Earlier this week, a new variant of the Dorkbot/Ruskill malware attacked users of the Skype video calling service. This malware can affect a huge amount of sites and online services and can attack almost all known web browsers such as Internet Explorer, Firefox, Chrome, Opera, Flock and other programs such as MSN, wlcomm.exe etc.
The avast! VirusLab analyzed this malware, which you can read about in articles published on the web, but none analyzed the new module that can hijack Skype messenger which is now the bigger threat to users. This module has a packed form around 70KB. After the removal of the custom packer / loader the pure size is 16 384b. The module is very small but includes 31 known language versions of phishing messages that appear in the Skype messenger window. This localization is based on OS language via GetLocaleInfo API. After bypass return value you can see different language mutations.
Sample of phishing messages in various languages:
- lol is this your new profile pic?
- hey é essa sua foto de perfil? rsrsrsrsrsrsrs
- hej je to vasa nova slika profila?
- hey c’est votre nouvelle photo de profil?
- ?hey esta es tu nueva foto de perfil?
- hey ini foto profil?
- hei er dette din nye profil bilde?
- hej to jest twój nowy obraz profil?
- hey ito sa iyong larawan sa profile?
- ?aquesta és la teva nova foto de perfil?
- hej detta är din nya profilbild?
- hej jeli ovo vasa nova profil skila?
- hey la anh tieucua ban?
- sa k’vo profili lusankary
- hey e la tua immagine del profilo nuovo? Read more…
Question of the Week: I hear so much on the news about identify theft, scams and fake emails. How does a regular person with limited computer skills protect themselves?
Cybercriminals use a variety of tactics which can cause major inconvenience and hassle in your life – identity theft, financial fraud, stalking, bullying, hacking, email spoofing, information piracy and forgery, intellectual property crime, and more.
Many cybercrimes start with malware—short for “malicious software.” Malware is considered an annoying or hostile type of software intended for secretly accessing a computer without your knowledge or consent. It includes Trojans, worms, viruses, spyware, most rootkits, and other such unwanted intruders. Malware can be used to monitor your online activity, cause your device to crash damaging hardware, software or data in the process, and it can spread through networks of machines to infect others.
Where does malware come from?
Malware is most commonly delivered through the internet and by email messages. There are so many varieties that it can also come in through hacked webpages, game demos, music files, toolbars, software, free subscriptions, and other things you download from the web. Read more…
Good question. Every time you plug an unknown flash drive into your computer, you’re taking a risk because a USB drive can spread malware along with the data, as well as attract it. Have you ever heard “My flashdrive ate my homework” as an excuse? It could happen. Here’s how avast! can help.
Avast! Antivirus comes with a number of pre-defined scans installed including the ability to scan any removable storage device that is connected to your computer, such as USB flash drives, external hard drives, etc. It will scan the drive to detect potential “auto-run” programs that may try to launch when the device is connected.
To carry out a manual scan of “Removable media,” select the “Scan computer” tab in the avast! user display. This will open the “Scan Now” screen as shown in the screenshot.
A “Quick scan” will perform a scan of the C:\drive on your computer, which is normally sufficient to detect the majority of malware. Only files with “dangerous” extensions are scanned, for example, “exe”, “com”, “bat,” etc. Only those areas at the beginning and end of a file, where infections are normally found, are tested.
A “Full System Scan” performs a detailed scan of all your computer’s hard disks. Avast! looks inside every file to determine what type of file it is and whether it should be scanned. The whole file is tested, which is useful if you suspect you have an infection which was not detected by the quick scan.
If you want to scan a specific folder or multiple folders, “Select folder to scan.”
To run one of the pre-defined scans, just click “Start.”
While we were researching the websites currently serving the new Microsoft Internet Explorer (IE) zero-day threat, we found that the new attack is being piggybacked on a slightly older attack aimed on industrial companies’ websites.
The hacked legitimate websites contain on their main pages a hidden iframe.
It was brought to our attention by this thorough Eric Romang article that a new zero-day exploit (an exploit actively used by cybercriminals in the wild) targets a bug in Microsoft’s Internet Explorer (IE) 7 & 8, and with some help from Java, it could be also exploited on IE 9, as confirmed by the Metasploit firm. At this time, as there is yet no patch from Microsoft, what can you do?
A single phishing campaign can send millions of emails to consumers in an attempt to part them from their money. Hundreds of phishing websites are established online every day, designed to lure consumers to give up personal information. And it appears that there is no slow-down among the hardworking cybercrooks because the number of phishing attacks targeted at consumers remain high, reports The Anti-Phishing Working Group, an organization that tracks and reports phishing occurrences.
Social engineering and technical trickery are the cornerstones of phishing whose goal is to steal consumers’ personal identity data and financial account credentials. Spoofed emails that appear to be from legitimate businesses, lead consumers to fake websites, which can look the same as the real thing, tricking them into divulging data such as usernames and passwords. Cybercrooks can also use technical tricks to install specially designed malware onto PCs in order to capture online account user names and passwords and misdirect consumers to counterfeit websites.
Among industries, financial services are targeted by phishers more than any other. Cybercrooks have a new variation that cons financial advisers into wiring cash out of their clients’ online investment accounts. USA Today reports that, “Cybercriminals have discovered that investors now routinely rely on email to authorize personal advisers to execute financial transactions. Search engines and social networks have made finding and profiling potential victims, and their advisers, easy.”
How can you protect yourself against phishing?
The avast! Mail Shield scans all incoming and outgoing email and attachments for malware. For the highest level of home protection, avast! Internet Security has a comprehensive spam and phishing filter, which analyses all incoming email based on various criteria to determine whether it is legitimate.
