Monday, February 28, 2011

New Digg Button added

  Content and readers are the base of a good blog. As I run this blog I write content according the states, if I gain more views on one topic and less on another I try to write more what users want. As I keep track of the stats I have noted that most of my views come through social media rather then through search engines. Now I am glad that search engines are sending more users through searches but as social media is becoming more popular I want to extend in the right direction. On top of sending the blog URL to all the major search engines I want to expand into social media.

  Not to long ago I added the Yahoo Buzz button onto the blog. This button allowed readers to Buzz in into the Yahoo network. Now we are expanding social options and we have added a Digg button. Digg is like Yahoo Buzz, you Digg stories and the more Diggs you move up the list of trending stories. This is just another small step to expand the blog.



 

Want to know who your top 10 stalkers are on Facebook? Fake apps won't tell you

WOW I cant believe that you can see who is viewing your profile!I just saw my top 10 profile stalkers and I am  SHOCKED from who is viewing my profile!You can also see WHO VIEWED YOUR PROFILE here:
 This is the message of the current "Who viewed your profile" scam. This time they say they can see who your "Top 10" stalkers are. Now you may be asking to your self "Who really cares who is stalking a facebook page". However these scams are popular because people that want to know are clicking on them to try to see if they have someone stalking them. Remember always check before you click on any social app.
 
 

Saturday, February 26, 2011

The Honest part of the: Who is viewing your profile scam apps

  So while checking out the latest message of the "Who is viewing your profile" scams on Facebook I found something rather funny. So as many of my readers most likely know these messages contain lies saying they will show who is viewing your profile. Well the latest message makes it sound like its more urgent while adding some truth to it. The latest message it:

  Wow! I've just found a pretty amazing app that let's you see who's been looking at your profile and pics! So now I can finally see who's been spying on me!!
Check the app while its still available! --> (Bad App Link)
So now the ending says: Check the app while its still available! Why do I say that is true, with the way these fake app's are going up and down that you have to be quick to jump onto one of these fake apps. So although that part of the message is honest you will not be able to see who is viewing your profile or your pics.

Thursday, February 24, 2011

The Life of a FakeAV

 FakeAV's bring in lots of money to Malware creators. The creators of the FakeAV AntivirusXP had to pay the FTC $8.2 Million dollars. So that shows creating an app that does nothing can pull in lots of money.

 1. The life of a FakeAV starts by someone creating an app that basically locks a user of their machine and then shows alerts saying if their computer is infected and they need to pay to get it cleaned. FakeAV's can be grouped in familys because most of them are the same except for the name. The FakeAV is created so it locks you out of your machine and only allows itself and the internet browser launch.

  You may be wondering why FakeAV's normally have such low detection rates from Antivirus products. When each one is about to be launched the malware writers change the code around just enough that a majority of the AV products will not detect it and by the time a majority is detecting it the FakeAV will just be changed again.

 2. Next its time for it to get distributed. In my own personal lab research (and live experience) FakeAV's displaying a fakescan page saying your pc is infected and you need to download (FakeAV name) to clean the problems They normally take over your page from an infected ad or a hacked ad. For about a day or two a site a member in my family normally goes to got hit with a hacked ad. I finally just decided I would install an ad blocker on every PC in the house so they can use the site peacefully and I won't have to worry about cleaning up after the fakeav.

    Another thing some FakeAV's have in common is the URL layout. I was doing my quick check over some Malware URL sites and noticed a very common layout for the SecurityMaster FakeAV family. Each security master url looks life this: someurl/masterav2/avmast(numbersgohere) exe. And a major amount of the the FakeAVs in the SecurityMaster family follow that pattern.
 

3. The life of a FakeAV is always changing, by the time the creation of a FakeAV is down and its out infecting other machines the next one is already being created. Its a cycle that keeps going on day after day. So I highly recommend you have a layered security setup to stay safe from the quick changing FakeAVs.
 Some suggestions:

  Anti-Malware DNS services: Anti-Malware DNS services (Like Sunbelt ClearCloud) prevent the fake av before it even gets on your machine. It also can update instantly in the cloud to protect you against new threats.

  Ad Blockers: When browsing a new site I highly recommend the use of Ad blockers. Now some say Ad blockers are bad because they prevent the website you are going to from making money, however I saw use them till you trust the site enough. I keep ad blocker on all the time but I white-list the sites I can trust.

  Anti-Virus: Use an Antivirus, if you can't buy one lots of free ones exist for you to use. Make sure you keep it updated and if its paid keep the subscription active.

