Monthly Archives: December 2008

Mobile Spy on iPhone

Posted by on 19 December, 2008 No comments

surveillance camera This one of those legal spyware programs I mentioned recently. Mobile Spy is used to secretly record SMS and calling data on a phone. It already existed for Symbian and Windows Mobile phones – now it’s available for iPhones.

They claim it runs in a stealth mode to make it difficult to detect. It silently records all SMS text messages and information about all calls. It then uploads this information to a private account on the web.

Apparently future versions of this program will also capture GPS information and details of any emails sent or received.

Why is this legal?

I can’t really comment on the legal side, and it would be different in each country. The company that makes it, Retina-X Studios, is selling this product to worried parents or employers to monitor their children/staff.

How is it installed?

Someone has to have physical access to the iPhone to install it. They need to purchase the program (US$99), and it seems the phone needs to be "jailbroken" – a hack that voids the phone’s warranty.

How can you prevent it?

Firstly, don’t lend your iPhone to people or leave it lying around.

I’m not aware of any anti-virus programs for the iPhone that detects this yet but I have my bets on F-Secure, they’re fully aware of what’s happening here. I’ll post an update when something new comes up.

Critical Update for Internet Explorer

Posted by on 18 December, 2008 No comments

Microsoft’s Internet Explorer is used by over 500 million people (all Windows PCs have this). A vulnerability was recently discovered and today Microsoft has released a patch to fix it.

It’s important for everyone to apply this patch (Windows users only). Run Windows Update to receive the new patch, or if your PC is configured to update automatically just follow the prompts that will appear today.

mines The vulnerability is activated when you visit a web site that’s been hacked. So far 10,000 hacked web sites have been discovered that will use this vulnerability to install malware on the PC viewing it.

The odds of infecting your PC from browsing innocent web pages are fairly high so apply the patch now. If you need help Microsoft’s security page has some useful links, http://www.microsoft.com/australia/security/default.mspx

RSS Move

Posted by on 18 December, 2008 No comments

I’m moving the RSS feed from Feedburner to Google. Google took over Feedburner so in the long run I need to use their servers. Hopefully it works, apologies if it doesn’t.

Fake hi5 Requests

Posted by on 17 December, 2008 1 comment

hi5 is a social network, much like Facebook or Myspace. A fake email has been going around pretending to be from someone called "Sarah xxx" (the name could change), and asking the reader to add them as a friend. The message says:

hi5 Friend Request from Sarah xxx

Hi,

I’d like to add you to my hi5 friends network. You have to confirm that we are friends, and we’ll each get to meet more people. Please approve or reject my request by accessing the hi5 web site:

Accept Friend

Thanks,

Adelina

hands friends This seems real enough but there’s one serious flaw. They include a link you can click on (where it says "Accept Friend"). Clicking on this link doesn’t take you to hi5′s web site, instead it takes you to a phishing site.

Assuming you had a hi5 account, when you enter your login details into the fake hi5 login page the system records your username and password and shares it with the criminals running this site.

Like all phishing sites, it’s just a fake page designed to steal your password.

What can you do?

  • If you use hi5 or any other social network, when you receive a notification email you can go their web page yourself, without clicking on the links in the email. In other words, open a web browser and type in the name of the web site (or use a bookmark).
  • When you see a link in an email, place the mouse pointer over it for a couple of seconds. Most email clients will display the real address it points to. Of course it helps to have a bit of experience recognising real addresses from fake ones – read this FraudO article to learn more.
  • Use a good anti-virus package. The big commercial packages scan your emails for fake emails like this one and filter them out. They also scan the address of every web page you go to and if it’s known to be a scam they’re filtered out too.
  • And if you don’t know anyone called "Sarah xxx" who signs her name as "Adelina" then you can just ignore the email entirely.

Congratulations You Won

Posted by on 17 December, 2008 3 comments

This article is about the fake lottery ads you see on web pages.

I was trying out some new ads on this site, expecting them to put ads for real items that you can legitimately purchase. Instead, this ad appeared:

Lottery ad It’s a very annoying ad that changes colours a lot. The text says:

Contragulations! You are the 999,999th visitor: Congratulations you WON! Click here to claim

It’s a scam so I quickly removed the ad and contacted the advertising company – I only want nice legitimate ads on this site that don’t annoy and don’t deceive readers.

You are not the 999,999th visitor, it always shows this no matter how many times people visit the page.

And you didn’t win, and clicking on the link doesn’t help you claim your fake winnings.

The link took me to a page run by Freelotto. It asks you for some personal details, and again has a button claiming it will "release your winnings". However the terms and conditions suggest that there’s some chance involved before you’ll get anything. It also states that they’ll send you ads, lots of ads.

