Tag Archives: virus

Another Worm Worms Its Way Into Instant Messaging Applications

imageFrom the more things change the more they remain the same files:

AV-killing worm spreads via Facebook chat and IM clients – A rather industrious piece of malware that – among other things – paves the way for other malware by disabling AV solutions and software update modules has been spotted spreading via several Instant Messaging applications (ICQ, Skype, GTalk, Pidgin, MSN, YIM) and Facebook.

The victims receive a message from an unknown user, offering a link to a funny or interesting video. If they follow it, the malware in question downloads automatically from the linked site and is executed.

Nothing new here – as any one of the 10 or more articles I’ve  written over the years on using Instant Messenger applications safely will attest to. The following post (originally published September 4, 2010) will serve as a quick refresher on how to navigate the Internet safely while using an Instant Messenger client.

Tips For Using Instant Messenger Applications Safely

In a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users, one resultant statistic made me sit up a little straighter. Just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), I was more than a little surprised at this unrealistic response.

The reality is, from a security perspective Instant Messaging applications can present considerable security risks. Security breakdowns can occur when these programs are used to share files, folders, or in some cases, entire drives. Instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware and scams.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, and a basket full of other IM applications, are extremely popular with users who want real-time contact with each other and (no surprise here), this makes them the perfect vehicle for cyber criminals.

Hackers use two methods of delivering malicious code through IM: delivery of virus, Trojan, or spy ware within an infected file, and the use of “socially engineered” text with a web address that entices the recipient to click on a URL which connects to a website that downloads malicious code. Viruses, worms, and Trojans then typically propagate, by sending themselves rapidly through the infected user’s buddy list.

image

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Advertisements

3 Comments

Filed under Don't Get Hacked, Instant Messenger Safety Tips, Interconnectivity, Malware Alert

Think BEFORE You Click! – How Hard Is That?

imageHARD, apparently.

I recently repeated a small experiment (for the third year in a row), with a group of “average computer user” friends, (12 this time around), and I was disappointed to see (once again), that the conditioned response issue to “just click” while surfing the web, was still there.

Still, I’m always hopeful that reinforcing the point that clicking haphazardly, without considering the consequences – the installation of malicious code that can cause identity theft and the theft of passwords, bank account numbers, and other personal information – would have had some impact. Apparently not.

But, I haven’t given up. I’m prepared to hammer them repeatedly until such time as I can make some progress. In the meantime, I expect that curiously browsing the web blissfully unaware of the considerable malware dangers, will continue to be the modus operandi for my friends.

They’re not alone in their “clicking haphazardly” bad habits. Many of us have learned to satisfy our curiosity simply by a mouse click here, and a mouse click there. Arguable, we have developed a conditioned response (without involving conscious thought), to – “just click”.

It can be argued, that our “just click” mindset poses the biggest risk to our online safety and security. In fact, security experts argue, that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly”, or opening the types of files that are clearly dangerous. However, this type of dangerous behavior continues despite the warnings.

Most visitors to this site are above average users (I’m assuming that you are too), so, I have a challenge for you.

Take every appropriate opportunity to inform your friends, your relatives, and associates, that “just clicking haphazardly” without considering the consequences, can lead to the installation of malicious code that can cause identity theft and the theft of passwords, bank account numbers, and other personal information.

Help them realize that “just clicking”, can expose them to:

  • Trojan horse programs
  • Back door and remote administration programs
  • Denial of service attacks
  • Being an intermediary for another attack
  • Mobile code (Java, JavaScript, and ActiveX)
  • Cross-site scripting
  • Email spoofing
  • Email-borne viruses
  • Packet sniffing

They’ll be glad that you took an interest in their online safety. And, best of all, by doing this, you will have helped raise the level of security for all of us.

A point to ponder:

Since it’s proven to be difficult to get “buy-in” on this – “think before you click safety strategy” – I generally ask the question – do you buy lottery tickets? Not surprisingly, the answer is often – yes. The obvious next question is – why?

The answers generally run along these lines – I could win; somebody has to win;……. It doesn’t take much effort to point out that the odds of a malware infection caused by poor Internet surfing habits are ENORMOUSLY higher than winning the lottery and, that there’s a virtual certainty that poor habits will lead to a malware infection.

