Daily Bits

Search Results for: malware

5 kinds of programs you should install on a new Windows PC

by

So you’ve unpacked your new desktop or laptop, or just finished a reformat. What programs should you install on your brand new Windows installation? Here are 10 suggested application categories, listed in the order they should be installed.

Keep in mind that the following suggestions are meant for a new Windows installation. As a long-time user of Microsoft’s operating system, I’m aware that even Windows 7 has many disadvantages compared to Linux and Mac OS X. Yet in terms of versatility and availability of programs, Microsoft’s OS remains supreme. [Read more…] about 5 kinds of programs you should install on a new Windows PC

Beware of Scareware!

by

I’ve heard of malware, but scareware?  Apparently, scammers are now playing on the fears of Windows users – fear of viruses and other malware.  In order to make money, they dupe people into thinking that their system is suffering from a relentless malware attack, hence the term scareware.  As the scammers prey upon those fears, they prompt users to download security updates that can “keep users safe.”

Obviously, they will charge for these updates.  The problem is that, one, the threat is almost always fake; and two, the security updates are just as fake.  The user who falls for this trick will end up being at least $50 poorer, without having anything to show for it!

This tactic was exposed earlier this week by Parveen Vashishtha from Symantec.  In a blog post, he outlined the modus operandi of this new breed of scammers. The trick is in knowing that browsers DO NOT ask you to download security updates via malware threat warnings.  If you do see something like the image below, chances are you are the target of a scareware scam.

If you’re thinking that people who are dumb enough to fall for this trick deserve it, think again.  The truth of the matter is that the trick seems to work so well – even some experienced users fall for it.  In fact, the scareware business has already made more than $100 million, according to the FBI.  Don’t laugh just yet.

Your safest bet is NOT to click the download button, obviously.  Of course, you also ought to make sure that your OS, security software, and browser/s are updated on a regular basis.

Worried About Online Security? Go Online in Sierra Leone.

by

How worried are you about your security when you go online?  AVG, one of the most recognized names in anti-virus protection and Internet security in general, recently conducted a study on the state of online security in various countries.  Involved in the study were 144 countries and 127 million systems.  AVG collected data relating to virus and malware attacks on these computers and collated their findings.

The results?

African countries did very well in the survey – seven of the 10 safest countries hail from the continent. Sierra Leone tops this list with an average of one attack per 692 users who surf the Web.  Next in line is Niger, with one attack per 442 users who surf the Web.  Other countries in the top 10 are Togo and Japan.  Here are the details for each continent (attack per number of users)

  • North America: 1  in 51
  • Europe: 1 in 72
  • Asia: 1 in 102
  • Africa: 1 in 108
  • South America: 1 in 164.

Basically, South America is the safest while North America is the most dangerous.

However, if the stats are broken down per country, the most dangerous countries are (first one being the most dangerous):

  1. Turkey (1 in 10)
  2. Russia (1 in 15)
  3. Armenia (1 in 24)
  4. Azerbaijan (1 in 39)
  5. Bangaladesh ( 1 in 41)

Roger Thompson from AVG is quick to point out, however, that this data does not exactly pinpoint which regions are completely safe from virus and malware attacks due to their nature – they are not really hindered by geographic boundaries.  He also notes that the results of the study may not be applicable in the near future as viruses and attacks do change over time.

One interesting thing that Thompson mentioned is how this data can be of use to travelers:

However, our research should also serve as a warning to all travelling abroad and using the internet. If you are travelling without your computer and use a public machine or borrow a friend or colleagues, ensure that when accessing web -based services like email, that you log out and close the browser when you have finished your session and that you don’t agree to store any passwords or log-in information on that machine.

If you are taking your laptop with you ensure you have backed up your data and removed any sensitive information from your machine.

If you don’t want the hassle of worrying about security, just take a vacation in Sierra Leone. 😉

Photo credit: highwaycharlie

Facebook Updates its Safety Center

by

Facebook wants to tell the world that it is really serious about your safety as it strives to create an online environment where everyone can connect with anybody, share updates and stuff without getting bothered by possible phising, malware and privacy attacks. To reiterate its vow in protecting user privacy, Facebook just launched a completely redesigned Safety Center.

The Facebook Safety Center offers new safety resources for parents, educators, teens and members of the law enforcement community. Facebook has also created a cleaner and more navigable interfaces that would help you find answers to questions relating to your safety as you use Facebook.

