 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 January, 2012: Symantec has announced that if you are using it’s PC Anywhere program for remote access, you should stop. Apparently the source code, therefore the security, has been stolen by an Indian hacking group and it has been severely compromised.
|
|
|
|
November, 2011: Internet security firms have reported that the Duqu Trojan virus is a zero-day exploit of a previously unknown vulnerability embedded in Microsoft Word files. The virus has infected a total of eight countries, including Iran, India, France and Ukraine, but not yet the U.S. It seems to target and scan internal corporate systems to gather information, reporting back to an as yet unknown source. It doesn’t look like a problem for most residential surfers, although Microsoft is working on a patch.
|
|
|
|
October, 2011: If you’ve ever wondered whether some of the spam you receive is the result of your friends on Facebook, Norton now offers a tool called Norton Safe Web, which scans your web browser to see if any infected links come from your Facebook account. If you’re an active Facebook user, this may interest you.
|
|
|
|
Technology is always a double-edged sword. Take cars. With the explosion of new types of computers and chips in recent cars, including the ones which control navigation, offer emergency assistance (a/k/a “telematics”), check tire pressure, automatically park, monitor emissions, employ diagnostics to monitor anti-lock brakes and fuel injection, run radios, permit keyless entry, and allow cell phones to communicate can, conversely, allow hackers to intrude into those systems, usually through Bluetooth or other entry points, where they can take control of all of the computer related systems. This could become a problem. Encryption may help, but defense is always a moving target.
|
|
|
|
September, 2011: According to the NY Times (9/29/11), Heidi Klum is this year’s most dangerous celebrity - to search for on the Web at least - according to McAfee Security. Clicking on links promising sexy pictures of her comes with a nearly one-in-10 chance of contracting a bad case of malware.
|
|
|
|
August, 2011: The Morto worm, which targets Windows computers by exploiting poorly chosen passwords through Remote Desktop Protocol (“RDP”) has arrived and, if it gets into your network, it can clog the network. But it’s not much of a concern if your anti-virus software is kept current.
|
|
|
|
|
HOW TO AVOID MALWARE
If you’ve been reading the posts on this page, you’ll see a commonality among them: Spammers that purvey malware use current events, curiosity and greed to get you to open infected links, e-mails and advertisements. We used to post many of these scams, but there got to be so many that we now only post the largest or more pervasive threats. But, for example, here’s a list of the more current ones:
Superbowl: Knock-off team jerseys, counterfeit memorabilia, and fake YouTube videos, to name a few.
FaceBook: E-mails about how to make millions off the upcoming IPO.
Diet Scams: Diets used by the stars and the HCG diet.
Presidential Race: Downloads of videos of candidates, e-mails for support, etc.
MORE: Tax refunds; Traffic cam tickets; Olympic Games tickets and memorabilia, and more.
Lesson: If it’s news, it’s current, or it involves money, it’ll be exploited by hackers for profit! Don’t fall for it!
If you want to keep up with these scams on a daily basis, go to Sophos.com and sign up for the Naked Security newsletter.
|
|
|
|
|
August, 2011: It’s amazing how many ways spammers can find to attack your computer with malware. Here’s the latest: E-mails, supposedly from the NY State Dept of Motor Vehicles (it has a @nyc.gov address), posing as a “Uniform Traffic Ticket” informing you that you are charged with speeding at 7:25am on 5 July 2011. They tell you to print out the attached ticket and send it to the court and -- oops -- here’s where you download the malicious code onto your computer and compromise your security. Don’t do it - check out any tickets directly through NY, not by clicking on an e-mail! Also: There’s a similar scam claiming it’s a notification from the FDIC, to the same effect.
|
|
|
|
July, 2011: By now, you should realize that Firefox automatically updates itself. So, if you receive an e-mail allegedly from Mozilla asking you to update, don’t click on it. It does download Mozilla. But it is also a Trojan Horse known as Troj/PWS-BSF which can steal passwords.
|
|
|
|
July, 2011: Recent events (the U.K. News of the World scandal) have prompted people to wonder if they’re vulnerable to “phone hacking.” Actually, this is a misnomer, as what is actually involved is simply illicit access to voicemail messages, usually because the phone’s user has failed to change the default PIN for voicemail access. If you haven’t changed the default issued with your voicemail account, someone could dial the carrier’s access number, enter the default PIN and listen to your messages. The answer: Set your personal PIN.
