Tag Archives: code

Drive-by Downloads – Update Your Browser Right Now!

Your Firewall and Security Applications along with your Browser security add-ons provide the ultimate in protection while you’re surfing the web, right? Well in a sense they do.

Paradoxically, it’s because current anti-malware solutions are marginally more effective than they have ever been in detecting worms and viruses, that we’re now faced with another insidious form of attack.

Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and more crafty recently.

More than three million unique URLs on over 180,000 websites are automatically installing malware via drive-by downloads, according to recent statements by the Google Anti-Malware Team.

Google has not been alone in noticing this trend by cyber-criminals using these techniques. According to IBM cyber-criminals are directly attacking web browsers in order to steal identities, gain access to online accounts and conduct other criminal activities.

If you’re unfamiliar with the term, drive-by download, they are essentially programs that automatically download and installed on your computer without your knowledge. This action can occur while visiting an infected web site, opening an infected HTML email, or by clicking on a deceptive popup window.

Drive-by downloads work by targeting Internet browser vulnerabilities to download and run malware automatically when a user visits the site. Don’t think that by staying away from dangerous website such as adult sites that you’re any safer. The fact is these infected websites are all over the Internet.

Often more than one program is downloaded, for example, file sharing with tracking spyware is very common. Again, it’s important to remember that this can take place without warning, or your approval.

Recent statistics seem to indicate that 40% of frequent Internet users continue to use an outdated version of their current Internet browser. Statistics generated from my own Blog stats put this figure at 31%. These users’ are essentially already victims just waiting to be victimized again.

Do you want to ensure you are protected, or to reduce the chances you will become a victim? Then there is a really easy way to do that – update your browser to the latest version now. Right now!

While all Internet browsers can be subject to vulnerabilities, the free FireFox browser from Mozilla is the browser of choice for most security conscious users, and is preferred by those who tend to think “Geeky”, due to the amazing number of add-ons that increase safety and functionality.

Download FireFox here.

You need to be proactive when it comes to your computer’s security by making sure you have adequate software based protection to reduce the chances that your machine will become infected.

If you missed “Rogue Security Software on the Rise – What You Need to Know Now!” you can read it here.

For a different take on Google’s new browser checkout TechPaul’s “A Real Life Review of Google’s New Browser”.

3 Comments

Filed under Application Vulnerabilities, Browsers, Firefox, Freeware, Interconnectivity, Internet Safety, Malware Advisories, Online Safety, Safe Surfing, System Security, Windows Tips and Tools

Fake/Redirected Search Results – Consequences for You

I hate being victimized! Unfortunately, all of us who use the Internet can be victimized in ways that sometimes defy credibility. Ironically, even those of us who specialize in Internet security can be targeted by cyber-criminals.

Several weeks ago, one of my Blog sites was the target of redirected search engine results. Essentially, what had been happening is this – when a search was made by a web user which produced a result listing my site, and the user clicked on that link, in some circumstances, the user was redirected to a site, or page, controlled by a hijacker.

While this exploit didn’t impact me financially, since I don’t run ads on my sites, it was disappointing knowing that cyber-criminals were potentially benefiting economically from the results of my efforts. Very often, the purpose behind this type of attack is the hacker’s need to increase his site’s reputation on Google, and other search engines, by fraudulently increasing the site’s hits. This can lead to an increase in profits generated by that site.

The dangers to you:

Those of us who are involved in Internet security know – cyber-crooks are unrelenting in their chase to infect web search results. We know that there has been a steady increase in the use of custom-built Websites designed to drop malicious code on computers, and in the manipulation of legitimate pages in order to infect computers with malware.

Earlier today, I read on the Darkreading Website, a security site for IT professionals, “that hackers have launched a multi-faceted attack on the Website of the popular AARP organization, rerouting traffic from the seniors’ association to pornography sites”. A bit chancy, I would have thought.

Other common techniques used by these cyber-criminals include the manipulation of search engine results, and the seeding of Websites among the top results returned by these engines. When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer, by exploiting existing vulnerabilities, is extremely high.

There are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

Keep all applications (including your operating system) patched.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.

Turn off your computer or disconnect from the network when not in use.

Disable Java, JavaScript, and ActiveX if possible.

Disable scripting features in email programs.

Make regular backups of critical data.

Make a boot disk in case your computer is damaged or compromised.

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

Ensure the anti-virus software scans all e-mail attachments.

5 Comments

Filed under Browsers, Interconnectivity, Internet Safety, Internet Safety Tools, Malware Advisories, Online Safety, Search Engines, Spyware - Adware Protection, trojans, Viruses, Windows Tips and Tools

Drive-by Downloads – The Paradox Created by Firewalls/Security Applications

Your Firewall and Security Applications provide the ultimate in protection while you’re surfing the web, right? Well in a sense they do.

