There's a new piece of malware making the rounds, one that could get more dangerous with time. It's a Trojan called "OddJob," and eastern European cybercriminals are using it to steal from online bank accounts in the U.S., ComputerWorld reports. That in and of itself isn't anything new, but according to Amit Klein, chief technology officer at security firm Trusteer, the way it's hijacking account information is different than most other malware.
The now infamous Conficker worm created quite the scare for security researchers, and in some ways, it still does. In a new report (PDF), the Conficker Working Group -- a coalition of cybersecurity experts and industry heavyweights including Microsoft, ICANN, domain registry operators, AV vendors, and academic researchers -- reveals what they've learned from the worm, as well as some of the frustrations.
In short, the group has been successful in blocking the worm's author(s) from being able to use the worm for whatever dastardly deeds it might have been created for, but they've failed to kill Conficker entirely.
"The Conficker Working Group sees its biggest success as preventing the author of Conficker from gaining control of the botnet," CGW notes. "Nearly every person interviewed for this report said this aspect of the effort has been successful. The blocking of domains continues and the Working Group has indicated they will maintain their effort."
At the same time, CGW "sees its biggest failure as the inability to remediate infected computers and eliminate the threat of the botnet. While remediation efforts did take place, millions of the A/B variations of Conficker remain on infected computers."
Shockingly, the self-replicating worm remains on more than five million computers and "is among the largest botnet in the past five years," the report said. And while the author hasn't been caught, the group believes the person responsible lived in Eastern Europe.
Fake antivirus software masquerading around as the real deal is quickly becoming one of the oldest (and most used) tricks in the malware manual, and for good reason. It's easy to dupe less savvy computer users, especially as these bogus programs have become adept at looking the part. The latest one making the rounds is a false AV scanner called Antivirus 8.
"Over the last few days, we received numerous reports of computers infected with fake antivirus (scareware)," Roel Schouwenberg, senior antivirus research for Kaspersky, wrote in a blog post. "The name of this particular culprit is Antivirus 8."
According to Schouwenberg, fake pop-ups related to the bogus application were appearing on users' systems while not actively using their PC. Instead, they were running as soon as ICQ began fetching/displaying new ads. As Schouwenberg explains it, malware writers went through the trouble of setting up servers that appear to be related to actual retail products, so to outsiders (like Kaspersky) looking in, it appears the 'store' was simply the victim of an attack and the dirty ads keep rolling.
"By making it look like their server got compromised, the criminals can claim it isn't them who's responsible for distributing the malware," Schouwenberg explains. "But rather someone else who hacked their server to spread malware. The ad distributor is very likely to simply give them a warning, which gives these criminals at least one more shot at infecting more machines."
How it works isn't really important here, as none of this is going to matter to inexperienced users in the first place. Instead, now might be a good time to remind family and friends -- the ones who seem to ring your number every couple weeks with a new computer problem -- not to fall for fake AV scams.
Facebook alone claims over 500 million active members, though it's far from the only social networking site on the Web. Social networking is the hottest trend right now, and according to security firm Sophos, scammers and spammers haven taken notice.
Sophos recently surveyed 1,273 users and asked how many had encountered spam, phishing attacks, or malware attacks as a result of social networking. The result? Significant rises in all three categories.
Two-thirds of respondents said they received spam, up from 57 percent one year ago. Phishing attacks rose from 30 percent in December 2009 to 43 percent in December 2010, while malware infestations affected 40 percent of respondents, up from 35 percent one year prior.
"Rogue applications, clickjacking, survey scams – all unheard of just a couple of years ago, are now popping up on a daily basis on social networks such as Facebook," said Graham Cluley, senior technology consultant at Sophos. "Why aren't Faceboook and other social networks doing more to prevent spam and scams in the first place? People need to be very careful they don’t end up being conned for their personal details, or get tricked into clicking on links that could earn money for cybercriminals or infect innocent computers."
The vast majority -- 82 percent -- said that Facebook posed the biggest risk to security, but does it really? Not according to Sophos, which named the onMouseOver Twitter attack the biggest social networking worm of 2010.
According to security firm BitDefender, malware aimed at social networks like Facebook pose the biggest threat for mobile platforms and is as widely spread as malware that targets PCs.
"When data security researchers focus on finding malware specifically designed for mobile platforms, they lose sight of an important mobile platform threat source -- the social network," said George Petre, BitDefender Threat Intelligence Team Leader. "Statistics indicate that malware targeting social networks may be the biggest current threat for mobile devices, and BitDefender can help users stay safe against these types of threats."
