Why Do Users Keep Falling for Scams?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.

---

*Social engineering: refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access — Wikipedia

It’s unfathomable to me why so many people still get caught out by social engineering techniques, being tricked into clicking that link or opening that attachment.

Social engineering is one of the most prevalent methods used by cybercriminals to infect a system and/or gain a user’s sensitive information. Ransomware, phishing emails, scams, all generally involve an element of social engineering. Why? Because it’s simple, effective, and lucrative. It stands to reason then that the most potent method for eradicating these types of threats would be to make them less effective and less lucrative. The question is; how to achieve that?

You’ve no doubt come across the saying “education is key” – and, when it comes to social engineering, nothing could be truer. Because of the changing nature of socially engineered exploits, security software cannot always protect users from themselves. That’s why Tech blogs are repeatedly issuing the same advice/warnings – don’t click on links in emails from unknown senders, don’t open email attachments from unknown senders, etc., etc., etc. In fact, I recently published yet another list of do’s and don’ts  “10 Golden Rules to Defeat Scammers” . Yet, despite all this, so many people are still falling victim to social engineering.

A large part of the problem I suppose is that the users who need this type of advice the most are generally not the sort of people who tend to visit and read Tech blogs.

I was recently perusing a well-known freeware site and came across a comment from someone complaining that, despite being protected by a commercial grade antivirus, his company’s computers had been infected by ransomware… twice. On both occasions the infection was initiated by an employee clicking on something he or she shouldn’t have clicked on. I suggested to him that perhaps his company needed to review and strengthen its staff training program. Education is key.

My own clientele consists largely of elderly folk and, in my experience, many are highly susceptible to phishing and scams in general. I have a theory about this; I’m sure it’s because they were brought up in an era when trust was inherent; leaving the front door to the house open, leaving the car unlocked and keys in the ignition. Do you know what I mean? It’s not so much that they are gullible, more overly trusting.

These people also tend to be not so computer/security savvy, so rather than hit them with a long list of do’s and don’ts, which might be difficult to follow, I condense it all down to just three rules for them to remember:

1. Treat each and every unsolicited phone call and/or email as highly suspicious.

2. Always be very wary about giving out sensitive personal information over the internet.

3. If it sounds too good to be true, it almost certainly is.

If the more savvy among us would only take the time to pass this type of advice around their own particular circles of family, friends, and acquaintances, I believe that we, collectively, might just make a difference.

Your Website Traffic Log – The Trap Door To Spread Viruses?

Checking your Website traffic stats is not without some risk, as guest writer Bruno Deshayes explains in this thought provoking article.

You get pleasantly surprised to notice an unknown website apparently sending traffic to you. When you click on the link not only do you find that the page does not mention your site at all but at best security essentials blocks the threat or at worst your browser locks up and it is anybody’s guess what the pirate is doing under the hood.

Better close down your PC altogether and run a virus check. If you run a laptop even turning the machine off will achieve nothing – you have to physically turn the laptop over and remove the battery for a forced shutdown! How many files could get infected by the time you finally do it?

I find those fake referral urls showing up in cPanel | AWStats but also in blogspot | stats | traffic sources.

The old trick of course was to send you an email loaded with some html data rather than plain text. Viewing the thing in outlook would automatically launch the browser and – too late – the malicious website is already loaded and doing its nasty work unbeknown to you.

I used to handle that one by always checking suspicious emails this way: While having emails preview disabled: right mouse click and choose properties in the floating menu. Then choose details and message source to view the raw email text.

If they send me some base64 encoded attachment and nothing else you know it is a nasty payload. I have used Gmail for some time and still read it in outlook because I don’t like the ads or the heavy JavaScript used on the Gmail website. When I go there occasionally I am amazed at all the spam that got filtered out!

The internet in the last 10 years has become a very mature market with every man (woman?) and their dog blogging and every hacker from India, Russia and China trying to make a quid in broken English or else trying to rort the system.