The last question I ask before I walk away shaking my head is – if you believe you have a chance of winning the lottery – despite the odds – why do you have a problem believing that you’re in danger on the Internet because of your behavior, despite the available stats that prove otherwise?

18 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Online Safety, Spyware - Adware Protection

Way To Go WOT! – Now Protecting 30 Million Users

imageThe Internet is one kickass place – survey after survey continue to show that cybercriminals are picking off unaware/undereducated users, as if they were shooting fish in a barrel.

It’s hardly surprising then, that an enormous industry (no, not big, not large – but, enormous) has developed, based on the principal that technology can act as a counterfoil  to the most nefarious cyber criminal schemes. Criminal schemes which are, after all, technology driven.

I’ll leave it to you to decide if this has been an effective solution.

No matter the side you come down on regarding this complex issue, dancing around naked (so to speak ) on the Internet – that is, without adequate Browser protection, is akin to fumbling and stumbling through the toughest neighborhood in your area – after dark.

Internet security starts with the Web Browser (it does not end there – but, one step at a time), and WOT (Web of Trust, which passed the 30 million user mark yesterday – January 9, 2011), substantially reduces the risk exposure that comes with wandering through the increasingly risky neighborhood that the Internet has become.

Based on the way that I surf the Web, there’s no contest as to which of the 17 add-ons I have installed on Firefox, is most important to my piece of mind. The hands down winner – the single most important add-on for my style of surfing is WOT (Web of Trust).

Sure, that’s a pretty bold statement – but, since I frequently hear from readers who, after installing WOT on their computer systems, feel reassured that they are safer than ever before, and who express a renewed sense of confidence, and  a new level of enthusiasm, while surfing the Internet, I’ll go with it.

If you’re not yet a WOT user, read the following in-depth review – you may reconsider.

What is WOT?

WOT, one of the most downloaded Firefox Add-ons at the Mozilla add-on site, (also compatible with Internet Explorer and Chrome), is a free Internet Browser resource which  investigates web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams – helping you avoid unsafe web sites.

For example, here’s a Google search in which WOT indicates which sites are safe. Notice the unsafe (red) sites, in the Google ads!

image

Take a look at what happens if, in fact, you do end up on an unsafe web site. WOT’s dropdown warning curtain blocks access to the site until you determine otherwise.

WOT - new

WOT operates in a unique fashion in order to offer active protection to the Internet user community. It stands out from the crowd of similar applications, by soliciting the opinions of users/members whose views on web site safety are incorporated into the overall site safety rating. According to WOT, the user community now has reputation data on over 35 million sites worldwide.

The shared information on a site’s reputation includes trustworthiness, vendor reliability, privacy, and child safety. As well, in order to achieve maximum security coverage, WOT uses thousands of trusted sources including phishing site listings, to keep users protected against rapidly spreading threats.

image

WOT integrates seamlessly with search engine results from popular search engines including Google, Yahoo, MSN and other popular sites, and provides impressive protection against Internet predators.

WOT recently added the top three web-based email services – Google Gmail, Windows Live Hotmail and Yahoo! Mail, to its free security protection. You can now feel more confident and secure, since WOT checks links embedded in your email, and warns you of dangerous web sites so that you can avoid spyware, spam, phishing, identity theft and other Internet scams; before you click on dangerous embedded links.

How WOT works:

The Browser add-on icon, displays a color rating for each site you visit, indicating whether a site is safe to use, should be used with caution, or avoided entirely.

Using traffic light colors, (green, yellow, and red), WOT leaves you in no doubt as to the safety rating of a web site. An impressive feature of WOT is the dropdown transparent warning curtain, shown earlier, triggered on visiting a dangerous site.

Recognizing that up to ten percent of Internet users are at a disadvantage however, due to colorblindness, and cannot rely on an Internet safety system based on color coding, the Web of Trust development team recently released an adaptive version of WOT. This version incorporates equivalent alternative information, through assistive or adaptive technology, for colorblind users.

