Ransomware

Ransomware is a very large problem these days. It happens when someone tricks you into downloading and running some code (like in an attachment). Usually the email or website will tell you something scary (like you’ve been fined for something you didn’t do), or promise to show you a funny or interesting video.

The downloaded software immediately encrypts your documents with a secret password, and a message asks you to pay money to receive the password to unlock your files.

Apparently many people pay the ransom, totalling about $18 million in 2016. That’s crazy. If this happens to you please don’t pay. Don’t encourage this kind of crime. You have other options.

Firstly, keep a backup of all your documents. This is the most useful thing you can do today. You have so many good options for backups, including some good cloud storage services. If anything happens to your files you can just restore the backups instead of paying huge amounts of money.

Next, if you are affected by ransomware there are many free tools to decrypt your files without paying. Begin by going to this website:

https://www.nomoreransom.org/

This website is run by some very good security companies: Europol, the Dutch National Police, Intel Security, Kaspersky Lab, Bitdefender, Check Point, Emsisoft and Trend Micro. So you can trust their advice.

Google vs Bing

A company called AV Test has been testing Google and Bing, and has found that Google is better with filtering out dangerous websites.

They tested 10.9 million searches on both search engines and found that:

  • Google included 272 websites that were infected with malware
  • Bing included 1285 websites that were infected with malware

This is bad. If you’re searching for something, both Google and Bing test every website and hide any website that have been infected. This protects you from clicking on a website with malware. They found that Google is better at filtering infected sites. So if you want the best security possible, do your searches in Google. Full details here.

Other tips I can add are:

  • Use Google’s Chrome browser. It’s fairly good at blocking malware and resisting hacks
  • Keep your computer updates (e.g. run Windows Update frequently)
  • use a good antivirus program
  • be cautious what you click on
  • don’t believe everything you read in Facebook, emails, Twitter, etc

 

Facebook Apps

As Facebook continues to grow and become a larger part of everyone’s lives, security and privacy concerns have become more important than ever. So a company called Secure.Me has stepped in with a tool to warn you about privacy issues, called App Advisor.

Facebook allows 3rd party “apps” to use your data for various things. Like collecting your friends’ birthdays to remind you of them, or sharing your game updates with everyone. But it’s not always clear what personal information is collected or shared. Secure.Me’s new App Advisor tool tells you, in plain English.

It comes out on Wednesday and installs as a browser plugin. It supports Firefox, Chrome, and Safari. (If you’re still using IE I highly recommend installing Chrome).

How does Secure.Met App Advisor work?

It starts working when you load Facebook on your PC (so it won’t work on your iPhone). It then notices what Facebook Apps you’ve added to your account. This part is great, because most people don’t know what Facebook Apps they’ve added, or won’t remember what they added 2 years ago.

Then it looks up each app in their database, and tells you what they know about the app.

I think it’s brilliant. It gives you independent advice about Facebook apps, when you need it, and without having to really do anything.

When it launches on Wednesday I’ll update this post with more information.

MS-CHAPv2 Can Be Cracked

This post is a bit technical and isn’t for everyone. I still want to include it in Fraudo.com because it could help someone, someday.

MS-CHAP v2 is an authentication protocol used to secure VPNs and some wireless networks. It’s commonly used with PPTP VPNs and sometimes with WPA2 wireless networks. For the past few years it was considered secure as long as it’s used with a strong password (a complicated password).

Today some researchers at a security conference demonstrated how to crack it in one day. They demonstrated that they can decrypt all data sent across the VPN or over WiFi.

So if you’re setting up a network and come across the MS-CHAP v2 setting, remember that as of today it’s no longer secure. It’s not even slightly secure, or better than nothing. If someone wants to view your encrypted VPN or WiFi traffic and you use MS-CHAP v2 then they can, with very little effort. Full details on cracking MS-CHAP v2 are here.

VirusBarrier: Antivirus for iPhones

A French security company called Intego has released the first antivirus app for iPhones, called VirusBarrier. This is news because so far iPhones have not needed antivirus programs, there are currently no viruses on iPhones. Here’s a breakdown of what VirusBarrier is:

What VirusBarrier does:

  • it can scan email attachments – but it’s not automatic, you need to go into VirusBarrier and tell it which email attachment to scan (and only one at a time)
  • it can scan files on DropBox

What VirusBarrier does not do:

  • it does not scan all files or apps on the iPhone. It can’t because of Apple’s sandbox model.
  • it does not do automatic scans
  • it does not do scheduled scans
  • it does not scan apps
So overall it seems more of a publicity stunt, it’s not something I’d spend $2.99 on.

Passwords Compromised on JIRA, Bugzilla & Confluence

If you are a user of the Apache hosted JIRA, Bugzilla, or Confluence, a hashed copy of your password has been compromised. There was a targeted attack on these systems on the 9th April 2010.

These are services used by developers, most “normal” people would not have accounts on these services. If you do use these services please read the full incident report here.

Facebook Un Named App

Here’s a combined hoax and malware. Let’s start from the beginning.

People have been posting notes on Facebook about something called “un named app”. It tells you to remove something from Facebook. It’s a hoax. Don’t believe what it says, don’t follow the instructions, and don’t pass it on.

Below are some quotes of the hoax:

ALERT >>>>> Has your facebook been running slow lately? Go to “Settings” and select “application settings”, change the dropdown box to “added to profile”. If you see one in there called “un named app” delete it… It’s an internal spybot. Pass it on

this is real.. i checked and found this app and deleted it… hopefully, my facebook will run better now.

Cannot believe how much quicker mine is running after doing this….

I don’t have this app on my Facebook account but if you do, don’t worry. It’s a normal part of Facebook and you shouldn’t delete it.

Now the second part of this hoax is a real trojan. If you go to Google and search for “facebook unnamed app” you’ll see quite a few results. Some of these results are fake antivirus programs.

A fake antivirus program is actually a trojan. It pretends to scan your PC and quietly installs malware in the background. It goes under the name of Security Tool, it has a fancy detection screen and everything. But it’s definitely bad.

The rule of thumb is that if a web page tells you that your PC might be infected, don’t trust it. Go and get your own antivirus program, not something that pops up on your screen (see here for a good free antivirus program).

There’s a lot to learn here. Basically, be careful who you trust. These days scammers have to trick you into installing malware and they’re good at it (it’s called social engineering).

IE6

Internet Explorer 6 is still used in many large organisations. It’s because large organisations invest heavily in technology then expect to keep using it for many years to increase their returns on investment. Usually their internal programs won’t work on newer browsers, and it’s a major task to upgrade them.

But Internet Explorer 6 (IE6) is quite old and very vulnerable to being hacked. It’s so vulnerable that it’s the main (technical) cause of the recent hack attack by China against Google (read here). In short, it seems that the Chinese government (or agents working on their behalf) hacked certain people’s Google accounts. They were able to do this because these people weren’t using the latest version of Internet Explorer.

So any organisation that refuses to upgrade to the latest version of Internet Explorer is also at risk.

Microsoft have made an official statement that IE6 is vulnerable and they want everyone to upgrade to the latest version.

Update: The Australian Government has also asked people to stop using IE6.

Update 2: Microsoft has made a patch available to all IE6 users to fix the problem. Download it from here.