Useful Security Information

Select Real Security

2011-08-12T20:03:00.004-04:00

http://www.selectrealsecurity.com/

What information does this website provide?
This website provides you with useful resources and information on computer security. It contains over 100 links to a variety of useful security related resources and information, including articles, guides, malware prevention, tips, and more. It also contains information on how to secure your computer, data, and internet connection from malicious attacks.

This Month in the Threat Webscape - March 2010

2010-04-10T17:33:00.000-04:00

Websense Security labs has released their monthly video report covering web threat activity for the month of March.

"This month, we look at:
• RSA and CanSecWest
• Websense Security Labs discovery of more than 250,000 malicious Facebook posts
• More huge patches for browsers, plugins and operating systems
• Another bad month for Apple security"

Anti-Rootkit Detection and Removal Test (April 2010)

2010-04-10T14:11:00.001-04:00

Anti-malware.ru has published their latest test. The test is on anti-rootkit detection and removal.

Test results:

"Gold Award
1. GMER 1.0.13 (10.5 of 12 points)
2. VBA32 Antirootkit 3.12 (beta) (10 out of 12 points)

Silver Award
3. RootRepeal 1.3.5 (9 out of 12 points)
4. Online Solutions Autorun Manager 5.0.11926.0 (8 out of 12 points)
5. XueTr 1.0.2.0 (8 out of 12 points)
6. Rootkit Unhooker 3.8.386.589 (7.5 of 12 points)

Bronze Award
7. SysReveal 1.0.0.27 (6.5 of 12 points)
8. KernelDetective 1.3.1 (6 out of 12 points)
9. Sophos Anti-Rootkit 1.5.0 (6 out of 12 points)

Failed the test
10. Trend Micro RootkitBuster 2.80 (3 out of 12 points)
11. Eset SysInspector 1.2.012.0 (2.5 of 12 points)
12. Panda Anti-Rootkit 1.0.8.0 (1.5 of 12 points)

The best anti-rootkit on the test results are recognized GMER and VBA32 Antirootkit, who deservedly received the award Gold Anti-Rootkit Protection Award. Their superiority over the other can be clearly seen in the last three samples of rootkits in table 4."
Test: http://translate.google.com/translate?hl=en&sl=ru&u=http://www.anti-malware.ru/antirootkits_test_2010

China: The Hacker Capital Of The World

2010-04-04T10:29:00.002-04:00

China has been identified as the worlds largest country of cyber-espionage.

"China is the world center for malicious computer use. Computer security experts have exposed China as the base of operations for 30% of the world’s malicious email, making China a haven for hackers, crackers, spy ware nuts, and general bad apples. However, within China, there is the city called the cybercrime capital of the world, Shaoxing. This eastern Chinese city is responsible for 21.3 percent of all targeted computer attacks." Article

It's not surprising when you look at the recent news and reports.

MRG: Malwarebytes 1.45 Vs. Early Life Malware

2010-03-30T21:55:00.001-04:00

MRG ran an on-demand scan test on MBAM!

MBAM did a good job!

Matousec: New Firewall Test Results (Online Armor & Trend Micro)

2010-03-30T21:31:00.000-04:00

"2010-03-30: New results have been published for:
Online Armor Free 4.0.0.35
Trend Micro Internet Security Pro 2010 17.50.1647.0000

Trend Micro Internet Security Pro 2010 finished with 9 %. Online Armor Free performed much better. We can see major improvements in Online Armor Free compared to its previously tested version. Its new score of 96 % is good enough for today to take the lead in Proactive Security Challenge. Congratulations!"

Well done Online Armor!

Link: http://www.matousec.com/projects/proactive-security-challenge/

How I’d Hack Your Weak Passwords

2010-03-27T18:06:00.000-04:00

I came across a very interesting blog article by John P. about password security. He warns you of the dangers of a weak password and tells you what you should do. Well worth reading!

"If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it? ...

... pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries."

Full article: http://onemansblog.com/2007/03/26/how-id-hack-your-weak-passwords/

MessageLabs Intelligence: March 2010 Report (Latest Threat Trends)

2010-03-26T18:37:00.001-04:00

MessageLabs Intelligence has released a new report on the latest malware threat trends:

Highlights:

Most dangerous email attachments:

You can download the full report in PDF format here: http://www.messagelabs.com/mlireport/MLI_2010_03_Mar_FINAL-EN.pdf

75 Top Open Source Security Apps

2010-03-24T19:13:00.001-04:00

Datamation has published an extensive list of what they call the "75 Top Open Source Security Apps." The list includes some excellent applications, which some I use or have used in the past.

"This year, we've once again updated our list of top open source security apps. While the list isn't exhaustive by any means, we tried to include many of the best tools in a variety of categories. We dropped a few projects from last year's list that have gone inactive or closed source, and we've added a few newcomers that are worth your consideration." Article

Spam Trends: February 2010

2010-03-24T18:24:00.002-04:00

Kaspersky Lab has released a report on the spam trends for the month of February.

