e-books

Like any other thing on the internet that can be downloaded, e-books present their own risks.

If you need to download an unknown program or plugin to access the e-book then consider if it’s really necessary. Sometimes things you download carry malicious code which often ends up installing spyware on your computer.

One such example is a browser plug-in from bitroad.net. It promises to help download free e-books. In the background it installs malware.

E-books represent a large shift in technology for distributing media. Formats will continue to change, new tools will continue to be developed, and new opportunities will be found to distribute malware on the side.

So always take care what you download or install (in general, the less you install on a computer the better it’ll work). And invest in a good anti-virus package that also scans for spyware.

Malware in Resumes

Recruitment companies receive a lot of resumes in Word format, as you’d expect. But it seems that there’s a growing trend of these Word files being infected with some type of malware. Often there is automated software at recruitment companies to forward the resumes to their clients without scanning them for malware.

Hackers have caught onto this and are targeting these companies. They’ve been sending resumes (probably not their own) with backdoor trojans embedded in the document. This gives them a chance to gain access to these networks.

If your work involves receiving many Word documents from the general public put in place a plan to screen these for known malware, and to limit the damage they can do if a new (unknown) trojan gets through. Most security specialists can help with this.

Safari Threat

Microsoft would like you to know that using Safari on a Windows PC is dangerous. And of course they’d say that, they have a competing product they’d like you to use (Internet Explorer). So what’s happening?

A few days ago Microsoft published a security advisory of a potential vulnerability in Apple Safari. Technically they’re correct, there is a vulnerability and we’ll look at it in a moment. The flaw hasn’t been exploited yet, at the moment it’s more theoretical. It’s just a little suspicious that they put this much effort into pointing out flaws in a competitor’s product and that they’ve used their security advisory system for what can be seen as a marketing manoeuvre.

So what’s the flaw?

It’s being called Carpet Bombing. Here’s how it works.

A web page is created that has hundreds of hidden download links (in the form of "iframes"). The files are silently downloaded onto the user’s desktop. This can be done without the user’s knowledge.

The vulnerability is that a user’s desktop could be covered with hundreds of icons for malicious programs, making it easy to accidentally click on one and run the malicious program.

Apple says it’s a security issue, not a vulnerability. Microsoft says users should avoid using Safari until researchers have looked further into.

So is this a sneaky marketing ploy from Microsoft? It could be, they’ve done things like this before. Or are they sincere and is Safari really as dangerous as they say?

We’ll know more in a few days, by which time Apple would most probably have a fix. I don’t consider this a high risk vulnerability, just something extra to be cautious about. A good antivirus program help here.

Microsoft’s advisory is here (it’s light on details at the moment): http://www.microsoft.com/technet/security/advisory/953818.mspx

Further info here, here and here.

Ad-Aware 2008

Ad-Aware 2008 is now available. It’s a popular anti-spyware product for Windows that scans your computer for spyware and adware. It comes in three versions:

• Free
• US$26.95, includes features such as real time detection
• US$39.95, includes more advanced features such as network drive scanning

There’s a comparison chart here showing what’s different between the versions. If you’re new to this product and aren’t sure which version you need start with the free version.

Read more about Ad-Aware 2008 here including a download link.

Similar products available for Windows are:

• Spybot
• Windows Defender

Also note that the larger anti-virus packages such as Trend Internet Security also contain anti-spyware modules.

Yahoo! Malicious Page Alerts

Yahoo! now lets you know if a web site contains malicious content. It works very similar to how Google does it. From a technical perspective Yahoo’s implementation seems better - it scans files that automatically download.

McAfee have provided the malware detection technology, called SearchScan, so it has a company with a good reputation behind it. Below is an example of how it looks when it finds something dangerous:

Yahoo! operates search engines in several countries, and it will be enabled by default for the following countries: Australia, Canada, France, Germany, Italy, New Zealand, UK, USA.

Update: HP Software Update Tool

Back in January I mentioned that HP’s Software Update Tool was vulnerable to attacks. That was limited to a support program installed on HP laptops. Now the problem appears to be worse than first thought.

A large number of HP’s printers (both laser and inkjet), scanners, cameras and PCs also include this tool. Version 4.0.9.2 or earlier is vulnerable. The problem has been resolved in the latest update, version 4.0.10.8.

So if you have an HP product on your computer check if HP’s Software Update Tool is installed, and the version number. You might need to upgrade it.

The risk is that a malicious web page can be created that activates some code in HP’s Software Update Tool and it can execute code on your computer. This is OK if you’re allowing HP to update your drivers, but it’s a bad thing if random strangers can do this.

Note that this only affects Windows users.