The spread of botnets silently programmed to check every security loophole and delegating their activity to hundred of infected machines has come to the attention of the main stake holders. Microsoft who used to hide behind a whole industry of virus scanners is now taking the lead with effective and free maintenance tools. Well, their future depends on it. If Windows is crippled by security issues it makes Apple the alternative of choice. But behind the glitz the Steve Jobs camp is now having to face the music and made to understand that not everything can be fixed by the same marketing spin.

The worrisome factor is that in a global economy there isn’t a single entity to police the internet. If you look on the bright side the plague of email spam has been brought down to a fair extend. Interpol has nabbed pedophiles networks. The nofollow tag has tamed blog comments link spammers and even WordPress has come up with an advanced tool to keep comment interaction within its community alive and buzzing.

Bruno Deshayes is a writer, designer and developer who runs a portfolio of online services. He can be politically incorrect for the sake of stirring things up and engaging his readers.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

BitDefender’s Free Virus Guard Protects BitTorrent Users

If you’re into downloading open license movies, music, games and applications, then there’s a good chance you’re into the enormously popular BitTorrent peer-to-peer file sharing application.

Just to be clear – I am not a fan of public, peer to peer file sharing – here’s why: Peer to peer file sharing carries with it a high risk that the user will not get what he thinks he will. And, may pick up something nobody wants to pick up.

So is this a serious risk? You bet – take a look at the following from the BitTorrent Beginner’s Guide –  How do I know that someone isn’t sending out viruses on BitTorrent?

In short, you don’t. You should treat something downloaded with BitTorrent just like any file downloaded from the internet – that is, if you don’t trust the source of the file, then you should use caution when opening it.

BitTorrent guarantees that the content you download is not altered from when the torrent was originally created, but if the source files used to create the torrent were already infected, this will provide no protection!

What’s a user to do then, who enjoys file sharing through BitTorrent, and wants to reduce the risk of being burned by cybercriminals who lurk on public file sharing networks? BitDefender’s new Virus Guard, might provide part of the answer.

BitDefender’s free Virus Guard, which is now part of BitTorrent’s App Studio, is available to BitTorrent’s 80 million users.  Virus Guard quickly scans torrents before they’re launched, and flags any potential threats it finds; effectively giving users an opportunity to delete torrents before they can do any harm.

Here’s a screen capture of the BitTorrent application with BitDefender’s Virus Guard installed. Click on the graphic to expand to original size – 1260 x 745.

BitDefender’s Virus Guard Fast Facts:

Scan from within BitTorrent — avoid wasting resources on a full disk scan.

Check all torrent downloads (including ZIP, RAR, and TAR archives) to eliminate potential threats before they occur.

Protect against viruses and other malware using industry-leading technology.

Keep all your torrent downloads safe and clean.

BitDefender provides industry-leading protection based on two proactive threat detection technologies.

Virus definition library updated continuously to protect you from the latest threats.

Download Virus Guard at: BitTorrent’s App Studio.

Old advice, but more important than ever: Trade-offs and risks you should consider if you’re a fan of Peer to Peer file sharing.

Privacy: When you are connected to file-sharing programs, you may unintentionally allow others to copy confidential files you did not intend to share. So be sure to setup the file-sharing software very carefully.

If you don’t check the proper settings when you install the software, you could allow access not just to the files you intend to share, but also to other information on your hard drive, such as your tax returns, email messages, medical records, photos, and other personal and financial documents.

It’s extremely important to be aware of the files that you place in, or download to, your shared folder. Don’t put information in your shared folder that you don’t want to share with others. Your shared folder is the folder that is shared automatically with others on peer to peer file sharing networks.

Copyright Issues: You may knowingly, or otherwise, download material that is protected by copyright laws and find yourself caught up in legal issues. Copyright infringement can result in significant monetary damages, fines, and even criminal penalties.

Some statistics suggest as many as 70% of young people between the ages of 9 – 14, regularly download copyrighted digital music. If you are a parent, you bear the ultimate responsibility for this illegal activity.

