Tag Archive

Tag Archives for " Spyware "

Guard yourself from Firesheep and Wi-Fi snooping

The abundance of free/cheap and open Wi-Fi networks in restaurants, airports, offices and hotels is a great perk to the traveling user; it makes connectivity and remote access much easier than it used to be. But you need to be informed and understand the risks.

Unfortunately, most of those “Open” networks don’t employ WEP or WPA passwords to secure the connection between device and hotspot, every byte and packet that’s transmitted back and forth is visible to all the computers on the wireless LAN, all the time. While certain sites and services use full-time browser encryption (the ones that have URLs beginning with https:// and that show a lock in the browser status bar), many only encrypt the login session to hide your username and password from prying eyes. This, as it turns out, is the digital equivalent of locking the door but leaving the windows wide open.

Firesheep is a Firefox extension which makes it trivially easy to impersonate someone to the websites they log in to while on the same open Wi-Fi network. It kicks in when you login to a website (usually in a secure fashion, via HTTPS) and then the site redirects you to a non-secured page after login. Most sites that operate this way will save your login information in a browser cookie, which can be ‘sniffed’ by someone on the same network segment; that’s what Firesheep does automatically. With the cookie in hand, it’s simple to present it to the remote site and proceed to do bad things with the logged-in account. Bad things could range from sending fake Twitter or Facebook messages all the way up to, potentially, buying things on ecommerce sites.

The solution

USE SSL/HTTPS only if the website supports it — is quite simple: after you connect, the site should keep your session secure using SSL or https. Some sites, including most banking sites, already do this. However, encryption requires more overhead and more server muscle, so many sites (Facebook, Twitter, etc.) only use it for the actual login. Gmail has an option to require https and has made it the default setting, but you should make sure that it’s enabled if you use Gmail (Google Apps has a similar feature). This also doesn’t necessarily help if you’re using an embedded browser in an iPhone or iPad app, where the URL is hard-coded.

Protecting yourself from Firesheep if you use Firefox or Chrome is possible with extensions like the EFF’s HTTPS Everywhere, Secure Sites or Force-TLS. These work by forcing a redirect to the secure version of a site, if it exists. The obvious problems with these solutions are: a) you have to install one for each browser (and we have not yet found one for Safari), and b) it only works if a secure version of the site exists.

Even better.

A) Don’t use open networks.
B) Use a SOCKS proxy and SSH tunnel.
C) Use a VPN.

adapted via tuaw.com

  • 10/26/2010
  • IT

The 2 Biggest Security Threats: ScareWare & You

Without a doubt the largest threat to the security of your computer and consequently your identity, and bank account is YOU, followed closely by ScareWare. The best firewalls and most effective antivirus won’t help a bit if you, the user, click on Rogue Security Software and fake warnings. Known also as Scareware, this thief is fooling you big time. When it knocks, do not open the door.

Every day we have people describing ScareWare that has taken over their system. They are unable to run their antivirus because they can’t get to the sites they need. The Rogue AntiVirus has hijacked their browser and will not let them near a site that could help. Not being able to access a site or download a removal program is the work of the infection. The user receives a warning, clicks on a link to download an update and BAM! They’re infected.

What Do I Look For?

Any warning or suggestion that you are somehow infected is to be treated as possible scareware. You can be casually surfing the web or simply working with a program on your system when these false warnings arrive. Don’t click on them. Just because they’re knocking, don’t let them in. The same is true for any popup suggesting you need to download the latest version of a program or video player. Treat them all as suspect.

Looking for security software? You better know the software your reviewing. Even something as simple as a Google search can produce the very Rogue you are trying to avoid. Just because it shows up in a Google search doesn’t mean it’s safe. If you don’t know it, don’t let it in the door.

How Does It Hurt Me?

The most obvious damage but also the least troublesome, is that it prevents you from using your computer. It wastes your time looking for a way to rid yourself of the pest and get where you want to go. Consider yourself lucky if you realize you are infected and are successful removing it.

The next obvious damage is a little more frightening. It simply steals your money by duping you into buying the rogue program. Your immediate monetary loss may only be a few bucks but do you really think that is the end of it? Do you really want your credit card in the hands of people who duped you to begin with? Do you think they will keep your information safe? Just the thought of it is enough to make me shiver.

adapted via PCpitstop.com

  • 08/25/2010
  • IT

How can I know if my computer is infected?

