Online Paperless Billing – The New Attack Vector For Cyber Crime

I’m very much in favor of online paperless billing and, virtually all of my reoccurring monthly bills are delivered this way – directly to my inbox. For example (shown below), is a snapshot of the regular monthly email notice from my natural gas supplier.

A simple click on the embedded link, and …..

there’s the bill – which is identical, I might add, to the bill delivered by regular mail.

A couple of extra clicks to reach my online banking and, the bill is paid.

No stacking up bills to be dealt with (along with all the other bills), at a later date. Done – fini – terminado!

I like it and, I’m sure my utilities suppliers love it – since, in most cases, they get paid far in advance of the required payment date. A perfect system it seems – except, this is the Internet.

Ah, the Internet – the playground of every scumbag cyber criminal from Moscow to Montreal – and, beyond. So, it’s hardly surprising to see online paperless billing come under attack.

Yesterday, Commtouch let me know of an ongoing attack – directed at AT&T  customers – which automatically embeds malware onto the targeted machine, once the user clicks on the embedded link in the  billing notice.

Since the billing email shows an outrageous balance (in the following screen capture, $943.01), theoretically, the response ratio should be significantly higher than it might otherwise be.

Several months back, I received a billing notice from my cable supplier totaling $650 – versus the normal $150 – and, I can assure you, I clicked on the embedded link, immediately.

It was, of course, a massive screw up at their end. Never the less, I instinctively (and, without thinking) clicked on the link . Being frustratingly annoyed is often a powerful call to action. Cyber criminals know exactly how to wind us up –increasing the odds that we’ll respond inappropriately.

Graphic courtesy of Commtouch.

According to Commtouch, who generously shared their research –

The pattern to be aware of in this case is: <legitimate domain>/<recurring set of random letters>/<index.html>

The index.html file tries to exploit at least the following known vulnerabilities:

·Libtiff integer overflow in Adobe Reader and Acrobat       CVE-2010-0188

·Help Center URL Validation Vulnerability       CVE-2010-1885

Every link in the email (there are 9 links), leads to a different compromised site with malware hidden inside. Recipients who are unsure whether the email they have received is genuine or not (the malicious version is a very accurate copy), should mouse-over the links.

Genuine emails from AT&T will include AT&T website links.  For example the “att.com link will be the same in both places that it appears in the email – unlike the malicious version which uses two very different URLs.

I might add, that I use the WOT Browser add-on and, you’ll notice in the first graphic (at the top of this page), the green circle indicated the embedded link is safe. I strongly suggest that if you currently do not have WOT installed, that you consider doing so. As well, I use the Redirect Remover add-on which removes any redirect links in Firefox. An appropriate way to become aware of redirected links.

Four years ago, when I stated writing this Blog, I was hopeful that the cyber criminal threat to Internet users would be actively addressed. That at some point, governments and law enforcement would step up and actively seek out, and punish, the criminals who have turned the Internet into a minefield.

Governments, (the U.K, the U.S., Canada, Australia, India …) it seems, don’t give a fiddler’s f*ck – they appear to be much more interested in passing regressive Internet legislation directed at you – not cyber criminals. Legislation designed to massively infringe on individual personal privacy, and individual human rights. In the meantime, cyber criminals continue to roam freely.

As for law enforcement agencies – just try reporting a cyber crime to your local police department and, you’ll find that they couldn’t care less. Their focus is on low level behavioral crimes, like busting teenage Pot smokers. Just how much safer does that make you feel on the Internet?

Unless, there is a concerted effort on the part of all of us – and yes, that means you need to get involved – demanding a responsible approach to this outrageous criminality on the Internet – we will all, at some point, become a victim of cyber crime.

Do I sound angry? You bet I am.

Free Sucuri SiteCheck – Find Out If Your Site Has Been Hacked

I recently posted a piece – Webmasters Struggle With Hacked Sites – A Commtouch, StopBadware Report – which read in part: “Recent statistics indicate (surprise, surprise) – cybercriminals are increasing their targeting of websites for identity theft, virus distribution, and spamming.

And, according to a newly released survey (Compromised Websites: An Owner’s Perspective), from Commtouch and StopBadware – in which webmasters were queried on their fight against hacking – almost half of the survey participants (who had been hacked), had no idea until they received a warning from their own computer’s protection technology.”

Since I use WordPress as my blogging platform, I rely on the security apparatus WordPress has in place to protect me from the various cyber criminal attack schemes currently in play. Still, I would be more than a little naive if I didn’t  consider the possibility that WordPress’ site security is vulnerable to hacking.

