Posts Tagged ‘malware’

McAfee has released its annual report on the “Most Dangerous Celebrities in Cyberspace”, outlining how risky the names of Hollywood stars and starlets are on the web. You may be surprised to know, for example, that searching for Barack Obama is less dangerous than celebrities such as Jessica Biel and Beyonce! I say surprised because all the hype and news reporting that surrounded the election and the economic crises focused on the riskiness of the President’s name in malware attacks.

This report looks at the searches of a celebrity figure and how many of those searches land on a website that’s tested positive for online threats such as viruses, spyware, adware, spam, phishing or other malware.

Jessica Biel was named as the Most Dangerous Celebrity in Cyberspace, with searches for “Jessica Biel”, “Jessica Biel downloads”, “Jessica Biel wallpaper”, or “Jessica Biel photos” having a one in five chance of landing on an unsafe website.

The top 10 most dangerous celebrities online are:

1. Jessica Biel
2. Beyonce (for second year)
3. Jennifer Aniston
4. Tom Brady
5. Jessica Simpson
6. Gisele Bundchen
7. Miley Cyrus
8. Megan Fox, Angelina Jolie
9. Ashley Tisdale
10. Brad Pitt

You can read details of the celebrities and why they’re risky here.

Image: Clipart

Symantec recently released a ranking of which countries are responsible for most of the world’s cybercrime. Countries with high rates of high-speed Internet connections rank the highest on the list, as we’d expect, with the top 3 countries being the US, China and Germany.

Symantec put together this list by looking at malicious code, spam zombies, number of websites hosting phishing sites, number of bot-infected computers controlled by criminals, and country of attack initiation. The study investigated data for 2008 to come up with this list.

Top 10 Countries with Most Cybercrime

1. United States - 23% share of malicious computer activity
2. China - 9% share of malicious computer activity
3. Germany - 6% share of malicious computer activity
4. Britain - 5% share of malicious computer activity
5.  Brazil – 4% share of malicious computer activity
6. Spain - 4% share of malicious computer activity
7. Italy - 3% share of malicious computer activity
8. France - 3% share of malicious computer activity
9. Turkey - 3% share of malicious computer activity
10. Poland – 3% share of malicious computer activity

As you can see, the US accounts for some 23% of the world’s malicious computer activity. That’s a big jump from those countries ranked lower on the list, with the US leading the way on nearly all of the malicious activities tracked by Symantec.

If you download the latest Spam Intelligence report, which looks at spam in the second quarter of 2009, you’ll see that overall levels of spam are on the rise. Malicious websites are also on the rise, with 67% more malicious websites blocked per day in June vs May of this year.

Via businessweek / Image: ppdigital @morguefile

Three new reports on malware caught my attention today. The first report is out of Google’s Postini division, which indicates that spam has risen to levels not seen since before the McColo incident, the biggest takedown on record. As seen here, the 7-day average spam record at the end of March returned to the pre-November, 2008 levels:

Viruses in email attachments made a come-back, with emails becoming even more geographically customized to increase the click rates. The economy, financial markets, job cuts, and resume help are the most prominent topics spammers use.

The second study from Symantec indicates that the number of websites spreading malicious programs tripled in the last month, reaching the highest levels since June 2008. Almost 3,000 potentially harmful websites are being intercepted daily, with nearly that same number of new websites harboring malware each day.

The last study, out of PandaLabs, indicates that 1.1% of the worldwide population of Internet users has been actively exposed to identity theft malware, with that rate increasing very quickly through 2009. This study, based on 67 million computers worldwide, also showed that only 25% of infected PCs had up-to-date antivirus software.

As a reality check, researchers in Canada uncovered an electronic spying operation that had infiltrated computers from government and private offices around the world. Read more here.

Infection from the “VideoPlay” adware has been on the rise, just one indication that social media is being targeted for malware attacks. This particular adware, which is spread through malicious posts and comments on sites like Digg and YouTube, went up 400% from January to February.

What is adware? “Any software package which automatically plays, displays, or downloads advertisements to a computer after the software is installed on it or while the application is being used.” – Wikipedia

The VideoPlay adware is a worm that aims to steal login information as well as any other information stored in a user’s browser – such as passwords. The worm can then use stolen access, such as that for social networking sites, to leave more malicious comments.

On Digg.com, the VideoPlay adware was left in comments. The comment would contain a link to a celebrity video, many of which prey upon videos already popular, or a pornographic video. However, the link would prompt users to download a codec to view the video file – this would contain the adware. The comments are being left via an automated script with more than 500,000 malicious comments tracked, according to SC Magazine.

