G Data Tackles Malware on Websites

G Data’s been busy. After releasing their malware protection for Android, they’ve also extended their safety net into the internet. G Data‘s CloudSecurity is a free browser plug-in designed to block phishing sites and protect against websites pushing malware. The plug-in can be used with Mozilla Firefox and Internet Explorer and it’s available as a free download from free-cloudsecurity.com.

CloudSecurity blocks dangerous websites before they can cause harm to your PC or steal your data. And the more people who use CloudSecurity, the better it gets. Users can report suspicious websites via the plug-in back to G Data, whose experts then check over the websites to see if they are dangerous or not. If they are, they get added to the black list.

If you are currently availing of some of the free AV solutions out, then this sounds like a useful complementary (and complimentary) product.

(This type of product seems to be flavour of the month as Todd also mentioned a similar product in GNC #652 last week – Web of Trust.)

G Data Offers Malware and Virus Protection for Android

The Android OS has already attracted the attention of malware and virus writers looking for new ways to extort money from unsuspecting victims. The BBC reported back in August of 2010 on a Russian media player that sent premium rate text messages, thus earning the virus writer hefty referral fees. More recently, the Geinimi trojan had been collecting personal info and passing it on to some Chinese remote servers.

G Data Software today announced their MobileSecurity solution for Android 2.0 and above to guard against malware and other fraudulent programs. By monitoring activity on the phone or tablet, it can detect unwanted sending of SMS text messages or web browsing in the background.

Using the security app on the smartphone, the user can authorise the activity of known apps but block those apps which start acting in an unexpected fashion. The security app will also maintain a blacklist of Android malware which is regularly updated with downloads from G Data.

Available from April 2011 for £9.99 from the Google Market Place or free to existing G Data customers from G Data’s website.

Sophos Security Threat Report 2011

Digital security firm Sophos today released their Security Threat Report for 2011, which reviews all the ways that the bad guys are out to get you. It’s a glossy 52 page report and is worth a quick read to understand the threats that are out there, especially in areas that you might not be familiar with.

The report covers the key threats from 2010:

  • Fake anti-virus software and scareware – through a warning dialog, users are scared into paying for and installing fake anti-virus software, which at best does nothing and at worst steals passwords and credit card information.
  • SEO poisoning – manipulating search engine results to point users to fake and rogue websites, which are loaded with browser exploits and malware.
  • Clickjacking or UI redressing – hiding malicious buttons underneath innocuous images, e.g. clicking on a “Like” or “Share” image actually emails out malware to all the users friends.
  • Survey scam – in order to complete a questionnaire that typically offers a non-existent but  sought-after prize, software has to be installed or access given to personal data. This information is then used to propagate the questionnaire onwards, earning affiliate revenue for the application developer.
  • Spam – not exactly a new entrant in 2010 but the rise of spam on social networking sites is an increasing problem.
  • Spearphishing – a variant on the original phishing but in this case the attack is well targetted and much more convincing and consequently more likely to succeed.
  • Stuxnet worm – a traditional vector but with a new target, the Stuxnet worm went after SCADA systems and industrial PLC controllers. Very sophisticated, leading to conspiracy theories involving industrial sabotage.
  • Malvertising – the infection of advertising on legitimate websites that links to malware or fake anti-virus software.
  • Compromised sites and accounts – Legitimate websites and typically celebrate accounts are hacked to serve infected webpages or link to malware sites.

The report briefly covers the threats posed to iOS, Android, Windows 7 and Blackberry smartphones before moving onto to review issues with Facebook, Adobe products, removeable media and USB drives. Windows 7 and OS X are also discussed.

The report continues with some of the success stories when the justice system has managed to catch up with the criminals before closing with advice and guidance on how to avoid getting hit.

Give it a read. Warning – 4MB .pdf download.

Sophos Offers Free Anti-Virus for Macs

Sophos logoThere’s no doubt that Apple Macs and Linux PCs are far less likely to suffer from virus infections or malware when compared to their Windows cousins, but there’s also no doubt that newer technologies such as cross-platform scripting can lead to vulnerabilities across the board.  Besides no-one wants to be blamed for passing on a virus infection as payload in a file, even if your computer isn’t actually infected.

McAfee and Kaspersky have had Mac security products for awhile and now Sophos joins the list by offering its Anti-Virus Home Edition for Mac and best of all, Sophos is offering it for free!

Apparently “based on Sophos’s flagship security software, which protects over 100 million business users worldwide”, the software has protection, detection and disinfection capabilities for viruses and malware on OS X.  It will also detect Windows viruses present in files but aren’t activated.  As with most Windows anti-virus products, the Sophos Anti-Virus Home Edition runs in the background, scanning files on-access. You can read more about the technical specs and download the software here.

I’m not a Mac user, but if I was, I’d already have Anti-Virus Home Edition downloaded and installed.  Yes, I know that it’s arguable that there aren’t any OS X viruses right now, but you can bet that they’re coming and when they do, the viruses will burn through the Mac community like wildfire as most people don’t have protection.  It’s free to download so what have you got to lose except a few CPU cycles?

The Helpdesk is Closed…Until Next Christmas

Regrettably, I don’t get to see my folks as much as I’d like….there’s 500-odd miles and a sea between us, so it was a rare pleasure for my parents to visit me over Christmas for a few days.

After a day or so, my dad says to me, “Could you have a look at my laptop?  Every now and then a strange Asian website keeps popping up.  I thought I had a virus but the virus scanner says all is well.”

