The two latest malware strains exploit Facebook users via email and instant messaging programs. The first, Asprox.N, is a Trojan delivered via email informing users their Facebook account is being used to distribute spam and that, for security reasons, the login credentials have been changed. The email includes a fake Word document attachment, supposedly containing the new password, with an unusual icon and the filename Facebook_details.exe. Deceiving victims by opening a .doc file upon opening the attachment, this file is really a Trojan that downloads another file designed to open all available ports, connecting to mail service providers in an attempt to spam as many users as possible.
An image of the Asprox.N exploit is available here: http://www.flickr.com/photos/panda_security/5394881095/
The second new malware strain, Lolbot.Q, is distributed across instant messaging applications such as AIM or Yahoo!, with a message displaying a malicious link. Clicking the link downloads a worm designed to hijack Facebook accounts, blocking users’ access while informing that the account has been suspended. To “reactivate” their account, users are asked to complete a questionnaire, promising prizes such as laptops and iPads. After several questions, users are asked to subscribe and enter their cell phone number, which is in turn charged a fee of $11.60 per week. Victims can restore access to their Facebook account only once they subscribe to the service and receive a new password.
Images of Lolbot.Q exploit are available here: http://www.flickr.com/photos/panda_security/5394881133/
I recommend you be wary of any unexpected messages with unusually eye-catching subjects and avoid clicking on external links, running executable files or entering personal data into unknown applications or web forms. Nothing new there, just standard security best practice.
Just be careful out there.
If your child is not feeling well and you suspect he or she has a virus infection you’re going to visit your doctor. But what do you do when the doctor tells you that he cannot find anything, yet your child still does not feel very well? You get a second opinion.
Similarly, what do you do when you’ve run full scans using your normal anti-malware suite and you’re still showing signs of infection? You get a second (or third, or fourth) opinion from another product, right? I have long recommended MalwareBytes AntiMalware as one of the best second opinion apps and I’m not changing my position on that. However, I have just found another one that is truly impressive: SurfRight’s Hitman Pro. Hitman Pro is designed to work alongside existing security programs without any conflicts. It scans the computer quickly (less than 5 minutes) and doen’t slow down the computer (except for the few minutes it is scanning). No installation is necessary–it can be run straight from a USB flash drive, a CD/DVD, local or network attached hard drive.
I have done my own testing of this app, and believe me, it lives up to its claims (I wouldn’t be telling you about it if it didn’t). Also, this isn’t one of those things that will leave you hanging and infected if you don’t buy it–you get a free 30-day license, so if it finds anything, you can clean it and decide later whether you’ll continue to use it. I like it so much, that I took them up on their invitation to become an affiliate.
They also have an anti-spam app that I haven’t tested, but I suspect it’s probably a good one: SurfRight Antispam Trial version. Check them out, won’t you?
Facebook users now have the option to select HTTPS as their connection method after a strange post was discovered on the Facebook fan page under founder Mark Zuckerberg’s name. Though the company maintains that this was due to a bug in the system, they quickly began rolling out the SSL option. This will effectively stop hackers from grabbing user login details and sniffing Facebook sessions when connected through public WiFi
Previously, Facebook used HTTPS only to send passwords, similar to the way Yahoo! Mail STILL (hint, hint) is doing things. Users will have to manually enable the SSL setting in their account security settings (Account Settings->Account Security) and it doesn’t work with all third-party Facebook applications. It is available in the US, but has not yet been rolled out worldwide. [As of Saturday morning, even US coverage was sporadic, though I was able to change my settings.]
While I applaud this move, I wish they would have just implemented HTTPS by default or at least notify the user when they log on that option is available. They could also sense when the user is logged into an insecure wifi hotspot and switch automatically to HTTPS. While some might argue that always on HTTPS will slow pageloads for some, Google has found with its new default of HTTPS for all users, that the encryption isn’t nearly as server-intensive as many engineers and companies think it is. Of course, if you’re always wired to your home network when you log into Facebook, you don’t have to worry about having your session hijacked anyway.
