Another Worm Worms Its Way Into Instant Messaging Applications

From the more things change the more they remain the same files:

AV-killing worm spreads via Facebook chat and IM clients – A rather industrious piece of malware that – among other things – paves the way for other malware by disabling AV solutions and software update modules has been spotted spreading via several Instant Messaging applications (ICQ, Skype, GTalk, Pidgin, MSN, YIM) and Facebook.

The victims receive a message from an unknown user, offering a link to a funny or interesting video. If they follow it, the malware in question downloads automatically from the linked site and is executed.

Nothing new here – as any one of the 10 or more articles I’ve  written over the years on using Instant Messenger applications safely will attest to. The following post (originally published September 4, 2010) will serve as a quick refresher on how to navigate the Internet safely while using an Instant Messenger client.

Tips For Using Instant Messenger Applications Safely

In a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users, one resultant statistic made me sit up a little straighter. Just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), I was more than a little surprised at this unrealistic response.

The reality is, from a security perspective Instant Messaging applications can present considerable security risks. Security breakdowns can occur when these programs are used to share files, folders, or in some cases, entire drives. Instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware and scams.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, and a basket full of other IM applications, are extremely popular with users who want real-time contact with each other and (no surprise here), this makes them the perfect vehicle for cyber criminals.

Hackers use two methods of delivering malicious code through IM: delivery of virus, Trojan, or spy ware within an infected file, and the use of “socially engineered” text with a web address that entices the recipient to click on a URL which connects to a website that downloads malicious code. Viruses, worms, and Trojans then typically propagate, by sending themselves rapidly through the infected user’s buddy list.

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Bite Back Against Banking Bandits With Puppy Linux

Woof, Woof! That’s the sound of Puppy Linux as it starts. A good sound as it turns out; it reminds me as to why I’ve just booted my computer from this amazing little Linux distro – safety, security, and a substantially increased chance that I’ll hang onto the paltry funds in my bank accounts.

Puppy Linux is not a one trick pony – although, I tend to use it for one thing only (at the moment) – Online Banking. More on this in a moment*.

This is a very well trained Puppy:

Easy – Just use a CD or USB flash to boot a PC. Puppy Linux is downloadable as ISO, an image that can be burned to CD or DVD.

Fast – Because Puppy is small, it can live in your PC’s memory and be ready to quickly execute your commands, whereas in other systems, programs are first read from drive storage before being executed.

Save Money – Even if your PC has no hard disk (ex, broken hard disk), you can still boot Puppy via CD or USB and continue working. Old PCs that no longer work with new systems will still work good-as-new with Puppy.

Do More – Puppy boots in less than a minute, even in old PCs, and it does not require antivirus software. Administering Puppy is quick and minimal. With Puppy, you just have to take care of your data, which you can easily save to USB flash (Then forget about your operating system!). Your data can be read by other computers.

Do Magic – Help your friends suffering from computer malware by booting Puppy and removing malware from their PC (use antivirus that is built-in or can be installed in Puppy). Example – bad Autorun.inf is easily removed by Puppy (Just delete it as well as its companion exe program). If your friend thinks that she has lost data from her corrupted hard disk, boot Puppy and try saving her data!

Carry Anywhere (Portable) – Because Puppy is able to live in CD/DVD or USB flash, as well as save data to these same devices, you can carry your programs and data with you.

The Puppy Desktop – Not flashy; not eye candy – but functional and efficient.

In the following illustration, I’ve clicked on the Browser icon (SeaMonkey is the native Browser), to open this site. I considered showing my online banking connection – in a moment of madness.  

*Not to be argumentative – wait, I will be argumentative. The Internet, and its related technologies (connected devices, and so on), has become a massive playground for outrageous hype and sheer BS. It’s like listening to a used car salesman. Nowhere, is this more evident than in the orbit of security technology.