Wednesday, February 23, 2011

Free tickets to fly? No they are a scam....

 Today as I was going through my news feed I saw a message saying you could get free Airline tickets just by clicking on the link. The message I saw said SouthWest Airlines would be giving me tickets however other Airline names are most likely being or going to be used soon. Like always it's another scam and you will not be getting Free Airline tickets.

  One last thing to add is I noticed a note being passed around Facebook which says your computer is doomed if you clicked the link. That in my opinion is not true, as long as you take the proper steps to cleanup your account (Change password, remove the bad app, delete the posts) your computer is not doomed.

Tuesday, February 22, 2011

New OddJob Trojan targets banks

 While reading some other security blogs I ran into another interesting Trojan that seems is only recently being reported around the security blogs. Trusteer has blogged about a Trojan that bypasses your attempt to log out of your bank site so malware writers can gain access into you bank details. You can read Trusteers report on the OddJob Trojan here: http://www.trusteer.com/blog/new-financial-trojan-keeps-online-banking-sessions-open-after-users-%E2%80%9Clogout%E2%80%9D

  This just goes to show access to your online banking information is a huge target. Zeus which is a very popular bot building toolkit also attempts to grab your passwords. This also shows Password Stealing Trojans creators are trying new ways to bypass your AV. Another interesting fact Trusteer found is that a copy of the malware is not fully stored on the disk, but freshly downloaded each time the browser is opened. Another new way to hide themselves on machines.

 So make sure you keep your security product updated with the latest Anti-Malware updates and Program version to keep yourself protected from this trojan.


Monday, February 21, 2011

New Yahoo Buzz button for blog

 I would like to share with y'all a new feature on our blog. I have added a Yahoo Buzz button which allows you to "Buzz" our blog posts into the Yahoo community. You can Buzz up blog articles and share them with your friends on the Yahoo Network.

 You can learn more about Yahoo Buzz here: http://buzz.yahoo.com/

Other "Free Stuff" scams you can find on Twitter

 So since I had some free time today I decided to see what other "free item" scams I could find.

  1. First thing I searched up was free Iphone, like the "free Ipad" scams I just recently wrote about I instantly had many scam links on the screen. Some offered a free Iphone to those that would join the "Iphone testing program" while others said they would give everyone a free Iphone plus $500. Like always I doubt any of these would give you one free. Free Iphone scams were going at a much slower rate compared to the free Ipad scams

 2. Next thing I searched up was "Free Antivirus". Not much spam going through that term, a few sites saying they can give you a free full version of your current av but the rate this spam was coming out was much slower then the Iphone and Ipad scams.

3. Next search was free video game systems. Looking for free video game systems showe much more spam activity then a free antivirus search. However once again it was not a huge wave compared to as I was looking at free Ipads.

 I will continue to be watching for popular spam terms however so far in my research "Free Ipad" has the most activity of different terms I have searched up while looking for spam/scams.

Saturday, February 19, 2011

No you will not be getting a free Ipad on Twitter

 So as I was in a spam hunting mood I decided to see what kind of fake "I got a free Ipad" messages were spreading around twitter. It really interesting just to look at see what some people start spreading.

 First one that caught my eye was a site saying they will send you a purple Ipad. Now I may be wrong but I have never ever seen anyone with a purple Ipad or seen any store selling a purple Ipad. So I don't really see anyone getting a purple Ipad.

 Next one said that I could get a free Ipad just by submitting my email address. Now I figure you may get spam, but spam is not an Ipad. So again I doubt you will ever see an Ipad by going this route.

  The next one I saw said they got an Ipad by getting free Walmart gifts from this link. Now just in my personal opinion it would make more sense if they said they got it from free Walmart Giftcards, but either way why would Walmart one of the most popular stores in the USA give away gifts? If they ever did such a thing you would think it would be on something like CNN or other news site and more people would be running to Walmart at this very moment. Just an interesting note all of these were posted via very oddly named social apps on Twitter.

  The next one said get the newest Ipad free by helping Apple test it. Again why would Apple let everyone in the world grab one to test, who would that leave to buy it? So another one of those fake spam apps. I can keep going on and on but I will do one more then stop.

 The final one I saw was offering a free Ipad that was pink by just submitting your Zip code. If that really worked why would people even buy an Ipad?

  So as you can see Twitter has lots of spam posts about free Ipads you can find with one simple search. So never trust any of those sites you see on your favorite social network that tell you that you can get a free Ipad just by following a few steps.
 

