Category: Malware

Viruses, Trojans, Spyware, etc

Laos Airlines Website

It used to be that your computer could become infected if you went to a pornographic or warez website (warez sites are where people can illegally obtain software cracks). While this is still true, “normal” websites can also be vulnerable these days.

The Laos Airlines website was hacked and some code was added at the bottom – malicious code that isn’t visible to the average person. If you were to visit their website (whether to look up travel information or to book a flight) your web browser will also try to load a web page (being hosted in China) that then will try to install malware onto your computer.

The airline itself was a victim, and now that it’s been discovered and made public they’ll no doubt fix it. It’s certainly no reason not to travel to Laos or to use their airline. And the fact that the malicious code was hosted in China is an indicator that a lot of (black hat)hackers are setting up shop over there (until recently Russia was their country of choice to hide their malicious activities).

A couple of tips to avoid being a victim of crimes like this:

  • Use alternative web browsers whenever possible. Use FireFox or Opera instead of Internet Explorer.
  • Use a good antivirus program that monitors web browsing, and that constantly updates itself (these are usually not free, and it’s well worth paying their fee to keep you safe).

And keep reading as much as possible about online security. Education can only help you.

Malicious Emails Targeting Financial Customers

There has been a rise in malicious emails (emails carrying malicious attachments) that are aimed at individuals. These emails are customised for the recipients with details such as their name and official title.

Two recent occurrences appear to be from the US Department of Justice, and from the Better Business Bureau. They have been sent to customers of financial institutions, indicating that email addresses were stolen and the information used to make the emails appear more convincing.

What makes these appear obviously malicious is that the first (from the US Department of Justice) carries an attachment with a file extension of .scr. These type of files are Windows screen savers, something that should immediately appear out of the ordinary. If you open the attachment it will install a trojan allowing malicious hackers to later take control of your computer.

The second one (from the Better Business Bureau) contains an infected PDF file. This is unfortunate because traditionally PDF files were considered safe from viruses, but lately it’s been proven that even PDF files can carry viruses and trojans. ( A PDF file is an attached document). Keep in mind that these emails have been tampered with to make them appear to be from the relevant senders. In fact they aren’t.

The best defence against these types of targeted attacks is to use a good antivirus program on your computer with the following features:

  • It must scan emails
  • It must be updated daily

It can be very difficult to pick out these malicious emails unless you have something scanning them for you.

These type of targeted email attacks have been increasing in frequency. Up to 10 new (unique) attacks have been discovered every day. This is a rather large number. Be very careful with suspicious looking emails.

Maxtor External Drives With A Free Virus

Some Maxtor external drives have been found to contain a virus. These are brand new units straight from the factory. The unit with this problem is a Maxtor Basics Personal Storage 3200, shipping between August 2007 and November. If you’ve recently purchased one of these you need to call Seagate’s technical support and quote the serial number on the drive.

2 New Skype Related Warnings

There are two new warnings related to Skype today. In each case it’s not Skype that’s the problem, it’s just related to their service.

1. Some people have received a warning saying “Security Center has detected malware on your computer“. If you click on the links provided you’ll get a message telling you malware was found on your computer. It then asks you to pay money for an alleged program to clean it. If you see this, ignore it. It didn’t really scan your computer for viruses, and the money they ask for won’t really go towards anything good.

2. Some Skype users have received a message about finding a lost girl. Again this is a hoax and if you click on the links provided a web site will attempt to install a virus on your computer. Ignore it.

More details can be found at Skype’s security site.

Beware of Yahoo550

550.jpgIf you see any links to yahoo550.com it’s a malware site that installs a trojan. The authors behind it are trying to trick people into thinking it’s one of Yahoo’s websites (Yahoo has a service called 360°). So ignore the fake 550 and take this as a reminder to have a good internet security program (one that checks websites as well as the traditional files and emails).

A New Way To Spread Viruses Using Google

This technique to spread viruses was only just discovered, and it’s clever.

Firstly it’s based on the assumption that people trust Google (which is a fair assumption since Google has done a lot to maintain good ethics and to help users avoid malware). So when people see a link to a Google site they would naturally assume it must be safe to click on.

