Category Archives: Malware

Google vs Bing

Posted by on 15 April, 2013 No comments

A company called AV Test has been testing Google and Bing, and has found that Google is better with filtering out dangerous websites.

They tested 10.9 million searches on both search engines and found that:

  • Google included 272 websites that were infected with malware
  • Bing included 1285 websites that were infected with malware

This is bad. If you’re searching for something, both Google and Bing test every website and hide any website that have been infected. This protects you from clicking on a website with malware. They found that Google is better at filtering infected sites. So if you want the best security possible, do your searches in Google. Full details here.

Other tips I can add are:

  • Use Google’s Chrome browser. It’s fairly good at blocking malware and resisting hacks
  • Keep your computer updates (e.g. run Windows Update frequently)
  • use a good antivirus program
  • be cautious what you click on
  • don’t believe everything you read in Facebook, emails, Twitter, etc

 

New PCs

Posted by on 17 September, 2012 No comments

It used to be that a new PC was safe and couldn’t have malware. This is no longer true. New PCs, straight from the shop or distributor and just unpacked, can contain malware.

In the past few days an investigation of PC manufacturers in China has found that some PCs came with some nasty malware already installed. Investigators bought 20 computers from different manufacturers and suppliers and found 4 were infected.

The manufacturer isn’t to blame here – the malware was installed by other parties along the supply chain. A supply chain includes delivery companies, companies that rebrand generic devices, distributors and shops. There are many opportunities to infect a computer these days – even before you turn it on.

In this investigation the malware was part of the Nitol botnet, which keeps installing more malware once the computer is connected to the internet. This makes it especially hard to clean. And it does things including turning on the computer’s camera and recording keystrokes (and recording passwords you type in).

So what should you do?

Install a good antivirus package from day one. This generally costs a bit of money but it isn’t much compared to the cost of the PC. Most computers come with a trial version of antivirus software – you can use this or go buy something else.

You should also run Windows Update as soon as you connect the computer to the internet.

There’s more information on the investigation here.

75 Million Unique Malware

Posted by on 22 February, 2012 No comments

At the end of 2011 (just recently) the total number of unique malware (viruses, spyware, etc) reached 75 million. That’s 75 million different threats people created to cause havoc, steal passwords and steal money from you. The internet can be a dangerous place.

The figure comes from a report by McAfee. They also report that malware for Macs are becoming less common, and malware for Android are becoming more common.  You can read more details here, it’s pretty grim.

Some tips to avoid being a victim:

  • Use a good antivirus product on your computer. Paid ones are usually better. Keep it updated
  • Use Google Chrome
  • Don’t click on every link you see in Facebook, Twitter, etc.
  • Sometimes people’s accounts get hacked, so something they wrote online might not really be from them
  • Don’t believe every sensational headline you see
  • Don’t believe every alarming email you receive, especially emails that sound urgent and have poor spelling and grammar
  • Use common sense (why would a stranger in an African country want to give you millions of dollars, or did you really enter the Spanish lottery?)
  • Use Google to check if something you read is true

 

Scary emails with malware

Posted by on 22 September, 2011 No comments

Malware infected emails are getting scarier with subjects about wanting to sue you. Take the email below, it suggests that your email is sending spam and that you’re going to be sued. This kind of tactic is called social engineering, the words have been carefully crafted to add a sense of urgency, which in most people causes irrational decisions to be made such as opening the attachment in the email.

The email says,

Hello. Your email is sending spam messages! If you don’t stop sending spam, we will be impelled to sue you! We’ve attached a scanned copy of the document assembled by our security service to this letter. Please carefully read through the document and stop sending spam messages. This is the final warning!

The subject is one of

  • You are sending ad messages
  • We are going to sue you
  • This is the final warning
  • We’ve sent you a copy of a complaint
  • A message from our security service

If you see an email like this don’t click on the attachment. Delete the email. The attachment is a trojan that then installs viruses every time you reboot the PC.

 

Hotel “Wrong Transaction” Spam

Posted by on 28 July, 2011 4 comments

Lately there have been some spam emails claiming to have details about an incorrect hotel transaction. The email is a ploy to install malware on your computer. Here’s how it works,

  • You receive an email telling you that a hotel has incorrectly charged your credit card
  • The email also says that you should fill out an attached form for a refund (i.e. open an attachment and get some money)
  • The attachment installs a fake antivirus program
  • The fake antivirus program asks you to pay money to clean your PC (even though there’s really nothing wrong with it)
This spam email has many variants but they all seem to be based on a hotel transaction. Below are some example subject lines
Hotel Renaissance Chicago made wrong transaction
Hotel Westin St. Francis made wrong transaction
Wrong transaction from your credit card in Woodrun V Townhomes
If you see an email like these just delete it, or mark it as spam. Don’t open the attachment.

Facebook Videos

Posted by on 3 June, 2011 1 comment

In the last few days there have been some malicious videos posted on Facebook. If you use Facebook and see any of the following videos, don’t click on them.,

  • a video of disgraced former International Monetary Fund Managing Director Dominique Strauss-Kahn and a hotel maid
  • an X-rated video of celebrities Rihanna and Hayden Panettiere

These videos are not actual videos, but are links to a website that installs malware. Note that it affects both Windows and Mac computers. On Windows, the malware tells people to install a new version of Adobe Flash Player, but instead installs a fake antivirus program. On a Mac the malware brings up a fake security warning and asks people to install a fake “fix” to the problem. In both cases the malware then wreaks havoc with the computer, shows pornographic images, and asks the user to pay money to stop it happening. After (real) money is paid the malware remains. So overall it’s quite a nasty bit of work.