|
|
|
|
July, 2011: Those spammers sure don’t waste any time. In the same week that Google+ was introduced, they sent out bogus Google+ invitations that were actually online pharmacy come-ons.
|
|
|
|
Multi-Function Printers (“MFPs”) can pose network security risks. Particularly offices. The newer e-printers which rely on wireless technology to connect computers and iPads to the MFP can be hacked. So be sure to protect yourself from this vulnerability by enabling WPA2 encryption on the network, combined with a secure password. Also, turn off other Wi-Fi and Bluetooth devices if they’re not being used, as hackers will always pick the weakest link on the network.
|
|
|
|
It’s not even safe to play on your Xbox any more without fear of being hacked. Ask Hunter Gelinas of Florida, who found the SWAT team at his house in June, 2011 after a Canadian hacker sent out a hoax call to police that hostages were being held at his home. Any time you get on the Internet, even for gaming, you run the risk of being hacked.
|
|
|
|
More than 4 million Windows PCs have been infected since March, 2011 by a botnet known as “TDL.” The boot sector virus, now in its fourth version, is close to indestructible, according to Kaspersky Labs, and spreads via web sites, particularly those that let people store video and image files.
|
|
|
|
June, 2011: Link to the Mac page to read about the Mac Defender virus and other security updates for Macs. Also, the possible malware infections you can subject yourself to if you use the jailbreakme website information.
|
|
|
|
Guardian Analytics reports that about 75% of SMBs in the U.S. experienced online fraud and/or bank account takeover in the 12 months preceeding April, 2011. Banks didn’t detect the fraud in 78% of the cases. Businesses suffered monetary losses 60% percent of the time, the bank 37% of the time.
|
|
|
|
Microsoft IE9s “Do Not Track” feature doesn’t have any teeth. When you enable this feature in your browser (same for Firefox 4; not available in Chrome and Safari), it’s only a request, indicated by an electronic flag that is visible to web operators. But they aren’t obligated by law or otherwise to honor such requests. In fact, there may be as yet no technological way to do so. For now, just stick with deleting cookies and search histories or using anonymous browsers.
|
|
|
|
March, 2011: Good news! Led by Microsoft, Pfizer and FireEye, the Rustock botnet, which pumped out 44 billion pieces of spam (mostly masquerading as Canadian pharmacies, actually located in India and elsewhere) is no more, at least for now. The amount of spam worldwide actually dropped by 47.5!
|
|
|
|
May, 2011: hacker groups LulzSec and Anonomyous invaded police departments, the CIA, PBS, the U.S. Senate, Fox and other sites. After 50 days, they retired.
|
|
|
|
March 2011: Recently, a malware known as LizaMoon has hijacked links on literally millions of websites, including some of the normally safe ones such as iTunes and Google. Like Anti-Virus 2011, LizaMoon uses rogue-AV scare tactics to trick you into running bogus cleanup tools on your PC, usually to no avail. You can avoid this by simply not clicking on the come-on.
|
|
|
|
ZeuS (a/k/a Trojan.Zbot) just won’t go away. One of the most damaging and persistent malicious code, ZeuS runs below the radar as a rootkit, where it gathers account numbers and passwords then sends them off to data dump dropzones over the Web. What makes ZeuS more damaging is its ability to evolve, infecting machines through a variety of sources, focusing on differing attack vectors, modifying web pages, even attacking smart phones. It’s difficult to protect against and remove. And it’s not going away any time soon; in fact it’s for sale on the Internet.
|
|
|
Cloud computing can be a double-edged sword: While it makes it easier to archive and retrieve data from anywhere at a very reasonable cost, it also makes it easier for hackers to propagate viruses and malware inexpensively and anonomyously. Because of the nature of the cloud, they can’t be found like they could if they were using their home computer, and powerful cloud computers make their job faster and easier. Click HERE for more information on cloud computing.
