Tag Archives: Infected

Android Malware – Take the Security of Your Device Seriously

Guest writer Megan Berry has some timely advice on how you can avoid avoid malware on Android smartphones and tablets.

imageRule #1 of Android security: don’t download apps from websites other than Google Play for fear that you unwittingly infect your smartphone or tablet with malware. Well, not surprisingly, cybercriminals found a way to invalidate rule #1.

A security researcher at Symantec recently discovered two apps infected with malware in the app store that were quickly removed. But not before tens of thousands of users downloaded them.

This scenario is particularly troubling for companies with BYOD programs that permit Android devices to connect to their network. How do companies protect corporate assets without taking away employees’ ability to use their favorite mobile devices on the job? Especially since it seems that cybercriminals are always one step ahead of security experts.

Whether you use an Android device at home, on the job, or both, the growing threat of Android malware means it is more important than ever to take the security of your device seriously.

How to avoid malware on Android smartphones and tablets

Nothing you can do will guarantee you will never be infected with malware, but there are things you can do to minimize the risk.

· Before downloading an app, do a quick web search to check up on the developer and the app itself. Look for red flags in the search results, such as negative user reviews or complaints, that indicate you need to dig deeper before tapping that “Accept & download” button. Hint: You can visit the developer’s webpage from the app listing.

· Some malicious apps try to hide behind a legitimate brand name. Make sure the name of the developer jives with the title of the app.

· Read the app’s user reviews. Red flags will show up here, too.

· Examine the permissions of the app: are they in line with the app’s intended use? For example, does a news app really need to access your contacts or send text messages?

· IT managers should insist that employees install an Android anti-virus app. Or, better yet, insist that users turn their devices over to IT before they’re allowed to connect to the network for the first time. This way IT can install anti-virus software it has evaluated, configure it properly and enforce its use.

Android anti-virus apps: worth it or not?

The effectiveness of Android anti-virus apps is debatable, though. In a recent study, only a handful of Android anti-virus apps were found to detect most types of threats. The March 2012 study by AV-Test.org rated 23 out of 41 apps effective, or 56%. Of those 23, only 10 detected greater than 90% of known malware types.

Still, the authors of the study say any of the anti-virus apps that were found to detect greater than 65% of known malware types provide adequate protection.

Unpatched system software: Your device’s Achilles’ heel

Even though you’re careful about what apps you install and you run an anti-virus program, your device may still be vulnerable because of unpatched system software.

According to security vendor Duo Security, the speed at which wireless carriers supply updates to their users varies. Therefore, it’s possible for devices to go unprotected for long periods of time. The fragmentation of the Android platform complicates the task of rolling out updates, not to mention the fact that companies have little incentive to fix existing flaws when new devices with the latest system software are already on the shelves.

This is of particular concern for companies that allow their employees to connect their personal Android devices to the company network. It should also be of concern to employees, who may be liable if their device infects their employer’s network – many corporate bring-your-own-device (BYOD) policies place the responsibility for keeping devices malware-free squarely on the shoulders of the user.

Duo Security’s new app, X-ray, scans Android devices to discover unpatched flaws in system software. If the app finds a problem, the user can go to Settings>About Phone>System Updates to download the latest version. If an official update isn’t available via System Updates, Duo Security encourages users to contact their carrier for more information, or at the very least, exercise extreme caution when downloading apps.

Individual users can download and install the app from the X-Ray for Android website. Organizations can get an enterprise-level version by emailing the company.

Lesson learned

The lesson here is that unfortunately, it’s no longer safe to assume that just because an app is available from a reputable source, it’s malware-free. And, educating yourself and your users, combined with tried-and-true anti-virus software, is still the best protection against the quickly evolving threat that Android malware presents.

About the Author: Senior writer for IT Manager Daily, Megan covers the latest technology news and trends impacting business.

Advertisements

8 Comments

Filed under Android, Anti-Malware Tools, Guest Writers, Malware Protection

Free Sucuri SiteCheck – Find Out If Your Site Has Been Hacked

imageI recently posted a piece – Webmasters Struggle With Hacked Sites – A Commtouch, StopBadware Report – which read in part: “Recent statistics indicate (surprise, surprise) – cybercriminals are increasing their targeting of websites for identity theft, virus distribution, and spamming.

And, according to a newly released survey (Compromised Websites: An Owner’s Perspective), from Commtouch and StopBadware – in which webmasters were queried on their fight against hacking – almost half of the survey participants (who had been hacked), had no idea until they received a warning from their own computer’s protection technology.”

