Tag Archives: Malware

Avira

Don’t Let Your Mac Fall Asleep: It Might Dream Up A Rootkit

Just last month we talked about how the “Unicode of Death” crashes your iPhones and Apple Watches, how easily Apple Safari can be manipulated via URL-Spoofing and the Ex-NSA guy who pointed to Mac security flaws.

Now Pedro Vilaca, a security expert who is deep into Mac OS X and iOS security, found another not so great looking vulnerability. Take a look at what he wrote on his blog: “Well, Apple’s S3 suspend-resume implementation is so f*cked up that they will leave the flash protections unlocked after a suspend-resume cycle. !?#$&#%&!#%&!#.

And you ask, what the hell does this mean? It means that you can overwrite the contents of your BIOS from userland and rootkit EFI without any other trick other than a suspend-resume cycle, a kernel extension, flashrom, and root access.”

Wow. So basically it is possible to install a rootkit on a Mac without much of an effort. Just wait until the machine enters sleep mode for at least 30 seconds or more so the Flash locks are removed. Once gone the device is yours. With the Flash locks gone you can play around with the UEFI code and well … for example install a rootkit. The only way to protect yourself from it is to never let your Apple device go into sleep mode.

Luckily not all devices seem to be affected. Vilaca tested the issue against a MacBook Pro Retina, a MacBook Pro 8,2, and a MacBook Air, all running the latest EFI firmware available. All of them were vulnerable. There is a shimmer of hope though: The latest MacBooks might have been silently fixed by Apple, since the security expert was not able to replicate the vulnerability there.

The post Don’t Let Your Mac Fall Asleep: It Might Dream Up A Rootkit appeared first on Avira Blog.

Avira

Typosquatting tries to make a victim of everyone

Reality sets the stage

The reality is that ‘legitimate’ sites – such as those provided by hotels, airlines, schools, or any other ‘official’ organization – can be and very often are infected by various types of malicious software (AKA malware). The malware, once installed, enables cybercriminals to capture private information parked on or passing through the computer of the unsuspecting website visitor.

In addition to our own Avira Protection Lab findings, even Google reports that the vast majority of websites infected by malware are legitimate sites that have been hacked – often without the organization behind the site even being aware of it. This is why IT security firms like Avira frequently contact companies to let them know that their official websites have been compromised.

Legitimacy distorted

With legitimate sites a larger potential target, and people going to them doing so with false confidence in their level of safety, smart cybercriminals know that there is deception potential, even if an organization takes all necessary security measures to ensure that its website is secure. Sometimes the most-effective attacks are against the simplest of human errors – in this case, the typo, and thus mistyped URLs serve hackers as a simple enough distortion of a legitimate site.

This method taking advantage of misspelled URLs is known as ‘typosquatting’. Also called ‘fake URL’, ‘URL hijacking’, and ‘brandjacking’, the approach relies on the human tendency to make an error when typing a web address into a browser’s address bar, taking advantage of the most likely spelling variants (e.g. phonetic) and errors (e.g. letter transposition) to set a trap for the unsuspecting typist.

What it looks like

A hacker using the typosquatting technique with www.example.com would use variants such as www.example.org, www.exampel.com, www.ecsample.com, and so on. Once the person arrives on one of the incorrect sites, he/she has landed on an infected webpage (or gets redirected to one of several or many owned by a ‘cybersquatter’).

In some cases, the fake site will also look just like the original site – same messaging, same graphics, same logo. In a best-case scenario, the infected page contains only advertisements, but some of these can act as malware by opening one after another even if you try to exit the page – a technique known as ‘mousetrapping’.

The hacker’s motive

Almost without exception, the motive is profit. In the case of ad-infected pages, hackers earn money by redirecting traffic to the ads, plus more when those ads are clicked (which is bound to happen, based on sheer numbers driven to them). In the case of malware-infected pages, hackers earn money by stealing private data that enables them access to bank accounts.

