Category: Malware

Viruses, Trojans, Spyware, etc

RealPlayer Vulnerability

Here’s another vulnerability to report on. If your computer has the following then you’re at risk:

  • Windows 2000 or Windows XP
  • Internet Explorer 6 or 7
  • RealPlayer versions:
  • 6.0.10
  • 6.0.11
  • 6.0.12
  • 6.0.14
  • 6.0.14.536
  • 6.0.14.543
  • 6.0.14.544
  • 6.0.14.550
  • 6.0.14.552

The vulnerability makes it possible for you to infect your computer just by opening a malicious web page (you wouldn’t know it’s happened till it’s too late). So if your version of RealPlayer is out of date and you fall into the category above then update RealPlayer to the latest version.

Merry Christmas PPS Trojan

christmasstocking There’s another email being sent around that contains an attachment called MerryChristmas.pps. It’s a PowerPoint presentation showing some Christmas type message and at the same time tries to install a trojan onto the computer.

Delete it and move on.

It’s also good to keep your antivirus software updated and if you’re using Windows then make sure you’ve updated it all (Windows, Office, etc), as described in this earlier post.

MDB Files are vulnerable

At the moment there’s a vulnerability in Microsoft’s Access program. This means it’s possible to create an Access file that contains malicious code (e.g. a virus, trojan, spyware, etc). More details here.

In plain English it means if you receive a file who’s name ends with .MDB treat it as highly suspicious.

Skype Encryption

Skype is a popular communication tool allowing people to have voice and video conversations over the internet. And one of its features is how it transports that communications data. Skype first encrypts your data then distributes it using a network of other skype users (using what’s called a peer to peer model).

The encryption is intended to stop random strangers eavesdropping on your conversations. And it seems to be fairly effective from what this article says – the German Federal Police Office have a problem wiretapping Skype calls.

Is this a good thing or a bad thing? Well, it’s a little of both. It gives Skype users a level of security that makes the general public comfortable enough to use it, and stops casual eavesdropping. That’s the good news.

The bad news is that VoIP traffic (phone calls over internet) can be intercepted in other ways. When it becomes too hard to break the encryption, as the German police found, an easier path is to install a trojan on the PC and intercept the voice data before it becomes encrypted. This stuff really happens.

The German federal police office is looking into developing trojans so they can install one on people’s computers they need to listen in on (article here). This is a legal form of spyware (at least in the country it’s used in). Other governments have been using this technique for years and legally it’s not much different to wiretapping a phone. What makes it scary is that antivirus companies have an understanding with law enforcement agencies and some government spyware may go undetected.

This isn’t a problem to most people. And at the end of the day it’s no different to using a house or mobile (cellular) phone.

The message in this article is that you should place the same level of trust in any VoIP phone (such as Skype) as you would with any other phone. It doesn’t offer any additional level of privacy. Law enforcement agencies have been finding ways to listen in, and fairly soon we’ll have spyware that can do the same thing only with less legal intentions.

Gameige.com has been compromised

GnomeSome pages on the website gameige.com have been compromised, using iframes to cause people’s browsers to download malware and steal information from the computer. This is a risk if your web browser loads ActiveX controls (such as Internet Explorer). Gameige.com is used by players of online games such as World of Warcraft.

The use of a good antivirus program that filters websites would help here. And hopefully by the time you read this the people supporting the site would have fixed it.

Malicious Christmas eCards

If you receive an eCard (email card) from someone you don’t know it might be from someone with malicious intents. Especially if it has the following:

  • The subject is similar to: This is my one-off Xmase-card for you ^_^ Very nice
  • The body of the email contains a link to: http://uklotttery.us/?id=ecard
  • The body of the email contains the text: This is my one-off Xmase-card for you ^_^ Very nice
  • And it has the words: no worm , no virus

If you find something similar to the above just delete it. It’s sent as spam and the link will try to install a virus.

No doubt there’ll be many attempts this festive season to play on people’s trust so as always be wary of things like this.

A plug-in must be installed

In order to view the photos a plug-in must be installed.”