Outrageous claims of “total protection” based on stale data; ranking security suites as if # 1 was truly more effective than # 2……

As if the premise is – system security is a static environment in which knowledgeable users operate in their own best interests.

As if cybercriminals are sitting still, and not releasing highly sophisticated attacks on a daily basis.

As if application vulnerabilities are not discovered virtually on a daily basis.

So, am I being argumentative just for the sake of it? Not bloody likely.

Qualys Inc. releases a Consensus Security Vulnerability Alert @RISK Newsletter on a weekly basis (to which I subscribe), that sets out the most recent vulnerabilities for which exploits are available in the cybercrime marketplace.

Here’s a small sampling of the latest –

Title: Trojan uses new C&C obfuscation technique
Description: The Polish CERT has observed a new Trojan spreading in the
wild via a number of different social media techniques. While not
particularly novel in that regard, this particular piece of malware is
interesting in the way that it contacts its command and control servers.
Instead of using the address provided in a DNS query response, the
malware takes that value and transforms it into a different IP address,
which is then used to contact the C&C. This technique, if it becomes
widespread, has interesting implications for malware detection at the
network level.

Title: Symantec PcAnywhere 12.5.0 Login and Password Field Buffer Overflow
Vendor: Symantec
Description: The host-services component in Symantec pcAnywhere 12.5.x
through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka
12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and
authentication data, which allows remote attackers to execute arbitrary
code via a crafted session on TCP port 5631.

Title: Banking trojan spreading via phishing attacks
Description: The Sourcefire VRT has discovered a new Trojan being
dropped on users via a large-scale UPS-themed phishing attack. The
Trojan, which attempts to steal credentials for several major financial
institutions, also drops other malicious binaries on the infected
system. Its C&C communications are of particular interest, as its
authors chose to use the hexadecimal string “0xDEADBEEF” – which is
commonly used by attackers and researchers alike as a way to follow user
input through system memory – as a protocol marker of sorts.

Note: input through system memory.

It’s this last type of vulnerability (though not exclusively), which drives my need to logon to my banking site via a self-booting Linux Live CD – in this case – Puppy Linux. Since Puppy is read-only media, the environment (running entirely in RAM), will be much more secure than Windows.

Yes, I admit that it’s a pain (occasionally) to shut down and reboot just to complete an online financial transaction but, I’d rather be safe than sorry – I’m into an ounce of prevention.

Since the majority of malware is Windows specific, banking online through a Linux Live CD is my ounce of prevention. It should be yours as well.

Minimum Hardware Requirements for Puppy Linux 4.2.1:

500MHZ processor
128MB RAM
512MB free hard drive space to create an optional save file
No hard drive required to boot a Live Disc.
CD-ROM any speed

Download at: Puppy Linux

More information is available on the publisher’s site.

Cyber Crooks Taking Another Crack At Yahoo Instant Messenger

I’ve been known to  stare at my monitor, humming a few bars of  – “IM malware go away, and come back another day”, from time to time. Doesn’t seem to work though.  🙂 IM malware never goes away – it just fades into the malware background chatter.

Despite the fact that Instant Messenger malware (which has been with us since 2005, or so), doesn’t create much of a fuss, and seems to prefer to stay just below the horizon, it’s as dangerous as it’s ever been.

In business, when something works, why bother to reinvent the wheel. A little nip here; a little tuck there and hey – you’re still in business! No surprise then, when we see that cybercriminals subscribe to this business philosophy.

–   Yahoo Instant Messenger Under Attack Again or Still? (May 4, 2010)

It’s easy to forget about the risks associated with Instant Messaging precisely because of this lack of profile. Until, that is, IM malware comes knocking – hard – like now!

BitDefender’s, Bogdan Botezatu, reports in a recent Blog post, that Yahoo Messenger is currently under attack – and, taking a hard knocking.

From the Blog:

New Yahoo Messenger 0-Day Exploit Hijacks User’s Status Update…and spreads malware, of course!