Your solution

Avira security software blocks malware and adware from installing on the potential victim’s PC, therefore preventing the theft of the Avira customer’s private data. While Avira Free Antivirus provides baseline protection (a level that everyone, without exception, should have as a bare minimum), Avira premium versions offer additional security layers and maintenance utilities to also keep your PC running like new.

The post Typosquatting tries to make a victim of everyone appeared first on Avira Blog.

Avira

Adult FriendFinder & Co.: Dangerous Cyber Liaisons

Let me start out by saying that this post is not about whether dating websites/apps are good or bad. I’m not qualified to make that call. But if you’re using them, you should understand the risks. And as your reward for reading (and hopefully sharing this post), I’ve listed at the bottom Tinder’s best – and most dangerous pickup lines… So let’s get started – with a quiz!

What do Adult FriendFinder, CupidMedia, eHarmony and Tinder have in common?

Yes, they all regularly lead to matches made in cyber heaven (and no doubt, hellish heartbreaks), but that’s not the point: they all display(ed) security vulnerabilities. Let’s walk through them one-by-one.

1. Putting yourself out there… And all your data too

Adult FriendFinder was just hacked. Happens to companies all the time you say? Fair enough, but what is remarkable here is the quality of leaked data: 3.5 million gorgeous profile pics and sexy alias’ – along with names, emails, zip codes, IP addresses, passwords and sexual preferences. In other words, the perfect cocktail needed for targeted spam and identity theft.

TIPS:

  1. Create a new email address dedicated to the dating website.
  2. Use a nickname or alias instead of your full name.
  3. Create a unique and complex password for that platform (back in 2012, eHarmony accounts with the glorious password – “password”, were compromised).
  4. If twitterpated makes you forgetful, use a password manager to create and store these passwords for you.

2. I know where you hang out

Tinder is a very popular dating app, which is premised on selecting profiles of people who are located close to you (very popular with Olympians at Sochi…). Once both parties ‘like’ each other’s profiles, they can start chatting.

Back in 2014, a vulnerability was identified that enabled hackers to pinpoint users’ exact location in real-time. This facilitated stalking and opened the door (quite literally) to burglaries, knowing that the user was not at home.

Although this vulnerability has since been fixed, a recent study by IBM identified 26 out of 41 dating apps on Android that had “medium or high security vulnerabilities”. These apps tend to request excessive permissions and run up expensive charges…

TIPS:

  1. Although the names of unsafe apps were not divulged, IBM did say that Match, OkCupid and Tinder were not on the “blacklist”…
  2. Always keep your apps up-to-date to reduce the chances of falling prey to security vulnerabilities.

I can see you… Through your camera and webcam…

Remember Blackshades – that creepy Trojan that gave hackers access to webcams (and was used by a sextortionist to prey on Miss Teen USA)? Like most chatting platforms, dating websites and apps are popular avenues for distributing malware. After all, an innocuous-looking link, promising a revealing picture, can just as easily open a harmful website or file. To paraphrase the late Robin Williams, we were given a brain and nether regions but only enough blood to run one at a time.

TIPS:

  1. Use common sense: if an unknown user is offering to share revealing pictures, pass.
  2. Use an antivirus on your devices. I also recommend you use an app that shows you what permissions your mobile apps are getting. Avira’s free Android app includes both these functionalities and can be found on Google Play.

 

As promised… Tinder’s Most Dangerous Pickup Lines…*

  1. I know this profile’s fake, but can I get the name of the model you used?
  2. Going to undress… want to watch on webcam?
  3. Credit card is to prove your age… Can’t show stuff to minors…
  4. I don’t have any pics on my phone, but here’s one I have in email, answer me on text, not here.
  5. I’m still recovering from last night with this iPhone game. Play with me and I’ll give you my number.

* Disclosure: explicit sexual content was removed from the pick-up lines.

The post Adult FriendFinder & Co.: Dangerous Cyber Liaisons appeared first on Avira Blog.

Security

Security Researchers Wary of Proposed Wassenaar Rules

The Commerce Department’s Bureau of Industry and Security today made public its proposal to implement the controversial Wassenaar Arrangement.