Users are often advised to use an antivirus to check if their systems are infected, but with the current cyber-crime scenario, this is simply not enough.While many of today’s threats are designed specifically to go undetected, there are still some tell-tale signs that a system has been compromised.

9 signs of infection

1. Your computer is running extremely slowly. This could be a symptom of many things, including infection by a virus. If it has been infected by a virus, worm or Trojan, among other things, which are running on the computer, they could be running tasks that consume a lot of resources, making the system run more slowly than usual.

2. Your applications won’t start. How many times have you tried to run an application from the start menu or desktop and nothing happens? Sometimes another program might even run. As in the previous case, this could be another type of problem, but at the very least it’s a symptom that tells you that something is wrong.

3. Your computer speaks to you. There are all types of pop-ups and messages on the desktop either advertising things, saying that the PC is infected and needs protection… This is a typical, surefire case of an infection. There is either spyware on the computer, or it has been infected by a fake antivirus (also called “rogueware”).

4. You cannot connect to the Internet or it runs very slowly. Loss of Internet communication is another common symptom of infection, although it could also be due to a problem with your service provider or router. You might also have a connection that runs much more slowly than usual. If you have been infected, the malware could be connecting to a URL or opening separate connection sessions, thereby reducing your available bandwidth or making it practically impossible to use the Internet.

5. When you connect to the Internet, all types of windows open or the browser displays pages you have not requested. This is another certain sign of infection. Many threats are designed to redirect traffic to certain websites against the user’s will, and can even spoof Web pages, making you think you are on a legitimate site when really you have been taken to a malicious imitation.

6. Your files are gone. Hopefully nobody will be asking this type of question, although there are still some threats around designed to delete or encrypt information, to move documents from one place to another- If you find yourself in this situation, you really ought to start worrying.

7. Your antivirus has disappeared, my firewall is disabled. Another typical characteristic of many threats is that they disable security systems installed on computers. Perhaps if one thing shuts down it might just be a specific software failure; but if all your security components are disabled, you are almost certainly infected.

8. Your library files for running games, programs, etc. have disappeared from your computer. Once again, this could be a sign of infection, although it could also be down to incomplete or incorrect installation of programs.

9. Your computer has gone crazy… literally. If the computer starts acting on its own, you suddenly find your system has been sending emails without your knowledge, Internet sessions or applications open sporadically on their own – your system could be compromised by malware.

adapted via PandaLabs

  • 08/24/2010
  • IT

Wireshark Antivirus – Rogue Badware

Wireshark Antivirus is a fake anti-malware application. These so-called “rogues” use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

All indigoGUARD clients: The application has been added to your block list.

If you think you have been infected please contact us. CALL 358-6305

  • 08/17/2010
  • IT

Safe Internet Browsing Habits

We have found that when we say “practice safe browsing habits” many people have no idea what we are talking about. This is an unfortunate truth in our world, and we hope that by writing this post that we can educate some of you on how to stay safe on the Internet, so that more people will know and practice safe browsing habits.

  1. Use a modern Web browser to navigate the internet. If you have Internet Explorer 6.0 UPDATE it now.
  2. Always check the address bar at the top of the screen to ensure you’re at the official website, and not a carbon copy of the website you think you’re at, hosted at a different address.
  3. Always look for the little yellow padlock and the letters “https” rather than “http” when signing into an online account or making online purchases. This means that information you provide, such as your name, address, and credit card information, is being encrypted on it’s way to the web server that hosts the website you’re buying from. This is important because this information crosses many public devices before reaching its destination, and a man in the middle can access this data if it’s not encrypted.
  4. Avoid shady sites which promise offers too good to be true such as: free electronics, free software that you normally have to pay for, pirated software, nude celebrities, and the list goes on.
  5. Use a LinkScanner, which scans each page you visit before allowing you to visit it, preventing drive by downloads or malware installation scripts from infecting your computer.
  6. Install Anti-Virus software and keep it up-to-date. We suggest our indigoGUARD service, but there are other providers out there as well. It’s up to you to get the lowdown on each and make an informed decision as to which product to use.
  7. Anti-Virus software is not a get out of jail free card to do whatever you like on the Internet and not get a virus. If you do not practice the safe browsing habits listed here, along with some good ole’ fashion common sense, in conjunction with your AV software, then you may do something which circumvents your AV software’s protection (such as downloading and installing a virus yourself). Also, considering how Anti-Virus signatures work, you may not always be protected from all the latest threats as they occur (that’s referred to as a zero day vulnerability), but if you’re practicing safe browsing habits, you may avoid a threat that even your AV software couldn’t have protected you from.
If you have any question about these points or other computer related issues please contact us.