She has already gone to hospital!…

Below is a new scam email being sent around the internet. The topic of the email is shown above. The email’s contents are shown below (I’ve removed the link):

Listen to me carefully, i don’t know what your name is, but i’ll find you and i’ll cripple you, because this is you who tempted her!!! She has already gone to hospital, you’re next, this is evidence:

http://www.———.sk/fotos/

If you receive this email just delete it. It’s a scam to get you to click on the link, which will then have malicious code. More details in the comments below.

Microsoft Certificate Enrolment Code

There’s a new phishing trick that involved the user downloading a security certificate. It’s been spotted on a fake Bank of America web site. When this fake page is accessed the user is asked to create a digital certificate.

The control is downloaded to the PC using Microsoft Certificate Enrolment Code. This ads a false sense of security for users.

The next step on the web site asks users to download a file called sophialite.exe This is a malicious program.

So if you end up at a web site that looks like the Bank of America pay close attention to the address shown in your web browser, make sure it’s exactly right.

ActiveX Flaw in Symantec Products

Symantec is well known for making security products (they also use the Norton brand for home products). A serious flaw has been found in some of their products including Norton AntiVirus, Norton Internet Security, Norton SystemWorks and Norton 360.

The flaw is in an ActiveX control that gets installed on the PC (the control is called SymAData.dll). This control is normally used for their AutoFix tool, however it was discovered that it can be exploited by adding some malicious code to a website. The exploit allows someone to take over the computer (generally a bad thing).

Two ways to fix this problem are:

• Engage in an online chat session with Symantec’s technical support team
• Download the patch from Symantec’s website, https://www-secure.symantec.com/techsupp/asa/install.jsp

Earlier we wrote about problems with ActiveX and suggested you disable it.

iMunizator

iMunizator is an application for the Mac that claims to scan the computer and report problems.

iMunizator actually searches the computer for important files and tells the user that they are dangerous. It then offers to remove them.After removing them the computer is no longer usable.

In other words, iMunizator is a malicious program. Don’t ever run this program on a Mac.

It’s actually another version of MacSweeper, which we warned you about earlier this year.

Imunizator’s website

HP Flash Drives Ship With Malware

Hp flash drives were found to contain malware. These devices were sent as promotional items with new Proliant Servers.

Both 256MB and 1GB USB drives were infected with worms (W32.Fakerecy and W32.SillyFDC), and the worm can copy itself to all other mapped drives on your network.

This is particularly bad because IT technicians generally install these servers and generally have access to quite a few network drives.

HP’s software security response team admitted to the fault and has issued the following list of servers that shipped with the infected USB drive:

ProLiant BL20pG4; ProLiant BL25pG2
ProLiant BL45pG2
ProLiant BL260c
ProLiant BL460c; ProLiant BL465c; ProLiant BL465cG5; ProLiant BL480c
ProLiant BL680cG5; ProLiant BL685c; ProLiant BL685cG5
ProLiant DL120G5; ProLiant DL140G3; ProLiant DL145G3; ProLiant DL160G5;
ProLiant DL165G5; ProLiant DL180; ProLiant DL180G5; ProLiant DL185G5
ProLiant DL320G5; ProLiant DL320G5p; ProLiant DL320s; ProLiant DL360G5;
ProLiant DL365; ProLiant DL365G5; ProLiant DL380G5; ProLiant DL385G2;
ProLiant DL385G5
ProLiant DL580G4; ProLiant DL580G5; ProLiant DL585G2; ProLiant DL585G5
ProLiant ML110G4; ProLiant ML110G5; ProLiant ML115; ProLiant ML115G5;
ProLiant ML150G3; ProLiant Ml150G5
ProLiant ML310G4; ProLiant ML310G5; ProLiant ML350G5; ProLiant ML370G5
ProLiant ML570G4
IP Console Switch with virtual media
Server Console switch
Server Console Switch with virtual media
TFT7600 (USB Pass-through)
1U Rackmount Keyboard with USB

This kind of threat isn’t limited to HP customers. Any device you plug into a USB port can potentially carry malware. Therefore you should always have a good antivirus program running on your computers.

A while back we reported on similar incidents: Digital Picture Frames with malware, MP3 players sold with malware

Malware Targeted Against Pro-Tibet Groups

A new malware infected email is being sent to people on Pro-Tibet mailing lists. This is an example of a targeted attack whereby a particular group of people are the intended recipients of the malware, and in this case politically motivated.

F-Secure have investigated the malware and have concluded that it originates from China. It carries a PDF file that installs a key-logger on a recipient’s computer. The key-logger sends all of the user’s key strokes to a server located in China.

