Geek News: Latest Technology, Product Reviews, Gadgets and Tech Podcast News for Geeks


Sophos Security Threat Report 2011

Posted by Andrew at 7:50 AM on January 19, 2011

Digital security firm Sophos today released their Security Threat Report for 2011, which reviews all the ways that the bad guys are out to get you. It’s a glossy 52 page report and is worth a quick read to understand the threats that are out there, especially in areas that you might not be familiar with.

The report covers the key threats from 2010:

  • Fake anti-virus software and scareware – through a warning dialog, users are scared into paying for and installing fake anti-virus software, which at best does nothing and at worst steals passwords and credit card information.
  • SEO poisoning – manipulating search engine results to point users to fake and rogue websites, which are loaded with browser exploits and malware.
  • Clickjacking or UI redressing – hiding malicious buttons underneath innocuous images, e.g. clicking on a “Like” or “Share” image actually emails out malware to all the users friends.
  • Survey scam – in order to complete a questionnaire that typically offers a non-existent but  sought-after prize, software has to be installed or access given to personal data. This information is then used to propagate the questionnaire onwards, earning affiliate revenue for the application developer.
  • Spam – not exactly a new entrant in 2010 but the rise of spam on social networking sites is an increasing problem.
  • Spearphishing – a variant on the original phishing but in this case the attack is well targetted and much more convincing and consequently more likely to succeed.
  • Stuxnet worm – a traditional vector but with a new target, the Stuxnet worm went after SCADA systems and industrial PLC controllers. Very sophisticated, leading to conspiracy theories involving industrial sabotage.
  • Malvertising – the infection of advertising on legitimate websites that links to malware or fake anti-virus software.
  • Compromised sites and accounts – Legitimate websites and typically celebrate accounts are hacked to serve infected webpages or link to malware sites.

The report briefly covers the threats posed to iOS, Android, Windows 7 and Blackberry smartphones before moving onto to review issues with Facebook, Adobe products, removeable media and USB drives. Windows 7 and OS X are also discussed.

The report continues with some of the success stories when the justice system has managed to catch up with the criminals before closing with advice and guidance on how to avoid getting hit.

Give it a read. Warning – 4MB .pdf download.

USA Continues As Spam King

Posted by Andrew at 6:31 AM on January 12, 2011

Sophos has published its quarterly report into spam and the USA remains top of the league for spam-relaying, being responsible for nearly 19% of all spam messages. India follows with a little under 7% and then Brazil, Russia and the UK finishing the top 5 on 4.5%.

The vast majority of spam does not come directly from spammers’ servers, but rather from PCs that have been compromised by trojans or other malware and are now under the control of the criminals. This allows spam to be passed on by PCs without the owners’ knowledge – this is spam-relaying. Consequently, these figures indicate that huge numbers of PCs in the US are infected and under the control of the spammers.

Sophos also notes that the nature of spam is changing. Previously, pharmaceutical products would have been the mainstay of the spammers’ output but increasingly the spam is spreading malware and phishing for account information. As an aside, an estimated 36 million Americans purchased drugs from unlicensed online sellers.

The top spam relay countries for the last quarter were:

1. USA 18.83%
2. India 6.88%
3. Brazil 5.04%
4. Russia 4.64%
5. UK 4.54%
6. France 3.45%
7. Italy 3.17%
8. S Korea 3.01%
9. Germany 2.99%
10. Vietnam 2.79%
11. Romania 2.25%
12. Spain 2.24%
Other 40.17%

“Spam is certainly here to stay, however the motivations and the methods are continuing to change in order to reap the greatest rewards for the spammers,” said Graham Cluley, senior technology consultant at Sophos. “What’s becoming even more prevalent is the mailing of links to poisoned webpages – victims are tricked into clicking a link in an email, and then led to a site that attacks their computer with exploits or attempts to implant fake anti-virus software.”

Sophos also warns that social networks are increasingly attracting the attention of criminals through malicious apps, stolen profiles and junk messages.

Trojan Toolkit For Sale

Posted by Andrew at 7:10 AM on December 6, 2010

GData LogoGerman security firm G Data put out an interesting press release last month regarding the expected successor to the Zeus trojan, which infected millions of PCs and captured bank account details.  The new trojan, Ares, has a similar modular design, allowing it to be easily configured for a range of target activities.

