GFI Software, a security firm specializing in various software for small to medium-sized business, says to be on the lookout for Halloween-themed malware attacks.
The company's dedicated malware research center, GFI Labs, has been busy analyzing data from its ThreatNet monitoring system that retrieves real-time stats from tens of thousands of PCs running VIPRE antivirus software. What they found was an increase in the number of Trojans making the rounds in the days leading up to Halloween compared to last year.
"Eight of the top 10 threat detections currently spreading on the Internet are Trojans, up from six during October last year," GFI Labs says. "Furthermore, three of the top 10 threat detections from last year's Halloween season are still on the list, highlighting the lasting impact of this type of malware long after the holiday is over."
Specifically, GFI Labs says be extra cautious when it comes to Halloween tweets and "likes" posts on social media sites, SEO poisoning (in which links to malicious sites show up in search engine results for holiday queries), typo attacks to take advantage of increased holiday traffic to commonly misspelled URLs, and sites offering contests that require signing up to questionable subscription services billed to cell phones.
"Like any holiday, Halloween presents opportunities for malware distributors to gain an extra edge over an unsuspecting public," said Tom Kelchner, Communications and Research Analyst at GFI. "Users should be more careful than ever when interacting with web sites unless they are positive that it comes from a trusted source."
Are you a PC user? Good; you are likely annoyed. Because, let’s face it, there are some parts of the “master of your domain” experience that are downright annoying to do. Novice users have it easy—to them, a computer is merely a portable word processor, a fancy little device that allows them to watch cats frolic online, catch up on the most recent versions of The Office without paying for cable, and surf the web for hours on end.
You, however, are not a novice user. You are intermediate, to advanced, to hardcore, and you don’t like it when you have to expend precious hours fixing up your PC in a variety of different ways. You want a system that works perfectly and you want it yesterday. Well, to that, I offer five meager freeware apps (or free Web apps) that should help trim some of the annoying processes out of your normal system use.
Uggghh. I should have known better, but there I was, staring at a bright-red screen in my Google Chrome tab that was trying to impress upon me—as much as a software browser could sans digital kick to the butt—that the popular tech news site I was about to visit was riddled with some kind of malware.
“Impossible,” I thought to myself. “There’s no way that this, a common site I frequent on a near-daily basis, could have anything to do with nefarious crap trying to install itself on my PC.”
Yes, the phrasing of my thoughts really does come out like that. So does my stubbornness. For rather than heed Google’s warning that the site I was about to visit was about to unleash a world of hurt on my system, I calmly told my browser that I was comfortable proceeding on my own (damnit).
I clicked the link, read my news and… was thrilled to find a new “Security Center” malware now popping up out of my taskbar about once every five minutes. Sigh. Before I could even turn to one of the many “get the heck off my system” tools that I keep installed for such measures, my entire screen went blue.
So, what do you use to clean your PC... aside from a baseball bat?
In a recent blog post, Webroot warned of a Firefox Trojan that forces the browser to save all login credentials by default and subsequently uses the stolen information to create a new user account (username: Maestro) on the compromised machine. It then sniffs out sensitive user data (data forms and login details) from the Windows Protected Storage Area. The data stolen from here is faithfully shipped out to a server once every minute.
The Trojan's author Salar “Salixem” Zeynali is an Iran-based crimeware hobbyist and heavy metal enthusiast, according to his Facebook profile. With Zeylani choosing his real name above a nom de plume to take credit for the malware, Webroot clearly didn't have to work too hard to get to him.
“His Facebook profile indicates he lives in Karaj, Iran; He sports an emo haircut, and likes heavy metal music and programming. And, apparently, Zeynali writes crimeware for fun, because he doesn’t sell his keylogger. He offers a keylogger creator tool as a free download from the message board he hangs out on,” Webroot's Andrew Brandt wrote in the blog post.
“Unfortunately, there are a lot of people who frequent the same message board Zeynali uses to post his keylogger code, and some of those people have clearly been using the keylogger creator tool Zeynali built to create and distribute Trojans.”
According to Brandt, no AV solution can automatically fix the nsLoginManagerPrompter.js file the Trojan modifies, but it is rather easy to fix manually: download and install the latest version of Firefox on top of the existing installation.
Antivirus vendors went on the offensive when Microsoft announced it was dropping its Windows Live OneCare in favor of offering a free security suite, Microsoft Security Essentials. One year later and with 31 million installations now under its belt, Microsoft is free to serve up a slice of humble pie to the competition.
"It's been a busy year for Microsoft Security Essentials. As we observed right after the first week of release, Microsoft Security Essentials had already detected threats on over half a million computers," the Redmond outfit said in a TechNet blog post. "As Microsoft Security Essentials enters into its second year with over 31 million installations, 27 million of those computers have reported infections to the Microsoft Malware Protection Center (MMPC)."