Adult Content: Again, if you are a parent you may not be aware that their children have downloaded file-sharing software on the family computer, and that they may have exchanged games, videos, music, pornography, or other material that may be unsuitable for them. It’s not unusual for other peoples’ files to be mislabeled and you or your children can unintentionally download these files.

Spyware: There’s a good chance that the file-sharing program you’re using has installed other software known as spyware to your computer’s operating system. Spyware monitors a user’s browsing habits and then sends that data to third parties. Frequently the user gets ads based on the information that the spyware has collected and forwarded to these third parties.

I can assure you that spyware can be difficult to detect and remove. Before you use any file-sharing program, you should buy, or download free software, that can help prevent the downloading or installation of spyware, or help to detect it on your hard drive if it has been installed.

Viruses: Use and update your anti-virus software regularly. Files you download could be mislabeled, hiding a virus or other unwanted content. Use anti-virus software to protect your computer from viruses you might pick up from other users through the file-sharing program.

Generally, your virus filter should prevent your computer from receiving possibly destructive files. While downloading, you should avoid files with extensions such as .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.

Default Closing Behavior: It is critical that you close your connection after you have finished using the software. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and will increase your security risk. Be sure to turn off this feature in the programs “preferences” setting.

What’s more, some file-sharing programs automatically run every time you turn on your computer. As a preventive measure, you should adjust the file-sharing program’s controls to prevent the file-sharing program from automatically starting.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

BitDefender Says Facebook Hacker: A Do-It-Yourself Kiddie Script Is On The Loose!

We live in a do-it-yourself world. We’re encouraged to renovate our own homes, repair our own cars, publish our own newsletters, and more; all without the support of paid professionals. It’s fair to say, that we are immersed in a DIY culture.

Not surprisingly then, if you want to create your own malware that will allow you to steal passwords, drop viruses, worms, adware, and Trojans, on innocent people’s computers, you’ll find a DIY culture on the Internet ready to help with a wealth of do-it-yourself malware kits.

The latest, so called Kiddie Script scourge, recently discovered by BitDefender, is Facebook Hacker – identified by BitDefender as Trojan.Generic.3576478.

Using this highly sophisticated do-it-yourself kit, there is no need for amateur cyber- crooks to be familiar with the intricacies of coding, or programming. In the image below, you can see just how easy it is to create malware that can have devastating impact on a victim’s computer. All of this without having to have any hacking skills, or programming knowledge.

According to BitDefender, Facebook Hacker is an application driven by a point and click interface, making it dead easy to construct malware designed to steal login credentials.

As the screen shot shows, there are only three fields that need completion – a disposable e-mail address, a password, and a target.

After clicking the “build” button, a server.exe file is created and deposited into the Facebook Hacker folder along with the initial files. This newly created malware (server.exe), is now ready to do its dirty work.

Here’s how BitDefender describes a Facebook Hacker attack:

Once run, the malicious tool will snatch the victim’s Facebook account credentials, along with all the usernames and passwords that we carelessly ask the browser to remember for us.

In order to successfully collect passwords, the malicious binary includes applications able to squeeze data out of the most popular browsers on the market, as well as of almost all instant messaging clients available.

To add insult to injury, the application also enumerates all dialup/VPN entries on the computer and displays their logon details: User Name, Password, and Domain.

To avoid detection, the Facebook Hacker will look for processes related to a security suite and kill them upon detection. It is important to mention that it is accessorized with a hard-coded list of processes associated with AV solutions that are to be checked and stopped, if found.

Last but not least, the piece of malware looks for network monitoring applications and terminates them. This is a safety measure that will prevent curious users from seeing their passwords leave the system.

In case you might think that this type of do-it-yourself malware creation kit is a new or an unusual phenomenon; it isn’t. Downloadable malicious programs, such as this, have been available for some time.

