Tag Archives: malicious

Rogue Security Software Continues It’s Rampage – Some Solutions

imageIf the day should ever come when anti-malware applications achieve a 100% effective rate in the detection of malware, or software developers develop operating systems and applications that are fully malware resistant, I’ll have to find something else to Blog about!

It doesn’t look like that day is likely to happen any time soon, however. In the meantime, Internet users will continue to download and test/tryout the latest, greatest, and newest anti-malware tools. Knowing this, Cyber crooks are blitzing the Internet with “rogue security software”, often referred to as “scareware”.

Scareware is a particularly vicious form of malware, designed specifically to convince the victim to pay for the “full” version of an application in order to remove what are, in fact, false positives that these program are designed to display on the infected computer in various ways; fake scan results, pop-ups, and system tray notifications.

Dialogue boxes, like the ones below, can be a powerful motivator. It’s no wonder then, that unaware computer users will often respond by clicking on the link which will take them to the product download site.

image

image

Using techniques such as the ones described earlier, cyber criminals are infecting more than 35 million computers with scareware/rogueware each month (roughly 3.50 percent of all computers), and earning more than $34 million monthly, through scareware attacks.

Generally, reputable anti-spyware software is capable of detecting rogue software if it attempts to install. But this is not always the case. Anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

A good partial solution to this problem is  – ensure you have installed, and are running, an anti-malware application such as ThreatFire Version 4.7.0, free from PC Tools. This type of program operates using heuristics, or behavioral analysis, to identify newer threats.

Additional steps you can take to reduce the chances of infecting your system with rogue software.

Consider the ramifications carefully before responding to a Windows Security Alert pop-up message. This is a favorite vehicle used by rogue security application to begin the process of infecting unwary users’ computers.

Be cautious in downloading freeware, or shareware programs. Spyware, including scareware, is occasionally concealed in these programs. Download freeware applications only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications, since exposure to rogue security applications is widespread.

Install an Internet Browser add-on such as WOT (Web of Trust), an Internet Explorer/Firefox add-on, that offers substantial protection against dangerous websites.

Always remember of course, that you are your own greatest line of defense against malware. STOP. THINK. CLICK.

If you are infected by scareware/rogueware, the following free resources can provide tools, and advice, you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under Windows Tips and Tools

WOT (Web of Trust) – Is It The Most Important Browser Security Add-on You Need To Install?

image It would be difficult for regular readers of this site not to be aware, that I write consistently on the importance of Internet Browser protection.

In fact, we’ve covered 20 or more Browser add-ons here in the past few weeks – from add-ons that add functionality, to those that promise to provide additional security.

All this coverage of Browser add-ons rattled my Brain somewhat, and got me thinking about the single most important add-on I have installed – the add-on I couldn’t do without.

Based on the way that I surf the Web, there was no contest. Of the 17 add-ons I have installed on Firefox, the hands down winner – the single most important add-on for my style of surfing is WOT (Web of Trust). I don’t think I’m alone in this assessment.

I frequently hear from readers who, after installing WOT on their computer systems, feel reassured that they are safer than ever before, and who express a renewed sense of confidence, and  a new level of enthusiasm, while surfing the Internet.

In fact, just under 6,000 Tech Thoughts readers have installed WOT in the last two years – according to today’s download stats.

image

And why not. Security starts with the Web Browser, and WOT substantially reduces the risk exposure, that comes with wandering through the increasingly risky neighborhood that the Internet has become.

What is WOT?

WOT, one of the most downloaded Firefox Add-ons at the Mozilla add-on site, (also compatible with Internet Explorer and Chrome), is a free Internet Browser resource which  investigates web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams – helping you avoid unsafe web sites.

For example, here’s a Google search in which WOT indicates which sites are safe. Notice the unsafe (red) sites, in the Google ads!

image

Take a look at what happens if, in fact, you do end up on an unsafe web site. WOT’s dropdown warning curtain blocks access to the site until you determine otherwise.

WOT - new

WOT operates in a unique fashion in order to offer active protection to the Internet user community. It stands out from the crowd of similar applications, by soliciting the opinions of users/members whose views on web site safety are incorporated into the overall site safety rating. According to WOT, the user community now has reputation data on over 30 million sites worldwide.

The shared information on a site’s reputation includes trustworthiness, vendor reliability, privacy, and child safety. As well, in order to achieve maximum security coverage, WOT uses thousands of trusted sources including phishing site listings, to keep users protected against rapidly spreading threats.

image

WOT integrates seamlessly with search engine results from popular search engines including Google, Yahoo, MSN and other popular sites, and provides impressive protection against Internet predators.