|
|
|
|
It’s a new year and the security summaries for 2010 have been published, along with the vulnerability predictions for 2011. No great surprises here. Cisco reports that, while mass attacks are reduced, targeted attacks like phishing, identity theft and malware, are on the rise, as the payoff is greater. Summarized: As more people use mobile devices and bring them into the workplace, they will come to the forefront of security. Social media attacks will become more common and more complex, as e-mail and ordinary virus attacks decline. Rootkits and MBR viruses will increase, however. McAfee and Trend Micro say their data shows that Google’s Android platform as well as Apple’s iPhone and Mac OS, and geolocation service FourSquare and URL-shortening services used by Twitter and FaceBook are all in cybercriminals crosshairs. Net-Witness and Websense also predict that botnets are now roaring back in the new year after a downturn in the final quarter of 2010, and that there will be a botnet “cyberware” which will most likely be won by the Zeus botnet (over competitors Kneber, Rustock and Waladac) which will be incrementally upgraded with opt-in and JavaScript cross-site. Finally, as the result of the Wikileaks controversy, there may also be an increase in politically motivated attacks.
|
|
|
|
2011 Virus Stats: PandaLabs reports that Malware increased 26% during the beginning of 2011, and 16% over the end of 2010. 70% were Trojans. Similarly IBM’s 2010 Trend & Risk Report found that almost half of vulnerabilities were web application issues, caused by cross-site scripting and SQL injection malware (see SPYWARE page).
|
|
|
|
2010 Virus Stats: 4 Qtr. 2010 1.2 million web sites were affected by malware according to Dasient Internet Security, double that of Q4 2009. Most were drive-by downloads (see Spyware), surpassing older forms of incursion such as spam and e-mail attachments. Maybe the arrest of Russian Oleg Nikolaenko (a/k/a The King of Spam), author of the Mega-D botnet which sent 10 million spam e-mail messages a day, has had some (temporary) effect.
|
|
|
|
The Microsoft security scammers are back again. If you receive an e-mail allegedly from the “Microsoft Security Team” urging you to update your Windows, don’t fall for it. The subject line may say “Update Your Windows” and it may be from Steve Lipner (who really is with Microsoft’s security team), and it may attach a file (KB453396-ENU.zip). Trash this mail, as it will infect your computer. And remember - Microsoft NEVER sends e-mails with security updates.
|
|
|
|
It’s an excellent prediction that the next big area for viruses and malware will not be over computers but smartphones. Companies such as McAfee (which just purchased ten-Cube, before itself being purchased by Intel) and Symantec (which just updated its antivirus software for iPhone, Android and SMobile Systems) are all developing protection for smartphones. Lookout, a San Francisco startup, has compiled a database of more than 1 million smartphone apps which it uses to detect new threats and block potentially malicious applications, as well as to provide data backup and the ability to remotely wipe data in the event the phone is stolen. Apple vets applications before allowing its users to download them to their iPhones, making them somewhat safer than the Android applications, which aren’t checked by Google before posting to the Internet for download. So you can end up with such things as the (Droid) tip calculator which, when downloaded, also forwarded the phone user’s text messages to hackers, giving them the potential to learn potentially sensitive information, such as on-line banking information. Or other apps that automatically call expensive, premium-rate phone numbers without the user’s knowledge, racking up potentially huge bills. And don’t forget that tablets aren’t laptops, so they don’t get as many security updates and can’t be “locked down” as easily.
|
|
|
|
Talking about cell phones, many of their browsers make use of shortened URLs (addresses). From a security point of view, using these shortened URLs (such as TinyURL, bit.ly & is.gd) present security risks, since the full URL is hidden. It’s a good idea to go to the full URL website if at all possible. Unfortunately, it’s different for almost every shortened URL and every browser. For example, to view the full address for bit.ly, add a “+” sign and past it into your browser. For tiny.url, prepend the word “preview.” before the address, then copy into your browser. Several sites such as Longurl, Expandmyurl.com and longurlplease.com also offer these services. Moreover, both Firefox and Chrome have add-ons that can be installed to preview the full URL. Joshua Long, a/k/a “The Joshmeister,” has compiled an excellent article about how to preview all types of shortened URLs. You can reach it by clicking HERE.
