Valentine’s Day = Cyber Crooks And Malware Love

Love in Your Inbox – Malware on Your Computer

It’s only a few weeks until Valentine’s day, so it’s not to early to get ready for the deluge of  “I love you”, “Wish you were mine”, and of course the proverbial “Happy Valentine’s Day” emails.

Hopefully, you will have a Happy Valentine’s Day, but you won’t if you fall victim to the burst of spam that is aimed at lovers, at this time of year, every year. Much of it designed to drop malware on unsuspecting users machines.

Like clockwork, spammers and cyber crooks ramp up the volume of spam emails aimed at unsuspecting users, just prior to this day, culturally set aside as a “celebration of love”.

In previous years, starting just about this time, we saw abnormally high rates of this type of spam, and since cyber crooks are “opportunity driven”, we can expect much more of this type of cybercriminal activity this year.

Maybe you’re a very cool person who’s significant other is always sending you neat little packages in your email. Things like MP3 files, screensavers, cartoons, YouTube videos and the like. You get them so often, that you just automatically click on the email attachment without even thinking. If you are this type of person, here’s a word of advice – start thinking.

The hook, as it always is in this type of socially engineered email scam, is based on exploiting our emotions. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprises. I think it’s safe to say, we all find it difficult, if not irresistible, to peek at love notes received via email.

The unfortunate truth is, these spam emails often contain links that deliver advertisements, or worse redirect the victim to an unsafe site where malware can be installed on the victim’s computer.

Last year at this time, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. On opening the email, he was taken to a site which had pictures of hearts and puppies, and was then asked to choose which one was for him.

Fortunately, common sense prevailed and he backed out of this site. If he had clicked on this site, he would have begun the process of infecting his machine with a Trojan, which can connect to remote command and control sites.

Unfortunately, being smart is often NOT enough to protect yourself. Experienced users are on guard year round for these, and other types of scam/spam email.

You know what to do, right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar.

If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

Cyber crooks have moved on from using just emails as a malware delivery vehicle. So, be on the lookout for fraudulent Valentine’s Day greetings in:

Instant Messenger applications.

Twitter

Facebook

Chat forums, etc.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Do We Need to “Fix” the Internet?

Each time that you connect to the Internet you are unfortunately, wandering through a raucous neighborhood which has a reputation for being jam-packed with predators.

These predators are intent on stealing your money and personal information, installing damaging programs on your computer, or misleading you with an online scam.

Cyber-crooks are relentless in their pursuit of your money, and it’s all about the money. In the worst case scenario, your identity and your financial security can be severely compromised.

Recently, Symantec reported that 51% of all the viruses, Trojans and other forms of malware it has ever seen were logged during 2009, and Symantec has been in the security business since before the Internet was launched.

Each day, when I boot up my home machine, Immunet Protect, advises me that it is protecting me against 12 Million threats. Today for example (May 16, 2010, the number is 12,866,263. That number is truly mind blowing.

Note: Later in the day, following a re-boot, I noticed that the protection level had risen to 12,876,095 – 10,000 additional threats had been identified.

Various Internet security companies report having to deal with up to as many as 40,000 new versions of malware daily. Here’s the math; one new malware program every four seconds!

Anti malware developer Comodo, looks at these numbers in a way that we can more easily relate to, in its instructive video – Did you Know? Dangers on the Web.

“Did you know that the amount of new malware discovered daily approximates the number of words a person speaks daily?

Or, the amount of money lost by US Consumers due to malware over the past 2 years would have paid the tuition of over one million US College Students?”

Seen in this way, cybercrime takes on a whole new dimension.

Since additional sophisticated threats are constantly being developed, or are currently being deployed, some observers are of the opinion that the Internet is essentially broken.

If you think this is an exaggeration, check this out and then you decide.

Tainted search engine results: Internet security gurus have known for some time that we cannot rely on Internet search engine output to be untainted, and free of potential harmful exposure to malware.

Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines.

