Monday, June 27, 2011

LulzSec Release Had Malware?

 A rumor has been circulating that the latest LulzSec release actually had a trojan in it. Well StopMalvertising decided to take a deeper look into the release to see what they could find. What they found was a cracked copy of WinRar. Cracked files are one of the things that commonly make AV programs detect files.

 Cracked files are normally packed by packers that are used commonly by malware. So this is most likely the reason you have seen all the reports of AVs detecting files in the release. Another question this raises is was this file packed by LulzSec or was one of the companies using a cracked copy for the servers? I honestly think the report of the "possible virus" in the release has been discussed more then the actual release itself. 

 I highly recommend you stay away from cracked programs, it hurts the dev and is breaking the law in my opinion.

Saturday, June 25, 2011

Lulzsec done?

 Hacking group Lulzsec has announced after 50 days they are disbanding. This can count as shocking after all the "chaos" that had caused over the past 50 days. It seems the last hack they did was placing a fake job ads on the navy site according to what I have seen on twitter. Why the sudden quit I don't know but I doubt this will slow down the large amount of hacks we have seen recently.

 For those of you who are wondering Lulzsec did the following things: Hacked PBS, Hacked Sony, took down the CIA.gov website (one of their bigger targets), and hacked Infraguard.

Tips for a strong password

 With the large amount of sites being hacked and passwords being stolen I thought it would be a good idea to create a guide with some tips for a strong password.

 1. Never use the same password at different sites: This is the tip that has been getting people in trouble recently. Its gone so far people are using their Neopets password as their paypal password. When someone hacks a site and releases all the passwords hackers go out and try to use these passwords and user IDs on every site they can think of to mess with your account.


 2. Don't be simple: Using passwords like qwerty or 123456 or password is not a good idea. Even though these passwords are a bad idea they are some of the most popular passwords used. If you use a really simple password you greatly increase your chance of being hacked.

 3. Use Letters and Numbers: Using a mixture of letters and numbers to make it harder to be guessed. If you use letters its a good idea for them to be uppercase and lower case.

 4. Don't be personal: Using the name of your dog, cat, pet, or other personal information is not a good idea in a password. It makes it simpler for hackers to try to learn about you and makes guessing your password more simpler

 5. Don't add strangers on Facebook: They could be hackers trying to learn more about you.

 6. Don't fall for phishing emails: Banks and other companies don't normally send you an email asking you for your password so watch out for these phishing scams.

 7. Keep up to date on hacks: Watch out in the news for reports of sites you are a member of being hacked so you know when you need to change your passwords.

Friday, June 24, 2011

More bad news for some DropBox users

 TechCrunch has gotten hold of a letter from DropBox CEO to some site members saying one member went on targeting users to access data. What data was stolen is unknown and who the attacker was is also unknown. On the bright side according to the letter it was a very small number of accounts accessed so they is some good news for a whole lot of people but bad for the very few that were accessed. If we hear any more info I will inform you.

Sony Lawsuit over PSN

 Sony is reportedly  being sued over knowing that its PSN network was not secure. We all knew it was only a matter of time after all the news that surrounded the hacks. As you know on the blog I have put out a lot of articles on that hacks and everything that has happened. In fact here are a few of the articles

 Why is PSN down?
 PSN Hack News Roundup
 I have a PSN what do I do?

 Then the countless PSN Update posts that I made to keep everyone updated. In fact the PSN update articles were some of the most popular posts at the time of the issues. I have not heard any reports of credit cards being charged after the hacks. However they may not be public so some may have happened. After these hacks the hacks have really picked up and hackers are attacking the web strongly. Which is why it is always strongly recommended to use a different password at each site.

Hackers vs Hackers picking up

 The Internet is becoming the Wild West again. Hackers against sites and now hackers vs hackers. Ever since the Sony PSN hacks things have been picking up quickly. In fact Hackers are attempting to outdo each other in everything that they do. I really liked that article from Sophos which really gives some good insight into whats going on in the hacking world. Turning each other in, taking down each others site. These hackers are not just sitting around they are actively targeting each other.

 Another interesting article I saw was from Guardian.co.uk who got hold some of LulzSec chat logs. This just shows some of what goes on inside the group and is interesting for those of y'all interested in computer security.

 Now finally for some advice, always use a different password on each site. If you use the same password on different sites all your accounts would be open for hacking. This leaves not site off limits, even your Neopets account if you have seen LulzSec twitter feed.

