Tag Archives: malware

Online Paperless Billing – The New Attack Vector For Cyber Crime

imageI’m very much in favor of online paperless billing and, virtually all of my reoccurring monthly bills are delivered this way – directly to my inbox. For example (shown below), is a snapshot of the regular monthly email notice from my natural gas supplier.

A simple click on the embedded link, and …..

Enbridge 1

there’s the bill – which is identical, I might add, to the bill delivered by regular mail.

Enbridge 2

A couple of extra clicks to reach my online banking and, the bill is paid.

image

No stacking up bills to be dealt with (along with all the other bills), at a later date. Done – fini – terminado!

I like it and, I’m sure my utilities suppliers love it – since, in most cases, they get paid far in advance of the required payment date. A perfect system it seems – except, this is the Internet.

Ah, the Internet – the playground of every scumbag cyber criminal from Moscow to Montreal – and, beyond. So, it’s hardly surprising to see online paperless billing come under attack.

Yesterday, Commtouch let me know of an ongoing attack – directed at AT&T  customers – which automatically embeds malware onto the targeted machine, once the user clicks on the embedded link in the  billing notice.

Since the billing email shows an outrageous balance (in the following screen capture, $943.01), theoretically, the response ratio should be significantly higher than it might otherwise be.

Several months back, I received a billing notice from my cable supplier totaling $650 – versus the normal $150 – and, I can assure you, I clicked on the embedded link, immediately.

It was, of course, a massive screw up at their end. Never the less, I instinctively (and, without thinking) clicked on the link . Being frustratingly annoyed is often a powerful call to action. Cyber criminals know exactly how to wind us up –increasing the odds that we’ll respond inappropriately.

image

Graphic courtesy of Commtouch.

According to Commtouch, who generously shared their research –

The pattern to be aware of in this case is: <legitimate domain>/<recurring set of random letters>/<index.html>

The index.html file tries to exploit at least the following known vulnerabilities:

·Libtiff integer overflow in Adobe Reader and Acrobat       CVE-2010-0188

·Help Center URL Validation Vulnerability       CVE-2010-1885

Every link in the email (there are 9 links), leads to a different compromised site with malware hidden inside. Recipients who are unsure whether the email they have received is genuine or not (the malicious version is a very accurate copy), should mouse-over the links.

Genuine emails from AT&T will include AT&T website links.  For example the “att.com link will be the same in both places that it appears in the email – unlike the malicious version which uses two very different URLs.

I might add, that I use the WOT Browser add-on and, you’ll notice in the first graphic (at the top of this page), the green circle indicated the embedded link is safe. I strongly suggest that if you currently do not have WOT installed, that you consider doing so. As well, I use the Redirect Remover add-on which removes any redirect links in Firefox. An appropriate way to become aware of redirected links.

Four years ago, when I stated writing this Blog, I was hopeful that the cyber criminal threat to Internet users would be actively addressed. That at some point, governments and law enforcement would step up and actively seek out, and punish, the criminals who have turned the Internet into a minefield.

Governments, (the U.K, the U.S., Canada, Australia, India …) it seems, don’t give a fiddler’s f*ck – they appear to be much more interested in passing regressive Internet legislation directed at you – not cyber criminals. Legislation designed to massively infringe on individual personal privacy, and individual human rights. In the meantime, cyber criminals continue to roam freely.

As for law enforcement agencies – just try reporting a cyber crime to your local police department and, you’ll find that they couldn’t care less. Their focus is on low level behavioral crimes, like busting teenage Pot smokers. Just how much safer does that make you feel on the Internet?

Unless, there is a concerted effort on the part of all of us – and yes, that means you need to get involved – demanding a responsible approach to this outrageous criminality on the Internet – we will all, at some point, become a victim of cyber crime.

Do I sound angry? You bet I am.

