Year: 2009

Facebook and Twitter Phishing going on today!

Paul

According to Techcrunch we have one phishing site ground around peoples inboxes on facebook with it say “Check areps.at”.  You go to the site and you will think your at the facebook login but your not.  I wouldn’t suggest going to any of these sites, it has been reported by Phishtank.

[ad]Some of the sites to avoid today are : “nutpic.at, bests.at, areps.at, kirgo.at” each site will make you think your at facebook but this is what most will call a [intlink id=”3419″ type=”post”]Phishing scam[/intlink].  Some other things to avoid are some Twitter phshing going on today as well.

According to Trend Micro there is one where the url looks like it is a twitter url but isn’t (tvviter[dot]com).  The site is what people would call a typosquatting site.   This makes people think they are on twitter but aren’t.   If you go to these to sites and have given out your passowrd, it is strongly recommended that your reset them:

Facebook password reset page

Twitter password Reset Page

If you would like to know more about what phsihing is please check out my blog for more information.  Don’t forget to check out the forums for more information on this or just to talk about anything on your mind.

*Some reports I am seeing is some of these sites might be trying to get you to install the [intlink id=”2249″ type=”post”]Koobface virus [/intlink]so please be careful, will update when I find out more.*

Spyware : Michelle Obama’s Ta’s Ta’s Video

Paul1 Reply

I love this one, I was reading the Sans Report about Michelle Obama Ta’s Ta’s on Video.  I wanted to investigate this a little further so I went searching around.  I found some comment spam links to a site I will not talk about the links directly.  The site however had a fake video on it :

michelleobamatoplessfake

It looks like if you hit Cancel or Details it keeps trying to tell you need to install an ActiveX Object.   It also makes the user think that there is only one option to use right now.   As you can tell  it makes you think you can’t cancel or get details but I did.  I tried to cancel and it kept on popping up trying to get you to install this active X installer.   AVG detects it as:

michelleobamatoplessfake1

[ad]This proves the fact that any Anti-virus software is better than nothing at all.   I also  have talked in the past about [intlink id=”2991″ type=”post”]fake codecs and how they are used maliciously[/intlink] to spread malware to people who aren’t up to the job.   I didn’t take long to find Phrases such as “Michelle Obama Topless” or “Michelle Obama Topless Video” to find spam comments linking to sites that are hosting these types of malware.  It seemed that in order to get out of the cycle with the Malware site, I had to do a CLT-ALT-DELETE and End the process of Internet Explorer process from Task manager.  It was an infinite loop and could not be closed any other way.  upon trying to go the link again it seems to be a random redirection every time you visit that site the next time I went there, I had a scare message pop up telling me:

michelleobamatoplessfake2

As you can tell this [intlink id=”3397″ type=”post”]pops up with scareware[/intlink] instead of the video and tries to tell you have a virus and you should run a free scan from the site of their choice.   This is an old tactic and still being used but funny if you look at that message one you know it is from a “Webpage” and two there are at least one grammar error?  Can you see it?

You’re best bet is not to go clicking on links that people have left in comments.   I am so glad I have moderation turned on and I have to approve each and every post someone comments on.   This is the only way I know how to prevent from being used in the spam campaign.  Remember it is time to update your [intlink id=”2205″ type=”page”]Anti-virus and Firewall [/intlink]if you don’t already have it.  Don’t forget to visit the Forums and help discuss this problem in detail.

MobileMe Who me? Could this be Phishing?

Paul
Photo By : Richard Thomas
Photo By : Richard Thomas

MobileMe one of Apples latest software packages, recently started getting emails claiming they need to update their credit card information.

 

It seems that along with Twitter, Facebook, and PayPal Phishing are on the rise. I know this was going to happen do to the fact of the recession. I’ve seen more and more attempts to send people to the Canadian Pharmacy and to sell you drugs that I wouldn’t recommend buying it online.

 

Some things I am wondering is when will Apple release they are having to protect their consumers from these types of attacks? I’ve talked about the Apple Botnets and how they will become more and more prevalent due to the fact users think they can never get a virus. See the Apple Ads in 2007 to prove my point.

 

So let’s talk about online safety, and help those who might need help. Some of my thoughts to help keep the Apple People happy are:

 

  • [ad]Don’t go Downloading Illegal stuff – This is mostly how they malware authors are getting Mac users to install malicious software. You think you downloading the I-Life 09 but are really installing a virus.

  • Don’t click links in Email – This is so tempting because it easier to just click and have it open up automatically but most of the time if you click a link that says it is going to http://www.apple.com/support (That is how they fool you).

