Tag Archive for Security

| December 19, 2011
One comment

McAfee’s 12 Scams of Christmas

McAfee's 12 Scams of ChristmasBefore logging on from a PC, Mac, or mobile device for the last-minute holiday online shopping madness, consumers should look out for these 12 Scams of Christmas identified by anti-malware firm McAfee:

1. Mobile Malware—A National Retail Federation (NRF) survey found that 52.6% of U.S. consumers who own a smartphone will use it for holiday shopping. Malware targeting mobile devices is rising, and Google’s (GOOG) Android smartphones are most at risk. McAfee cites a 76% increase in Android malware in the second quarter of 2011, making it the most targeted smartphone platform.

Malicious Mobile ApplicationsNew malware has recently been found that targets QR codes, a digital bar code that consumers might scan with their smartphone to find good deals or to learn about products they want to buy.

2. Malicious Mobile Applications—These are mobile apps designed to steal information from smartphones or send expensive text messages without a user’s consent. Dangerous apps are usually offered for free and masquerade as fun applications, such as games. Last year, 4.6 million Android smartphone users downloaded a wallpaper app that collected and transmitted user data to a site in China.

Facebook3. Phony Facebook Promotions and Contests—Who doesn’t want free stuff? Unfortunately, cyber scammers know that “free” things are attractive lures, and they have sprinkled Facebook with phony promotions and contests to gather personal information. A recent scam advertised two free airline tickets but required participants to complete multiple surveys requesting personal information.

4. Scareware, or Fake Antivirus software—Scareware is fake antivirus software that tricks people into believing that their computer is at risk or already infected, so they agree to download and pay for phony software. This is one of the most common and dangerous Internet threats today, victimizing one million victims each day. In 2010, McAfee reported that scareware represented 23% of all dangerous Internet links, which has been resurgent recently.

5. Holiday Screen savers—Bringing holiday cheer to your home or work PC sounds like a fun idea to get into the holiday spirit, but be careful. A recent search for a Santa screen saver that promises to let you “fly with Santa in 3D” was malicious. Holiday-themed ringtones and e-cards have also been known to be malicious.

Mac Malware6. Mac Malware – Until recently, Mac users felt insulated from online security threats since most were targeted at PCs. However, with the growing popularity of Apple (AAPL) products, cybercriminals have designed a new wave of malware directed squarely at Mac users. According to McAfee Labs, as of late 2010, there were 5,000 pieces of malware targeting Macs, and this number is increasing by 10 percent each month.

7. Holiday Phishing Scams—Phishing is tricking consumers into revealing information or performing actions they wouldn’t normally do online using phony emails or social media posts. Cyber scammers know that most people are busy around the holidays, so they tailor their emails and social messages with holiday themes to trick recipients into revealing personal information.

  • This is a fake notice from UPS (UPS) saying you have a package and need to complete an attached form. The form asks for personal or financial details to complete the delivery, and it sends that information straight into the hands of cyber scammers.
  • Banking phishing scams continue to be popular, and the holiday season means consumers will spend more money and check bank balances more often. From July to September of this year, McAfee Labs identified about 2,700 phishing URLs per day.
  • Smishing –SMS phishing remains a concern. Scammers send fake messages via text alert to a phone, notifying an unsuspecting consumer that his bank account has been compromised. The cybercriminals then direct the consumer to call a phone number to get it reactivated and collect the user’s personal information, including his Social Security number, address, and account details.

Online Coupon Scams8. Online Coupon Scams—An estimated 63 percent of shoppers search for coupons when they buy something online. October 2011 NRF data shows that 17.3 percent of smartphone users and 21.5 percent of tablet consumers use mobile devices to redeem those coupons. But watch out because scammers know that offering an irresistible online coupon can get people to hand over some of their personal information.

9. Mystery Shopper Scams—Mystery shoppers are hired to shop in a store and report back on the customer service. Scammers use this fun job to lure people into revealing personal and financial information. There have been reports of scammers sending text messages to victims, offering to pay them $50 an hour to be mystery shoppers and instructing them to call a number if they are interested. Once the victim calls, they are asked for personal information, including credit card and bank account numbers.

