Saturday, April 30, 2011

Computer Security and "The cloud"

 "The Cloud" has been a popular topic for computer security recently. However many people gain fear when you talk about cloud security because they think that means anyone can access your files. I would like to share a little bit about the cloud and why I think it may be the future of computer security programs.

  The cloud basically means the security programs data is stores on a server rather then locally on your machine. The security program on your machine would the query the server to check on a file rather then querying the database that would normally be installed locally. Doing this has its advantages and disadvantages:


1. The database can be instantly updates with the latest malware detection patterns without the need of the client to update. This will allow computer security software to quickly stop the latest threats and stopping to malware infection window between security software updates

2. Cloud software is normally lighter because it does not have to do heavy analysis on your machine. With the cloud file analysis can be done on servers much more powerful then home machines.

3. The cloud can automatically rank software so you don't have to answer confusing alerts and lower your protection.


1. You have t have access to the internet to take advantage of the cloud. So those of us that still don't have access to high-speed internet can't take full advantage of the cloud. However with the quick rise of high-speed internet access most of us already have access to it.

2. Cloud servers can go down, but as long as the vendor has a good plan and backup plan you most likely do not need to worry about it


 1. Will the security vendor have access to all my files?: As long as its a trust-able vendor you should not have anything to worry about. Panda Cloud (the av that I use) does not send full files over to the cloud. They use hashes to check the files they already have. Plus they will not send personal files like .docs or .jpeg to the cloud.

2. If it has to query the server will it slow down my machine?: No the data that would be sent is normally very small. So it should be barely noticeable. 

Friday, April 29, 2011

Profile Spy now V4.0 v5 and V6

 It seems Profile Spy decided its time for an upgraded and is hitting Facebook hard at the moment. This attack is going really strong at the moment, a lot stronger then some of the have gone. A large amount of spam apps are telling you to go visit the fan page of the fake Profile spy app. Each page is either v6, v5, or v4.0. Each of the spam apps take advantage of the friend tagging ability, so you have a chance as being tagged.

 The pages get you to post a Facebook status like this:

  My Top Profile Viewers: 
  (random friend) - (random number) views
  It then posts that a few times.
  Then it invites you to a fan page where you can say who views your profile.

 Like always this is a scam. No app can tell you who is viewing your profile. I highly recommend you do not go to that fan page and click any links on the page. If you see any friends posting this inform them that no app can tell you who is viewing your profile, and send them to this blog post if they do not believe you.

 I also recommend if you page starts posting it to delete it off your facebook page, and change your password just to be safe.

 Also Like our Facebook page to get the latest social scam news in your news feed.

Thursday, April 28, 2011

How do Malverts work?

 Malverts are a very popular way of PC's getting infected. However many people don't get how Malverts work and why they are so popular. Since I have been reading about some Malverts recently today I decided I want to explain to everyone how they work in a way everyone can understand.

 First the malware writers get the Malvert into the Ad network. The most common way of the Malverts getting into the Ad Network is through Hacked Ad Scripts. A hacked ad script is when malware writers break into the site hosting a popular ad and change the url code to point to their malware site. So the ad script becomes hacked and the ad creators have to go through and fix the script.

 Next the malware writers point you to a site which usually hosts an Exploit. You usually get points to an exploit designed for the internet browser you are on. The exploit then attempts to download malware to your machine. TDSS Rootkits are a very popular end result. I have personally got his by a malvert before and I ended up with a TDSS infection before. The TDSS infection normally comes pared with a FakeAV also to make the malware writers some cash. That makes sense due to the fact most malware is designed to make money.

To stay safe from these types of threats I recommend ad blocking tools. I know Adblock Plus has saved some of my friends machines from Malverts before.

Wednesday, April 27, 2011

We have hit 10,000 views!!

 Just last December IGL-Security started up as a small computer security blog. Today we have hit 10,000 views, although this may seem like a small number to some it is really an exciting time for me to see how many people read this blog. Here are just some facts about IGL-Security since I have started this blog.

  1. IGL-Security has recently been getting 200-300 views a day.

  2. We have recently launched a Facebook page for IGL-Security so you can see the latest computer security news through your news

 3. Most of our Traffic comes from Google, then Facebook, and then Reddit.

  4. Most of out readers use Firefox (31%) then IE (30%), Chrome comes next with 18%, Safari follows with 13%, and then Opera with 2%. The rest of the browsers have 1% or less.