In other words, MSE isn't just popular, it's also working (you can read our review of Microsoft Security Essentials right here). It's also a global hit.
"The country with the most installations is the United States, but the next 10 countries with the most installs show that Microsoft Security Essentials has a global install base," Microsoft points out. "It is available in 27 languages – so language shouldn’t be a barrier to good security. Money is no problem, either – Microsoft Security Essentials is available at no cost!"
Maximum PC readers tend to be ahead of the curve in common sense computing, so it probably won't come as much of a surprise that using the term "free" when searching for stuff online increases the chances of running across a malware infected site. What we did find shocking, however, is just how much a single search term increases that risk.
In a report titled, "Digital Music and Movies Report: The True Cost of Free Entertainment" (PDF), security firm McAfee claims that adding "free" to a search for music ringtones results in a 300 percent increase in the risk of landing on a site booby-trapped with malware.
"Add the world 'buy' to 'ringtones' and search results immediately become safer than searching for ringtones by themselves," McAfee said.
Interestingly, McAfee notes that "searching for the artist plus 'screensaver' yielded an additional 50 percent increase in risk over the risk associated with 'ringtones,'" but "adding the world 'free' before music-related screensavers actually reduces the riskiness of returned search results."
So what's the bottom line? Same as always -- surf safely, avoid suspicious downloads and links, and if you haven't already, grab an AV solution.
Malware writers are a cunning bunch, and if you don't keep up with the latest trickery, you could be in for a world of hurt. The latest ruse making the rounds is a nasty bit of code called Rogue:MSIL/Zeven that first detects what browser you're using and then spoofs said browser's warning page.
"This is meant to be a social engineering scheme in order to trick the user into downloading and installing the rogue, relying on the user's trust of his day-to-day browser," Microsoft warned in a recent blog post on its Malware Protection Center portal.
"The similarity between the fake warning pages is so accurate that it can trick even highly trained eyes."
It works with Internet Explorer, Chrome, and Firefox, the three most popular browsers on the planet, though there are some telltale signs.
"In the Firefox page, for example, you can see it's not the real warning page because they misspelled 'out' and wrote 'Get me our of here,'" Microsoft explains.
The biggest telltale sign is that in all three browsers, the fake warning prompts potential victims to download an "update" or a "solution," which is not something you should ever see when a website is blocked.
One of the world's largest botnets responsible for as much as 10 percent of all spam suffered a temporary setback this week when several ISPs took action by unplugging infected servers, according to security firm M86 Security.
Known as the Pushdo or Cutwail network, this top 5 botnet specialized in sending out spam for fake AV software, designer goods, and pharmaceutical products, said Ed Rowley, product manager for M86 Security. But for the next couple of weeks, you can expect less of these emails in your inbox.
Security experts with the security company LastLine took it upon themselves to start contacting ISPs found to be hosting the command-and-control infrastructure of the botnet. All told, there were about 30 servers at 8 different ISPs keeping the botnet alive, 20 of which have since been taken offline.
According to Rowley, LastLine's efforts "will almost certainly have a positive effect for two to three weeks," but "the spammers will be able to find other hosting providers where they will be able to get their systems up and running."
Maybe sooner. Leaving at least 10 servers online is a major concern, as Pushdo is capable of generating random domain names, which can then be registered and activated.
It seems TweetDeck is the latest target of unscrupulous internet fiends. Just weeks after seeing a fake TweetDeck app show up in the Android Market, hacked Twitter accounts are spewing out links purporting to be an update to the popular Twitter client. As TweetDeck notes on their website, "These tweets are from hacked accounts and this file does not come from us. Do not download it."
The scam tweets are usually packed with some sort of phrase making them seem more authentic. The tweets may read, " Download TweetDeck udate ASAP!" or, "Sorry for offtopic, but it is a critical TweetDeck update. It won't work tomorrow!" It is unclear what the download does, but users that fell for this are advised to run a full virus scan of their computer, and have it serviced if need be.
Have you seen these tweets floating through the social web? Do you know anyone that fell for it? We can't find any victims 'round here.
Most computer users have probably found themselves at the wrong end of a malware-infected USB flash drive at least once. In fact, as US Deputy Defense Secretary William J. Lynn III recently revealed, even the mighty US military has firsthand experience of the damage a rogue USB flash drive can cause. Their ubiquity has made portable storage devices the ideal carriers for computer worms. But how popular exactly are they among malware authors? Panda Security's research arm PandaLabs claims to possess the answer.
The security company estimates that a quarter of all new worms use portable storage devices to spread themselves. It arrived at such a high estimate after surveying more than 10,000 small and medium firms. "Much of the malware in circulation has been designed to distribute through these devices," said Luis Corrons, the technical director of PandaLabs, in a statement. "Not only does it copy itself to these gadgets, but it also runs automatically when a USB device is connected to a computer, infecting the system practically transparently to the user."