May 2011 - Posts
This is an interesting development and am hopeful they will be successful:
Apple advisory on "MacDefender" malware
QUOTE: Looks like Apple noticed that "MacDefender", a fake anti-virus tool that we covered earlier, is indeed starting to make inroads on the Mac user community. They have published an advisory today that describes how to "avoid" or "remove" the threat.
The advisory also states "In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware" which might turn out to be the first glimpse of an acknowledgment that yes, Macs can also have malware, and yes, Macs might even need a tool to remove malware.
Please avoid spammed messages features a new Facebook music player feature. This will compromise your Facebook account plus it may create malware infections on your PC as well. Trend Labs warns of this new attack below:
Trend Labs - Facebook Spam Now Plays Your Favorite Music
QUOTE: Wouldn’t it be cool if you had immediate access to your favorite music and bands? What if these are readily available on your favorite social networking site? Unfortunately, spammers also find this cool. We recently noted messages and wall posts circulating on Facebook that promote a supposed new music player feature.
The script used in this spam run is now detected by Trend Micro as JS_FBJACK.B. Similar to other previously reported Facebook spam runs, once users access the alleged link, they are redirected to a site that tells them to follow several steps. The first of which is to copy a particular snippet of code onto their browser address bars, reminiscent of the “See You… In 20 Years!” Facebook attack, which spread via multiple features.
Once done, the malicious script accesses the affected user’s Facebook friends list. From this list, it creates wall posts and sends chat messages to the accumulated Facebook contacts. The wall post and message read: “FaceBook finally added a profile music player! I’ve been wanting one of these forever! [LINK]“ All of the links above currently redirect to a single URL, a scam site telling the affected users that they won a certain prize. The site then asks them to give out personal information.
A new version of EMET has been released with the following new features
Microsoft - New EMET version available
QUOTE: The Enhanced Mitigation Experience Toolkit enables and implements different techniques to make successful attacks on your system more difficult. EMET is designed to mitigate exploitation attempts (even of 0-days) by making “current” exploitation techniques harder and less reliable. Users interested in finding out more about EMET can read more here. Today’s release comes with some new features:
- EMET is an officially-supported product through the online forum
- “Bottom-up Rand” new mitigation randomizes (8 bits of entropy) the base address of bottom-up allocations (including heaps, stacks, and other memory allocations) once EMET has enabled this mitigation.
- Export Address Filtering is now available for 64 bit processes. EAF filters all accesses to the Export Address Table which blocks most of the existing shellcodes
- Improved command line support for enterprise deployment and configuration
- Ability to export/import EMET settings
- Improved SEHOP (structured exception handler overwrite protection) mitigation
- Minor bug fixes
CERT has issued a recent warning to be careful with recent disasters and other news events. These are often used to trick individuals into revealing sensitive information or accepting malware on their systems.
Mississippi Flooding Disaster - Scams and Malware attacks
QUOTE: Users should be aware of potential email scams, fake antivirus, and phishing attacks regarding the Mississippi flooding disaster. Email scams may contain links or attachments that may direct users to phishing or malicious websites. Fake antivirus attacks may come in the form of pop-ups that flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus charitable organizations commonly appear after these types of natural disasters.
US-CERT encourages users to take the following measures to protect themselves:
It is always important to verify URLs and a slightly mispelled version of MySpace could trick users into sharing the email, cell phone number, or other senstitive information.
Every day is a Birthday Party
QUOTE: You'd have thought Myspace would have snapped up myspac(dot)com, but it seems to have scampered past them in the night like a small scampery thing that scampers. This site will bounce you through a whole bunch of different locations. When you hit that last one, the "Social Reward Center" tries to make you feel all bad about not taking part in their birthday celebrations. Did I say "birthday celebrations"? I sure did, because it's their sixth birthday! You're then asked to hand over your mobile number and email address. Not sure I'll be signing up to this one anytime soon, especially as the Site Advisor user reviews are so positive.
Microsoft's CEO has officially announced a target of 2012 for Windows 8.
Ballmer: Windows 8 is Coming in 2012
QUOTE: Microsoft's (MSFT) next version of the Windows operating system, dubbed Windows 8, will debut in 2012, company CEO Steve Ballmer said Monday. Ballmer made the announcement in Tokyo, speaking to an audience of software developers. Observers had been expecting the next version of Windows next year, but this is the first time that the company has officially confirmed the 2012 date.
Ballmer told the developers, "as we look forward to the next generation of Windows systems, which will come out next year, there's a whole lot more coming," according to a transcript of his speech posted to Microsoft's website. "As we progress through the year, you ought to expect to hear a lot about Windows 8. Windows 8 slates, tablets, PCs, a variety of different form factors," he added.
