Beware of the ‘antivirus’

As we approach this time of year, many security vendors refresh their products.  We are in the process of finishing the BETA of our Norton Antivirus 2009 and Norton Internet Security 2009 products and getting ready to release them to market. Many of our fellow competitors have launched, or are, launching their new products. So, in turn this starts to get people thinking about ‘new’ security products.

The last few days have seen reports of ‘malvertizements’ that ultimately lead to fraudulent products. Newsweek.com is one of several high-profile websites suspected of running rogue banner ads that try and trick visitors into installing fraudulent anti-malware programmes. This opens up an interesting dimension. People implicitly expect and trust that the web sites owners have checked into the people who have placed ads on their sites. The web site owners do, but incidents like this point out that they are not infallible and need to do more.

The trick of the bad guys pretending to be an anti-malware utility or antivirus product has been around for a some time. However, in recent weeks we have seen a number of examples of this resurface.  Symantec’s security response blog has written about this.

What we have observed is a combination of attack elements being used in concert. First a spam email, with an Olympic led fake new story. The user is encouraged to click on a link, the link in turns asks the user to ‘get_flash_update.exe ’ or get_flash_codec.exe. These files then host a number of variants, one of which is a fake antivirus product: ‘Antivirus XP 2008’. A cursory glance would lead you to believe that it looks legitimate: it is far from that.  Once it is installed, ‘Antivirus XP 2008’ basically gives false reports on the security of a system, claiming it has multiple threats running. The software interrupts the user constantly by popup messages, balloon reminders and such, asking the user to register to remediate the threats. The victim’s desktop background is changed to show a virus warning message. The goal of this threat is to get the victim to pay for what they think is a fully-functional legitimate security product, which of course it isn’t.

Now, you will think this blog to be pretty self serving – guilty as charged! With many new (legitimate) antivirus products making their way onto the market, you need to be mindful. If you see something about some new product from someone you have not heard of, then do your homework: ensure they really are who they say they are.

August 20, 2008 | Filed Under Security, Spam, Uncategorized | Leave a Comment 

On your marks!

The Beijing Olympics start tomorrow. The World’s biggest sporting event of all time, I am sure that it will not disappoint. 

In winning the Olympics, Beijing outlined that it would harness the power of IT, innovate around it, to bring the Games to new audiences. We will see a convergence of IT and Media on a scale not seen before. Many of the big Media companies and franchises have extensive plans to bring the games to the ‘net in a big way. I know that many network administrators are bracing themselves for the impact of ‘streaming’ video of Games – if they allow it on your corporate network.  It will be interesting to see (or maybe not) what the strain will be on your ISP as well. 

Where you have a mass audience connected to the ‘net, then in the shadows the’ bad guys’ will be lurking. In the Symantec State of Spam report for August, we are already seeing Spammers peddling their wares on the back of the Olympics. Symantec Security Response have already written up a blog on an attempted Phishing attack, purporting to sell tickets for the games. The creators of the site went to great lengths to make it convincing, even using an SSL connection, believe it or not. 

So, get on your marks, get set, and it is ‘Go’ for no doubt many Olympic related Spams, Phishing attempts, links to web sites that will be showing funny/curious videos of events of the games etc. So, I say, “Citius, Altius Fortius”, to all of my colleagues in the IT Security industry, to keep you all safe and for you to enjoy the Games.

August 7, 2008 | Filed Under Events, Identity theft, Security, Spam, Uncategorized | Leave a Comment 

Cuil? Cool? Kool?

So, we now have a new search engine called ‘Cuil’ and pronounced ‘Cool’. Well a catchy name never tripped up a good product, but an obscure spelling could. That being said, the arrival of Cuil was welcomed in most parts.  The company goes onto explain why it is different from what is out there already:”The search engine goes beyond today’s search techniques of link analysis and traffic ranking to analyse the context of each page and the concepts behind each query”. So, there you have it, a kind of deeper more relevant search.

So what did Google make of it? They seemed quite ‘cool’ about it, however, in a blog entry they did outline that they still felt they had the biggest web index out there. Now, the people behind Cuil do have a good pedigree in this area, being ex Google and IBM people. So, they know what it takes to build a successful search engine. The arrival of Cuil brings with it many questions. The most prosaic of which being, how will they make money (there is no advertising for the moment). They will be on a steep learning curve and the story today of an embarrassing snafu is testament to this.  As to how they will handle the security side of operating a search engine, we will also have to wait and see what they come up with.

August 5, 2008 | Filed Under Technology, Uncategorized | Leave a Comment 

D’oh! Homer falls in with the malware crowd

The malware guys have now roped in Homer Simpson system into spreading malware. It appears that going back in time, there was a episode of the ‘Simpsons’ in which Homer’s e-mail address was given as “chunkylover53″. Prior to the episode’s airing, the address was registered by the production company and was then used it to answer hundreds of e-mails from Simpsons fans.

In the past few days ‘chunkylover53’ name has resurfaced, and it’s now being used to distribute a trojan disguised as a Simpsons movie file. If you get an email from Homer and his ‘chunkylover53’ email address you will be invited to follow a link to a special exclusive episode of the show available for download. The link in the message leads to an executable file.