This article in Wired says that for those who want further protection, try the EFF’s HTTPS Everywhere plug-in for Firefox, which forces many sites to use HTTPS. [For the totally paranoid out there], investigate using a VPN such as CryptoCloud.
Got this in my email this morning and reminded me about how I preach being proactive about security. You don’t wait for the disaster to happen, you take action before it does. The folks at sourceforge.net did just that:
We recently experienced a directed attack on SourceForge infrastructure
(http://sourceforge.net/blog/sourceforge-net-attack/) and so we are resetting all passwords in the sf.net database — just in case. We’re e-mailing all sf.net registered account holders to let you know about this
change to your account.
Our investigation uncovered evidence of password sniffing attempts. We have no evidence to suggest that your password has been compromised. But, what we definitely don’t want is to find out in 2 months that passwords were compromised and we didn’t take action.
So, as a proactive measure we’ve invalidated your SourceForge.net account password. To access the site again, you’ll need to go through the email recovery process and choose a shiny new password:
If you need help with this, feel free to e-mail us:
We appreciate your patience with us as we work to respond to this attack. We’ll be working through the weekend to get things back to normal as quickly as possible.
Watch for updates on the service outages on our blog:
The SourceForge Team
If you have an account at SourceForge and haven’t seen this message yet, check your email, or just head on over using the links above and change your password. I just did.
Enjoy your Saturday!
The cyber security landscape has evolved over the past year; the fundamentals haven’t really changed, but I’ve conducted some experiments, made some observations, and come up with a couple of new tips that I will be adding to a fully revised and update version of “14 Golden Rules of Computer Security,” my popular ebook first issued last year at this time.
Spam continues to be an ever growing concern, despite many spam-spewing botnets having been disrupted or outright disabled. I dedicate an entire section to becoming spam free in 2011. Despite what you may think, it CAN be done by almost everyone with very little effort.
Additionally, in each tip, I list specific tools, many of which are available in my popular Geek Toolkit, aka “The Ultimate Security Toolkit,” that are useful for solving the problems or dealing with the issues presented in the security topic discussed. In fact, it is my intention to thoroughly integrate the Geek Toolkit and provide more documentation than has previously been available.
As part of this initiative, I am also proud to announce my affiliation with SurfRight, makers of Hitman Pro security software. Hitman Pro is a second opinion scanner and malware removal tool, designed to rescue computers from viruses, spyware, trojans, rootkits, and other threats, that infect users despite the security measures they may already have taken (such as anti-virus software, firewalls, etc.). I will be offering an innovative Free of Charge second opinion scanner with the additional capability to remove any malware found. Readers of 14 Golden Rules 2011 will be given special rebates on consumer, corporate, and government licenses of SurfRight software.
So, stay tuned for a special link in an upcoming post where you can secure your updated copy of 14 Golden Rules and take decisive action to become more secure in 2011.
There’s no question that technology has vastly improved our lives, but at what cost? We live in a networked world where every piece of information about us exists in digitized form in some database somewhere: our identities, locations, actions, purchases, associations, movements, and histories are available to both legitimate authorities and the dark underworld of cybercriminals intent on identity fraud and theft. Check out DataPrivacyDay2011.org:
Data Privacy Day is an international celebration of the dignity of the individual expressed through personal information.
Join in the dialogue among all of the stakeholders – businesses, individuals, government agencies, non-profit groups, academics, teachers and students – to look more thoroughly at how advanced technologies affect our daily lives. We encourage this dialogue and are providing this website as a service to those who care about our common future and our roles as digital citizens and consumers. And let us know what you think – and how you might be able to contribute to the discussion.
At The Privacy Projects, we are excited to promote Data Privacy Day and want as many individuals and organizations involved as possible. So join in! There are many ways you can become part of the dialog. You can sponsor an event or an activity, use the educational materials, engage in the discussions, or put together your own event.