12 Comments

Filed under Cyber Crime, email scams, Malware Alert

Free Sucuri SiteCheck – Find Out If Your Site Has Been Hacked

imageI recently posted a piece – Webmasters Struggle With Hacked Sites – A Commtouch, StopBadware Report – which read in part: “Recent statistics indicate (surprise, surprise) – cybercriminals are increasing their targeting of websites for identity theft, virus distribution, and spamming.

And, according to a newly released survey (Compromised Websites: An Owner’s Perspective), from Commtouch and StopBadware – in which webmasters were queried on their fight against hacking – almost half of the survey participants (who had been hacked), had no idea until they received a warning from their own computer’s protection technology.”

Since I use WordPress as my blogging platform, I rely on the security apparatus WordPress has in place to protect me from the various cyber criminal attack schemes currently in play. Still, I would be more than a little naive if I didn’t  consider the possibility that WordPress’ site security is vulnerable to hacking.

If a security developer’s web site can be hacked – and, many have been in the last year – including Panda Security in just the past few days*, it lends credence to the suggestion that any site can be hacked.

*Late Tuesday night, at least 35 public facing websites belonging to Panda Security were hacked and defaced by the LulzSec and Anonymous hacking groups. The defacement also posted multiple usernames and passwords associated with Panda Security employees.

Frankly, it absolutely infuriates me when I consider that the 4 years plus that I’ve put into writing and maintaining this Blog could, in little more than a moment, be destroyed by a single act of a cyber criminal. In my weaker moments, I have visions of lining these creeps up against the wall and being done with them.

But, the reality is much different, of course. So, it’s incumbent upon me to ensure that visitors to this site are protected (imperfect as that might be), from the nasties which cybercriminals can load onto a site.

There’s no foolproof solution but, one measure which I employ frequently is taking advantage of a free service offered by Sucuri Security – which, quickly scans for the most common threats as illustrated in the following screen capture.

image

Additionally, all links within the site are scanned. The following screen shot shows a small representation of the hundreds of links which were scanned.

image

If you’re a blogger or a site owner, I suggest that you take advantage of this free service so that you can check if your site has been compromised. It’s one more tool in the fight against the increasing threats posed by cyber criminal gangs.

Scan your website free.

16 Comments

Filed under Anti-Malware Tools, blogging, Cyber Crime, Don't Get Hacked, Online Malware Scanners

If You’re A BitTorrent User – Guard Against Malware With BitDefender’s Free Virus Guard

imageIf you’re into downloading open license movies, music, games and applications, then there’s a good chance you’re into the enormously popular BitTorrent peer-to-peer file sharing application.

Just to be clear – I am not a fan of public, peer to peer file sharing – here’s why: Peer to peer file sharing carries with it a high risk that the user will not get what he thinks he will. And, may pick up something nobody wants to pick up.

So is this a serious risk? You bet – take a look at the following from the BitTorrent Beginner’s Guide –  How do I know that someone isn’t sending out viruses on BitTorrent?

In short, you don’t. You should treat something downloaded with BitTorrent just like any file downloaded from the internet – that is, if you don’t trust the source of the file, then you should use caution when opening it.

BitTorrent guarantees that the content you download is not altered from when the torrent was originally created, but if the source files used to create the torrent were already infected, this will provide no protection!

What’s a user to do then, who enjoys file sharing through BitTorrent, and wants to reduce the risk of being burned by cybercriminals who lurk on public file sharing networks? BitDefender’s Virus Guard, might provide part of the answer.

BitDefender’s free Virus Guard, which is now part of BitTorrent’s App Studio, is available to BitTorrent’s 80 million users.  Virus Guard quickly scans torrents before they’re launched, and flags any potential threats it finds; effectively giving users an opportunity to delete torrents before they can do any harm.

image

Here’s a screen capture of the BitTorrent application with BitDefender’s Virus Guard installed. Click on the graphic to expand to original size – 1260 x 745.

image

BitDefender’s Virus Guard Fast Facts:

Scan from within BitTorrent — avoid wasting resources on a full disk scan.

Check all torrent downloads (including ZIP, RAR, and TAR archives) to eliminate potential threats before they occur.

Protect against viruses and other malware using industry-leading technology.