Malware writers using the brand factor for fake AV's.

  The more popular a security company the more likely it will be copied it seems. I read a little while ago about a FakeAV that copied the logo of AVG Antivirus. AVG is one of the most popular free AV products and it makes much sense for them to attempt to copy their logo. In fact the day I heard about that I ran into a couple of malware urls that were hosting the fake av setup file. Just think how many people think that its the real AVG and pay for the fakeav. I actually read in a few places people were complaining that AVG took over their machine and were sending reports to the real AVG when it was the fake av that did.

 As I was reading on a foum I mod today I ran into another interesting fake av. This one was going under the name Dr. Web Antivirus for Windows 2011. So again fake av writers are basing the fake av names off a popular antivirus product.

 So I highly recommend if you are looking for an AV grab it from the vendors site and not some other download service which may be hosting the fake version rather then the real one.

Wednesday, February 16, 2011

Comment Spam: Another way scams spread

  So as I was reading some news today I decided I would jump down to the comment section to see what others were saying about the article. When I get down to the bottom I find that half of the comments on the first page are all spam posts advertising free Iphones, Ipods, and wiis. I saw about 4 different spam urls and all of them are hosted on the same IP.

  Never trust sites in comment sections that say they will give you stuff for free. If you run a news site and have a comment board make sure you try your best to keep it spam-free.

Tuesday, February 15, 2011

Tools for file research

 So you have gotten a malware file and you want to know what it does. Or you hunt down a possibly malcious website and want to see whats at the other end without putting your pc at risk. Thanks to all the wonderful online malware research tools you can do basic file analysis without having to risk your machine. So here are some sites and tools I recommend for file research. If you have any suggestions for items to add to the list post in the comment section for I will be updating the post.

                        Online Sandboxes

1. Comodo Instant Malware Analysis is a great online sandbox to see what actions a executable preforms. It also shows what domains a file connects to and shows if a file is suspicious. If enough behavior is preformed it will also attempt to tell you what kind of malware the file is.

2. ThreatExpert from PC Tools is another great online sandbox. ThreatExpert will also email you the results of each file. If you sign up for the site it will also give you a list of all the files you submitted.

3. Norman Sandbox is another great online sandbox.



                                 Online File Scanners

1. VirusTotal (http://www.virustotal.com/) is a personal favorite of mine for online scanners. It reports back the detection result for more then 42 different antivirus engines. It also allows you to rate files as clean or malware and get to know many people in the anti-malware community.

2. Jotti if VirusTotal is not your favorite then Jotti may be your favorite online scanner. Its a great online scanner and I switch between it and VT.

              Single File Single Engine Scanners

 1. KAV Scanner (http://www.kaspersky.com/scanforvirus) allows you to upload a file and have it scanned using the Kaspersky Engine.

 

Thursday, February 10, 2011

File hosting services being used to host malware

  As I was doing my daily malware research I have been noticing an interesting trend. From viewing different URL honeypots I see more and more malware hosting themselves on free file hosting services. Its not just one type of malware I have seen rootkits, exploits, trojans, spyware, adware, all types of malware being hosted on different services. It seems it takes longer for it to be taken off a file hosting services compared to a website being shut down.

  For everyone downloading files off file sharing sites, remember to check your download on sites like VirusTotal to make sure your file is clean. Stay away from risky file themes such as keygens, patches, game cheats, and free music and videos for those are the ones I most commonly see as trojans. Always get files directly from the vendor.

Wednesday, February 9, 2011

Password Stealers: The danger of a missed threat.

  A missed threat happens to every vendor, no matter what AV product you use at some time a malware sample will get through. However one type of threat in my opinion is the worst one you could possibly get hit with: A Password Stealer. What is a password stealer you may ask, a password stealer records the passwords you enter for your banks, credit card company's, paypal accounts, and many other financial companies. The damage of getting his by a password stealer is worse then just having to go through and cleaning up after a malware infection. You must go through and clean up the malware infection plus call all your banks, get new passwords for every site and hope you do it quick enough before the hackers gain access to your accounts and start taking money out.