Since I use WordPress as my blogging platform, I rely on the security apparatus WordPress has in place to protect me from the various cyber criminal attack schemes currently in play. Still, I would be more than a little naive if I didn’t  consider the possibility that WordPress’ site security is vulnerable to hacking.

If a security developer’s web site can be hacked – and, many have been in the last year – including Panda Security in just the past few days*, it lends credence to the suggestion that any site can be hacked.

*Late Tuesday night, at least 35 public facing websites belonging to Panda Security were hacked and defaced by the LulzSec and Anonymous hacking groups. The defacement also posted multiple usernames and passwords associated with Panda Security employees.

Frankly, it absolutely infuriates me when I consider that the 4 years plus that I’ve put into writing and maintaining this Blog could, in little more than a moment, be destroyed by a single act of a cyber criminal. In my weaker moments, I have visions of lining these creeps up against the wall and being done with them.

But, the reality is much different, of course. So, it’s incumbent upon me to ensure that visitors to this site are protected (imperfect as that might be), from the nasties which cybercriminals can load onto a site.

There’s no foolproof solution but, one measure which I employ frequently is taking advantage of a free service offered by Sucuri Security – which, quickly scans for the most common threats as illustrated in the following screen capture.

image

Additionally, all links within the site are scanned. The following screen shot shows a small representation of the hundreds of links which were scanned.

image

If you’re a blogger or a site owner, I suggest that you take advantage of this free service so that you can check if your site has been compromised. It’s one more tool in the fight against the increasing threats posed by cyber criminal gangs.

Scan your website free.

16 Comments

Filed under Anti-Malware Tools, blogging, Cyber Crime, Don't Get Hacked, Online Malware Scanners

Search Engine Malware – The Same Old, Same Old

In the News within the past 3 days

Web security firm Armorize – over 6 million e-commerce web pages have been compromised in order to serve malware to users.

Ed Bott Report – criminal gangs that specialize in malware love search engines, because they represent an ideal vector for getting Windows users to click on links that lead to potentially dangerous Trojans. The latest attack targets ads, and the social engineering is frighteningly good.

Not in the News

The specifics may be news but, this particular malware attack vector is so old I’m surprised that more Internet users aren’t aware of it. No, I take that back – based on a conversation I had just last night.

Me: “So, what antimalware applications are you currently running?”

She: “Well, I can cut and paste and I can get on the Internet, but I don’t worry about all that other stuff. I don’t understand it anyway.”

I’m well past the point where I allow myself to show surprise when I hear this type of response – it’s just so typical. Given that level of knowledge, it’s hardly surprising then, that consumer confidence in the reliability of search engine results, including relevant ads, is taken for granted.

I’ve yet to meet a typical user who would consider questioning a search engine’s output as to its relevant safety.  It’s been my experience, that typical Internet users blindly assume all search engine results are malware free.

This, despite the reality that the manipulation of search engine results, exploiting legitimate pages, and the seeding of malicious websites among the top results returned by search engines in order to infect users with malware, is a continuing threat to system security.

Here’s how the cyber crooks do it:

When a potential victim visits one of these infected sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

Let’s take, as an example, a typical user running a search for “great vacation spots” on one of the popular search engines.

Unknown to the user, the search engine returns a malicious or compromised web page as one of the most popular sites. Users with less than complete Internet security who visit this page will have an extremely high chance of becoming infected.

There are a number of ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate. In the example mentioned earlier, the web page would appear to be a typical page offering great vacation spots.

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The following comment (posted here March 15, 2011), illustrates perfectly the issues discussed in this article.

Funny you write about this today. I was reading about the spider issue Mazda was having and wanted to know what the spider looked like so I Googled it, went to images and there it was. There was also a US map that had areas highlighted, assuming where the spiders exist, and before I clicked on the map I made sure there was the green “O” for WOT for security reasons.