Some well known examples we’ve covered here in the past include, T2W – Trojan 2 Worm (Constructor/Wormer) – Script Kiddie Paradise, Constructor/YTFakeCreator – A New Kiddie Script/Malware Downloader, and BitTera.C – DIY Malware Creator for Script Kiddies.

These applications are so sophisticated, that even advanced computer users, and business networks, have been successfully penetrated by amateur cyber-criminals using these malicious tools.

Curious as to why these kits are free and downloadable on the Internet? Well, the accepted view is  – “real” cyber-crooks create these free “services” in order to create a market for their pay services – more sophisticated malware creation tools, often customized to the user’s needs.

Regular readers of this Blog are very familiar with the following tips, but they are worth repeating, which offer a substantial level of protection against attacks created by malicious applications that are currently flooding the Internet.

Do not click on unsolicited invitations to download software of any kind.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/Firefox add-on that offers substantial protection against questionable or unsafe websites.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a website designed to download malware onto your computer.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

Never click on embedded cell phone links.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Keep your computer protected. Install a security solution and keep it up-to-date.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Norton DNS Can Save Your Butt!

In early June, I posted an article – Norton DNS – Another Layer of Computer Security, in which I stated –

You should consider additional system hardening by substituting your ISP provided DNS service, with a more secure alternative.

A few days later, I posted an article – Follow the Link and You “Takes Your Chances”, in which I made the point –

As a matter of policy, I test every allowed link included in a comment, for safety. Spam filters can often miss comment spam, some of which are highly dangerous. While comment Spam is a pain for the Blogger, a reader who follows a link in a malicious Blog comment, which leads to a malware site, is in for a very painful experience.

The following comment emailed to me by WordPress just today, and not picked up by the Askimet spam filter, provides a perfect example where these two intersect:

The email notice:

A new comment on the post “Download TrueCrypt –  TrueCrypt Beats The FBI Decryption Team!” is waiting for your approval.

Author : retnol (IP: 202.70.54.67 , 202.70.54.67)

E-mail : retno.larasati08@student.ipb.ac.id

URL    : http://retno.larasati08.student.ipb.ac.id

Comment:

well, nice post. Thank you for sharing.

Approve it:

Trash it:

Spam it:

On testing the URL (the link), contained in the comment, I get this result from Norton DNS. This is not as uncommon as you might think.

Further investigation of the Threat Report, reveals the following.

Pretty scary stuff, I think you’ll agree.

So, I’ll repeat –

Be cautious when following links contained in comments on any web site – not just Blogs.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals. All software reviewed on this site, for example, has been thoroughly tested, by me, for usability. If a reader has a problem with recommended software, it’s generally a machine specific problem.

Be cautious when following any link contained in any web page. Recent reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable, or unsafe websites.

Use Norton DNS as an added safety precaution.

You simply cannot trust links, given the state of the Internet, so if you haven’t hardened your system by substituting your ISP provided DNS service, with a more secure alternative, I urge you to do so.

I deal with comments like this every day – it just happens, that today, I had some spare time to bring this situation to your attention, one more time.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Download Free SpyShelter Anti-Keylogger

A software Keylogger, or system monitor, is a small program (not always malware, I should point out), that monitors every keystroke a user types on a computer’s keyboard.

Keyloggers are a particularly sinister type of malware, and are notorious for disabling Firewalls and anti-malware tools. This is a type of malware that I pay particular attention to, and make a special effort to guard against.

Since I test a lot of applications, I am continually amazed at the number of programs that request access to my keyboard, and screen, during installation. Unless there are valid reasons for this type of access, I don’t allow it. Surprisingly, in most cases the application installs correctly. Curious!

Regular reader Charles L. recently gave me a great tip on a freeware anti-logger application – SpyShelter Personal, which is also available in a paid version, SpyShelter premium.

SpyShelter is an anti-keylogging, anti-spyware program that protects your data from Keylogging and spy programs: known, unknown, and under-development.

It detects and block dangerous and malicious programs, to help ensure that your data cannot be stolen by cyber criminals.