Malware is big business and a software development kit for Ares is already available to buy on-line, either for an upfront payment of $6,000 or else on a licensing model for when modules are subsequently sold on.  There’s even a cut-down version at $850.

The developer of Ares talked about the new malware in an underground forum. According to the author,  Ares is “not focused on banking. Every copy of Ares is unique to its customer and it has the same banking capabilities as Zeus & SpyEye which can be added provided the customer wants it. I actually consider this more of a platform which is customized to each buyers liking.”

Ares Interface

Without a doubt, malware and virus writing is no longer the domain of the insecure nerd trying to prove his expertise to his peers.  This is now business, criminal business, with significant money involved. And when they catch the writer, I hope that the penalties will be commensurate.

Unless you want to be a victim, make sure you have virus and malware protection in place and keep it updated.

Sophos Offers Free Anti-Virus for Macs

Posted by Andrew at 1:00 AM on November 4, 2010

Sophos logoThere’s no doubt that Apple Macs and Linux PCs are far less likely to suffer from virus infections or malware when compared to their Windows cousins, but there’s also no doubt that newer technologies such as cross-platform scripting can lead to vulnerabilities across the board.  Besides no-one wants to be blamed for passing on a virus infection as payload in a file, even if your computer isn’t actually infected.

McAfee and Kaspersky have had Mac security products for awhile and now Sophos joins the list by offering its Anti-Virus Home Edition for Mac and best of all, Sophos is offering it for free!

Apparently “based on Sophos’s flagship security software, which protects over 100 million business users worldwide”, the software has protection, detection and disinfection capabilities for viruses and malware on OS X.  It will also detect Windows viruses present in files but aren’t activated.  As with most Windows anti-virus products, the Sophos Anti-Virus Home Edition runs in the background, scanning files on-access. You can read more about the technical specs and download the software here.

I’m not a Mac user, but if I was, I’d already have Anti-Virus Home Edition downloaded and installed.  Yes, I know that it’s arguable that there aren’t any OS X viruses right now, but you can bet that they’re coming and when they do, the viruses will burn through the Mac community like wildfire as most people don’t have protection.  It’s free to download so what have you got to lose except a few CPU cycles?

The Helpdesk is Closed…Until Next Christmas

Posted by Andrew at 10:17 AM on January 4, 2010

Regrettably, I don’t get to see my folks as much as I’d like….there’s 500-odd miles and a sea between us, so it was a rare pleasure for my parents to visit me over Christmas for a few days.

After a day or so, my dad says to me, “Could you have a look at my laptop?  Every now and then a strange Asian website keeps popping up.  I thought I had a virus but the virus scanner says all is well.”

So I had a look….and yup, he had a trojan.  Not a particularly nasty one and easily removed armed with instructions from the web.  It was  a variant of W32/Autorun-TR or Win32.Worm.Agent.QAL depending on your nomenclature.  I have to recommend Avira’s Antivir Rescue System which is a bootable CD that will scan the hard disk for infection – download from here.   It’s an essential item for every geek  – the Rescue System picked up the virus straight away.

However, what was more interesting was (a) how did he get the virus and (b) why didn’t his (corporate) anti-virus software pick the virus up?

Dad’s an MD for a specialised engineering firm, so he travels a little.  He’s reasonably technically-savvy but not an IT expert.  It transpired that he’d been in China recently and had shared a USB memory stick with a local agent.  This matched the modus operandi of the virus so that part of the mystery was solved.

What I couldn’t understand was, given the age of the virus (late 2008) and that the corporate antivirus software appeared to be working,  why it hadn’t the trojan been picked up as soon as the USB stick was plugged in?

A little further digging revealed the problem….although the AV software was working, it hadn’t successfully installed new virus signatures in over a year – the last successful update was from mid-2008.   The signatures seemed to download ok, but they never got installed into the AV engine properly. If I forced it to download updates, the activity bar would go to 100% and the window would close, so everything looked ok, but if I subsequently went to the dialog which showed the signature version, it was unchanged.

I’m not going to name which anti-virus software it was because I suspect part of the issue might be that my dad’s company hasn’t paid its annual licence and therefore isn’t entitled to updates.  However, I think it’s very poor that there isn’t a warning on startup clearly saying, “Virus signatures are now 18 months out of date – system at risk”.  If Dad had seen that 17 months ago, he would have been on to his IT dept straightaway to get the licences paid (or whatever remedial treatment is needed).  A severe virus outbreak could literally put the company out of business, so I suspect someone will be starting 2010 with an important task from the MD.