A good resource with 3 pages of links
CIO Magazine - Complete Guide to Windows 7
QUOTE: From pricing questions and a rundown of interface features to upgrade concerns and challenges presented by the iPad, CIO.com's Windows 7 Complete Guide covers it all. Our guide delivers expert reviews, advice on planning and rollout, opinion pieces and news analysis on Microsoft's latest client operating system.
According to early reports, tablets and mobile devices will also be a focal point for this new operating system
Windows 8 Coming in At Least 4 Versions
QUOTE: Microsoft will make at least four different versions of Windows 8 for devices with ARM processors, but you won't be running older Windows apps on any them, according to an Intel executive. Renee James, Intel's senior vice president and general manager of Software and Services Group, also reaffirmed that Windows running on ARM devices will be focused on tablets and other mobile devices, according to Bloomberg.
In the Account Settings, users can opt to get a special password code delivered in text to their mobile phone to strengthen login authentication. You must register your mobile phone with Facebook for this feature. This is documented below.
Facebook goes two-factor
QUOTE: Facebook is now offering a new feature called "Login Approvals". I call it part-time two-factor authentication mechanism. Andrew Song of Facebook states: "Login approvals is a Two Factor Authentication system that requires you to enter a code we send to your mobile phone via text message whenever you log into Facebook from a new or unrecognized computer." I have downgraded it to "part-time" because once you have approved the browser instance you are using to login to daily, it does not require execution of the second authentication until you have removed it from the list. I clarify "browser" because you will be forced to re-auth from a different browser.
This article from the McAfee blogs highlights the danger associated with using shared Internet facilities in a library, hotel, restaurant, or executive lounge. Some key points include:
* It's always important to LOGOFF all environments after checking email or other activity.
* Users should avoid sharing sensitive information
* Users should avoid e-commerce transactions
* In these less trusted settings, there are even dangers of keyloggers or wireless interception capabilities.
* There are dangers in plugging portable media (USB devices) into public computers as they could be potentially infected
* Finally, if you see that the last user is still logged on, please do them a favor and log them off
Public Internet Facilities - Dangers in using shared devices
QUOTE: One of the perks of travel is access to Executive Lounges. One of the perks of Executive Lounges is that they often have VERY cool devices on display for the weary traveler to use. In one particular lounge I am currently in resides a very nifty Motorola XOOM:
I am kinda torn on the idea of shared devices. It’s great to have access to cool technology in a lounge or a store but you would kind of hope there would be SOME kind of protection or device management/lockdown going on. Who in their right mind would log into a wide open device and use it for their private email, twitter or Facebook use right? I think you guessed…. quite a few people.
This particular XOOM (and there were several in this lounge as well as at least one Motorola ATRIX) had what you would expect: Twitter, YouTube, FaceBook and such. All of these has multiple logins with the account data saved (which I will NOT show for obvious reasons) but in truth this was not what surprised me. Poking around I quickly noticed that I had full access to the main account that the device used.
Windows 8 is currently being developed by Microsoft. Below are some of the possible forthcoming features:
TechTarget - A first glimpse at Windows 8
QUOTE: Windows 8 has been the topic of speculation for many months now, but as was the case with Windows 7, Microsoft is pretty tight-lipped about what's to come in the next version of its flagship operating system. However, early information has emerged over the past few weeks.
Here's a rundown of exactly what we know at this point about Windows 8:
* Cross-platform operating system - Windows 8 will run not only on Intel chips, but also on ARM processors, which are popular in tablet devices, smaller netbooks and other portable devices.
* New (or improved) user interface - Microsoft has gone on to develop other interesting user interfaces (UIs) such as Kinect and the Windows Phone 7 operating system's Metro UI, which has also drawn positive reviews. Expect to see enhancements and flashes of those two UIs, along with iterative improvements that will be native to the final builds of Windows 8 as they become more mature.
* Will MinWin and a Hyper-V client hypervisor debut in Windows 8?
* Windows 8 getting a ribbon interface overhaul
* Internet Explorer 10 - Although Internet Explorer 9 was just released a couple of months ago, the IE team is hard at work on the next version of Microsoft's browser, one of the cornerstones of Windows 8. IE10 is expected to have increased support for the HTML 5 standard and enhanced compatibility for key Cascading Style Sheets and properties, such as gradients and a flexible box layout.
* A touch interface will also be included, since most features in Windows 8 will have multi-touch capability.
* Enhanced security - Each version of the Windows operating system has included improved protection from both local and remote attacks, and it looks like Windows 8 will be no exception.