A newly discovered exploit in version 11.x of the Messenger client (including the freshly-released 11.5.0.152-us) allows a remote attacker to arbitrarily change the status message of virtually any Yahoo Messenger user that runs the vulnerable version.

Since you’re an astute and educated user, none of this comes as a surprise, I’m sure. But, what about a typical user – would he/she be surprised, do you suppose?

Let’s take a look –

In a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users – just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Unfortunately, the only surprise here is – this is not a surprise.

The harsh reality is, from a security perspective, Instant Messaging applications can present considerable security risks. So naturally, cyber-criminals use Instant Messaging as a primary channel to distribute malware and scams.

We’ve talked about IM security a number of times here, but with this ongoing attack, a quick refresher might be in order.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs.

The risk here goes beyond malware, as sadly, they could come into contact with undesirable individuals. The risk is low of course, but……..

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software, Parental Control Bar,  to help you do just that.

BTW, you can hum “IM malware go away, and come back another day”, to the new version of that old familiar tune – Rain Rain Go Away.   

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tips For Using Instant Messenger Applications Safely

In a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users, one resultant statistic made me sit up a little straighter. Just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), I was more than a little surprised at this unrealistic response.

We’ve talked about IM security a number of times here, but this recent statistics indicates, a quick refresher might be in order.

The reality is, from a security perspective Instant Messaging applications can present considerable security risks. Security breakdowns can occur when these programs are used to share files, folders, or in some cases, entire drives. Instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware and scams.

Just a few days ago, for example, a Trend Micro analyst discovered an IM variant of the “Solve the IQ test”. Had he followed the instructions, he could have let himself in for a series of monthly charges of $9.99–$19.99 a month, automatically added to his cell phone bill.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, and a basket full of other IM applications, are extremely popular with users who want real-time contact with each other and (no surprise here), this makes them the perfect vehicle for cyber criminals.

Hackers use two methods of delivering malicious code through IM: delivery of virus, Trojan, or spy ware within an infected file, and the use of “socially engineered” text with a web address that entices the recipient to click on a URL which connects to a website that downloads malicious code. Viruses, worms, and Trojans then typically propagate, by sending themselves rapidly through the infected user’s buddy list.

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs.

The risk here goes beyond malware, as sadly, they could come into contact with undesirable individuals. The risk is low of course, but……..

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software, Parental Control Bar,  to help you do just that.

Readers with younger children, please read, KidZui – Free, Safe Internet Browsing for Kids, on this site. This guest writer article, by Silki Garg of the Internet Security Blog, provides a comprehensive review of KidZui.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Sex (ting) – Who’s Really Doing It? It’s NOT Just Teens!

Apparently, if we’re not thinking about sex, we’re talking about sex. If we’re not talking about sex, we’re engaged in sex. If we’re not engaged in sex, we’re thinking and talking and planning, on becoming engaged in sex. Whew – no wonder I’m so tired!

According to sexologists, anthropologists, psychologists and sociologists, (and other …ists, I’m sure), a common denominator amongst humans is the degree to which they think of sex.

Given that we all seem to have this supposed preoccupation with sex – is it any wonder then, that the Internet, and its associated connected devices, have become a common outlet for erotic fantasies.

The meshing of sex and tech, has generated a Pandora’s box of problems, and associated issues, that need to be resolved socially, legally, and morally.

One of these problematic issues, is the issue of sex, tech, and teens; more precisely – teenaged sexting.

It’s an issue that has been a focus of attention in the news recently (today in fact, on CNN) – at least here in North America.

And, in typical fashion in matters dealing with sexual issues, law enforcement officials, in many areas, have  abandoned common sense and regularly charge teenagers who exchange consensual nude photographs of themselves, with the production, dissemination, and possession of child pornography

So, is this just one more example of “officialdom’s” hysteria, and overreaction on sexually related issues? Or,  is sexting, particularly teen sexting, a real problem that requires the harsh application of punitive measures to eradicate?