It also contains multimedia contents culled from Facebook itself as well as from independent organizations which specializes in online safety and security. You can find safety-related content organized by audience type and by topics including “Addressing Personal Safety” and “Responding to Objectionable Content.” If you’re a parent you can easily find the “Safety for Parents” section where you’ll get advice from Facebook’s partners such as the Safety Advisory Board.

The Facebook Safety Advisory Board includes members such as the Childnet International, Common Sense Media, Connect Safely, The Family Online Safety Institute and WiredSafety.

And while you’re checking out the new Facebook Safety Center page, you might also want to read on other important Facebook rules, policies and guidelines. It’s located just below the page and include information on – Facebook Privacy FAQ, Privacy Policy, Guide to Privacy on Facebook and other relevant Facebook official documents.

Report, Corporate Security at Risk Due to Attacks on Social Networks

by

Hope that this news doesn’t get into your company’s IT administrators as I’m pretty sure their first reaction would be to block off your access to social networking sites, if they haven’t done so yet. A new report by IT security and data protection firm Sophos, showed that there is an alarming rise in cybercriminals attacking corporate staff coming from Facebook, Twitter and other social networks.

The Social Security report is part of Sophos’s 2010 Security Threat Report which surveyed more than 500 organizations and explored current and emerging computer security trends.

The report found out that 57% of users report they have been spammed via social networking sites. This is an increase of 70% from last year’s data. As for malware, 36% of users reported that they have received malware via social networking sites. This is 69.78% increase from last year’s data.

The report also revealed 60% of the respondents naming  Facebook as the biggest security risk for the company followed by MySpace, Twitter and LinkedIn. While this is understandable considering that Facebook is the largest social networks in terms of  membership, LinkedIn however could provide the most vital information about corporate individuals since it is more business oriented and information shared by its members can provide a corporate directory which cybercriminals will be more than be happy to exploit.

Another interesting point to note here is that Sophos found out that 49% of the firms surveyed have allowed their staff free access to Facebook. So while companies are loosening their attitude to staff activity on social networks, there goes your friendly malware, spam, phisers and identity theft threatening to spoil the party.

Security Trends of 2008 Part 4: The Dreaded Storm and MPack

by

Picking up from the last time after my two-month long hiatus, I bring you now the greatest security threats of 2008: Storm and MPack.

Storm Blows Web 2.0 Away

The Storm malware is actually a collaboration of Web 2.0 techniques like social networking and dynamical associations towards a system. Simply put, it uses the most common web techniques in a two-stage attack, which we discuss later.

According to IronPort’s 2008 Internet Security Trends, Storm-class malware has its key characteristics:

Self-Propagating – sends massive amounts of spam to spread. Users are directed to multiple changing HTTP URLs, which serve Storm malware. If infected, the system then becomes part of the network.

Peer-to-Peer – where previous botnets were controlled from central­ized locations through a hierarchical management structure, nodes communicate through a unique peer-to-peer communication protocol. This makes it difficult to track the total size.

Coordinated – Storm will send spam campaigns that point to webpages hosted by other computers, showing amazing sophistication in the way the network creates its attacks.

Reusable – can be used for many kinds of attacks: spam, phishing, DDoS, it has even been known to compromise IMnetworks and post blog spam, making it a threat to many different protocols.

Self-Defending – Storm watches for signs of reverse engineering or analysis. It repeatedly launched massive denial of services attacks against researchers and anti-spam organizations.

Through these, Storm was able to accomplish a huge number of PDF, XLS, MP3 spam outbreak over the course of 2007 and even up to today.

Storm Signaling: The Two Attack Stages

Storm uses e-mail functions and interconnectivity of Web 2.0 in order for its two-stage attack to take place. Also, Storm creators have come up with a “drive-by” browser exploit that infects computer simply through a web page visit, no downloads needed for infection!

Once a Storm malware infects a computer, it connects its victim computer into a peer-to-peer network, the Storm Network. This network is a modified design, decentralized and excessive, unlike its older, centralized ancestor. The creators seemingly acknowledged the fact that a centralized network is easy to destroy just by “chopping the botnet’s head off.”

Apart from the peer-to-peer feature, Storm also needs to maintain itself via self-defense measures. It utilizes Distributed Denial of Service to both prevent people from exploring the innards of a Storm malware, and launch a retaliatory attack to the onlookers.