"Spam in mail traffic:
The amount of spam detected in mail traffic averaged 86.1% in February 2010. A low of 80.5% was recorded on 15 February, with a peak of 90.8% on 21 February.

Sources of spam:

In February, the US maintained its position at the top of the table despite a decrease of 7% compared to January’s figure. India moved up to second place having distributed 8.8% of all spam, an increase of 2.7% compared with the previous month.

Most Phished Brands:

Malware in mail traffic:
Malicious files were found in 1.18% of all emails, an increase of 1.11% compared with the previous month.

Spam by category:
The medication and health-related goods and services category, mostly advertising Viagra and weight loss pills, retained its lead among English-language spam with nearly 40% of the total volume of spam."

Full report: http://www.viruslist.com/en/analysis?pubid=204792108

MRG: Avira AntiVir 10 On-Demand Scan Test

2010-03-23T18:22:00.001-04:00

From MRG:

It did well.

ICSI Netalyzr: How Healthy is Your Internet Connection?

2010-03-22T18:27:00.000-04:00

I came across a very interesting tool called Netalyzr made from the University of Berkeley, California. The tool scans your internet connection for various performance and security issues and reports the results back to you.

"The Netalyzr analyzes various properties of your Internet connection that you should care about — including blocking of important services, HTTP caching behavior and proxy correctness, your DNS server's resilience to abuse, NAT detection, as well as latency & bandwidth measurements — and reports its findings in a detailed report."

If you want to see an example report before you run the test, they provide one here: http://netalyzr.icsi.berkeley.edu/restore/id=example-session

Matousec: New Firewall Test Results (Kaspersky 2010)

2010-03-22T13:57:00.000-04:00

"2010-03-22: Single product update:
Kaspersky Internet Security 2010 9.0.0.736

Kaspersky Internet Security 2010 9.0.0.736 scored 86 % against 148 tests, a Very good result and currently the second place in our challenge, not so far behind Malware Defender."

Link: http://www.matousec.com/projects/proactive-security-challenge/

Twitter - Check if an Account is Spam

2010-03-18T19:19:00.002-04:00

Securi, a web-based monitoring service, has a useful tool called "Twitter Account Validater" that will scan any username on twitter for spam!

You will also find an website information gathering tool called "WIGS" which “collects public and hidden information from your website and advises you of possible information leaks.” Enjoy!

The Definitive Guide to Keeping Your PC Up to Date

2010-03-17T19:22:00.002-04:00

Jason Fitzpatrick from Lifehacker has published a detailed guide on how to keep your computer up to date. He explains three tools you can use regularly to keep your computer updated.

"The following guide will help you set up your computer to automatically update itself when possible, and keep your software current and secure. We'll be highlighting three tools here to help remove the hassle of updating from your shoulders and automate it to keep it off your mind." Guide

MRG: Online Banking Browser Security Test

2010-03-17T18:28:00.001-04:00

MRG has released their latest test called "online banking browser security test."

"Project Details: Online Banking Browser Security Test
Operating System used: Windows XP Professional Service Pack 3
Number of applications used: 10
Number of simulation tools used: 6"

Full report (PDF): http://malwareresearchgroup.com/?page_id=2

Top 10 Countries Sending Spam (Mar 8-Mar 14)

2010-03-16T18:22:00.000-04:00

From ICSA Labs:

Five Free Apps for Advanced Malware Removal

2010-03-15T20:50:00.002-04:00

David Murphy from MaximumPC describes five free applications for advanced malware cleaning. The list contains antivirus applications, rootkit removal tools, and AV rescue disks.

"I had amassed quite a list of rootkit removal programs, hardcore malware eliminators, and antivirus applications that were more surgeons in training than general practitioners. I now share them with you." Article

Matousec: New Firewall Test Results (BitDefender & Jetico)

2010-03-15T19:12:00.000-04:00

"2010-03-15: New results have been published for:

* BitDefender Internet Security 2010 13.0.19.347
* Jetico Personal Firewall 2.1.0.7.2412

Jetico Personal Firewall failed most of the new tests and this why we can see the radical change in its score. It finished with the score of 28 %.

BitDefender Internet Security 2010 have a couple of improvements compared to its previously tested version and so its final score is better today – 24 %."

Link: http://www.matousec.com/projects/proactive-security-challenge/

The Most Overrated Security Technologies

2010-03-14T10:34:00.004-04:00

Bill Brenner from CSOonline has published an article on "What Are the Most Overrated Security Technologies?" At the top of the list, he has anti-virus and firewalls.

"The security community has grown to depend on some basic technologies in the fight against cyber thieves, such as antivirus software and firewalls. But are practitioners clinging to tools that outlived their usefulness long ago? Were those tools ever really useful to begin with?

CSOonline.com recently conducted an unscientific survey on the matter, asking those questions to a variety of security forums on LinkedIn and following it up with e-mails and phone conversations. What follows are four technologies several cited as overrated in today's security fight." Full article

Proofpoint: Email Security Trends

2010-03-13T23:05:00.001-05:00

Proofpoint has released a report on the findings from a survey about email security trends.