To recognise the malicious email look for the following:

• The email is forged to appear to originate from Unrepresented Nations and Peoples Organization (UNPO)
• From: unpo@unpo.org
• Subject: UNPO Statement of Solidarity
• First few lines of the email:

The Hague, 17 March 2008 - The Presidency of the Unrepresented Nations and Peoples Organization (UNPO), led by President Mr Ledum Mitee, expresses its solidarity on behalf of all UNPO Members with the people of Tibet in this period of extreme tensioni and reiterates its support for their decades-long nonviolent campaign against Chinese suppression.

• Has an attachment called “UNPO Statement of Solidarity.pdf”

If you receive this email or others like it, delete it.

According to F-Secure there are other similar emails that are also part of the targeted attack and may contain any of the following attachments:

• UNPO Statement of Solidarity.pdf
• Daul-Tibet intergroup meeting.doc
• tibet_protests_map_no_icons__mar_20.ppt
• reports_of_violence_in_tibet.ppt
• genocide.xls
• memberlist.xls
• Tibet_Research.exe
• tibet-landscape.ppt
• Updates Route of Tibetan Olympics Torch Relay.doc
• THE GOVERNMENT OF TIBET.ppt
• Talk points.chm
• China’s new move on Tibetans.doc
• Support Team Tibet.doc
• Photos of Tibet.chm
• News ReleaseMassArrest.pdf
• Whole Schedule and Routing for Torch Relay.xls

For more information see here.

Brazilian Tax Return Site

Another fraudulent tax return site has appeared, this time targeting people in Brazil. It begins with a forged email claiming to be from Brazil’s Ministry of Finance, Ministerio da Fazenda.

The email has a link to a virus file called formulario.exe.

If you receive this email just delete it. Don’t click on the links and don’t download (or even worse, Run) the .exe file it offers you.

And of course invest in a good anti virus package that will filter these sites and block them.

Other recent tax scams:

• UK
• Australia
• USA

BBB Infected Website

The Better Business Bureau website has been infected with malware. Visitors to the site are asked to download and install an ActiveX control (that has malicious code). Their web site is www.national-bbb.com.

If you ever receive an alert you weren’t expecting, especially one asking you to download and install anything, cancel everything it asks you to do. There is no reason to install anything to view a web page.

We’ve written earlier about websites that ask visitors to install things, and on how to take more extreme measures to completely block ActiveX code.

Fake Anti Spyware

Brave Sentry is a fake anti spyware product that’s been going around a lot lately. It’s also known by these names:

• Brave Sentry
• Spy Sheriff
• Spyware Quake
• SpyFalcon

Once it gets onto your computer it tells you it found a large number of threats. For example, it could say “BraveSentry Scan found 138 threats“. This is false, following its instructions takes you to a site asking for money to remove the spyware.

Here’s a procedure on how to remove Brave Sentry, if you happen to become infected.

And to avoid infection follow these tips:

• Install a good (and well known) anti virus/anti spyware product.
• Avoid using Internet Explorer. Use one of the current alternative browsers such as:

• Firefox
• Opera
• Safari

Always use the latest web browser versions, download updates frequently.

Never ever download or run programs just because an email or a web site asked you to. This includes things like codecs to watch videos (unless you’re quite technical and know what you’re doing).

Avoid warez and porn sites (they’re often infected with malware)

Free Screen Savers Carry Viruses

If you receive an email offering a free screen saver chances are the screen savers are infected with malware.

Screensavers are just like any other program and can carry malware. And as always you shouldn’t trust unsolicited emails offering something free.

Next Page →

• About

  Read the latest articles shown on the left, and use the options below to search for past articles. FraudO.com is committed to educating all users on the dangers of the internet and how to avoid them.

• Email Subscription

  Enter your email address:

  Delivered by FeedBurner

• Recently Written

  • Windows Steady State
  • Google Calendar Phishing
  • Don’t use old browsers
  • New Fraud Statistics
  • SMS Death Threat Scam
  • e-books
  • Bluetooth Patching
  • Plastic Container Hoax
  • Advanced Fee Fraud on LinkedIn
  • Malware in Resumes

• Categories

  • Admin (6)
  • Antivirus (34)
  • Backups (5)
  • Fraud (42)
  • General (67)
  • hoax (1)
  • Identity Theft (23)
  • Malware (63)
  • News/Media (35)
  • Privacy (6)
  • Scams (51)
  • Security (74)
  • Software (53)
  • Statistics (13)
  • Uncategorized (2)

• Archived Articles

  Select Month July 2008  (5) June 2008  (8) May 2008  (17) April 2008  (23) March 2008  (22) February 2008  (20) January 2008  (31) December 2007  (17) November 2007  (21) October 2007  (11) September 2007  (5)

• Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

• Spam Blocked

  1,271 spam comments

  blocked by
  Akismet

• Ads

• Stats