  • 07/14/2010
  • IT

Attacks on the Windows Help and Support Center

Microsoft has been monitoring for active attacks on the Windows Help and Support Center vulnerability (CVE-2010-1885) since the advisory was released on June 10th. At first, they only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged. Those initial exploits were targeted and fairly limited. In the past week, however, attacks have picked up and are no longer limited to specific geographies or targets, and we would like to ensure that you are aware of this broader distribution.

Things to do NOW!

  1. Make sure Windows is up to date
  2. Make sure you have Anti-Virus/Malware/Spyware protection installed and up to date.
  3. When in doubt DO NOT click.

If you have questions please contact us

We also offer a great service called indigoGuard to give you the piece of mind that your computer is protected. Find out more

Via Microsoft

  • 07/09/2010
  • IT

Facebook Click-Jacking Attack distributed Through “Likes”

A new worm is being distributed through Facebook via the “Like” feature. The attack has hit hundreds of thousands of users and uses a combination of social engineering and click-jacking to make it appear as if a user has “liked” a link.

The messages that are being used in the link text include, “LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE,” “This man takes a picture of himself EVERYDAY for 8 YEARS!!,” “The Prom Dress That Got This Girl Suspended From School” and “This Girl Has An Interesting Way Of Eating A Banana, Check It Out!”

When a user clicks on the text that appears to be “liked” he is taken to a blank page that just has the text, “Click here to continue.” Clicking anywhere on that page will then publish the same message to that users Facebook page.

This worm is extremely similar to the Fbhole worm that spread across Facebook 10 days ago. Because users unwittingly end up recommending the offending page to their social graph, this is the type of worm that can spread extremely quickly.

The Troj/iframe-ET worm has been identified the linked as the infection in the pages. It doesn’t appear as if the worm does anything other than add likes to your feed, but if you’ve been infected, you’ll still want to take action.

Please delete any entries in your news feed related to the links and check your profile and info pages to make sure that no links or pages related to those sites have been added to your profile.

via Sophos Blog

  • 06/01/2010
  • IT

What is Spyware? How Does it Work?

If your computer starts slowing down, crashing or behaving in a strange manner then it may have been infected by spyware, but what is it and how does it work?


Privacy Invasion

Spyware is a breed of program that spies on your computer behavior. These intrusive and sometimes malicious bugs hide in the corners of your system harvesting valuable information about where you go and what you do online. It then passes your personal details to hackers or unscrupulous advertisers without you knowing. The information collected can then be used to bombard you with pop-up ads or just choke up your computer so that it slows down or crashes.

Spyware can scan files on your hard drive, monitor private chat programs and read cookies. Certain websites have been known to infect visitors with spyware so that they can sell them software they claim would remove it. At the very worst spyware can steal your credit card information.

Secret Infestation

Spyware is alarmingly common in computers, usually without their users being aware. Unprotected computers in particular are often found to have a variety of different types of spyware running simultaneously. Although the creators want to remain as inconspicuous as possible, they are often badly coded and as a result interfere the computer operating system, making it slow down or crash.

Spyware is not illegal and not necessarily always up to no good; some legitimate marketing companies collect anonymous data for valid reasons and can be fairly open about what they collect.

More often than not, however, spyware is just created to make money in a devious manner, either by picking up referral fees on adverts or by exploiting stolen private information. Its potential for harm far outweighs any benefits, and users are advised to try to avoid it all costs.

Adware and Malware

The term spyware is often used interchangeably with adware and malware, two slightly different but no less bothersome program types. Adware installs secret advertising software on your computer that can generate pop-up ads or hijack your homepage or the links in web pages so you are taken to a different website than you want, typically a dubious commercial site.

Malware, short for malicious software, is usually designed to simply wreak damage to your computer system, much like a virus, or pass on your password to hackers.

Where Am I Picking Up Spyware?

Spyware is not something that affects all web-users equally; it tends to lurk in the web’s darker recesses and prey on those with a fondness for free things.

