Tag Archive for Malware

| September 16, 2009
Comments Off on Malware Goes Green

Malware Goes Green

Malware Goes GreenZDNet reports that malware writers have come up with a new social engineering angle. The bad guys have started mashing up two issues Green and Security to help spread their malware. CA has been tracking the emergence of new scareware called Green-AV Premier Edition 3.0.

Green malware social engineering attack

E-Waste RecyclingThe malware claims to be the “World’s First Antivirus Which Cares About the Environment” and “costs” $99.99, This attack plays on Green sympathies by promising to donate $2 from every purchase for saving the “Amazonian green forests.”

CA says that the effects of an attack from this malware are similar to those caused by most rogue security software.

Recommendations:

  • Keep your security software up to date
  • Never click on a link you did not ask for
  • Never purchase this type of security software since you could be giving your credit card information to fraudsters and making yourself a target of identity theft

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| August 8, 2009
Comments Off on Check Your EULA

Check Your EULA

I have been trying out EULAlyzer  2.0 from Javacool Software for a couple of months and have found the results to be interesting to say the least. EULAyzer scans the software publishers’ End User License Agreements (EULA) for privacy risks, unwanted software, and other surprises like pop-up ads, sending personally identifiable information, or using unique identifiers to track the user’s activity.

EULACheck Your EULAlyzer searches the publishers’ documents for what the vendor calls “words of interest” and then assigns its “Interest Rating” to the program. Like other anti-spyware programs, EULAlyzer ranks risks on a scale of 1 to 10 based on how crucial the disclosed information can be to the user’s security based on suspicious wording. The product also includes a search function that can be used to perform user-specific keyword searches of the entire EULA.

The copy and paste function can be used to quickly find suspicious parts of web-based license agreements, website terms, privacy policies, and other similar documents. By default the program scans for language that deals with:

  • Advertising
  • Tracking
  • Data Collection
  • Privacy-Related Concerns
  • Installation of Third-Party / Additional Software
  • Inclusion of External Agreements By Reference

EULAlyzer leverages the power of crowdsourcing through a related  EULA Research Center, which optionally allows users to anonymously submit license agreements they scan to enlarge the underlying database of EULA’s and further improve the program.  There is also a web forum available to provide support on the application.

rb-

EULAlyzer is a proactive tool in the fight against malware. In the enterprise, this tool can be used by those responsible for developing and maintaining disk images. It can also be used by the compliance staff to quickly flag potential issues and pass them up the line to SME or the legal department.

EULAlyzer is no substitute for reading the EULA. We all know that the EULA should be read and understood before proceeding with any software installation. What EULAlyzer does is save time and effort by flagging the most onerous parts of a EULA for your review to focus on potentially riskier behavior.

I found EULAlyzer interesting and effective. It made me realize the lengths that software manufacturers go to hide the details of the EULA. The EULA’s are buried deep down in sub-sub-sub directories, cryptically named and/or huge. The web-based EULA for Adobe Acrobat Reader is part of a 282 page PDF.

As for the application itself, I would like to see better explanations of the items the program flags, either through an in-depth help file or a web-based resource.

EULAlyzer is a donation-ware application that is free for personal and educational uses (there is a corporate version also available ) Compatible with: Windows 2000, XP, 2003, Vista.

NOTE: This blog does not provide legal advice. It can only highlight information that you may want to consider before making your own decisions to proceed or not. You should always consult a lawyer (or other competent authority) for advice on legal issues.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,
| July 25, 2009
Comments Off on SPAM Continues to Grow

SPAM Continues to Grow

SPAM Continues to GrowDespite some recent victories in the struggle against spam, like the takedowns of McColo and PriceWert micro-analysis of spam trends confirms the continuing surge of spam. The overall trend over the last 12 months in spam volume is still headed up. This upward trend continues despite a year-long decline in the trend from April 2008 to April 2009, a trend Google also noted.