When a potential victim visits one of these sites, the chances of downloading malicious code onto the computer by exploiting existing vulnerabilities, is extremely high.

Infected legitimate websites: According to security solution provider  Kaspersky, the rate of infected legitimate web sites, in 2006, was one in every 20,000. In 2009, one in every 150 legitimate was infected by malware, according to Kaspersky.

Drive-by downloads: Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and craftier recently.

If you’re unfamiliar with the term, drive-by download, they are essentially programs that automatically download and install on your computer without your knowledge.

This action can occur while visiting an infected web site, opening an infected HTML email, or by clicking on a deceptive popup window. Often, more than one program is downloaded; for example, file sharing with tracking spyware is very common. It’s important to remember that this can take place without warning, or your approval.

Rogue software: A rogue security application (scareware), is an application usually found on free download and adult websites, or it can be installed from rogue security software websites, using Trojans or, manipulating Internet browser security holes.

After the installation of rogue security software the program launches fake or false malware detection warnings. Rogue security applications, and there seems to be an epidemic of them on the Internet currently, are developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

Even if the full program fee is paid, rogue software continues to run as a background process incessantly reporting those fake or false malware detection warnings. Over time, this type of software will essentially destroy the victim’s computer operating system, making the machine unusable.

Email scams: Email scams work because the Cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprise emails? I think it’s safe to say, we all love to receive good news emails.

It seems that more and more these days, I get phishing emails in my inboxes all designed to trick me into revealing financial information that can be used to steal my money.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

A personal example of how this works is as follows. According to a recent email (similar in form and content to 20+ I receive each month), my online banking privileges with Bank of America had been blocked due to security concerns. This looked like an official email and the enclosed link made it simple to get this problem solved with just a mouse click. What could be easier than that?

Clicking on the link would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

My financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent scheme who would then have used this information to commit identity and financial theft.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that the IC³ (Internet Crime Complaint Center), has called the situation “alarming”, so you need to be extremely vigilant.

This is by no means an exhaustive list of the dangers we are exposed to on the Internet. There are many more technical reasons why the Internet is becoming progressively more dangerous which are outside the scope of this article.

So what do you think? Is the Internet broken – do we need to fix it, and if so, how can we do that?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

An Anti-malware Test – Common Sense Wins

I’ve just finished an anti-malware test that lasted for just over a year. For this test, I took a test machine, running Windows XP Professional, which I did not shut down, or reboot, for 373 days.

For 373 days, the machine was continuously wired to the Internet and each day, was used for active surfing and general computer use, including email, downloading applications, and so on.

During the test period, the installed anti-malware applications were patched and updated, as was the operating system. Common sense; right?

However, I did not run a single anti-malware scan of any description, since not doing so, was part of the objective of the test.

The overall purpose of the test was to determine if common sense plays a role in protecting a computer user against viruses, adware, spyware, hackers, spam,  phishing, and other Internet frauds.

Let me be clear, this test is in no way scientific, but instead, is a rather simple test on the importance of common sense in using a computer attached to the Internet.

Installed Anti-malware applications:

ZoneAlarm Firewall (free edition)

Spyware Terminator (free edition)

Avira Antivirus (free edition)

ThreatFire (free edition)

SnoopFree Privacy Shield (freeware)

WinPatrol (free edition)

Firefox – not strictly an anti-malware application, but…..

WOT

During this very extensive test run, the machine showed no indication of a malware infection; at least by normal observation (since I didn’t run any scans), – no system slowdown; no unusual disk use; no unusual Internet activity; no security application warnings.

In addition to practicing common sense in terms of not visiting the class of web sites that are known to be dangerous – porn sites; salacious news site; Facebook; MySpace; and so on, I absolutely adhered to the following.

I did not:

Download files and software through file-sharing applications such as BitTorrent, eDonkey, KaZaA and other such programs.

Click links in instant messaging (IM) that had no context, or were composed of only general text.

Download executable software from web sites without ensuring that the site was reputable.

Open email, or email attachments, from unknown people.