The National Campaign to Prevent Teen and Unplanned Pregnancy,  weighed in on this issue in a recent survey; a survey which seems to indicate that teen sexting is a problem. You should be aware that additional independent statistics suggest; 28 per cent of parents are sexting fans.

Survey statistics:

15 Percent of teenagers who have sent or posted nude or seminude images of themselves say they have done so to someone they only knew online.

48 Percent of teenagers say they have received such messages.

71 Percent of teen girls and 67% of teen boys who have sent or posted sexually suggestive content say they have sent or posted this content to a boyfriend or girlfriend.

21 Percent of teenage girls and 39% of teen boys say they have sent such content to someone they wanted to date or hook up with.

44 Percent of both teen girls and teen boys say it is common for sexually suggestive text messages to get shared with people other than the intended recipient.

36 Percent of teen girls and 39 % of teen boys say it is common for nude or semi-nude photos to get shared with people other than the intended recipient.

51 Percent of teen girls say pressure from a guy is a reason girls send sexy messages or images; only 18 % of teen boys cited pressure from female counterparts as a reason.

66 Percent of teen girls and 60% of teen boys say they did so to be “fun or flirtatious”; their most common reason for sending sexy content.

52 Percent of teenage girls used sexting as a “sexy present” for their boyfriend.

44 Percent of both teen girls and teen boys say they sent sexually suggestive messages or images in response to such content they received.

40 Percent of teenage girls said they sent sexually suggestive messages or images as “a joke.”

34 Percent of teen girls say they sent or posted sexually suggestive content to “feel sexy.”

12 Percent of teen girls felt “pressured” to send sexually suggestive messages or images.

Apart from the legal issues, which can have grave lifetimes consequences, teenagers engaging in what they may consider harmless fun, run the risk of having to deal with the outcome of present day “harmless fun” in the future, which could impact their lives in ways not yet considered.

Think Before You Post, an online resource from The National Center for Missing and Exploited Children, designed specifically for teenagers, should really be a required component of everyone’s online education – not only teenagers.

The following tips are included on this online resource for teenagers to think about.

Use webcams or post photos online only with your parents’ and guardians’ knowledge and supervision.

Ask yourself if you would be embarrassed if your friends or family saw the pictures or video you post online. If the answer is yes, then you need to stop.

Be aware of what is in the camera’s field of vision and remember to turn the camera off when it is not in use. Checkout our recent article on web cam safety – “Big Brother” isn’t the only one watching you. “Uncle Nasty” is out there prowling the Internet too!”

Be careful about posting identity-revealing or sexually provocative photos. Don’t post photos of others — even your friends — without permission from your friends’ parents or guardians. Remember – once such images are posted you give up control of them and you can never get them back.

Recommended parental resources:

Text Ed – The LG Text Ed program will tackle pressing issues such as tween and teen sexting, managing children’s phone usage, the importance of self-esteem in a wireless world, recognizing potentially harmful and hurtful mobile phone behavior, and other concerns facing parents and their children.

Cyber Summer Safety Challenge for Kids & Teens – The Cyber Summer Safety Challenge was developed to get parents, teens and kids to start a dialogue about Internet safety, social networking, online threats and what they can do to protect themselves and their computers.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

The Internet is NOT Childs Play – Internet Tips for Parents

In the last year,  McAfee Inc., the well known provider of antivirus software and intrusion prevention solutions, released research which indicated that most American mothers rate their teenagers’ online safety, their exposure to drugs and drunk driving, as essentially equal anxiety producing agents.

So, were these mothers concerns justified?

You bet! While it’s true that the Internet can provide a rich educational and cultural experience for children, and teenagers, it is virtually impossible for them not to be exposed to,  “the underbelly of the internet”.

One of the more harmful urban myths, which most adults believe is, we have raised, or are raising a “tech savvy” generation. This “truth” however, should not be taken at face value.