 5. Out top read article is "My Tops Stalkers is hitting Facebook hard" with 1,916 views.

 Now lets see if we can keep our current trend of daily views going and hit 20,000 this June!

PSN hack news roundup

 As you have most likely heard the Sony PSN system was hacked and personal data may have been stolen. The news has been spreading quickly so I want to go through and share with you some of the articles that I like the most about this news.

 1. Panda Security Article
 2. GFI Labs blog
 3. Sophos Article

 Remember if you have a PSN account to look into our "I have a PSN, what do I do?" article for steps to take if you have a PSN account. We will be keeping y'all informed if we get more info.

I have a PSN, what do I do????

 Well as you have most like heard recently PSN data may have been stolen in the PSN hack. If you have a PSN account I highly recommend you take some prevention steps to stay on the safe side.

 1. Change all your passwords that are the same as your PSN password. It is already good advice not to use the same password on every site but it seems many times that is the case for a lot of people. As you are changing your password make sure none of your sites are using the same password as you are at it.

 2. It is unknown if bank details were stolen, but if you feel the need to you could contact your bank and change your credit card numbers. If I hear if bank details are stolen I will post here to inform y'all.

 3. Change your security questions to your sites. Hackers may have gained access to your security question and answer for your PSN account so its a good idea to change all those as you are at it.

 4. Keep a close eye on your bill and watch for any suspicious charges that may show up. Report any of them to your bank if something strange shows up.

5. Keep an eye for any scam like emails from your inbox. If hackers got access to your email they may attempt to send you phishing emails.

6. Be safe on websites you click on to look into PSN news. Malware writers may setup fake sites that attempt to get you to install malware as you look for PSN news.

Tuesday, April 26, 2011

Can I get a virus from a USB drive?

 USB drivers are very popular devices, they are handy when taking files from computer to computer and great when you have to give files to friends. However malware writers also jumped onto the popularity of USB drives and created malware that can infect you by plugging in a USB drive.

 Malware infections via USB drivers are becoming rather common recently. The risk of getting an infected usb drive risk also grows on large networks if the PC security is not updated on all the machines in the network. Something I highly recommend for every to do is Vaccinate your USB drives to make them immune to malware. A tool I highly recommend is Panda USB vaccine (you can find it here at Panda USB vaccine) It makes your USB drive immune to Autoplay/Autorun infections and protects your USB drive from getting an infection and machines that have malware on it.

 I highly recommend you take the time to make your USB drive immune. Its better to prevent the infection then having to go through the process of cleaning everything up.

Update on PSN (4/26/11)

 Sony has released an update on the PSN. It seems personal data may have been stolen from the Sony PSN. If you have a PSN I highly recommend you read the latest update and follow their advice. You can read the update from Sony here:

 This is currently the only information I have. I don't have a PlayStation to see what kind of information it lets you enter into your profile. Make sure you inform your friends about this update if they have a PSN account.

Monday, April 25, 2011

Free Ipad 2 scams come to Facebook IM

 The Facebook Messenger is a great way to keep connected. However like instant messengers that were popular before social networks scam writers are now taking advantage of the IM system. As I have wrote about before messages being sent to you saying they made a photo shop of you now they are spreading that you can get a free Ipad 2. This was the message I got on my Facebook just a little while ago:

 wow (name) this facebook gift web site is screwing up rite now and giving out FREEE ipad 2s and stuff look (bad app link)

 Now this is a scam, first my friend never types like that and second you can not be getting a free Ipad 2 like that. Be on the lookout for this scam coming to you via the Facebook messenger. If you start spreading this go through you app settings and remove the ones you do not recognize. Then I would change your password just to be on the safe side.

Why is PSN down?

 Due to an "external intrusion" the PSN (PlayStation Network) has been down for 5 days so far. Sony is currently running an investigation to see what has happened to the network. No information has come out so far on if any data was stolen, who was behind it, or when it will be back up.

 PlaySation users are still able to play offline games, however all of the PS online networks have been turned off. When/If reports come out with what happened IGL will inform you. Till then you can keep updated on the PlayStation blog here:

Is it possible to see who viewed my Facebook profile?

 Although most of the time I write articles on scam socials apps, and other malware I have wanted to write a few general articles on computer security. Just simple things that when people are looking for general information on a topic of a scam I don't have to have a specific article on the scam already out there.

