Category Archives: spyware

Superman Tops McAfee’s Toxic Avenger List



evil superman

With San Diego Comic Con quickly approaching, everyone is jumping on board the superhero bandwagon.

Today even McAfee has joined the hype. (The company, not the man, however, we’d love to see a comic book based on John McAfee!)

In a press release, the anti-virus company released its second annual list of superhero searches that lead to bad links, viruses, malware and sites containing malware.

Here’s the list of suspicious superheroes:

McAfee’s Top 10 Most Toxic Superheroes:

 1.       Superman, 16.50%

2.       Thor, 16.35%

3.       Wonder Woman + Aquaman (tie) 15.70%

4.       Wolverine, 15.10%

5.       Spiderman, 14.70%

6.       Batman, 14.20%

7.       Black Widow, 13.85%

8.       Captain America, 13.50%

9.       Green Lantern, 11.25%

10.   Ghost Rider, 10.83%

*% indicates chance of landing on a website that has tested positive for online threats such as spyware, adware, spam, phishing, viruses or other malware.


World Pride’s Spy Gadgets



Bluetooth WatchWorld Pride is unlikely to be a name that you’ve heard of, but once you see a few of their gadgets in the video, you’ll recognise them from the gadget stores and catalogues. Jeffrey and Jamie chat with Jim.

The team at World Pride visit factories in Asia and try to spot cool gadgets that haven’t yet made it to market in the US. They then work closely with the factory to refine the product for US consumers. On show here are examples of gadgets that World Pride has already brought or will be bringing to the market.

One of the watches in the interview has a Bluetooth receiver and when someone rings your mobile phone, the watch will display the name or number of the person calling. As Jamie mentions, great if you are in a meeting and want to know if you should take a call.

Other gadgets include a pen and a watch with a video camera built-in and finally, there’s a miniature digital camera. It’s only about an inch wide but it looks like a tiny point-and-shoot camera while still taking 5 MP pictures and HD video.

Interview by Jeffrey “Austin” Powers of Geekazine and Jamie “007” Davis of the MedicCast and the Nursing Show.

Support my CES 2024 Sponsor:
$11.99 – For a New Domain Name cjcfs3geek
$6.99 a month Economy Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1h
$12.99 a month Managed WordPress Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1w
Support the show by becoming a Geek News Central Insider

Sophos Security Threat Report 2011



Digital security firm Sophos today released their Security Threat Report for 2011, which reviews all the ways that the bad guys are out to get you. It’s a glossy 52 page report and is worth a quick read to understand the threats that are out there, especially in areas that you might not be familiar with.

The report covers the key threats from 2010:

  • Fake anti-virus software and scareware – through a warning dialog, users are scared into paying for and installing fake anti-virus software, which at best does nothing and at worst steals passwords and credit card information.
  • SEO poisoning – manipulating search engine results to point users to fake and rogue websites, which are loaded with browser exploits and malware.
  • Clickjacking or UI redressing – hiding malicious buttons underneath innocuous images, e.g. clicking on a “Like” or “Share” image actually emails out malware to all the users friends.
  • Survey scam – in order to complete a questionnaire that typically offers a non-existent but  sought-after prize, software has to be installed or access given to personal data. This information is then used to propagate the questionnaire onwards, earning affiliate revenue for the application developer.
  • Spam – not exactly a new entrant in 2010 but the rise of spam on social networking sites is an increasing problem.
  • Spearphishing – a variant on the original phishing but in this case the attack is well targetted and much more convincing and consequently more likely to succeed.
  • Stuxnet worm – a traditional vector but with a new target, the Stuxnet worm went after SCADA systems and industrial PLC controllers. Very sophisticated, leading to conspiracy theories involving industrial sabotage.
  • Malvertising – the infection of advertising on legitimate websites that links to malware or fake anti-virus software.
  • Compromised sites and accounts – Legitimate websites and typically celebrate accounts are hacked to serve infected webpages or link to malware sites.

The report briefly covers the threats posed to iOS, Android, Windows 7 and Blackberry smartphones before moving onto to review issues with Facebook, Adobe products, removeable media and USB drives. Windows 7 and OS X are also discussed.

The report continues with some of the success stories when the justice system has managed to catch up with the criminals before closing with advice and guidance on how to avoid getting hit.

Give it a read. Warning – 4MB .pdf download.


Scareware – Is it a Halloween Treat?



cartoon_skeletonThis weekend I had to fix my dad’s computer after it got a Scareware popup. This Scareware was rather different than anything I’d approached before; when the popup appeared asking him to purchase via credit card some bogus software to “fix” his viruses, it also locked up his programs so that nothing else would work. He couldn’t open his virus program, email program, Microsoft Word, or anything else. Except, of course, for Internet Explorer, which redirected him immediately to a page where he could put out $80 via credit card to “fix” his access. “Scareware” is a term being used to describe malicious software and/or popups that ask a user to pay a fee to have the “virus” removed by bogus software.

