Tag Archives: list

Another Worm Worms Its Way Into Instant Messaging Applications

imageFrom the more things change the more they remain the same files:

AV-killing worm spreads via Facebook chat and IM clients – A rather industrious piece of malware that – among other things – paves the way for other malware by disabling AV solutions and software update modules has been spotted spreading via several Instant Messaging applications (ICQ, Skype, GTalk, Pidgin, MSN, YIM) and Facebook.

The victims receive a message from an unknown user, offering a link to a funny or interesting video. If they follow it, the malware in question downloads automatically from the linked site and is executed.

Nothing new here – as any one of the 10 or more articles I’ve  written over the years on using Instant Messenger applications safely will attest to. The following post (originally published September 4, 2010) will serve as a quick refresher on how to navigate the Internet safely while using an Instant Messenger client.

Tips For Using Instant Messenger Applications Safely

In a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users, one resultant statistic made me sit up a little straighter. Just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), I was more than a little surprised at this unrealistic response.

The reality is, from a security perspective Instant Messaging applications can present considerable security risks. Security breakdowns can occur when these programs are used to share files, folders, or in some cases, entire drives. Instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware and scams.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, and a basket full of other IM applications, are extremely popular with users who want real-time contact with each other and (no surprise here), this makes them the perfect vehicle for cyber criminals.

Hackers use two methods of delivering malicious code through IM: delivery of virus, Trojan, or spy ware within an infected file, and the use of “socially engineered” text with a web address that entices the recipient to click on a URL which connects to a website that downloads malicious code. Viruses, worms, and Trojans then typically propagate, by sending themselves rapidly through the infected user’s buddy list.

image

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

3 Comments

Filed under Don't Get Hacked, Instant Messenger Safety Tips, Interconnectivity, Malware Alert

Simple Network Scanning With Free Wireless Network Watcher

imageIn this age of connected devices, and the proliferation of Wi-Fi, the number of “open networks” has jumped considerably.

While it’s true that wireless routers are supplied with encryption software –  working through the manual is often a frustrating experience for less technically inclined users. As a result, it’s not unusual for users to continue to use (widely known) default network names and passwords.

In a study commissioned by  the Wi-Fi Alliance in August of last year, it was discovered that only 59 percent of users have implemented wireless passwords, or encryption methods, that meet the basic criteria for strength and privacy.

In addition, the survey revealed that while “eighty-five percent of survey respondents understood that their Wi-Fi devices should not be set for automatic sharing, …. only 62 percent actually had auto-sharing turned off.” It’s easy to conclude then, that piggybacking on an unprotected wireless access point is perhaps more common than many might imagine.

So, how would you know if your wireless signal is piggyback capable, and is perhaps being used as the neighborhood access point? You could of course, install any one of the comprehensive open source network monitoring packages widely available for download. Provided, that is, you’re prepared to dig into a host of complex instructions and procedures.

A much simpler, but very basic solution, is offered by NirSoft’s Wireless Network Watcher. This free utility “scans your wireless network and displays the list of all computers and devices that are currently connected to your network.”

As you can see in the following screen capture (click to expand)  – the following connected device information is displayed: IP address, MAC address, the network card manufacturer, and optionally, the computer name.

Wireless Network Watcher

Better yet, you can set the utility to continuously monitor so that it will notify you of any new devices connecting to your network (with an audible signal if you like) – as illustrated in the following screen shot.

Wireless Network Watcher 2

System requirements: Windows 2000, XP, 2003, Vista, Server 2008, Win 7.

Download at: NirSoft (you’ll need to skip down the page to locate the download link).

Bonus feature – you can also use Wireless Network Watcher to scan a small wired network.

Wireless Network Watcher may not be jam packed with features – but, it does what it’s designed to do, and it does it very well. Additionally, the advanced options menu will allow you to scan selected IP address ranges, choose which adapter to scan from, and save the results to html.

More information about Wi-Fi security, including innovations that make setting up security easier, is available at www.wi-fi.org/security. Users can test their own security knowledge with a quick online quiz, watch animations about home Wi-Fi security, and download white papers with detailed information.

