Super Bowl Sunday – A Super Opportunity For Cybercriminals

Unfortunately, exposure to cybercrime is one of the hidden costs associated with the use of the Internet. It’s not fair – but that’s the way it is.

Experienced computer users are aware that if an event is newsworthy, cybercriminals will exploit it to their own advantage. A reminder, from time to time however, is in all our interest.

Cybercriminals have jumped (as expected), on Super Sunday, and are already exploiting this annual event. It’s hardly surprising then, that security experts are predicting record-breaking numbers of Super Sunday related online threats, and cyber attacks.

Cybercriminals are experts at exploiting our curiosity surrounding current events through social engineering , and according to PC Tools, Stephanie Edwards, “Whenever there is a major event, like Super Sunday, we see this kind of increased activity.”

Given the frequency of cybercriminal activity on social networking sites, (designed, in part, to drop malicious code on computers), users need to be aware that the use of social media sites demands an extra degree of caution.

From the Web:

Ad Age predicts that advertisers will use social media at record levels to fan the flames of their ads. Increased numbers of fake ads targeting young males will appear in popular forums and sites. These ads featuring attractive women or cheerleaders encourage people to click on the links which may take them to suspicious or malicious websites.

A “drive-by attack” can occur when a link is inserted onto popular video sharing websites that promise users access to Super Sunday commercials. If a user clicks on the link, they may be redirected to ads not related to Super Sunday or in more extreme cases, users’ personal information may be taken unknowingly through malicious system exploits.

In addition to attacking users, hackers are increasingly targeting legitimate fan and sports websites through redirected links or ads. A football fan scanning the latest sports updates may unknowingly have malware downloading through interactive animations on the page.

Internet users are not entirely at the mercy of cybercriminals, and can take relatively effective steps to protect themselves  from being victimized. You may want to review the following actions you can take to protect your Internet connected computer system:

• When surfing the web – Stop. Think. Click
• Install an Internet Browser security add-on such as WOT , which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.
• Don’t open unknown email attachments
• Don’t run programs of unknown origin
• Disable hidden filename extensions
• Keep all applications (including your operating system) patched
• Turn off your computer or disconnect from the network when not in use
• Disable Java, JavaScript, and ActiveX if possible
• Disable scripting features in email programs
• Make regular backups of critical data
• Make a boot disk in case your computer is damaged or compromised
• Turn off file and printer sharing on your computer.
• Install a personal firewall on your computer.
• Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.
• Ensure the anti-virus software scans all e-mail attachments.
• Consider running your system in a “virtual environment. You can search this site with the keywords “virtual environment” which will produce a listing of articles covering both free, and commercial, virtual applications and add-ons.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Using Adobe Reader? – Then Watch This Video Of Your Computer Being Penetrated

There is nothing particularly unusual in Adobe Reader having an unpatched vulnerability. If you use Adobe reader, you’re used to having to wait for Adobe to release another patch to correct another vulnerability.

Once the fix is released you’ll be safe – at least temporarily; but only until the next bug is discovered.

The latest bug in Adobe Reader, CoolType.dll, which was disclosed on September 10, won’t be patched until October 4. In the meantime, if you’re a user of this application, take a look at this YouTube video which illustrates just how easy it could be for a hacker to penetrate your computer system by exploiting this vulnerability.

Click on the graphic to watch the clip.

A big thank you to my Blogging buddy Dan Dieterle over at Cyberarms, for putting me on to this video. Dan has tested this exploit, and confirms that it works.

For additional information, checkout Dan’s article – Adobe Reader PDF 9.3.4 “Cooltype Sing” Zero Day Exploit.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Principles of Security: Keeping it Simple

Popular guest writer Mark Schneider looks at how to increase system security by focusing on core applications.

Computing on the Windows platform today can be very rewarding. The problem with Windows applications is, as Microsoft has made improvements in patching security holes in Windows, the Black Hat hackers have begun to focus on third party applications to exploit the Windows platform.

Recent highly publicized exploits on the Adobe Acrobat PDF reader, have been just the tip of the iceberg. According to Secunia, creators of PSI a security tool which scans your PC  for out of date software, half their users had 66 or more programs on their PC’s.

Once all the programs and required patches were tabulated, it totaled over “75 patch incidents annually”, per average PC. That averages out to a patch every 4.9 days.” (Source InfoWorld Security Central)

This state of affairs obviously puts the average user at risk. Most people do well just to keep their Windows OS patched, much less check more than once a week for patches to their other applications.