If you come across anything like this in Facebook please let the person who posted it know it’s malicious. The sooner they remove the post the less damage it will do.

 

Android Phone Virus Listens In On Calls

Posted by on 25 February, 2011 No comments

This had to happen sooner or later. A virus has been discovered that can affect Android phones. It uses the conference call feature of the phone to send your conversations to a remote server (spying on your conversations).

The virus is reported to now be on over 150,000 phones. This is quite serious. There are also two strains of the virus now, indicating that people are working on making things worse for everyone.

This virus is called HongTouTou. It was discovered in an app called Dynamic Footprint Wallpaper, hosted on an app store in China. More information here.

How can a phone get a virus?

Android phones are smartphones, meaning the phone is actually a computer. And like any other computer you can download and install programs onto it, commonly called Apps.

Now the philosophy behind Android phones is that it’s less regulated than other phones, such as Apple’s iPhone, and you’re free to install any app you want. Even ones that contain viruses.

With Android phones you have a choice where to download your apps from. And unfortunately this included untrusted sources where people can add viruses to apps. It’s all very similar to Windows PCs and the popular viruses from a few years ago.

What about iPhones and other phones?

This particular virus only affects Android, not any other phones.

How to avoid HongTouTou?

For now the best thing to do is to only use app stores you trust. Don’t rush into downloading an app just because it’s popular or cool, read up on it first.

 

Fake Adobe Acrobat Links

Posted by on 15 November, 2010 No comments

The email shown below is not from Adobe, it’s a fake. It has words that would get most people’s attention but the links in the email do not point to any real Adobe products. If you receive this email, delete it. Don’t click on the links.

The fake email looks like this:

Dear Customers,
Adobe is pleased to announce new version upgrades for Adobe Acrobat 2010.
http:// www.adobe-new-software.com
Advanced features include:
- Collaborate across borders
- Create rich, polished PDF files from any application that prints
- Ensure visual fidelity
- Encrypt and share PDF files more securely
- Use the standard for document archival and exchange
To upgrade and enhance your work productivity today, go to:
http://www.adobe-new-software.com
If you have any question please contact us at: support@adobe-new-software.com
Best regards,
Michael Lobenberg
Adobe Acrobat
Copy rights © Adobe Acrobat 2010 – All Rights Reserved
Website: http:// www.adobe-new-software.com

Dear Customers, Adobe is pleased to announce new version upgrades for Adobe Acrobat 2010.
http:// www.adobe-new-software.com Advanced features include:
- Collaborate across borders- Create rich, polished PDF files from any application that prints- Ensure visual fidelity- Encrypt and share PDF files more securely- Use the standard for document archival and exchange To upgrade and enhance your work productivity today, go to:
http://www.adobe-new-software.com  If you have any question please contact us at: support@adobe-new-software.com Best regards, Michael Lobenberg Adobe AcrobatCopy rights © Adobe Acrobat 2010 – All Rights Reserved Website: http:// www.adobe-new-software.com

Adobe does not send out emails like this. Acrobat Reader can update itself by showing a small window with update information (and you should update it as soon as updates are released). You should not have to visit a web site to download Acrobat updates.

Chase.com Scam Email

Posted by on 18 October, 2010 1 comment

The following email is a scam, it looks confusing and encourages readers to click on a link. And there are many links in this email, all pointing to a hacker’s virus infected site.

Below is the email, with personal details and all of the malicious links removed:

Dear …,

Thank you for scheduling your recent credit card payment online. Your ($USD) $117.00 payment will post to your credit card account (CREDIT CARD) on 08/06/2010.

Now that you’re making your payment online, are you aware of all the convenient ways you can manage your account online?

Just log on to www.chase.com/creditcards today. Using the "I’d like to…" links for your credit card account, you can access more than a dozen features, including links to:
See statements – Choose to stop receiving paper statements, and see up to six years of your statements online.
See automatic payments – Set up monthly payments to be made automatically.
Transfer a balance – Transfer a balance to your credit card account.
Go to Personalized Alerts – Schedule Alerts to remind you of key account activity.
You can also see past payments you’ve made online by logging on to www.chase.com/creditcards and clicking "See/cancel payments" under "I’d like to …"

If you have questions, please call the Customer Service number on the back of your credit card.

Thanks again for using online payments.

Sincerely,
Cardmember Services

Never trust emails like this, especially if you don’t have an account with the company.

A useful trick to spot these scams is:

  • Identify which company the email claims to be from. In this case, it’s a company called Chase.
  • Place your mouse pointer over a link, but don’t click.
  • Look at the bottom of your screen, you should see the real link it points to. (You need to be using a modern web browser for this to work).
  • If the addresses don’t match then it’s likely a scam.

E.g., the email above talks a lot about chase.com. This is a real company in USA. scam link - do not visit this siteWhen I place my mouse pointer over the link, my browser says it goes somewhere different. The addresses don’t match, this is a scam. See the picture on the right.