As geeks, we often get asked to provide a little free support at Christmas and other holidays.  While it may sometimes take us away from the drinks and the mince pies, it has to be our way of returning the favours that our friends and family do for us the rest of the time.

See you next year, Dad.

Scareware – Is it a Halloween Treat?

Posted by susabelle at 8:46 AM on October 19, 2009

cartoon_skeletonThis weekend I had to fix my dad’s computer after it got a Scareware popup. This Scareware was rather different than anything I’d approached before; when the popup appeared asking him to purchase via credit card some bogus software to “fix” his viruses, it also locked up his programs so that nothing else would work. He couldn’t open his virus program, email program, Microsoft Word, or anything else. Except, of course, for Internet Explorer, which redirected him immediately to a page where he could put out $80 via credit card to “fix” his access. “Scareware” is a term being used to describe malicious software and/or popups that ask a user to pay a fee to have the “virus” removed by bogus software.

Dad’s smart, he called me. Not only was the virus “vendor” (term being used loosely here) going to gank $80 of my dad’s hard-earned retirement money, they were also going to be in possession of his credit card information, which could have been shared with who knows what kind of nefarious individuals.

I headed straight over there with my laptop, downloaded HiJackThis to a flash drive, which I was then able to pull up on Dad’s machine and run. It immediately took care of the removal. There are some great instructions on using this tool here and here. These are both sites I trust. The first link has really easy instructions, follow them to the letter, and you’ll have no trouble. The second link includes manual removal instructions, which also work but are more time-consuming.

Dad doesn’t know where he got the trojan to begin with; it would have either been from a bugged web page, or possibly from a link in an email. And he got it by using Microsoft Internet Explorer, not Firefox. I had to reset the default browser (I suspect the Trojan had affected this somehow), and make IE a little harder for him to find and click on. To him, the two programs are the same and he doesn’t understand the difference. I also re-activated the AdBlock Plus Plug-in, another “hold” I think could be used to install a Trojan/popup on a system. We’ll see if all of this works. 24 hours later, I’ve received no additional panic calls from Dad.

The virus and trojan makers are getting slicker and slicker. Our protection tools can’t keep up with everything; Dad’s anti-virus was up to date and his Spyware and Malware programs were running once a week at night and fixing problems. But that wasn’t enough to keep him from being infected. And how many people, besides techies, would know how to remove these malicious pieces of software once they get installed, much less know where to look for the tools to do so?

This is another one to watch out for, I fear. It will only get worse.

Wear Your Email Safety Helmet

Posted by GNC at 7:15 AM on October 6, 2009

Whenever I want to feel fearful and depressed I usually visit one of the news websites. Earthquakes, murder, war, theft, snoops, kidnappers, recession, depression, corruption, and all other sorts of horrible news. When I read the news sites I’m reminded of how unsafe the world is. Soon I tire of the bad news and move on to investigate the net for news on tech and design. Today Foxnews.com had the audacity to remind me that I am unsafe even on the web. The site highlighted the news from Microsoft that thousands of Hotmail passwords had been exposed. It scared me to death. I nearly jumped to my Hotmail account before I even finished the article. Reading on I discovered that Microsoft had deactivated all the affected accounts until true control could be restored. Why do I care? Hotmail only collects my spam from sites that demand an email address. Hotmail lets through all the other spam anyway! But I digress.

email icon The point of all this is: we are never safe. Their is no safe haven in the world or the web.  Every company does it’s best and so must we.  Yet, sometimes problems may come. If we live with that understanding we can truly do our best to protect ourselves. When we react in panic there is not a clear path of thinking. So with this reminder of our web-identities fragility, what should we do? Let’s refresh four basic email and online account rules:

  1. Always use a secure password. Your birthday, name spelled backwards, address, mothers name, dog’s name, middle name, favorite food, and initials hardly qualify. Use one of the many free random password generators on the web or if you insist on an easier to remember one then create a mixture of information that you can remember. For example and purely fictitious: !S1eP99t9 This could be a combination of the month and year you and your spouse were married. Now while I would only call this a basic password it sure beats “Fluffy”. Of course if you want your bank account to be protected by Fluffy, then more power to you.
  2. Never use the same passwords for multiple accounts. For that matter don’t do what I did at the start and use the same password with just the last letter different! Why would you want someone to have a free-for-all with all your accounts? Use different passwords and find an open-source or free password vault. I personally love 1Password for the Mac.
  3. Change your passwords periodically. I must admit it takes the misfortune of someone to remind me to do this.
  4. Don’t use a public computer. Many public computers are not adequately protected against the installation of malicious password key logging applications. Just don’t log in on a public computer. Just say no. And certainly don’t buy something online with your credit card information! Browse the web on it, read the news, just don’t give any information.