This colorblind accessible application provides the same critical benefits to those individuals who have to contend with visual impairments, as it has to those of us who have come to rely on WOT as a major defense against the pervasive hazards we encounter on the Internet.

Quick facts – WOT checks the following on each web site visited:

Trustworthiness

Vendor reliability

Privacy

Child Safety

More quick facts:

Ratings for over 30 million websites

The WOT browser add-on is light and updates automatically

WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.

Settings can be customized to better protect your family

WOT Security Scorecard shows rating details and user comments

Works with Internet Explorer, Firefox and Chrome

Interface supports English, French, German, Spanish, Italian, Russian, Polish, Portuguese, Swedish and Finnish.

System requirements: Windows (all), Mac OS X, Linux

Download at: MyWot

Surf more securely by installing this browser add-on which will provide you with an in-depth site analysis based on real world results. Keep in mind however, that you are your own best protection. Stop · Think · Click.

11 Comments

Filed under Browser add-ons, Browser Plug-ins, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Internet Safety Tools

Your Website Traffic Log – The Trap Door To Spread Viruses?

Checking your Website traffic stats is not without some risk, as guest writer Bruno Deshayes explains in this thought provoking article.

imageYou get pleasantly surprised to notice an unknown website apparently sending traffic to you. When you click on the link not only do you find that the page does not mention your site at all but at best security essentials blocks the threat or at worst your browser locks up and it is anybody’s guess what the pirate is doing under the hood.

Better close down your PC altogether and run a virus check. If you run a laptop even turning the machine off will achieve nothing – you have to physically turn the laptop over and remove the battery for a forced shutdown! How many files could get infected by the time you finally do it?

I find those fake referral urls showing up in cPanel | AWStats but also in blogspot | stats | traffic sources.

The old trick of course was to send you an email loaded with some html data rather than plain text. Viewing the thing in outlook would automatically launch the browser and – too late – the malicious website is already loaded and doing its nasty work unbeknown to you.

I used to handle that one by always checking suspicious emails this way: While having emails preview disabled: right mouse click and choose properties in the floating menu. Then choose details and message source to view the raw email text.

If they send me some base64 encoded attachment and nothing else you know it is a nasty payload. I have used Gmail for some time and still read it in outlook because I don’t like the ads or the heavy JavaScript used on the Gmail website. When I go there occasionally I am amazed at all the spam that got filtered out!

The internet in the last 10 years has become a very mature market with every man (woman?) and their dog blogging and every hacker from India, Russia and China trying to make a quid in broken English or else trying to rort the system.

The spread of botnets silently programmed to check every security loophole and delegating their activity to hundred of infected machines has come to the attention of the main stake holders. Microsoft who used to hide behind a whole industry of virus scanners is now taking the lead with effective and free maintenance tools. Well, their future depends on it. If Windows is crippled by security issues it makes Apple the alternative of choice. But behind the glitz the Steve Jobs camp is now having to face the music and made to understand that not everything can be fixed by the same marketing spin.

The worrisome factor is that in a global economy there isn’t a single entity to police the internet. If you look on the bright side the plague of email spam has been brought down to a fair extend. Interpol has nabbed pedophiles networks. The nofollow tag has tamed blog comments link spammers and even WordPress has come up with an advanced tool to keep comment interaction within its community alive and buzzing.

Bruno Deshayes is a writer, designer and developer who runs a portfolio of online services. He can be politically incorrect for the sake of stirring things up and engaging his readers.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under Blogging Tips, Cyber Crime, Don't Get Hacked, Guest Writers, Opinion, Viruses, WordPress

WOT (Web of Trust) – Is It The Most Important Browser Security Add-on You Need To Install?

image It would be difficult for regular readers of this site not to be aware, that I write consistently on the importance of Internet Browser protection.

In fact, we’ve covered 20 or more Browser add-ons here in the past few weeks – from add-ons that add functionality, to those that promise to provide additional security.

All this coverage of Browser add-ons rattled my Brain somewhat, and got me thinking about the single most important add-on I have installed – the add-on I couldn’t do without.

Based on the way that I surf the Web, there was no contest. Of the 17 add-ons I have installed on Firefox, the hands down winner – the single most important add-on for my style of surfing is WOT (Web of Trust). I don’t think I’m alone in this assessment.