 A common question asked online is it possible to see who viewed my Facebook profile? A few times I have seen some people say that these are true, but I would like to inform everyone wondering that it is not true. No app can tell you who is viewing your profile, no app can say how many profile views your have, no app can tell you if you have any stalkers, no app can tell you who your stalker is. All of the apps that say they can tell you these things just pick random friends or random number of profile views.

 These scam/spam writers get money by A. Getting paid each time someone takes a survey while trying to get to the fake results B. They get paid by the ads that you see while taking the survey from point a. C. The fake apps invites you to install some program and they get pay-per-install. Either way money is most likely the main target in any of these scams.

 If you start to spread this scam on your news feed go into your app settings and delete the bad app that is spreading it. Then delete all photos it may have posted, all statuses it may have posted, and change your password to stay on the safe side.

 Its also a common myth that the people that are on the left hand side of your profile are your most active viewers. That is just a myth and all of the people shown are just randomly picked friends.

Sunday, April 24, 2011

Should short links be able to point to Short links?

 While doing spam/scam research recently something I noticed is that Twitter bots are short linking a url then short linking the short url to cause a "hop" around different sites. I noticed this in my last article on the Free Ipad scams and StopMalvertising posted about it recently on their blog post about free Ipad scams.

 This leads to the important question of "should short links be able to point to other short links"? I personally have yet to see a good use of short links pointing to short links. A majority of the time when I see the double short links the end result is just malware or a twitter scam. I honestly think it may be a good idea for some short link creators to test this out, I think its a good idea personally. What do y'all think? Leave your thoughts in the comments below! I

Saturday, April 23, 2011

AV Testing (Dynamic Test 2011)

 One of the AV tests I really like reading is done by AV-C. I really like how AV-C does their testing and how they lay out the results for each product. Normally I don't post about AV tests but I thought I would post about this one since its one of my favorites of the year, the dynamic test.

  Now the Dynamic test is not done yet, but they have added a chart to the AV-C Website which shows the current stats for each product. You can see that chart over at the Dynamic test page: AV-C just click on the "Graph Bar" button.

 Something to note is that no product provides 100%. Some may have blocked everything if the user answers question right but there is a 50/50 chance that they get the right/wrong answer. Its important to know that no product can keep you safe from every threat out there. That's why many people run an Anti-Malware product plus an AV to make sure they are as protected as possible.

Thursday, April 21, 2011

Can Macs get Malware?

 While helping answer computer security questions at different site a common question I see asked is can Macs get viruses. Now most of the time I see others post that they can but every once in a while people post on there that Macs are immune to malware.

 Now I would like to make it clear, in my opinion Macs can get malware. Now most people I would say know that, but most people (in my opinion) do not know why they don't get them as often as Windows machines. The reason is Malware writers create malware based on Market Share. Since Windows has the largest market share of PC Operating Systems it quickly becomes a top target of malware writers. This is no way makes Mac machines more immune then Windows. Some malware is already out there for Mac machines but since a majority of the people you know most likely are on a Windows machines you do not hear much about it.

 Recently Mobile OSes have started getting more malware also. As people jump to Smartphones to store personal data the malware writers have jumped with them to steal this personal data. Malware spreading through social networks has also jumped recently as more people jump to social networks.

 Remember no OS (so far) is Immune to all malware.

Wednesday, April 20, 2011

My Profile Views and Spies scam hitting Facebook

 It seems the My Profile Views scam his the top topic for the Facebook social scammers and spammers. While doing my daily spam research it seems the scam/spam has been spreading very quickly through posts, events, and tags. Here are some of the recent spam/scam things I have found while going through Facebook.

 An event titled "See your top facebook stalkers...this really works". As I have said a bit in the past it seems the spammer/scammer apps are spreading out of posts only into the other areas of Facebook such as Photos, Tagging, and events. I also saw these status updates:
 My profile viewers are 6855 Check your total profile spies and who are your top profile stalkers!!!: (link)
 My total profile spies are 6783 Check your total profile peeks and who are your top profile stalkers Link

 Most of the spam/scam posts seem to be coming from the social app  "Profile Spys", "Profile Views" or "Safe Peek" so if you see one of these messages, when you go to look into your Facebook apps look for those apps to remove. Also when you start cleaning up after getting one of these on your account make sure you delete the app, delete all the posts, delete the photos, cancel all the events, and change your password to make sure you are clean after this. Remember no app can tell you who is viewing your profile and how many views you have.