So I had a look….and yup, he had a trojan.  Not a particularly nasty one and easily removed armed with instructions from the web.  It was  a variant of W32/Autorun-TR or Win32.Worm.Agent.QAL depending on your nomenclature.  I have to recommend Avira’s Antivir Rescue System which is a bootable CD that will scan the hard disk for infection – download from here.   It’s an essential item for every geek  – the Rescue System picked up the virus straight away.

However, what was more interesting was (a) how did he get the virus and (b) why didn’t his (corporate) anti-virus software pick the virus up?

Dad’s an MD for a specialised engineering firm, so he travels a little.  He’s reasonably technically-savvy but not an IT expert.  It transpired that he’d been in China recently and had shared a USB memory stick with a local agent.  This matched the modus operandi of the virus so that part of the mystery was solved.

What I couldn’t understand was, given the age of the virus (late 2008) and that the corporate antivirus software appeared to be working,  why it hadn’t the trojan been picked up as soon as the USB stick was plugged in?

A little further digging revealed the problem….although the AV software was working, it hadn’t successfully installed new virus signatures in over a year – the last successful update was from mid-2008.   The signatures seemed to download ok, but they never got installed into the AV engine properly. If I forced it to download updates, the activity bar would go to 100% and the window would close, so everything looked ok, but if I subsequently went to the dialog which showed the signature version, it was unchanged.

I’m not going to name which anti-virus software it was because I suspect part of the issue might be that my dad’s company hasn’t paid its annual licence and therefore isn’t entitled to updates.  However, I think it’s very poor that there isn’t a warning on startup clearly saying, “Virus signatures are now 18 months out of date – system at risk”.  If Dad had seen that 17 months ago, he would have been on to his IT dept straightaway to get the licences paid (or whatever remedial treatment is needed).  A severe virus outbreak could literally put the company out of business, so I suspect someone will be starting 2010 with an important task from the MD.

As geeks, we often get asked to provide a little free support at Christmas and other holidays.  While it may sometimes take us away from the drinks and the mince pies, it has to be our way of returning the favours that our friends and family do for us the rest of the time.

See you next year, Dad.

Forget IE6 – Update Your Windows XP

So I was given another friends’ computer to fix. They were having overheating issues, which was easily deduced to a blocked fan. Nonetheless, when I turned it on I was greeted with the same issues that so many have not taken care of.

It was still on XP Service Pack 1.

What this meant was I was stuck doing the upgrades. I really don’t mind, but it made me think a bit about how people look at and use their computers; How they say they’re “Computer Stupid” and don’t know all the technical jargon I spew.

I hate that term – “Computer Stupid”.

To begin with, it’s not grammatically correct. With that aside, it’s not about if you know how to put together a computer. It’s about whether you read the signs – after all, if you didn’t read the road signs while driving, you might get lost. Then again, I know people that DO read the signs and still get lost…

So you turn on the computer and the first thing that pops up is an error message. What do you do? Do you 1. try to deduce the problem. 2. Consult a fellow IT friend or 3. Ignore the message altogether and select through it?

It’s amazing how many people do #3. Just like looking at that little “Change Oil” light in the car. After all, it looks so pretty when it’s on for the next 12 thousand miles…

Funny thing about these computers is the Windows Update feature is turned on. It says on the bottom there are updates to be run. Probably has said that on this computer for a long time. After all, I had to install Service Pack 2.

Recently, an initiative has come out trying to make people aware to the fact that they need to upgrade from IE 6. The initial push to IE 7 was slow simply because the added features caused online programs to not function and security holes to be created. The job at the time definitely did not want to make the upgrade because the banking software (for one) didn’t work with IE7.

Awareness has shown the masses that IE might not be the browser to run: The “Million Download” Firefox attempt brought more awareness to what we use for a browser. Still – 8 million downloads (now the Guinness record) is a far cry from as many computers that are out there. Since then Firefox has boasted 1 billion downloads – but how many computers really have the software on and how many people just didn’t go back to IE6?

It’s all about awareness. If the dirty dish is in the sink and you need to use it – you wash it. If the bag is in the hallway and you are coming through, you move it. Therefore, if the computer is telling you to update… You get the picture.

That’s not being “Computer Stupid”. It’s about being aware.

It’s even understandable if you select off it a couple times simply because you are working on something. But eventually, you should really just “Do it”. After all, it’s not going to go away. You might just end up paying for waiting in malware issues. In fact I am surprised this computer is not riddled with malware – especially since there is no Anti-Virus on it.

But that’s a whole other subject.

For now, don’t ignore the issue. Update the computer.

Mydoom Worm Makes a Name for Itself in a Hurry

The Mydoom worm (a.k.a. Shimgapi and Novarg) is making a fast name for itself and has been detected in 142 countries and currently accounts for 8.5% of all Internet e-mail, according to a leading security company.

The worm arrives in an e-mail file attachment. The e-mail body varies from blank to highly technical jargon…all of which are designed to fool the recipient into opening the attached (infected) file which has a common extension such as ZIP, SCR, EXE, or PIF.

Dave’s Opinion
I started noticing the worm making its way through our e-mail servers yesterday. I’m receiving a couple of dozen copies of infected messages every hour in my e-mail account, alone. Some of the infected messages are being transmitted using one of my e-mail accounts as the faked sender, so it’s difficult to determine from true sender.

Keep you antivirus software updated and never, I mean never, open a file attachment that you’re not expecting.

Call for Comments
What do you think? Leave your comments below.