Category Archives: Antivirus Vendors

Antivirus Vendors

ESET

Scareware: It’s back, and now it’s even scarier

Leave a comment

‘Scareware’ – fake antivirus programs which attempt to fool the user into downloading malware, by warning him or her of a “threat” on their PC – is back, with a new, even more annoying trick.

V3 reports that the new strain of scareware reverses a “dropping trend” in fake AV with a new way of making money – blocking the user from using the internet until they pay for the ‘product’.

Threatpost says, “Rogue antivirus was once the scourge of the Internet, and while this sort of malware is not entirely extinct, it’s fallen out of favor among criminals as users have become more aware and security products have gotten better at blocking the threat.”

Scareware: Antivirus that isn’t ‘anti’

Rogue AV is still found – indeed ESET has been repeatedly ‘honored’ with fake scareware versions of  of its products – but Microsoft reports that in the past 12 months, scareware had fallen out of fashion.

Variants on the tactic are still used, but the classic scareware warning inciting victims to download AV products that are, in fact, malware, is less common.

On Android, ESET researchers discovered a Trojan packaged to look like antimalware products, “This backdoor trojan, which ESET detects as Android/Spy.Krysanec, was found as a malicious modification of MobileBank (a mobile banking app for Russian Sberbank), 3G Traffic Guard (an app for monitoring data usage) and a few others, including our own ESET Mobile Security.”

Microsoft researcher Daniel Chipiristeanu says, “Lately we’re seeing a dropping trend in the telemetry for some of the once most-prevalent rogue families,  It’s likely this has happened due to the anti-malware industry’s intense targeting of these rogues in our products, and better end-user awareness and security practices.”

Chipiristeanu says that “education” has played a part – but new gangs have simply moved on to new methods to target victims.

Stops you using internet – until you pay

“The big malware “players” are having more trouble in taking advantage of users paying for fake security products, and are moving away from this kind of social engineering, we are seeing other players willing to fill the gapRogue:Win32/Defru has a different and simpler approach on how to trick the user and monetize on it. Basically, it prevents the user from using the internet by showing a fake scan when using different websites.”

The malware targets 300 websites, and when a user tries to access them, they instead see the following fake message, ““Detected on your computer malicious software that blocks access to certain Internet resources, in order to protect your authentication data from intruders the defender system Windows Security ® was forced to intervene.”

Naturally, the ‘cure’ is to pay, Threatpost says. Thus far, the malware largely targets Russian-speakers.

“An unsuspecting user, after receiving this warning more than a few times when browsing, might be inclined to click “Pay Now”. This will lead them to a payment portal called “Payeer” (payeer.com) that will display payment information (see Figure 3). But of course, even if the user pays, the system will not be cleaned,” says Chipiristeanu.

“The user can clean their system by removing the entry value from the “run” registry key, delete the file from disk and delete the added entries from the hosts file. Before paying for a product (either a security product or any other) make a thorough investigation to make sure that it is a legitimate product and it is not fake or a copy of a free one.”

The post Scareware: It’s back, and now it’s even scarier appeared first on We Live Security.

ESET

Flight MH370 – did cyber attack steal its secret?

Leave a comment

Classified documents relating to the missing Malaysian Airlines Flight MH370 were stolen using a carefully-crafted spear-phishing attack, targeting 30 government officials just one day after the disappearance of the still-missing aircraft.

The Malaysian Star claims that the attack targeted officials with a PDF document which appeared to be a news report about Flight MH370, and was sent to a group of investigators. Around 30 computers were infected by the malware.

“We received reports from the administrators of the agencies telling us that their network was congested with e-mail going out of their servers,” CyberSecurity Malaysia chief exec Dr Amirudin Abdul Wahab said.

Flight MH370: ‘Confidential data’

“Those e-mail contained confidential data from the officials’ computers, including the minutes of meetings and classified documents. Some of these were related to the Flight MH370 investigation.”

Business Insider says that the attack occurred one day after the Boeing 777 went missing, and took the form of an .exe file disguised as a PDF (a common office file format).

It’s unclear who the attacker – or attackers – were, but information from infected computers was transmitted to an IP address in China. Officials in Malaysia blocked the transmission, The Star said.