 Also make sure you like our Facebook Page to keep update on all the latest social scams and spam.

Monday, April 18, 2011

My thoughts on Sophos Facebook safety Letter

 Today Sophos has put out an open letter to Facebook about safety. Now I mainly want to talk about the second point, because as you may have noticed in this blog a majority of the posts are about social scams and spam. For those of you who do not want to click on the link here is point number two:

It is far too easy to become a developer on Facebook. With over one million app developers already registered on the Facebook platform, it is hardly surprising that your service is riddled with rogue applications and viral scams. Only vetted and approved third-party developers should be allowed to publish apps on your platform.
 Now I agree something needs to be figured out to lower the amount of those scam/spam apps spreading around. I think what should be added is a combo of Facebook Approval and Community voting. All not yet Facebook approved apps should have a up/down voting button for users to rank the app. Apps with lower rating should not be able to tag others in photos, post messages on friends wall, and post on the users wall. The amount of power each users vote should take into account time user has been a member on Facebook, time user spent on Facebook, friends of user, tagged photos, and so on. That would prevent spammers from messing with the system by up voting their apps. In my opinion that will deeply lower the amount of scam/spam apps going through Facebook.

 Facebook approved apps would not have the ranking option for user to prevent users from trying to down vote apps they just don't like or to be bored and try to down vote all the apps.

The end of Yahoo Buzz (A little off topic)

 I am sorry for this non computer security post but I wanted to share this here on the blog. At the very start of IGL-Security the one widget we had was the Yahoo! Buzz button, before we were able to get indexed by the major search engines Buzz was one of the major sites sending us traffic. I personally used Buzz very often and liked how it would send it through my Yahoo network and help spread the word out about the blog.

 Now it has been noticed today by many of the blogs that Yahoo! Buzz will be shut down April 21st and the site will no longer reachable. I am very sad to see one of the very first places that sent us traffic to be shut down, so I thought it would be nice to say "Good bye Yahoo! Buzz and thanks for all the traffic your service sent to us". Although we never made it to the front page via Buzzes. I will be leaving the Yahoo Buzz button up till April 20th then it will be removed. So if you want to send any of the messages to your friends via Yahoo Buzz I recommend you do it now.

Saturday, April 16, 2011

Free Ipad Scams hitting twitter hard

 Free tech products always seem to be a topic which spammers use to spam out scam sites. Twitter is one of the popular places for these scams to spread. I decided to take a look into the scams that are spreading and here is what I found. First up the messages the scammers/spammers  use to get you to click on the links:

 Limited Time: Get the NEW Apple iPad 2 For F R E E! Act Quick!
 Wow, I may be the first to get an iPad 2 for F R E E! :) You can get one on
 Crazy!! just got my F R E E Apple iPad 2! Check it out

 Each of the tweets had a link to an short URL. The short link leads to a site called Go2Urlz, then Go2Urlz leads to the final scam site. Here you will end up either taking surveys, giving away your email to scams, or other things like that. If your account starts spreading these messages go and remove the apps ability to post to your account in your setting, then delete all the posts and change your password to be on the safe side.

 Prevention is also something you need to look into. I recommend looking into Webscanners like WOT. When searching up the scam url's on WOT the URL had already been rated red which you can see here: WOT Results

Thursday, April 14, 2011

US shuts down Botnet

 The United States government has take action to shut down the Coreflood botnet. The botnet which has been stealing personal and banking information. According to reports one of the Coreflod servers had 190 gigs of data from 412K+ computers. That is just one of the servers Coreflood was sending data to.

 This is one of the more popular botnets that has been spreading since 2003. Just this month Microsoft released the monthly MRT (Malware Removal Tool) to remove coreflood. Information on the just released MRT can be found in the Microsoft Security Blog: MMPC

Twitter Scam app changes message (Update 1)

 Yesterday I wrote about the twitter scam saying they could tell you who was viewing your profile. I said it was loading from the url: hxxp:// well I looked up the URL and a new message is spreading under the same URL. New new message is the following:

  I currently have [xx] profile viewers 2day see yours:(bad url). The xx is a random number.