Simply because a teenager is more comfortable with technology than a parent, does not makes a teenager tech savvy. Knowing how to text message, or load a game onto an Xbox, does not make one “tech savvy”. It really is a situation where “they don’t know what they don’t know”, can have serious impact.

I fully understand where this idea of the tech savvy generation comes from – just listen to the mainstream media. The media constantly pontificates on how technically literate today’s young people are. The dichotomy is, these are the same young people whose literacy skills are insufficient to deal with their own education, never mind the complexities the techno world presents.

If you think this is an overstated argument, then consider this: According to a study of more than 19,000 college graduates, conducted by the National Center for Education Statistics, only 31 percent can read a complex book and extrapolate from it. Without doubt, the world of Internet security is the most complex world I have ever inhabited.

Staying safe in today’s techno centric world demands knowledge, and acquiring that knowledge requires that a major effort be made to obtain it. Lacking in appropriate literacy skills makes the job of accumulating that knowledge a difficult undertaking.

It’s no wonder then, that the majority of children, and teenagers, are undereducated when it comes to recognizing the dangers, and threats, that the Internet poses to their personal privacy and safety.

Let me ask you this question – would you drop off your child, or teenager, in a neighborhood where more than half of the buildings were adult stores, and which was potentially full of predators?

In my view, if you allow your child, or younger teenager, to interact with the Internet unsupervised, or without having communicated to your child information concerning potential on-line dangers, this is what you may well be doing.

How much do you know about where your child goes on the Internet?

What social networking sites does your child subscribes to?

Who are their online friends and acquaintances?

What does your child post online and where is it posted?

If you don’t know the answers to these questions, you are not alone. Recent statistics make it clear that fully 80% of parents don’t know.

It’s easy to see why this knowledge gap exists; since reports indicate 8 of out of 10 parents give their children unrestricted access to the Internet, without implementing parental control settings.

Additional study statistics:

Providing personal information to online strangers – 52 per cent of teens in the study reported having done so.

Providing a photograph, or a physical description, to online strangers – 34 per cent of teenage girls in the study, reported having done so.

Clearing the browser cache so that their Internet history cannot be tracked – 32 per cent of the teenagers in the study, reported having done so.

I found the most surprising and troubling statistic to be; 16 per cent of the teenagers involved in the McAfee study, indicated they had developed social networking profiles and Email addresses, which they had hidden from their parents.

So what’s a concerned parent to do?

You can bring yourself and your teenager up to speed on online safety, by taking the “McAfee/Comcast Cyber Summer Safety Challenge”. You might be surprised at what you can learn.

Then, follow the advice offered by the FBI in the United States, which lists some of the most important positive actions, you as a parent, can take to reduce your teenagers possible victimization on the Internet.

According to the FBI, the following are some of the most important positive actions, you as a parent, can take to reduce your child’s possible victimization on the Internet.

Communicate, and talk to your child about potential on-line dangers.

Spend time with your children on-line. Have them teach you about their favorite on-line destinations.

Keep the computer in a common room in the house, not in your child’s bedroom.

Utilize parental controls provided by your service provider and/or blocking software.

Since computer-sex offenders are a very real danger on the Internet, the FBI suggests that you instruct your children to:

Never arrange a face-to-face meeting with someone they met on- line.

Never upload (post) pictures of themselves onto the Internet or an on-line service to people they do not personally know.

Never give out identifying information such as their name, home address, school name, or telephone number.

Never download pictures from an unknown source; there is a good chance there could be sexually explicit images.

Never respond to messages or bulletin board postings that are suggestive, obscene, belligerent, or harassing.

An important aspect of ensuring that your child is safe while using the Internet, (recommended by child safety experts/organizations), is the installation of parental control software.

Parental controls will provide you with the advantage of being able to:

Block access to materials (text and pictures) identified as inappropriate for kids.

Permit access only to materials specifically approved as safe for kids.

