Space Station Gets A Virus

It’s interesting to see that even the most technologically sophisticated environments face the same challenges as the rest of us. Some computers aboard the international space station (ISS) have been infected with a worm (called W32.Gammima.AG). And it’s not the first time this has happened.

In this particular case there’s no threat to their operations, but it’s interesting to see how some of the best engineers in the world let this slip through. The theory at the moment is that it was transferred from a crew member’s personal compact flash card.

It’s also interesting to note that the computers on board do not have virus protection, and that it’s believed it spread from one computer to at least another one.

Lessons to be learnt?

1. Use a good anti-virus package. It’s not good enough to be extra careful, you need the best tools working in the background keeping watch.
2. Be aware that flash cards (the kind cameras use) can carry malware. You just have to be careful who’s computer you put it into. We’ve even seen brand new devices ship with infected memory cards.

New Fraud Statistics

Sometimes it’s hard to believe these statistics, the numbers are so large. The Australian Bureau of Statistics has finished their first survey of personal fraud. Their findings are that 800,000 Australians fell victim to fraud in some way.

453,100 of those lost money, for a total of $977 million. That’s a lot of people and a lot of money for a rather small population.

329,000 Australians lost money after responding to lottery scams and other phishing related scams.

A lot of people keep falling for scams. The best thing you can do is help them become aware of what scams and fraud tricks are being used. Remember that you can always subscribe to Fraudo.com by email or with an RSS reader.

Safari Threat

Microsoft would like you to know that using Safari on a Windows PC is dangerous. And of course they’d say that, they have a competing product they’d like you to use (Internet Explorer). So what’s happening?

A few days ago Microsoft published a security advisory of a potential vulnerability in Apple Safari. Technically they’re correct, there is a vulnerability and we’ll look at it in a moment. The flaw hasn’t been exploited yet, at the moment it’s more theoretical. It’s just a little suspicious that they put this much effort into pointing out flaws in a competitor’s product and that they’ve used their security advisory system for what can be seen as a marketing manoeuvre.

So what’s the flaw?

It’s being called Carpet Bombing. Here’s how it works.

A web page is created that has hundreds of hidden download links (in the form of "iframes"). The files are silently downloaded onto the user’s desktop. This can be done without the user’s knowledge.

The vulnerability is that a user’s desktop could be covered with hundreds of icons for malicious programs, making it easy to accidentally click on one and run the malicious program.

Apple says it’s a security issue, not a vulnerability. Microsoft says users should avoid using Safari until researchers have looked further into.

So is this a sneaky marketing ploy from Microsoft? It could be, they’ve done things like this before. Or are they sincere and is Safari really as dangerous as they say?

We’ll know more in a few days, by which time Apple would most probably have a fix. I don’t consider this a high risk vulnerability, just something extra to be cautious about. A good antivirus program help here.

Microsoft’s advisory is here (it’s light on details at the moment): http://www.microsoft.com/technet/security/advisory/953818.mspx

Further info here, here and here.

Adobe Flash Flaw

This week everyone’s been talking about a new flaw in Flash that can be exploited to run malicious code on your computer. After a few days of media frenzy Adobe has released a fix for it.

If you use Windows then download the update (this includes users of FireFox, Opera and Internet Explorer). Link here.

The fixed version is 9.0.124.0. If you’re keen you can read more about the vulnerability here.

Nigerian 419 Scams

How much money do you think Australians send to Nigerians because of the old Nigerian 419 scam? (Keep in mind that Australia has a small population of 21 million)

The answer is millions of dollars.

This very interesting interview with the head of the Queensland Police Corporate Crime Investigation Group (what a long title) discusses these scams and provides some interesting details.

People who fall for these scams often don’t report it, and in many cases repeatedly fall for these scams. Watch the video, discuss it with your friends, family and colleagues, and help raise awareness of this particular kind of scam. You can also read this article on how Nigerian scams work.

Link to video.

AusCERT Survey

An Australian security organisation called AusCERT has conducted a survey and come up with the following results. I’ve added my own comments on the right.

Survey Results	Comments
84% of respondents use the internet for banking	84% of internet users have something to lose if they’re not careful.
5% have used a neighbour’s unsecured wireless internet	This is not only illegal but they’re using an untrusted network
11% never update their operating system	Updates exist to patch known vulnerabilities, so these 11% of people have computers that can be hacked
8% never update their anti-virus software	New viruses are discovered every day so these people are at greater risk
23% have malware infections on their computer	Malware such as spyware and internet banking don’t go well together (i.e. this is how criminals steal money). Malware is always a bad thing to have on your computer. Do something about it.
68% are confident or very confident with computer security	The other 32% should be reading FraudO.com

The full survey results have been published here. It’s an interesting read, especially seeing the reasons why some people don’t use anti-virus and anti-spyware software.

SSH Brute Force Attacks

SSH is used to establish secure connections across the internet. For example a lot of people use SSH to connect to their servers because of the good security it provides. Lots of people trust it and rely on it.

In the past week there has been a large increase in the number of brute force attacks against SSH. What’s a brute force attack? It’s when someone writes a program that starts guessing passwords. It’ll keep trying to guess passwords all day and all night without rest until it finds something that works. The smarter brute force attacks do this slowly so that servers don’t lock the account in defense.