‘Very sophisticated attack’

Department of Civil Aviation, the National Security Council and Malaysia Airlines were among those targeted by the hacker, the Telegraph reports. The infected machines were shut down, but “significant amounts” of information on Flight MH370 had been stolen.

“This was well-crafted malware that antivirus programs couldn’t detect. It was a very sophisticated attack,” Amirudin said.

CyberSecurity Malaysia suspects the motivation may have been curiosity about supposedly “secret” information held by the Malaysian government on Flight MH370.

“At that time, there were some people accusing the Government of not releasing crucial information,” Amirudin said.“But everything on the investigation had been disclosed.”

The post Flight MH370 – did cyber attack steal its secret? appeared first on We Live Security.

Avira

Geotagging: what your photos reveal about where you live

Leave a comment

A recent project out of the University of Florida entitled I know where your cat lives highlights how easy it is to identify people’s home address based on the pictures of their cats, uploaded to popular photo sharing platforms such as Instagram or Flickr.

I know where your cat lives

Researchers from the University of Florida located, with an accuracy of 7.8 meters, the exact place where pictures tagged with the word “cat” were shot.

They started by extracting metadata (including the latitude and longitude of where the picture was taken) from a sample of 1 million images, accessible from publicly available APIs from popular photo-sharing websites. The photos were then run through clustering algorithms with the help of a supercomputer. The researchers then created a website, where cat images were superimposed with GoogleMaps, pinpointing their exact location. Well, that’s just purrfect…

I know where your cat will be 24 hours from now

Okay, chances are even you don’t know that (much less your cat). But that’s where the technology is heading. Two years ago, a team from Birmingham University developed an algorithm that successfully detected where a test sample of people were going to be 24 hours in advance… How did they do it? By combining information on where they’d been (think of every time you checked into Foursquare) with the past movements of contacts in their Smartphone’s address book.

How your address finds its way into your pictures

When taking a picture, information is stored in the form of Exif tags. These detail the camera’s model, the image’s resolution in pixels, the time/date the picture was taken… This type of metadata is typically fairly innocuous. However as Smartphones now include in-built GPS, Exif tags frequently include the longitude and latitude as well. This functionality is referred to as Geotagging.

How to disable geotagging on your Smartphones

As your GPS is necessary for certain applications we’re just going how to show you how to remove geotagging when taking pictures.

If you’re an Android user:

  1. Access your phone’s camera application
  2. Select “Store location” on the left hand side, below “color effect”
  3. Switch off the geotagging

If you’re an iPhone user:

  1. Go to settings
  2. Select “Privacy”
  3. Select “Location Services”
  4. Find “Camera app” and switch it off

How to remove geotags from existing pictures

To remove geotags from all your pictures, you can do so with free software.

  • For Windows users:

Try Microsoft Pro Photo Tools version 2. This free tool enables you to easily edit or delete Exif tags from your digital photographs, including the GPS location.

It is also possible on Windows to remove Exif tags manually without installing additional software. For an overview of the process with step-by-step screenshots, please visit: www.technorms.com/38749/remove-personal-exif-information-from-digital-photos

  • For Mac users:

Try SmallImage or ImageOptim. Both tools are free and offer an easy drag-and-drop functionality for removing Exif tags.

Conclusion

Although privacy concerns over metadata is not new, the project I know where your cat lives did a great job of raising awareness for the problem. We recommend that you think carefully about what information you’re going to share (many users contacted the researchers at the university of Florida and asked them to upload their cat’s pictures and location to their map). If you are uncomfortable with sharing your location, please be sure to remove the Exif tags.

P.S. Avira developed a free tool to prevent companies for tracking your web activities. If you would like to learn more, please visit: www.avira.com/en/avira-browser-safety-lp

The post Geotagging: what your photos reveal about where you live appeared first on Avira Blog.

Avira

Browse the Internet smart and safely with Avira Browser Safety and SafeSearch

Leave a comment

The features are called Avira Browser Safety, (available for Chrome and Firefox) and Avira SafeSearch, and they both work as browser extensions.

Browse the Internet safely…

Why the focus on browsers? These days, as firewall protection has improved significantly, most malware and identity theft no longer come from e-mail attachments but instead come from infected websites exposing visitors to drive-by downloads, code injection, password-stealing Trojans, etc. Even perfectly legitimate sites can be temporarily compromised and website owners usually don’t even know their site has been hacked, so avoiding dodgy sites is no longer a guarantee that you won’t be infected.