|
|
|
|
Some viruses have actually been unleashed by hackers dropping a USB drive in a parking lot which became plugged in by a (naturally) curious person. The infamous Stuxnet worm in mid-2010 was also most likely propagated through USB flash drives. It is likely that in the future this vector for malware delivery may increase. One way to make it less likely to do its damage is to disable the “autorun.inf” file in Windows. That’s the file that automatically loads programs or searches for drivers once a disk or device is inserted into the computer. If it runs automatically, this means that if the media contains the virus, it may automatically load; Also, if Windows automatically must search on the web for a driver for the device, it may go to a site which will download a purposely infected driver. To disable the driver search feature in Windows (which would still allow you to search for a missing driver, although manually), here’s how: In Windows XP, Start>Control Panel>System>Hardware Tab>Drivers>Windows Update, then uncheck “Never Search Windows Update for Drivers”. In XP and Win7, Start>type “change device installation settings” in the search box>in the pop-up window, under “Do you want Windows to download driver software...” select “No, let me choose what to do,” then choose the option “Never install driver software from Windows Update”. Disabling the autorun feature is more complex, involving editing of a registry key (see HERE).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For the first time in about 8 years, we’re seeing an increase in Master Boot Record viruses and rootkits. They’re difficult to locate, even for pros, and even harder to remove, requiring specialized software.
|
|
|
|
You may notice you receive less “Nigerian scam” e-mails. Okpako Mike Diamreyan of Nigeria has been convicted and sentenced to 12 years in prison after sending fraudulent e-mails offering victims money for moving cash to the U.S. He made more than $1.3 million from 67 victims between 2004 and 2009. See the Rant page of this site - I can’t believe people still fall for this.
|
|
|
|
Discussions at the 2010 DEFCON security conference revealed that commonly used residential routers, such as the Linksys WRT54G, are subject to an attack known as “DNS rebinding,” which uses a script to get around security measures taken in the router firmware. Because most large Internet sites, such as Google, have multiple IP addresses (for load balancing and the like), your computer stores these extra IPs and considers them acceptable. When you visit a site in which malicious software is embedded, it loads a script onto your computer which runs on one of these “pre-stored” sites, then establishes an Internet connection to your computer, allowing the hacker to possibly control your router and, therefore, everything on your computer. It is not browser specific, and only applies to some routers. What can you do about this? First of all, most routers are set up using an Internet address (192.168.1.1), with a network name and password. Do NOT keep the default password (Admin, Password, or the like). Change it. See Password for more info about a secure password. Same for the default SSID (network name), e.g. Linksys. Change it. Also, regularly keep your router firmware updated. Of course, don’t trust unknown web content, even ads on trusted websites. If you are a more advanced user (careful here, you can seriously screw up your computer), you could disable HTTP and enable HTTPS in your router settings, maybe disable UpNP (but not if you have services such as Skype), use the NoScript browser plug in for Firefox (suspends Java, Flash and Active-X, asking first for its use), maybe even switch to OpenDNS, which changes DNS from your ISPs defaults to those of OpenDNS (208.67.220.220 and 208.67.222.222). If you need help, call!
|
|
|
|
Symantec tells us (August, 2010) about a rogue anti-virus operation that combines with telemarketing. A company named Online PC Doctors uses the phone to telemarket users that they convince have infected computers, then offer to remotely connect to the “infected” machine to “clean” the machine for a fee. This company (www.onlinepcdoctors.com) requests lots of personal information, including a copy of your driver’s license, credit card and personal information, and an explicit approval for them to use the credit card. They convince users that their computer is infected by having them open the Windows event viewer and, when warnings are listed, claiming that the machine is, indeed, infected. Not necessarily so. Don’t get taken by this scam.
|
|
|
|
Sophos advises awareness of the Windows Shortcut Exploit (also known as CPLINK), which is a “zero day vulnerability” in all versions of Windows which allows a Windows shortcut link (known as a .lnk file) to run a malicious DLL file. The exploit runs when you open a device or network share and does NOT require anything for the exploit to run, as the .lnk file can be embedded in a web page or even in a document.
|
|
|
|
You can receive infected e-mail from “safe” senders. That’s because the safe sender could have had his or her computer infected with a virus that “spoofs” their address book, sending out infected e-mails to everyone in it. Most cases, the sender doesn’t even know that this has been done, at least until someone tells them that they’ve received an infected e-mail.
|
|
|
|
Worms are back. No, not the old, simple “I Love You” attachment worm, but the new, improved XSS (“cross-site scripting”) worms that aren’t caught by traditional anti-virus programs. [See Spyware for deeper discussion.] To be completely protected, you should turn off JavaScript for new sites, unless absolutely necessary and, of course, never click on links in an e-mail or the web, unless you’re absolutely sure they’re safe. Also, keep current with your browser updates, they provide some degree of protection.