The YouTube hosting of the VideoPlay adware is occurring through the Annotations feature to point to a URL left in the video information box. The malware is not as prevalent on YouTube yet, but it’s only time before more attacks of this sort begin to spread through social media sites.

The increase in the infection rate of the worm indicates that the adware strategy is working. Be wary when clicking links and don’t fall for strategies that require you to install new ’software’ to view any videos.

The Conficker worm continues to cause mass anxiety. Microsoft is offering a $250k reward for information about the cybercriminal and the industry is banding together to try to stop the spread of the worm that has infected 2-10 million PCs.

So far, the infected computers haven’t been used for malicious activity, but analysts think it’s only time before that happens. This could be the first stage to a larger attack – a single algorithm can tell Conficker-infected systems to contact domain names and be used to download malicious software.

“This worm would be a marvelous tool in hands of whoever can control it, but the real harm from it has yet to be felt, and we’re trying to postpone that day.” – Paul Vixie, founder of Internet Systems Consortium

Security researchers are working to register as many of the domains as possible that are being sought by Conficker in an attempt to prevent them from hosting malicious software. For those registered by others, the registrant information is being investigated for any ties to the cybercriminals behind this worm. In order to handle the scale of this attack, and future attacks, the industry has had to band together to co-ordinate efforts with governments around the world. For example, for the first time ever, domain name registrars have agreed to shelve Conficker domains, preventing them from being purchased.

There’s also a new Conficker B++ variant which may be a response to blocked ability to register many Conficker domains. We suggest doing what you can to update your systems (see the latest Microsoft Security Advisory) to prevent your PC from being at risk.

And while on the topic of malware, Roger Grimes writes that the only malware cure is to start from scratch.
You may also want to read Bruce Schneier’s analysis of Conficker and how it’s spreading.

Image; wax115 @ morguefile

It was only a matter of time before malware targeted to the Mac OSX became more aggressive. Last month, the first “major” malware threat to the Mac was discovered.

The iWork09 Trojan, which is disguised as pirated software, is the first sophisticated malware threat for the Mac platform. It contains peer to peer-like characteristics and is downloaded as part of a pirated iWork installation. Upon installation, the malware will create malicious files and will modify certain files to enable remote commands to be executed on the computer.

As of January 22nd, more than 20,000 people had downloaded the malware installer bundled into a functional version of iWork. Since the Trojan is not self-replicating (it’s not a virus), it may not have infected all of those computers. The program requires users to run the installer, which they may not fall for. This is in contrast to the Conficker worm that infected more than 3 million PCs in less than a week (now believed to be around 9 million).

Definitions

Malware: software designed to infiltrate or damage a computer system without the owner’s informed consent. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software. – Wikipedia

Virus: a computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user. – Wikipedia

Trojan: a form of malware that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine – Wikipedia

Since the announcement of this sophisticated new Mac Trojan, McAfee reports in increase in reports about new Mac Trojans. Checking around, I found a report of a variant of the iWork Trojan that was being bundled with a pirated version of Adobe Photoshop CS4 this week.

As it has been with PCs for a long time, it’s “user beware” when it comes to downloading and installing pirated software. Instructions for removing the malware can be found here.

Some authors, including Daniel Eran Dilger, warn Mac users against jumping out to get anti-virus software, which would not help in this case (the Trojan is not a virus and no successful Mac virus has been created, to date). The article deals with the issue of Mac viruses in depth and is worth a read in order to educate yourself against the pros and cons of anti-virus software for the Mac.

Via Avert Labs, Register, eweek

This week McAfee released the 2009 Threat Predictionsreport and VARBusiness released its interpretation of the 10 Security Predictions for 2009.Both reports indicate that cyber criminals are exploiting the current economic situation to create new scams of various sources.

McAfee senior vice president Jeff Green notes:

“Computer users face a dangerous one-two punch today. The current economic crisis is delivering a blow to our financial well-being, while malware authors are taking advantage of our distraction to deliver a roundhouse strike.”

McAfee Threat Predictions for 2009:

1. Threats Hide in the Cloud - Threats that take advantage of Web 2.0 will replace traditional delivery methods
2. Personalized Threats Speak Your Language – Using single-use binary files that create a sea of threats; other threats include difersifying malware into non-English languages.
3. Malware Targets Consumer Devices - USB sticks and flash-memory devices
4. The Rogue Web and Malvertising – using mainstream practices to “sell” software that is misleading or fraudulent.
5. McColo: The Effects of a Takedown – Spam went down 60% after this host was taken down, so we may see more of a collaborative effort to take down these cyber criminals.

Download the report here [PDF].