10 Comments

Filed under Connected Devices, downloads, Freeware, Network Tools, Software, Utilities

Cyber Crooks Taking Another Crack At Yahoo Instant Messenger

imageI’ve been known to  stare at my monitor, humming a few bars of  – “IM malware go away, and come back another day”, from time to time. Doesn’t seem to work though.  🙂 IM malware never goes away – it just fades into the malware background chatter.

Despite the fact that Instant Messenger malware (which has been with us since 2005, or so), doesn’t create much of a fuss, and seems to prefer to stay just below the horizon, it’s as dangerous as it’s ever been.

In business, when something works, why bother to reinvent the wheel. A little nip here; a little tuck there and hey – you’re still in business! No surprise then, when we see that cybercriminals subscribe to this business philosophy.

–   Yahoo Instant Messenger Under Attack Again or Still? (May 4, 2010)

It’s easy to forget about the risks associated with Instant Messaging precisely because of this lack of profile. Until, that is, IM malware comes knocking – hard – like now!

BitDefender’s, Bogdan Botezatu, reports in a recent Blog post, that Yahoo Messenger is currently under attack – and, taking a hard knocking.

From the Blog:

New Yahoo Messenger 0-Day Exploit Hijacks User’s Status Update…and spreads malware, of course!

A newly discovered exploit in version 11.x of the Messenger client (including the freshly-released 11.5.0.152-us) allows a remote attacker to arbitrarily change the status message of virtually any Yahoo Messenger user that runs the vulnerable version.

Since you’re an astute and educated user, none of this comes as a surprise, I’m sure. But, what about a typical user – would he/she be surprised, do you suppose?

Let’s take a look –

In a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users – just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Unfortunately, the only surprise here is – this is not a surprise.

The harsh reality is, from a security perspective, Instant Messaging applications can present considerable security risks. So naturally, cyber-criminals use Instant Messaging as a primary channel to distribute malware and scams.

We’ve talked about IM security a number of times here, but with this ongoing attack, a quick refresher might be in order.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Instant Messanger changed Above all, if you are a parent, take exceptional care with the access that your children have to these programs.

The risk here goes beyond malware, as sadly, they could come into contact with undesirable individuals. The risk is low of course, but……..

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software, Parental Control Bar,  to help you do just that.

BTW, you can hum “IM malware go away, and come back another day”, to the new version of that old familiar tune – Rain Rain Go Away.    Smile

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on Cyber Crooks Taking Another Crack At Yahoo Instant Messenger

Filed under Cyber Crime, Instant Messenger Safety Tips, Interconnectivity, Malware Advisories, Online Safety, Yahoo

Updated: An IT Professional’s Must Have Firefox and Chrome Add-ons

imagePersonally, when I need advice I go straight to the experts . And, given the overwhelming reach and the complexity of today’s IT environment, I find myself, more and more, reaching out for additional information.

I have a terrific advantage though, since regular readers here tend to be in the IT game or, are extreme high level computer users possessing a wealth of techno recommendations. So, quite often, I don’t have to go very far to fill in the blanks in my own knowledge base. How cool is that?

Regular reader Georg L., an IT Professional from Vienna, Austria, who’s experience ranges from the days of DOS to the present, is always ready to “fill in the blanks” – as he did last year, when he generously put together a list of Browser extensions (for both Firefox and Chrome), which he has personally installed to boost Browser security, and in some cases, to increase Browser functionality.

Recently, I reposted this comprehensive list of add-ons which led to the following note from Georg – in response to the ever-evolving threat scenario, some changes have occurred in the meantime, and readers should update accordingly.

My current list of add-ons to Firefox 4.01:

Adblock Plus 1.3.8

Better Privacy 1.5.1

BitDefender QuickScan 0.9.9.3

Disconnect – A browser extension that stops major third parties and search engines from tracking the webpages you go to and searches you do