I understand these are basic tips, but sometimes we just need to be reminded to stay alert and on guard.  Kind of like reminding our kids to wear their helmet when they ride a bike.  Resist the urge to become lazy online. I don’t want to read about you on Foxnews.com.

GNC-2006-10-20 #209

Posted by geeknews at 3:28 AM on October 20, 2006

Great debate at the end of the show and I have fun smacking both Microsoft and Apple around today with a lot of hot topics that you are going to want to hear my commentary on! Ohh and a Old School Intro!

Sponsors:
[Save 15% on any order of $20 or more at GoDaddy.com!] Use Code Geek5
[Try GoToMeeting free for 30 days at GoToMeeting.com/techpodcasts. No credit card needed.]

Get the BitTorrent feed today! Thanks DownloadRadio.org


Blubrry.com player!

blubrry.com

Comments to 619-342-7365 e-mail to geeknews@gmail.com

Listener Links:
Navy Starts Podcasting
Invisibility Cloak
Link Back to the Show and get Spotted here!
Favorite Tech Podcast
PrimeSpotLights

Show Links:
Cameron Reilly
BluRay vs HD-DVD
Stats What’s Real
MPAA Frustrated
MRO
PayPerPost
EA Spyware
Iran Bans HS Internet
IE7 Launched
IE7 Security Issue
IE7 Review
Vista License
Webmaster Tools
Mac Apps
Meth Pics
Apple End Game
Email virus
DNA Repair
Get Listed on News Sites
Free Stuff at Trade Shows
Sony Claims
TiVo vs FCC
Microsoft mad at Apple!
AllofMP3.com Blacklisted
No Moon Ice
IT Open Season
IT Open Season 2
Save Hubble?
Vista Activation Bomb!
Spamhaus Lives

Google Apps for Your Domain!

Posted by todd at 1:14 AM on October 12, 2006

GoogleappsAs many of you know that listen to my show you have been hearing me complain about the amount of Spam I have been getting. I have been looking all over the net for a solution and those that I found where either too expensive or they were made for people with small volumes of mail.

As I was talking to Angelo he and I decided to try a Google Service that has been around for a while in beta testing. We both have used Gmail quite a bit and I know it is as good or better than the Spam checker we have been running on our own servers. Up to this point we have been using Qmail with Spamd and several others utilities to filter the mail and scan for viruses.

I decided to take the plunge and applied for a couple of domains tonight and within about 20 minutes I had the mail moved over to Google and was down-loading it into outlook like I always do. I logged into the very familiar Gmail interface and instead of a Gmail.com domain I was not on my very own geeknewscentral.com domain.

So I have been watching the filtering here for a couple of hours, and can tell you so far I am very happy, the true test will come in the morning when I down-load my mail as normal, and then cross check on the Google site to see how much Spam it has caught that I have not had to deal with it. If it works out we are going to see if we can move over a few more domains.

What amazed me was how easy it was to setup, Google has done a really good job here, I am sure that some people would be very worried about having Google host their e-mail and I am not a 100% sure how I feel about it yet. One thing for sure,  I feel pretty good that none of it will go missing. [Google.com]

Mac users ‘too smug’ over security?

Posted by geeknews at 4:05 AM on January 17, 2006

No that headline is not coming from me but hijacked from the BBC! I have been accused in the past of telling Mac users not to get to comfortable in not having to deal with Virus and Spyware threats. Seems I am not the only one to think that. [BBC]

Disclaimer thus far Mac users have been pretty lucky thru either good code or lack of hackers who really cared to write to the OS in it’s small adoption numbers. If you are of the mentality that you are immune, all I can say is keep drinking the Koolaid and when you wake up one morning and the Sugar has been replaced with Acid don’t blame me.