"Key findings from the survey include:

1. Spear phishing continues to be a significant security issue:
Nearly half of respondents (48%) believe that, in the past year, their organization was targeted by a phishing email designed specifically to compromise their own users. While 27% of respondents do not believe they were targeted by such an attack, 25% said they were "not sure."

2. Adoption of email encryption technology increases:
The majority of respondents (59%) say that their organization has already deployed an email encryption solution. Another 19% say that they intend to deploy email encryption in the future, with most respondents saying that they intend to deploy within the next year.

Adoption of email encryption technology has been steadily increasing over time. In a Proofpoint study from June 2009, 43% of organizations said that they had deployed an email encryption solution.

3. Effectiveness still the top criterion when selecting email security solutions:
43% of respondents said that "effectiveness/accuracy" was the most important factor when selecting an email security solution, while 20% said that "ease of administration" was most important.

16% said "cost of solution" was most important. 11% selected choice of "deployment method (e.g., SaaS versus appliance)", while just 6% cited "vendor brand/reputation" as the most important decision factor.

4. Uncaught spam and phishing emails top email annoyances list:
Asked about the "most annoying" types of email, 39% of respondents cited spam that gets through their organization's filter as their top email annoyance. 27% said the same of uncaught phishing emails.

But for a third of respondents, various types of legitimate email were the most annoying. 15% of respondents cited legitimate email newsletters and marketing emails that are sent too frequently as their top annoyance. 10% said legitimate emails from coworkers or business contacts that "I just don't have time to answer" were most annoying. 7% cited social media notifications and other types of legitimate, but non-essential, email messages as most annoying.

Survey participants submitted their answers electronically at the Proofpoint booth. Half of respondents were from organizations with 2000 or more email users. More than three quarters of respondents held security or other technical job titles, while less than one quarter held legal, compliance or other non-IT roles." Full report

Video: Inside the Mind of a Russian Hacker

2010-03-13T12:25:00.001-05:00

The BBC interviews a "reformed Russian hacker," who started hacking government websites at the age of 14!

"Andrei is a young man with immense power at his fingertips. He's a reformed Russian hacker. Back hunched, eyes fixed on the computer screen in front of him, he demonstrates what he can do."

Video: http://news.bbc.co.uk/2/hi/technology/8561910.stm

Adobe Reader: The Most Exploited Software in Targeted Attacks

2010-03-12T23:27:00.000-05:00

The chart below, made by F-Secure, shows that Adobe Reader is the most exploited software exploited by hackers in targeted attacks.

"61% of the nearly 900 targeted attacks it's tracked in the first two months of 2010 exploited a vulnerability in Reader, Adobe's popular PDF viewer. By comparison, Microsoft 's Word was exploited in just 24% of the attacks, and bugs in its Excel spreadsheet and PowerPoint presentation maker were leveraged only a combined 14% of the time." (via Computerworld)

If you do use Adobe Reader, always keep it updated to protect yourself from being attacked or twitch to a safer, more reliable PDF application, such as Foxit Reader.

Video: Quarter Million Malicious Facebook Posts (Websense)

2010-03-12T22:05:00.002-05:00

Websense Security Labs has detected a fast spreading malicious campaign on Facebook:

"We have detected a malicious campaign that is quickly spreading on Facebook. The malware has very low anti-virus coverage and can be found on prominent Facebook pages such as ones belonging Justin Timberlake (2.1 million fans) and a few others.

To get an idea of how fast this link is being shared on Facebook (measured in seconds!), here's a video:"

MRG: Avast! 5 Review/Test

2010-03-10T19:53:00.006-05:00

MRG (Malware Research Group) has released its review on Avast! 5.

"We are reviewing the latest version of Avast Antivirus Professional, 5.0.462.

Default Settings were used throughout the whole review process. Test was conducted using Windows 7 32-Bit with all the latest updates.

Result of our reviewing process:

Real Time Protection Test: Avast failed to block 8/50 threats (URL’s)

Static Real Time Protection Test: Avast failed to block 6/50 threats (on EXE)

On Demand Scan Test: Avast missed 287/10.000 samples, detection rate – 97.13%

Infected System Rescue Test: Avast removed 8/10 threats (Renos and ZBot samples were not successfully removed)"

The full report can be read here: http://malwareresearchgroup.com/?p=1245

Top 5 Internet Fraud & Scams Of All Time

2010-03-10T19:00:00.005-05:00

Ryan Dube from Makeuseof describes the Top 5 Internet Fraud & Scams Of All Time. He covers everyday internet scams, such as phishing, auction/purchase frauds, re-shippers, and other scams that frequently trick people and lead to huge financial losses. He provides an example for each scam.

"Beyond just basic email scams, there are other methods that scammers use to defraud people of their money through the Internet. Today, I would like to examine five additional Internet scams that are very commonplace, but unfortunately not quite as many people are aware of them. These are scams that trip up the most people every year and lead to a substantial financial loss. Take the time to read through and understand these scams so that you never find yourself a victim of them." Full article

Vodafone Distributes Mariposa Botnet

2010-03-09T06:47:00.001-05:00

Panda Security Research has caught Vodafone distributing Mariposa botnet and other malware on HTC Magic Android smartphones.