Avira Browser Safety and Avira SafeSearch protect you and your privacy by blocking these website-based threats.

The new features work together to guide you to safe websites when you browse the Internet and warn you about harmful websites before you click on the links. They also block trackers and advertising scripts that are trying to profile your browsing activity.

… and smart

In addition to the security focus, when you are doing online shopping on e-commerce sites, Avira will notify you if the item you are looking at is available at a lower price on other sites.

avira-offers-screenshotThis additional feature makes online shopping safer by directing you to e-commerce sites from our trusted partners—which Avira has checked out for their security and privacy policies. We have researched these merchants for you to make sure they have appropriate data privacy procedures, reasonable return policies, no history of payment complaints, and no aggressive third-party ad networks running on their sites. So you save money, time and avoid potential hassles.

In case anyone might be wondering if Avira needs to track users’ web browsing habits in order to present these shopping offers, the answer is NO. Avira just compares the product SKU that is on your screen at that moment against a list of inventory among our partners. Avira does not permanently track your web habits in any way and you will never receive a re-targeted advertisement because of us, nor will we ever sell your information to anyone.

Avira also earns a commission from these shopping referrals. We use these earnings to help support our 350+ engineers so that we can continue to offer you the world’s best security software (which earned a 100% perfect detection rate as measured by AV-TEST)—all for free.

Of course, if you’d rather not use Avira Browser Safety or Avira SafeSearch you can always turn them off. The rest of our software will keep on protecting you as before.

CONSTANT IMPROVEMENT

The introduction of Avira Browser Safety and Avira SafeSearch represent just the latest step in Avira’s constant improvement.

When we opened our doors in 1986, the definition of computer “security” meant stopping annoying but relatively benign programs that spread via floppy disks! By the late-1990s, security had evolved to include e-mail viruses, and the growing use of the Internet lead to new forms of sending and contracting viruses, worms, Trojans and other malware. Professional spammers and organized crime syndicates took over from ‘recreational’ hackers in the mid-2000s, and introduced some of the first malware that actually stole credit card numbers and collected personal identity information.

To keep up with these changes in the nature of online threats, Avira constantly has to invent new technologies for detecting and disabling malware. You don’t even notice most of these innovations because they work behind the scenes.

The coders and virus hunters at Avira today are proud of the software that we have engineered for you, and we hope you’ll try out Avira Browser Safety (install for Chrome or Firefox) and Avira SafeSearch. Stay tuned for exciting future developments.

The post Browse the Internet smart and safely with Avira Browser Safety and SafeSearch appeared first on Avira Blog.

ESET

Traffic light – ‘easy’ to hack whole city’s systems

Leave a comment

The most famous traffic light ‘hack’ in history is in the classic film, The Italian Job (1969), a caper movie where the heist involves paralyzing Turin via its traffic control system. The plan’s author, played by Michael Caine, says, “It’s a very difficult job and the only way to get through it is we all work together as a team. And that means you do everything I say.”

The reality, it turns out, is much easier – at least according to researchers at the University of Michigan, who say that networked traffic systems are left vulnerable by unencrypted radio signals and factory-default passwords, and that access to individual lights – or even a city-wide attack, as in the film, is possible, according to Time’s report.

“This paper shows that these types of systems often have safety in mind but may forget the importance of security,” the researchers write. Technology Review points out that Michigan’s system, which networks 100 lights, is far from unique. Similar systems are used in 40 states.

An attacker focused, like the film’s ‘crew’ on robbery could control a series of lights to give himself passage through intersections, and then turn them red to slow emergency vehicles in pursuit, according to the BBC’s report.

Traffic light: Blow the bloody doors off

“Once the network is accessed at a single point, the attacker can send commands to any intersection on the network,” the researchers write.

“This means an adversary need only attack the weakest link in the system. The wireless connections are unencrypted and the radios use factory default user-names and passwords.”

Traffic light controllers also have known vulnerabilities, and attacks could paralyze cities: a traffic DDOS could, the researchers suggest, turn all lights to red, and cause “confusion” across a city.

Lights ‘go green automatically’ as thief escapes

“An attacker can also control lights for personal gain. Traffic lights could be changed to be green along the route the attacker is driving,” the researchers write.