Now someone sends you spam and in the body of the email is a link to Google’s website. The link is a clever trick that takes you to a gambling site containing a virus. How does it work?

On Google’s search engine there is a button called “I Feel Lucky“. This has been a distinctive feature of Google for many years and when you click on it, instead of showing you a page of results, it takes you directly to the first website. Now someone wishing to spread a virus just has to come up with some search terms that places their website at the top of Google’s results. Then they paste the link that created that search, with an option to take you straight to the “I Feel Lucky” link.

In short, it’s using a little known feature in Google to take you to someone else’s website, and the rest is reusing the usual spam and virus techniques.

For now this has been observed in spam emails and we should expect it to appear in other places such as websites, forum links, Facebook etc.

The best defence against this is to use a good antivirus package, one that checks webpages as well as the traditional virus checks.

It’s also good to pay attention to links before you click on them. Look out for things related to online gambling or pornography as these are the most common websites used to distribute malware.

And Google will most probably improve their systems to filter out exploits such as this one.

Sony SonicStage CP Vulnerability

Version 4.3 of Sony’s SonicStage CP program has a vulnerability (flaw) that can be exploited for malicious intent. The exploit comes in the form of a playlist received from an external party (website, untrusted friend, etc).

So if you’re using a Sony digital music player and this program on your computer don’t open any playlists you didn’t create yourself, until Sony releases a patch to fix it. Details here.

Downloading Codecs

Should you download new codecs when a website tells you to?

What’s a codec anyway?

Your computer needs video codecs to play videos. And like everything else there are quite a few different codecs to choose from. Your computer came with a set of the most popular codecs so you can watch videos, both online and from DVDs.

VHS Video TapeVHS Video TapeThere are some websites that encode their videos with unusual codecs then ask you to install a new codec to view it. In particular, some pornographic websites have been tricking people into downloading a new codec. Unfortunately in some cases the codec is a trojan that makes very dangerous changes to your computer (allowing attackers to redirect your web browser to wherever they want).

There’s been a reportof some websites tricking Mac users into installing a bad codec like the one mentioned above. In the past Macs have been considered more safe than Windows computers but as they become more popular they also become targets to malware such as this. This particular attack doesn’t work very well because it asks the user to carry out a number of steps. Over time attackers get more sophisticated so it’s best to learn about it as early as possible.

The lessons to be learnt here are:

  • Don’t install anything a website tells you to, unless you completely trust the person or company operating it. Even then you need to be certain of what you’re downloading.
  • No computer is safe from malicious attacks, no matter what the ads, salesmen or zealous enthusiasts say.
  • Pornographic websites are well known to carry malicious content like viruses and trojans.
  • Attackers are creative and always find new ways to distribute viruses

Harmful Websites

It seems Possibility Media’s websites have been hacked. There are a few interesting things to learn here. First have a look at the following screenshot:

Possibility Media
At the time of writing (28 Oct 2007) if you go to Google’s website and search for the term “possibility media” you’ll get the results shown above. Google found the correct website and if you look closely there’s a warning that “This site may harm your computer“. If you don’t notice this small writing and just click on the link Google will display a large warning spelling out the risks. This is a very nice security feature provided by Google. They use a 3rd party tool to analyse websites for malware and make it difficult for you to load a website that contains harmful code.

The other thing to note is that Possibility Media’s websites have been hacked and contain harmful code. It’s still unclear what damage this can do to your computer (it’s currently being investigated by antivirus companies). Some of their other websites that have also been hacked are:

  • webweekmag.com – Web Week Magazine
  • itweekmagazine.com – IT Week Magazine
  • technologyweekmag.com – Technology Week Magazine
  • theinternetstandardmag.com – The Internet Standard
  • securitystandardmag.com – Security Standard

Hopefully by the time you read this it would have been cleared up. The purpose of mentioning these websites is to point out that common websites that have completely legitimate businesses behind them are still vulnerable to malicious tampering and that it can affect pretty much everybody.

There are a couple of things you can do about this:

  • Use a good antivirus program on your computer. To be effective against this type of attack it needs to do something called “web filtering”.
  • Keep your antivirus software updated. This usually requires a paid (yearly) subscription.
  • Use an alternative web browser. I haven’t written about this yet but consider using either FireFox or Opera.