Paradoxically, it’s because current anti-malware solutions are much more effective than they have ever been in detecting worms and viruses, that we’re now faced with another insidious form of attack.

Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and more crafty recently.

More than three million unique URLs on over 180,000 websites are automatically installing malware via drive-by downloads, according to recent statements by the Google Anti-Malware Team. Google has not been alone in noticing this trend by criminal hackers using these techniques. IBM noted recently, that criminals are directly attacking web browsers in order to steal identities, gain access to online accounts and conduct other illicit activities.

If you’re unfamiliar with the term, drive-by download, they are essentially programs that automatically download and installed on your computer without your knowledge. This action can occur while visiting an infected web site, as previously noted, opening an infected HTML email, or by clicking on a deceptive popup window. Often more than one program is downloaded, for example, file sharing with tracking spyware is very common. Again, it’s important to remember that this can take place without warning, or your approval.

What can you do to ensure you are protected, or to reduce the chances you will become a victim?

The following are actions you can take to protect your computer system:

  • When surfing the web: Stop. Think. Click
  • Don’t open unknown email attachments
  • Don’t run programs of unknown origin
  • Disable hidden filename extensions
  • Keep all applications (including your operating system) patched
  • Turn off your computer or disconnect from the network when not in use
  • Disable Java, JavaScript, and ActiveX if possible
  • Disable scripting features in email programs
  • Make regular backups of critical data
  • Make a boot disk in case your computer is damaged or compromised
  • Turn off file and printer sharing on the computer.
  • Install a personal firewall on the computer.
  • Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
  • Ensure the anti-virus software scans all e-mail attachments
  • Install McAfee Site Advisor, WOT, or a similar browser add-on

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

If you missed “Rogue Security Software on the Rise – What You Need to Know Now!” you can read it here.

4 Comments

Filed under Browsers, Email, Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Rogue Software, rootkits, Safe Surfing, Spyware - Adware Protection, Windows Tips and Tools

Malware by Proxy – Fake Search Engine Results

For the past several months I’ve been watching closely, as the pace of Blog and Internet Forum debate has been escalating regarding fake search engines results and malware.

Recent news on this issue from Panda Security’s Oxygen 3 E-bulletin on IT security, indicates that Cyber-crooks are unrelenting in their chase to infect web search results. According to Panda “there is a steady increase in the use of custom-built websites designed to drop malicious code on computers, or even the manipulation of legitimate pages in order to infect users with malware.”

It was reported recently that fifteen thousand web pages were infected daily between January and March of this year; three times the rate of infection noted in the previous year. More disturbing, seventy nine percent of compromised web pages tracked this year were on legitimate web sites; including web sites belonging to Fortune 500 companies, government agencies and ironically, security vendors.

PandaLabs maintains that cyber-crooks have begun to opt for a new technique: the manipulation of search engine results, or seeding websites among the top results returned by these engines. When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

There are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

As I have pointed out in the past, the following are actions you can take to shield your computer system from malware infections:

  • Install an Internet Browser add-on such as WOT which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.
  • Don’t open unknown email attachments
  • Don’t run programs of unknown origin
  • Disable hidden filename extensions
  • Keep all applications (including your operating system) patched
  • Turn off your computer or disconnect from the network when not in use
  • Disable Java, JavaScript, and ActiveX if possible
  • Disable scripting features in email programs
  • Make regular backups of critical data
  • Make a boot disk in case your computer is damaged or compromised
  • Turn off file and printer sharing on the computer
  • Install a personal firewall on the computer
  • Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
  • Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The free software listed below, in my view, provides better than average malware protection.

avast! 4 Home Edition

This anti virus app is a real fighter, scanning files on demand and on access, including email attachments. Let’s you know when it detects mal-ware through its shield function. An important feature is a boot-time scan option which removes mal-ware that can’t be removed any other way.

Ad-Aware 2007

In my view, Ad-Aware 2007 Free is the best free spyware and adware remover available. It does a relatively good job of protecting against known data-mining, Trojans, dialers, malware, browser hijackers and tracking components. The only downside with the free version; real-time protection is not included.

ThreatFire 3

ThreatFire 3 blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. Again, this is one of the security applications that forms part of my front line defenses. I have found it to have high success rate at blocking mal-ware based on analysis of behavior. Highly recommend this one!

Comodo Firewall Pro

The definitive free firewall, Comodo Firewall protects your system by defeating hackers and restricting unauthorized programs from accessing the Internet. I have been using this application for 6 months and I continue to feel very secure. It resists being forcibly terminated and it works as well, or better, than any firewall I’ve paid for. This is one I highly recommend. Amazing that it’s free!