Download Statusbar 0.9.8   –   a very nice one to make downloads easier

Dr. Web anti-virus link checker 1.0.23   –  does what it says

Extended Copy Menu (fix version) 1.6.1c   –   another little helper

Fireclam 0.6.6   –   scans downloads for viruses

Flagfox 4.1.2

Flashblock 1.5.14.2

FoxyProxy Standard 2.22.6

Ghostery 2.5.3

HTTPS-Everywhere 0.9.6

Key Scrambler 2.8.0.1   –   a must for online banking

NextPlease 0.9.2   –   fast navigation over next and previous pages

NoScript 2.1.0.5

Optimize Google 0.78.2   –   removes ads and spam from Google search results

Padlock 0.1.2   –   padlock URL bar icon

PDF Download 3.0.0.2

Perspectives 4.1

Search Engine Security 1.2.0

ShowIP 0.8.19   –   shows the IP address of the current page in the status bar

SkipScreen 0.5.21amo   –   not really helpful, but still there

SmoothWheel (AMO) 0.45.6.20100202.1   –   scrolls the document smoothly when scrolling the mouse wheel

TACO with Abine 3.6.5   –   an absolute must these days

My current list of extensions to Chrome 13.0.772.0 in their current iterations:

AdBlock 2.4.6

BitDefender QuickScan 0.9.9.95

Disconnect – A browser extension that stops major third parties and search engines from tracking the webpages you go to and searches you do

Docs PDF/Power Point Viewer (by Google) – 3.5

FastestChrome – Browse Faster – 4.06

FlashBlock 0.9.31

Ghostery 2.3.0

Google Analytics Opt-out 0.9.0

Google Dictionary 2.0.5

Keep My Opt-Outs 1.0.10

Mini Google Maps 1.0.2

Secbrowsing 1.7

SmoothScroll  1.0.1

Ultimate Chrome Flag 0.3.7

Ultimate Google Docs Viewer 0.8.4.7

Wikipedia Companion 1.7.0

Georg is an accomplished professional and I can safely say, this list of Browser add-ons will resonate with readers who recognize the need to elevate Browser security.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

11 Comments

Filed under Chrome Add-ons, Don't Get Hacked, downloads, Firefox Add-ons, Freeware, Internet Safety Tools, Privacy, Productivity Software, Software, Spyware - Adware Protection

Firefox and Chrome Add-ons For The Paranoid Internet Surfer

image Two of the most popular readers questions I get here are: Which Browser add-ons do I really need? Which add-ons do I (meaning me), use? Not a surprising question really; with the huge number of Browser extensions available, it can be difficult for users to determine which ones to consider adding – the choices seem unlimited.

I could sit down and write an article on those Browser add-ons that I wouldn’t be without. But, let’s try something a little different today.

Regular reader Georg L., an IT Professional from Vienna, Austria, who’s experience ranges from the days of DOS to the present, has laid out a list of Browser extensions (for Firefox and Chrome), which he has installed to boost Browser security, and in some cases, to increase Browser functionality.

This list of Browser add-ons will resonate with readers who recognize the need to elevate Browser security. Not surprisingly, both Georg and I have installed essentially the same add-ons. Particularly those add-ons designed to increase Browser security.

Firefox:

Adblock Plus 1.2.2

Better Privacy

BitDefender QuickScan

Flagfox

Flashblock

FoxyProxy Standard

Ghostery

GoogleSharing

HTTPS-Everywhere

NoScript

PDF Download

Perspectives

Qualys BrowserCheck

Search Engine Security

SkipScreen

Chrome:

AdBlock

AntiAds

BitDefender QuickScan

ChromeFlags

FastestChrome – Browse Faster

FlashBlock

Ghostery

Google Analytics Opt-out

Google Dictionary

Mini Google Maps

Secbrowsing

SmoothScroll 

Ultimate Google Docs Viewer

Wikipedia Companion

Just to be clear – it’s not paranoia if they really are after you? I can assure you, if you’re connected to the Internet, they (cyber criminals) really are after you!

This article is an edited version of the original article which was published August 30, 2010.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Anti-Malware Tools, Chrome Add-ons, Cyber Criminals, Don't Get Hacked, downloads, Firefox, Firefox Add-ons, Freeware, Google Chrome, Internet Paranoia, Internet Safety Tools, Malware Protection, Safe Surfing, Software

Tips For Using Instant Messenger Applications Safely

imageIn a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users, one resultant statistic made me sit up a little straighter. Just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), I was more than a little surprised at this unrealistic response.

We’ve talked about IM security a number of times here, but this recent statistics indicates, a quick refresher might be in order.

