Tag Archive

Tag Archives for " AVG "

Another Facebook attack!

Avoid clicking any links saying “99% of people can’t watch this video for more than 25 seconds.”

Today, AVG discovered an interesting bit of maliciousness on Facebook. The initial lure is a link that says that 99% of people can’t watch this video for more than 25 seconds.

When you click the link, you are confronted with another screen that offers to show you a video, but, for the video to load, you need to copy and paste some code into the browser address bar.

If you are paying attention, you notice that you are adding javascript to your address bar, and you might smell a rat, and stop at this point.

If you are not paying attention, you are taken to a page which automatically tells all your friends that you like the app, and it posts that link to your status. It must be effective, because at the time of writing, it had nearly 600k “friends” that liked it.

To see it in action, watch the video here:

Via AVG Blogs

  • 07/08/2010
  • IT

Facebook ‘sexiest video’ malware spreading virally

If you get a posting on your Facebook wall saying something like “this is without doubt the sexiest video ever! 😛 😛 :P” which might be accompanied by a video titled “Candid Camera Prank” DON”T click on the video: it’s a lead-in to malware.

If you click on the link it will take you to what looks like a Facebook application which then tells you that your video player is out of date – and encourages you to download a file.

If you do what it asks, then the same “video” plus link gets posted using your profile photo to all your friends on Facebook -– meaning it is spreading virally.

The file seems to install a piece of adware called Hotbar, which thus generates revenue for the malware writer. (About Hotbar: “displays a dynamic toolbar and targeted pop-up ads based on its monitoring of Web-browsing activity. The toolbar appears in Internet Explorer and Windows Explorer. The toolbar contains buttons that can change depending on the current Web page and keywords on the page. Clicking a button on the toolbar may open an advertiser Web site or paid search site. Hotbar also installs graphical skins for Internet Explorer, Outlook, and Outlook Express. Hotbar may collect user-related information and may silently download and run updates or other code from its servers.”)

via guardian.co.uk

  • 05/17/2010
  • IT

Facebook ranks fourth in the Top 10 most popular phishing targets

The number of phishing attacks on social networking sites has increased. Facebook unexpectedly became one of the most popular targets for the phishers. “This was the first time since we started monitoring that attacks on a social networking site have been so prolific,” stated the report’s authors. Spammers have learned to exploit the new Internet platforms such as blogs and social networks for their own ends.

Get protected today! Contact BWS Technologies 358-6305

via Secure List – Spam evolution: January-March 2010

  • 05/17/2010
  • IT

What is Spyware? How Does it Work?

If your computer starts slowing down, crashing or behaving in a strange manner then it may have been infected by spyware, but what is it and how does it work?


Privacy Invasion

Spyware is a breed of program that spies on your computer behavior. These intrusive and sometimes malicious bugs hide in the corners of your system harvesting valuable information about where you go and what you do online. It then passes your personal details to hackers or unscrupulous advertisers without you knowing. The information collected can then be used to bombard you with pop-up ads or just choke up your computer so that it slows down or crashes.

Spyware can scan files on your hard drive, monitor private chat programs and read cookies. Certain websites have been known to infect visitors with spyware so that they can sell them software they claim would remove it. At the very worst spyware can steal your credit card information.

Secret Infestation

Spyware is alarmingly common in computers, usually without their users being aware. Unprotected computers in particular are often found to have a variety of different types of spyware running simultaneously. Although the creators want to remain as inconspicuous as possible, they are often badly coded and as a result interfere the computer operating system, making it slow down or crash.

Spyware is not illegal and not necessarily always up to no good; some legitimate marketing companies collect anonymous data for valid reasons and can be fairly open about what they collect.

More often than not, however, spyware is just created to make money in a devious manner, either by picking up referral fees on adverts or by exploiting stolen private information. Its potential for harm far outweighs any benefits, and users are advised to try to avoid it all costs.

Adware and Malware

The term spyware is often used interchangeably with adware and malware, two slightly different but no less bothersome program types. Adware installs secret advertising software on your computer that can generate pop-up ads or hijack your homepage or the links in web pages so you are taken to a different website than you want, typically a dubious commercial site.

Malware, short for malicious software, is usually designed to simply wreak damage to your computer system, much like a virus, or pass on your password to hackers.

Where Am I Picking Up Spyware?

Spyware is not something that affects all web-users equally; it tends to lurk in the web’s darker recesses and prey on those with a fondness for free things.

If you frequent less reputable websites and download dubious files and software then you are putting yourself at a much greater risk of falling victim than if you are a light and casual browser of respected websites. Spyware doesn’t just grab onto your computer as you innocently go about your daily surfing, it needs an entry point, usually this is either in tricking the user into downloading something or, more commonly, when the user downloads something other software or file.