May 2009 saw a doubling of the spam received which moved the trend line up. The amount of spam in June 2008 fell back within the expected range, which coaxed the trend higher. If the amount of SPAM received in July 2009 stays at the average projected levels, the trend will continue to climb, which Google describes as  “the recent upward trajectory of spam ”

SPAM history

These results are based on spam statistics from my business email account. The practice of safer emailing, which includes the judicious use of email filters, anti-malware software on the desktop a hosted email server and Gmail helps keep spam under control. Whenever I conduct business with an unknown entity, they always get a GMail address until I know it is safe to transact business with them.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| May 9, 2009
Comments Off on Lessons From Botnet Demise

Lessons From Botnet Demise

Lessons From Botnet DemiseBrian Krebs on the Washington Post blog Security Fix profiled a case where a bot-herder killed 100,000 zombie clients in his botnet. The bot-herder implemented a “kill operating system” or kos command resident in the Zeus bot-net crimeware. The kos command caused the infected PCs to Blue Screen of Death (BSOD). The Madrid-based security services firm S21sec reports that invoking the kos command only results in a blue screen and subsequent difficulty booting the OS. There appears to be no significant data loss and neither the Trojan binaries nor the start-up registries are removed, In this post, they look at what happens to an infected computer when it receives a Zeus kos.

Russian botnet

The Zeus crimeware was designed by the Russian A-Z to harvest financial and personal data from PCs with a Trojan. UK Computer security firm Prevx found the Zeus crimeware available for just $4,000. The fee includes a DIY “exe builder” which incorporates a kernel-level rootkit. According to the Prevx this means it can hide from even the most advanced home or corporate security software. RSA detailed the capabilities of Zeus crimeware in 2008. Zeus also includes advanced “form injection capabilities” that allows it to change web pages displayed by websites as they are served on the user’s PC. For example, criminals can add an extra field or fields to a banking website asking for credit card numbers, social security numbers, etc. The bogus field makes it look like the bank is asking you for this data after you have logged on and you believe you are securely connected to your bank.

rb-

The reason for BSODing 100,000 machines isn’t quite clear. Several security experts have offered up their opinions including S21sec and Zeustracker (currently down due to an apparent DDOS). What is clear are the implications of this action.

Botnets and their related crimeware are dangerous for more and more reasons. They can steal massive amounts of personal data. They can launch denial-of-service attacks and they can execute code. I agree with Krebs that the scarier reality about malicious software is that these programs leave ultimate control over victim machines in the hands of the attacker.

Politically motivated attackers

For the time being, it is still in the best interests of the attackers to leave the compromised systems in place. They can plunder more information. However, imagine the social chaos created if 9 million PCs infected with Conflicker including hospitals from Utah to the UK were under the control of Al-Queda or other similarly minded groups. These politically motivated attackers could order all the infected machines to BSOD, creating computer-enhanced chaos. One of the forgotten lessons of 9-11 is that our technology can be hi-jacked and turned against us.  This could be the opening into a new type of cyber warfare.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| January 11, 2009
Comments Off on Audio SPAM in Your Luxury Import

Audio SPAM in Your Luxury Import

Audio SPAM in Your Luxury Import

Toyota has announced that new Lexus vehicles will start being delivered later this year. The luxury car comes equipped with a system that can send voice messages sent directly from the automaker to its drivers. The “service” called Lexus Insider will let Lexus send audio messages to owners on whatever subject it chooses.

verbal spamReports say the tips could range from making the best use of the vehicles’ features to suggestions for a scenic drive. Jon Bucci, vice president of Toyota’s U.S. advanced technology unit says the Lexus messages can be highly targeted. The messages can be tailored for those who have a specific vehicle type or who live in a particular ZIP code, which seems like verbal spam to me.

William Matthies of Coyote Insight and a longtime consumer electronics executive opined in USA Today.  “You’ve got the same thing coming to your home now. It strikes me as the same thing” as junk mail. Assertions that the messages will be targeted and useful enough to appeal to particular drivers don’t impress Mr. Matthies. “They’re not claiming anything different than all direct marketers claim,” he says.

Perhaps, Toyota will drop the price of a Lexus, now that its customers are a captive audience to their marketing machine.

Related articles
  • Lexus: Made in America? (features.blogs.fortune.cnn.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Cars | Tags: , , , , , ,
« Older Entries   Recent Entries »