Keep all your torrent downloads safe and clean.

BitDefender provides industry-leading protection based on two proactive threat detection technologies.

Virus definition library updated continuously to protect you from the latest threats.

Download Virus Guard at: BitTorrent’s App Studio (you will have to scroll down the page).

Old advice, but more important than ever:

Trade-offs and risks you should consider if you’re a fan of Peer to Peer file sharing.

Privacy: When you are connected to file-sharing programs, you may unintentionally allow others to copy confidential files you did not intend to share. So be sure to setup the file-sharing software very carefully.

If you don’t check the proper settings when you install the software, you could allow access not just to the files you intend to share, but also to other information on your hard drive, such as your tax returns, email messages, medical records, photos, and other personal and financial documents.

It’s extremely important to be aware of the files that you place in, or download to, your shared folder. Don’t put information in your shared folder that you don’t want to share with others. Your shared folder is the folder that is shared automatically with others on peer to peer file sharing networks.

Copyright Issues: You may knowingly, or otherwise, download material that is protected by copyright laws and find yourself caught up in legal issues. Copyright infringement can result in significant monetary damages, fines, and even criminal penalties.

Some statistics suggest as many as 70% of young people between the ages of 9 – 14, regularly download copyrighted digital music. If you are a parent, you bear the ultimate responsibility for this illegal activity.

Adult Content: Again, if you are a parent you may not be aware that their children have downloaded file-sharing software on the family computer, and that they may have exchanged games, videos, music, pornography, or other material that may be unsuitable for them. It’s not unusual for other peoples’ files to be mislabeled and you or your children can unintentionally download these files.

Spyware: There’s a good chance that the file-sharing program you’re using has installed other software known as spyware to your computer’s operating system. Spyware monitors a user’s browsing habits and then sends that data to third parties. Frequently the user gets ads based on the information that the spyware has collected and forwarded to these third parties.

I can assure you that spyware can be difficult to detect and remove. Before you use any file-sharing program, you should buy, or download free software, that can help prevent the downloading or installation of spyware, or help to detect it on your hard drive if it has been installed.

Viruses: Use and update your anti-virus software regularly. Files you download could be mislabeled, hiding a virus or other unwanted content. Use anti-virus software to protect your computer from viruses you might pick up from other users through the file-sharing program.

Generally, your virus filter should prevent your computer from receiving possibly destructive files. While downloading, you should avoid files with extensions such as .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.

Default Closing Behavior: It is critical that you close your connection after you have finished using the software. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and will increase your security risk. Be sure to turn off this feature in the programs “preferences” setting.

What’s more, some file-sharing programs automatically run every time you turn on your computer. As a preventive measure, you should adjust the file-sharing program’s controls to prevent the file-sharing program from automatically starting.

4 Comments

Filed under Anti-Malware Tools, BitDefender, Don't Get Hacked

Give Malware The Old Heave Ho! – Trap It With Sandboxie!

imageWouldn’t it be terrific if, following a mistake which led to malware making its way on to your computer, you could wave a magic wand, utter the words – “get thee gone” – and, quick as you like – no more malware infection?

Luckily, you can do just that. You don’t have to be a magician – you don’t have to deliver a magic enchantment – but, you do need to be running a sandbox based isolation application.

And that, brings me to Sandboxie – the King of isolation applications in Geek territory. Rather than geek you into the land of nod – today’s review is what I like to refer to as a “soft review”.

Simply put, Sandboxie, when active, creates a virtual environment (of a sort), on a computer by redirecting all system and application changes, to an unused location on a Hard Drive. These changes can be permanently saved to disk or, completely discarded.

A case in point for isolating web surfing:

While surfing the Net, an inexperienced user mistakenly accepts an invitation to install a scareware application but realizes, after the fact, that this is a scam. Operating in a “real” environment, the damage, unfortunately, would already have been done.

Operating in an isolated environment with Sandboxie active; the system changes made by this parasite could be completely discarded – since the attack occurred in a – “I’m not really here” environment .