“Since these attacks are remote, this could even be done automatically as she drove, with the traffic lights being reset to normal functionality after she passes through the intersection.”

“More maliciously, lights could be changed to red in coordination with another attack in order to cause traffic congestion and slow emergency vehicle response,” they write.They also suggest measures including encrypted signals and firewalls which could improve current systems.

Perhaps a film reboot is in order: after all, the 1969 version ends with Caine saying, “Hang on, lads; I’ve got a great idea.”

The post Traffic light – ‘easy’ to hack whole city’s systems appeared first on We Live Security.

ESET

PIN number: Police want codes on ALL devices

Leave a comment

Police hope to work with leading mobile phone manufacturers such as Samsung to build in the requirement for a password or PIN number as a default into new handsets, with the British police unit responsible for phone theft wanting to “target-harden” phones.

Currently, up to 60% of phones have no form of password protection, said the National Mobile Phone Crime Unit.This not only makes it easier to resell the gadgets, but hands over personal data – including, potentially GPS data showing the locations of homes, as well as passwords and banking details, according to The Register’s report.

DCI Bob Mahoney of the NMPCU said, “We are trying to get [PIN number systems and other codes] to be set as a default on new phones, so that when you purchase it you will physically have to switch the password off, rather than switch it on.”

The NMPCU said in a statement to Motherboard that PIN-protected phones were less valuable to thieves.

PIN number: Less valuable to thieves

“We have been talking to the industry and government. This is one of the main ideas among a range of measures we are trying to push to protect personal data. All of the industry has been engaged at all levels – and government too.”

“We have intelligence that shows a phone with personal information is worth more than other mobiles, because the thief can sell it on to anyone who can make use of that info,” the DCI said.

“On an unlocked phone, you can find a person’s home address, home telephone number, their partner’s details, diary, Facebook and Twitter account. This allows thieves to know when a target is not going to be at home or perhaps use their details to set up banking loans. They could destroy a person’s life.”

‘This can destroy lives’

We Live Security has written a guide to securing mobile devices (including tips such as ensuring screen time-outs are lowered before a PIN number is required so a thief is less likely to get access to an ‘unguarded’ handset).

PR efforts from major phone companies tend to focus on novel protection methods such as biometrics, but Get Safe Online, a government organization focused on cyber safety, said that passwords, when rolled out widely were an effective measure. “Fingerprint recognition offers a degree of safety, but there is still no substitute for a well-devised and protected password or PIN.”

Techradar said that Samsung had been in discussion with government. Mahoney said the discussions had been underway for two years and the “idea was gaining traction.”

Mahoney said, “If you have to get into the phone to switch something on, our research indicates people are less likely to do it. The industry are very supportive.”

The post PIN number: Police want codes on ALL devices appeared first on We Live Security.

ESET

Banking security – new apps ‘know’ your touch

Leave a comment

Everyone hates passwords – even the guy who invented them – but some bank app users in the Nordic region are experiencing a taste of a future where they might not be necessary.

Password theft – on a massive scale – has become a near-weekly happening, and biometrics have their own disadvantages – such as inaccurate scanners which won’t work when wet, as well as hacks with latex fingerprints and other such gizmos.

But customers at Danske bank have been trialling a new “behavioral” form of identification, according to Forbes magazine. Rather than simply ID a customer using a PIN, the app tracks the pressure and speed they use to type it in.

Banking security: Touch too much?

The theory is that even if a PIN is weak, or stolen, the thief cannot mimic the distinctive pattern of pressure the user types theirs in with.

“Eventually mobile security may no longer hinge on whether a password is long enough, but on how well the device knows the user,” ComputerWorld comments.

“We’re monitoring the small stuff,” says Neil Costigan, founder of Behaviosec,. “The flight between the keys, which corners of the keys you tend to hit, where you pause. Do you circle in on a button or do you go straight to it and hit it?”

‘How well the device knows you’

As a security solution, it’s low-cost (it uses sensors already present in the phone) and demands nothing of the customer. The trial has been such a success that multiple banks in Sweden, Norway and Denmark will use similar apps shortly. The app scored 99.7% session acccuracy.

