Virus Infects US Drones

Predator DroneWired is reporting that a virus has infected the flight systems controlling the Predator and Reaper drone aircraft in the Middle East. The systems have been infected for about two weeks and it appears to be a keylogger-type of virus. Further, the virus has resisted attempts to disinfect the system but the military think it’s benign.

You can read the full article yourself, but as an IT professional I read it with utter horror and dismay. Here we have a (potentially) armed aircraft apparently still operating with an unknown virus in its systems. Does this ring alarm bells for anyone else?

I work in a public sector organisation and our approach to a PC with a virus infection is to pull the plug on the infected equipment and disconnect it from the network until we are able to clean the PC, regardless of whether we think its benign or otherwise. We’re concerned that data might be wiped out. You’d think that the military might have concerns about people being wiped out by a malfunctioning drone but apparently not.

And then there’s the question of how the system came to be infected. Again there seems to be a remarkable lack of knowledge. No doubt we’ll find that the USB ports were unlocked, there was no antivirus software and anybody could plug in a memory stick at will.

Looks like there’s a market opportunity for an AV company…

Mobile Malware Rises

With the rise of smartphones and tablets, it’s not exactly unsurprisingly that they’ve increasingly become a target for cyber criminals and other unscrupulous individuals. In the first half of this year, malware for portable devices increased by 273% compared with 2010.

Cross-platform Trojans are the main source of the growth and most of these viruses are designed to enable spamming or other criminal activities. “With mobile malware, cyber criminals have discovered a new business model,” explains Eddy Willems, Security Evangelist at G Data. “At the moment, the perpetrators mainly use backdoors, spy programs and expensive SMS services to harm their victims. Even though this special underground market segment is still being set up, we currently see an enormous risk potential for mobile devices and their users. We are therefore expecting another spurt of growth in the mobile malware sector in the second half of the year.

If you think that it’s just hyperbole, think again. Zsone, an Android app in the Google Android Market sent subscriptions to Chinese premium SMS numbers and then intercepted the confirmations. The only way the user knew they’d been scammed was when the bill came in.

PC malware is on the rise too with a nearly 16% rise in the last six months. The graph below shows the rise of new malware each year since 2006 and if the growth continues, there will be more new malware in 2011 than 2006-09 combined.

It’s a bad world out there, so be careful no matter what platform you are on. Just because it’s a phone and not a PC, it doesn’t make you invulnerable.

USA Continues As Spam King

Sophos has published its quarterly report into spam and the USA remains top of the league for spam-relaying, being responsible for nearly 19% of all spam messages. India follows with a little under 7% and then Brazil, Russia and the UK finishing the top 5 on 4.5%.

The vast majority of spam does not come directly from spammers’ servers, but rather from PCs that have been compromised by trojans or other malware and are now under the control of the criminals. This allows spam to be passed on by PCs without the owners’ knowledge – this is spam-relaying. Consequently, these figures indicate that huge numbers of PCs in the US are infected and under the control of the spammers.

Sophos also notes that the nature of spam is changing. Previously, pharmaceutical products would have been the mainstay of the spammers’ output but increasingly the spam is spreading malware and phishing for account information. As an aside, an estimated 36 million Americans purchased drugs from unlicensed online sellers.

The top spam relay countries for the last quarter were:

1. USA 18.83%
2. India 6.88%
3. Brazil 5.04%
4. Russia 4.64%
5. UK 4.54%
6. France 3.45%
7. Italy 3.17%
8. S Korea 3.01%
9. Germany 2.99%
10. Vietnam 2.79%
11. Romania 2.25%
12. Spain 2.24%
Other 40.17%

“Spam is certainly here to stay, however the motivations and the methods are continuing to change in order to reap the greatest rewards for the spammers,” said Graham Cluley, senior technology consultant at Sophos. “What’s becoming even more prevalent is the mailing of links to poisoned webpages – victims are tricked into clicking a link in an email, and then led to a site that attacks their computer with exploits or attempts to implant fake anti-virus software.”

Sophos also warns that social networks are increasingly attracting the attention of criminals through malicious apps, stolen profiles and junk messages.

Trojan Toolkit For Sale

GData LogoGerman security firm G Data put out an interesting press release last month regarding the expected successor to the Zeus trojan, which infected millions of PCs and captured bank account details.  The new trojan, Ares, has a similar modular design, allowing it to be easily configured for a range of target activities.