An obvious part of reviewing an application is, providing a technical breakdown of just how an application gets the job done – or, in some cases how/why an application doesn’t quite get it done.

It’s not often that I get caught between the proverbial “rock and a hard place” in terms of illustrating an applications aptitude in getting the task accomplished. In this case however, Ronen Tzur, Sandboxie’s developer, has taken the expression – a picture is worth a thousand words – and definitely run with it. Well done Ronen!

From the site: Introducing Sandboxie

Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally.

The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox, depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.

Fast facts:

Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don’t leak into Windows.

Secure E-mail: Viruses and other malicious software that might be hiding in your email can’t break out of the sandbox and can’t infect your real system.

Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

The developer has provided a clear and concise Getting Started tutorial – which includes:

How to to use Sandboxie to run your applications

How the changes are trapped in the sandbox

How to recover important files and documents out of the sandbox

How to delete the sandbox

System requirements: Windows XP, Vista, Win 7 (32 and 64 bit).

Available languages: English, Albanian, Arabic, Chinese (Simplified and Traditional), Czech, Danish, Estonian, Finnish, French, German, Greek, Hebrew, Indonesian, Italian, Japanese, Korean, Macedonian, Polish, Portuguese (Brasil and Portugal), Russian, Spanish, Swedish, Turkish, and Ukrainian.

Download at: Sandboxie

A Caveat: You may run with Sandboxie free of charge – but, once past the initial 30 days, you will be reminded that a lifetime licensed version is available for € 29 ($38 USD at today’s conversion rate).

My good buddy from Portugal, José – a super geek – is of the opinion that Sandboxie is in a class of its own. I couldn’t agree more José.

16 Comments

Filed under Anti-Malware Tools, Cyber Criminals, Don't Get Hacked, downloads, Malware Protection, Virtualization

Valentine’s “Love” In Your Inbox – Could Be Malware On Your Computer.

imageValentine’s Day will be on us before we know it – so, it’s not too early to get ready for the deluge of  “I love you”, “Wish you were mine”………………., and of course, the customary – “Happy Valentine’s Day” emails.

Hopefully, you will have a Happy Valentine’s Day – but, that happy feeling could be ruined, if you fall victim to the explosion of “spam and scam” that’s aimed at lovers, this time of year –  every year. Much of it designed to take a swing at unsuspecting users machines – leading to a malware infection.

In previous years, starting  just about this time, we saw abnormally high rates of this type of spam and, since cyber crooks are opportunity driven; we’ll see much more of this type of cybercriminal activity this year, I expect.

Perhaps you’re a very cool person who’s significant other is always sending you neat little packages in your email. MP3 files, screensavers, cartoons, YouTube videos, and the like. Could be – you get them so often, that you just automatically click on the email attachment without even thinking. If, you are this type of person, here’s a word of advice – start thinking.

The hook, as it always is in this type of socially engineered email scam, is crafted around exploiting emotions. We’re all pretty curious creatures and, let’s face it, who doesn’t like surprises. I think it’s safe to say, we all find it difficult, if not impossible, to not peek at love notes received via email.

The unfortunate truth is, these spam emails often contain links that deliver advertisements, or worse – redirect the victim to an unsafe site from which malware can be installed on the victim’s computer.

Here’s a tip – If you see something along the lines of – This email contains graphics, so if you don’t see them, view it in your browser – consider very carefully – before you click on the link.

A couple of years ago, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. On opening the email, he was taken to a site which had pictures of hearts and puppies, and was then asked to choose which one was for him. You’ll notice that “choosing” involved opening an executable filea cardinal sin.

image

Fortunately, he got his geek on in time – common sense prevailed, and he backed out of this site. If he had clicked on this executable file, he would have begun the process of infecting his machine with a Trojan. A Trojan which, in this case, connected to a remote command and control site – (effectively, turning over control of his computer to a cybercriminal). Nasty – I think you’ll agree.

Experienced users are on guard year round for these, and other types of scam/spam email.