This might be free software, peer-to-peer file swapping programs – spyware companies pay these services to bundle spyware into their downloads – or a program that claims will grant the user access to tons of free films and music.

Typically these prey on users who want something for nothing. As with anything in life if it sounds too good to be true then it usually is.

Prevention

Spyware is typically caused by disreputable websites and programs and so naturally it is best to avoid such websites when searching for preventative measures. Always opt for respected virus and anti-spyware software.

Alternatively, as spyware is almost exclusively an Internet Explorer and thereby a Windows issue, you could always opt to switch browsers and even operating systems.

Security updates in Windows and Internet Explorer have made great strides in attempting to deal with the problem but ultimately the control rests with the user. Stay protected and don’t download something without first knowing what it is.

BWS Technologies can protect you from these threats with IndigoGUARD (learn more)

Adapted from DIY SPY

  • 05/14/2010
  • IT

How Malware Can Sneak Into Your Life and How to Deal with IT

There are myriad ways that viruses, trojans and other types of malicious code can cause you a lot of grief and it pays to be up on all of them. Completely disconnecting access to the Internet would go a long way towards keeping viruses and other malware out of your life, but it wouldn’t make a whole lot of sense. So you need to be aware of, and take steps to protect yourself from the ways the bad guys get access to your valuable information.

Did You Know:

  • Social networks are a valuable tool but open up significant security risks
  • If you travel with a laptop, extra care and controls are required.
  • Phishing and other social engineering tricks can (and do) fool even the smartest people

BWS Technologies can assist you with managing and eliminating any of these threats below.
Contact us now!



Web surfing and social networking – It’s the World WILD Web out there

The web is a cybercriminal’s dream come true. It’s instantaneous. It’s anonymous. And it’s very, very easy to fool people. A website that looks at first glance to be your bank’s website can easily be a clever forgery. And that video-viewing download you’re being offered? Chances are you don’t need it – and you certainly don’t need the spyware that may well be hidden behind a realistic-sounding application name.

Email and Spam – Oldies But Still Baddies

For many years, the virus writers’ distribution method of choice was email attachments. Although still a popular method of attack, e-mail is a far less effective way to fool people into opening things they shouldn’t.

In addition to installing a reputable security solution and keeping it updated, educating yourself on responsible email behavior is fundamental to email security efforts. One important reminder comes from US government agency US-CERT. “Many viruses can “spoof” the return address [in an email], making it look like the message came from someone else. If you recognize the return address but weren’t expecting the message, check with the person who supposedly sent the message to make sure it’s legitimate before opening any attachments” the organization advises.

Instant Messaging (IM) – Chatting Your Way to Trouble

While not yet as ubiquitous as email, instant messaging is gaining momentum as a communications tool, and carries many of the same risks as email, as well as some unique to the IM environment. Viruses and other malware can be hidden in files sent over IM. Links embedded in messages can lead to infected websites. IM even has its own version of spam, sometimes called SpIM – Spam over Instant Messaging. Users should also be made aware that “Some IM services link your screen name to your e-mail address when you register. The easy availability of your e-mail address can result in an increased number of spam and phishing attacks, ” warns Microsoft. So users should take care when they register for an IM account that they don’t inadvertently advertise their email address.

Insider threats – Know Your Enemy, You Might Be Them

While you are right to be concerned about shadowy cyber-criminals, you have the potential to cause just as much havoc. By some accounts, the damage caused by accidental or deliberate data misuse is actually greater than that posed by remote hackers.

While education goes a long way towards controlling accidental internal security breaches, stopping yourself from introducing destructive malware is more challenging.

Public Wifi – just because it is open doesn’t mean it is secure

Do you have any idea how your laptop is being protected while connected to an open network? You’re opening the door to significant risk if you don’t take the appropriate protective measures.

You need to be extra protective when connecting to a wireless network you know nothing about, this goes a long way towards ensuring those machines don’t bring any unwanted ‘gifts’ with them when they reconnect to your network.

USB Sticks – Plug’n’Play Malware

USB sticks, thumb drives, memory sticks – whatever you call them, are as just as useful to the bad guys as they are to us. While they’re physically tiny, they can hold several gigabytes of data.

Recent examples of falling victim to USB-stick-driven security breaches include Greater Manchester Police in the UK, where computer systems were down for several days after a USB stick containing the Conficker Worm was plugged into a computer connected to the network. Fortunately, removable devices can be automatically checked using antivirus software or users can choose to run a manual scan before accessing any of the files on the stick.

CERT’s advice on how to avoid malware infection via USB sticks includes the obvious warning not to use any unknown devices but also to keep personal and business drives separate. “Do not use personal USB drives on computers owned by your organization, and do not plug USB drives containing corporate information into your personal computer,” the organization says.