"Here is yet another example of a company distributing malware to its userbase. Unfortunately it probably won’t be the last.

Today one of our colleagues received a brand new Vodafone HTC Magic with Google’s Android OS. “Neat” she said. Vodafone distributes this phone to its userbase in some European countries and it seems affordable as you can get it for 0€ or 1€ under certain conditions.

The interesting thing is that when she plugged the phone to her PC via USB her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious. A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into.

Once infected you can see the malware 'phoning home' to receive further instructions, probably to steal all of the user’s credentials and send them to the malware writer." Full article

Video: Evil on the Internet - Richard Clayton

2010-03-07T12:35:00.001-05:00

In the video below, Richard Clayton gives a talk about various sorts of malicious sites on the internet and shows live examples of those sites and explains how they work - a very interesting video!

Matousec: New Firewall Test Results (Malware Defender & McAfee)

2010-03-05T22:35:00.000-05:00

"2010-03-04: New results have been published for:

* Malware Defender 2.6.0
* McAfee Internet Security 2010 11.0.378"

Link: http://www.matousec.com/projects/proactive-security-challenge/results.php

Top 10 Best Security Plugins for Wordpress

2010-03-05T18:01:00.002-05:00

GraphicAlerts has made a list of the "Top 10 Best Security Plugins for Wordpress." Each plugin is described in detail. If you use Wordpress, this will definitely be useful!

Most Used Spam Categories in February 2010

2010-03-04T20:08:00.004-05:00

Avira has published a new report on the categories of the spam messages that got sent around in the last month. The report can be read here: Most Used Spam Categories in February 2010

Symantec Warns of Cold War in the Cyber World

2010-03-04T19:53:00.000-05:00

"People use computers at an Internet cafe. Some hacker training operations openly recruit thousands of members online and provided them with cyberattack lessons and malicious software."

"Enrique Salem, President and Chief Executive Officer of California-based Symantec Corporation, warns against a cold war of an unusual kind.

In an interaction with The Hindu here last week, Mr. Salem said cyber space was the battlefield for this war, and might prove a huge threat to virtually the whole world.

The spread of the Internet and the move towards virtualisation to reap operational efficiency has seen a rapid growth in cyber storage. From individuals to corporates and Governments – enterprises have increasingly begun storing their data in cyber space. However, data is far from safe here. According to Mr. Salem, there are definite signs that data on the cyber space was under attack from tech-savvy hackers. He asserted that cyber attacks have become increasingly frequent. “Indian companies also are attacked and targeted,’’ Mr. Salem pointed out. Full article

Over Half of all Software 'Open to Attack'

2010-03-03T21:36:00.001-05:00

"Application security vendor Veracode has claimed that 58 per cent of software is vulnerable to the same sort of attacks that affected Google earlier this year.

The company used the RSA Conference in San Francisco to reveal its State of Software Security report, which warned that 58 per cent of the 1,600 applications analysed at the request of clients had security holes." Full article

Authorities Take Down Botnet with 13 Million Infected PCs

2010-03-03T21:15:00.000-05:00

Good news!

"Authorities have smashed one of the world's biggest networks of virus-infected computers, a data vacuum that stole credit cards and online banking credentials from as many as 12.7 million poisoned PCs.

The "botnet" of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks, according to investigators.

The botnet appeared in late 2008 and spread to more than 190 countries, the AP reported, citing researchers. The researchers that dismantled it first started looking at it in the spring of 2009.

The take down came as authorities in Spain arrested three of the ringleaders of the the botnet, dubbed "Mariposa". The suspects haven't been identified by name, but they're described as Spanish citizens with no criminal records whose internet names and ages were "netkairo," 31; "jonyloleante," 30; and "ostiator," 25." Full article

Virus Effect Remover

2010-03-02T20:31:00.000-05:00

VER is a security tool that helps users remove the effects of either a live infection or a prior infection in Windows. This is a very useful tool if you have been infected or are infected by a virus and you want to remove of the damage the virus has done to your computer!

Download: http://www.virussecurelab.com/

MessageLabs Intelligence: February 2010 Report (Latest Threat Trends)

2010-03-01T20:36:00.001-05:00

MessageLabs Intelligence has released a new report on the latest malware threat trends!

You can download the full report here (PDF): http://www.messagelabs.com/mlireport/MLI_2010_02_Feb_FINAL.pdf

FIRE: Finding Rogue Networks

2010-02-28T22:42:00.000-05:00

An interesting service I have come across!

"FIRE is a service to identify rogue networks and Internet Service Providers. On a daily basis, reports are generated on this site that expose the dark side of the Internet. FIRE actively monitors botnet communication channels, spam traps, drive-by-download servers, and phishing web sites. This data is refined and correlated to quantify the degree of malicious activity for individual organizations and presented on this web page." FIRE: FInding RoguE Networks

These are the same guys who run Anubis and Wepawet!