The free version includes the following features:

• System protection (HIPS)
• Anti keylogger
• AntiScreenCapture
• AntiClipboardCapture

Setup is a snap, since the user interface follows the familiar tabbed menu system.

SpyShelter Fast facts:

Proactively scans when any spy program, Keylogger or Trojan attempts to store your private information.

Compatible with other well-known security products such as anti-virus and firewall software.

Protect your passwords, chat, credit card.

Fast algorithm process does not slow down your computer when scanning for dangerous items.

SpyShelter needs only a small amount of hardware and system resources.

Doesn’t need to check a signature database.

Simple, easy-to-use, intuitive GUI.

System requirements: Windows XP, Vista, Win 7 (32&64 bit).

Languages: English, German, Spanish, Italian, French, Polish, Croatian, Serbian, Chinese, Turkish, Czech, Macedonian, Brazilian(Portuguese)

Download at: SpyShelter.com

____________________________________________________

There are additional remedies for this type of malware threat, including –

SnoopFree Privacy Shield (free):

SnoopFree Privacy Shield (which I’ve been running for years), is a free application that guards your keyboard, screen, and open windows from all such spy software.

It makes it virtually impossible for any spy program to work on your computer since SnoopFree Privacy Shield’s protection works against spy software in real time. Unfortunately, this application works on Windows XP only.

Download at: Download.com

Zemana AntiLogger (commercial):

Since my personal home machines now run on Windows 7, I can no longer protect against Keyloggers using SnoopFree Privacy Shield, so I had to find an alternative. Zemana AntiLogger, is a competitively priced anti-keylogger application that I have come to rely on since I installed it 6 months ago.

This is an impressive application, particularly the system defense function which intercepts proposed changes to system files NOT picked up by other security applications on my systems.

Since I use a Webcam extensively for communicating, the active Webcam protection offered by Zemana AntiLogger, is of special importance to me.

Zemana AntiLogger is compatible with Windows XP, Vista and Win 7.

This application is not freeware, but is very well priced at $34.00 USD. You can download a 15 day trial version at: Zemana

We’re now half way through 2010, and as predicted, this year has being a banner year for cyber-criminals. Being prepared and being aware, while not a panacea, will continue to be a key element in mitigating risk exposure. If Keylogger protection is a concern, you should consider adding an anti-logger application to your security toolbox.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Download Two Free Last Resort Malware Removal Tools – Norton Power Eraser and NoVirusThanks

I just set up a system with Windows 7 Enterprise Edition to take it for a bit of a test run. This new install gave me the perfect opportunity (on an known clean system), to test a couple of specialty malware removal tools I’ve had kicking around for a while. Ones that I hadn’t gotten to yet.

What intrigued me with these tools was, each one makes reference to the fact that it is capable of detecting and removing Rogue Software, a scourge that currently infests the Internet.

The first one I took a look at was – NoVirusThanks Malware Remover, which, according to the publisher, is “an application designed to detect and remove specific malware, Trojans, worms and other malicious threats that can damage your computer. It includes the ability to remove rogue software, spyware and adware.”

For a complex tool, the user interface is surprisingly simple, since it’s laid out in the familiar tabs and check boxes format which makes it easy to follow.

Despite the publisher’s assertion that this tool “is very fast”, I didn’t find it particularly so. It took fully 15 minutes to complete the scan. Norton Power Eraser (described later), took less than 2 minutes.

On the plus side though, NoVirusThanks Malware Remover did not return any false positives, which is a bit unusual for an aggressive specialty tool. This can be very positive of course, for those users unused to running such a high powered tool.

Fast facts:

Accurate Disinfection Method
Remove Rogue Software and Unwanted Applications
Remove Trojans, Spyware and Worms
Quick Scan and Full Scan
Scan Processes
Scans Modules
Scans Registry
Backup Files and Folders
Easy to use

System requirements: Windows 7, Windows 2003, Windows 2000, Windows Vista, Windows XP

Download at: Novirusthanks.org

The second specialty malware removal tool I took a look at, comes from a more familiar developer – Symantec, who’s free Norton Power Eraser, makes essentially the same claims as NoVirusThanks. Specifically, that it detects and removes scareware, or rogueware.

