From the more things change the more they remain the same files:
AV-killing worm spreads via Facebook chat and IM clients – A rather industrious piece of malware that – among other things – paves the way for other malware by disabling AV solutions and software update modules has been spotted spreading via several Instant Messaging applications (ICQ, Skype, GTalk, Pidgin, MSN, YIM) and Facebook.
The victims receive a message from an unknown user, offering a link to a funny or interesting video. If they follow it, the malware in question downloads automatically from the linked site and is executed.
Nothing new here – as any one of the 10 or more articles I’ve written over the years on using Instant Messenger applications safely will attest to. The following post (originally published September 4, 2010) will serve as a quick refresher on how to navigate the Internet safely while using an Instant Messenger client.
Tips For Using Instant Messenger Applications Safely
In a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users, one resultant statistic made me sit up a little straighter. Just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.
Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), I was more than a little surprised at this unrealistic response.
The reality is, from a security perspective Instant Messaging applications can present considerable security risks. Security breakdowns can occur when these programs are used to share files, folders, or in some cases, entire drives. Instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware and scams.
Programs such as MSN Messenger, Yahoo! Messenger, AIM, and a basket full of other IM applications, are extremely popular with users who want real-time contact with each other and (no surprise here), this makes them the perfect vehicle for cyber criminals.
Hackers use two methods of delivering malicious code through IM: delivery of virus, Trojan, or spy ware within an infected file, and the use of “socially engineered” text with a web address that entices the recipient to click on a URL which connects to a website that downloads malicious code. Viruses, worms, and Trojans then typically propagate, by sending themselves rapidly through the infected user’s buddy list.
The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.
As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.
Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.
Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.
Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.
Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.
For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.
It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.
Kate Middleton Nude – As If!
I’m an easy mark when it comes to pomp and circumstance, so like millions worldwide, I just finished watching the Royal Wedding. An impressive occasion, to say the least. Now, I need to relax and get over my Royal Wedding media hangover.
The media frenzy surrounding the wedding is likely to remain at a fever pitch far into the future however, as will the level of cyber criminal activity hooked on to Prince William and Kate Middleton. Hardly surprising, when one considers the size of the “market”. Scoping out “the royal wedding” on Google returns an amazing 53 Million search results – and cyber crooks love a big market.
Cyber crooks don’t miss a trick when it comes to leveraging events surrounding popular personalities, and along with the usual schemes – inbox spam, phony search results, Twitter and Facebook misdirection …….., – Kate Middleton comment spam, as illustrated by the following examples posted here in the last few days, has not been neglected by these parasites.
kate middleton naked
18.104.22.168 – Submitted on 2011/04/27 at 12:19 am
Clicking on the link leads to a 90 MB compressed download hosted at Easy Share. I have no doubt that downloading this file would lead to a very painful experience.
This is actually my personal complete nude and semi-nude picture collection of Kate Middleton I collected over the last 10 weeks. http://www.megaupload.com/?d=8KKIJIWT Caution: Don’t leak this pack outside of this website or I will eliminate this comment and also chase you down to hell!
Clicking on this link leads to a similar 90 MB compressed download.
prince william wedding
22.214.171.124 – Submitted on 2011/04/27 at 12:19 am
Download and view this entire pic series of Kate Middleton along with pretty much all the unclothed as well as naughty images one can locate on the world wide web. http://www.fileserve.com/file/xnj2k2Q Caution: Don’t leak this pack outside of this site or I will delete this post and hunt you down to hell!
A similar set up – clicking on the link leads to a 90 MB compressed download.
If you’ve ever wondered why comments on this site, and many other sites for that matter, are held for moderation by a site administrator, the simple answer is – comment spam, as illustrated, can be extremely dangerous.
The amount of time required to effectively control comment spam is not insignificant. For example, since I first setup this site, I’ve dealt with over 55,000 spam comments.
Conservatively, it takes 10 seconds to check each spam comment (spam filters are not perfect) – that amounts to 152 hours, or 4 plus weeks, of wasted time. Needless to say – I consider comment spammers to be far down on the human evolutionary scale.
Same old – same old:
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Filed under Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, Freeware, internet scams, Internet Security Alerts, Malware Alert, Online Safety, Software, spam, Windows Tips and Tools
Tagged as Bill Mullins, comment spammers, cyber criminals, cyber-crooks, Kate Middleton, phony search results, Prince William, royal wedding, spam, Tech Thoughts