Scareware10. Hotel “Wrong Transaction” Malware Emails – Many people travel over the holidays, so it is no surprise that scammers have designed travel-related scams to get users to click on dangerous emails. In one example, a scammer sent out emails that appeared to be from a hotel, claiming that a “wrong transaction” had been discovered on the recipient’s credit card. It then asked them to fill out an attached refund form. Once opened, the attachment downloads malware onto their machine.

11. “It” Gift Scams—Hot holiday gifts sell out early in the season every year. Not only do sellers mark up the price of the must-have toy, but scammers also start advertising them on rogue websites and social networks, even if they don’t have them. So, consumers could wind up paying for an item and giving away credit card details only to receive nothing in return. Once the scammers have the personal financial information, there is little recourse.

12. “I’m away from home” Scammers – Posting information about a vacation on social networking sites could be dangerous. If someone is connected with people they don’t know on Facebook or other social networking sites, they could see their post and decide it may be a good time to rob them. Furthermore, a quick online search can quickly turn up their home address.

How to Protect Yourself

  • Only download mobile apps from official app stores, such as iTunes and the Android Market, and read user reviews before downloading them.
  • Be extra vigilant when reviewing and responding to emails.
  • Watch out for too-good-to-be-true offers on social networks. Never agree to share your personal information to take part in a promotion.
  • Don’t accept requests on social networks from anyone you don’t know in real life. Wait to post pictures and comments about your vacation until you’ve already returned home.
Related articles

Mobile Threats Top Holiday Scam List (pcworld.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| December 1, 2011
2 comments

Blackhole Malware

Blackhole Malware Dark Reading reports that attackers are increasingly using the Blackhole exploit kit in phishing campaigns. The latest phishing scam poses as an email notification from an HP (HPQ) OfficeJet Printer that has sent around 36,000 per minute resulting in nearly 8 million emails thus far and uses 2,000 domains to serve up the malware.

BotnetResearchers at AppRiver told Dark Reading the trend demonstrates how Blackhole is following the pattern of popular malware kits Zeus and SpyEye. Blackhole traditionally has been used to infect legitimate websites for drive-by infection purposes. “This attack is unique because Blackhole added an email vector to its format and is flooding the Internet with similar methods used by Zeus, SpyEye, and others, essentially moving it into prime time,” says Fred Touchette, senior security analyst for AppRiver.

Blackhole, which was previously marketed as a high-end crimeware tool, costing $1,500 for a one-year license, in May was unleashed for free in some underground forums. That has propelled more use of the toolkit according to the AppRiver blog.

Appriver logoMr. Touchette said that attackers using Blackhole have changed tactics, “This is the first that I have personally noticed that leads email recipients to Blackhole websites. Before that, people using the Blackhole Kit relied on techniques such as SEO poisoning to lead victims to their sites,” he says.

The OfficeJet email campaign, like other Blackhole attacks, is trolling for victims’ online banking credentials according to Dark Reading. It works a lot like Zeus and others, using browser vulnerabilities on victims’ machines and creating a backdoor for downloading and installing the Trojans. AppRiver’s Touchette says Blackhole appears to favor Sun Oracle (ORCL) Java (I wrote about Java holes here) and Adobe (ADBE) bugs (I wrote about Adobe bugs here).

HPThis most recent campaign is still trickling in, but will soon stall as most of its domains have been picked up and blacklisted by security professionals … we were seeing malicious emails related to this campaign coming in at a rate of around 36,000 per minute,” Mr. Touchette says.

Recent botnet takedowns have spurred an increase in malware attacks recently as botnet operators try to rebuild, AppRiver’s Touchette told Dark Reading.

rb-

Yeap- We are still seeing these trickling in and still have users reporting they can’t access their OfficeJet.