Sure it's a self-serving study, but there's still a lesson here. Citing goo.gl statistics, BitDefender points out that one of the URLs used for a recent massive Facebook scam duped a large number of users. One of the URLs making the rounds promised to show users a girl's Facebook status that supposedly got her expelled from school. The simple scam generated 28,672 clicks, and nearly a quarter of those came from mobile platforms.
"Users who clicked on the link -- whether on PC or mobile device -- downloaded a Facebook worm and fell victim to an adword-based money grabbing scheme," BitDefender says.
Awake to the fact that malware authors are adept at gaining high search rankings for their malware-fraught sites, Google has been providing malware notifications in its search results for three years now. But what about legitimate sites compromised by a third party for various nefarious ends? Now there is a notification for that as well.
“Clicking the 'This site may be compromised' link brings you to an article in our Help Center which explains more about the notice. Meanwhile, clicking the result itself brings you to the target website, as expected,” Gideon Wald, an associate product manager at Google, wrote in a blog post.
“Of course, we also understand that webmasters may be concerned that these notices are impacting their traffic from search. Rest assured, once the problem has been fixed, the warning label will be automatically removed from our search results, usually in a matter of days. You can also request a review of your site to accelerate removal of the notice.”
Security firm Sophos is warning Facebook users about yet another app that supposedly lets you see who's been viewing your profile. Like many before it, this one is a scam.
"As we've described a couple of times before, plenty of Facebook users would *love* to know who has been checking them out online, but unfortunately scammers are aware of this, and use the lure of such functionality as a way to trick you into making bad decisions," Sophos said.
If you see someone posting a testimonial about one of these apps along with a link, run in the other direction. Not only do they fail to work, but by clicking the "Allow" button you're giving the app permission to pull your personal data and post to your wall, which is how they spread in the first place.
"Ever wondered how many people fall for a scam like this? Well, the figures can be shocking," Sophos says. "This current campaign is using a variety of different links -- but via bit.ly we can see that at least one of them has already tricked nearly 60,000 people into clicking."
GFI Software, a security firm specializing in various software for small to medium-sized business, says to be on the lookout for Halloween-themed malware attacks.
The company's dedicated malware research center, GFI Labs, has been busy analyzing data from its ThreatNet monitoring system that retrieves real-time stats from tens of thousands of PCs running VIPRE antivirus software. What they found was an increase in the number of Trojans making the rounds in the days leading up to Halloween compared to last year.
"Eight of the top 10 threat detections currently spreading on the Internet are Trojans, up from six during October last year," GFI Labs says. "Furthermore, three of the top 10 threat detections from last year's Halloween season are still on the list, highlighting the lasting impact of this type of malware long after the holiday is over."
Specifically, GFI Labs says be extra cautious when it comes to Halloween tweets and "likes" posts on social media sites, SEO poisoning (in which links to malicious sites show up in search engine results for holiday queries), typo attacks to take advantage of increased holiday traffic to commonly misspelled URLs, and sites offering contests that require signing up to questionable subscription services billed to cell phones.
"Like any holiday, Halloween presents opportunities for malware distributors to gain an extra edge over an unsuspecting public," said Tom Kelchner, Communications and Research Analyst at GFI. "Users should be more careful than ever when interacting with web sites unless they are positive that it comes from a trusted source."
Are you a PC user? Good; you are likely annoyed. Because, let’s face it, there are some parts of the “master of your domain” experience that are downright annoying to do. Novice users have it easy—to them, a computer is merely a portable word processor, a fancy little device that allows them to watch cats frolic online, catch up on the most recent versions of The Office without paying for cable, and surf the web for hours on end.
You, however, are not a novice user. You are intermediate, to advanced, to hardcore, and you don’t like it when you have to expend precious hours fixing up your PC in a variety of different ways. You want a system that works perfectly and you want it yesterday. Well, to that, I offer five meager freeware apps (or free Web apps) that should help trim some of the annoying processes out of your normal system use.
Uggghh. I should have known better, but there I was, staring at a bright-red screen in my Google Chrome tab that was trying to impress upon me—as much as a software browser could sans digital kick to the butt—that the popular tech news site I was about to visit was riddled with some kind of malware.
“Impossible,” I thought to myself. “There’s no way that this, a common site I frequent on a near-daily basis, could have anything to do with nefarious crap trying to install itself on my PC.”
Yes, the phrasing of my thoughts really does come out like that. So does my stubbornness. For rather than heed Google’s warning that the site I was about to visit was about to unleash a world of hurt on my system, I calmly told my browser that I was comfortable proceeding on my own (damnit).
I clicked the link, read my news and… was thrilled to find a new “Security Center” malware now popping up out of my taskbar about once every five minutes. Sigh. Before I could even turn to one of the many “get the heck off my system” tools that I keep installed for such measures, my entire screen went blue.
So, what do you use to clean your PC... aside from a baseball bat?