Malware is big business and a software development kit for Ares is already available to buy on-line, either for an upfront payment of $6,000 or else on a licensing model for when modules are subsequently sold on.  There’s even a cut-down version at $850.

The developer of Ares talked about the new malware in an underground forum. According to the author,  Ares is “not focused on banking. Every copy of Ares is unique to its customer and it has the same banking capabilities as Zeus & SpyEye which can be added provided the customer wants it. I actually consider this more of a platform which is customized to each buyers liking.”

Ares Interface

Without a doubt, malware and virus writing is no longer the domain of the insecure nerd trying to prove his expertise to his peers.  This is now business, criminal business, with significant money involved. And when they catch the writer, I hope that the penalties will be commensurate.

Unless you want to be a victim, make sure you have virus and malware protection in place and keep it updated.

Sophos Offers Free Anti-Virus for Macs

Sophos logoThere’s no doubt that Apple Macs and Linux PCs are far less likely to suffer from virus infections or malware when compared to their Windows cousins, but there’s also no doubt that newer technologies such as cross-platform scripting can lead to vulnerabilities across the board.  Besides no-one wants to be blamed for passing on a virus infection as payload in a file, even if your computer isn’t actually infected.

McAfee and Kaspersky have had Mac security products for awhile and now Sophos joins the list by offering its Anti-Virus Home Edition for Mac and best of all, Sophos is offering it for free!

Apparently “based on Sophos’s flagship security software, which protects over 100 million business users worldwide”, the software has protection, detection and disinfection capabilities for viruses and malware on OS X.  It will also detect Windows viruses present in files but aren’t activated.  As with most Windows anti-virus products, the Sophos Anti-Virus Home Edition runs in the background, scanning files on-access. You can read more about the technical specs and download the software here.

I’m not a Mac user, but if I was, I’d already have Anti-Virus Home Edition downloaded and installed.  Yes, I know that it’s arguable that there aren’t any OS X viruses right now, but you can bet that they’re coming and when they do, the viruses will burn through the Mac community like wildfire as most people don’t have protection.  It’s free to download so what have you got to lose except a few CPU cycles?

Attacked!

Something has happened to my laptop that has never happened before. It has been infected with a virus. I “caught” it through an unsecured wireless connection at my favorite coffee shop last night. The first symptom was an Internet Explorer window kept opening and going to various sites wanting to sell me things. I don’t use IE, and actually had an active Firefox window open at the time with tabs open for gmail, facebook, my local television news, and a writing forum I was posting on. In the course of an hour, I had three of these Internet Explorer executions.

No problem, right? I finished what I was doing and went home, got distracted with family stuff and whatnot, and did not do much looking around to see what was going on. I used the laptop a couple of times, and noticed the fan was running pretty hard, which is unusual. I shut it down and went to bed. This morning I turned it back on, and started up email and a bit of surfing, when I realized the computer was playing audio. It sounded like music, so I turned it up, only to hear much more than music going on. There was a lot of ahhing and oohing too. Ouch. Opened up taskmanager and found something called zwp.exe running in processes, along with some other things. I immediately booted up Windows Security Essentials and did a complete scan. I ended up with a vobfus.m worm, and two alureon trojans (CT and CO). Nice. Turns out that all three infect via network, especially wireless networks in unsecured locations.

Someone sitting in that coffee shop with me last night was massively infected, and sharing their infection around willy-nilly. I had my firewall engaged, but that was obviously not enough. I’m going to have to look at some alternatives, as I am likely to use this coffee shop in the future when working with clients. After years of using computers and never getting a virus on one that only my hands touch, I’m embarrassed and unnerved to have gotten infected so darned easily. And it’s taken me several hours this morning to get it all cleaned up and back to normal, hours I could have surely spent doing something else. Not to mention that since I was stupid enough to use the laptop this morning on my own home network, I probably shared my infection with at least one other PC in the house, which will also need the deep clean treatment.

No wonder common users just cannot keep up. I have fixed one desktop this week that had a trojan infection the user could not fix, and last night rebuilt a netbook that had gotten infected as well. Both of these were friends’ machines, not my own. Both of these friends were so frustrated they were ready to give up, and I can’t say I blame them. I don’t know what the solution is, because it seems like even if you have all of the stop-guards in place, there is still some hole somewhere that a bug can get in, and ruin your whole day. It stinks, I tell you!

Attention: Malware On Your Computer?