WinPatrol

Do you want to get a better understanding of what programs are being added to your computer? Then WinPatrol is the program for you. With WinPatrol, in your system tray, you can monitor system areas that are often changed by malicious programs. You can monitor your startup programs and services, cookies and current tasks. Should you need to, WinPatrol allows you to terminate processes and enable, or disable, startup programs. There are additional features that make WinPatrol a very powerful addition to your security applications.

Sandboxie

Surfing the Internet without using Sandboxie is, to me, like jumping out of an airplane without a parachute. Deadly! This application creates a “Sandboxed” protected environment on your machine within which you browse the net. Data that is written to your hard drive is simply eliminated, (or not, your choice), when the sandbox is closed. Utilizing this application allows you to surf the web without the risk of infecting your system with mal-ware or other nasties. This is another security application I have been using for over 6 months and it has yet to let me down. Highly recommended.

Snoop Free Privacy Shield

Snoop Free Privacy Shield is a powerful application that guards your keyboard, screen and open windows from all spy software. I have been using this application for quite some time, and I have been amazed at the number of programs that have requested access to my keyboard and screen; particularly, programs that I am in the process of installing. If you’re serious about privacy, this is a must have addition to your security toolbox.

11 Comments

Filed under Anti-Malware Tools, Browser add-ons, Firefox Add-ons, Free Security Programs, Freeware, Interconnectivity, Internet Explorer Add-ons, Internet Safety, Internet Safety Tools, internet scams, Malware Advisories, Online Safety, Phishing, Safe Surfing, Search Engines, Software, Uncategorized, Windows Tips and Tools

Storm Botnets – The Computational Power of Super Computers

I must admit that I get very tired of opening my email accounts only to see spam email after spam email, reminding me that enlargement, growth, and natural male enhancement techniques can all be mine if I just click on the enclosed link.

It didn’t take long to establish that the driving force behind the majority of these annoying emails is the well established Storm bot network. Security experts maintain that the Storm bot network continues to be leased to online pharmacy spammers.

The Storm Trojan which first appeared in Europe more than a year ago, takes its name from the content contained in emails relating to extreme bad weather striking parts of Europe at that time.

Those users who were enticed into clicking on links enclosed in the email were directed to a web site that included malevolent code designed to infect Windows PCs with the aim of turning the now infected machine into a spam bot.

The initial success and the continued implementation, in various forms, of this highly sophisticated malware attack has led to the creation of a botnet of unprecedented proportions; a colossal spam-producing network.

According to Bradley Anstis, Vice-President of Products for Marshal, a leader in integrated email and Internet content security solutions, the Storm botnet was responsible for 20 per cent of all spam email sent in the first quarter of 2008.

Marshall is currently monitoring five botnets, including the Storm botnet, believed to be responsible for approximately 75 per cent of all spam currently in circulation. Heavily promoted products on all of these botnets tend to be male enlargement drugs, replica watches and sexually explicit material. The strategy employed by the owners of these botnets is particular ingenious since there’s a strategic crossover with the products being promoted by all five of these botnets.

Frighteningly it is accurate to say that these botnets are getting increasingly larger every day. According to the U.S. Federal Bureau of Investigation, there are at least 1 million botnetted computers in the U.S. Worst, some security firms estimate that currently there are as many as 10 million botnetted machines worldwide. In fact, some researchers believe that this may just be the part of the iceberg we can see above the waterline.

Not surprisingly such large numbers of infected machines have produced some of the most powerful networked computer systems in the world. As a result, many industry analysts are convinced malware and phishing attacks from these botnets can be expected to increase in frequency.

A more frightening possibility involves the potential power of these botnets being turned against secure computer systems in the government, commercial, and industrial sectors in brute-force attacks. Some have argued a coordinated attack, such as the one we witnessed last year against Estonia’s infrastructure, is inevitable.

For your own benefit it’s obviously important to keep your computer from becoming infected and becoming a part of this problem. Perhaps it’s less obvious that we all share a responsibly to help protect other computer users on the Internet from becoming infected. The way to do that is to ensure that you are part of the solution; not part of the problem created by running an insecure machine, or by engaging in unsafe surfing practices.

As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system:

· When surfing the web: Stop. Think. Click
· Don’t open unknown email attachments
· Don’t run programs of unknown origin
· Disable hidden filename extensions
· Keep all applications (including your operating system) patched
· Turn off your computer or disconnect from the network when not in use
· Disable Java, JavaScript, and ActiveX if possible
· Disable scripting features in email programs
· Make regular backups of critical data
· Make a boot disk in case your computer is damaged or compromised
· Turn off file and printer sharing on the computer.
· Install a personal firewall on the computer.
· Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
· Ensure the anti-virus software scans all e-mail attachments
· Install McAfee Site Advisor, WOT (my recommendation), or a similar browser add-on

Share this post :

3 Comments

Filed under Interconnectivity, Internet Safety, Malware Advisories, Online Safety, rootkits, Safe Surfing, Spyware - Adware Protection, Windows Tips and Tools

Fake/Redirected Search Engine Results = Malware


For the past several months I’ve been watching closely, as more and more Blog discussions have been taking place around the topic of search engines results and malware.

