribe to its blog news feed here.

Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under Cyber Crime, cybercrime, Don't Get Scammed, Don't Get Hacked, Freeware, Internet Security Alerts, Malware Reports, Online Safety, PandaLabs, Safe Surfing, Software, trojans, Windows Tips and Tools