Teen Hacker Admits Crashing PlayStation Site

2010-02-28T15:43:00.001-05:00

"A 17-year-old honors student from Pennsylvania admitted to crashing Sony's PlayStation site after being banned for cheating in SOCOM U.S. Navy Seals. He brought down the site for 11 days in November 2008 by infecting it with a virus" Full article

Browserscope: How Does Your Browser Compare?

2010-02-27T12:16:00.004-05:00

Do you need help when making choices about which browsers to use and which browsers are more secure? If you do, head over to Browserscope, where you can test you browser security and compare your results to other browsers!

"The security tests measure whether the browser supports JavaScript APIs that allow safe interactions between sites, and whether it follows industry best practices for blocking harmful interactions between sites." Further information

The Guide to Securing Your Computer, Data, & Internet Connection - (coming soon)

2010-02-27T01:04:00.003-05:00

For the past month, I have been working on a guide that covers various subjects in computer security. The title is "The Guide to Securing Your Computer, Data, and Internet Connection." It will most likely be 10 pages or more. As of right now, I do not know when it will be finished, soon I hope.

The contents include:

Security Tips
Window and Software Updates
Windows Setup
Firewall
Web Browser
Security Software
Password
Email
Backup and System Restore
Public Computers
Wireless Networks
Useful Security Resources

...other topics might be added

Please stay tuned for more information later!

If you have any questions regarding the guide, leave a comment!

H*Commerce: The Business of Hacking You [Video Series]

2010-02-26T17:27:00.002-05:00

This is a must-see video series for any internet user!

"H*Commerce: The Business of Hacking You is a six-part online documentary film series directed by Seth Gordon. The series focuses on real victims of cybercrime, and how one family ultimately lost over $400,000 in a scam promising inheritance money from a dead family member. It shows how the criminals went about the scam and shows you both the scope of cybercrime today and how quickly you can fall victim if you fail to take some basic safeguards. Each episode interviews former hackers, internet scam counselors, and computer forensics experts. Each segment is between five and eight minutes in length." Note: H*Commerce stands for "Hacker commerce"; the business of making money through illegal hacking and scamming.

Sneak peak at the series (trailer):

Full series: http://www.stophcommerce.com/

Further information on H*Commerce: The Business of Hacking You(Wikipedia)

Video: How to Steal a Botnet and What Can Happen When You Do

2010-02-26T12:24:00.002-05:00

A very interesting video I've come across!

"This is a talk presented by Richard A.Kemmerer, one of the researcher at the UCSB and part of the team that took control of a part of torping botnet for 10 days. A botnet is a group of malware infected computers which are controlled remotely and often used to steal passwords and phishing. This talk outlines some of the basic terminologies of botnets, the way infection happens, and the effects it causes."

Microsoft Shuts Down Global Spam Network

2010-02-25T17:13:00.001-05:00

Good news!

"Microsoft has won court approval to shut down a global network of computers which it says is responsible for more than 1.5bn spam messages every day. The firm said that closing the domains would mean that up to 90,000 PCs would stop receiving orders to send out spam." Full article

How Reliable is VirusTotal?

2010-02-25T16:50:00.002-05:00

"VirusTotal is a great and free online service that lets you upload and scan a file against a large number of AV products. As a security researcher, I constantly use it to verify files, especially to see if they have already been detected or if they are brand new samples. End users can benefit from it as well. Before installing a product they are not sure about (i.e. a rogue), they may want to see if it is safe to proceed. However, some concerns have risen recently about possible downfalls of the service." Full article

How to Avoid Rogue Security Software

2010-02-25T13:46:00.007-05:00

Help Net Security has some very good tips on how to avoid malicious software!

"Follow these tips below to tell what's real and what's not when it comes to security software.

1. Do not fall for scare tactics. While browsing sites, be cautious of pop-ups warning you that your system is infected and offering a product to clean it up. Never pay for a program that installed itself to your computer. This is a hallmark of rogue software.

2. Use security software with real-time protection and keep it up-to-date. If you know that you have anti-virus, anti-spyware, and a firewall on your PC, you can safely ignore security alerts you receive that do not come from your chosen security software provider. (Rogue security software will often try to lure computer uses by using legitimate looking pop-up messages that appear to be security alerts.) Also, most anti-malware programs will help keep you protected from rogues because they can detect and remove these programs.

3. Access experts at security forums and ask about the software you are considering before you decide to purchase it.

4. Read the software reviews at reputable sites like Download.com. Do not blindly trust individual sites offering security products.

5. Ask knowledgeable friends and family members about quality software they use. Keep in mind that when you search for trustworthy security software online, rogue products can, and often do, appear in the search results list.