|
|
|
|
Never open an e-mail attachment that has a .exe file extension (unless, of course, you’re expecting it). It doesn’t matter what the sender says it is. It’s probably a virus. Advanced users who send execute files usually know to rename the file and tell you how to rename it upon receipt.
|
|
|
|
|
TIP: IF IT’S NOT BROKEN, DON’T FIX IT! You’ll notice a commonality in the Hoaxes, Security and News pages of this site. It involves the pressure to upgrade software (such as drivers or video software) or to install new software (for example, in order to view certain types of video or graphics on a web page). Think twice before doing so: If everything is working fine on your computer, leave it alone! You don’t need to upgrade, no matter what you’re told. If you’re told to download and install software to view or play a webpage or a file, think twice - - There’s a very strong chance that your download may include malware. Unless it’s from a major player such as Adobe, Macromedia or the like (you can verify this by going directly to their Home page, then “downloads”) you should be aware of the risk. And, if you do upgrade or install, don’t click the boxes for “free offers” or “updates” since you’re giving them permission to e-mail you whenever they want. Think about how badly you really want to view that web page!
2010 and later EXCEPTION: Since most viruses and malware now load themselves through web page add-ons, be sure to run any Adobe or Java updates to block these malicious attacks!
|
|
|
|
|
Unfortunately, merely viewing a page with your browser, without any user interaction at all, can allow certain “maladvertisements” using Flash to allow remote control of your computer. Such maladvertisements infected USAToday.com on 4/10/08 and have infected other sites, using cross-site scripting (“XSS”), and are becoming more common, impersonating such legitimate advertising as Weight Watchers. Makers of Flash-building tools and anti-virus providers are attempting to patch the holes created in these .swf files, but there is as yet no long term workable fix. Meanwhile, what can you do? At a minimum, download and install the latest Adobe Flash Player from the Adobe.com website, then remove all older versions on your computer. The maximum precaution would be to uninstall Flash entirely (also using the LINK at the Adobe.com web site). In between, you can install various software that will allow you to limit the use of Flash on a case-by-case basis, such as TurnFlash or Flashblock. If you use Firefox, the donationware NoScript add-on also blocks iFrames.
|
|
|
|
As if you didn’t have enough problems with attachments and programs, now it’s been discovered that Adobe PDF files can be used to trigger a virus. Many anti-virus programs are failing to find this malware. It applies to unpatched versions 7.0 of Acrobat and Acrobat Reader running on Internet Explorer 7 on Windows XP SP2 that can trigger an exploit that can seriously infect your computer. Upgrade to Ver. 8 if at all possible, or else switch to alternative third-party PDF readers such as Foxit Software or CutePDF. For more information see Microsoft KB 943521.
|
|
|
|
Cell phone security tips: Don’t jailbreak your iPhone - because that breaks all of the security. If you have “locate and wipe” enable it. That way, if you lose and can’t find your phone, at least you can erase your data. Most important - set a passcode. At least it’ll slow down a thief. Don’t just use the default - that’s how the News Corp. hackers got into cell phones, assuming users were lzay. And some were.
|
|
|
Don’t always trust caller ID: It’s sad, but you can’t always assume that your caller ID is really who it says it is. “Spoofing,” which is cloaking the caller ID to make it look like someone else is calling, is on the rise and can be illegal. (Not always - it’s o.k., say, if doctors or domestic violence shelters want to spoof their actual identity to maintain confidentiality and privacy.) It’s so bad that the FCC has adopted rules that set significant fines for phone spoofing - $10,000 per incident and up to $1 million for ongoing violations. Click HERE for the FCC info.
|
|
|
|
|
To explain once again why P2P networks are such a great security threat: These file-sharing networks (KaZaa, Napster, Morpheus, FrostWire, Limewire, Gnutella and even BitTorrent), when used by the uninitiated (or uncaring) can easily result in the sharing of confidential information, sometimes illegally. Most often this occurs because users (or their progeny) have installed a P2P program to download music or a TV show, then routinely clicked “O.K.” to all questions during the install process. One of those questions was undoubtedly which folder to share files from, and often the default is the Windows My Documents folder. The result is that everything, whether business, personal or confidential in the default My Documents folder can be shared, literally with the world. Even in large businesses, one simple P2P music download can result in the sharing of thousands of confidential or proprietary documents. If you run a business, you should periodically search the internet to determine whether you have had any security breaches. You might be surprised by the results.
|
|
|
|
|