A quick search on Google shows that Freelotto is a scam.

So I’ll continue to filter out scam ads and to inform you about them.

Opening Documents

Posted by on 17 December, 2008 No comments

Can you get a virus by opening a .DOC file? How about .RTF or .WRI? Yes, even if you don’t have Word installed.

On Windows these files are traditionally opened by Microsoft Word, and if you don’t have Word installed Windows uses WordPad to open these files.

A new exploit has been found that attacks WordPad. This affects most Windows users, in particular those who don’t have Word or Office installed.

How it works:

  • You see a link to open a document, or you receive an email with a document attached.
  • You open the file (the file name ends with .doc, .rtf, or .wri)
  • It opens a connection across the internet for a hacker to log onto your computer
  • The malicious hacker can do anything from your computer, such as installing more malware, using your computer to commit other crimes, or just watching what you do on your PC.

What you can do to avoid this:

  • Perform regular Windows updates. Microsoft will be publishing a patch to fix this problem soon.
  • Use a good anti virus package. This attempts to prevent you from downloading infected files.

Microsoft has published a document on this vulnerability here.

Multi Function Anti Malware Toolkit

Posted by on 17 December, 2008 No comments

Anti-Malware Toolkit is a package produced by Lunarsoft. It helps you download 37 different tools you can use to protect your PC from all kinds of malware. A few of the tools it can install are quite useful, such as:

Spyware Blaster, CCleaner, RogueRemover, SUPERAntiSpyware, Malwarebytes, Spybot, Hijack This

multi_function_knife I’d recommend this to more experienced PC users. General users are better off investing in commercial products, such as Trend Internet Security (there are a few good packages out there, Trend is just one). I say this because commercial products do most of the thinking for you and for a lot of people security is better this way.

The Anti-Malware toolkit can be downloaded from Lunarsoft’s site: http://www.lunarsoft.net/downloads

Note that it’s for Windows computers only.

Malicious Firefox Add-On

Posted by on 11 December, 2008 No comments

One of the best things you can do to avoid falling victim to malware is to use an alternative browser.

poppies Microsoft’s Internet Explorer (IE) is very popular. Not long ago almost everyone used IE, it comes setup with almost every new PC sold (Windows PCs). And malware writers targeted IE because they could attack a majority of users just by concentrating on exploiting one browser. You could call it tall poppy syndrome.

Today Firefox is extremely popular. It’s gone from a small minority of people using it to an amazing 44% (depending on which statistics you read – I used this one). This makes for a fairly large demographic, and malware writers are taking notice.

There’s a new trojan that hides in a Firefox add-on. Once installed it waits for you to go to an online banking site. When it detects that you’re using online banking it starts recording your actions (account details, your password). Then it sends this off to cyber criminals who auction off your details and eventually someone can log into your online banking and transfer money. This isn’t good.

There are a few things you can do to avoid this:

  • If you want to install an add-on for Firefox, make sure you get it from a well known site. This is the official Mozilla site for Firefox add-ons: https://addons.mozilla.org/en-US/firefox/
  • Use a good anti-virus package (it’s a small investment you make to protect your PC). Make sure it’s kept up to date.
  • Once a web browser becomes too popular it’s time to start looking at less mainstream alternatives. At the moment you should consider Opera, Safari and Chrome (these are available for all the popular platforms)

In summary, Firefox is a very secure browser. It’s also fast and powerful, explaining why it’s become so popular. You just shouldn’t take its security for granted. Most malware infections happen when users are tricked into clicking something they shouldn’t have.

Malicious Messages on Facebook

Posted by on 4 December, 2008 No comments

Some people have received a message on Facebook with the following title:

You look just awesome in this new movie

The message also has a link you can click on. When you click on the link it takes you to a page that looks like a video site, with a title similar to "Secret video by Tom". The page shows an error message asking you to download something to view the video.

If you proceed and click on the download link it downloads (a malicious) file to your computer.

If you continue and install the file it downloads it gives you another error message saying that it didn’t work. What it actually does is install malware on your computer.

By this stage most people wouldn’t suspect that they just downloaded and installed malware, with all the error messages they’ll probably give up and forget about the whole thing.

The malware sits quietly on your PC and when you’re searching for using normal web sites such as Google or Yahoo it then takes you to other malicious sites that install further viruses on your PC. This way you’ll always be installing more and more viruses without realising where they all originate from.

What can you do?

If you get spam in Facebook don’t click on the links. Delete the message.

Don’t fall for tricks such as secret videos of you. They’re designed to pique your interest and encourage you to click on the link provided.

Use a good antivirus package that filters out malicious web pages.