6. Practice online skepticism. Be aware that rogue security software does exist on the Web, and be vigilant about avoiding it. These programs are designed to appear genuine - meaning they may mimic legitimate programs, use false awards and reviews to rope you in, or employ other deceptive tactics. It’s also a good idea to familiarize yourself with common phishing scams, and to be cautious of links in e-mail messages and on social networking sites." Article

60+ Compromised Sites with SEO Poisoning

2010-02-25T13:36:00.000-05:00

"To improve the chances of installing their malware on random computers, malicious users have decided to set up more that 60 websites that contain hundreds of possible search matches for hot/trending topics. According to F-Secure, the search matches on those malicious websites overlap considerably, so that when you search for a particular topic, almost all of those website will pop-out in the search results, and a lot of them in the top 10!" Full article

Top Secrets About Your Passwords

2010-02-25T00:19:00.000-05:00

"Recent hacker activity highlights how insecure we are in the online world. Black hats keep focusing on collecting passwords in many different ways. Instead of breaking the computer security system or brute-forcing pass phrases, they use a variety of easier techniques to get our credentials. The ways they make us give up sensitive information include setting up fake mailing lists, forums, and social network sites to harvest logon details. Then, using this information there is a good chance that the attacker can sign in to valuable sites like social networks or even online banks with the same user name and password." Full article

Video: This you??? Twitter Phishing Attack Demonstrated

2010-02-25T00:11:00.000-05:00

"A phishing attack on Twitter asks "This you????" and links to a bogus login page. Here's a video from Sophos that shows how it works"

How Banker Trojans Steal Millions Every Day

2010-02-23T22:12:00.000-05:00

This article describes, in some detail, the operation of "man in the browser" Trojans used to empty victims' bank accounts.

"Banker trojans have become a serious problem, especially in South America and the US. Trojans like Zeus, URLZone and others are the tip of the iceberg. These toolkits are now standard-issue weapons for criminals and state-sponsored hackers. Like Zeus, URLZone was created using a toolkit (available in underground markets). What this means is that the buyer of this toolkit can then create customized malware or botnets with different command-and-controls and configurations (such as which banks to attack), but having all the flexibility and power of the original toolkit. Having such a toolkit in the hands of multiple criminal groups paints a scary picture. It's simply not enough to eliminate a particular botnet and criminal group to solve this problem." Full article

How Rootkits are Threatening Smartphone Security

2010-02-23T22:02:00.001-05:00

"Computer scientists at Rutgers University have shown how a familiar type of personal computer security threat can now attack new generations of smart mobile phones, with the potential to cause more serious consequences." Full article

Video: On-Demand Scan Test (Malwarebytes Anti-Malware vs. SUPERAntispyware)

2010-02-22T19:15:00.003-05:00

An on-demand antivirus test from Malware Research Group (1000 samples used).

MBAM:

SAS:

How to Avoid Malware on Facebook and Twitter: 8 Best Practices

2010-02-21T17:28:00.007-05:00

New York Times describes 8 best practices on how stay safe on the Web and what to avoid on Twitter and Facebook.

1. "Don't assume a link is "safe" because it's from a friend: As noted above, your friend's account may be infected. You should never assume that a link is safe just because a friend tweeted it or posted it to your wall. Use your common sense. If it doesn't sound like something they would say, be wary, don't click. If you're unsure, try to contact them through another channel and see if the link is legit.

2. Don't assume Twitter links are safe because Twitter is now scanning for malware: In August, Twitter partnered with Google to use Google's Safe Browsing API, a technology that checks URLs against Google's blacklist. This prevents spammers from posting malicious URLs to Twitter, but it does NOT prevent them from posting shortened URLs which direct users to those same malicious sites. It's better than no protection at all, but it's not going to keep you entirely safe.

3. Don't Assume Bit.ly Links are Safe: Earlier this year, Twitter's default URL-shortening service Bit.ly, began warning users of malware. Bit.ly also uses Google's Safe Browsing API along with two other blacklists to identify malicious links. Although the service doesn't prevent users from posting these links, it will warn upon clicking that the site being linked to is infected. However, as Raiu tells us, this is not 100% effective either. Kaspersky has identified a number of malicious links which Bit.ly did not block. However, you can assume that Bit.ly is generally safer than the other URL-shortening services because it uses this technology and because the hackers are generally avoiding this service at the moment because of its built-in protection. But it is not completely safe - nothing ever is.

4. Use an up-to-date web browser: Kaspersky recommends using the latest version of your web browser and keeping it up-to-date with the necessary patches. That means Internet Explorer users should be on IE8 - and since this browser is attacked the most, it's critical that you make sure it stays updated as needed. Firefox is the second most attacked browser, but fortunately, it has a self-updating feature built in. Google Chrome is also good because it has a self-updating feature as well as another security feature that runs plugins in "sandboxes," or restricted environments. If an attacker was able to exploit the browser and run malicious code, it would be isolated to this sandbox and would not able to effect the entire machine. Opera and Safari are also good browsers and should be kept current, too.

5. Keep Windows up-to-date: As always, Windows users should make sure their systems are current with the latest patches from Microsoft. Automatic updates should be turned on.

6. Keep Adobe Reader and Adobe Flash up-to-date: At the moment, Adobe Reader and Flash are the two most targeted programs by hackers. A lot of malware specifically goes after known vulnerabilities within Adobe's software. In addition, a common method of attack, such as that used by Koobface, is to redirect a victim to a malware-infested site where the user is prompted to update their Flash player or Adobe Reader in order to see the website content. NEVER do this. Always go to Adobe's site on your own to download the latest version or update the software on your computer using its own built-in update mechanisms.