If a security developer’s web site can be hacked – and, many have been in the last year – including Panda Security in just the past few days*, it lends credence to the suggestion that any site can be hacked.

*Late Tuesday night, at least 35 public facing websites belonging to Panda Security were hacked and defaced by the LulzSec and Anonymous hacking groups. The defacement also posted multiple usernames and passwords associated with Panda Security employees.

Frankly, it absolutely infuriates me when I consider that the 4 years plus that I’ve put into writing and maintaining this Blog could, in little more than a moment, be destroyed by a single act of a cyber criminal. In my weaker moments, I have visions of lining these creeps up against the wall and being done with them.

But, the reality is much different, of course. So, it’s incumbent upon me to ensure that visitors to this site are protected (imperfect as that might be), from the nasties which cybercriminals can load onto a site.

There’s no foolproof solution but, one measure which I employ frequently is taking advantage of a free service offered by Sucuri Security – which, quickly scans for the most common threats as illustrated in the following screen capture.

Additionally, all links within the site are scanned. The following screen shot shows a small representation of the hundreds of links which were scanned.

If you’re a blogger or a site owner, I suggest that you take advantage of this free service so that you can check if your site has been compromised. It’s one more tool in the fight against the increasing threats posed by cyber criminal gangs.

Scan your website free.

And, You’re Surprised You Got Screwed On Facebook?

It’s a holiday weekend here in Canada, and in honor of Queen Victoria’s birthday, I’m taking the sun, drinking some beer, and ogling the passing scenery. All of that hard work has drained me of the energy I need to write a fresh article.   

So, given the circumstance, you’ll allow me (I’m sure), to take the easy way out and repost an article (through the magic of connected devices), originally published on August 28, 2010.    

Not a day goes by, it seems, when Facebook and the opportunities it presents for cyber criminal activity, isn’t in the News. Not mainstream News, of course, since cyber crime rarely involves sex, or violence.

Mainstream media, where salacious and violent news reports rule the airwaves, determined, it seems to me, it had nothing to gain by advising you of the following, very unsexy, non violent, Facebook threats – all from this week incidentally.

‘LOL is this you?’ spam spreading via Facebook chat

Facebook scam: “I may never text again after reading this”

How to Spot Facebook Scams Like ‘Dislike’

Facebook Fires Back at ACLU’s Criticism of ‘Places’

Facebook Warns of Clickjacking Scam

But, throw Facebook and sex into the equation, and mainstream media are out of the gate as if shot from a cannon.

The discovery, that a pedophile ring which used Facebook as their communication channel had been broken up, and the perpetrators arrested, made headlines around the world, just yesterday.

And why not? This is the kind of news event that allows the media to exhibit their moral outrage and indignation. But, when it comes to occurrences that can effect you, if you are a Facebook subscriber, for example – no outrage; no moral indignation. Curious, no?

Maybe I’m missing something here. It’s unlikely, but still I wonder if there’s consensus in the mainstream media community, that Facebook users who become victims of cyber criminals are getting exactly what they deserve?

At one time, I gave the benefit of the doubt to victimized Facebook users, since most typical computer users (I believed), made assumptions that sites like Facebook, and other social networking sites, were essentially safe, and harmless – that Facebook, and others, were looking out for their users interests.

I’ve long since given up on this rather naive view of Facebook users lack of culpability in any harm they were exposed to though. I find it difficult to be supportive of people who throw common sense out the window, and behave irrationally on the Internet.

Given the state of the current, and increasing cyber criminal activity on the Internet, it’s almost certain that exposure to cybercrime on Facebook will continue to escalate, and with it, the dangers that this presents.

Note: As of today’s date – May 22, 2011 – the incidence of cyber criminal activity on Facebook continues to escalate dramatically.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Ashampoo Database Hacked – What You Need To Know

I could spend all day, every day, reporting on nothing more than the latest cyber criminal targeted intrusions into enterprise IT systems.  Two reports from my today’s Tech Net News column illustrate that we are barely scratching the surface of this significant, continuous, and rapidly expanding problem:

European Space Agency website and FTP servers hacked

Dramatic increase in cyber attacks on critical infrastructure

If you’re an everyday reader here, then you may recall that I regularly recommend that you take advantage of the German software developer Ashampoo’s, occasionally offered free application multipacks.

The downside (for some) is, you must register and provide an email address. Additional benefits can be gained by registering as an  Ashampoo member, which includes creating a password.

