Category: Antivirus

Fake Security Renewals

There’s a trojan that has a tricky way of extorting money from users. It begins with a computer being infected with this particular trojan.

Then it shows an image on your screen (that won’t go away) telling you that you need to renew your security software (whether or not you have security doesn’t matter, this shows a fake screen). It gives you two options to pay for an update, both of which are part of the scam, the money goes into the pockets of the people who have spread this trojan.

Method 1: it asks you to send an SMS to a premium service, which costs you £10 (or the equivalent in your currency).

Method 2: it asks you to call a phone number, which is also a premium service and costs you the equivalent of US$35 (different prices and currencies in different countries).

Have a look at the screen-shots on this web page to recognise the fake renewal request.

The message reads (complete with spelling errors):

Browser Security and Antiadware Software component license exprited! Surfing PORN, ADULT and some other kind of sites you like without this software is dangerows and threatens with infection of your computer by harmful viruses, adware, spyware, etc… You strongly need to update your software to avoid infection and losting information from your computer. Please complete procedure of software update

If you come across this, or any other similar scam never ever pay them any money, or call the supplied phone number or SMS (otherwise you’ll be out of pocket a small amount of money).

RealPlayer Vulnerability

Here’s another vulnerability to report on. If your computer has the following then you’re at risk:

  • Windows 2000 or Windows XP
  • Internet Explorer 6 or 7
  • RealPlayer versions:
  • 6.0.10
  • 6.0.11
  • 6.0.12
  • 6.0.14
  • 6.0.14.536
  • 6.0.14.543
  • 6.0.14.544
  • 6.0.14.550
  • 6.0.14.552

The vulnerability makes it possible for you to infect your computer just by opening a malicious web page (you wouldn’t know it’s happened till it’s too late). So if your version of RealPlayer is out of date and you fall into the category above then update RealPlayer to the latest version.

Merry Christmas PPS Trojan

christmasstocking There’s another email being sent around that contains an attachment called MerryChristmas.pps. It’s a PowerPoint presentation showing some Christmas type message and at the same time tries to install a trojan onto the computer.

Delete it and move on.

It’s also good to keep your antivirus software updated and if you’re using Windows then make sure you’ve updated it all (Windows, Office, etc), as described in this earlier post.

Skype Encryption

Skype is a popular communication tool allowing people to have voice and video conversations over the internet. And one of its features is how it transports that communications data. Skype first encrypts your data then distributes it using a network of other skype users (using what’s called a peer to peer model).

The encryption is intended to stop random strangers eavesdropping on your conversations. And it seems to be fairly effective from what this article says – the German Federal Police Office have a problem wiretapping Skype calls.

Is this a good thing or a bad thing? Well, it’s a little of both. It gives Skype users a level of security that makes the general public comfortable enough to use it, and stops casual eavesdropping. That’s the good news.

The bad news is that VoIP traffic (phone calls over internet) can be intercepted in other ways. When it becomes too hard to break the encryption, as the German police found, an easier path is to install a trojan on the PC and intercept the voice data before it becomes encrypted. This stuff really happens.

The German federal police office is looking into developing trojans so they can install one on people’s computers they need to listen in on (article here). This is a legal form of spyware (at least in the country it’s used in). Other governments have been using this technique for years and legally it’s not much different to wiretapping a phone. What makes it scary is that antivirus companies have an understanding with law enforcement agencies and some government spyware may go undetected.

This isn’t a problem to most people. And at the end of the day it’s no different to using a house or mobile (cellular) phone.

The message in this article is that you should place the same level of trust in any VoIP phone (such as Skype) as you would with any other phone. It doesn’t offer any additional level of privacy. Law enforcement agencies have been finding ways to listen in, and fairly soon we’ll have spyware that can do the same thing only with less legal intentions.

Keep critical software up to date

Some programs you use are critical to the safe use of your computer, and it’s important to keep these patched.

In this article critical software is the collection of programs (both visible and those that run in the background) that transport information from a web server to your screen. It’s the chain of data flow that you use the most often when using the internet.

You have your operating system (e.g. Windows, MacOS, Linux), a web browser, and a stack of drivers that basically make the internet work for you. This is a simplified model, most people’s computers will be unique and full of all sorts of programs.

Because information is flowing along this chain of programs, data being handed off from the operating system to the web browser, every link in the chain is critical. And like the old mantra, the price of security is eternal vigilance. In this case we’re looking at the eternal task of patching your software.

Patches are released by software vendors, whether it’s a free open source program or from a commercial software company. Patches are written because the programmers are always fixing bugs, in particular they’re always fixing security vulnerabilities as they are discovered. It’s a way of strengthening each of the links in your data chain.

The point of this article is that you should always update the following:

  • Patch your operating system (Windows, Mac OS, Linux, etc). Yes there’s a risk in being the first to install a patch, it might break something. Large companies have long complicated procedures to test patches before installing them. Small companies and home users need to take the risk and apply the patch blindly, trusting the vendor. It’s a choice between having the most secure computer possible or waiting to see if a patch is released by mistake. My advice is to take the secure option and make regular backups of all your data (backups would be a good topic for a future article). Most operating systems these days have automated patching systems in place making this simple and often a transparent process.
  • Patch your web browser. All web browsers need to be patched – Microsoft Internet Explorer (IE), FireFox, Opera, Safari, etc. Apply patches as soon as they’re released. Today a web browser is the most vulnerable program on a computer, it gets used to run code that other people write. Code that comes from all corners of the world and is almost always not certified in any way and there’s almost no way of trusting the code. Your web browser will execute it blindly, trusting that it’s safe and you trust that all other programs on your computer (including the operating system) will handle the attacks in a graceful way. Web browsers will be attacked, this is almost a certainty these days. So you need to very latest version that hopefully has had every known vulnerability fixed.
  • Patch your antivirus software. This is often automatic, and it’s often a paid service. Antivirus companies spend a lot of time and money keeping their tools up to date and it’s in your best interest to use their technology. Consider it a good investment, it could cost you thousands of dollars if your system is compromised.
  • Sometimes routers will have to be patched as well. This is a little more advanced and you should only do it if you’re comfortable working with your router.
  • Personal firewalls should also be patched. If your antivirus software includes a [personal] firewall then it’ll be patched automatically, otherwise it’s a separate process.