Upon launching the trojan, the user is presented with a fake error message which is followed by several real error messages and, finally, a blank screen. Upon restarting, the system will run noticeable slower and be prone to crashes.

The other nasties in this attack is that once the malware is delivered onto the PC it has remote control software which logs the user in a botnet.  The botnet itself could easily be called on to launch another attack.

What is still unclear and a matter for conjecture is just how the bad guys got a hold of the ‘chunckylover53’ email address.

July 12, 2008 | Filed Under Security, Spam, Uncategorized | 1 Comment 

Cyber-vandalism has not gone away

We continue to report and comment upon that the vast majority of malicious activity is now for ‘profit’.  What once started out as ‘look how clever I am’ hacking and goofing around has morphed into an increasing focus on using these technical skills and techniques to make money. However, there is still cyber vandalism out there.  One example of this that occurred  in the past few days was a high profile hijacking of sites owned by the Internet Corporation for Assigned Names and Numbers, or ICANN as it is more commonly known.
 
To reach another person on the Internet you have to type an address into your computer – a so called Unique Reference Link (URL). That URL has to be unique so computers know where to find each other. ICANN coordinates these unique identifiers across the world. Without that coordination we wouldn’t have one global Internet. Late last week, visitors to the ICANN site were redirected to a site, wherein they saw this message:
 
  “You think that you control the domains but you don’t! Everybody knows wrong. We control the domains including ICANN! Don’t you believe us? haha :) (Lovable Turkish hackers group)”
 
The attack was from a group called NetDevilz, who are thought to be Turkish. Now, from what can be seen, there seems to have been no other malicious content served up from the site that users were redirected to. This was a very public embarrassment for the organisation, who, is responsible for ensuring that the URL you type into your browser takes you to the site you think you are going to.  It did not take long for ICANN to spot what had happened and to start to rectify it. I am sure it was all very frustrating and time-consuming: which really is just what vandalism of any sort, whether in the real-world, or in the virtual world, is all about.

July 1, 2008 | Filed Under Uncategorized | 1 Comment 

Games within games

By some estimates, there are in excess of 250 million online gamers worldwide.  The revenue associated with this is in excess of $8billion in 2007, with it forecasted to grow to just short of $10billion in 2008. You know the drill: where there are many users and a lot of money, then the bad guys are sure to coming calling.

By our estimates, there are in excess of five thousand Trojans that have been developed with the purpose of stealing user details from computer games.  Getting access to a ‘gamers’ account can be very valuable and lucrative for the bad guys.  They can use the old ploy of extorting money from you to get your account ‘back’. Or, they can simply sell-on your account to someone else.  There have been instances of the bad-guys raiding and accumulating valuable on-line game paraphernalia, e.g. swords, shields, weaponry that has a ‘value’ and then ‘cashing this out’ into real money.

In advance of the ‘Dreamhack’ event in Sweden later this month, my colleagues in Sweden have created an interesting YouTube posting - you can see it below . It walks you through some of the potential issues that are posed by computer games as well as giving some pointers as to how to avoid some of these threats.

June 3, 2008 | Filed Under Uncategorized | Leave a Comment 

Social networking: the age of innocence is over.

I had the opportunity to see the excellent BBC ‘Click’ over this past weekend on BBC World.  They covered the viewer, and on-line reaction, to their story of a few weeks back, on writing a rogue Facebook application. The Click team wrote a ‘skimming’ application that in effect was able to go around and harvest data from the profiles in a ‘friends’ list.

This story set off a lot of reaction from viewers and users of the site.  Facebook did point out that it has a code of conduct that it asks and expects developers to abide by: limit the collection, use, storage of data etc. They also have a team of people dedicated to helping weed out application developers who do not follow the rules.

In reading the responses to this story from people I was struck with a numbers of things.  First and foremost the sense of outrage, that such a respected and well thought of site could, somehow, have been violated in such a way.  Users of Facebook care about it in a personal way. There was a palpable sense of indignation. However, this is an example of how social networking sites can be vulnerable to the people who would want to invade it. That very sense of trust that binds the many millions of people who use social networking sites, such as Facebook, can also be the Achilles heel.  Trust begets respect. However, what this incident shows is that potentially malware authors, who have no respect for anything or anyone, could use this as a new ‘fertile’ marketplace for their endeavours.

Facebook and other social neworking sites will learn from this I am sure.  There was an effective way to stop this type of rogue application, but it is buried within the Privacy settings (privacy/applications/other applications), where you can select the option of ‘ Do not share any information about me using the Facebook API’.  Well, I think they need to bring this option much closer to the attention of the user and in simpler language that means something to someone.

Does it mark the end of the age of innocence for  social networking? Well, I think so and in the long run it may not be a bad thing.

For more information on the story, go to http://news.bbc.co.uk/1/hi/programmes/click_online/7375772.stm

May 24, 2008 | Filed Under Uncategorized | Leave a Comment