Steps you can take:
- Have good habits – do not respond to the links in an unsolicited email or on Facebook
- Protect your passwords and don’t reveal them to anyone
- Do not give sensitive information to anyone—on the phone, in person or through email
- Look at the website’s URL (web address.) In many phishing cases, the web address may look legitimate but the URL may be misspelled or the domain is different (.com when it should be .gov)
- Keep your browser up-to-date and apply security patches
- Do not open attachments from unsolicited email
If you believe you have compromised sensitive information about your accounts, contact your financial institution, credit card company, or appropriate authorities.
Got a brand new smartphone and want to be protected from all the dangerous malware that’s out there? So you go and get some Android antivirus software. But, what you don’t know is that you just got tricked. And, it’s going to cost you some money. Yes, even if you downloaded if for free.
The latest trend in Android malware is to hide behind something that seems to be legit. Guys at GFI Labs pointed that out, so let’s take a closer look behind the scenes and add some interesting info from the AVAST Virus Lab’s perspective. Imagine yourself as a virus maker. You create an app that will do something evil like steal or delete people’s texts (you’re a nice virus maker), or you want to milk the cow even more and you create an app that’s going to get you some money from the victim by making it silently send text messages to premium-rate phone numbers.
But, how do you spread your evil milking machine among Android users? Just take a look at the apps that are already popular and trusted, like Angry Birds, Opera Browser, or even better, an antivirus app! What can feel safer than installing antivirus on your phone, right? So you take your evil app and make it look, for example, like avast! Mobile Security or any other antivirus suite. Then you make it available for free download, easy to find, placed on a web page that is not guarded like the Play Store, Amazon App Store, or any other genuine Android market. Most of the people only download apps from these genuine stores, but there are always some of them that somehow get tricked or that are just unlucky and run into some fraudulent apps like the one I’m talking about.
Let’s take a closer look at one of the cases. Android:FakeInst-AB Read more…
How many times have you seen a prompt to update software on your computer? How many times have you ignored it, and then got worried or annoyed because it kept reminding you? You are not alone in your procrastination. A full 40% of adults surveyed by Skype say they don’t always update software on their computers when prompted to do so. More than half said they needed to see a prompt between two and five times before they download and install an update.
Skype conducted the survey in preparation of International Technology Upgrade Week. We support them in spreading the word about why it’s important to keep software in top condition – having the latest security updates being the most important reason.
One of the ways cybercrooks get malware into your system is through exploiting programs that are old or not up-to-date. Most programs, like avast!, send out regular patches and updates, but a quarter of those surveyed said they don’t clearly understand what software updates do, and an equal percentage don’t understand the benefits so updates don’t get done and vulnerabilities persist. Read more…
New reports tying the Stuxnet worm to the US government has many people asking questions. What exactly is a cyberattack? Does conducting a cyberattack have the same implications as a physical military attack? Is the US waging an undeclared war on Iran in the same way that a bombing of its nuclear facilities would have done? Is this the new face of warfare and defense?
And now there’s the recent discovery of the Flame virus. We seem to be entering an era where military and diplomatic goals are increasingly embracing the Internet and cyber tools as a vehicle with which to achieve.
One of the big challenges in understanding all this is the lack of agreed upon definitions and principles. We may refer to this attack as cyber-sabotage, while Iran may refer to it as cyber-war or even cyber-terrorism. The Flame virus would be best categorized as cyber-espionage. Without terminology that is clear and agreed upon, the classification of this action is left to be determined by the rhetoric of politicians driven by their own political goals.
There are far more disconcerting implications and considerations if the US is to conduct state-sponsored initiatives in cyberspace.
- Collateral damage: these viruses could ‘get loose’ and inflict unintended damage. We saw this with Stuxnet in 2010, as it hit more than its intended Iranian targets because of a “programming error” (by the way: it was a “programming error” that caused all the damage arising from the Morris Worm as well, for those who remember that little event in computer history)
- Re-purposing and reuse: With cyber-attacks, the targeted opponents will have access to the code that was used. This is like handing the enemy the schematics for every weapon you use against them. With the code, an opponent can replicate the malware and modify it to their own needs. The only additional ‘raw material’ being programmer talent.
- Deniability: Military personnel are clearly identifiable, and armaments all have traceable points of origin. Not so with cyberattacks. We’ve already seen this in the US, where we think past attacks came from China or North Korea, but we can’t be sure. As the US starts to employ such tools, we increase our own ability to deny our actions; war becomes a clandestine affair, which is often at odds with our democratic principles.
Paradoxically, the proponents of building up US cybersecurity defenses will suffer a setback with the US now admitting its role in Stuxnet. These proponents – many of whom are in the military or defense contractor business – had taken up Stuxnet as their cause celebre and chief argument for extending the reach of DHS, NSA, and other federal authorities into our businesses and personal lives. But the government and the cybersecurity industry can’t go clamoring for more funding to defend against a boogeyman of their own creation.
The Android:FakeInst family of malware seems to be never ending story. Its creators have been trying to trick users into sending premium rate SMS messages for several months now. Just a few days ago, we discovered 25 more apps placed on alternative markets that are all based on very similar concepts as was the one in the story we wrote about before Christmas.
This time malicious Android applications are hosted on several domains:
All these sites were registered a week ago so it looks like they were supposed to serve as a malware hosting for the bad guys from the very beginning. Also if someone tries to access these sites from the browser, the visitor only receives a 404 error message which does not look like a legitimate site. Analyzing the trail the malware creators left for us, we’ve discovered a few sites they have used in order to attract users and all of them target Russian speaking people and look like an alternative markets. In reality, these sites exist for a short period of time and offers only fake downloaders. Read more…