Related articles
  • Positive Trend in Malware: Rootkit Developers Killing Each Other’s Code (pcworld.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized | Tags: , , , , , , , , , , , ,
| November 24, 2011
3 comments

How-secure-is-my-password Tells You

How-secure-is-my-password Tells YouThe former DownloadSquad points out howsecureismypassword.net. How secure is my password is basically like a full-screen version of one of those password-strength meters websites sometimes use. But instead of showing you a bar going from “weak” to “strong”, it shows you an estimation of how long your password would take to crack. That’s a much more visceral way to understand why your password is strong.

How Secure is My Passowrd

rb-

How secure is my password helps make password best practices meaningful.

For example, when I entered “Detroit”, it came back with “your password is one of the 1090 most common passwords. It could be cracked almost instantly.  “D3troit!” would take 57 days, and “!D3tro1tM!” would take 928 years to crack.

Password best practices include using:

8 or more characters, that is not a dictionary word, which includes capital letters, digits, and a symbol or two.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| November 22, 2011
7 comments

Apple OS X Security Update

Apple OS X Security UpdateThe magical virus-proof Apple operating systems have had a rough couple of weeks. Apple (AAPL) released security updates for OS X Lion and Snow Leopard, iOS, Numbers for iOS, and Pages for iOS. UK-based security company Sophos says that the OS X patch addressed 75 known vulnerabilities. Most of the vulnerabilities could lead to arbitrary code execution, while others lead to denial of service or privilege escalation. The bug fix weighs in at a whopping 880MB with recovery download.

Apple OS X LionNext Apple released a gargantuan update to iTunes for Windows that fixes 79 vulnerabilities. Sophos reports that the patch fixes 73 holes that could cause remote code execution in WebKit, used to render HTML content. Other fixes resolve remote code execution bugs.

Despite the huge patches, cyber-criminals have figured out how to disable the rudimentary anti-virus protection XProtect Apple has built into Mac OS X by enhancing an existing trojan horse Flashback. The Flashback trojan leaves the Mac vulnerable by preventing XProtect from receiving security definition updates. Sophos makes the point that Mac malware writers are eager to infect Apple computers because of the potential financial rewards.

Sophos logoThe Mac malware authors are not resting on their laurels. Within days, of spotting Flashback in the wild, Sophos reported that Tsunami, a new backdoor trojan horse for Mac OS X, had been discovered. Sophos indicates that the new Mac malware may be a port of Kaiten, a Linux backdoor Trojan horse that uses an IRC channel for instructions.

Code like this is used to commandeer compromised computers into a DDoS (distributed denial-of-service) attack, flooding a website with traffic. ESET notes that as well as enabling DDoS attacks, the backdoor can enable a remote user to download files, such as more malware or updates to the Tsunami code.  The malware can also execute shell commands, giving it the ability to essentially take control of the affected Mac.

Tsunami, a new backdoor trojan horse for Mac OS XOnly a few more days passed before the DevilRobber (Miner-D) Mac OS X Trojan horse was discovered. DevilRobber was embedded in hacked versions of Mac OS X image editing app GraphicConverter version 7.4 distributed via file-sharing torrent sites such as PirateBay. Miner-D tries to generate Bitcoins, the currency of the anonymous digital cash system, by stealing lots of GPU (Graphics Processing Unit) time. GPUs are better than regular CPUs at performing the mathematical calculations required for Bitcoin mining.

Sophos reports that in addition to Bitcoin mining, Miner-D also spies on its victim by taking screen captures and stealing usernames and passwords. In addition, it runs a script that copies information to a file called dump.txt regarding truecrypt data, Vidalia (TOR plugin for Firefox), Safari browsing history, and .bash_history. To complete the assault – if the malware finds the user’s Bitcoin wallet it will also steal that.

DevilRobbe Mac OS X Trojan horse was discovered.DevilRobber was recently been updated according to F-Secure researchers. F-Secure researchers point out that the newly discovered Trojan is the third iteration of the malware and that it poses as the popular image-editing app PixelMator.