Dad’s smart, he called me. Not only was the virus “vendor” (term being used loosely here) going to gank $80 of my dad’s hard-earned retirement money, they were also going to be in possession of his credit card information, which could have been shared with who knows what kind of nefarious individuals.

I headed straight over there with my laptop, downloaded HiJackThis to a flash drive, which I was then able to pull up on Dad’s machine and run. It immediately took care of the removal. There are some great instructions on using this tool here and here. These are both sites I trust. The first link has really easy instructions, follow them to the letter, and you’ll have no trouble. The second link includes manual removal instructions, which also work but are more time-consuming.

Dad doesn’t know where he got the trojan to begin with; it would have either been from a bugged web page, or possibly from a link in an email. And he got it by using Microsoft Internet Explorer, not Firefox. I had to reset the default browser (I suspect the Trojan had affected this somehow), and make IE a little harder for him to find and click on. To him, the two programs are the same and he doesn’t understand the difference. I also re-activated the AdBlock Plus Plug-in, another “hold” I think could be used to install a Trojan/popup on a system. We’ll see if all of this works. 24 hours later, I’ve received no additional panic calls from Dad.

The virus and trojan makers are getting slicker and slicker. Our protection tools can’t keep up with everything; Dad’s anti-virus was up to date and his Spyware and Malware programs were running once a week at night and fixing problems. But that wasn’t enough to keep him from being infected. And how many people, besides techies, would know how to remove these malicious pieces of software once they get installed, much less know where to look for the tools to do so?

This is another one to watch out for, I fear. It will only get worse.


Digsby Adds Annoying Plugins



I am installing the latest version of Digsby and am shocked that the application is asking me to install a number of highly intrusive plugins with the install.

Applications like the VoloMedia plugin that calls home to mama every time you watch or listen to something in iTunes. They also are pushing a plugin by SmartShopper that essentially spys on you while you are surfing the Internet to give you offers from their partner sites.

This is a really bad move by Digsby and if they need some money why not ask people to pay for the application. It is a good one but I am not about to subject myself to installing a number of questionable plugins.

To really stick it to you at the end of the install they offer you this page.

2008digsbyDo you really think anyone in there right mind would want to have some site I have never heard of by my.freeze.com become my default home page or change to the failing Yahoo as my default search is really nuts over there.

It is these kinds of actions that make me really look at an application to make sure it is not doing something else that is questionable. If they are desperate enough to make offer me all of these utilities that call home to mama and report on my activities than I am worried about the application doing the same.

 


Microsoft tries to Patent Ultimate Spyware Application!



Imagine a day where everything you do everything you access is spied upon either by Google or Microsoft. We know Google has a pretty good head start but not wanting to be left behind Microsoft has applied for a patent that is so over the top even I am having a hard time comprehending why they would do this.

According to ArsTechnica the patent would:

“The adware framework would leave almost no data untouched in its quest to sell you stuff. It would inspect ‘user document files, user e-mail files, user music files, downloaded podcasts, computer settings, computer status messages (e.g., a low memory status or low printer ink),’ and more. A word processor may display a banner ad along the top of a window, similar to a toolbar, while a graphical ad may be displayed in a frame associated with the application. A digital editor for photos or movies may support video-based advertisement.”

This is very disturbing news, and if Microsoft employs it as described by ArsTechnica then we are headed down a road I will not be part of. ArsTechnica, Information Week

Big Thanks to John a loyal listener for sending me the link!


Have a Real Life Spyware Story for you!



Let me run this scenario by you. You subscribe to an influential newsletter that cost nearly a $1000.00 a year for the subscription. The Newsletter gets delivered digitally. Sounds reasonable so far doesn’t it? Well let’s assume that you open your newsreader today to find out that the person who you get that newsletter from has also distributed Spyware to detect if you make a digital copy or share it with someone.

Would you be inclined to renew that newsletter regardless of value? That is the question I am sure a lot of people are asking themselves today as this scenario has played itself out. Apparently a Wall Street Analysis who has been distributing the spyware with his newsletters is not real happy that a firm shared the contents with colleagues and has sued the firm based upon evidence he collected from the spyware application.

I wonder if their will be a counter suit surrounding the spyware installation. The company being sued manages mutual funds. Can you imagine spyware being installed on traders and analyst computers? It’s hard to imagine what else could have been collected. I would not be surprised if the SEC got involved with this [Boston Herald]