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Again, Norton Power Eraser’s user interface is simple, and easy to follow.

As opposed to NoVirusThanks, Norton did point out two issues that were in fact, false positives, as the following screen capture indicates.

Power Eraser, does offer the user additional information on suspicious files, so that the user can make a more accurate assessment as to the validity of the findings, as the following screen capture shows. You’ll note that in this case NoVirusThanks, is shown as a suspicious file.

It should be shown as a suspicious file, since its behavior replicates, in part, the familiar behavior of malware.

The second suspicious activity “advanced”, refers to my habit of hiding my Desktop icons, since I dislike that cluttered look. Besides which, on all my machines, my work applications are displayed in the Taskbar.

Note: According to Symantec – “You should use Power Eraser only when nothing else will remove the threat and you are willing to accept the risk that the scanner may quarantine a legitimate program.”

System requirements: Windows 7, Windows Vista, Windows XP

Download at: Symantec

These tools require advanced computer knowledge, and unless you feel confident in your diagnostic skills, you should avoid them.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Is It Paranoia If They’re REALLY After You On The Internet?

By chance, I met a very interesting cab driver this past weekend; one who was extremely computer competent, and far more security conscious than the typical computer user I normally meet informally.

What struck me immediately, was Mike’s sense of computer paranoia, particularly surrounding his use of his computer on the Internet, which extended to the installation of software from download sites, and even included a reluctance to install software obtained from “friends”.

Is Mike’s paranoia justified, do you think?

Before you decide, consider the following news items – just some of the malware related contented I posted to my Tech Net News column in the past week.

For Sale: Thousands Of Hacked Twitter Accounts – Russian cybercriminal forums offer batches of 1,000 hacked accounts for less than $200.

Poisoned PDFs? Here’s Your Antidote – Attacks employing poisoned PDF files have leaped to the top of the threat list, according to statistics from major security companies. We’ll show you how to stay safe.

Bugnets Could Spy on You via Mobile Devices – New botnets designed for mobile gear may allow remote attackers to see and hear their potential victims, no matter where they are.

WARNING: Facebook Malware Attack Behind Distracting Beach Babes Video – A Facebook malware attack is on the loose this weekend, enticing users to click a “Distracting Beach Babes” video on their Facebook Walls. If you see this video on Facebook today, do not click the link: Doing so, and downloading a linked file, will result in malware being installed on your computer.

Fake joke worm wriggles through Facebook – Shifty sorts have created a new worm which spread rapidly on Facebook on Friday. The malware, for now at least, does nothing more malicious than posting a message on an infected user’s Facebook wall that point to a site called fbhole.com. Nonetheless, the speed of its spread on the social networking site has net security experts worried.

New Twitter Worm Abuses iPhone App – The attack abuses Twitter trending topics — a popular source of abuse — but with a twist: Rather than installing fake antivirus software like most similar attacks, it installs a new banking Trojan that steals online banking accounts, credit card PIN numbers, and online payment system passwords, according to Kaspersky Lab.

Hackers Using the Final Episode Of “Lost” To Spread The MySecurityEngine Fake Antivirus – PandaLabs, Panda Security’s antimalware laboratory, has in the last few hours, detected the proliferation in search engines of numerous Web pages distributing the MySecurityEngine fake antivirus. The ‘bait’ used in this case has been the much anticipated final episode of the popular ABC series “Lost.”

Fake Amazon emails contain Trojan – Emails that seem to come from Amazon, confirming an order has been received and that goods have been dispatched, could contain a Trojan.

Research: 1.3 Million Malicious Ads Viewed Daily – The true extent of the malvertizing scourge became much clearer this week with the release of new research by Dasient which shows that about 1.3 million malicious ads are being viewed online everyday, most pushing drive-by downloads and fake security software.