Once the Storm network has possession of the victim system, it can instruct its victim to do either send a recruitment spam and aid in the network growth, serve malicious web pages, attack instant messengers, provide fast-flux and domain resolutions, or post blog spams on other websites. These actions can ensure that Storm will persist even if some of its victims are paralyzed, because it launches large-scale attacks that recruit other victims into its network.

Storm doesn’t actually attack head-on, as most of its deceased ancestors did. Unlike those suicidal malware, Storm-class malware seem to value its life, that it focuses more on its staying power than its destructive one. It is very frightening to know that while the Storm hasn’t completely been eradicated, its designers are improving it at a fast pace.

MPack: The Marketed Malware

MPack is actually a malware kit that is sold for anywhere between $700 and $1, 000. It is a PHP-based malware kit being sold by a certain group of Russian software developers known as the Dream Coders Team. In a CNET interview, Yuval Ben-Itzhak, chief technical officer of security company Finjan, stated how dangerous the Mpack kit is. “Without any computer science skill or any security background, you can install this package on any Web server and start to infect people with malicious code,” said Ben-Itzhak in the interview.

The commercial malware, as I would like to call MPack, is designed specifically for web-based attack, pretty much like Storm. It is deployed using an iFrame attack placed silently into legitimate websites, keeping infection and, interestingly enough, its attack statistics. Further, its creators, the Dream Coders Team, gives one-year support, fresh exploits (like the one Storm has), and add-ons that can cost anywhere from $50 to $300,possibly based on attack modifications.

While having these kind of malicious kits in the market is not that new, support services do seem to be appealing, especially for a novice who wants instant ability over malware infection.

MPack Attacks!

MPack kit owners are provided with an administrative interface to launch their attacks, usually by the same drive-by exploits utilized by Storm. Further, the interface keeps the statistics on both viewers of an infected web page and the successful attacks it carried on. It somehow gives satisfaction to the user for purchasing the malware kit, not to mention the support services and “additional arsenal” that can make a novice a force to reckon with.

mpack

Storm and MPack malware have been spreading like wildfire since mid-2007 that it has become very alarming. The things most feared about the two are their peer-to-peer and self-defense mechanisms that allow the malware to creep into a network and destroy it from within. Also, considering that the protocol used by both Storm and MPack is HTTP, it’s really hard to recognize a social malware from a safe web page. Without a plug to pull or a switch to turn it off, it has come to attention that these malware can be considered professional in a sense – there are experts behind the longevity of these malicious software. The question that arises now would be: How can we avoid being attacked by these malware?

For Safety And Precaution

Increased sophistication. That phrase summarizes the greatest threats of 2008, although conventionally, malicious programs still do what they do best: advertise, infect, steal data, and spread. In their line of evolution, developers learned that a one-step approach is no longer plausible, and the improved two-step route they are taking is more than anyone can handle.

With a new way to launch attacks while ensuring a defensive mechanism for themselves, Storm- and MPack-like malware are hard to deal with. They easily render previous security measures obsolete. In order to protect your system from those malware, new ways are being preached and practiced. IronPort’s 2008 report summarizes these safety measures into five:

1. Secure web traffic. The reputation of a website is a key to determine how plausible a malware can infect it. Let’s have Yahoo for example. It’s reputation as legitimate and virus-free makes it hard for user-generated malware to penetrate it.

2. Deploy preventive protection for e-mail. The alarm brought about by Storm- and MPack-class malware calls for multi-level spam defenses, commonly available in our favorite e-mail service providers. Deploying these defenses can easily detect and separate possible malware attachments.

3. Protect against corporate data loss. Commonly, attacks from malware scans your hard drive to collect private information. It wouldn’t hard a company if it would require its employees to scan outgoing transfers and connections for possible policy violations. It would show how cautious your company is and give it a reputation for safety, adding to its market level.

4. Prevent “phone-home” activity. It is very important to scan or totally block outgoing “phone home” activities, as the sender might be malware-infected, retrieving attack commands or uploading data back to operators.

5. Track important communications. New technologies are available for real-time tracking of your e-mail messages, which works similar to physical package shipping. Added care wouldn’t hurt to our noble and easily accessible e-mail accounts, as they have become an integral part of our virtual lives, while others keep on attacking us through them.

Malware sure has spread everywhere on the Internet, but we should still be the masters of our own virtual spaces. I hope this four-part series will aid you through the rest of 2008! Happy surfing!