Wednesday, June 22, 2011

Did LulzSec turn in the suspected hacker? Hackers against hackers

 Some interesting information about the suspected hacker that was arrested. It turns out LulzSec was reporting those who try to rat them out according to a report on the ZDNet blog. This just goes to show that hackers are willing to turn in other hackers that attempt to do wrong to them.

 In other hacker vs hacker news another hacking group has starting hacking the LulzSec member pages according to a report over at Yahoo News. Also another hacking group has decided to target Lulzsec members by posting personal information about them on the internet and then according to the report turn the info into the FBI. We will have to wait and see to find out how all these hacking groups end up but we will keep you updated when we get more info.

Tuesday, June 21, 2011

Autorun Malware on the fall

 Autorun malware is on the fall according to a report from Microsoft Malware Protection Center. Why the sudden drop you may ask? Microsoft has released an update to help cut down on the malware that spreads through USB drives. This is another good reason why you should be install Windows Updates when they are released. Its great to see the results of a security update when a large amount of people install it, installing these updates are a great way to stay protected and help cut down the malware problem.

 Now I know the usb malware problem will most likely never fully die but it makes you feel a little safer plugging in the usb drive from a friend.

Suspected Hacker arrested by PCeU

 The eCrime unite over in the UK has arrested a suspected hacker. The report say this hacker was DDoSing against a number of international companies. Some people have wondered if this people is related to LulzSec but it is not the person behind the LulzSec twitter account because the tweets are still coming in.

 Reports have also started coming in that LulzSec was going to team up with other hacking groups to target more people. What will this lead to? Well we will just have to wait and see, however we will inform y'all if we hear of any other big attacks coming from this.

 Finally rumors have came out that Lulzsec has got the U.K Census data. However they have came out and said they have not taken the U.K census data. It was just someone else trying to use the Lulzsec name.

Monday, June 20, 2011

Dropbox Security Glitch

 Its always hard to announce that your company had a security glitch, even harder if the glitch was real bad and let anyone view anyone's account. That is what has happened to Dropbox the service which is like an online USB drive allowing you to access files anywhere. For four hours users were able to access other users accounts by just typing an email address and any password. Now I will be honest I am a slight Dropbox user myself. By slight I mean I have it installed but I do not have any files on it. I have seen a lot of complaints in different sites comments around the web and many people are upset over the matter. Doing a quick twitter search you can see many people looking for a new service to use. It has not been announced if any personal data was grabbed from any accounts but if we hear from any reports we will inform y'all.

What do they have in common?

 Profile Views and Dislike Buttons what do they both have in common? Both of them are lies on Facebook and do nothing! Both of them have been making a big wave of spam posts on Facebook here are some of the examples I have found:

 WOW! My Facebook wall has been seen 1795 times.
Boy views: 898.
Girl views: 897.

Check yours @ (bad link)
Facebook has enabled the dislike button click here to activate yours now (bad link)
  Neither of these apps can do anything good. They can not enable a dislike button because it does not exist and it can not tell you who is viewing your profile because no app can tell. Please try to avoid apps like these, if a real dislike button were to exist you exist you would find news about it on tech sites around the world. If Facebook were to start letting app see who was viewing your profile you would also hear about it on tech sites around the web.

Sunday, June 19, 2011

How to stay safe on twitter

 Although I have written about how to stay on Facebook a bit I have not written much about how to stay safe on Twitter. So I thought I would like to take some time and share some tips:

 Twitter is a like a big online conversation, with it you can meet people you would never get to know in real life. I will admit I have met a lot of different people that I would have never gotten to know in real life through twitter. However that does not mean twitter is fully safe and twitter still has its own security threats we need to worry about them. Here are some of the types of threats you may run into on twitter:

 Mention Spam: Mention Spam are @messages sent to users when they mention a certain topic. For example one day I mentioned the Iphone and start receiving messages inviting me to go to sites where I could get a free one. Clicking on these "offers" will just give away much personal data to some random company someplace in the world.

 Malware Link: These work the same as any other site, a short linked url is posted and you are tempted to click on it. Once you click on it you are lead to an exploit page where you machine is infected with malware.

 Scam/Spam Apps: Facebook is not the only one who has "who viewed your profile" or "How long have I been on (social network)" apps. These apps will try to offer you surveys to gain cash for the spam app writer.

  These are just some of the examples that spread on twitter. Now I am not hear just to list everything that can go wrong. I honestly like social networks as long as you use them safely. Here are some tips for staying safe on Twitter.




 Extract URLS: Do not just go and click on short links. Expand them and check out where they are going to before you just click on the links. If the short link points to another short link it is not a good sign.