 Now remember no app can tell you how many profile views you have gotten. If you allow it all it will show is a random number, it may also ask you to sign up for some services so the scam writer makes some money. If your twitter feed starts spreading the message go into your settings and remove permission from the app: Who viewz that 493 and then delete all posts the scam app has made. Finally I recommend changing your password to be on the safe side.


 The url has changed again, it is now loading from hxxp:// I wonder how long it will be till they start using viewthis4?

Wednesday, April 13, 2011

Another who viewed your profile scam going through twitter

 Although much of the talk about social scams recently is about the Facebook photo tagging scam Twitter has a large amount of a spam scam going through at the moment also. StopMalvertising wrote an article but it seems domains have changed since they wrote the article. The scam app is now leading to hxxp//  The latest message is the following:

 OMG! See who viewed your profile - (Copy & paste) (Bad url)
 Ahhhh! See who viewed your Twitter profile - (Copy and paste) (bad URL)
 Coool! See who viewed your profile - (Copy & paste) (bad url)

 Eventually you will end up at a survey site attempting to get you to install some adware. If your account starts spreading it please go into your account app settings and remove the scam apps access to your account. Then delete all the tweets already on your account, and finally change your password to be on the safe side. Remember no app an tell you how many people are viewing your twitter profile.

Photo tagging becoming a top way for scams to spread (and what is My Top Stalker)

 Just yesterday I wrote an article about how Photo tagging scams are hitting Facebook hard, well its been another day and it seems it is still hitting Facebook hard. By hard I mean in the past couple of days I have gotten 1000 hits on my blog article about my top stalkers.For those of you who have just seen all these notes about My Top stalker and have no idea what it is here is what goes on:

 A user activates a scam app, the scam app loads up a photo and starts tagging random people on your friends list on a photo called "My Top Stalkers". At the bottom of the photo where the user would leave a description the scam app leaves a link to the fake app. If a user clicks on the line the cycle would continue.

 Now the difference between this scam and others is that instead of spreading via a status it spreads via photo. It seems more people are willing to click on a link in the photo rather then the status at the moment which has allowed this scam to spread very quickly.

 To remove this scam delete the app from your list of allowed app. Delete the status (if any) and then finally delete all the photos. To be extra safe I recommend changing your password to stay safe. This is day two of the large amount of people clicking it on twitter so make sure you warn your Facebook friends about this. Plus join our Facebook page to keep up to date about the latest scams: IGL-Security Facebook page 

Wordpress hacked

 Wordpress the popular blogging/content platform seems to have been hacked recently. According to the blog post on the Wordpress blog it is not currently known what has been taken (if anything) off the Wordpress servers.

  I highly recommend if you use wordpress to change your password just to be on the safe side. Make sure you have a strong password and don't use the same password for every site. Also make sure you keep updated on the latest computer security news, you can like our facebook page and get the latest computer security news right in your news feed.

Tuesday, April 12, 2011

Profile Stalker making another hard round into Facebook

 Well it seems Facebook is getting hit hard again by the profile stalker scam apps. How do I know? I have been watching my blog post stats and watched the views of my Profile Stalker articles jumping way higher then normal.

 So a quick search had me run into a few of the scams app I will warn you about again. The first combo app I saw was spreading the following message:

 My total facebook views are: (random number)
 Find out your total profile views @ (bad url)
 I just found my STALKER on Facebook!  
You can see who creeps around your profile too!

 Like always no app can tell you who is stalking your profile or how many profile views you have.

 The next one was under the name of Sorority Life Helper (If I remember correctly Sorority Life is a FB game) and was spreading the following message:

 wow this works >>(bad url)<< now you can see who your top facebook profile stalkers are! I can't believe who was my no1 stalker:D

 Another thing to note this time it seems to be tagging everyone in photos of these. I have not personally seen it yet but I have seen a lot of people saying they are sorry they were tagged in the photo. The people seem to be getting tagged in a photo called "My Profile Views". For some good news many people are spreading warning messages about this so many people are already informed. Now for some cleanup tips.

 First go into your app settings and remove the apps permission to post on your account. If we do that last all the posts would just come back.

 Delete and the posts and photos it made so others are not clicking on the links and infecting their facebook accounts.

 Change your password just to be on the safe side. 

 Always remember no social app can tell you who is stalking you, how many profile views you have. If it sounds to good to be true it most likely is.