VARBusiness 10 Security Predictions For 2009:

1. Malware Grows Up - Web 2.0 apps being targeted, with malware harder to track. Malicious code will be written with more variants.
2. Bad Economy Spurs More Scams – More legitimate-looking phishing attacks targeted with a banking angle
3. Let’s Socialize – Social networking sites will be impersonated or contacts spoofed
4. This Time It’s Premeditated - working harder at large-scale attacks
5. Unified Security Is the Way to Go - Efficiency and affordability will be the name of the game in 2009.
6. Rise Of The Underworld – The cyber crime underworld will continue to evolve and become more organized
7. You Left That Door Open – Disgruntled workers being laid off during the economic crunch may try to take data
8. Data Breach Bonanzas – Credit-card companies are imposing more stringent regulations on businesses as credit card data becomes more highly targeted by criminals
9. Got Game?- Cyber crime in online gaming
10. Weather Forecast: Cloud Computing – Trends to outsource security tasks

Continue reading the report here.

Who Breached: Heartland Payment Systems
Number Affected: As many as 100 Million+
Information breached: Credit Card Data
How: Network compromised

In a breach to rival those of TJX (~45 – 94 million) in the US and HMRC (25 million) in the UK, Heartland Payment Systems announced on January 20th that they have uncovered malicious software in their processing system. Cyber criminals gained access to their network and to the 100 million credit card transactions it handles each month.

Although no merchant information or Social Security Numbers were compromised, data that was improperly accessed included the information on a card’s magnetic strip (card number, expiration date, bank codes), which could be used to duplicate the cards. Heartland says that it cannot estimate the number of records that may have been accessed.

Avivah Litan, analyst at Gartner, calls the Heartland Payment Systems breach the “largest card-data breach ever“. Heartland’s president says it’s too early for such a “speculative” statement.

Heartland has set up a breach website with a statement of the incident:

“After being alerted by Visa® and MasterCard® of suspicious activity surrounding processed card transactions, Heartland enlisted the help of several forensic auditors to conduct a thorough investigation into the matter. Last week, the investigation uncovered malicious software that compromised data that crossed Heartland’s network.”

At the time of this breach, Heartland did not have real-time monitoring of network activities that would have detected the access. The company recommends that customers examine their monthly statements closely and to report any suspicious activity.

Earlier this month, CheckFree Corporation also notified more than 5 million customers that criminals took control of several of their domains and redirected customers to malicious websites.

Via FOX, Computerworld, WSJ

Microsoft issued a warning about malware authors taking advantage of Inauguration Day by creating fake Obama websites to host the Waledec Trojan.

Barack Obama’s name has been used by an increasing number of malware authors and spammers since he ran for the Presidency, with a whole new spate of social engineering tactics coming out for Inauguration Day.

As the Microsoft Malware blog shows, these cybercriminals have set up fake sites that mimic the official Barack Obama website, barackobama.com

As with any email you get from unknown sources, one of the tips you can use to make sure you don’t end up on a fake website is to not click the links. Instead, go to your browser and type in the URL. Although real websites can be taken over to host malware, this way you are avoiding the social engineering tactics that attempt to catch you in your inbox.

Microsoft offers information on what to look for in fake websites, including URLs that include the words “direct”, “online” or “great”, and images such as these.

For those of you who have been eagerly awaiting Obama’s Inauguration, I suggest you also take a look at the changes now visible on Whitehouse.gov. The nicest that website has ever looked! The transition was captured by CNet, along with the brief bugs apparent during the transition progress.

According to (via Computerworld) F-Secure, more than 3.5 million PCs were infected with a new worm that exploits a months-old Windows bug in a matter of days. The “Downadup” or “Conficker” worm gives over full control of the infected machines enabling opportunities for a large botnet, for example. Right now the worm tries to scam users into buying fake security software (ironic, right?) with pop-up messages.

The Windows bug, which can be fixed by this security update, exploits a bug in the Windows Server service used on Windows 2000, XP, Vista, Server 2003 and Server 2008. The number of estimated computers infected, as of January 14th, was 3,521,230. That was up more than 1.1 million in just the 24 hours previous.

Windows recommends installing the update and running the software removal tool. The fact that so many computers were infected with this worm though the patch was available since October shows just how few people keep their software updated. This is a basic tenet of security for both individuals and companies.

So, is your software up to date? Why not run a check?
If you’re a Computrace customer, run a report to make sure that your machines have the most up-to-date patches.

And getting a lot of buzz – that Paris Hilton’s nearly defunct website was hacked to host malware, probably for quite some time.

Image; wax115 @ morguefile