I frequently hear from readers who, after installing WOT on their computer systems, feel reassured that they are safer than ever before, and who express a renewed sense of confidence, and  a new level of enthusiasm, while surfing the Internet.

In fact, just under 6,000 Tech Thoughts readers have installed WOT in the last two years – according to today’s download stats.

image

And why not. Security starts with the Web Browser, and WOT substantially reduces the risk exposure, that comes with wandering through the increasingly risky neighborhood that the Internet has become.

What is WOT?

WOT, one of the most downloaded Firefox Add-ons at the Mozilla add-on site, (also compatible with Internet Explorer and Chrome), is a free Internet Browser resource which  investigates web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams – helping you avoid unsafe web sites.

For example, here’s a Google search in which WOT indicates which sites are safe. Notice the unsafe (red) sites, in the Google ads!

image

Take a look at what happens if, in fact, you do end up on an unsafe web site. WOT’s dropdown warning curtain blocks access to the site until you determine otherwise.

WOT - new

WOT operates in a unique fashion in order to offer active protection to the Internet user community. It stands out from the crowd of similar applications, by soliciting the opinions of users/members whose views on web site safety are incorporated into the overall site safety rating. According to WOT, the user community now has reputation data on over 30 million sites worldwide.

The shared information on a site’s reputation includes trustworthiness, vendor reliability, privacy, and child safety. As well, in order to achieve maximum security coverage, WOT uses thousands of trusted sources including phishing site listings, to keep users protected against rapidly spreading threats.

image

WOT integrates seamlessly with search engine results from popular search engines including Google, Yahoo, MSN and other popular sites, and provides impressive protection against Internet predators.

WOT recently added the top three web-based email services – Google Gmail, Windows Live Hotmail and Yahoo! Mail, to its free security protection. You can now feel more confident and secure, since WOT checks links embedded in your email, and warns you of dangerous web sites so that you can avoid spyware, spam, phishing, identity theft and other Internet scams; before you click on dangerous embedded links.

How WOT works:

The Browser add-on icon, displays a color rating for each site you visit, indicating whether a site is safe to use, should be used with caution, or avoided entirely.

Using traffic light colors, (green, yellow, and red), WOT leaves you in no doubt as to the safety rating of a web site. An impressive feature of WOT is the dropdown transparent warning curtain, shown earlier, triggered on visiting a dangerous site.

Recognizing that up to ten percent of Internet users are at a disadvantage however, due to colorblindness, and cannot rely on an Internet safety system based on color coding, the Web of Trust development team recently released an adaptive version of WOT. This version incorporates equivalent alternative information, through assistive or adaptive technology, for colorblind users.

This colorblind accessible application provides the same critical benefits to those individuals who have to contend with visual impairments, as it has to those of us who have come to rely on WOT as a major defense against the pervasive hazards we encounter on the Internet.

Quick facts – WOT checks the following on each web site visited:

Trustworthiness

Vendor reliability

Privacy

Child Safety

More quick facts:

Ratings for over 30 million websites

The WOT browser add-on is light and updates automatically

WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.

Settings can be customized to better protect your family

WOT Security Scorecard shows rating details and user comments

Works with Internet Explorer, Firefox and Chrome

Interface supports English, French, German, Spanish, Italian, Russian, Polish, Portuguese, Swedish and Finnish.

System requirements: Windows (all), Mac OS X, Linux

Download at: MyWot

Surf more securely by installing this browser add-on which will provide you with an in-depth site analysis based on real world results. Keep in mind however, that you are your own best protection. Stop · Think · Click.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

33 Comments

Filed under Adaptive Technologies, Browser add-ons, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Firefox Add-ons, Freeware, Google Chrome, Interconnectivity, Internet Explorer Add-ons, Internet Safety Tools, Linux, Mac OS X, Online Safety, Software, Windows Tips and Tools, WOT (Web of Trust)

Tips For Using Instant Messenger Applications Safely

imageIn a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users, one resultant statistic made me sit up a little straighter. Just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), I was more than a little surprised at this unrealistic response.