WOT recently added the top three web-based email services – Google Gmail, Windows Live Hotmail and Yahoo! Mail, to its free security protection. You can now feel more confident and secure, since WOT checks links embedded in your email, and warns you of dangerous web sites so that you can avoid spyware, spam, phishing, identity theft and other Internet scams; before you click on dangerous embedded links.

How WOT works:

The Browser add-on icon, displays a color rating for each site you visit, indicating whether a site is safe to use, should be used with caution, or avoided entirely.

Using traffic light colors, (green, yellow, and red), WOT leaves you in no doubt as to the safety rating of a web site. An impressive feature of WOT is the dropdown transparent warning curtain, shown earlier, triggered on visiting a dangerous site.

Recognizing that up to ten percent of Internet users are at a disadvantage however, due to colorblindness, and cannot rely on an Internet safety system based on color coding, the Web of Trust development team recently released an adaptive version of WOT. This version incorporates equivalent alternative information, through assistive or adaptive technology, for colorblind users.

This colorblind accessible application provides the same critical benefits to those individuals who have to contend with visual impairments, as it has to those of us who have come to rely on WOT as a major defense against the pervasive hazards we encounter on the Internet.

Quick facts – WOT checks the following on each web site visited:

Trustworthiness

Vendor reliability

Privacy

Child Safety

More quick facts:

Ratings for over 30 million websites

The WOT browser add-on is light and updates automatically

WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.

Settings can be customized to better protect your family

WOT Security Scorecard shows rating details and user comments

Works with Internet Explorer, Firefox and Chrome

Interface supports English, French, German, Spanish, Italian, Russian, Polish, Portuguese, Swedish and Finnish.

System requirements: Windows (all), Mac OS X, Linux

Download at: MyWot

Surf more securely by installing this browser add-on which will provide you with an in-depth site analysis based on real world results. Keep in mind however, that you are your own best protection. Stop · Think · Click.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

33 Comments

Filed under Adaptive Technologies, Browser add-ons, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Firefox Add-ons, Freeware, Google Chrome, Interconnectivity, Internet Explorer Add-ons, Internet Safety Tools, Linux, Mac OS X, Online Safety, Software, Windows Tips and Tools, WOT (Web of Trust)

“Here You Have” Worm Alert – The Incompetents Take The Bait

image In Chapter One of, Internet Security 101, the following is the first point made – “Don’t run files that you receive via email without making sure of their origin.”

OK, I’m stretching the truth a little, since I don’t actually know of a book with the title “Internet Security 101”. But, the truism “Don’t run files that you receive via email without making sure of their origin”, remains valid.

Despite constant warnings NOT to run this type of file, many users continue to disregard this critical advice. The success of the email delivered “Here you have” worm that clogged email systems on Thursday, despite the usual misspelling, grammatical, and punctuation errors in the email, leaves little doubt.

According to Symantec’s Message Labs Intelligence, the worm is delivered in a  standard email that directs the recipient to click on a link pointing to a malicious file that’s disguised as a PDF. Clicking on the link installs the worm on the victim’s machine.

image

Graphic courtesy of Symantec.

Regardless of the fact that the delivery method and the worm itself are not particularly sophisticated, this attack affected hundreds of thousands of computers worldwide, and then went on to spread through the following – instant messenger, mapped drives, and email, by taking contacts from the victim’s address book.

While doing the background work on this attack, I came across the following forum comment – “This hit one of our affiliated corporate networks today around 12 pm eastern. It was a mess.”

As one pundit put it – the attack was designed to “prey on the incompetent”. I find it hard to argue with that observation.

For additional information on this scam checkout Malware Operations Engineer Tony Millington’s Blog post over at the Symantec Hosted Services Blog.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on “Here You Have” Worm Alert – The Incompetents Take The Bait

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, Internet Security Alerts, Malware Advisories, MessageLabs, Symantec, Windows Tips and Tools, worms

Tips For Using Instant Messenger Applications Safely

imageIn a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users, one resultant statistic made me sit up a little straighter. Just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), I was more than a little surprised at this unrealistic response.

We’ve talked about IM security a number of times here, but this recent statistics indicates, a quick refresher might be in order.

The reality is, from a security perspective Instant Messaging applications can present considerable security risks. Security breakdowns can occur when these programs are used to share files, folders, or in some cases, entire drives. Instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware and scams.

Just a few days ago, for example, a Trend Micro analyst discovered an IM variant of the “Solve the IQ test”. Had he followed the instructions, he could have let himself in for a series of monthly charges of $9.99–$19.99 a month, automatically added to his cell phone bill.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, and a basket full of other IM applications, are extremely popular with users who want real-time contact with each other and (no surprise here), this makes them the perfect vehicle for cyber criminals.

