Recently, we’ve noticed that there are too many legitimate domains popping up in our url filters with malware. At first we thought we had a huge false-positive (FP) problem, but after analysis we found a pattern.
All of the referring links came from the Russian Odnoklassniki server, which is a quite-popular Russian social network. Users of that network are getting fake messages with links to photos.
As we have recently mentioned on our blog, October is National Cyber Security Awareness Month. And I’m sure we will post more to raise awareness of the risks you personally face, the risks to the institutions you do business with, and to the government itself.
Today, though, I want you to start to broaden your outlook on this issue. While you are getting acquainted with new threats like nation-state funded attacks, cyber-terrorism, and hactivism, I’d also ask you to look at some of the things our legislatures have been proposing in the name of cybersecurity. This includes early efforts to protect critical industry sectors our energy grid or banking systems against cyberattack, and requirements that we move beyond passwords when we access Web sites where we perform transactions or access personal data. As all these initiatives come with costs, none have universal support. But some cybersecurity proposals have generated more controversy than others, including: like the SOPA and PIPA bills that coddled the media industry by conflating digital piracy with cybersecurity and whose proposed remedies would have create a regime of censorship, or the federal development and control of a so-called “Internet Kill Switch“.
There will continue to be a lot going on here legislatively, and anything that changes the government’s role in the Internet will affect you as well. So let’s make also do our job as responsible, informed citizens. Let’s make October National Cybersecurity Policy Awareness Month. Let’s get educated, and involved.
I’ve kept a NETWORKWORLD.com article open in my web browser for the last 9 days, hoping to have time to read it. Today I finally did read it, and it’s worth sharing. And, it was actually short enough that I could’ve read it 9 days ago.
Among the largest data breaches you’ll find: credit card companies, government agencies, utility companies, universities, and hospitals.
Read more here, initial data courtesy of Identity Theft Resource Center: http://www.networkworld.com/slideshow/52525
If your organization needs great network security, take a look at our new line of avast! Endpoint Protection.
An estimated $465 billion will be spent this holiday season. A big chunk of a family’s expenses come from holiday travel. The American Automobile Association (AAA) projects that U.S. travel during the Christmas and New Year’s holiday weekends will increase 1.4 percent from 2010 to the highest level in five years. Cybercrooks create new travel scams and recycle tried-and-true ones to help relieve you of some holiday cash. Here’s a run-down on some popular travel scams, and what you can do to avoid them, while you prepare to visit Grandma or go skiing this Christmas.
Gasoline Rebate Card
Eighty-three million travelers will take to the open road rather than fly the friendly skies this holiday season, and they’re all looking for the cheapest gas station. The average nationwide price of regular gasoline has increased 6.2 percent to $3.264 a gallon this week, according to AAA data. Attractive offers for free gasoline vouchers and rebates are sent to mailboxes, email accounts and offered by telemarketers. The idea is that you activate your account on the phone or through online registration, sometimes pay a registration fee (red flag!), buy a certain amount of gas from a certain brand, then send in the receipts within a certain time, and supposedly get rewarded for following directions well with a gift card for free gasoline. Only it doesn’t work that way. Consumers never receive the gift cards and have willingly given away personal information. Read more…
The holiday season brings a flurry of email scams to inboxes everywhere. Be aware of these popular ones, so the CyberGrinches don’t steal your Christmas.
The six weeks between Thanksgiving and New Year’s is the traditional “giving season” in the United States. According to a recent holiday giving survey, the average holiday donation this year will be $281. People who give online said they would contribute even more, an average of $378, and scammers are out to get a portion of that. Read more…
Black Friday, the day after Thanksgiving and the busiest shopping day of the year, starts at midnight November 25th with mega-sales running throughout the weekend. Cyber Monday, the online retail equivalent to Black Friday, is the time when many consumers, who didn’t want to fight the crowds over Thanksgiving weekend or failed to find what they were looking for, shop online that Monday from home or work.
“For our US friends especially, this weekend is when retailers, offline and online, offer the best deals of the year,” said Jindrich Kubec, senior virus analyst at the AVAST Virus Lab. “It’s also when cybercriminals become hyperactive with scams and fraudulent offers.”
Our original blog entry about an malicious version of an IncorporateApps Android application called “Walk and Text” generated some very contentious comments from the author/distributor/publisher of the legitimate application. So, we decided to rewrite the posting to make things a bit clearer:
One of our analysts received (from one of their friends) the SMS that you see down below. We thought it was intriguing and we decided to investigate. We found the infected “Walk and Text” application on the internet (it is not of course on the official Google marketplace) and tore it apart.
We initially thought it was just a classic Android Trojan. Since the bad guys do like to hide viruses/Trojans inside pirated applications, this seemed a very reasonable explanation. The application was also signed but with a profane signature and thus there was no way it would ever be published on a legitimate marketplace. It did two things. First, it sent the above-mentioned SMS to the contacts in the user’s Android phone contact book.
Last few years can be called a “social networking era”. Just remember the rise ups (and depressions) of myspace.com, linked.in etc. These networks are now completely shadowed by FaceBook and Twitter. Even when myspace and similar networks are not that widespread today, they were at the beginning of all. It becomes more and more usual to identify a real ego with social network profile. That’s not too dangerous in its basis, but there’s a big problem – people completely loose a sense for their privacy on internet. This is not an attitude against social networks, it’s only a thought about dangerous habits appearing with the social networking phenomenon. The risk is not the existence of social networks, the risk is how people behave there.
I ran across an interesting article the other day that questions whether a user can rely upon free anti-virus: http://tech.blorge.com/Structure:%20/2009/07/04/symantec-its-dangerous-to-rely-on-free-antivirus/. The source of the quotes in the article is of course one of the big paid anti-virus companies. And it erroneously concludes that free products cannot be trusted, are not sufficient, etc. But then again why should a firm that makes a billion dollars a year off of paid anti-virus conclude that a free anti-virus product is good…..
The article does make very good points about what is needed in a security product. Its only error is in concluding that a free product does not provide these capabilities. So, here are the points the article makes and why they are wrong (at least for avast): Read more…