Specify what types of materials are appropriate for your child.

Monitor your child’s activity on the Internet by storing names of sites and/or snapshots of material seen by your child on the computer for you to view later.

Set different restrictions for each family member.

Limit results of an Internet search to content appropriate for kids

Enforce time limits set by parents.

If your operating system does not offer parental control features, and you would like to implement this, then check out my review, on this site, of a free application offered by WRAAC.org, a non-profit organization dedicated to providing free and effective Internet control tools – “Free Internet Child Protection – Parental Control Bar”.

An additional problematic issues is, the issue of sex, tech and teens; more precisely – teenaged sexting. For information on this current issue, please read “Sexting – A Real Problem or an Overreaction?” on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Yahoo Instant Messenger Under Attack Again or Still?

A new variant of an old Yahoo Instant Messenger Worm spreading fast.

In business, when something works, why bother to reinvent the wheel. A little nip here; a little tuck there and hey – you’re still in business! No surprise then, when we see that cybercriminals subscribe to this business philosophy.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, etc, are wildly popular with users who want real-time computer contact with each other, and so, they form a perfect attack vector for malware distribution.

Symantec, along with a number of other security providers, are warning users of Yahoo Instant Messenger specifically, they are being targeted by a new variant of an old IM Worm, identified by Symantec as W32.Yimfoca.

(Graphics courtesy of Symantec)

If you are a Yahoo Instant Messenger user, you need to be particularly cautious, at the moment, in saving what appears to be a JPG or GIF file, but in fact could easily be this malicious executable.

This threat drops a worm which will lead to the attacker taking control of the victim’s computer. Additionally, the Worm is programmed to attack those in the victim’s contact list.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), the following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

Sensible tips for users to get the most out of these programs, securely and responsibly.

You need to be alert to the dangers in clicking on links or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files or links are genuine. Remember, if you click on those links or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Revealing confidential or personal information in these types of conversations can make you an easy target for Internet predators. For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however, do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs. The risk here goes beyond malware, as sadly, they could come into contact with undesirable, or even dangerous individuals.

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software to help you do this.

Click here: “Keep Your Kids Safe With Free Parental Control Bar”.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Sexting is NOT Sexy

The iPhone App Store likes to say, that they have “Apps for Everything”. So, while doing some research on iPhone apps a few days ago, I wasn’t at all surprised to see a so called “safe sexting app” called, appropriately enough – “Safe Sexting”.

The application allows users to cover their “naughty bits” using selectable boxes – Small Box, Large Box, Head Box, and as one pundit put it a “teasing semi-transparent Red Silk”.

Now, I’m no moralist, since I do subscribe to the French philosophy – Chacun son goû (each to his or her own taste) . But come on here – the use of this application is an invitation to an accident. And there will be accidents.

What kind of a company would develop an application that supposedly takes the sting out of an activity that is generally regarded as unsafe, illegal, and could have lifelong consequences – like a criminal conviction for possessing/distributing child pornography?

If Apple has an ounce of common sense, they will pull this application just as they did with the infamous “Baby Shaker” application. It should be noted however, that it took considerable pressure from child protection groups before Apple relented, and put the boots to this app.

Sexting is an issue that continues to be addressed regularly in the news, and it seems like an appropriate time to repost an earlier article:

Sexting – A Real Problem or An Overreaction?

According to sexologists, anthropologists, psychologists and sociologists, a common denominator amongst humans is the degree to which they think of sex.

Apparently, if we’re not thinking about sex, we’re talking about sex. If we’re not talking about sex, we’re engaged in sex. If we’re not engaged in sex, we’re thinking and talking and planning on becoming engaged in sex. Whew – no wonder I’m so tired all the time!

Given that we all seem to have this supposed preoccupation with sex – is it any wonder then that the Internet, and its associated connected devices, have become a common outlet for erotic fantasies.