Hackers use two methods of delivering malicious code through IM: delivery of virus, Trojan, or spy ware within an infected file, and the use of “socially engineered” text with a web address that entices the recipient to click on a URL which connects to a website that downloads malicious code. Viruses, worms, and Trojans then typically propagate, by sending themselves rapidly through the infected user’s buddy list.

image

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Instant Messanger changed Above all, if you are a parent, take exceptional care with the access that your children have to these programs.

The risk here goes beyond malware, as sadly, they could come into contact with undesirable individuals. The risk is low of course, but……..

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software, Parental Control Bar,  to help you do just that.

Readers with younger children, please read, KidZui – Free, Safe Internet Browsing for Kids, on this site. This guest writer article, by Silki Garg of the Internet Security Blog, provides a comprehensive review of KidZui.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Child Safety Internet, cybercrime, Don't Get Scammed, Don't Get Hacked, Freeware, Instant Messenger Safety Tips, Interconnectivity, Internet Safety for Children, Internet Safety for Teenagers, Malware Advisories, Online Safety, Software, Utilities, Windows Tips and Tools, worms

Malware Avoidance Lesson Number One – Think BEFORE You Click!

I recently repeated a small experiment with a group of “average computer user” friends, (about 16, or so), and I was disappointed to see that the conditioned response issue to “just click” while surfing the web, was still there. This, despite my long battle to get them to modify their online behavior.

I assumed that endlessly reinforcing “clicking haphazardly, without considering the consequences, can lead to the installation of malicious code that can cause identity theft and the theft of passwords, bank account numbers, and other personal information”, would have had some impact. Apparently not.

But, I haven’t given up. It appears it will take even more repetition before progress can be made. In the meantime, I expect that curiously browsing the web blissfully unaware of the considerable malware dangers, will continue to be the modus operandi for my friends.

My friends are not alone in their “clicking haphazardly” bad habit. Many of us have learned to satisfy our curiosity simply by a mouse click here, and a mouse click there. Arguable, we have developed a conditioned response (without involving conscious thought), to – “just click”.

It’s now well established, that our conditioned human responses pose the biggest risk to our online safety and security. Our curiosity, coupled with our conditioned responses can often override our common sense, so it’s not unusual for people to open an email attachment, for example, despite knowing that the attachment could be a virus, or another form of malware.

Conditioned Response

Security experts argue that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous. To this point however, this type of dangerous behavior continues despite the warnings.

Most visitors to this site are above average users (I’m assuming that you are too), so, I have a challenge for you.

Take every appropriate opportunity to inform your friends, your relatives, and associates, that “just clicking haphazardly” without considering the consequences, can lead to the installation of malicious code that can cause identity theft and the theft of passwords, bank account numbers, and other personal information.

Help them realize that “just clicking”, can expose them to:

  • Trojan horse programs
  • Back door and remote administration programs
  • Denial of service attacks
  • Being an intermediary for another attack
  • Mobile code (Java, JavaScript, and ActiveX)
  • Cross-site scripting
  • Email spoofing
  • Email-borne viruses
  • Packet sniffing

You can do them an additional favor, by pointing them to  Comodo’s YouTube channel, Really Simple Security, where they can learn the basics of Internet security in a  constructive, yet lighthearted way.

They’ll be glad that you took an interest in their online safety. And, best of all, by doing this, you will have helped raise the level of security for all of us.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

16 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Interconnectivity, Online Safety, Personal Perspective, Safe Surfing

Scareware is Destroyware – Not Just Malware

image

Scareware is a particularly vicious form of malware, designed specifically to convince the victim to pay for the “full” version of an application in order to remove what are, in fact, false positives that these program are designed to display on the infected computer in various ways; fake scan results, pop-ups, and system tray notifications.

According to Panda Security, approximately 35 million computers are infected with scareware/rogueware each month (roughly 3.50 percent of all computers), and cybercriminals are earning more than $34 million monthly, through scareware attacks.

image

image

Delivery methods used by these parasites include Trojans, infected websites, misleading advertisements, and Internet Browser security holes. They can also be downloaded voluntarily, from rogue security software websites, and from “adult” websites. As one of my friends put it “It’s easy to be bitten by a dog like that”.

The average computer user that I speak with informally, has no idea that rogue applications exist. But they do, and cyber crooks are continuing to develop and distribute scareware at a furious pace; there are literally thousands of variants of this type of malware currently circulating on the Internet. It’s fair to say; distribution has now reached virtual epidemic proportions.

Having watched the development and deployment of scareware over the last few years, and having noted the increasing sophistication of the current crop of scareware applications, I have come to the realization that scareware removal instructions have limited value, except perhaps, for the most technically sophisticated computer user. A reformat and a system re-install, are more than likely in the cards.

Yes, I know, there are literally hundreds of sites that will walk you through the process of attempting to eliminate this type of scourge, but simply put – if your computer becomes infected with the current scareware circulating on the Internet, you are, in most cases, wasting your time attempting to save your system.