I clicked on the map and BAM I was redirected instantly and hit w/ the “You have a virus” scan malware. I turned off my modem then shut my computer off. I restarted it and scanned my computer w/ MS Security Essentials and Super Anti Spyware. MS Essentials found Exploit:Java/CVE-2010-0094.AF, and Trojan:Java/Mesdeh and removed them. I use WOT all the time, but now I’m going to be super cautious.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Application Vulnerabilities, Browser add-ons, Cyber Crime, Cyber Criminals, Don't Get Scammed, Don't Get Hacked, downloads, Interconnectivity, Internet Safety, Internet Security Alerts, Malware Protection, Online Safety, Search Engines, Software, trojans, Windows Tips and Tools

Free Microsoft Standalone System Sweeper Beta AV – Boot From A CD Or USB Stick

Much of today’s malware can be extremely difficult to identify and remove – despite a user relying on frontline antimalware applications to do the job. So, from my perspective, I don’t see any advantage in running full scans * on a live system – instead, once a week I run a Linux-based antimalware application (a live CD), which scans from the outside looking in. Malware generally can’t hide if it’s not running.

* I do however, run a Quick Scan with both Microsoft Security Essentials, and Malwarebytes’ Anti-Malware, on a daily basis. Combined running time for both applications is less than five minutes – so, it’s worth the minimum effort involved.

I can now add one more CD/Flash Drive based, antimalware application to my arsenal of  boot CDs – the just released Microsoft Standalone System Sweeper Beta. System Sweeper Beta operates much like Panda SafeCD, Kaspersky Rescue Disk 10, Avira AntiVir Rescue System.

Microsoft says:

Microsoft Standalone System Sweeper Beta is a recovery tool that can help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware.

In addition, Microsoft Standalone System Sweeper Beta can be used if you cannot install or start an antivirus solution on your PC, or if the installed solution can’t detect or remove malware on your PC. It is particularly useful for detecting and disinfecting malware infections which give regular AV products running within Windows a hard time.

To get started with System Sweeper Beta – first, download and run the installer which will open up the following series of windows.

Click on any graphic to expand to original size.

image

Choose the media or the device you want to install the application to.

image

Then sit back and relax – more or less.

image

For additional help and information, checkout – Microsoft Standalone System Sweeper Beta Help & How-To.

System requirements (from Microsoft):

The following is a list of minimum requirements for both the computer infected with a virus or malware and the computer on which you are creating the bootable media.

  • Operating system:Windows XP Service Pack 3; Windows Vista (RTM, Service Pack 1, or Service Pack 2, or higher); Windows 7 (RTM, Service Pack 1, or higher).
  • Required processor:
    Windows XP: 500 MHz or higher1.0 GHz or higher
    Windows Vista and Windows 7: 1.0 GHz or higher
  • Required memory:
    Windows XP: 768 MB RAM or higher
    Windows Vista and Windows 7: 1 GB RAM or higher
  • Required video card: 800 × 600 or higher
  • Available hard disk space: 500 MB

The following requirements apply only to the computer infected by a virus or malware:

  • The computer infected with a virus or malware must have the same Windows operating system architecture as Microsoft Standalone System Sweeper Beta, either 32-bit or 64-bit.
  • In addition, BitLocker must be disabled to use Microsoft Standalone System Sweeper Beta.

The following requirements apply only to the computer on which you are creating the bootable media:

  • Internet connection: Required for installation and download of the latest virus and spyware definitions for Standalone System Sweeper.
  • Internet Browser: Windows Internet Explorer 6.0 or higher or Mozilla Firefox 2.0 or higher.

Download: at Microsoft

In the constantly evolving world of cybercrime, all users are well advised to scan their computers regularly with an antimalware application that does not rely on the native operating system.

Please keep in mind that Microsoft Standalone System Sweeper Beta, is not an intrusion prevention system – it is not a replacement for your installed antimalware application/s.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Antivirus Applications, CD/DVD Recovery Tools, downloads, Free Anti-malware Software, Freeware, Malware Removal, Malwarebytes’ Anti-Malware, Microsoft, Software, USB, Virus Repair Tools, Windows Tips and Tools

Rolling The Dice With Computer Security

image Paul E. Lubic, Jr., a long time IT professional, and a frequent guest writer here, has just posted an article on the odds of a typical computer users becoming infected by malware.

Malware Infection: Your Odds, is a great read, and the statistics Paul has included hold some real surprises.

Here’s a preview –

I did a little research and found that the chance of being infected by malware is astoundingly, eye-popping, breathtakingly high. According to BBC Online, a Microsoft security report in April of 2009, found that 8.6 computers in every 1,000 worldwide will be infected by malware.