* History Vault - Similar to Apple's Time Machine feature is Microsoft's History Vault. Apple introduced Time Machine in 2007 to enable its OS to automatically make copies of important data files at regular intervals and make them available for easy restoration.
* Operating system application store - Microsoft is following the example of the newer Mac App Store by making software purchases and downloads possible from directly within the Windows user interface.
* Additional features - the following minor features might grab end-user attention:
-- Quicker installation
-- Built-in PDF reader
-- Ability to mount ISO files directory to the file system
-- "Restore factory settings" function to revert to a clean slate
-- Integrating Microsoft Kinect directly with Windows (and not just Xbox)
-- Integration with Windows Live ID service
For now, Microsoft is still in the development stage with Windows 8, but the expected release date is rumored to be sometime next year.
Below are some interesting statistics related to Internet Explorer's SmartScreen protection:
SmartScreen Application Reputation in IE9
QUOTE: Through the SmartScreen Filter, IE has been effective at blocking socially engineered malware attacks and malicious downloads – IE blocks between 2 and 5 million attacks a day for IE8 and IE9 customers. Since the release of IE8, SmartScreen has blocked more than 1.5 billion attempted malware attacks. IE is still the only major production browser to offer this kind of protection from socially engineered malware. From our experience operating these services at scale, we have found that 1 out of every 14 programs downloaded is later confirmed as malware.
Originally, SmartScreen protection was URL-based. IE7 introduced protection from phishing attacks by integrating a cloud-based URL-reputation service. IE8 added another layer of protection, also based on URLs (or Web addresses), to protect users from sites that offered malicious downloads and used social engineering techniques (“Run this to watch movies for free, download this security software to clean your machine, or get great emoticons!”) to get users to download and run them. URL-based protection from socially engineered malware attacks is an important layer of defense for consumers today on the Web.
That said, IE9 adds another layer of defense against socially engineered attacks that now looks at the application being downloaded - this is in addition to the URL-based protection described above. This new layer of protection is called SmartScreen Application Reputation. When it comes to program downloads, other browsers today either warn on every file or don’t warn at all. Neither of these approaches helps the user make a better decision. Application Reputation also addresses a limitation present in all block-based approaches that happens at the beginning of new attacks, before a Web site or program has been identified as malicious.
Last week, Firefox 5b was installed and it is working well in early testing. Currently, no extensions are being used as that is often a root cause for incompatibility issues. As with any beta version, only experienced professionals who can resolve technical issues should test this new product.
Mozilla delivers Firefox 5 beta on schedule
QUOTE: As befits the more frequent release schedule that Mozilla staked out last month, Firefox 5 sports relatively few major changes. The two that Mozilla called out in a blog post Friday were support for the CSS (cascading style sheets) animation standard -- which has yet to win formal approval from the W3C (World Wide Web Consortium) standards group -- and the inclusion of a "channel switcher" that lets users flip between Firefox's three editions of Aurora, Beta and Release.
Google's Chrome and Apple's Safari already support CSS animations. Firefox 5 contains many more under-the-hood changes than Mozilla called out, however. The company listed 1,053 stability and other fixes in the detailed release notes accompanying the preview. Firefox 5's user interface is identical to its predecessor, Firefox 4, which launched two months ago.
Under the new Firefox development regime, Mozilla engineers will add features as they're completed, rather than hold them while all work on the next upgrade is completed. If a feature presents problems during testing -- say in the Aurora channel -- it will be yanked, then re-inserted into a later cycle after fixes have been applied.
From a security awareness perspective, these are indeed good and easy-to-follow guidelines for staying safe when using the Internet:
Internet Safety - Krebs’s 3 Basic Rules for Online Safety
QUOTE: Yes, I realize that’s an ambitious title for a blog post about staying secure online, but there are a handful of basic security principles that — if followed religiously — can blunt the majority of malicious threats out there today.
1. “If you didn’t go looking for it, don’t install it!” A great many online threats rely on tricking the user into taking some action — whether it be clicking an email link or attachment, or installing a custom browser plugin or application.
2. “If you installed it, update it.” Yes, keeping the operating system current with the latest patches is important, but maintaining a secure computer also requires care and feeding for the applications that run on top of the operating system. Bad guys are constantly attacking flaws in widely-installed software products
3. “If you no longer need it, remove it.” Clutter is the nemesis of a speedy computer. Unfortunately, many computer makers ship machines with gobs of bloatware that most customers never use even once. For example, Java is a powerful program and Web browser plugin that most people have on their machines but seldom use (the bulky program also adds itself to the startup menu in Windows every time you update it). Meanwhile, attackers are constantly targeting systems with outdated versions of this software.