You know what to do; right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar.

If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

Cyber crooks have moved on from using just emails, as a malware delivery vehicle. So, be on the lookout for fraudulent Valentine’s Day greetings in:

Instant Messenger applications.

Twitter.

Facebook.

Chat forums, and so on.

This just in @ 11:56

Uzbekistan Government Cancels Valentine’s Day

That settles it – I’m not giving any Uzbek women my love in protest. Sorry ladies.   🙂

11 Comments

Filed under bots, Cyber Crime, Cyber Criminals, Email, Malware Alert, Social Networks, spam

Think BEFORE You Click! – How Hard Is That?

imageHARD, apparently.

I recently repeated a small experiment (for the third year in a row), with a group of “average computer user” friends, (12 this time around), and I was disappointed to see (once again), that the conditioned response issue to “just click” while surfing the web, was still there.

Still, I’m always hopeful that reinforcing the point that clicking haphazardly, without considering the consequences – the installation of malicious code that can cause identity theft and the theft of passwords, bank account numbers, and other personal information – would have had some impact. Apparently not.

But, I haven’t given up. I’m prepared to hammer them repeatedly until such time as I can make some progress. In the meantime, I expect that curiously browsing the web blissfully unaware of the considerable malware dangers, will continue to be the modus operandi for my friends.

They’re not alone in their “clicking haphazardly” bad habits. Many of us have learned to satisfy our curiosity simply by a mouse click here, and a mouse click there. Arguable, we have developed a conditioned response (without involving conscious thought), to – “just click”.

It can be argued, that our “just click” mindset poses the biggest risk to our online safety and security. In fact, security experts argue, that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly”, or opening the types of files that are clearly dangerous. However, this type of dangerous behavior continues despite the warnings.

Most visitors to this site are above average users (I’m assuming that you are too), so, I have a challenge for you.

Take every appropriate opportunity to inform your friends, your relatives, and associates, that “just clicking haphazardly” without considering the consequences, can lead to the installation of malicious code that can cause identity theft and the theft of passwords, bank account numbers, and other personal information.

Help them realize that “just clicking”, can expose them to:

  • Trojan horse programs
  • Back door and remote administration programs
  • Denial of service attacks
  • Being an intermediary for another attack
  • Mobile code (Java, JavaScript, and ActiveX)
  • Cross-site scripting
  • Email spoofing
  • Email-borne viruses
  • Packet sniffing

They’ll be glad that you took an interest in their online safety. And, best of all, by doing this, you will have helped raise the level of security for all of us.

A point to ponder:

Since it’s proven to be difficult to get “buy-in” on this – “think before you click safety strategy” – I generally ask the question – do you buy lottery tickets? Not surprisingly, the answer is often – yes. The obvious next question is – why?

The answers generally run along these lines – I could win; somebody has to win;……. It doesn’t take much effort to point out that the odds of a malware infection caused by poor Internet surfing habits are ENORMOUSLY higher than winning the lottery and, that there’s a virtual certainty that poor habits will lead to a malware infection.

The last question I ask before I walk away shaking my head is – if you believe you have a chance of winning the lottery – despite the odds – why do you have a problem believing that you’re in danger on the Internet because of your behavior, despite the available stats that prove otherwise?

18 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Online Safety, Spyware - Adware Protection

Way To Go WOT! – Now Protecting 30 Million Users

imageThe Internet is one kickass place – survey after survey continue to show that cybercriminals are picking off unaware/undereducated users, as if they were shooting fish in a barrel.

It’s hardly surprising then, that an enormous industry (no, not big, not large – but, enormous) has developed, based on the principal that technology can act as a counterfoil  to the most nefarious cyber criminal schemes. Criminal schemes which are, after all, technology driven.

I’ll leave it to you to decide if this has been an effective solution.

No matter the side you come down on regarding this complex issue, dancing around naked (so to speak ) on the Internet – that is, without adequate Browser protection, is akin to fumbling and stumbling through the toughest neighborhood in your area – after dark.

