Search Results for: Linux

Malware Statistics

Avast! is a company that makes a decent anti-virus program. They recently published some statistics that are interesting:

  • Their anti-virus programs blocks 1 billion malware a month. That’s 1,000,000,000 attempts to install viruses, trojans, password stealers, etc on to people’s PCs. A month. And that’s just by one small company.
  • 1 in 15 people encounter a malware every day.
  • They find about 3,000 new malware each day (that’s new and unique viruses, trojans, etc). They have 2.1 million in their database.

These statistics are not just marketing numbers, they give you an idea of how serious a problem malware is. If you don’t have a good anti-virus system installed on your computer they you need to take action now (today) and install something to protect you. Good anti-virus systems generally cost money – it’s a good investment, the cost of not buying one is usually greater.

And get something from a known vendor. Last week I talked about a comparison of anti-virus programs, you can use this as a guide.

And Macs and Linux computers aren’t safe either.

Windows 7 RC on BitTorrent

Windows 7 Release Candidate (RC) was released recently by Microsoft. It’s free for anyone to download and test it before the final version’s finished. A few days before the official release someone posted a copy on a BitTorrent network. Unfortunately this copy was infected with a trojan that downloads more malware. This is very bad. When you install an operating system such as Windows you have to trust the installation. If you can’t trust the operating system then you shouldn’t be using it. dark stranger What’s wrong with Torrents?

  • Don’t download Windows from file sharing systems such as BitTorrent. Get it from Microsoft or one of their vendors.
  • If you download free operating systems such as Linux from torrents know how to do a checksum test.
  • Don’t use pirated software. Apart from being immoral and illegal, pirated software is often plagued with malware.

What if you already downloaded Windows 7 RC from BitTorrent? The safest thing to do is to download it again from Microsoft’s site, reformat your PC, and reinstall the official version. It can be safely downloaded from: http://www.microsoft.com/Windows/Windows-7/download.aspx As a side note I’d like to point out that Windows 7 RC is a test version, it’s not the finished product. And while it’s free for now it has a couple of restrictions:

  • on 1 March 2010 it will start rebooting every 2 hours
  • on 1 June 2010 it will completely stop working.

Update: There are now 25,000 PCs infected with the malware as a result of downloading the wrong copy of Windows 7 RC. These 25,000 PCs are being controlled by hackers as part of a botnet.

Can Malware Damage Your PC?

We all know that malware can steal your passwords, cause you to lose money, and spread itself to other PCs. But can malware actually cause damage to your PC?

The short answer is yes.

A botnet is a collection of infected PCs under a hacker’s control. There are millions of PCs today forming these botnets (millions of infected home computers being controlled by hackers). Some new research on botnets shows that they sometimes include code to completely disable the PC.

In April 2009 a malicious hacker decided to “kill” the PCs he was controlling using a botnet. It disabled Windows on 100,000 computers, making all those PCs useless until a technician can repair it. (This is a slight simplification but for the general public it’s accurate enough). These 100,000 computers belonged to real people using their computers at home or at the office. One day it just stopped working because a malicious hacker thought it’d be fun. You can read more detailed information about this here.

And then there are other malware (viruses etc) that can damage the PC in more serious ways. In March 2009 researches created a sample malware that writes itself to the computer’s BIOS (the BIOS is inside a chip inside the PC) . Reformatting the PC won’t remove it, buying a new hard drive won’t remove it either, and they claim that even a “BIOS flash” won’t remove it. You’d have to buy a new PC (or if you’re technical, a new motherboard) to fix it. More info here.

In the past there have been viruses that could damage drives and monitors but there’s been very little of this lately.

So overall malware can cause your PC to visit a repair shop for servicing, which is not only an inconvenience but also costly. It’s always better to prevent malware than to repair the damage (and often you may not know a PC is infected). And the usual tips apply here:

  • Use a good anti-virus package, the kind that updates itself several times a day and scans web pages as well as files. They’re not expensive.
  • Always patch and update your programs, including your operating system (Windows, Linux, Mac OS X).
  • Never assume it can’t happen to you or that your computer is somehow better than others.
  • Use one of the newer browsers such as FireFox, Chrome, or Opera. Read about browser hacking here.
  • Don’t download programs from hacker sites such as password generators (they’re usually infected with malware).
  • Don’t be tricked into installing something to watch a funny video. If your computer can’t play the video as it is then it’s probably not worth watching. Read more about it here.
  • Don’t be tricked by fake anti-virus programs. Examples here.
  • And backup your files. Do this often.

MacCinema

Another Mac trojan. There’s a program for Macs called MacCinema Installer. The filename is: Flash.Player.Update.v9.19.dmg. Some web sites claim that you need to install it to watch their videos.