 A few of the common password stealer's are Zeus/SpyEyes (As of now it seems these two malware family's recently merged) and a newer one starting to become more common is Carberp. These trojans are sold in toolkits (like the fake social app one). Newer version toolkits cost more while older versions can be bought much cheaper. Malware writers also sell plugins writers can buy to extend their banking trojan and add new features on. These plugins include killing the av product on the machine, killing other banking trojans so only the newly installed banking trojan gets the passwords, and updated passworld stealing tech. Today as I was researching malware samples I ran into two of the Carberp banking trojan plugins (http://www.virustotal.com/file-scan/report.html?id=73cd5020efbb972ab0231236db98c3de225c06c4d4378747426527a1685c965a-1297292330 and http://www.virustotal.com/file-scan/report.html?id=ee2b6faa5ea31285a57b75e529f1592b07d97ba6988bf51fcacd44a8e6014f65-1297292866  ) and as you can see both had very low detection rates. That is the danger of getting hit by one of these new versions of a password stealer. They can steal your credit info before your AV even warns you.

 That is why I personally recommend running a layered security setup. Trusting in one product to protect your whole computer is dangerous with the rate malware is coming out. That does not mean you should run more the one AV, running more then one AV lowers your protection instead of improving it. You can find many good security products out their down that are created to work next to your av.

You can learn more about the Carberp trojan here: https://blog.trendmicro.com/carberp-trojan-steals-information/

Tuesday, February 8, 2011

Who's stalking you on Facebook?

 From viewing to stalking a new round of these fake facebook apps are going through facebook. This time instead of saying they can tell who's viewing your profile these apps say they can see who's stalking your profile. The most common message is the following:

I just saw who STALKS me on Facebook! You can see who creeps around your profile too: (Bad App Link)


 This app is not as making as big of a round as some of the fake facebook apps have made at the moment but it is still spreading. Like always remember no app can tell you who is viewing your profile the most, and watch what you click for your account may start spreading these fake app messages.

Where do these fake facebook apps come from: Toolkits

  I read a report from Websenses computer security blog I wanted to share with y'all today. Websense has found a toolkit used for creating the fake social applications that are commonly spreading via facebook. You can read that article here and I highly recommend you read it: http://community.websense.com/blogs/securitylabs/archive/2011/02/07/viral-and-malicious-facebook-application-for-25.aspx?cmpid=prtw

  

Friday, February 4, 2011

Fake Facebook closing down apps getting more urgent

 Those fake Facebook is closing down apps appear to be becoming more urgent. Instead of listing some random date when Facebook will close down the apps are now spreading all unverified accounts will be shut down today.

 The new message spreading around now is:

Mark Zuckerberg - Official Annoucement. The owner of Facebook announced that all account will be shut down today. In order to keep your account alive, you MUST verifyyour account. (Fake-Facebook-App-Link-Here)

 Another variant of the message above say to prevent your account from being banned rather then shut down.

These fake ones are spreading via a short link, to a page which redirects them back to the fake application. The app name I have seen spreading the most is: 
                                                                  Keep Accounts Safe

If Facebook were to really close down you would be hearing it everywhere. So always be careful on what info you start spreading on Facebook and what apps you allow to access your profile. 
                                                                 


Wednesday, February 2, 2011

I am much more addicted to Facebook then anyone else...no I am

 Are you the most addicted person to Facebook? Well these fake social applications can not tell you the true answer. A new social scam is going around which is saying they can tell you how many hours you spent on Facebook. Most of these apps are post you you spent 1k+ hours on Facebook last year.

The fake apps are spreading with a message that say:
I'm more ADDICTED to Faceboook than anyone else here.
I found I have spent X HOURS last year on Facebook.
See how many hours you spent at (Website)
 These sites are spreading with a shorten URL which we have reported to get shut down. Always remember apps can't tell you how many hours you spent on Facebook and watch what apps you click.

Facebook Photo tricking users to open malware

  The Yahos worm seems to be attempting to gain a lot more infected computers recently. While looking through online security honeypots I have noticed a large amount of files called facebook-pic(randomnumbershere).exe which is at the moment is commonly being used to spread the Yahos worm. The Yahos worm normally spreads through instant messenger and social networking sites.

  The Yahos worm most commonly uses IM services to spread infections. A Yahos infected machine will normally send a message such as "Foto :D (Malware Link here)", (Malware Link), or "How does this photo look? (Attached Malware file)". The attached file/link payload normally has the name photo.exe or facebook-pic(random).exe the normal user would pay no attention to the .exe file extension and run the file.

  However now that social networking is being used more often then IMing in some places the common IM worm is getting upgrades. A few newer variants have been spotted using the IM services of Facebook. Most of these worms connect to an IRC server to get bot commands.

 In order to stay safe from these threads: Always check the file extension of each file you get, and ask your friend if they really sent the file. If the bot is doing it the bot can not respond to you asking if it really was a human sending the file.