This leads to the crux of my point, keep it simple. Don’t download every application you see, or hear about. Pick a core of useful applications that allow you to use your computer in the way you need to, and stop!

Your computer is a serious tool that can be very useful, so treat it seriously. You can still have fun with your computer, but you don’t need 5 different media players –  choose one, and stick with it. If you find one you prefer uninstall the old one first.

Many people use old out of date programs because they don’t like the “feature creep” of newer applications. This is a mistake; keep what programs you have up to date. This is especially true with PDF readers, browsers, email clients, and media players. Keeping your flash player up to date is extremely important. Adobe Flash is a major exploit vector, and I frequently run with it disabled.

Trying new applications can be fun and rewarding but, the best way to try new applications is in a virtual machine. Using a program like Virtual Box from Oracle Systems, is a great way to safely try new applications without committing yourself to a new program, or loading your Hard Drive with a ton of unnecessary applications that need to be constantly updated.

Finally, run Secunia’s free PSI. It will help you keep your applications up to date, and add another layer of security to your computer.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Be Prepared for 2010’s Malware – PC Tools Malware Trends in 2010

All the signposts point to 2010 being a banner year for cyber-criminals. Being prepared and being aware, while not a panacea, will continue to be a key element in mitigating risk exposure.

We’ve said it many times here, but it bears repeating – “Being aware of Internet threats is critical to your security on the Internet, so that you can protect yourself and stay ahead of the curve. Knowledge is a critical ingredient in ensuring your personal safety on the Internet”.

In this article, guest writer Sergei Shevchenko, Senior Malware Analyst at PC Tools, offers a peek into the 2010 malware landscape.

Cybercriminals operate in the same way as legitimate organizations – they’re looking for the best return on their investment. It’s therefore inevitable that as we move in to 2010 there will continue to be increased interest in producing malware that brings swift and healthy dividends, with a focus on new and diversified rogue security solutions and in continuing to employ social engineering techniques.

Malware authors will continue to shift their focus towards the services, platforms and architectures that are the most popular and offer the largest market share.

We can expect to see more attacks against Windows 7 and other new operating systems as their installed-base grows, such as Apple customers running Mac OS X. Users must ensure that they have comprehensive security solutions to protect them against new and unknown threats.

Traditional techniques were aimed at causing system shutdowns and denial of service attacks. Now Cybercriminals are more focused on data loss, financial fraud and identity theft and as such threats are becoming increasingly sophisticated.

Old techniques are unlikely to become completely obsolete – because often the greatest threats materialize when the least expected malware techniques re-emerge.

We expect future trends to blend existing malware techniques with new inventive schemes that assume tighter social interaction with the public and look less-underground related.

When the initial “accumulation” phase of the rogue security software businesses comes to completion, we might expect cybercriminals to start using their budgets for establishing call centers, support lines, virtual offices, registering off-shore companies, and even launching advertising campaigns.

Attacks will also be designed to exploit vulnerable systems and users by evading the latest detection systems and why behavior-based software is so integral to comprehensive protection. It recognizes that a threat is present and works to neutralize it.

Methods such as virtualization, behavioral analysis, cloud-based detection and remediation will all become increasingly important in detecting, repelling and removing the latest malware.

Users who keep an eye on the range of security software solutions on the market will be aware that many vendors already provide at least one of these services. The difficulty lies with making an informed choice on which offers the best protection – and that’s where the independent anti-malware testing labs come to the fore.

Stay tuned – in the next few days we will be reviewing PC Tools Internet Security Suite 2010, and we will be offering you an opportunity to win one of ten free licenses in a contest give away.

In recent independent tests performed by AV-Test GmbH, a leading service provider for IT security testing, PC Tools Internet Security 2010, scored the highest of the 12 products tested in blocking malware, with a a success rate of 94.8 percent.

Followed by Symantec Norton Internet Security Suite 2010, with 92.8 percent; Kaspersky Internet Security 2010, 89.8 percent; Panda Internet Security 2010, 88.7 percent; Avira Premium Security Suite 9.0, 87.2 percent.

As well, we are currently running a contest give away in which you have an opportunity to win one of ten free licenses for PC Tools Spyware Doctor with Anti-Virus. Go to, Spyware Doctor with Anti-Virus 2010 – Worth the Money? on this site, and and get your entry in.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.