 Check URLS: Don't just click on the URLS, use a site like Web Of Trust to check out the sites reputation.You never just buy any product without research so researching the site is also a good idea.

 If it sounds...: to good to be true is most likely is. No one is going to give you something that great free without a catch. Its always a good idea to use common sense while surfing the net.

 No app can: tell you who is viewing you profile or how long you have been using the network. Avoid apps that say they can.

Friday, June 17, 2011

Malware: Now outlawed in Japan

 I really enjoy reading Engadget for computer news. Now its not often I see computer security news on the site but when I loaded it up a little while ago I saw an article about it. It turns out Japan has outlawed Malware. So now they will get prison time along with a fine. Its good to hear that countries are starting to take action against malware however its going to take a lot of work to try to get rid of the malware problem that is facing the world now. We shall see how this ends up and if it helps against the malware problem.

Sega Pass Hacked

 Here is another one to add to the list of hacked places/things/items. Sega Pass (The corps database of IDs/online network place) has been hacked. Mashables was able to get the letter that was sent out to Sega Pass members. On the bright side Sega did give some good advice and took a good amount of action. They say in the letter they took action in the past 24 hours to help prevent more data loss. They also recommended that anyone who used the same password on other sites to go and change your password. No one knows who did it, Lulzsec did tweet Sega and asked them to get in contact to tell them who hacked them. They said they would go after whoever did because it seems they like Sega. Why they would do that I don't know but they did. If we hear any more info we will keep you informed.

Thursday, June 16, 2011

Lulzsec releases another set of passwords

 The hacking group Lulzsec has released a set of 62,000 user credentials to the world. As soon as it has been released hackers started tweeting in that they were trying to access different peoples accounts and ordering stuff on others. You can see TheNextWeb report that shows some tweets of what people have said. I will be honest I really feel bad for people so make sure you use a different password on each site and make sure you watch out for sites you are a member of being hacked.

Wednesday, June 15, 2011

Lulzsec takes down cia.gov

 Hacking group Lulzsec has set its targets on cia.gov. At the moment cia.gov can not be accessed at all so it is most likely a ddos attack. Taking a look at the tweets coming in we know its for sure that they did it. So for those of you trying to figure out why you can't access cia.gov that is the answer. This is the same group that hacked PBS and hacked Sony Corp.

 This is the second gov site they have taken down recently. They took out senate.gov not to long ago so they seem to be targeting gov websites more often now. We will report with more information once we get some.

Free Subway offer,its still spreading on Facebook

 So I have written about the "I Love Subway" free Subway off on Facebook running off the domain hxxp://cdn.freegiftcardsonu.u(s) a few times now. I noticed in my incoming search term log that "Free Subway Facebook." So once again I would like to highly recommend that you do not click the link on these "I Love Subway" sites. Remember I am not the only one recommending you do not click on this. Sophos also is recommending that you do not click on these links.

 If Subway did a real offer like this you would here about it everywhere.

Statement from Avira on partners

 Avira has put out a new statement on their forums about the partners. For those of you who have not read the previous article on the subject I highly recommend you read it. To see the latest statement from Avira check out the forum post here. 


 I have got a few links from a twitter friend (Thanks StopMalvertisin) on this topic that I thought I would share with you. This first link I got was a like to a report on TechJaws. They tested the product Registry Booster which was the product being offered through the adverts. The next link I got was a link to the Wikipedia page on the product. I highly recommend that you check out both.


 That report on TechJaws shows one of the major reasons that people are not fans of the UniBlue RegistryBooster Adverts. We will keep you updated if we hear any more news about the subject.

Tuesday, June 14, 2011

Trust and Rep: Two important things for everything computer security company

 Two import things for any computer security company, blog, or service is Trust and Reputation. Every computer security company works so hard to build it up but one mistake can bring it back down or destroy it. It takes much time to build up the trust but it can be broken instantly.

 Lets take IGL-Security for an example, I try to help build up trust and keep the reputation good for the blog. Which means making sure its indexed properly, widgets and info setup properly, making sure a privacy policy it setup. All that takes time to work on to help build up the trust. However I could instantly break that by filling this blog full of false information. That would hurt this blogs reputation and break the trust of the readers.

 So do AV companies build trust and reputation? They build up good detection rates in AV tests, they get good reviews in magazines, and they spread through word of mouth advertising. All this helps them build up the trust in reputation. That's what makes an AV like AVG so popular. They built up a strong reputation and now whenever you talk so someone about free AV programs AVG is most likely mentioned.