  • Don’t give out your email on twitter – This is also something you should follow more and more, because you don’t want to get a virus or spam from making your email public. There are ways to see your deleted twitter message so that isn’t going to be hard to find those emails.

  • It’s time to install Macintosh Anti-virus software – Yes you heard me, I know there are a few Mac Anti-virus software’s out there. You should also make sure to keep that up to date.

Now is when Apple should start suggesting security, but they have stopped recommending it for so long. The Malware authors are getting restless with anticipation. I can only guess what they will try next but it will happen. Sooner or later you will get a virus so bad that Apple will start recommending it on there site. When that day comes, I’ll be so happy because that means Apple software isn’t that bad. I just hope Apple realizes it before it’s too late. They’ve had so much Apple don’t Virus propaganda thrown at it’s consumers it is no wonder they aren’t worried about Security.

Free Anonymous Browsing with Opera-Tor

Paul

2588641284_603490d6d1_m Photo by Philip Chapman-Bell

Anonymous browsing is something of huge interest to the Internet users, who are very particular about their online privacy and security. There may be many reasons and situations, when you might be interested in using internet anonymously; for instance, you may be working on a public place and do not want to leave the traces or you may not like your family members or office colleagues to know what you have been doing online. Whatever be the reason, but still, it is an area, where a lot research is to be done.

 

How Anonymous Browsers Operate?

At present there are two dominant techniques used by various anonymous browsing tools. One is the use of JAP Networks, which was used hugely used earlier but later it ran into controversies after a backdoor had to be put into the product to allow interception of child pornographers on insistence of German Police.

 

The second technique is the use of Tor (The Onion Ring), which only allows anonymous browsing but also facilitates other applications like anonymous P2P, email, IM, and IRC chat. This technique is dominantly used in present day anonymous browsing tools.

 

Operator – A useful anonymous browser

 

OperaTor is small and relatively fast anonymous web browser, which combines the browsing platform of Opera, with privacy provided by Tor engines and the speed of browsing provided by Polipo.

 

You can download this 7MB application in your USB drive and carry it whenever you need to use a public computer for anonymous surfing.

 

In my testing, I was pleasantly surprised with the speed of browsing, which I was getting with this little tool. I had earlier used XBBrowser for anonymous browsing, but it was too slow, as compared to Operator. In fact, there was hardly any noticeable difference in the browsing speed as compared to my normal Opera browser. This is because of Polipo, the small caching web proxy, that comes bundled with Opera-Tor.

 

Since Operator allows only http and https protocols in anonymous mode, you should avoid Javascripts and Opera’s IRC functions running through it.

 

Some people complain that it has not yet released the source code of itself. But my view is that unless you are hard-core programmer and really need to tweak the source code, why should you worry about that. After all, trusted networks like CNet says OperaTor has been tested spyware free and Softpedia gave OperaTor its 100% Clean award. Major antivirus vendors, like GData, Kaspersky, McAfee and Microsoft, confirm that OperaTor contains no malicious software.

 

Overall, one of the best applications for anonymous browsing available today.

[This is a guest post by Silki Garg. She advises on how to eliminate spyware, online threats and malware detection, on her Internet Security Blog. A visit to her Blog is highly recommended. You’re sure to find something of interest.]

 

 

JSRedir-R/Gumblar The underlying problem!!

Paul

Some people have made comments about there website being hosted to Malware injection into there site.  I’ve been seing a Lot of talk about JSRedir-R/Gumblar found to be the biggest malware threat on the Web.  They estimate that it is 42% of infected websites to be carrying this malware threat, last week.  I have heard some think it is weak login creditals.

[ad]See the Graph from Sophos about the percentage.  I also wanted to tell people how to identify if you have the infection or not.  This is very important to check because people are letting this Malware spread and all.  

I on the other hand think the way this is spreading is a Cross Site Scripting vulnerability for these websites but there are a few websites that do keep your login cache on your system.   I would recommend if your a web site owner to have your cache deleted everytime you exit your web browser.   This should in theory help prevent Cross Site scripting and Website owners should also either buy [intlink id=”2205″ type=”page”]Anti-virus and Firewall software or install the Free version[/intlink] to better protect your website.

Just like the[intlink id=”3308″ type=”post”]Twitter Cross Site Scripting tom foolery [/intlink]this is my theory on how websites are being injected with this malware.   It is however just a theory.  I was never logged into my account on twitter through my web browser when this happened and that is what kept me from spreading it to my Twitter users.   You should also consider always logging off your web site when your done doing what you do!   Just my thoughts on the matter,  Remember only you can prevent from getting a Virus.