If you think that 8.6 in 1,000 is pretty good odds and that you may have some wiggle room for being infected, think again…this is bad. Let’s compare these odds with playing the lottery……”

To read the rest of the article, visit Paul’s Home Computing Blog.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under blogging, cybercrime, Guest Writers, Personal Perspective, Windows Tips and Tools

For Added Internet Protection – Virtualize Your System with Free Wondershare Time Freeze

image At the end of 2009, many of the premier security application developers projected, that 2010 would see an increase in the the use of virtualization applications.  Specifically, controlling malware intrusion through the use of a ‘”virtual” environment, rather than operating in a “real” environment.

This prediction made sense, and so this year, we’ve focused somewhat more on operating system virtualization. We’ve looked at Shadow Defender, Returnil Virtual System, Sandboxie, GeSWall, and a number of other similar applications.

I’ve just recently completed testing Wondershare Time Freeze, a relatively new and easy to use, free (at the moment),  intrusion prevention system, that is non intrusive, and after initial setup, requires a minimum of user intervention – perfect for the average user.

Installation was hassle free – it was just a matter of  following the on-screen instructions.

The interface is the usual tab and check box layout, and is self explanatory with no learning curve involved.

Timefreeze 2

Once system protection is enabled, a popup reminder will warn you that system changes will not be saved to disk. All downloaded files, all created documents, and all system changes will disappear on reboot. However, you do have another option – see the following.

Timefreeze 1

If you do want to save system changes then, before rebooting, open the application and turn off system protection. You will be warned that your system may “stop responding” for several minutes. In fact, I noticed a lag of less than 20 seconds.

Timefreeze 3

Fast facts:

System protection

Keep the actual system in a constant state, prevent the computer from getting slower and slower with time.

Put the actual system under protection to prevent malicious threats.

Traces of surfing the Internet and computer operation will disappear after reboot. (You have the flexibility to save changes to the actual system.)

Test software and game installations safely on a virtual system.

Folder protection

Mode 1: Disable access to the protected folders.

Mode 2: Prohibit changing files in the protected folders.

Protect your files from being infected by viruses or Trojans.

Protect your privacy more effectively.

Access protection

Manage the program with a custom password setting.

Keep inexperienced users from making changes to your settings and configurations.

System requirements: Windows 2000, XP, Vista, Win 7 (32 bit only).

Download at: Wondershare

This test was fairly brief (a couple of days), but I did not encounter any problems, and ran Time Freeze successfully alongside GeSWall with no difficulty. Wondershare Time Freeze worked just as advertized – not always the case with this class of software.

Note: This application requires registration within 30 days in order to keep using it. Getting the registration code though, is a snap. Just click “Get Keycode”, and you’ll receive the registration code by email.

In previous reviews of virtualization applications, a number of readers made mention of Comodo Time Machine, a worthwhile free system restore utility. Popular guest author, Rick Robinette, has a very informative article over on his site, What’s On My PCComodo Time Machine – A Powerful System Restore Utility. I encourage you to read this article.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

29 Comments

Filed under Anti-Malware Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Internet Safety Tools, Software, Spyware - Adware Protection, System Security, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

Storm Botnet Bounces Back

“You can’t keep a good man down”, is an old expression that’s familiar to many of us. It seems we could coin a new expression along the same lines – “You can’t keep a bad botnet down”.

Just when you think you’ve knocked them down for good, cyber criminal enterprises seem to magically reappear, and that old familiar spamming botnet, Storm, has raised its ugly head once more.

In a previous article here, Symantec Rubs the 2010 Malware Crystal Ball, in November, 2009, Symantec projected that this reemergence was likely to occur, so Kudos to Symantec – you called this one.

image

(Graphic courtesy of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services).

According to Symantec’s MessageLabs Intelligence, they “first saw this new variant of the botnet start spamming on 30 April…. containing links to web pages hosting the well known Canadian Pharmacy site”.

image

(Graphic courtesy of Mathew Nisbet, Malware Data Analyst, Symantec Hosted Services).

Typically, the email are short and sweet –

Get all the medications you want online!
Disappointed with your bad performance in bed?
great offers to spice it up in bed..
need some help in the bed?
its time to spice up the bed
Safest and approved method of male enhancing have a easier time making her…
Have long strong night in BED!
Get your favorite rxmedications here!
Win from benefits of hidden secret of pornstars!

For more information on this reemerging threat checkout The Return of Storm, on Symantec’s site.

About MessageLabs Intelligence:

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under bots, cybercrime, Don't Get Scammed, Don't Get Hacked, Email, Malware Advisories, MessageLabs, Online Safety, Symantec, Tech Net News, Windows Tips and Tools