Mobile devices – The computer in your pocket

Today’s smartphones are miniature computers. Hackers and criminals have also been known to use text messages to direct unsuspecting users to infected websites according to US-CERT. “These messages, supposedly from a legitimate company, may try to convince you to visit a malicious site by claiming that there is a problem with your account or stating that you have been subscribed to a service. Once you visit the site, you may be lured into providing personal information or downloading a malicious file,” the agency warns.

Other risks with smartphones relate to downloading content. CERT’s advice is not to download files or applications directly onto your smartphone. If you do need to download a file from a web site, consider saving it to your computer and manually scanning it for viruses before opening it.

Aside from email and web access, other ways criminal code could gain access to a mobile device is via the wireless networking technology known as Bluetooth. CERT’s advice when it comes to Bluetooth is to know how to keep it switched-off when it is not needed. “Make sure that you take advantage of the security features offered on your device,” the agency states. “Attackers may take advantage of Bluetooth connections to access or download information from your device. Disable Bluetooth when you are not using it to avoid unauthorized access.”

Wireless networks – What You Can’t See Can Hurt You

Even after more than a decade of use, wireless networks still spill outside the physical confines of a building, continuing to offer a tempting route into the network for hackers. Closing this loophole means paying attention to the security settings of the network. US-CERT advises that you need to be aware that the entire contents of their network could end up in someone’s control if they don’t take care to adequately protect their wireless networks. “A practice known as wardriving involves individuals equipped with a computer, a wireless card, and a GPS device driving through areas in search of wireless networks and identifying the specific coordinates of a network location. This information is then usually posted online.”

US-CERT also advises how to use firewalls to block wireless attacks. “While it is a good security practice to install a firewall on your network, you should also install a firewall directly on your wireless devices (a host-based firewall). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall—a host-based firewall will add a layer of protection to the data on your computer.”

BWS Technologies can assist you with managing and eliminating any of these threats above.
Contact us now!

Edited and Adapted via AVG Blog

  • 05/13/2010
  • IT

Malware Sent via PDF Attachment

A new attack has been detected that attempts to spread data-stealing malicious code via an email with the subject “setting for your mailbox are changed.” Users should not open this email or the attachment. The email includes an infected PDF attachment called “doc.pdf,” which, when opened, runs a set of scripts and executables on the recipient’s computer that infect or spoof various Windows programs and services. The methods used do not require JavaScript in order to execute. Once infected, the machine will then periodically contact malicious Web locations to download and update itself with any of the latest malicious and data-stealing viruses.

If you have IndigoGUARD you are protected.

If you do not have IndigoGUARD please contact BWS Technologies.

What does it do? The primary vulnerability involved is related to the “/Launch” functionality that is implemented in all major PDF viewers, such as Adobe Reader, Web browsers, and FoxIt Reader. The /Launch action does not require JavaScript to be enabled, so disabling JavaScript or other active content does not address the vulnerability. Currently, this vulnerability is being used as part of an attack that spreads via an email that may include descriptive verbiage such as the following:

Subject: setting for your mailbox are changed
Attached: doc.pdf
SMTP and POP3 servers for mailbox are changed.
Please carefully read the attached instructions before updating settings.

When the attached document is opened, the recipient’s PDF viewer will execute the /Launch command included in the document parameters. This will, in turn, pass echo statements to cmd.exe to create a vbscript file called “script.vbs”, which will then extract a second script called “batscript.vbs”, and then finally use that to create and run a Trojan executable called “game.exe.” Game.exe attaches itself to Windows Explorer and creates a new schost.exe service in order to hide itself and to ensure that it is always running.
Three seconds after installation, the original script file cleans up the remaining evidence by deleting the scripts and executable files created during infection. The new svchost.exe process will then periodically contact three domains over HTTP: jademason.com, 1foxfiisa.com, and dolsgunss.com, in order to download new code or instructions, or upload stolen data.

According to NitroSecurity’s SIEM Blog, some of the major antivirus products from vendors such as Avast, AVG, Symantec, McAfee, eTrust, and Trend Micro currently have signatures available to detect the file attachment as malicious; however, few of the remaining top 40 antivirus products are able to detect any of the files associated with this attack. Gladiator recommends that users do not open any emails or attachments like the ones described above and should always exercise caution regarding any suspicious or unsolicited email received.

via Gladiator Research and Security

  • 04/30/2010
  • IT

The real-world state of Windows

Performance and metrics researcher Devil Mountain Software has released an array of real-world Windows use data as compiled by its exo.performance.network, a community-based monitoring tool that receives real-time data from about 10,000 PCs throughout the world. Tracking users’ specific configurations, as well as the applications they actually use, the tool provides insights into real-world Windows use, including browser share, multicore adoption, service pack adoption, and which anti-virus, productivity, and media software are most prevalent among Windows users.



View the current state of Windows

  • 09/10/2009
  • IT