To increase a hacker’s chances of finding the right password these brute force programs use a dictionary and try to guess common words first. Then they try combinations such as replacing o’s with zeros, or putting a 1 at the end (have you ever done this with passwords?). So if your password is based on a word found in the dictionary it’ll be amongst the first ones tried.

The best defence against brute force attacks is to use a complicated password. Complicated passwords can take years to guess, simple passwords can take seconds to guess. Read here about how to evaluate the complexity of a password. And if remembering complicated passwords is a challenge then you might need a password safe.

So back to SSH. If you manage a server and use SSH to connect to it, have a look at the logs. Other people have reported a 5-10 times increase in the number of SSH attempts on their servers. Make sure your passwords are complicated enough to resist brute force attacks. Consider editing firewall rules to limit the entry points into your network. And make sure everything is patched including routers and firewalls. See this article for further information on these attacks.

And for everything that’s still wondering what SSH is, don’t worry about the jargon. Just realise that people can and do try to guess passwords.

Malware Targeted Against Pro-Tibet Groups

A new malware infected email is being sent to people on Pro-Tibet mailing lists. This is an example of a targeted attack whereby a particular group of people are the intended recipients of the malware, and in this case politically motivated.

F-Secure have investigated the malware and have concluded that it originates from China. It carries a PDF file that installs a key-logger on a recipient’s computer. The key-logger sends all of the user’s key strokes to a server located in China.

To recognise the malicious email look for the following:

• The email is forged to appear to originate from Unrepresented Nations and Peoples Organization (UNPO)
• From: unpo@unpo.org
• Subject: UNPO Statement of Solidarity
• First few lines of the email:

The Hague, 17 March 2008 - The Presidency of the Unrepresented Nations and Peoples Organization (UNPO), led by President Mr Ledum Mitee, expresses its solidarity on behalf of all UNPO Members with the people of Tibet in this period of extreme tensioni and reiterates its support for their decades-long nonviolent campaign against Chinese suppression.

• Has an attachment called “UNPO Statement of Solidarity.pdf”

If you receive this email or others like it, delete it.

According to F-Secure there are other similar emails that are also part of the targeted attack and may contain any of the following attachments:

• UNPO Statement of Solidarity.pdf
• Daul-Tibet intergroup meeting.doc
• tibet_protests_map_no_icons__mar_20.ppt
• reports_of_violence_in_tibet.ppt
• genocide.xls
• memberlist.xls
• Tibet_Research.exe
• tibet-landscape.ppt
• Updates Route of Tibetan Olympics Torch Relay.doc
• THE GOVERNMENT OF TIBET.ppt
• Talk points.chm
• China’s new move on Tibetans.doc
• Support Team Tibet.doc
• Photos of Tibet.chm
• News ReleaseMassArrest.pdf
• Whole Schedule and Routing for Torch Relay.xls

For more information see here.

4.2 Million Credit Cards Stolen

It’s no surprise there are so many stolen credit card numbers being bought and sold on the internet. Earlier this week there was a data intrusion to Hannaford Bros.’s network and 4.2 million credit card number were stolen, together with their expiry dates. Hannaford is a popular supermarket chain in USA.

If you shopped at Hannaford with a credit card recently then check your credit card statements for misuse.

The official notice from Hannaford’s CEO is here.

eBay Fraud

eBay fraud is rampant in Romania, Russia and China. In fact, eBay says that the majority of all eBay phishing emails comes from these countries.

Mark Lee is the trust and safety manager for eBay UK and he’s made the following comments:

• “[there's] no fear of real punishment [in these countries]“
• “These attacks are definitely organised”
• “There are towns in Romania where the entire focus is on sites like eBay as the main source of income”

There have been several hundred arrests in Romania after eBay initiated a campaign to stop fraud, in June 2007. But this hasn’t stopped them and it’s still rampant in these parts.

Techniques used by these criminals include asking eBay shoppers for personal details (when people bid or ask questions on the site) - this is known as phishing and the personal details are later used to commit other crimes.

If you use eBay to buy or sell goods have a read here [ http://pages.ebay.com/securitycenter/ ] for tips and tutorials on eBay security. And continue to read FraudO.com for online security tips.

Bypassing Passwords Using FireWire

If someone has physical access to a computer they have a pretty good chance of bypassing its security. This new attack uses the FireWire port found on some computers and notebooks to access its memory and change the system’s password.

It’s been demonstrated to work on  Windows XP and on Macs, and could possibly affect other systems.

It’s up to companies like Microsoft and other vendors to fix their software to disable this vulnerability. Some lessons to be learnt are:

• Restrict physical access to your computer
• Don’t let other people plug devices into your computer
• Apply software patches from vendors when they become available. Hopefully they’ll patch this problem
• And if you’re paranoid about this one you can disable FireWire on some computers (by disconnecting the cable inside the computer)

Here’s the article explaining how it works on Windows XP, and here is an article on how it affects Macs.