If you doubt this, take a look at Trojan War Resolution: The Battle Won, in which Larry Walsh of eWeek, describes a three day marathon system recovery attempt which was ultimately successful, but…..

The best advice? Have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage.

If you have become infected by scareware, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools, and advice, you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Consider the ramifications carefully before responding to a Windows Security Alert pop-up message. This is a favorite vehicle used by rogue security application to begin the process of infecting unwary users’ computers.

Be cautious in downloading freeware, or shareware programs. Spyware, including scareware, is occasionally concealed in these programs. Download freeware applications only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications, since exposure to rogue security applications is widespread.

Install an Internet Browser add-on such as WOT (Web of Trust), an Internet Explorer/FireFox add-on, that offers substantial protection against dangerous websites.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

29 Comments

Filed under Anti-Malware Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Geek Software and Tools, internet scams, Internet Security Alerts, Malware Advisories, Manual Malware Removal, Recommended Web Sites, Rogue Software, Rogue Software Removal Tips, scareware, Scareware Removal Tips, System Security, Windows Tips and Tools, WOT (Web of Trust)

I’ve Got 10 Kilos Of GOLD I Want To Share With You!

image My Australian friend Rod, a security developer executive, regularly forwards copies of scam emails that his company detects, through their various Internet  resources.

I’m very appreciative that Rod takes the time to do this, since it keeps me in the loop at the company level on email scams and malware threats. And,  it gives me a chance to LMAO – some of these emails are outrageously funny.

Every get one of those emails? Sure you have. In fact, you probably get a lot of emails similar to the one below, recently forwarded by Rod – this one is particularly ridiculous. But, that’s the point in using it as an illustrative example.

Anyone with an email address is bound to be bombarded with this type of scam email (including the misspellings, lack of punctuation, incorrect grammatical usage, etc.).

How are you doing sir/madam? My name is Mr. Twum a 25 year old man, please dont be surprise i got your email from yahoo. i have 10kilogram of AU RAW GOLD, i got this Gold as a beneficiary from my parent as their only son . i dont know much about Gold so i am here looking for someone who can lecture me on how i can sell the Gold and how much it worth at the market.

please note that i have all legal documentation from my late dad before he passed away and on one of the documents, It is said the specification of the gold is,

QUALITY : 22+Carat with a minimum

PURITY : 96% Or Better

Origin : Ghana.

And i am ready to send sample to you to test and see if it is Gold as i can read clearly.

if you so interested. have a nice day and enjoy your day

hope to hear from you soon

Opening this type of email is definitely not recommended (despite the humor), since, at a minimum, opening one lets the spammers/scammers know that your email address is “live”. Generally not a good idea, since this virtually guarantees you will receive a lot more spam.

We’ re all pretty curious, and spammers/scammers, being experts at social engineering – “the act of manipulating people into performing actions or divulging confidential information, for the purpose of fraud, or computer system access”, rely on this to manipulate victims into opening this type of email.

While there may be some dispute as to whether “curiosity killed the cat”, there is no dispute as to the likely outcome of following the instructions contained in emails of this type because of curiosity.

For those who are swept away by an overriding curiosity  – go ahead and click and then follow the instructions. But before you do, make sure you have:

A current backup CD/DVD or other media containing your irreplaceable files – you’re going to need it.

Your original operating system install disk – you’ll need this too.

Your system and peripherals driver disks. Without these you’re going to spend hours on the Internet locating (if your lucky), drivers that were written specifically for your hardware and peripherals.

You can save yourself all this trouble, and heartache, just by one simple action, or more properly; by a single inaction. Don’t click!

Scam emails like this are designed, and crafted, to seek out financial information from you, or from your computer, that can be used to steal your money and your identity. As well, they can be designed to install various types of malware  that can have drastic consequences for your system’s stability.

You may well be curious when it comes to emails like this, but don’t let your curiosity override your common sense. Security experts argue (none too successfully it seems), that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly”, or opening the type of files that are clearly dangerous.

You may be lucky, and you may be able to recover control of your computer if your anti-malware applications are up to date, and the malware signature recognize the intruder as malware.

But I wouldn’t count on it. Often, anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

It is beyond dispute that the Internet now fits the criteria of a world that is not just perceived to be, but is in fact, personally threatening to uninformed or casual Internet users. I could go on, but I think the message here is clear. Think carefully before you click.

Despite every warning under the sun, there are people who will open this type of email. And, in that group, there will be people who will respond. If you’re having trouble believing this – believe it. If this type of scam didn’t show results, we wouldn’t have to deal with them on a constant basis.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

14 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, internet scams, Online Safety, spam, Windows Tips and Tools