Unfortunately, Ashampoo has become a victim of a cyber criminal targeted intrusion aimed at their customer database. According to the company:

“Hackers gained access to one of our servers. We discovered the break-in and interrupted it instantly. The security gap through which the hackers gained access was closed immediately.

The stolen pieces of information are data of addresses such as name and e-mail address. Billing information (e.g. credit card information or banking information) is definitely not affected … it is not stored on our system.”

If you have taken advantage of Ashampoo’s offers, then it’s important that you exercise extreme caution with any future emails sent by the company and, any unsolicited email sent by any company, for that matter.

As well, if you have registered as an Ashampoo member, it’s important that you change your account password. Additionally, if you have used the same password elsewhere (you’d be surprised how often this occurs), it’s imperative that you change these passwords immediately.

My thanks to my buddy John B. (a great Scot!), for bringing this unfortunate incident to my attention this morning.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

CNET’s 2010 Top 10 Downloads Tell A Tale!

This year, CNET has delivered more than ONE BILLION downloads, and recently plucked its 2010 top 10 downloads from this amazing number of served up applications. Reportedly, there are now 1.2 billion Internet users, so the CNET numbers are impressive indeed!

After reading the published list, I must admit, I was more than a little surprised. Of the top ten downloads, five are anti-malware applications.

In fact, the top 6 are:

AVG Anti-Virus Free Edition – 84,317,112 downloads.

Avast Free Antivirus  – 52,648,408 downloads.

Avira AntiVir Personal Free Antivirus – 42,165,868 downloads.

YouTube Downloader – 30,068,100 downloads. (the odd man out).

Malwarebytes Anti-Malware – 25,799,006 downloads.

Ad-Aware Free Internet Security – 20,375,957 downloads.

Followed by:

Advanced SystemCare Free – 19,544,950 downloads.

WinRAR – 19,431,244 downloads.

TeamViewer – 15,722,955 downloads.

Camfrog Video Chat – 14,155,432 downloads.

I have somewhat of a problem with this list, and it’s this. Where are the productivity applications, and why are Internet security applications (a quarter of a billion downloads), so prominent on this list?

Let me blue-sky this for a moment:

It seems to me, that this list speaks more broadly to the intolerable exposure to cyber-criminal activity we now face, than any survey which tracks cybercrime, or the impact of cybercrime, on Internet users. In a sense, the CNET list is an indictment of the conditions now prevalent on the Internet.

In a relatively secure Internet environment, we should expect productivity applications to hold a prominent place in a list such as this.  After all, one benefit of computer ownership, including Internet connectivity, is an expectation of increased productivity, which might then lead to a focus on downloading applications which serve that purpose.

Undoubtedly, computer security, on or off the Internet, but especially while surfing the Net, has to be a priority. But, it appears to me, that we may well be so concerned with bolstering our anti-malware defenses, that productivity applications, and perhaps productivity itself, takes second place and gets short shift.

Frankly, I’m astonished that more Internet users aren’t asking the following questions; amongst many others?

How much longer are we prepared to put up with this “Wild West” Internet environment which leads to users installing a cornucopia of anti-malware applications?

How much longer are we expected to accept disruptive personal attacks by cyber-criminals?

How much longer are Governments going to allow organized criminal gangs to impact the daily lives of their citizens – citizens they are sworn to protect – without taking appropriate action?

If we continue to accept the status quo, we can expect that next year’s CNET top 10 downloads will be virtually unchanged.

Let’s not accept the status quo. It’s long past the time that we looked for accountability for the horrendous security conditions that exist on the Internet. It’s time to make some NOISE! It’s time to demand ACTION! It’s time to demand CHANGE!

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Screwed On A Social Network? – Who’s Fault Is It Really?

Not a day goes by, it seems, when Facebook and the opportunities it presents for cyber criminal activity, isn’t in the News. Not mainstream News, of course, since cyber crime rarely involves sex, or violence.

Mainstream media, where salacious and violent news reports rule the airwaves, determined, it seems to me, it had nothing to gain by advising you of the following, very unsexy, non violent, Facebook threats – all from this week incidentally.

‘LOL is this you?’ spam spreading via Facebook chat

Facebook scam: “I may never text again after reading this”

How to Spot Facebook Scams Like ‘Dislike’

Facebook Fires Back at ACLU’s Criticism of ‘Places’

Facebook Warns of Clickjacking Scam

But, throw Facebook and sex into the equation, and mainstream media are out of the gate as if shot from a cannon.

The discovery, that a pedophile ring which used Facebook as their communication channel had been broken up, and the perpetrators arrested, made headlines around the world, just yesterday.