Technet offers some excellent security recommendations for protecting Windows 7 and Server 2008 environments
Windows 7 - Recommended Corporate Security Settings
QUOTE: This guide is a reference to the security settings in Windows Server 2008 R2 and Windows 7 that provide countermeasures for specific threats against the current versions of the operating systems.Many of the countermeasures that are described in this guide are not intended for specific computer roles in the companion guides, or in some cases, for any roles at all. These countermeasures help ensure compatibility, usability, manageability, availability, or performance. Generally, as security increases, functionality decreases, and vice versa. However, there are exceptions, and some security countermeasures actually help improve functionality.
Sophos offers a detailed report related to FAKEAV attacks
Sophos - Research report on What is Fake AV?
QUOTE: Fake AV, or Fake Anti-Virus, is one of the most frequently-encountered and persistent threats on the web. This malware, with over half a million variants, uses social engineering to lure users onto infected websites with a technique called blackhat Search Engine Optimization. Once the Fake AV is downloaded onto the user's computer, the software will scare them into believing their system is infected with threats that do not really exist, and then push users to purchase services to clean up the non-existent threats. The Fake AV will continue to send these annoying and intrusive alerts until a payment is made.
The first FAKEAV attacks have surfaced for Mac OSX systems as noted below:
FAKEAV - MacDefender is the first attack designed for Mac OSX systems
QUOTE: MacDefender showed up on the radar last week, as the first fake Anti-Virus (AV) ScamWare for MacOSX. Currently, its distributed under a couple of different names (that all display the same functionality); MacDefender, MacProtector, and "Mac Security". In the Windows world this flavor of malware has existed for years, enticing unsuspecting users into installing bogus AV software under the guise of the client machine being infected.
Then once it scares you into believing you're infected, it asks for your credit card information in order to purchase the application that will "fix" the infection. In the Security realm we see this all the time on Windows systems, but I'm guessing the Mac user community doesn't have much experience with this type of scam.
Websites and advertisements on them, have been claiming to detect the presence of malware on PCs for a long time. It is one of the oldest tricks in the book and many people still fall for it. The Internet is akin to the old strip in Las Vegas, confidence tricksters and scam artists on every block, all looking to take money from gullible tourists. Don't be fooled, educate yourselves and your users, learn to recognize the scams and how to deal with them.
In using Facebook to keep in touch with family and friends, there are constant daily attacks. Many of these are socially engineered well and can trick people who are not aware or careful. In many cases, there are offers for capabilities that do not exist in Facebook (e.g., to see who checked your profile). Please be careful and do not click on any suspicious links offered.
Often I will hover over any unacceptable post and delete it from my Facebook wall (so that my contacts don't become infected). Accepting malicious links can infect your PC plus compromise your Facebook profile settings.
Facebook - Avoid the Discover-your-stalker fake attacks
Microsoft has issued recent warnings for social engineering schemes that start with an unexpected phone call. Cybercriminals attempt to convince people by phone to visit malicious websites or provide confidential information, including credit card accounts. Please avoid these scams as noted below:
Telephone Scams - Microsoft will not come to your home and fix your PC
QUOTE: Senior attorney for Microsoft’s Digital Crimes Unit (DCU), Richard Boscovich, appeared on Seattle’s NBC news last week to confirm that Microsoft will not cold call you to fix your computer. If you’ve received a call from someone who claims to be from Microsoft and wants to fix your computer, hang up. You can also report these calls to the Federal Trade Commission.
Telephone Scams - Another past warning
QUOTE: Cybercriminals have started calling people on the telephone, claiming to be from Microsoft, and offering to help solve their computer problems. Once cybercriminals have gained a victim's trust, they can do one or more of the following:
* Trick people into installing malicious software on their computer
* Take control of a victim's computer remotely and adjust settings in order to leave the computer vulnerable
* Request credit card information so that cybercriminals can bill for the phony services
As evidenced by friends I've recently helped, there is a tremendous growth in the number of FakeAV attacks circulating. Some of the recent Facebook or email scams provide ways of infecting vulnerable systems with just a few clicks of the mouse. Always be careful with links and in installing any type of software, as only trusted sources should be used. Some great statistics on these trends are provided by McAfee in the link below.
Fake AV - Attacks continue to grow in number
QUOTE: Fake-alert Trojans, also known as scareware, fool consumers by claiming imaginary threats, and insisting its victims purchase a product to repair the “infected” systems. They exist in Windows and Macintosh environments. In my recent report explaining this threat, I included a table showing the approximate number of scareware products with their known release dates:
More Posts Next page »