Category Archives: worms

Why Do Users Keep Falling for Scams?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.


*Social engineering: refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access — Wikipedia

wps_clip_image-25719

It’s unfathomable to me why so many people still get caught out by social engineering techniques, being tricked into clicking that link or opening that attachment.

Social engineering is one of the most prevalent methods used by cybercriminals to infect a system and/or gain a user’s sensitive information. Ransomware, phishing emails, scams, all generally involve an element of social engineering. Why? Because it’s simple, effective, and lucrative. It stands to reason then that the most potent method for eradicating these types of threats would be to make them less effective and less lucrative. The question is; how to achieve that?

You’ve no doubt come across the saying “education is key” – and, when it comes to social engineering, nothing could be truer. Because of the changing nature of socially engineered exploits, security software cannot always protect users from themselves. That’s why Tech blogs are repeatedly issuing the same advice/warnings – don’t click on links in emails from unknown senders, don’t open email attachments from unknown senders, etc., etc., etc. In fact, I recently published yet another list of do’s and don’ts  “10 Golden Rules to Defeat Scammers” . Yet, despite all this, so many people are still falling victim to social engineering.

A large part of the problem I suppose is that the users who need this type of advice the most are generally not the sort of people who tend to visit and read Tech blogs.

I was recently perusing a well-known freeware site and came across a comment from someone complaining that, despite being protected by a commercial grade antivirus, his company’s computers had been infected by ransomware… twice. On both occasions the infection was initiated by an employee clicking on something he or she shouldn’t have clicked on. I suggested to him that perhaps his company needed to review and strengthen its staff training program. Education is key.

My own clientele consists largely of elderly folk and, in my experience, many are highly susceptible to phishing and scams in general. I have a theory about this; I’m sure it’s because they were brought up in an era when trust was inherent; leaving the front door to the house open, leaving the car unlocked and keys in the ignition. Do you know what I mean? It’s not so much that they are gullible, more overly trusting.

These people also tend to be not so computer/security savvy, so rather than hit them with a long list of do’s and don’ts, which might be difficult to follow, I condense it all down to just three rules for them to remember:

1. Treat each and every unsolicited phone call and/or email as highly suspicious.

2. Always be very wary about giving out sensitive personal information over the internet.

3. If it sounds too good to be true, it almost certainly is.

If the more savvy among us would only take the time to pass this type of advice around their own particular circles of family, friends, and acquaintances, I believe that we, collectively, might just make a difference.

image

10 Comments

Filed under cybercrime, Don't Get Hacked, Education, Internet Safety for Seniors, Online Safety, Safe Surfing, System Security, trojans, Viruses, worms

Norman Malware Cleaner –Another Free Tool To Remove Tough Malware

Just like the 14 free specialty malware removal tools I wrote on earlier this year, Norman Malware Cleaner has been designed to identify tough malware infections, including specific malware, and then help you eradicate those infections.

Since this particular application is a stand alone executable, it does not require installation (perfect for a Flash Drive). Since scanning with the most recent definition database is a must, you will need to download a new version of the application on a per use basis.

On execution, you will be presented with the following end user agreement. This may be the shortest end user agreement I’ve ever seen.

image

Despite the fact that this is a powerful application, setting the options is fairly straightforward.

image

For the first test, I ran a simple Quick scan as illustrated in the following two screen captures.

image

image

This scan completed in less than four minutes, and indicated that no infections were present.

image

I then changed two critical group policies which duplicated common malware attacks – no access to the Task Manager, and restricted access to Windows Explorer (show hidden files).

As you can see in the following screen shot, Norman Malware Cleaner had no difficulty picking up on, and cleaning, these registry changes on a scan rerun.

image

A scan results log file is saved to the desktop, as illustrated.

image

Fast facts:

Detect and Remove malware (viruses, Rootkit’s, FakeAV, worms and more)

Utilize advanced Anti-Rootkit technology

Quarantine module

Scanning and cleaning including Norman patented Norman SandBox technology

Supports Quick- Normal- Full- Custom Scan mode

Command line function for better tailor scanning across several machines (businesses)

Daily signature updates available

Systems requirements: Windows 2000, XP, 2003, Vista, 2008 and Win 7.

Download at: Norman

Registration is required.

Note: This application is for use when you are dealing with a machine you know is infected. It is not a replacement for a real-time AV.