And why not? This is the kind of news event that allows the media to exhibit their moral outrage and indignation. But, when it comes to occurrences that can effect you, if you are a Facebook subscriber, for example – no outrage; no moral indignation. Curious, no?

Maybe I’m missing something here. Could it be that there’s consensus, in the mainstream media community, that Facebook users who become victims of cyber criminals are getting exactly what they deserve?

At one time, I gave the benefit of the doubt to Facebook users, since most typical computer users (I believed), made assumptions that sites like Facebook, and other social networking sites, were essentially safe, and harmless – that Facebook, and others, were looking out for their users interests.

I’ve long since given up on this rather naive view of Facebook users lack of culpability in any harm they were exposed to though. I find it difficult to be supportive of people who throw common sense out the window, and behave irrationally on the Internet.

Despite my hardened view that Facebook users who fall victim to cyber criminals are not entirely innocent, I was still taken aback by the results of a  study conducted, and just released, by BitDefender.

For study purposes, BitDefender asked the participants to “friend” a test profile of an unknown, attractive young woman.

Selected stats from the study:

More than 86 percent of the users who accepted the test-profile’s friend request work in the IT industry, of which 31 percent work in IT Security.

The most frequent reason for accepting the test profile’s friend request was her “lovely face” (53 percent).

After a half an hour conversation, 10 percent disclosed personal sensitive information, such as: address, phone number, mother’s and father’s name, etc — information usually requested as answers to password recovery questions.

Two hours later, 73 percent siphoned what appears to be confidential information from their workplace, such as future strategies, plans, as well as unreleased technologies/software.

Study methodology:

The study sample group included 2,000 users from all over the world registered on one of the most popular social networks. These users were randomly chosen in order to cover different aspects: sex (1,000 females, 1,000 males), age (the sample ranged from 17 to 65 years with a mean age of 27.3 years), professional affiliation, interests etc.

In the first step, the users were only requested to add the unknown test profile as their friend, while in the second step several conversations with randomly selected users aimed to determine what kind of details they would disclose.

Additional details on this study are available here (PDF), as well as on the MalwareCity blog post.

Given the state of the current, and increasing cyber criminal activity on the Internet, it’s almost certain that exposure to cybercrime on Facebook will continue to escalate, and with it, the dangers that this presents. Given the type of behavior reveled in this study, cyber criminals are sure to have a field day.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Free PDF to Word Converter Is A Scam!

When is free, not free?

How about if you have to answer this question: 881 – (221 – (329 – 146) x 559)= ? or this question (274 – 332) – (34 x 504 – 813) = ? or……………. every time (after the fifth time, or so), you want to use the “free” application? But keep reading – all is not as it seems.

Normally, (but not always), when I recommend a piece of software I’ve tested it for a minimum of thirty days – banging it, slamming it, twisting it and turning it; all in an attempt to break it.

Some time ago, I downloaded Free PDF to Word Doc Converter (through Download.com), for testing. Since many developers choose to list their products features in this format, a PDF converter is the type of application that gets a workout around here.

The application I normally use for PDF conversion is, Nuance’s PDF Converter Professional 7. Average users however, are not likely to spent the hundred bucks for this application.

So, by the time I got around to using Free PDF to Word Doc Converter, for the fifth time, or so, the following screen appeared when I pushed the “convert” button.

My first response was annoyance. But, since this was part of testing the application, I went along with it.

After getting the FREE code and entering it in the appropriate box, the following warning appeared.

My first thought was – I made a mistake in the math. But that couldn’t be right since I actually got the code, and not an “incorrect answer” response. As well, while many people do crossword puzzles to keep their mind sharp, I work algebraic solutions every day, for the same purpose. I don’t normally make mistakes in basic math. But….

To be fair to the developer, I repeated this frustration process ten times. It turns out, the developer is an outright liar. This process is a scam – there is no way (despite inserting the correct code), to actually get free registration.

By this time I was pretty annoyed, so I dug into this app, and the developer, a little further. Additional investigation of the developer’s site showed that Norton DNS has now blocked this site, and with good reason. According to Norton – W32.Spybot.Worm, is imbedded in the site.

So, not only is the developer a liar, he’s a cyber criminal hosting a malware site.

Despite this, Download.com continues to host this application. Albeit, on their own servers. I’m very disappointed that CNET would even consider hosting this piece of crap. Shame on you CNET – you’re supposed to be better than this!

If you need a free PDF reader/convertor that actually works, then checkout Nuance PDF Reader (registration required). The PDF conversion function, is a cloud based service.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.