Open email attachments without first scanning them for viruses.

Open email attachments that ended in a file extension of .exe, .vbs, or .lnk.

Visit any site not shown as safe by WOT.

After 373 days (the end of the test period), I then ran multiple scans using the onboard security applications. The end result – not a single incidence of infection, malware, or an unwanted application.

It’s clear, at least to me, that by using common sense and updating both applications and the operating system, not visiting the class of web sites known to be unsafe, not clicking haphazardly and opening the types of files that are clearly dangerous, and being aware of the hidden dangers on the Internet, the dividends were measurable.

This was a long boring test, but it proved to me, that using common sense reduces the substantial risks we all face while surfing the Internet, regardless of the antispyware, antivirus, and the other Internet security applications installed.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Valentine’s Day: Love in Your Inbox – Malware on Your Computer

It’s only a few weeks until Valentine’s day, so it’s not to early to get ready for the deluge of  “I love you”, “Wish you were mine”, and of course the proverbial “Happy Valentine’s Day” emails.

Hopefully, you will have a Happy Valentine’s Day, but you won’t if you fall victim to the burst of spam that is aimed at lovers, at this time of year, every year. Much of it designed to drop malware on unsuspecting users machines.

Like clockwork, spammers and cyber crooks ramp up the volume of spam emails aimed at unsuspecting users, just prior to this day, culturally set aside as a “celebration of love”.

In previous years, starting just about this time, we saw abnormally high rates of this type of spam, and since cybercrooks are “opportunity driven”, we can expect much more of this type of cybercriminal activity this year.

Maybe you’re a very cool person who’s significant other is always sending you neat little packages in your email. Things like MP3 files, screensavers, cartoons, YouTube videos and the like. You get them so often, that you just automatically click on the email attachment without even thinking. If you are this type of person, here’s a word of advice – start thinking.

The hook, as it always is in this type of socially engineered email scam, is based on exploiting our emotions. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprises. I think it’s safe to say, we all find it difficult, if not irresistible, to peek at love notes received via email.

The unfortunate truth is, these spam emails often contain links that deliver advertisements, or worse redirect the victim to an unsafe site where malware can be installed on the victim’s computer.

Last year at this time, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. On opening the email, he was taken to a site which had pictures of hearts and puppies, and was then asked to choose which one was for him.

Fortunately, common sense prevailed and he backed out of this site. If he had clicked on this site, he would have begun the process of infecting his machine with a Trojan, which can connect to remote command and control Web sites.

Unfortunately, being smart is often NOT enough to protect yourself. Experienced users are on guard year round for these, and other types of scam/spam email.

You know what to do, right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Ransomware in Your Browser

Ransomware, a vicious form of malware, is nothing new. It has been around in one form or another, since the late 1980’s.

Once installed on a victim’s computer, the Trojan will generally encrypt the victim’s files, after which the cyber-criminal demands a monetary ransom to decrypt the kidnapped files.

The ever creative cyber criminal community has now gone one better, with the release of Trojan.Ransompage. This piece of malware is designed to kidnap the victim’s Internet browser, including Internet Explorer, Firefox and Opera.

Note: The latest update of Firefox is apparently unaffected. Another good reason to update.

According to Symantec, Trojan.Ransompage “uses scare or nuisance tactics – similar to rogue antivirus programs, in an attempt to demand ransom from its victims. Once infected with Trojan.Ransompage, a victim’s browser will display a persistent inline ad on every page that the victim visits”.

Roughly translated from Russian, the ransom demand reads in part:

To remove the informer, send SMS message with text [5-digit number] to number [4-digit number].
Enter the code, received in response, MC

Affected Systems: Windows 95, 98, NT, 2000, XP, Vista, Server 2003

System Impact:

Deletes Files: Deletes Web Browser files.

Modifies Files: Modifies Web Browser files.

Releases Confidential Info: May send confidential information to a remote location.

Degrades Performance: Displayed image may degrade Web Browser performance.