If you frequent less reputable websites and download dubious files and software then you are putting yourself at a much greater risk of falling victim than if you are a light and casual browser of respected websites. Spyware doesn’t just grab onto your computer as you innocently go about your daily surfing, it needs an entry point, usually this is either in tricking the user into downloading something or, more commonly, when the user downloads something other software or file.

This might be free software, peer-to-peer file swapping programs – spyware companies pay these services to bundle spyware into their downloads – or a program that claims will grant the user access to tons of free films and music.

Typically these prey on users who want something for nothing. As with anything in life if it sounds too good to be true then it usually is.

Prevention

Spyware is typically caused by disreputable websites and programs and so naturally it is best to avoid such websites when searching for preventative measures. Always opt for respected virus and anti-spyware software.

Alternatively, as spyware is almost exclusively an Internet Explorer and thereby a Windows issue, you could always opt to switch browsers and even operating systems.

Security updates in Windows and Internet Explorer have made great strides in attempting to deal with the problem but ultimately the control rests with the user. Stay protected and don’t download something without first knowing what it is.

BWS Technologies can protect you from these threats with IndigoGUARD (learn more)

Adapted from DIY SPY

  • 05/14/2010
  • IT

How Malware Can Sneak Into Your Life and How to Deal with IT

There are myriad ways that viruses, trojans and other types of malicious code can cause you a lot of grief and it pays to be up on all of them. Completely disconnecting access to the Internet would go a long way towards keeping viruses and other malware out of your life, but it wouldn’t make a whole lot of sense. So you need to be aware of, and take steps to protect yourself from the ways the bad guys get access to your valuable information.

Did You Know:

  • Social networks are a valuable tool but open up significant security risks
  • If you travel with a laptop, extra care and controls are required.
  • Phishing and other social engineering tricks can (and do) fool even the smartest people

BWS Technologies can assist you with managing and eliminating any of these threats below.
Contact us now!



Web surfing and social networking – It’s the World WILD Web out there

The web is a cybercriminal’s dream come true. It’s instantaneous. It’s anonymous. And it’s very, very easy to fool people. A website that looks at first glance to be your bank’s website can easily be a clever forgery. And that video-viewing download you’re being offered? Chances are you don’t need it – and you certainly don’t need the spyware that may well be hidden behind a realistic-sounding application name.

Email and Spam – Oldies But Still Baddies

For many years, the virus writers’ distribution method of choice was email attachments. Although still a popular method of attack, e-mail is a far less effective way to fool people into opening things they shouldn’t.

In addition to installing a reputable security solution and keeping it updated, educating yourself on responsible email behavior is fundamental to email security efforts. One important reminder comes from US government agency US-CERT. “Many viruses can “spoof” the return address [in an email], making it look like the message came from someone else. If you recognize the return address but weren’t expecting the message, check with the person who supposedly sent the message to make sure it’s legitimate before opening any attachments” the organization advises.

Instant Messaging (IM) – Chatting Your Way to Trouble

While not yet as ubiquitous as email, instant messaging is gaining momentum as a communications tool, and carries many of the same risks as email, as well as some unique to the IM environment. Viruses and other malware can be hidden in files sent over IM. Links embedded in messages can lead to infected websites. IM even has its own version of spam, sometimes called SpIM – Spam over Instant Messaging. Users should also be made aware that “Some IM services link your screen name to your e-mail address when you register. The easy availability of your e-mail address can result in an increased number of spam and phishing attacks, ” warns Microsoft. So users should take care when they register for an IM account that they don’t inadvertently advertise their email address.

Insider threats – Know Your Enemy, You Might Be Them

While you are right to be concerned about shadowy cyber-criminals, you have the potential to cause just as much havoc. By some accounts, the damage caused by accidental or deliberate data misuse is actually greater than that posed by remote hackers.

While education goes a long way towards controlling accidental internal security breaches, stopping yourself from introducing destructive malware is more challenging.

Public Wifi – just because it is open doesn’t mean it is secure

Do you have any idea how your laptop is being protected while connected to an open network? You’re opening the door to significant risk if you don’t take the appropriate protective measures.

You need to be extra protective when connecting to a wireless network you know nothing about, this goes a long way towards ensuring those machines don’t bring any unwanted ‘gifts’ with them when they reconnect to your network.