As with most tools in this class, advanced computer knowledge is required. Unless you feel confident in your diagnostic skills, you would be better off avoiding this application.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Anti-Malware Tools, downloads, flash drive, Free Anti-malware Software, Freeware, Geek Software and Tools, Malware Removal, Portable Applications, Rogue Software Removal Tips, rootkits, Software, USB, Windows Tips and Tools, worms

PandaLabs Second Quarter Security Landscape Report

imageIn a rather surprising statement, PandaLabs, in its 2011 Second Quarter Security Report, makes the point that there’s a challenging grey area between “Hacktivism” (LulzSec and Anonymous), and Criminality. Frankly, I don’t subscribe to this “blurry lines” view.

I see the issue in rather simpler terms – if security holes exist in critical systems which enterprise, or government, are either unwilling, or unable to address – ultimately creating a host of innocent victims – then I encourage LulzSec and Anonymous to continue their campaigns of outing non-responsive, and non-responsible organizations. I’m more than a little tired of being placed at risk due to organizational ineptness, or failure to adhere to common sense security practices.

Some key findings from Panda’s report (determined from data collected through Panda ActiveScan) include:

Every minute, 42 new malware strains were created.

image

Trojans constitute 70 percent of new malware followed by viruses (10 percent) and worms (8.53 percent). Surprisingly, Adware, which only represents 1.37 percent of all malware, accounted for more than 9 percent of all infections.

image

China, Thailand and Taiwan continue to lead infection rankings.

image

Top 10 least infected countries.

image

So, should these statistics hold any relevancy for you? Should you be preoccupied, or overly concerned, with these numbers? The answer, it seems to me, depends on how aware you are of the overallInternet security landscape, and where you fit into the following user groups.

  • Those who know.
  • Those who think they know.
  • Those who don’t know, that they don’t know.

Hopefully, you are in that small group who can confidently say – “I know”.

Broken record time:

I’ll risk sounding like a broken record, once again, and repeat what I’ve said here numerous times –

“Controlling malware intrusion, while surfing the Net, through the use of a  “virtual” environment rather than operating in a “real” environment, makes sense given the escalating level of cyber criminal activity on the Internet.”

BufferZone, is a particular effective and easy to use freeware virtualization application (perfect for casual users), which creates an isolated environment called the Virtual Zone, while you surf the Internet. You can read more about BufferZone, here.

About PandaLabs:

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats.

To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 73,000 new malware strains that appear every day.

This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage.

The full report (PDF), is available here.

Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Adware, Cyber Crime, Cyber Criminals, Don't Get Hacked, Internet Security Alerts, Malware Reports, Panda Security, PandaLabs, trojans, Windows Tips and Tools, worms

BitDefender’s Free Virus Guard Protects BitTorrent Users

imageIf you’re into downloading open license movies, music, games and applications, then there’s a good chance you’re into the enormously popular BitTorrent peer-to-peer file sharing application.

Just to be clear – I am not a fan of public, peer to peer file sharing – here’s why: Peer to peer file sharing carries with it a high risk that the user will not get what he thinks he will. And, may pick up something nobody wants to pick up.

So is this a serious risk? You bet – take a look at the following from the BitTorrent Beginner’s Guide –  How do I know that someone isn’t sending out viruses on BitTorrent?

In short, you don’t. You should treat something downloaded with BitTorrent just like any file downloaded from the internet – that is, if you don’t trust the source of the file, then you should use caution when opening it.

BitTorrent guarantees that the content you download is not altered from when the torrent was originally created, but if the source files used to create the torrent were already infected, this will provide no protection!

What’s a user to do then, who enjoys file sharing through BitTorrent, and wants to reduce the risk of being burned by cybercriminals who lurk on public file sharing networks? BitDefender’s new Virus Guard, might provide part of the answer.

BitDefender’s free Virus Guard, which is now part of BitTorrent’s App Studio, is available to BitTorrent’s 80 million users.  Virus Guard quickly scans torrents before they’re launched, and flags any potential threats it finds; effectively giving users an opportunity to delete torrents before they can do any harm.

image

Here’s a screen capture of the BitTorrent application with BitDefender’s Virus Guard installed. Click on the graphic to expand to original size – 1260 x 745.

image

BitDefender’s Virus Guard Fast Facts:

Scan from within BitTorrent — avoid wasting resources on a full disk scan.

Check all torrent downloads (including ZIP, RAR, and TAR archives) to eliminate potential threats before they occur.

Protect against viruses and other malware using industry-leading technology.