Never panic at an AV alert

 Everyday many users run into different types of malware and a good amount of the time the AV throws up an alert. One thing I would like everyone to remember is to never panic when they see a anti-malware alert. Worrying whenever you get an alert may even make things worse, make sure you take the time to read the alert and read online if you need help.

 An example would be yesterday when Avast had an FP filled update: Avast blog on FP many people thought a majority of the internet was infected even though it was just an FP. As I was on Yahoo Answers informing everyone that it was an FP and pointing them to the blog new questions were coming in as I typed up my answer to each of the questions already asked. Now don't think "I don't use Avast so I don't need to worry" because every AV has false positives. The point I am trying to make is that you should not panic and start deleting everything when your AV alerts you of something.

 It is always a good idea to quarantine the files before you delete a file. If it ends up being an FP its simple just to restore it out of the quarantine then having to work on un-deleting and fixing problems caused by deleting a file. Do not take this message the wrong way and start allowing each of the alerts you may get, if you don't know what to do go to your AV's support forum and ask others there, most support forums are full of people willing to help others out.

Monday, April 11, 2011

Watch out for Photo Tagging Scams

 Recently more and more scam apps have been turning to ways other then Status updates to spread on Facebook. Recently scam apps writers are making scam Facebook Events based on their scam app. Such as find out who is stalking your profile on (event date). Like the fake scams thousands of people are clicking on it seeing if they can see who is stalking their profile.

 The other way is tagging you in fake photos with a link that leads to scam websites. A recent scam went through Facebook tagging you are photos of olive garden food and in the photo a link to a fake scam site saying olive garden is giving away free food all month. If you clicked on the link you will end up at a survey site trying to make money off of you.

 Be on the lookout for these scam sites. Just because its not a status does not mean its not a scam. Also remember the advice: If it seems to good to be true it most likely is.

Friday, April 8, 2011

Facebook is not closing today

 Another scam is hitting Facebook hard today, once again saying Facebook will be closing down today. It is now spreading under the following message:

 Facebook is closing all accounts today. They can't handle so many accounts. Most of the old accounts are not active, so they are deleting everything. If you want your account alive please confirm your activity. This is the final notice! (bad link)

 Like always this is a scam and Facebook will not be closing down. Do not click on any of the links that say Facebook is closing down. If you see this link spreading through your news feed going into the settings and remove access to the social app: Confirm your activity - Official Application

 Then I also recommend changing your password to stay safe.

Monday, April 4, 2011

Free Xoom scams on twitter

 Free Ipads and Iphones are not the only scam going around twitter. Although at a much slower rate free Xoom scams are going through twitter at the moment. The free xoom scams are spreading under the following messages:

 OMG! The Motorola Xoom is way better than the iPad! Just received a free one, from: (Bad url)

Hardly can wait! The Motorola Xoom is way better than the iPad! Just received a free one, beta test one here (bad url)

LOL.. I'm so cheap (broke) I'm going to try and get a Motorola Xoom for free here (bad url)

So excited! The Motorola Xoom is way better than the iPad! Just got a free one, go here fo (bad url)

SWEET! The Motorola Xoom is way better than the iPad! Just got a free one, from (bad url)

 Like the free Ipad and Iphones all of these are scams. I highly recommend that none of y'all click on any of the links offering fancy items for free. If you have already clicked on the link I recommend you go into your account settings and remove access the app has to your account. Then change your password to stay on the safe side. Always remember if it sounds to good to be true it most likely is.

Who has been looking at your FB wall?

Wow see whos been looking at your wall and how many times they viewed it, see who is the most popular among your friends @ (Bad Link)
 You may have seen that message going through your facebook feed recently. It is another scam going through Facebook which has been very popular recently. Like most of these social scams it offers to let you see who is stalking your profile wall. These types of scams have been become very popular recently. With the rise of social networking and how it gets you connected people to people, some people start to worry about who is viewing their profile. These scam writers base their scams off of this to trick people into clicking on the scam app.
  To remove it go into your app settings and remove all of the bad apps from having access to your account. In my research the app "click allow" was the one currently spreading but I am sure other names are out there. Remember no social app can see who is viewing your profile or how many people have viewed your profile so watch out for these scams.