 Now how do the vendors break your trust? Now as I said its quicker to break trust then it is to build it. McAfee had an FP that made it detect Windows file which made it lose the trust to some of its users. Avira is adding the Ask Toolbar and Uniblue adverts which has cause some to lose trust in it. AVG has released an updated that crashed Win7 64bit machines before causing people to lose trust. Avast released an update that caused its webguard to detect many sites as malware. Its very simple for an issue to cause the lost of trust for many AV companies.

 So if you are running a computer security software company make sure you work very hard on keeping your company able to be trusted and make sure your reputation stays clean. Also make sure you only partner with places you would personally use and personally trust.

Monday, June 13, 2011

Two more sites hacked

 Time to add two more places to the list of hacked sites. This time Senate.gov has been hacked and Bethesda SoftWorks has been hacked. Its amazing to look book and see how many sites have been hacked over the past few weeks, its just so hard to believe that all of them have been hacked. According to Sophos this hacking can earn someone big jail time if they are caught. If you are a webmaster now would be a very good time to go and make sure your site is secure. Sites seem to be getting hacked left and right.

Don't believe everything you see on the internet

 A few days ago a photo went viral on the social network Twitter accusing McDonalds treating groups of people unfairly. However what many people did not pay attention to is that the photo was a hoax and they were spreading it. At the rate the photo was spreading hundreds of people must have thought the photo was true causing a large PR issue for the Mcdonalds team.

 Now we all need to remember to research before we spread. A small spread of false information can really hurt someone else. Not everything we see on the internet is true so research is always the best place to start.

Avira Software New Partners

 Toolbars are bundled with a large amount of applications. Most of the time they are strongly disliked, however Software Makers are attempting to expand their profits and most of the times they think adding a toolbar is the simplest way.

  Now a bigger debate is surrounding should should security programs be "endorsing" this kind of software. This question has really picked back up again today when Avira "announced" two new partners: UniBlue and Ask.com. For UniBlue I have never tested a UniBlue product before. I did a search for the product Avira is sharing and I found a link to their Home Page. The first thing I found was the WOT was ranking the site yellow. Some comments say the product is OK while others are complaining about it. Another thing to note is that the product that is being recommended is a Registry Cleaner. If you do not know what you are doing you can seriously mess up your computer. I am not the only one that will tell others this, check out this report from the experts at BleepingComputer who are also sharing the same message.

 Now how is Avira recommending this? Well if you are a user of Avira free you know they have a message that pops up after updates. Well ads for the Uniblue product have been reported by some members over on the Avira forum. Another person reported on the forum that they got an email about the Uniblue product.

 Avira's next new partner is Ask for the Ask.com toolbar. Now the Ask toolbar is most likely one of the bigger disliked toolbar in the computer security community. In fact Calendar of Updates has a whole topic dedicated to security software that bundles the Ask.com toolbar and the reason why they don't like it. Adding it has hurt the reputation of a few companies that have added it in. However gladly a few companies have came in and said no. Lets take for example the creator of Winpatrol. He was offered a partnership to put a toolbar with Winpatrol to make extra cash and he turned the offer down. In fact he turned the offer down twice! The creators of Online Armor also decided to not put the toolbar in the program and instead listen to the users.

 So this leads to the next question, how will Avira push the toolbar? Well the Ask Toolbar will be pushed with the free version of Avira according to the plan.  It is being said that free users would be able to get the Web filtering free if they install the toolbar and make Ask.com their default search engine. So if you will want the web filtering you will have to install the toolbar.

 An Avira staff members said the staff were still reviewing all the feedback they have gotten from the announcements. To close I just want to quote something from Mike on the Online Armor blog post:

 Users place a lot of trust in security vendors. They are trusted to do the right thing. Do not abuse that trust. -Mike from the Online Armor Blog

Sunday, June 12, 2011

All news is not true news

 Well here is something rather interesting that has came up into the computer security world. Now I could write something about it but I think it should be read directly from the F-Secure blog. A fake report has started spreading that two well known computer security researchers have been arrested for stealing credit cards. Now these two people are well known into the computer security community so it makes very little sense for them to steal credit card data. To be honest as soon as I read the title of the fake article I started laughing because of how crazy it sounds.

 This just goes to prove one point, you can not believe everything you read online. Do not blindly trust everything you read. People will put out fake information online like this. Please send people that are spreading the false information a link to either the F-Secure article or article to help stop the spread of the false information.

Saturday, June 11, 2011

Are all mobile apps secure?

 I read the other day that the use of texting is dropping and the use of mobile IM apps are rising. Now I personally don't know anyone who uses these mobile IM apps but I don't know WhatsApp is one of the popular ones. However with the rise of these types of mobile apps does anyone take the time to see if they are truly secure? Yes the are popular but popular does not mean secure.