Sex and tech, it seems, have come together, and that has generated a Pandora’s box of problems and issues that need to be resolved socially, legally, and morally.

One of these  problematic issues, is the issue of sex, tech, and teens; more precisely – teenaged sexting.

If you are the parent of a teenager, it would be difficult not to be aware of sexting – the practice of sending suggestive photos and videos via text message.

It’s an issue that has been a focus of attention in the news recently – at least here in North America.

So is teen sexting a real problem, or is it an example of adult hysteria and overreaction?

Consider the following points:

The sad reality is, contrary to the myth that we have raised, or are raising a “tech savvy” generation – the majority of teenagers, are undereducated when it comes to recognizing the dangers, and threats, that the Internet poses to their personal privacy and safety.

Recent survey results released by the The National Campaign to Prevent Teen and Unplanned Pregnancy seem to indicate that teen sexting is a problem, and not just an overreaction.

Survey statistics:

15 Percent of teenagers who have sent or posted nude or seminude images of themselves say they have done so to someone they only knew online.

48 Percent of teenagers say they have received such messages.

71 Percent of teen girls and 67% of teen guys who have sent or posted sexually suggestive content say they have sent or posted this content to a boyfriend or girlfriend.

21 Percent of teenage girls and 39% of teen boys say they have sent such content to someone they wanted to date or hook up with.

44 Percent of both teen girls and teen boys say it is common for sexually suggestive text messages to get shared with people other than the intended recipient.

36 Percent of teen girls and 39 % of teen boys say it is common for nude or semi-nude photos to get shared with people other than the intended recipient.

51 Percent of teen girls say pressure from a guy is a reason girls send sexy messages or images; only 18 % of teen boys cited pressure from female counterparts as a reason.

66 Percent of teen girls and 60% of teen boys say they did so to be “fun or flirtatious”; their most common reason for sending sexy content.

52 Percent of teenage girls used sexting as a “sexy present” for their boyfriend.

44 Percent of both teen girls and teen boys say they sent sexually suggestive messages or images in response to such content they received.

40 Percent of teenage girls said they sent sexually suggestive messages or images as “a joke.”

34 Percent of teen girls say they sent or posted sexually suggestive content to “feel sexy.”

12 Percent of teen girls felt “pressured” to send sexually suggestive messages or images.

So what’s a concerned parent to do? As a good starting point you should consider pointing your child to Think Before You Post, an online resource from The National Center for Missing and Exploited Children.

The following tips are included on this online resource for your teenager to think about.

Caution:

Use webcams or post photos online only with your parents’ and guardians’ knowledge and supervision.

Ask yourself if you would be embarrassed if your friends or family saw the pictures or video you post online. If the answer is yes, then you need to stop.

Be aware of what is in the camera’s field of vision and remember to turn the camera off when it is not in use.

Be careful about posting identity-revealing or sexually provocative photos. Don’t post photos of others — even your friends — without permission from your friends’ parents or guardians. Remember – once such images are posted you give up control of them and you can never get them back.

What to report:

Anyone you don’t know who asks you for personal information, photos or videos.

Unsolicited obscene material from people or companies you don’t know.

Misleading URLs on the Internet that point you to sites containing harmful materials rather than what you were looking for.

Anyone who wants to send you photos or videos containing obscene content of individuals 18 and younger. (The possession, manufacturing, or distributing of child pornography is illegal.)

Online enticement for offline sexual activities. (No one should be making sexual invitations to you online – and it’s an especially serious crime for adults to do it.)

If any of the above happens to you or a friend, tell an adult you trust and report it to the National Center for Missing & Exploited Children’s CyberTipline.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Avoid Worms – Instant Messaging Tips

I wrote earlier today about a new worm currently circulating on the Internet, which Panda Security identifies as the MSNWorm.GU.

This worm uses MSN Messenger, and other chat applications, to spread. It infects systems silently, and without any visible symptoms.