USB Sticks – Plug’n’Play Malware

USB sticks, thumb drives, memory sticks – whatever you call them, are as just as useful to the bad guys as they are to us. While they’re physically tiny, they can hold several gigabytes of data.

Recent examples of falling victim to USB-stick-driven security breaches include Greater Manchester Police in the UK, where computer systems were down for several days after a USB stick containing the Conficker Worm was plugged into a computer connected to the network. Fortunately, removable devices can be automatically checked using antivirus software or users can choose to run a manual scan before accessing any of the files on the stick.

CERT’s advice on how to avoid malware infection via USB sticks includes the obvious warning not to use any unknown devices but also to keep personal and business drives separate. “Do not use personal USB drives on computers owned by your organization, and do not plug USB drives containing corporate information into your personal computer,” the organization says.

Mobile devices – The computer in your pocket

Today’s smartphones are miniature computers. Hackers and criminals have also been known to use text messages to direct unsuspecting users to infected websites according to US-CERT. “These messages, supposedly from a legitimate company, may try to convince you to visit a malicious site by claiming that there is a problem with your account or stating that you have been subscribed to a service. Once you visit the site, you may be lured into providing personal information or downloading a malicious file,” the agency warns.

Other risks with smartphones relate to downloading content. CERT’s advice is not to download files or applications directly onto your smartphone. If you do need to download a file from a web site, consider saving it to your computer and manually scanning it for viruses before opening it.

Aside from email and web access, other ways criminal code could gain access to a mobile device is via the wireless networking technology known as Bluetooth. CERT’s advice when it comes to Bluetooth is to know how to keep it switched-off when it is not needed. “Make sure that you take advantage of the security features offered on your device,” the agency states. “Attackers may take advantage of Bluetooth connections to access or download information from your device. Disable Bluetooth when you are not using it to avoid unauthorized access.”

Wireless networks – What You Can’t See Can Hurt You

Even after more than a decade of use, wireless networks still spill outside the physical confines of a building, continuing to offer a tempting route into the network for hackers. Closing this loophole means paying attention to the security settings of the network. US-CERT advises that you need to be aware that the entire contents of their network could end up in someone’s control if they don’t take care to adequately protect their wireless networks. “A practice known as wardriving involves individuals equipped with a computer, a wireless card, and a GPS device driving through areas in search of wireless networks and identifying the specific coordinates of a network location. This information is then usually posted online.”

US-CERT also advises how to use firewalls to block wireless attacks. “While it is a good security practice to install a firewall on your network, you should also install a firewall directly on your wireless devices (a host-based firewall). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall—a host-based firewall will add a layer of protection to the data on your computer.”

BWS Technologies can assist you with managing and eliminating any of these threats above.
Contact us now!

Edited and Adapted via AVG Blog

  • 05/13/2010
  • IT

Are Facebook’s Privacy Settings Are Actually “Evil Interfaces”?

Hmmm… you be the judge.

Facebook: so they want to sell their users’ data for cash, but they don’t want to look like it. What’s Facebook to do? Design an “privacy” interface for opting out of the privacy-invasions that confuses and discourages the user from using it effectively, while still appearing to be user-friendly and functional. That way they can have their cake and eat it and sell it too.

A good interface is meant to help users achieve their goals as easily as possible. But an “evil” interface is meant to trick users into doing things they don’t want to.

The new Facebook is full of similarly deceptive interfaces. A classic is the “Show Friend List to everyone” checkbox. You may remember that when Facebook announced it would begin treating friend-lists as “publicly available information” last December, the change was met with user protests and government investigation. The objections were so strong that Facebook felt the need to take action in response. Just one problem: Facebook didn’t actually want to give up any of the rights it had granted itself. The result was the obscure and impotent checkbox pictured here. It’s designed to be hard to find — it’s located in an unlikely area of the User Profile page, instead of in the Privacy Settings page. And it’s worded to be as weak as possible — notice that the language lets a user set their friend-list’s “visibility”, but not whether Facebook has the right to use that information elsewhere.

A more recent example is the process introduced last week for opting out of Instant Personalization. This new feature allows select Facebook partner websites to collect and log all of your “publicly available” Facebook information any time you visit their websites.

So be aware that sharing your data requires radically less work than protecting it.

via Electronic Frontier Foundation

  • 05/04/2010
  • IT