7. Don't assume you're safe because you use a Mac: While it's true that Mac users are less targeted than Windows users, they are not immune to malware, despite what those commercials may say. Although Apple did include some malware protection in their latest operating system, it only protects users from two trojans; you cannot count on it alone to protect you. There are a couple of hundred of trojans currently in the wild that specifically target Mac machines, according to Kaspersky. In fact, there may even be as many as a thousand, but researchers are unable to identify all of them because Mac users don't typically run anti-virus software which is how much of the data is collected. These days, when a user clicks an infected link, the malicious web page will now sometimes identify whether that user is coming from a Windows or Mac machine and then display the appropriate version of the trojan accordingly. A particular family of trojans known as "DNS Changer" trojans are the most common ones used to attack Mac machines. The only way to really be sure that you're protected against these malicious programs is to run anti-malware software on your Mac, but most Mac users won't do so, preferring to take their chances since their risk is lower.

8. Be wary of email messages from social networks: Because email addresses can be "spoofed" by hackers, you can't assume that an email from Facebook or Twitter is really from those the site it claims to be from. As always, you should never open attachments you were not expecting to receive and you should be wary of clicking on links - especially if you're being told to "update your account." If you do click on a link and are taken to a web page that asks you to log into the site, DON'T DO IT. It would be handing over your password to the hackers. Instead, you should always access the sites directly by typing in their URL in your browser or clicking a saved link in your Favorites." Article

Top 10 Countries Sending Spam

2010-02-21T17:01:00.004-05:00

ICSA Labs: Top 10 Countries Sending Spam It's constantly updated!

Five Free Temporary Email Services To Avoid Spam

2010-02-21T14:24:00.001-05:00

"Maybe you need to fill in an email for a one-time registration that, you are sure, will only lead to spam. That is where temporary email services come into play. Today we will talk about 5 of those that I highly recommend." Article

Matousec: New Firewall Test Results

2010-02-21T14:07:00.000-05:00

"New results have been published for:

* avast! Internet Security 5.0.418.0
* Norton Internet Security 2010 17.5.0.127
* Privatefirewall 7.0.20.36
* ZoneAlarm Extreme Security 9.1.008.000"

Link: http://www.matousec.com/projects/proactive-security-challenge/

Software & Websites to Avoid

2010-02-20T00:17:00.011-05:00

Avoid the following software and websites; they are frequently used by malicious users to spread malware.

Software

Peer-to-peer (P2P) file sharing software (e.g. Limewire, BitTorrent, Kazaa, Frostwire, etc). Many forms of malware target P2P users.
Instant messaging (IM) software and chat software (e.g. AOL, Yahoo, MSN etc). Many forms of malware are designed to spread using these services.
Web browser toolbars
Screensaver software
Weather, news, and stock monitoring software
Desktop search engines
Web server software
Shopping or coupon software
Fake/Rogue security software
Password caching software
Online gambling software
Remote desktop software
Adobe Acrobat Reader Adobe Reader is #1 when it comes to most hacked/vulnerable software! Foxit Reader is a much safer PDF application.

Websites

Online game sites
Car shopping sites
Dating sites
Porn sites
Crack/keygen/warez sites
Social networking sites (e.g. facebook, myspace, etc)
Sites that ask for your credentials or personal information
Sites that offer free screensavers, wallpapers, or music
Gambling sites
Charity sites

Did I miss a website or software? Let me know by leaving a comment!
RVKHC4GBATZQ

Cookies, Supercookies & Ubercookies: Stealing the Identity of Web Visitors

2010-02-19T13:57:00.005-05:00

"Highly sticky techniques called supercookies for tracking web visitors are becoming well known. But the state of the art has in fact advanced beyond tracking, allowing a website to learn the identity of a visitor. I will call these techniques ubercookies; this article describes one such recently discovered technique. Future articles in this series will describe even more powerful variants and discuss the implications." Full article

Using Public Computers

2010-02-18T19:32:00.005-05:00

      If you are not using your own computer then you cannot possibly know how the computer is maintained, if the software is up to date, or if steps have been taken to ensure the computer is secure. Malware may be running on the computer and you have no idea who may be watching your network traffic. When you are on a computer you do not own, a keylogger could be recording everything you type. In this situation, your password and other information could be stolen even if you are sending them via a secure (https) web session.

     Overall, use common sense when using public computers or a friend’s computer, and be aware of the security risks involved.

5 security tips for using a public computer

Zeus Trojan found on 74,000 PCs in global botnet

2010-02-18T18:52:00.006-05:00

"More than 74,000 PCs of nearly 2,500 organizations in nearly 200 countries, including 10 U.S. federal agencies, were compromised in a botnet infestation designed to steal login credentials to bank sites, social networks, e-mail systems, and other sensitive data, a security firm said Wednesday" Full article

Cyber Attack Simulation [Video]

2010-02-17T20:20:00.006-05:00

"CNN's Jeanne Meserve reports on the results of a staged cyber attack."