“Security center has detected malware on your computer.” Have you ever seen that message pop up on your computer? Have you ever seen it happen over Skype? Well, I’ve received that message three times in the last month as a Skype message. It tells me that my Windows software is infected and I need to install a patch. It even gave me a website (link) to go to to help me install the patch.

Skype Malware Message

I may have fallen for the trick but I don’t know how a Windows patch would fix my iMac running OSX. I don’t run Bootcamp, or Windows in a virtual machine, nor does my iMac know what an .EXE or ActiveX file is. I’m sure if I clicked on this link and installed the patch on my Windows machine, my machine WOULD have been infected with malware! (For now Mac machines may be safer from malware infections but it’s wise to still be careful.)

I’ve written before about being safe on the Internet and not going to sites you don’t know or clicking on links in emails, but this is the first I heard of a message over Skype. If you look at the message box (on my iMac), it doesn’t even say it’s from Skype and the window title says. “Software Updates.”

What concerns me is that many people may fall for this trick. I know most readers of GNC and listener’s to Todd’s podcast are tech savvy enough that they wouldn’t fall for something like this, but what about mom (or dad) or your grand parents who get a web cam for Christmas and install Skype so they can talk to the grand kids? Would they click on this link and install the “patch” if this message box appeared?

Google is trying to find sites that install spyware and root-kit software on your computer, but you can’t depend on this for every “bad” website. Recently there was a SQL-injection virus that infected a large number of websites. The virus takes advantage of PCs running Windows that have not been patched with the latest updates. You don’t have to click on any links to get infected — just visit a site taken over by this malware software. It does this by linking to the site 318x dot com (please don’t go to this site). If you search for 318x dot com using google, the first search listing says “This site may harm your computer.” That because this site has been around for a while and has given enough time for Google’s security bots to find the site and determine that it’s up to no good. Here is the link for the Google Safe Browsing page for the 318X site: http://google.com/safebrowsing/diagnostic?site=318x.com/

Now back to my Skype message. I mentioned that this is the third time I’ve received this message in the past month. Each time I did a Whois search of the linked website and found that the website was created within one day of when I received the message. The website mentioned in the most recent warning message was created the same day I received the message. This tells me that the author of this warning message is changing the website URL to keep it from being flagged by Google and the security monitoring sites. If you do a Google search for this site it comes up clean. Oh, did I mention that the owner of this site (and the previous two sites) is from Prague, Czech Republic (outside US laws)?

As you visit relatives and friends over the holidays make sure everyone knows about safe surfing on the Internet. Don’t click on links in emails (or Skype message boxes) and make sure to keep your computer’s OS patched and up to date.

Happy Holidays.

73’s, Tom

Are You Safe Surfing the Internet?

McAfee just released their annual report talking about the dangers of surfing the Internet. In the report they highlighted the most “dangerous” online celebrities.

Fans searching for “Jessica Biel” or “Jessica Biel downloads,” “Jessica Biel wallpaper,” “Jessica Biel screen savers,” “Jessica Biel photos” and “Jessica Biel videos” have a one in five chance of landing at a Web site that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware. Searching for the latest celebrity news and downloads can cause serious damage to one’s personal computer.

I know McAfee is a provider of anti-virus/malware software so they have a lot to gain by going public with this report. But software alone doesn’t make it less dangerous.

I’ve talked to a number of people who don’t worry about viruses or malware because they are using a anti-virus program and think they are safe. I even know someone who goes to sites to download music knowing that most of the downloads are infected (they get warning messages from their anti-virus program all the time). They think their anti-virus program will protect them.

No software on your computer can protect you completely. Operating systems are very complex and WILL contain bugs that hackers can exploit. Once vendors know about these holes they do try to patch them but it may be too late for some users. Anti-virus/malware programs try to protect you but they may not always be up-to-date or in some cases are not able to detect/fix the problem.

In the past most viruses/malware were spread by email attachments or clicking links in emails. Now, you can be infected by going to the wrong website. These sites take advantage of bugs/holes in the operating system or in applications like Adobe PDF reader, Flash player, etc. A while back there was a flaw in Windows where all you had to do was go to a website with an inflected photo, and your machine was infected. No piece of software on your computer would have protected you from that.

What can you do to keep from getting infected and stay safe? Buy a Mac (just kidding). Mac users don’t have the same issues with viruses and malware but that could change. Apple has put out a number of security patches for Mac OS 10.5 lately and there are rumors that they will include anti-virus software in the upcoming release of Snow Leopard. Reports on viruses for the Mac have been few but that may change as the number of users grow and hackers refocus their attacks.

