All of a sudden, malware is making flying the friendly skies seem not so friendly anymore. Last week we learned that a malware infected mainframe may have doomed an Spanish airliner, and now Symantec tells us that some airport terminals are muddled with malicious code.
These public terminals are used by passengers without their own laptops to hop online and surf the Web or check email, but don't assume you're surfing a safe connection.
"In a large airport in England, we noticed one terminal with an usual 'Defense Installer' dialog box," Symantec explains. "'Defense Center Installer' is a fake anti-virus software, also known as 'scareware.'"
This common bit of malicious code dupes users into buying seemingly legit AV software and tries to uninstall the real deal that you may have already installed. Symantec says it's troubling to find these pop-ups on airport terminals.
"While this particular 'scareware' will only infect the Internet terminal, it is an indicator that these terminals are inadequately protected and vulnerable to a full range of malware," Symantec warns. "As an example of potential threats consider that a keylogger on one of these terminals could capture a person's username and password for their airline account, bank account, webmail, social media account, or any other private account used on the terminal potentially compromising those accounts."
As with an public PC, think twice before logging into any private accounts.
Turkey gets to wear the prickly crown of being the most dangerous country to surf the web. According to AVG, the incidence rate of virus attacks in the Eurasian country is 1 in 10, which is way above the global average of 1 in 73. Russia comes in a close second with one web attack for for every 15 users.
Security researchers behind the study attribute the high probability of web attacks in these countries to a combination of factors, including the popularity of illegal download sites, poor online file sharing habits and heavy reliance on Internet cafes.
Seven out of the ten safest countries from an Internet security perspective are from Africa, with Sierra Leone (1 in 696) being the safest. Japan (1 in 400) is ranked fourth on the list. AVG's findings are based on “data from over 127 million computers in 144 countries.”
Spanair flight number JK 5022, which crashed seconds after taking off from Madrid's Barajas airport on August 20, 2008, may have been doomed by a malware-infected mainframe responsible for identifying technical snags, it has now emerged. A preliminary probe into the cause of the crash that killed 154 people had pinned the blame on pilot error.
But according to a recent report in Spanish daily El Pais, the malware-toting mainframe may have had a significant role in the crash. A couple of technical problems passed under the radar a day before the crash. However, had the computer been in rude health, it would have not only helped technicians identify the snags but also prompted them to ground the ill-fated plane. An investigation commission is expected to submit its final report in December.
Cameron Diaz has toppled Jessica Biel as the most dangerous celebrity to search for on the web, according to security technology leviathan McAfee, which has been publishing an annual list of the most dangerous celebrities in cyberspace since 2007. Diaz's rise to the top spot has been meteoric.
Last year, Cameron Diaz was not even among the top 15 celebrities on McAfee's list. An analogy would be an unseeded player winning a tennis grand slam. According to the study, one in every ten web searches for Cameron Diaz is likely to end up in a visit to a malicious site.
Julia Roberts (second), Jessica Biel (third), Brad Pitt (fifth) and Tom Cruise (eighth) are some of the others big names on the list. Having slipped to the very bottom of the rankings, Barack Obama (49) and Sarah Palin (50) are among the safest people to search for on the internet.
A security researcher has identified what he believes is one of the biggest clusters of drive-by attack sites. According to Wayne Huang, co-founder and CTO of Armorize Technologies, a compromised widget called "Small Business Success Index” turned anywhere between 500,000 to 5,000,000 million websites into malware carriers.
Huang's estimate might seem implausible until you are told that the hacked widget was found on all parked domains hosted with web hosting company Network Solutions. For those of you unfamiliar with web hosting argot, a parked domain is one that continues to be unused even after being registered. Network Solutions pulled the plug on the widget over the weekend, within three hours of being notified by Armorize.
In a recent blog post, Microsoft bragged that its Internet Explorer 8 browser has blocked 1 billion attempts to download malware thanks to its SmartScreen Filter, which tattles on potentially dangerous websites and downloads websites by turning the browser red.
If your place of business has a server running on a PowerEdge R410 motherboard, you might want to have a talk with Dell. According to the PC maker, a "small number" of these motherboards were shipped to customers with malicious code on them. The exact nature of the malware isn't clear, but disturbingly, it is embedded in the server management firmware.
Dell only commented on the situation after a customer wrote about being contacted by Dell support to schedule an appointment to remove the malware. There have been no reports of customer security breaches due to these motherboards. The code in question is only a danger to servers running a Windows OS.
Dell is doing the right thing now, and is contacting all customers that bought the boards. Though, we wish they'd have prevented this in the first place, or at the very least, fessed up faster. This is just one of the risks when your components are built in a factory half a world away.
The ZeuS banking trojan is back making headlines, this time for hitting up infected machines with fake enrollment screens for both Visa and MasterCard credit cards.
"When you log into your bank, it says you have to enroll in Verified by Visa, that it's regulated now and you have to do it," explains Mickey Boodaei, CEO at Trusteer, a security firm.
This new variant sits in waiting until the potential victim logs into a list of targeted sites. Once they do, the ZeuS trojan uses this and other shenanigans to trick users into forking over not just credit card credentials, but Social Security numbers, personal identification numbers, and other personal info.
I have a system with anti-virus and anti-spyware software installed. I also made a backup image with Acronis True Image some time ago. Now, somehow it got a bad malware infection that nothing can remove completely. The usual method is to reformat and reinstall Windows, but what if I use a clean image from Acronis to restore my system? Can that be done? Will it get rid of all the malware, or will some be left behind?
Here's a scary thought - while you sit there firing foam projectiles at co-workers, your USB rocket launcher could be harvesting your personal data and sending it to a snooper. What's worse, your security software would be none the wiser.
This would be an example of a hardware trojan, which up to this point were mostly considered to be modified circuits. A hacker might, for example, intercept a microchip while it's still in the factory and code subtle changes into it so that whatever device the chip goes into ends up crashing.
John Clark, Sylvain Leblanc, and Scott Knight, three computer engineers at the Royal Military College of Canada in Kingston, Ontario, set out to prove that a hardware trojan could be sent out by other means, specifically by exploiting a weakness in USB's plug-and-play functionality, New Scientist reports. Because the USB protocol blindly trusts any device being plugged in to honestly report its identity, a hacker would need only to switch it out with a compromised device that reports the same information.
To show that it was possible, the team assembled a keyboard with malicious circuitry that was successfully able to swipe data from the hard drive and transmit it in one of two ways - by sending out Morse code via LED flashes, and by encoding data as a subtle warbling output from the soundcard. The transmission isn't limited to these two examples, however, and could just have easily been sent via email, but the team was more interested in seeing if they could steal information on the sly.
"We've shown any USB device could contain a hardware trojan," says Leblanc. "Security software, if it checks USB devices at all, tends to look only for malware on USB memory sticks."
Leblanc went on to say that "you could mount a hardware trojan attack with a USB coffee-cup warmer," so the next time someone asks how you like your coffee, "malware free" might be an appropriate response.