Build-A-Botnet Kits Let Anyone Steal Data – At the recent Cisco Networks Solution Forum held in Toronto, a Cisco product manager stated, “You don’t need to be tech savvy” to steal data. It’s a sad but true reality that isn’t much of an eye opener for many of us who watch users get their accounts compromised day in and day out due to social engineering and malware.

Facebook Users Warned of Sexy ‘Candid Camera Prank’ Attack – Security firms warn of a new Facebook attack tricking users into downloading a video player that’s actually adware, and maybe worse.

Worst Phishing Pest May be Revving Up – The single most active group for stealing identities and pilfering electronic bank accounts over the Internet has nearly ground to a halt, but the lull could be the precursor to an even worse crime spree, according to a new study.

So, is it paranoia if they really are after you? Well I can assure you, if you are connected to the Internet, and if the news items listed above are any indication (and they are) – they really are after you!

So, is it time for you to develop a case of healthy paranoia while surfing the Internet, and to stay actively aware of current threats to your personal and computer security?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Life in the Trenches – Never Assume Anything When it Comes to Computer Security

Guest writer, Mister Reiner, takes us through his experience of being the “on call tech” for a friend. There are some good lessons here.

A friend of mine called me in a panic last week about a Windows home computer problem. His browser was hijacked with some type of “virus” that constantly redirected him to anti-virus/spyware sites, and he wanted some help to remove it from his computer. He’s a pretty smart guy, but he’s not a computer guy.

“Are you using anti-virus software?” I asked.

“Of course,” he answered, “What do you think I am, stupid?”

“No.You know I don’t think you’re stupid. Is it up to date?”

“Yes,” he responded impatiently.

“Do me a favor. Open up Internet Explorer, go to the menu and select Windows Update.”

“You’ve got to be kidding me.”

“No, I’m not kidding you. Just do it.”

After quite a bit of silence, I started to think we were disconnected. “You still there?” I asked.

“Just a sec,” he responded. “Ah… I think I have a problem here. It says I have 71 critical updates. Let me call you back.”

He called me back a few minutes later and told me that even after all the patches were applied, he was still having problems with browser redirection. I gave him instructions on how to download and run a free product called “HouseCall” from Trend Micro.

Sure enough, his computer was infected with a Trojan. We selected the removal option, restarted his computer and the Trojan was gone.

There are a few takeaways from this experience that are worth mentioning.

First, as many of you know, anti-virus software doesn’t catch everything. My friend is using Symantec Endpoint Protection and in this situation, it failed to detect the Trojan that infected his computer.

If you think your computer is infected with something that your anti-virus software didn’t catch, you’ll have to download and try several different anti-spyware programs to see what each can detect. Each anti-spyware program works differently, and some are better at detecting certain types of malware than others.

Second, never assume that the Automatic Windows Update feature is working properly. You should periodically go to the Windows Update website to make sure that it’s not detecting any updates that should have been applied by the Automatic Windows Update feature.

And lastly, removing malware only removes the malware. You never know what type of additional software gets installed, or what type of configuration changes malware makes while on your computer.

It may change security settings, install undesirable browser or operating system add-ons, swap out legitimate utility software with Trojanized versions, or install an undetectable sleeper Trojan that will awaken sometime in the future to install some other malware.

I always reformat the hard drive. Some people consider this extreme, but I disagree. You can never be certain of anything when it comes to dealing with malware.

I went over to my friend’s house that evening to help him backup his data, reformat his hard drive, reinstall the operating system and reinstall all the software. He thanked me on the way out the door and apologized for being short with me over the phone. I told him that it wasn’t a big deal and if he ever needed help again, to give me a call.

Mister Reiner is a computer professional with over 20 years of experience, and a Bachelor of Science degree in Computer Science. He is author of a new eBook – OWNED: Why hacking continues to be a problem.

Drop by Mister Reiner’s WordPress site – you’ll be glad you did.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Do We Need to “Fix” the Internet?