So here are my tips to keep your computer safe (for both Windows and Mac):

  1. Keep your computer Operating System (OS) up-to-date. Don’t disable or put off updates your OS vendor sends. Chances are they are patching a problem that is currently being exploited.
  2. Keep your applications up-to-date. In the past you may have put off updating to the latest Adobe Reader because you didn’t see any problems with the one you’re using. Now the update may include a security fix too.
  3. Don’t click on unknown links. Be careful clicking on links in emails or social sites (like Twitter and Facebook). If your bank sends you an email saying there is a problem with your account and says “click here,” close the email and enter the bank’s website address yourself so you know you’re going to the right place.
  4. Don’t go to risky sites. Some browsers (i.e. Firefox) use a list of infected sites and will warn you if you about to go there. Google search does the same. http://googleonlinesecurity.blogspot.com/
  5. Be careful when you get a message box saying that a program wants permission to install or access one of your computer’s resources. Don’t blindly hit Yes/Ok unless you know that is what you want to do.
  6. Don’t believe message boxes that pop up when you go to a new website. A common popup is a warning that your computer is infected and you need to click this link to run a scan of your computer or download a program to remove the infection. Generally, the program you download (and install) IS the infection! Once, I ran this scan on my Mac and it told me my Windows computer was infected with a virus.
  7. Don’t reuse passwords. A lot of sites require you to sign up for an account and create a password. Don’t use your email account password for your online banking account. Get a program to manage your passwords and use a different password for each site. Most of these password programs will generate a long random password that can’t be guessed. (I use 1Password for the Mac, and Personal Passworder for Windows.)
  8. When going to secure sites, like banks or sites to purchase items, make sure you have a secure secure connection when you are about to enter sensitive information (i.e. credit card number, password, etc.). You should  look for the small padlock symbol at the bottom of your browser window and make sure the URL to the site begins with HTTPS, indicating that you are using a SSL (Secured Sockets Layer) connection. The URL should match what you are expecting. If you go to the Bank of America website make sure the URL shows  https://www.bankofamerica.com and not https://www.bankofamerica.com.myxyz.com.

I know the above list doesn’t cover everything that you should do to keep your computer safe, but I think it’s a good start.

If you’re a regular to Geek News Central, you most likely know what to do and what not to do to be safe. Do your family and friends a favor and send them a link to this post or, at the very least, talk to them about how to be safe on the Internet.

73’s, Tom


Real or Imagined Threats?

Some news reports out today are leading the public to believe that the April 1st threat of Conficker has been a whole lot of nothing. Yes, the worm had a trigger date to take over machines on the 1st, and for machines that weren’t protected, that takeover happened. I’m currently working with a friend of my son’s on one of the computers in her household that ended up being infected with Conficker. For most people, because their machines were patched and their virus programs up to date, no problems were noted.

So of course follows lots of commentary about how everything was blown out of proportion, ala Y2K.

I completely disagree. In my mind, it is because of the publicity and news reports that the Conficker worm had less purchase and effect overall. People were paying attention, and they were making sure their machines were clean. If they didn’t know how, they tagged a geek who did, and made sure they were ready for this particular threat. Just because we were prepared for the threat doesn’t mean it was any less of a threat. There are still machines out there that are infected and will need to be addressed, but I believe the threat is a whole lot lower mainly because people were aware and doing what the needed to do to keep from being infected.

I know, sometimes to the rest of the world we geeks are running around hollaring about viruses and worms and oh-my-gosh-it’s-the-end-of-the-world, but the fact is, if we didn’t take these things seriously, there’d be even worse threats and worse infections turning machines into zombies for us.

This weekend I imagine I’ll spend a couple of hours trying to come up with a fix for my son’s friend’s machine. I’d rather have talked to a few people about the worm and how they should be protecting themselves, than spending my weekends and evenings fixing problems that could have been avoided with a little prevention.

Of course, on this blog, I’m preaching to the choir, aren’t I?

CES 2008 SmartRestart Software Information

Smart Restart is a dream product for those of you that never change your computer configuration or maybe a parents or grandparents computer. This software resets your computer every time you reboot it. You decide when you want to take a snapshot of your install and Smart Restart remembers that configuration from that point on and resets it to that configuration after every reboot. Perfect for that friend or family member that is always messing up there computer

If you want more information on Smart Restart and info on future special offers please visit www.rawvoiceoffers.com and enter promo code “restart” or visit www.smart-restart.com

Download Link

Play