You can also follow Data Privacy Day 2011 news and updates on our Data Privacy Day 2011 Group page. Please invite your friends and colleagues to join as well.
Not a bad idea.
We knew it was coming. IPv4 address space is almost depleted and will probably run out completely by the end of this year. That’s only part of the picture, however; I’m jazzed about the implementation of mandatory IPSec. Watch this short video to get a good overview of what’s coming.
[kml_flashembed movie=”http://www.youtube.com/v/2wa7y3W2DI0″ width=”425″ height=”350″ wmode=”transparent” /]
About two months ago, the US Federal Trade Commission called for a do not track mechanism similar to the “Do Not Call” list for telephones. The idea is to allow web surfers to opt out of having their personal data collected online. Here is the FTC’s December report: “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers,”
Google has already implemented an extension in its Chrome browser and Mozilla announced a similar feature for its Firefox browser, based on Do Not Track HTTP headers.
Will it work? Maybe. One problem is that no matter what the browser companies develop in the way of technology, web sites are where the buck stops. In an InformationWeek article, Anup Ghosh, founder and chief scientist of Invincea, a browser security company, said he finds both approaches lacking. “It’s basically up to Web sites to do something or nothing with [users’ preference information],” he told InformationWeek. “It’s not enforceable.”
SANS News Bites editor, John Pescatore, had this to say in their latest issue: “The wording of this seems carefully limitedto the ‘Do Not Track’ extension, and will result in you seeing standard ads, not personalized ads. It doesn’t actually say there is any change in you being tracked, just that you won’t see personalized ads. To me the tracking is the problem, seeing personalized ads is just the symptom.”
More as this develops.
PandaLabs recently issued the results of an investigative report on the current state of the global cybercrime black market: http://press.pandasecurity.com/usa/press-room/panda-white-paper/.
The report provides a “state of the union” of the cybercrime black market in light of its ongoing rapid evolution. The black market has traditionally centered on selling stolen bank and credit card details but diversified its business model in 2010, now selling a much broader range of hacked confidential information including bank credentials, log-ins, passwords, fake credit cards and other valuable data.
Here’s a taste of some of the topics the report covers:
- Average prices for the array of personal data and goods now sold on the black market. For example, PandaLabs found that card cloning machines run typically anywhere from $200-1,000 and fake ATM machines from $3,500 depending on the model;
- What drives up the price of personal information. PandaLabs found that prices are higher for online accounts that have a history of online shopping or use payment platforms such as PayPal. For a simple account without a guaranteed balance, PandaLabs found prices starting at $10 and increasing to $1,500 depending on the platform and the guarantee of available funds;
- How cybercriminals employ modern marketing tactics to run their “businesses”: For example, operators will often offer free ‘trial’ access to stolen bank or credit card details, as well as money back guarantees and free exchanges.
Welcome to the world of cyberwarfare. It’s official: Stuxnet was a US-Israeli effort to disrupt Iran’s nuclear program, according to the New York Times.
[The Israelis] tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran’s nuclear centrifuges and helped delay, though not destroy, Tehran’s ability to make its first nuclear arms.
“To check out the worm, you have to know the machines,” said an American expert on nuclear intelligence. “The reason the worm has been effective is that the Israelis tried it out.”
Though American and Israeli officials refuse to talk publicly about what goes on at Dimona [Israel’s secret complex–Ed.], the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program.
More info from Infosecurity (USA):
The Stuxnet worm was an Israeli-US project developed at the highly secretive Israeli Dimona complex in the Negev desert to sabotage Iran’s nuclear program…
Stuxnet development began in 2008 when Siemens cooperated with the Idaho National Laboratory to identify vulnerabilities in the company’s controllers that operate nuclear centrifuges and other industrial processes. A briefing about the findings was conducted by the Department of Homeland Security for US officials. The implication from the story is that this briefing was used by the Israelis, with US help, to develop the Stuxnet worm at Dimona.
And this is only the beginning…