Action you can take if infected:

According to Symantec, “the ransomware is designed to expire in 30 days, so anyone who falls victim to the infection can remove it simply by setting their system clock forward one month”.

Common sense security precautions:

Make regular backups of critical data. If you are infected this may be your only solution

Don’t store critical data on the system partition

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable scripting features in email programs

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

The authorities need to kick some ass here, and determine who owns the contact phone number and close it down. How hard is that?

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Hey Sucker – Read This! Michael Jackson’s Not Dead!

The Web is the success it has become at least partially due to the fact that it can satisfy our curiosity about almost anything we can think of, including the sensational death of Michael Jackson .

We have learned to satisfy this curiosity simply by a mouse click here, and a mouse click there. In a sense, we have developed a conditioned response to “just click”. You are reading this article, in all likelihood, because the title roused your curiosity.

Using the Internet we can snoop, probe, and pry; and question, or confirm, virtually any statement, fact or opinion. We now have access to a quantity, and quality (some might dispute the quality), of information as never before. Sensational news alerts are a particularly delicious enticement.

Naturally of course, sensational news alerts, will continue to be one of the methods cyber-crooks will use to capture Internet users’ attention, particularly in emails, Google search results, and on social networking sites like Twitter and FaceBook.

Michael Jackson email scams

Since Michael Jackson’s death, email inboxes have been flooded with enticing scam emails, along with the usual emails offering pharmaceuticals, expensive watches, and other knockoff products with which we are all familiar.

Email scams work because the cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity – the reason you clicked on this article. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like sensational topics.

Knowing this, email scammers (cyber-crooks), will continue to exploit our natural curiosity, to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots on our computers.

With the worldwide Internet population now estimated to be 1.08 billion users, email scammers (cyber-crooks), have a huge playing field in which to practice their crafty scams.

Cyber-crooks, I’m convinced, must feel as if they are in cyber-crooks paradise given the opportunities such a large number of generally unaware potential victims present for illicit monetary gain.

Security experts (including me), argue that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous. To this point however, this type of dangerous behavior continues despite the warnings.

It continues to be true  that the majority of typical users, that I meet, are unaware of the very real dangers that spam emails and social networking links, hold for their safety, security and identity protection.

On the other hand, I’ve noted that aware Internet users rely on their own experiences and common sense to avoid malware infections. Generally, they are well aware of the hidden dangers on the Internet and have overcome that natural tendency to “just click”.

While on the Internet keep the following tips in mind:

Don’t click links in emails or social networking sites. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

Despite the title of this article Michael Jackson is dead. Yes, I know you knew this.

Elsewhere on this site there are additional articles dealing with current email and financial scams.

See: Bank of America Alert – Update Your Account Scam!

See: Online Banking – Be Safe, Not Sorry!

See: Avoid Trojans/Viruses – Stop with the Crazy Clicks Already!

Best Spam Story Ever! Thanks Pastor Mike

Earlier this year I wrote an article on home networking “Your Electric Wiring Is a Wi-Fi Network Alternative”, which proved to be fairly popular with readers outside of North America.

Just two days ago I wrote an article “Email Spammers Are Smarter than You Think”, in which I stated – “I long ago came to the conclusion that spammers are some of the craftiest people on the planet. I say this not in admiration of what they do, but instead, how they do it”.

Then, this morning, I received the following spam email offering to provide me with a contract worth $2.5 million, provided I am prepared to engage in fraud, graft and government corruption. Now, I could use $2.5 million, but I’ll pass!

The connection between the networking article, and this carefully crafted spam email, points out how spammers can modify their criminal activities to seek out a specific target market, rather than rely only on the more general broadcast, and non-specific targeting method, we are more familiar with.

I’m posting the email in its entirety since I found it very funny, and you may too. I consider it more than ironic, that the apparent sender is a pastor, given that he is advocating fraud, graft, and corruption. Halleluiah , brother!