Keep all your torrent downloads safe and clean.

BitDefender provides industry-leading protection based on two proactive threat detection technologies.

Virus definition library updated continuously to protect you from the latest threats.

Download Virus Guard at: BitTorrent’s App Studio.

Old advice, but more important than ever: Trade-offs and risks you should consider if you’re a fan of Peer to Peer file sharing.

Privacy: When you are connected to file-sharing programs, you may unintentionally allow others to copy confidential files you did not intend to share. So be sure to setup the file-sharing software very carefully.

If you don’t check the proper settings when you install the software, you could allow access not just to the files you intend to share, but also to other information on your hard drive, such as your tax returns, email messages, medical records, photos, and other personal and financial documents.

It’s extremely important to be aware of the files that you place in, or download to, your shared folder. Don’t put information in your shared folder that you don’t want to share with others. Your shared folder is the folder that is shared automatically with others on peer to peer file sharing networks.

Copyright Issues: You may knowingly, or otherwise, download material that is protected by copyright laws and find yourself caught up in legal issues. Copyright infringement can result in significant monetary damages, fines, and even criminal penalties.

Some statistics suggest as many as 70% of young people between the ages of 9 – 14, regularly download copyrighted digital music. If you are a parent, you bear the ultimate responsibility for this illegal activity.

Adult Content: Again, if you are a parent you may not be aware that their children have downloaded file-sharing software on the family computer, and that they may have exchanged games, videos, music, pornography, or other material that may be unsuitable for them. It’s not unusual for other peoples’ files to be mislabeled and you or your children can unintentionally download these files.

Spyware: There’s a good chance that the file-sharing program you’re using has installed other software known as spyware to your computer’s operating system. Spyware monitors a user’s browsing habits and then sends that data to third parties. Frequently the user gets ads based on the information that the spyware has collected and forwarded to these third parties.

I can assure you that spyware can be difficult to detect and remove. Before you use any file-sharing program, you should buy, or download free software, that can help prevent the downloading or installation of spyware, or help to detect it on your hard drive if it has been installed.

Viruses: Use and update your anti-virus software regularly. Files you download could be mislabeled, hiding a virus or other unwanted content. Use anti-virus software to protect your computer from viruses you might pick up from other users through the file-sharing program.

Generally, your virus filter should prevent your computer from receiving possibly destructive files. While downloading, you should avoid files with extensions such as .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.

Default Closing Behavior: It is critical that you close your connection after you have finished using the software. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and will increase your security risk. Be sure to turn off this feature in the programs “preferences” setting.

What’s more, some file-sharing programs automatically run every time you turn on your computer. As a preventive measure, you should adjust the file-sharing program’s controls to prevent the file-sharing program from automatically starting.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

15 Comments

Filed under Anti-Malware Tools, BitDefender, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Malware Protection, Peer to Peer, Software, System Security, trojans, Viruses, Windows Tips and Tools, worms

Symantec MessageLabs Intelligence October 2010 Report – Targeted Email Attacks On The Rise

imageEven in a world where Internet threats present an ever evolving and increasingly sophisticated danger to businesses, targeted email attacks are the most potent of all – potentially dealing  devastating short and long-term damage to the victims.

Counter to intuitive thinking, a high degree of sophistication gives these low volume, highly personalized emails an edge, and a higher probability of success than mass email blasts.

The goal of targeted attacks is simple – an attempt to gain access to specific sensitive data, intellectual property or confidential internal systems, by targeting specific individuals and companies.

According to Symantec Hosted Services, targeted attacks on the retail sector took a big jump in October, with 25 percent of all targeted attacks directed at this economic sector.

When you consider that in the previous 2 years, less than half of one percent of targeted email attacks were directed at the retail sector – versus the 25% discovered by Symantec Hosted Services in October, it’s evident cyber crooks have a razor sharp focus on the retail sector.

The spam landscape changes constantly, and while your industry sector may not be in the crosshairs currently, given that 200 and 300 organizations are targeted each month with the industry sector varying, it may be only a matter of time.

Knowledge is power, and as computer users we need as much power as we can get in order to stay safe on the Internet, so I encourage you to read the highlights of MessageLabs Intelligence October report, just released today. The full report is available here.

Selected report highlights:

Spam: In October 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 87.5 percent (1 in 1.4 emails), a decrease of 4.2 percentage points since September.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 221.9 emails (0.45 percent) in October, an decrease of .01 percentage points since September. In October, 23.1 percent of email-borne malware contained links to malicious websites, an increase of 15.5 percentage points since September.