Binoculars These dreadful words have been appearing in some spam emails, in Dutch. And on top of that the emails, at first glance, appear to be a legitimate news article. Interested readers might be tempted to click on the link, install the suggested plug-in, and hope to view photos of whatever the email is about.

You should never install anything an unsolicited email tells you to. You shouldn’t have to install anything to view photos. These particular spam emails will provide a link to a file called iPIX-install.exewhich is in fact a trojan that spies on your computer.

Another point worth mentioning is that spam and malicious emails are now being sent in languages other than English in the hope of catching out people who live in non English speaking countries (by trying to win their trust).

Keep critical software up to date

Some programs you use are critical to the safe use of your computer, and it’s important to keep these patched.

In this article critical software is the collection of programs (both visible and those that run in the background) that transport information from a web server to your screen. It’s the chain of data flow that you use the most often when using the internet.

You have your operating system (e.g. Windows, MacOS, Linux), a web browser, and a stack of drivers that basically make the internet work for you. This is a simplified model, most people’s computers will be unique and full of all sorts of programs.

Because information is flowing along this chain of programs, data being handed off from the operating system to the web browser, every link in the chain is critical. And like the old mantra, the price of security is eternal vigilance. In this case we’re looking at the eternal task of patching your software.

Patches are released by software vendors, whether it’s a free open source program or from a commercial software company. Patches are written because the programmers are always fixing bugs, in particular they’re always fixing security vulnerabilities as they are discovered. It’s a way of strengthening each of the links in your data chain.

The point of this article is that you should always update the following:

  • Patch your operating system (Windows, Mac OS, Linux, etc). Yes there’s a risk in being the first to install a patch, it might break something. Large companies have long complicated procedures to test patches before installing them. Small companies and home users need to take the risk and apply the patch blindly, trusting the vendor. It’s a choice between having the most secure computer possible or waiting to see if a patch is released by mistake. My advice is to take the secure option and make regular backups of all your data (backups would be a good topic for a future article). Most operating systems these days have automated patching systems in place making this simple and often a transparent process.
  • Patch your web browser. All web browsers need to be patched – Microsoft Internet Explorer (IE), FireFox, Opera, Safari, etc. Apply patches as soon as they’re released. Today a web browser is the most vulnerable program on a computer, it gets used to run code that other people write. Code that comes from all corners of the world and is almost always not certified in any way and there’s almost no way of trusting the code. Your web browser will execute it blindly, trusting that it’s safe and you trust that all other programs on your computer (including the operating system) will handle the attacks in a graceful way. Web browsers will be attacked, this is almost a certainty these days. So you need to very latest version that hopefully has had every known vulnerability fixed.
  • Patch your antivirus software. This is often automatic, and it’s often a paid service. Antivirus companies spend a lot of time and money keeping their tools up to date and it’s in your best interest to use their technology. Consider it a good investment, it could cost you thousands of dollars if your system is compromised.
  • Sometimes routers will have to be patched as well. This is a little more advanced and you should only do it if you’re comfortable working with your router.
  • Personal firewalls should also be patched. If your antivirus software includes a [personal] firewall then it’ll be patched automatically, otherwise it’s a separate process.

Chain and padlockAll software that uses the internet in any way, including the various video and music players, needs to be kept up to date. Web browsers and operating systems are the most critical and should be patched the most often. The time and effort you spend is the price you pay for having a safe computer.

The Popularity of Videos

Online videos are popular these days and as with anything popular scams are everywhere. The following two items take advantage of this popularity.

1. A movie called ” Lust, Caution” has been attracting some attention lately. Some websites have been setup (in China) that promise the ability to download a bootleg copy of the movie. What the websites don’t point out is that the download is infected with a virus that steals your passwords.

So don’t try illegally obtaining copyrighted movies, and especially not this one.

2. YouTube Scams – An email has been doing the rounds containing an ad for a video supposedly hosted on YouTube. The email goes on to explain how the video is about two lovers, includes comments and reviews.

If someone was to click on the link in this email (a link that at first sight appears to point to YouTube) they’ll be taken to a fake website made to look a little like YouTube. Then a message comes up saying that a new Flash player is required. Don’t install this player, it’s a virus. Pay close attention to links (URL’s) in emails.