Profile Spy makes its way to Twitter

 Another large wave of twitter spam/scam is making around with twitter right now. Again its back to saying it can see who is viewing your profile if you just click on the link. At the moment it is hitting twitter hard, as I type this I have seen more then 200 new posts on twitter posted by the fake app. Once again please remember that no twitter app can tell you who is viewing your profile. If you go to the link it will try to spread the link on your twitter page, and most likely attempt to get you to take a survey so the spammers can make some cash.

The current bad app spreading around is Profile Spy. It spreads the following message:
 Wow! See who viewed your twitter with Profile Spy (Bad App Link)

 To remove this you first must go remove Profile Spy's permission to access your account in your settings. If you just delete the posts it can then just start posting again at some other time. Then go and delete all the posts it posted under your account. That will prevent your friends from clicking on it. Then finally go and change your password just to make sure you are safe.

 If you see any friends posting them make sure you inform them its a scam and to not click on any of the links. No Twitter-App can tell you who is viewing your profile.

Saturday, April 2, 2011

Hey, I just made a photoshop of you scam

 Another new Facebook scam is making rounds through Facebook. Its no longer offering to let you see who viewed your profile or who is stalking you, it now says a friend made a photoshop of/for you and gives you a link to see it.

  The bad apps message is: hey, i just made a photoshop of you, check it out :P: (Bad app link)

  Like always it will either take you to a malware download or attempt to get you to take some surveys. Most likely your friend does not use photoshop. If you see any friends posting this do not click the link.

Update on the Lizamoon TweetLister tweets

 Yesterday in our blog post about Lizamoon I shared that the social app TweetLister had tweets spreading links that lead to the Lizamoon attack. Well it seems the app is still spreading some bad tweets under a different url. When I first posted about that yesterday not many other reports were out about it spreading through twitter but they are starting to come out now.

 A report from stopmalvertising  has came out today shows that the TweetLister app continues to spread links to the Lizamoon sites. For those of you who have not read about the attack I highly recommend you read my previous article here for Lizamoon info: SQL Attack Info.

 TweetLister is now spreading the attack domain Books-Loader, which seems to have been registered on January 18th 2011 so its still a pretty new domain. Doing a URL scan with a great tool called Urlvoid it seems that a couple of services detect it as malware at the moment. While doing a VirusTotal scan on the domain it says Google Safe Browsing, G-Data, and Firefoxes webshield should block the attack. You can see the VirusTotal results here: VT Results

 For anyone using TweetLister I highly recommend you watch out for the malicious links that you may start spreading. For twitter users that follow a person that uses TweetLister I highly recommend you watch out for the LizaMoon links that may go through your feed. If you know a way I recommend contacting the sales agents that you see spreading the Lizamoon links informing them that they should remove the bad posts and watch for more being posted to help prevent others from becoming infected.

 For those of you who would like to see where the links are spreading I will recommend checking out this twitter search but if you do DO NOT click on any of the links, because you may get infected if you do.

Friday, April 1, 2011

Large number of sites hit by SQL attack (Updated)

 A large number of sites seem to have been hit by an SQL attack being called LizaMoon. LizaMoon was the original URL that the attack was detected it by WebSense security lab. It seems at the moment thousands of sites have had the script injected into their site and have became part of the infections.

 The hacked sites will load a script that try's to load a FakeAV onto your machine. For those of you that do not know what a fakeav is it is a fraud security or pc tuneup application that will lock you out of your machine and keep asking you to buy the fake product to fix errors that do not exist. According to reports the fakeav at the time was Windows Stability Center. However with the rate that FakeAV's change (Most malware has a very short lifespan) it most likely will not remain that FakeAV for long.

 While researching the domain I did a twitter search to check if the domain was being spread through social media. It seems 3 days ago a social app called TweetLister Real Estate (Which from my research seems to be a twitter tool for real estate agents) was spreading a link to the LizaMoon url. It may have been that the TweetLister site was hacked for it seemed a few different sales agents were spreading the link.


 How many sites have been hit by this?: That is currently unknown but its most likely in the thousands. When IGL gets more info we will inform y'all

 How were the sites infected?: That is currently unknown also. Common reasons for hacked sites are outdated content systems and extensions that have security vulnerability.

 How can I stay safe from this attack?: Keeping an updated AV, updating your software on your machine, and updating your OS will help keep you safe from this wave of attacks. It will not keep you 100% safe but will deeply lower your chance of infection.

 Other information:

 WebSense Article 1
 WebSense Article 2
 Sophos Article