Haute Secure

Haute Secure is a security service developed by 3 former Microsoft security specialists. It’s designed to filter the web pages you browse and it blocks any websites known to contain malware.

It’s free for people to download and install on their computers. If you run a website they charge money so they can scan your website and alert you if it gets hacked and infected with malware.

Most of the good antivirus packages have had this feature for a long time, and it’s a good idea to invest in one of these.

If you really believe it’s not worth spending money to keep your computer secure and you insist on using free antivirus programs, then this will make a good addition since free antivirus programs don’t usually filter web sites.

Adobe AIR 1.0

Adobe has been making news today for releasing version 1.0 of their AIR framework. AIR is a new way to develop and run programs, it’s a combination of a web page but runs without a web browser.

It has a long list of security features to make programs seem safe. And because of how internet applications work experts agree it won’t be long until this new technology is exploited.

One thing to be careful of is when AIR warns you about “self signed” applications. This means that no reputable company has verified the person who wrote the program. So if you download an AIR application and you get warned about it being self signed, the safe bet is to deny it.

If you’re tempted to play with AIR applications just be conscious of where you’re downloading programs from. They won’t remain safe for long.

Fraud Statistics

The US Federal Trade Commission (FTC) has released a report showing some statistics on fraud for 2007. These statistics come from people who report incidents of fraud to them, so it’s really limited to USA. The problem worldwide would be much much worse.

The top 20 complaint categories were:

Rank    Category    Complaints

1. Identity Theft    258,427
2. Shop-at-Home/Catalog Sales    62,811
3. Internet Services    42,266
4. Foreign Money Offers    32,868
5. Prizes/Sweepstakes and Lotteries    32,162
6. Computer Equipment and Software    27,036
7. Internet Auctions    24,376
8. Health Care Claims    16,097
9. Travel, Vacations, and Timeshares    14,903
10. Advance-Fee Loans and Credit Protection/Repair    14,342
11. Investments    13,705
12. Magazines and Buyers Clubs    12,970
13. Business Opportunities and Work-at-Home Plans    11,362
14. Real Estate (Not Timeshares)    9,475
15. Office Supplies and Services    9,211
16. Telephone Services    8,155
17. Employ. Agencies/Job Counsel/Overseas Work    5,932
18. Debt Management/Credit Counseling    3,442
19. Multi-Level Mktg./Pyramids/Chain Letters    3,092
20. Charitable Solicitations    1,843

That’s 258,427 cases of identity theft in one year, in one country! The total fraud losses recorded in this report totals more than $1.2 billion. The full report is here.

Trust Encryption Device (TED)

Australia’s CSIRO has developed a security device for online banking. It’s like a flash drive and contains a virtual computer environment which makes applications like online banking more secure.

However there’s a lot of doubt in the security world. You still need to plug it into a computer for it to start up, and you don’t always know what’s on the computer. Malware could still take screenshots and send them off to some unknown person on the other side of the world, and there’s little explanation on how it’s meant to avoid being tampered with.

It’s a technology to keep a watch on for the future. Full article here.

A New Skype Vulnerability

Skype, the popular internet phone software, has a new vulnerability with the way it handles video links. There aren’t any reported exploits yet but as always it’s only a matter of time.

Skype is susceptible to this vulnerability if all of the following happen:

• Your computer uses Windows
• You use Skype version 3.6.0.244 or older (versions 3.5 and 3.6)
• You do a video search from within Skype
• The search takes you to a page that’s been hacked

The damage from this is still unproven but it’s fair to say that if someone can write the required malicious code they could use it to any effect they like (such as installing spyware on your computer or taking over its control).

Skype has responded with disabling adding new videos to their Dailymotion gallery. This will slow down the chance of an exploit spreading. And Skype will release a new version soon to fix the vulnerability.

Skype’s report is located here.

Next Page →

• About

  Read the latest articles shown on the left, and use the options below to search for past articles. FraudO.com is committed to educating all users on the dangers of the internet and how to avoid them.

• Email Subscription

  Enter your email address:

  Delivered by FeedBurner

• Recently Written

  • Space Station Gets A Virus
  • Server Upgrade
  • Western Union Emails
  • Fake FBI Email
  • Clipboard Attacks
  • ZoneAlarm ForceField Free - 1 Day Only - Expired
  • New Wave of Malicious Spam
  • Fake Anti-Spyware Tools
  • Virus Email combines Facebook, Terrorists, and FBI
  • Fake Olympics Tickets Site

• Categories

  • Admin (7)
  • Antivirus (35)
  • Backups (5)
  • Fraud (45)
  • General (71)
  • hoax (3)
  • Identity Theft (25)
  • Malware (72)
  • News/Media (36)
  • Privacy (8)
  • Scams (56)
  • Security (84)
  • Software (57)
  • Statistics (14)
  • Uncategorized (2)

• Archived Articles

  Select Month August 2008  (10) July 2008  (17) June 2008  (8) May 2008  (17) April 2008  (23) March 2008  (22) February 2008  (20) January 2008  (31) December 2007  (17) November 2007  (21) October 2007  (11) September 2007  (5)

• Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

• Spam Blocked

  2,992 spam comments

  blocked by
  Akismet

• Ads

• Stats