Internet security starts with the Web Browser (it does not end there – but, one step at a time), and WOT (Web of Trust, which passed the 30 million user mark yesterday – January 9, 2011), substantially reduces the risk exposure that comes with wandering through the increasingly risky neighborhood that the Internet has become.

Based on the way that I surf the Web, there’s no contest as to which of the 17 add-ons I have installed on Firefox, is most important to my piece of mind. The hands down winner – the single most important add-on for my style of surfing is WOT (Web of Trust).

Sure, that’s a pretty bold statement – but, since I frequently hear from readers who, after installing WOT on their computer systems, feel reassured that they are safer than ever before, and who express a renewed sense of confidence, and  a new level of enthusiasm, while surfing the Internet, I’ll go with it.

If you’re not yet a WOT user, read the following in-depth review – you may reconsider.

What is WOT?

WOT, one of the most downloaded Firefox Add-ons at the Mozilla add-on site, (also compatible with Internet Explorer and Chrome), is a free Internet Browser resource which  investigates web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams – helping you avoid unsafe web sites.

For example, here’s a Google search in which WOT indicates which sites are safe. Notice the unsafe (red) sites, in the Google ads!

image

Take a look at what happens if, in fact, you do end up on an unsafe web site. WOT’s dropdown warning curtain blocks access to the site until you determine otherwise.

WOT - new

WOT operates in a unique fashion in order to offer active protection to the Internet user community. It stands out from the crowd of similar applications, by soliciting the opinions of users/members whose views on web site safety are incorporated into the overall site safety rating. According to WOT, the user community now has reputation data on over 35 million sites worldwide.

The shared information on a site’s reputation includes trustworthiness, vendor reliability, privacy, and child safety. As well, in order to achieve maximum security coverage, WOT uses thousands of trusted sources including phishing site listings, to keep users protected against rapidly spreading threats.

image

WOT integrates seamlessly with search engine results from popular search engines including Google, Yahoo, MSN and other popular sites, and provides impressive protection against Internet predators.

WOT recently added the top three web-based email services – Google Gmail, Windows Live Hotmail and Yahoo! Mail, to its free security protection. You can now feel more confident and secure, since WOT checks links embedded in your email, and warns you of dangerous web sites so that you can avoid spyware, spam, phishing, identity theft and other Internet scams; before you click on dangerous embedded links.

How WOT works:

The Browser add-on icon, displays a color rating for each site you visit, indicating whether a site is safe to use, should be used with caution, or avoided entirely.

Using traffic light colors, (green, yellow, and red), WOT leaves you in no doubt as to the safety rating of a web site. An impressive feature of WOT is the dropdown transparent warning curtain, shown earlier, triggered on visiting a dangerous site.

Recognizing that up to ten percent of Internet users are at a disadvantage however, due to colorblindness, and cannot rely on an Internet safety system based on color coding, the Web of Trust development team recently released an adaptive version of WOT. This version incorporates equivalent alternative information, through assistive or adaptive technology, for colorblind users.

This colorblind accessible application provides the same critical benefits to those individuals who have to contend with visual impairments, as it has to those of us who have come to rely on WOT as a major defense against the pervasive hazards we encounter on the Internet.

Quick facts – WOT checks the following on each web site visited:

Trustworthiness

Vendor reliability

Privacy

Child Safety

More quick facts:

Ratings for over 30 million websites

The WOT browser add-on is light and updates automatically

WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.

Settings can be customized to better protect your family

WOT Security Scorecard shows rating details and user comments

Works with Internet Explorer, Firefox and Chrome

Interface supports English, French, German, Spanish, Italian, Russian, Polish, Portuguese, Swedish and Finnish.

System requirements: Windows (all), Mac OS X, Linux

Download at: MyWot

Surf more securely by installing this browser add-on which will provide you with an in-depth site analysis based on real world results. Keep in mind however, that you are your own best protection. Stop · Think · Click.

11 Comments

Filed under Browser add-ons, Browser Plug-ins, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Internet Safety Tools