The reality is, from a security perspective Instant Messaging applications can present considerable security risks. Security breakdowns can occur when these programs are used to share files, folders, or in some cases, entire drives. Instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware and scams.

Just a few days ago, for example, a Trend Micro analyst discovered an IM variant of the “Solve the IQ test”. Had he followed the instructions, he could have let himself in for a series of monthly charges of $9.99–$19.99 a month, automatically added to his cell phone bill.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, and a basket full of other IM applications, are extremely popular with users who want real-time contact with each other and (no surprise here), this makes them the perfect vehicle for cyber criminals.

Hackers use two methods of delivering malicious code through IM: delivery of virus, Trojan, or spy ware within an infected file, and the use of “socially engineered” text with a web address that entices the recipient to click on a URL which connects to a website that downloads malicious code. Viruses, worms, and Trojans then typically propagate, by sending themselves rapidly through the infected user’s buddy list.

image

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Instant Messanger changed Above all, if you are a parent, take exceptional care with the access that your children have to these programs.

The risk here goes beyond malware, as sadly, they could come into contact with undesirable individuals. The risk is low of course, but……..

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software, Parental Control Bar,  to help you do just that.

Readers with younger children, please read, KidZui – Free, Safe Internet Browsing for Kids, on this site. This guest writer article, by Silki Garg of the Internet Security Blog, provides a comprehensive review of KidZui.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Child Safety Internet, cybercrime, Don't Get Scammed, Don't Get Hacked, Freeware, Instant Messenger Safety Tips, Interconnectivity, Internet Safety for Children, Internet Safety for Teenagers, Malware Advisories, Online Safety, Software, Utilities, Windows Tips and Tools, worms

An IT Professional’s Must Have Firefox and Chrome Add-ons

image The high  number of Browser add-ons we’ve covered here in the past few weeks ( from add-ons that add functionality to the Browser, to those that promise to provide additional security), has led to a number of readers asking essentially the same question. Which add-ons do I really need?

Not a surprising question really; with the huge number of Browser extensions available, it can be difficult for users to determine which ones to consider adding – the choices seem unlimited.

I could sit down and write an article on those Browser add-ons that I wouldn’t be without. But, let’s try something a little different this morning.

Regular reader Georg L., an IT Professional from Vienna, Austria, who’s experience ranges from the days of DOS to the present, has laid out a list of Browser extensions (for Firefox and Chrome), which he has installed to boost Browser security, and in some cases, to increase Browser functionality.

Firefox 3.6.8:

Adblock Plus 1.2.2

Better Privacy 1.48.3

BitDefender QuickScan 0.9.9.30

Flagfox 4.0.8

Flashblock 1.5.13

FoxyProxy Standard 2.21.4

Ghostery 2.3

GoogleSharing 0.19

HTTPS-Everywhere 0.2.2.

KeyScrambler 2.6.0.0.

NoScript 2.0.2.3

PDF Download 3.0.0.1

Perspectives 3.0.3

Qualys BrowserCheck 1.0.115.1

Search Engine Security  1.0.6

SkipScreen  0.5.7amo

Chrome 6.0.472.41

AdBlock 2.0.24

AntiAds 0.4.0

BitDefender QuickScan 0.9.9.34

ChromeFlags 1.4

FastestChrome – Browse Faster 3.1.2

FlashBlock 1.2.11.12

Ghostery 2.0.0

Google Analytics Opt-out 0.9.0

Google Dictionary 1.0.2

Mini Google Maps 1.0.2

Secbrowsing 1.7

SmoothScroll  0.6.1

Ultimate Google Docs Viewer 0.8.4.7

Wikipedia Companion 1.6.5

Not surprisingly, both Georg and I have installed essentially the same add-ons. Particularly those add-ons designed to increase Browser security.

Georg is an accomplished professional who contributes here regularly, most often at a private level, and I can safely say, this list of Browser add-ons will resonate with readers who recognize the need to elevate Browser security.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

20 Comments

Filed under Browser add-ons, Browser Plug-ins, Chrome, Don't Get Scammed, Don't Get Hacked, downloads, Firefox Add-ons, Freeware, Google Chrome, Internet Safety Tools, Safe Surfing, Software, Windows Tips and Tools