Following the Malware Supply Chain

2010-02-17T12:07:00.003-05:00

"While many outside of the security industry still perceive "hackers" as teenagers or isolated geeks who work alone, a recent research report encourages the general public to see malware as a cooperative industry that supports specialists, economies, and supply chains." Full article

800 Virginia PCs Destroyed By Possible "Time Bomb"

2010-02-17T11:53:00.012-05:00

"The City of Norfolk, Virginia is reeling from a massive computer meltdown in which an unidentified family of malicious code destroyed data on nearly 800 computers citywide." Full article

Best Free AntiMalware Software/Tools

2010-02-16T23:53:00.000-05:00

I highly recommend these articles! They are constantly updated.

The Top Add-ons / Extensions to Secure Your Web Browsing

2010-02-16T23:09:00.001-05:00

Here are some of the top security add-ons that you should use for safer browsing. * = add-ons I use

WOT (Web of Trust): warns you about risky sites that cheat customers (phishing), deliver malware, or send spam. Millions of members of the WOT community rate sites based on their experience. It shows a rating icon next to each site in search results from Google, Yahoo, Wikipedia, and other popular Web services.
* NoScript: gives you the power to specify the sites you trust and only those sites will be allowed to run active content like JavaScript, Java code, Flash and other executable code. The addon thus protects you from cross-site scripting attacks and clickjacking attacks. Note: many sites do require Javascript in order to work properly, so you need to know what you are doing.
* Adblock Plus: does just what it sounds like it does: blocks ads (automatically)!
FlashBlock: also does what it sounds like it does: blocks ALL Flash content from loading. It leaves placeholders on the webpage that allow you to view the Flash content. This improves your security against Flash vulnerabilities.
Dr. Web AV link checker: allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.
* KeyScrambler: encrypts your keystrokes at the kernel driver level to protect your information from keyloggers.
Redirect Remover: removes redirects from links and images on a given page.
RequestPolicy: control which cross-site requests are allowed. Improve the privacy of your browsing. Secure yourself from Cross-Site Request Forgery (CSRF) and other attacks. Note: RequestPolicy and NoScript are NOT the same! RP focuses on a different, important issue: CSRF attacks. Use RP to restrict some third party requests

List of Online Anti-Malware (File) Scanners with Descriptions

2010-02-16T18:59:00.005-05:00

I have made a list of sites that offer an online virus scan service that checks uploaded files for malware using antivirus engines! All of these services are absolutely free.

VIRUSTOTAL: uses 40 AV engines. This service has the best detection rate! Note: VirusTotal also has an uploader program (140KB) that works on Windows. The uploader program will automatically send the file to VirusTotal without you opening your web browser! 20 MB file size limit.
WEPAWET: detects and analyzes web-based malware. It currently handles Flash, JavaScript, and PDF files.
Jotti: uses 20 AV engines. 20 MB file size limit.
Novirusthanks: uses 24 AV engines. 20 MB file size limit
Kaspersky File Scanner: updates every three hours to ensure that even the very newest viruses can be detected. 1 MB file size limit.
Virus.org: uses 18 AV engines. 5 MB file size limit.
Dr. Web Virusscan: you can check single files. Archives with different files inside (ZIP, ARJ, RAR, etc) (Infected files will be listed).
Sunbelt CWSandbox: automated sandbox server to see what the malware would do to your computer if it were installed. 12288 KB file size limit. (Results by email)
Anubis: analyzes malware. Submit your Windows executable and receive an analysis report telling you what it does. 8 MB file size limit. (The file must be a Windows executable.)
VirScan: uses 36 AV engines. 20 MB file size limit.
FortiGuard: uses FortiClient AV engine. 1 MB file size limit. (Results by email)
VirusChief: uses 12 AV engines. 10 MB file size limit.
ThreatExpert: is an advanced automated threat analysis system (ATAS) designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode. 5 MB file size limit. (Results by email) Note: ThreatExpert also has stand-alone tool that provides you with a quick way to submit your samples without using your browser.
Avast! Online Scanner: uses avast! AV engine. 512kb file size limit
Antivir.ru: your files are immediately scanned by the latest version of Dr.Web anti-virus with the most recent virus definitions loaded.
Filterbit: uses 6 AV engines. 20 MB file size limit.
Comodo Instant Malware Analysis: once the file is submitted, COMODO Automated Analysis System will scan it and report back its findings.
Norman Sandbox: instant analysis by Norman SandBox. In-dept information about the analysis performed. (Results by email)
Autovin: analyzes the behavior of Windows executables. 5 MB file size limit. (Results by email)

With images: http://www.remove-malware.com/forums/viewtopic.php?f=16&t=4718

How Secure is Your Password?

2010-02-16T14:18:00.000-05:00

When choosing passwords, it's important that you make them strong and complex. Passwords should be at least eight characters long and contain letters, numbers, and symbols (!,@, #, &, %, etc). Never use words that can be found in a dictionary. Try to make it as random as possible. Each password should be unique and unrelated to any of your other passwords. You should never write down your password or share it with others. Keep in mind: security is only as strong as its weakest link. You can use Password Strength Checker to assess the strength of your password!