Each time that you connect to the Internet you are unfortunately, wandering through a raucous neighborhood which has a reputation for being jam-packed with predators.

These predators are intent on stealing your money and personal information, installing damaging programs on your computer, or misleading you with an online scam.

Cyber-crooks are relentless in their pursuit of your money, and it’s all about the money. In the worst case scenario, your identity and your financial security can be severely compromised.

Recently, Symantec reported that 51% of all the viruses, Trojans and other forms of malware it has ever seen were logged during 2009, and Symantec has been in the security business since before the Internet was launched.

Each day, when I boot up my home machine, Immunet Protect, advises me that it is protecting me against 12 Million threats. Today for example (May 16, 2010, the number is 12,866,263. That number is truly mind blowing.

Note: Later in the day, following a re-boot, I noticed that the protection level had risen to 12,876,095 – 10,000 additional threats had been identified.

Various Internet security companies report having to deal with up to as many as 40,000 new versions of malware daily. Here’s the math; one new malware program every four seconds!

Anti malware developer Comodo, looks at these numbers in a way that we can more easily relate to, in its instructive video – Did you Know? Dangers on the Web.

“Did you know that the amount of new malware discovered daily approximates the number of words a person speaks daily?

Or, the amount of money lost by US Consumers due to malware over the past 2 years would have paid the tuition of over one million US College Students?”

Seen in this way, cybercrime takes on a whole new dimension.

Since additional sophisticated threats are constantly being developed, or are currently being deployed, some observers are of the opinion that the Internet is essentially broken.

If you think this is an exaggeration, check this out and then you decide.

Tainted search engine results: Internet security gurus have known for some time that we cannot rely on Internet search engine output to be untainted, and free of potential harmful exposure to malware.

Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines.

When a potential victim visits one of these sites, the chances of downloading malicious code onto the computer by exploiting existing vulnerabilities, is extremely high.

Infected legitimate websites: According to security solution provider  Kaspersky, the rate of infected legitimate web sites, in 2006, was one in every 20,000. In 2009, one in every 150 legitimate was infected by malware, according to Kaspersky.

Drive-by downloads: Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and craftier recently.

If you’re unfamiliar with the term, drive-by download, they are essentially programs that automatically download and install on your computer without your knowledge.

This action can occur while visiting an infected web site, opening an infected HTML email, or by clicking on a deceptive popup window. Often, more than one program is downloaded; for example, file sharing with tracking spyware is very common. It’s important to remember that this can take place without warning, or your approval.

Rogue software: A rogue security application (scareware), is an application usually found on free download and adult websites, or it can be installed from rogue security software websites, using Trojans or, manipulating Internet browser security holes.

After the installation of rogue security software the program launches fake or false malware detection warnings. Rogue security applications, and there seems to be an epidemic of them on the Internet currently, are developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

Even if the full program fee is paid, rogue software continues to run as a background process incessantly reporting those fake or false malware detection warnings. Over time, this type of software will essentially destroy the victim’s computer operating system, making the machine unusable.

Email scams: Email scams work because the Cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprise emails? I think it’s safe to say, we all love to receive good news emails.

It seems that more and more these days, I get phishing emails in my inboxes all designed to trick me into revealing financial information that can be used to steal my money.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

A personal example of how this works is as follows. According to a recent email (similar in form and content to 20+ I receive each month), my online banking privileges with Bank of America had been blocked due to security concerns. This looked like an official email and the enclosed link made it simple to get this problem solved with just a mouse click. What could be easier than that?

Clicking on the link would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

My financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent scheme who would then have used this information to commit identity and financial theft.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that the IC³ (Internet Crime Complaint Center), has called the situation “alarming”, so you need to be extremely vigilant.

This is by no means an exhaustive list of the dangers we are exposed to on the Internet. There are many more technical reasons why the Internet is becoming progressively more dangerous which are outside the scope of this article.

So what do you think? Is the Internet broken – do we need to fix it, and if so, how can we do that?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.