We’ve talked about IM security a number of times here, but this recent statistics indicates, a quick refresher might be in order.

The reality is, from a security perspective Instant Messaging applications can present considerable security risks. Security breakdowns can occur when these programs are used to share files, folders, or in some cases, entire drives. Instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware and scams.

Just a few days ago, for example, a Trend Micro analyst discovered an IM variant of the “Solve the IQ test”. Had he followed the instructions, he could have let himself in for a series of monthly charges of $9.99–$19.99 a month, automatically added to his cell phone bill.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, and a basket full of other IM applications, are extremely popular with users who want real-time contact with each other and (no surprise here), this makes them the perfect vehicle for cyber criminals.

Hackers use two methods of delivering malicious code through IM: delivery of virus, Trojan, or spy ware within an infected file, and the use of “socially engineered” text with a web address that entices the recipient to click on a URL which connects to a website that downloads malicious code. Viruses, worms, and Trojans then typically propagate, by sending themselves rapidly through the infected user’s buddy list.

image

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Instant Messanger changed Above all, if you are a parent, take exceptional care with the access that your children have to these programs.

The risk here goes beyond malware, as sadly, they could come into contact with undesirable individuals. The risk is low of course, but……..

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software, Parental Control Bar,  to help you do just that.

Readers with younger children, please read, KidZui – Free, Safe Internet Browsing for Kids, on this site. This guest writer article, by Silki Garg of the Internet Security Blog, provides a comprehensive review of KidZui.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Child Safety Internet, cybercrime, Don't Get Scammed, Don't Get Hacked, Freeware, Instant Messenger Safety Tips, Interconnectivity, Internet Safety for Children, Internet Safety for Teenagers, Malware Advisories, Online Safety, Software, Utilities, Windows Tips and Tools, worms

Malware Avoidance Lesson Number One – Think BEFORE You Click!

I recently repeated a small experiment with a group of “average computer user” friends, (about 16, or so), and I was disappointed to see that the conditioned response issue to “just click” while surfing the web, was still there. This, despite my long battle to get them to modify their online behavior.

I assumed that endlessly reinforcing “clicking haphazardly, without considering the consequences, can lead to the installation of malicious code that can cause identity theft and the theft of passwords, bank account numbers, and other personal information”, would have had some impact. Apparently not.

But, I haven’t given up. It appears it will take even more repetition before progress can be made. In the meantime, I expect that curiously browsing the web blissfully unaware of the considerable malware dangers, will continue to be the modus operandi for my friends.

My friends are not alone in their “clicking haphazardly” bad habit. Many of us have learned to satisfy our curiosity simply by a mouse click here, and a mouse click there. Arguable, we have developed a conditioned response (without involving conscious thought), to – “just click”.

It’s now well established, that our conditioned human responses pose the biggest risk to our online safety and security. Our curiosity, coupled with our conditioned responses can often override our common sense, so it’s not unusual for people to open an email attachment, for example, despite knowing that the attachment could be a virus, or another form of malware.

Conditioned Response

Security experts argue that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous. To this point however, this type of dangerous behavior continues despite the warnings.

Most visitors to this site are above average users (I’m assuming that you are too), so, I have a challenge for you.

Take every appropriate opportunity to inform your friends, your relatives, and associates, that “just clicking haphazardly” without considering the consequences, can lead to the installation of malicious code that can cause identity theft and the theft of passwords, bank account numbers, and other personal information.

Help them realize that “just clicking”, can expose them to:

  • Trojan horse programs
  • Back door and remote administration programs
  • Denial of service attacks
  • Being an intermediary for another attack
  • Mobile code (Java, JavaScript, and ActiveX)
  • Cross-site scripting
  • Email spoofing
  • Email-borne viruses
  • Packet sniffing

You can do them an additional favor, by pointing them to  Comodo’s YouTube channel, Really Simple Security, where they can learn the basics of Internet security in a  constructive, yet lighthearted way.

They’ll be glad that you took an interest in their online safety. And, best of all, by doing this, you will have helped raise the level of security for all of us.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

16 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Interconnectivity, Online Safety, Personal Perspective, Safe Surfing