Endpoint Threats: Threats against endpoint devices such as laptops, PCs and servers may penetrate an organization in a number of ways, including drive-by attacks from compromised websites, Trojan horses and worms that spread by copying themselves to removable drives. Analysis of the most frequently blocked malware for the last month revealed that the Sality.AE virus was the most prevalent. Sality.AE spreads by infecting executable files and attempts to download potentially malicious files from the Internet.

Phishing: In October, phishing activity was 1 in 488.0 emails (0.20 percent), a decrease of 0.06 percentage points since September.

Web security: Analysis of web security activity shows that 51.3 percent of malicious domains blocked were new in October, an increase of 17.7 percentage points since September. Additionally, 24.7 percent of all web-based malware blocked was new in October, an increase of 2.9 percentage points since last month. MessageLabs Intelligence also identified an average of 2,280 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 23.9 percent since September.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, Internet Security Alerts, Malware Advisories, MessageLabs, Symantec, trojans, worms

Free Stuxnet Removal Tool From BitDefender

imageBitDefender an award-winning provider of innovative internet security solutions, has just released a free removal tool targeting Win32.Worm.Stuxnet.

This tool is capable of removing all known variants of Win32.Worm.Stuxnet, as well as the rootkit drivers that are used to conceal critical components of the worm.

Win32.Worm.Stuxnet is a new breed of e-threats that emerged in mid-July. Although it infects all Windows-based systems alike, it primarily targets supervisory control and data acquisition (SCADA) systems which run the Siemens WinCC software.

The worm spreads by taking advantage of a multitude of zero day exploits in the current versions of Windows. Moreover, it can execute itself from an infected removable medium as soon as the .lnk file on the drive which has been read by the operating system. Successful exploitation of this vulnerability results in the injection of a backdoor, as well as the installation of two rootkits that will conceal both the .lnk files and the accompanying .tmp files.

“BitDefender added generic detection covering all variants of Stuxnet on July 19, thus protecting our customers since day zero. As part of our constant efforts to help worldwide users fight against e-threats, BitDefender has also created a Stuxnet Removal Tool. Computer users who are not protected by a BitDefender security solution can now eliminate Stuxnet from their infected systems as well,” said Catalin Cosoi, Head of the BitDefender Online Threats Lab.

The tool can be run on both 32- and 64-bit installations, and it will eliminate both the rootkit drivers and the worm. Stuxnet Removal Tool can be downloaded from the Removal Tools section of www.malwarecity.com.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under 64 Bit Software, Anti-Malware Tools, BitDefender, cybercrime, downloads, Freeware, Internet Security Alerts, Malware Removal, rootkits, Software, Windows Tips and Tools, worms

“Here You Have” Worm Alert – The Incompetents Take The Bait

image In Chapter One of, Internet Security 101, the following is the first point made – “Don’t run files that you receive via email without making sure of their origin.”

OK, I’m stretching the truth a little, since I don’t actually know of a book with the title “Internet Security 101”. But, the truism “Don’t run files that you receive via email without making sure of their origin”, remains valid.

Despite constant warnings NOT to run this type of file, many users continue to disregard this critical advice. The success of the email delivered “Here you have” worm that clogged email systems on Thursday, despite the usual misspelling, grammatical, and punctuation errors in the email, leaves little doubt.

According to Symantec’s Message Labs Intelligence, the worm is delivered in a  standard email that directs the recipient to click on a link pointing to a malicious file that’s disguised as a PDF. Clicking on the link installs the worm on the victim’s machine.

image

Graphic courtesy of Symantec.

Regardless of the fact that the delivery method and the worm itself are not particularly sophisticated, this attack affected hundreds of thousands of computers worldwide, and then went on to spread through the following – instant messenger, mapped drives, and email, by taking contacts from the victim’s address book.

While doing the background work on this attack, I came across the following forum comment – “This hit one of our affiliated corporate networks today around 12 pm eastern. It was a mess.”

As one pundit put it – the attack was designed to “prey on the incompetent”. I find it hard to argue with that observation.

For additional information on this scam checkout Malware Operations Engineer Tony Millington’s Blog post over at the Symantec Hosted Services Blog.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on “Here You Have” Worm Alert – The Incompetents Take The Bait

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, Internet Security Alerts, Malware Advisories, MessageLabs, Symantec, Windows Tips and Tools, worms