Infection occurs when the victim clicks on a download link contained in a message received from a contact. Clicking on the link installs the worm on the target system, and the infection begins.

So, is there anything unusual about this worm; is it just a one off occurrence? Not at all – instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware. In fact, recent statistics indicate almost 50% of worms use instant messaging applications to spread.

Regrettably, from a security perspective these applications can present considerable security risks. Security risks increase  substantially when these programs are used to share files, folders, or in some cases even entire drives.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

You need to be alert to the dangers in clicking on links or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files or links are genuine. Remember, if you click on those links or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Revealing confidential or personal information in these types of conversations can make you an easy target for Internet predators. For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however, do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs. The risk here goes beyond malware, as sadly, they could come into contact with undesirable, or even dangerous individuals.

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software to help you do this.

Click here: “Parental Control Bar”

On the whole, the best protection against Instant Messaging threats involves having good antivirus and firewall protection to guard your security at all times. Elsewhere in this Blog, you can read an article on free security software and download those you might find useful.

Click here: “Best Free Security Applications”

For information on how Skype has become open to scamming, read the article Skype says I’m infected with malware … by my tech wizard friend Techpaul.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Excellent Online Security Blogs Worth Subscribing To

Guest writer Mary Ward, takes you on a tour of 7 security Blogs that can help you stay safe on the Internet.

The issue of privacy, more specifically as it relates to online security, is a hot topic these days. As people use the Internet for more and more of their everyday functions, they want to understand what online security means and how it relates to them.

While people fear for the safety of their own information, they can look to some very knowledgeable resources in the blogosphere for help.  You can learn most everything within the world of online security by visiting these top blogs.

7 Online Security Blogs You Should Know:

1. 1 Raindrop – Written by a software architect, there is a unique and extremely relevant point of view presented on the topic of online security. This blog is written by an individual who understands the topic firsthand and therefore can bring insight on current trends as he is considered to be an expert in the field. Not only does he keep up with informative blog posts but talks about his speaking engagements and the reaction they get from the general public.
2. Freedom to Tinker –   The nice part about this blog is that it offers many different featured authors as part of the following and for whom the actual blog posts come from. Not only does this mean unique points of view, but it also allows for individuals to contribute and keep followers informed on various areas of online security. This is well worth following to keep up with current trends and to see what the latest news is with online security because that is at the core of every contributing author on here.
3. Exhaustive Research – A very intriguing blog that not only dives into the concept of online security but also how it relates to human behavior and the world in general. If the blog posts weren’t to capture your attention, the comments by those who regularly follow this blog can often keep you on the edge of your seat.
4. Another Set of Teeth – You can tell that this comes from an IT professional who has a distinct point of view and that’s what keeps people coming back. He represents his views thoughtfully but without apology as he tackles the issues of hacking and online security for the general public. It’s a refreshing point of view as it’s not only informative but very honest too.
5. Security Buddha – Though online security is at the center of this blog, there are so many other security issues that this blogger delves into. You can learn about everything from hacking to keeping your information safe—even learn about airport security. He takes his security issues very seriously and therefore brings a much respected point of view.
6. Avi Rubin’s Blog – Sure it’s just one blogger writing about his unique point of view, but it’s rather intriguing. He spells out up front his desire to dive into the specific areas of security evaluators and network security, amidst many other topics that are pertinent. This is one individual who not only knows about the world of online security, but also about how to write in an interesting and relevant manner.
7. Meta Security – There are a variety of different topics and authors that make this an excellent blog to follow. Though online security is just one of the many topics, including money laundering and fraud, you can learn a little bit about a whole lot of topics within the security world.

More and more we find that the issue of online security is one that needs addressing.  Follow along with these top security bloggers and get the information you need to surf and work the web confidently and securely.

This is a guest post by Mary Ward who writes about various safety, security, and legal career topics, including how to obtain a court reporting degree. Checkout what Mary has to say on top court reporting degree programs.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.