When you install it, it adds something to your Mac so that every 5 hours it will try to download malware. So if your Mac becomes infected with malware and you clean it, in 5 hours it’ll download another one. This is pretty common these days.

So if you come across MacCinema don’t install it. And if a web site tells you that you need to install something to watch their videos, don’t trust it (this applies to Mac OS X, Linux, and Windows).

Browser Hacking Competition Results

There is a competition where people try to hack web browsers (they call it Pwn2own) , the winners get thousands of dollars in cash and prizes. Below are the results of the competition. It says a lot about which web browsers are safer than others:

  • Safari running on Mac OS X – hacked in 10 seconds
  • FireFox running on Windows – hacked
  • IE 8 running on Windows – hacked
  • Chrome running on Windows – was not hacked

When a web browser is hacked (like in this competition), it means someone out there in the real world can do things on your computer, such as installing a virus or taking control of your PC.

You can see photos of the winners here. These are talented people that are using their skills to help developers fix their browsers. There are many more people who use their hacking skills to install malware and steal money from people’s bank accounts (this isn’t just about winning competitions).

The best thing you can do right now is:

  • Stop using Internet Explorer (IE) for everything.
  • Use Google’s Chrome as much as possible, at the moment it seems to be the most secure browser
  • Keep updating your web browser – the latest updates are there to fix up bugs and security vulnerabilities
  • Keep updating Windows (or Mac OS X or Linux) whenever a new update is released.
  • Install a good anti-virus package that blocks web sites that have malware on them. This might cost you a bit of money (you usually have to pay a yearly subscription fee) and it’s a good investment.
  • Don’t be ignorant and assume it won’t happen to you.
  • Keep reading Fraudo to learn about online fraud and what you can do to prevent it.

ClickJacking Exploit

A rather serious exploit has recently been discovered.

It’s called ClickJacking. The problem is in Adobe’s Flash player, which just about everyone in the world has installed (sometimes without even knowing it). 

The vulnerability makes it possible for someone to control your computer’s webcam or microphone, lettting other people spy on you. It’s a serious problem.

Who’s at risk?

Anyone who has Flash version 9.0.124.0 or earlier is at risk. This includes Windows, Mac, and Linux users, and FireFox, IE, Safari, Chrome, and Opera users (does this list include you?)

What can you do to protect yourself?

Adobe is publishing a fix very soon and the best thing to do is to upgrade to the latest version of  Flash. Flash should prompt you to download an update – say yes to this. Otherwise download the latest version from Adobe’s web site.

If for some reason you can’t update Flash on your PC there’s another way to protect yourself (this is a last resort tactic, updating Flash is much safer). The workaround is to set the Always Deny option, as detailed here on Adobe’s site.

Further info:

Someone has gone to the trouble of setting up a sample of how the exploit works and recorded a video to demonstrate. Play the YouTube video in this article.

Clipboard Attacks

There’s a new bit of malware that attacks your computer’s clipboard. Here’s how it works:

  • You open a web page that has a hacked bit of Flash (sometimes it’s a hacked ad shown on an innocent page)
  • The Flash code puts a link in your computer’s clipboard
  • Every time you do a “paste” (e.g. Control-V) you’ll see the hacked link appear

It’s difficult to stop it once it’s started, usually until you restart your browser, or in some cases until you restart your PC. Copying something else into the clipboard doesn’t work, the malware will continually overwrite your clipboard.

Who does this affect?

Windows, Mac OSX, and Linux users, using Internet Explorer, Firefox, and Safari. That includes pretty much everyone.

At the moment it’s only been shown in a proof of concept demo (i.e. it’s not a major threat today). But as usual it’s only a matter of days until it’s put to bad use and this is used to trick people into going to dangerous web sites.

What can you do about it?

  • Purchase and install a good antivirus package that scans web sites.
  • Disable Flash on your PC – this is usually impractical, it would be an extreme measure.
  • Be aware of this hack, if you experience it then restart your web browser

TrueCrypt 6.0

TrueCrypt is an encryption program we wrote about earlier. It lets you do things like "whole disk encryption" (good for people who carry around laptops full of confidential files), and other encryption functions.

Version 6.0 came out a few days ago. It’s open source, meaning everyone is free to review the source code. It’s available for Windows (Vista, XP, 2000), Mac OS X, and Linux.

http://www.truecrypt.org/

FireFox and Safari Updates

The FireFox and Safari browsers have been updated. If you use either of these then you should upgrade today. The new version numbers are:

  • FireFox: 2.0.0.14
  • Safari: 3.1.1

This applies to Windows, Mac and Linux users. The updates fix vulnerabilities and hence are important security updates.