“Multilayered security can be achieved by combining the three pillars: something you have (i.e., the phone as a token), something you know (like your PIN), and something you are which is your physical or behavioral metrics,” says Behaviosec.

At present, Behaviosec’s technology can pick up a ‘false’ user within 20 to 60 seconds. The company said it could also have wider applications such as preventing children accessing inappropriate content on tablets.

The start-up is now investigating further behavioral tracking – such as monitoring the way in which a user picks up a smart device, using the gyroscope.

Our own daily routines could even be used as “passwords” some researchers believe. Google’s “predictive” Google Now system already offers Android users reminders to go to work (by monitoring their movments by GPS), and to go home. Could such data be used as a “password”?

“Most people are creatures of habit – a person goes to work in the morning, perhaps with a stop at the coffee shop, but almost always using the sameroute. Once at work, she might remain in the general vicinity of her office building until lunch time. In the afternoon, perhaps she calls home and picks up her child from school,” says Markus Jakobsson of the Palo Alto Research Centre.

Jakobsson analyzed several techniques for identifying users via smartphone use, and found GPS to be the most reliable.

Jakobsson claims that by combining techniques, it’s possible to lock out up to 95% of adversaries, even, “an informed stranger, who is aware of the existence of implicit authentication and tries to game it.”

The post Banking security – new apps ‘know’ your touch appeared first on We Live Security.

ESET

Phishing emails: U.S. nuke authority hit three times

Leave a comment

America’s Nuclear Regulatory Commission was successfully attacked three times within the past three years, by unknown attackers, some foreign – and largely using standard phishing emails and similar techniques, according to the news site NextGov.

Two of the incidents have been traced to unknown foreign individuals, and another to an unidentifiable attacker, as records have been lost.

CNET reports that one incident led 215 employees of the nuclear agency to “a logon-credential harvesting attempt,” hosted on “a cloud-based Google spreadsheet.” The information was obtained through a specific request by NextGov.

Phishing emails: Lethal targets

A second spearphishing attack targeted specific employees with emails crafted to dupe them into clicking a link which led to malware on Microsoft’s cloud storage site SkyDrive.

The third attack was a spearphishing attack directed at a specific employee. Once his account credentials were obtained, emails were sent to 15 further employees, with malware-laced PDFs.

“It’s still unclear which country originated the attacks, and whether the attackers were acting independently or as a part of a larger state action. It’s also unclear how far the attackers got,” the Verge reports.

‘Team thwarts most attempts’

NRC spokesman David McIntyre said that his security team “thwarts” most such attempts.

“The few attempts documented in the OIG (Office of the Inspector General) cyber crimes unit report as gaining some access to NRC networks were detected and appropriate measures were taken,” he said, speaking to CNET.

Slashgear reports, “The reasons for the hacks aren’t known, but are suspected to be an effort to harvest details about the nation’s nuclear infrastructure – another suggestion is that the NRC might not be a specific target, but instead swept up by chance in a more general attack by an individual hacker rather than a foreign nation’s government.”

A recent report on America’s energy agencies said such incidents were increasing 35% between 2010 and 2013.

The report, “INFORMATION SECURITY Agencies Need to Improve CyberIncident Response Practices.” said, “Our sample indicates that agencies demonstrated that they completed their eradication steps for the majority of cyber incidents. Specifically, our analysis shows that for about 77 percent of incidents governmentwide, the agencies had identified and eliminated the remaining elements of the incident. However, agencies did not demonstrate that they had effectively eradicated incidents in about 23 percent of incidents.”

The report made 25 suggestions about how agencies could improve responses, including that agencies should, “revise policies for incident response to include requirements for defining the incident response team’s level of authority, prioritizing the severity ratings of incidents based on impact and establishing measures of performance.”

The post Phishing emails: U.S. nuke authority hit three times appeared first on We Live Security.

ESET

Twitter hacked – Cricket legend ‘Beefy’ Botham exposed

Leave a comment

One of England’s greatest-ever cricketers, Sir Ian Botham, appeared to have had his offficial Twitter hacked yesterday as an obscene picture unexpectedly appeared on the sportsman’s feed, according to the Evening Standard.

The single post was accompanied by the message, “What are you thinking…. xx”.  Botham was rapidly warned by friend and Welsh football pundit Robbie Savage that he had had his Twitter hacked, “Mate I think you’ve been hacked.”.