Dear Sir,

RE: CONTRACT SUPPLY OF NETWORK WIRES WORTH USD2.5 MILLION FOR INTERNET ACCESS TO SECONDARY SCHOOLS

We are much delighted to enter into business relationship with your company of which we request for your full cooperation in order to achieve this goal.

I am a commission agent and consultant and there is a business I want to introduce to your company and if everything goes well, at the end, you will pay me 1% of the total value of the deal as commissions. Briefly, let me explain to you the nature of the concerned business. A government department in Nigeria UNIVERSAL BASIC EDUCATION NIGERIA is looking for a reliable and trustworthy company that can supply the above.

The ministry wishes to award the contract for the supplies to any reputable company in your area with proven capability to supply the above quantity items within a period of 10 months against upfront payment by telegraphic transfer 60% advance by telegraphic transfer immediately the contract is sign while is delivery is by sea to Lagos seaport within 8 months upon you/ contractors receipt of full advance payment. I am writing you this letter because I want to know whether your company has the ability to undertake the contract from for the supply of the above listed items?

Really, it is sometimes difficult to get such a big order from government of any country especially when the term of payment is 60% advance deposit after contract signing and balance 40% before shipment. The good news is that I have friends in the UNIVERSAL BASIC EDUCATION NIGERIA office of the principal buyer and these friends of mine are willing to help me to convince the top official of the ministry in Nigeria to give the contract to your company if you co-operate with me.

The co-operation I need from is to agree to compensate me with 1% of the total value of the contract if we are able to make the transaction. I depend on the success of this transaction and the commission I will receive from this transaction as my own benefits and to uplift my standard of living.

If you are interested to get this contract and if you are capable to handle the contract and willing to give me 1% of the total value of the contract, please contact me by email to enable to give you instructions on how you will apply for the contract.

As soon as you apply for the contract, I will contact my friends in the ministry for them to start underground works with the top officials of the ministry to give the contract to your firm. I am waiting for a speedy answer from you to enable show it my friends in the ministry for them to know whether it will stand a better chance of winning the contract as well on how you should prepare your tender documents.

Kindly treat urgent by confirming your interest, also send us your prices of the above products immediately by internet so that we will advice on how to prepare your tender documents.

Thanks for your kind cooperation also call me upon receipt of this mail.

Yours sincerely

Pastor. Mike Ukwu
NEW AGE TRADING
No. 120 Brass Street
Aba,
Tel: 00234-07056757161

Email Spammers Are Smarter Than You Think

I long ago came to the conclusion that spammers are some of the craftiest people on the planet. I say this not in admiration of what they do, but instead, how they do it.

Mainstream advertisers and business in general, could take away some valuable lessons from the methods used by spammers to achieve maximum market penetration.

A case in point:

I operate multiple email accounts most of which I established 10/12 years ago. Recently, I setup a new email account on Gmail to allow readers of my WordPress site to contact me directly. Almost immediately, I noticed the type of Spam directed at this account was considerably different from the daily Spam going to my long established accounts.

Generally, the Spam aimed at the older email accounts is fairly harmless and not particularly dangerous, since most of it is calculated to attempt to sell me something I don’t want, and that I have absolutely no interest in. After all, how many “male enhancement” products, vitamin pills, or fake watches does a person really need?

While these emails are not harmless given that sending spam violates the Acceptable Use Policy (AUP) of almost all Internet Service Providers, it’s the phishing emails aimed at my relatively new Gmail account that causes me the most frustration. These emails are often designed to trick me into revealing financial information that can then be used to steal my money.

It seems to me that phishing spammers target new or relatively new email accounts, more often than well established accounts. And why not? In a spammer’s view, I suspect, the theory is – an experienced Internet user is less likely to respond to this type of email, while the percentage of relatively new users who respond should be higher due to the new user’s inexperience.

The following graphic illustrates just how pervasive this type of phishing Spam can be in a new email account inbox. Click on the graphic for a larger view.

Looking closely at just one of these fraudulent emails, it’s easy to see problems with the construction of the message. This misconstruction should always be a tipoff something is wrong.