Help Net Security says this version of DevilRobber has new features that the original version is lacking. It tries to harvest the shell command history, the system log file, and the contents of 1Password, the popular software for managing passwords. Unfortunately, its Bitcoin mining and stealing capabilities are still there, as well.

rb-

safe computing.So despite Apple’s continued instance that their machines do not need anti-malware software, standard malware prevention techniques apply to Macs. Clearly, Mac users like their Windows cousins should practice safe computing. Some of the safer computing practices for Mac and Windows users include

  1. Never open an email attachment unless you are POSITIVE about the source.
  2. Do NOT click on any pop-up that advertises anti-virus or anti-spyware software especially a program promising to provide every feature known to humanity.
  3. Use an AntiVirus program. A free one is better than none. There are several free versions that work well, like Microsoft Security Essentials which is also free has had good reviews.
  4. Keep your OS and AV updated. Make sure that you install those important updates. An out-of-date antivirus program does not help in detecting new infections.
  5. Use a personal firewall. Use a firewall between your DSL router or cable modem and the computer will protect you from inbound attacks. A software firewall on the computer can protect you from both inbound and outbound attacks.
  6. Do NOT download freeware or shareware unless you have must. These often come bundled with spyware, adware, or fake anti-virus programs. Be especially wary of screensavers, games, browser add-ons, peer-to-peer (P2P) clients, and any downloads claiming to be “cracked” or free versions of expensive applications.
  7. Avoid questionable websites. Some sites may automatically download malicious software onto your computer.
  8. Browse responsibly. Sometimes you might not even have to download and install something but just open a website in your browser for a rogue program to infect your computer. So be careful where you go when you are browsing.
  9. Pay attention to your incoming e-mails. Some of them can contain viruses or content pointing to malicious sites. Don’t click on links provided by false institutes that invite you to change passwords or similar.
  10. “Phishing” describes scams that attempt to acquire confidential information such as credit card numbers and passwords by sending out e-mails that look like they come from real companies or trusted people. If you happen to receive an e-mail message announcing that your account will be closed, that you need to confirm an order, or that you need to verify your billing information, do not reply to the e-mail or click on any links. If you want to find out whether the e-mail is legitimate, you can go to their website by directly typing their address into your browser or by calling them.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| November 17, 2011
One comment

Georgia Tech Predicts Cyber Threats For 2012

Georgia Tech Predicts Cyber Threats For 2012The Georgia Tech Emerging Cyber Threats Report for 2012 predicts that 2012 will feature new and increasingly sophisticated means to capture and exploit user data. “Our adversaries, whether motivated by monetary gain, political/social ideology or otherwise are becoming increasingly sophisticated and better funded,” said Bo Rotoloni, director of the Georgia Tech Research Institute‘s (GTRI) Cyber Technology and Information Security Laboratory (CTISL).

Search PoisoningWe can no longer assume our data is safe sitting behind perimeter-protected networks. Attacks penetrate our systems through ubiquitous protocols, mobile devices, and social engineering, circumventing the network perimeter.

Threats according to Georgia Tech

Search Poisoning – Attackers will increasingly use SEO techniques to optimize malicious links among search results so that users are more likely to click on a URL because it ranks highly on Google (GOOG) or other search engines.

Mobile Web based AttacksMobile Web-based Attacks – Expect increased attacks aimed specifically against mobile Web browsers as the tension between usability and security, along with device constraints (including small screen size), make it difficult to solve mobile Web browser security flaws.

Stolen Cyber Data Use for Marketing – The market for stolen cyber data will continue to evolve as botnets capture private user information shared by social media platforms and sell it directly to legitimate business channels such as lead generation and marketing.

botnetsWe continue to witness cyber attacks of unprecedented sophistication and reach, demonstrating that malicious actors have the ability to compromise and control millions of computers that belong to governments, private enterprises, and ordinary citizens,” said Mustaque Ahamad, director of Georgia Tech Information Security Center (GTISC).

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Georgia Tech Predicts Cyber Threats For 2012
Category: Uncategorized | Tags: , , , , , , , ,
« Older Entries   Recent Entries »