Recent news on this issue from Panda Security’s Oxygen 3 E-bulletin on IT security, indicates that Cyber-crooks are unrelenting in their chase to infect web search results. According to Panda “there is a steady increase in the use of custom-built websites designed to drop malicious code on computers, or even the manipulation of legitimate pages in order to infect users with malware.”

PandaLabs maintains that cyber-crooks have begun to opt for a new technique: the manipulation of search engine results, or seeding websites among the top results returned by these engines. When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

There are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

For more information on this, and other threats checkout Spyware Sucks, a great Blog that will keep you up to date on the latest risks to your online safety.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system:

• Don’t open unknown email attachments

• Don’t run programs of unknown origin

• Disable hidden filename extensions

• Keep all applications (including your operating system) patched

• Turn off your computer or disconnect from the network when not in use

• Disable Java, JavaScript, and ActiveX if possible

• Disable scripting features in email programs

• Make regular backups of critical data

• Make a boot disk in case your computer is damaged or compromised

• Turn off file and printer sharing on the computer.

• Install a personal firewall on the computer.

• Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

• Ensure the anti-virus software scans all e-mail attachments.

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The free software listed below, in my view, provides better than average malware protection.

avast! 4 Home Edition

www.avast.com

This anti virus app is a real fighter, scanning files on demand and on access, including email attachments. Let’s you know when it detects mal-ware through its shield function. An important feature is a boot-time scan option which removes mal-ware that can’t be removed any other way.

AVG Anti-Virus Free Edition

www.free.grisoft.com

Similarly, this program scans files on access, on demand, and on schedule. Scans email; incoming and outgoing. For those on Vista, your in luck, it’s Vista-ready. I have been using this application since its release and it now forms part of my front line defenses. I recommend this one highly.

Ad-Aware 2007

www.lavasoftusa.com

In my view, Ad-Aware 2007 Free is the best free spyware and adware remover available. It does a relatively good job of protecting against known data-mining, Trojans, dialers, malware, browser hijackers and tracking components. The only downside with the free version; real-time protection is not included.

ThreatFire 3

www.threatfire.com

ThreatFire 3 blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. Again, this is one of the security applications that forms part of my front line defenses. I have found it to have high success rate at blocking mal-ware based on analysis of behavior. Highly recommend this one!

Comodo Firewall Pro

www.comodogroup.com

The definitive free firewall, Comodo Firewall protects your system by defeating hackers and restricting unauthorized programs from accessing the Internet. I have been using this application for 6 months and I continue to feel very secure. It resists being forcibly terminated and it works as well, or better, than any firewall I’ve paid for. This is one I highly recommend. Amazing that it’s free!

WinPatrol

www.winpatrol.com

Do you want to get a better understanding of what programs are being added to your computer? Then WinPatrol is the program for you. With WinPatrol, in your system tray, you can monitor system areas that are often changed by malicious programs. You can monitor your startup programs and services, cookies and current tasks. Should you need to, WinPatrol allows you to terminate processes and enable, or disable, startup programs. There are additional features that make WinPatrol a very powerful addition to your security applications.

Sandboxie

www.sandboxie.com

Surfing the Internet without using Sandboxie is, to me, like jumping out of an airplane without a parachute. Deadly! This application creates a “Sandboxed” protected environment on your machine within which you browse the net. Data that is written to your hard drive is simply eliminated, (or not, your choice), when the sandbox is closed. Utilizing this application allows you to surf the web without the risk of infecting your system with mal-ware or other nasties. This is another security application I have been using for over 6 months and it has yet to let me down. Highly recommended.

Snoop Free Privacy Shield

www.snoopfree.com

Snoop Free Privacy Shield is a powerful application that guards your keyboard, screen and open windows from all spy software. I have been using this application for quite some time, and I have been amazed at the number of programs that have requested access to my keyboard and screen. Particularly, programs that I am in the process of installing. If you’re serious about privacy, this is a must have addition to your security toolbox.

Share this post :

2 Comments

Filed under Anti-Keyloggers, Anti-Malware Tools, Application Vulnerabilities, Free Security Programs, Freeware, Internet Safety, internet scams, Online Safety, rootkits, Safe Surfing, Search Engines, Software, Spyware - Adware Protection, System Security, System Utilities, Windows Tips and Tools