Botham rapidly regained control of the account, and Tweeted, “I would like to thank the hacker….I’ve just got 500 hits in 20 mins !!”

Twitter hacked: ‘Beefy’

In his column in the Daily Mirror newspaper, ‘Beefy’ said, “For those of you on Twitter who may have seen a distasteful photo from my account yesterday, let me assure you it was the result of someone hacking into it. I’ve played a few jokes in my time, but this was pathetic.”

“My old mate and fellow Mirror columnist Robbie Savage was straight on to me to change my password – which I’ve done. I’ve also asked the boffins in the Sky tech department to see how I can stop it happening again.”

Veteran security writer and researcher Graham Cluley wrote, “Let’s hope that Sir Ian Botham has now properly secured his Twitter account and other social media assets more effectively. It would be terrible if future hacks would cause his fans to boycott his future tweets.

The only silver lining is that Ian Botham is now trending on Twitter.”

More followers after picture

Botham too saw the silver lining to the hack, saying, “If some keyboard warrior has nothing better to do than post silly pictures, more fool them. The only impact it has had on me bizarrely is to give me more followers – strange.”

A We Live Security guide to how and why passwords can be hacked – and how to stop it – can be found here.

The post Twitter hacked – Cricket legend ‘Beefy’ Botham exposed appeared first on We Live Security.

ESET

Privacy: Workers “would pay” to stop snoopers

Leave a comment

Online privacy has gone from being a minority concern to something that worries the man in the street – after a study of 2,000 people found a majority believed they were being listened to online, and nearly a third would pay to stop it.

The research, carried out with a group of 1,000 employees in the UK and 1,000 in Germany, was commissioned by Blackphone, the “ultra-private” encrypted Android handset which was “hacked” on stage in five minutes at DEF CON (the company promised to patch the issue). Silent Circle, the company behind BlackPhone – and the widely used PGP encryption standard  – clearly wishes to highlight that privacy is becoming a mainstream issue.

Privacy issues have become an increasing concern outside the security community – in part thanks to revelations of government surveillance, as discussed by ESET researcher Stephen Cobb. Silent Circle carried out the survey in May this year, via OnePoll and found that 88% of UK workers believe their calls and texts are being listened to, versus 72% of Germans – it’s not clear by whom.

Who is listening in?

Nearly a third – 31% – of Germans would pay for a service which guaranteed their texts and calls were not being listened to. In Britain, 21% would do so. Germany is traditionally more privacy-conscious – services such as Google StreetView are not permitted there.

The scandal over Facebook’s Messenger app – and the overstated responses of many media outlets, served to highlight this. Cosmopolitan writes, “Basically, it can control your whole phone. And, most scarily of all, CALL PEOPLE.” Cosmopolitan had not been previously known for its concern with online privacy.

Users are already anxious over the list of permissions granted to Facebook’s main app  – which has expanded. Many apps – such as Facebook’s, have come under fire for Permissions which change after the app has been installed. For instance, Facebook now requires the ability to turn a smartphone’s Wi-Fi connection on and off.

Veteran online privacy writer and researcher and We Live Security contributor Graham Cluley said, “The world has changed. People who would have imagined ten years ago that “identity theft” was something from a sci-fi film, now have a genuine concern about their private data being stolen from the online companies they deal with, their web traffic tracked, and their communications being snooped upon.”

No such thing as a “free” app

Cluley says that consumers are realizing that ‘free’ software is often paid for through a loss of online privacy, “Additionally, users are becoming more suspicious of free apps and asking themselves how the developers might be planning to earn money, and are nervous of sharing too much information.  There probably is a market out there for more products which charge a little bit of money for a whole lot more security and privacy.”

Silent Circle, creators of the PGP encryption standard, admitted their errors after BlackPhone’s highly public hacking, saying, “No hard feelings — things get fixed by being found.”

Vic Hyder, Revenue Chief for Silent Circle suggests, “These figures confirm that many consumers recognize mobile communications are no longer private. It’s also reassuring that almost a quarter of the UK respondents, and a third of Germans, value their privacy enough to acquire assistance. This is a trend we’re seeing dramatically increase as individuals start to realize that they do have an option to privacy erosion.”

The post Privacy: Workers “would pay” to stop snoopers appeared first on We Live Security.