“Dear B a n k (the spacing in this word is off) of America member,

Bank of America ask (missing letter “s”) you kindly to take part in our quick and easy question survey (missing punctuation – no period).

In return we will credit $50.00 to your account. Just for your time!

– In order to help us please spare two minutes of yout (misspelled word – should read “your”) time and take part in our survey.

– To contiunue (misspelled word – should read “continue”) please click on the link below:

http://sitekey.bankofamerica.com.survey.departament.djwjggh5.net/srv/survey.htm?id=5984 (a questionable site based on the URL) – The following graphic illustrates how FireFox handles this type of site – in this case based on my personal security preferences.

Thank you for your time!

B a n k of America Survey Department.

© 2001-2009 B a n k of America. All rights reserved”.

Clicking on the link (assuming my Browser had not warned me), would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

It’s possible, my financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent email who could then have used this information to commit identity and financial theft.

If you are a relatively new Internet user the following are the minimum safety precautions (familiar to regular readers), you should take:

Be kind to your friends, relatives, and associates, particularly new Internet users, and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

Minimum safety precautions you should take.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.

Keep your computer protected. Install a security solution and keep it up-to-date.

Show Me the Money – I’ll Show You Your Files (Ransomeware is Back)!

Have you ever considered that your computer files could be a victim of kidnapping, extortion, or blackmail? Hard to believe; right? Well believe it!

Ransomware is a vicious form of malware, given that that it encrypts the victim’s files, after which the cyber-criminal demands a ransom to decrypt the kidnapped files.

Once again ransomware is on the loose; but a little bit different in this iteration. In previous versions of this type of malware, after installation, the victim was informed that the computer’s files had been encrypted and a decrypting tool had to be purchased from the cyber-criminal in order to decrypt the affected files.

According to PandaLabs, they recently discovered a new form of ransomware, Trj/SMSlock.A, which reportedly locks the victim’s entire computer, leaving the machine essentially unusable. In line with previous versions of this type of malware, a ransom, in this case in the form of a premium SMS, is demanded to allow the victim access to the infected machine.

While the original message on an infected computer is in Russian, the following English translation has been provided by Panda.

To unlock you need to send an SMS with the text

4121800286

to the number

3649

Enter the resulting code:

Any attempt to reinstall the system may lead to loss of important information and computer damage.

Infection methods: Floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Affected systems: Windows 2003/XP/2000/NT/ME/98/95/3.X

We should not relax our guard on this simply because this malware is currently affecting only Russian users. If previous experience is any indication (and it is), we can expect to see more of this type of malware, in a more general release, through the balance of this year.

In the event that you become infected by this piece of nasty work, check out Dr.Web, where you can obtain a generator for deactivation codes.

Reduce the possibilities of infection by this and other malware, by taking the following precautions:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data. If you are infected this may be your only solution

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

Don’t store critical data on the system partition

For additional information on this type of threat see “Gpcode Trojan Ransomeware Kidnapping Again!”, on this site.

IE7 Vulnerability Now Being Exploited

A number of Internet security providers, including McAfee, Trend Micro, and F-Secure are reporting that exploit code for the Internet Explorer 7 vulnerability, patched by Microsoft last week, is now circulating in the wild.

If you have not downloaded and applied this patch you should do so immediately. If you have Automatic Updates enabled on your computer, then this patch has already been applied. Careful users will verify that this patch, has in fact, been applied.

Security vendors have noted that emails which take advantage of this vulnerability, are now circulating on the net that have an attached MS Word document, which if opened, will allow a cybercriminal remote control over the now infected machine.

Consequences:

• Loss of personal data.
• Malicious application installation.
• Possible botnet connection.

Given the abysmal state of Internet security, there is no doubt that unpatched systems will be attacked! Take the time to ensure your system has been updated correctly.

Minimum email security precautions:

• Don’t open emails that come from untrusted sources.
• Don’t run files that you receive via email without making sure of their origin.
• Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.