Chain and padlockAll software that uses the internet in any way, including the various video and music players, needs to be kept up to date. Web browsers and operating systems are the most critical and should be patched the most often. The time and effort you spend is the price you pay for having a safe computer.

Laos Airlines Website

It used to be that your computer could become infected if you went to a pornographic or warez website (warez sites are where people can illegally obtain software cracks). While this is still true, “normal” websites can also be vulnerable these days.

The Laos Airlines website was hacked and some code was added at the bottom – malicious code that isn’t visible to the average person. If you were to visit their website (whether to look up travel information or to book a flight) your web browser will also try to load a web page (being hosted in China) that then will try to install malware onto your computer.

The airline itself was a victim, and now that it’s been discovered and made public they’ll no doubt fix it. It’s certainly no reason not to travel to Laos or to use their airline. And the fact that the malicious code was hosted in China is an indicator that a lot of (black hat)hackers are setting up shop over there (until recently Russia was their country of choice to hide their malicious activities).

A couple of tips to avoid being a victim of crimes like this:

  • Use alternative web browsers whenever possible. Use FireFox or Opera instead of Internet Explorer.
  • Use a good antivirus program that monitors web browsing, and that constantly updates itself (these are usually not free, and it’s well worth paying their fee to keep you safe).

And keep reading as much as possible about online security. Education can only help you.

A QuickTime Flaw

Here’s a new vulnerability in Apple’s QuickTime program, discovered just recently (and published today). A computer can become vulnerable if the following events happen:

  • You have Quicktime version 7.x installed (any version beginning with 7.)
  • Your computer uses Windows XP or Windows Vista
  • You use FireFox for web browsing (IE 6, 7, and Safari are safe from this vulnerability for the now)
  • QuickTime is your default media player
  • You visit a site hosting a malicious video file that takes advantage of this exploit.

Chances are you don’t meet all of the above criteria, but since there are so many computers on the internet now there would still be a large number of people who do.

The damage from this could be anything for now. Since the exploit has been published malicious hackers all over the world are probably busy writing viruses and trojans to take advantage of it.

So when Apple releases an update be sure to install it. And if you use a good antivirus package it won’t be long until they release a new update (this is why it’s important to keep your antivirus program updated).

Details have been published here.

Malicious Emails Targeting Financial Customers

There has been a rise in malicious emails (emails carrying malicious attachments) that are aimed at individuals. These emails are customised for the recipients with details such as their name and official title.

Two recent occurrences appear to be from the US Department of Justice, and from the Better Business Bureau. They have been sent to customers of financial institutions, indicating that email addresses were stolen and the information used to make the emails appear more convincing.

What makes these appear obviously malicious is that the first (from the US Department of Justice) carries an attachment with a file extension of .scr. These type of files are Windows screen savers, something that should immediately appear out of the ordinary. If you open the attachment it will install a trojan allowing malicious hackers to later take control of your computer.

The second one (from the Better Business Bureau) contains an infected PDF file. This is unfortunate because traditionally PDF files were considered safe from viruses, but lately it’s been proven that even PDF files can carry viruses and trojans. ( A PDF file is an attached document). Keep in mind that these emails have been tampered with to make them appear to be from the relevant senders. In fact they aren’t.

The best defence against these types of targeted attacks is to use a good antivirus program on your computer with the following features:

  • It must scan emails
  • It must be updated daily

It can be very difficult to pick out these malicious emails unless you have something scanning them for you.

These type of targeted email attacks have been increasing in frequency. Up to 10 new (unique) attacks have been discovered every day. This is a rather large number. Be very careful with suspicious looking emails.

Harmful Websites

It seems Possibility Media’s websites have been hacked. There are a few interesting things to learn here. First have a look at the following screenshot:

Possibility Media
At the time of writing (28 Oct 2007) if you go to Google’s website and search for the term “possibility media” you’ll get the results shown above. Google found the correct website and if you look closely there’s a warning that “This site may harm your computer“. If you don’t notice this small writing and just click on the link Google will display a large warning spelling out the risks. This is a very nice security feature provided by Google. They use a 3rd party tool to analyse websites for malware and make it difficult for you to load a website that contains harmful code.

The other thing to note is that Possibility Media’s websites have been hacked and contain harmful code. It’s still unclear what damage this can do to your computer (it’s currently being investigated by antivirus companies). Some of their other websites that have also been hacked are:

  • webweekmag.com – Web Week Magazine
  • itweekmagazine.com – IT Week Magazine
  • technologyweekmag.com – Technology Week Magazine
  • theinternetstandardmag.com – The Internet Standard
  • securitystandardmag.com – Security Standard

Hopefully by the time you read this it would have been cleared up. The purpose of mentioning these websites is to point out that common websites that have completely legitimate businesses behind them are still vulnerable to malicious tampering and that it can affect pretty much everybody.

There are a couple of things you can do about this:

  • Use a good antivirus program on your computer. To be effective against this type of attack it needs to do something called “web filtering”.
  • Keep your antivirus software updated. This usually requires a paid (yearly) subscription.
  • Use an alternative web browser. I haven’t written about this yet but consider using either FireFox or Opera.