 Now I had been thinking about this and to my surprise as soon as I logged onto Twitter this morning another security blog has posted a report of the popular app WhatsApp.

 Now I do not have any way to personally test their finding because I do not have a Smartphone but according to their report none of the data was encrypted and they were able to access all the data from the app.

 Encrypted data is something that has come up a lot more often recently. When Sony was hacked it was found everything was unencrypted and data was simply accessed. If something like that were to happen to WhatsApp clients it could possibly happen. Now I am not saying it will happen but a couple months ago we never through all Sonys data was going to be accessed.

 So always remember research if your data is going to be encrypted or not. Its always better to be safe then sorry.

Friday, June 10, 2011

Free Ipad and Iphone scams going through twitter

 Free Ipad and Free Iphone apps are making a strong wave through twitter. How do I know? Well I have been  monitoring the most popular daily article IGL-Security stats and noticed a large amount of people are coming and reading an article about the free items scams. So I decided to take a look into what I could find on Twitter and here is what I found:

 First up some of the messages I found:

 Managed to get a free iPhone for doing nothing!!!! (bad link)


 WOOW!! I just got a FREE iPhone 4 from this website! Hurry, go here (bad link)


 All I did was basically fill in a 5 minute survey and got a totally free iPhone!!!!!! (bad link)

  Fantastic! I just received a FREE OF COST iPad through (bad link)

 The scam site links kept coming in so I did not have time to view each one of them. Just because some random site on the internet is offering you free stuff does not mean it is true. If it were true you would hear about it everywhere. 

CodeMasters hacked

 Today our list of hacked sites is once again expanding. This time CodeMasters has been hacked and according to the report a lot of personal details were stolen. According to CodeMaster they don't know if the data was stolen but they think it was accessed. Here is some of the information they say was accessed:

 Customer Names
 Email Addresses
 Phone Numbers
 Encrypted Passwords
 Order History.

 Also the CodeM user data base was accessed which contains profile information and other personal information. On the bright side CodeMaster did inform everyone of the following:

  Please note that no personal payment information was stored with Codemasters as we use external payment providers, meaning your payment details were not at risk from this intrusion.

 

  So that is some good news. The CodeMasters site will be off line fora  while according to the report. If you used your CodeMaster password on another site now would be a good time to go change your password. Its always better to be safe now then to have to worry about it later,

Thursday, June 9, 2011

Who viewed your profile currently spreading on Twitter.

 The who viewed your profile scam seems to be making a wave through twitter. Here is the message I have seen spreading:

 You have [32] profile views today see who they are (bad link)


 Inside the [] are a random number of how many views they say you have had. Do not go to the link and no app can tell you who is viewing your twitter profile. 


 

20,000 Blog Views

 IGL-Security has hit another major amount of blog views, this time we have got 20,000+ blog views. So its once again time to share some stats with everyone.

 A majority of our blog readers are reading through the Internet Explorer Internet Browser. Firefox is the second most popular, then Chrome, and then the 4th most popular is Safari.

 A large majority of our blog readers are reading from a Windows Machine, followed by Mac. In 3rd place for the OSes is Linux OSes. Then comes in the Mobile OSes.

 Google is our greatest source of incoming URLS.

 Our most popular article has 2,059 views.

 Now to hit 40,000 blog views!

Update on the end of ClearCloud

 A few days ago I blogged about the end of ClearCloud DNS service. At that time not much was being said about what it was being discontinued, however I have got more information for anyone who wants to hear.

 First off the general manager over at GFI software wanted to thank everyone for their support of ClearCloud. He said the following:

 Well, all I can say is that I'm deeply humbled by the support for ClearCloud shown on this forum. I honestly had no idea it was so popular.

I don't know if I can revive it, but if there's a way, I'll certainly look into it. No promises.


Thanks all, 


 -Source: Wilders Security Forum 

 So for all of you out there wanting ClearCloud to come back I guess you still have a chance. No guarantees but still a slight chance of hope. Its going to be interesting to see how this ends up. If you have any comments on ClearCloud or thoughts on the subject feel free to leave a comment on this post.  

Who viewed your Profile makes wave through Facebook

 Another day another large wave of who viewed your profile scams going through Facebook. This time spreading the following message:

 WOAH! my profile was viewed 106 times JUST TODAY, and I can see that I have quite a few stalkers LOL! Find out yours (bad link)


 Like always the link can not tell you who viewed your profile and the number of times viewed is just some randomly picked number.


 Here Is another scam message I found


 WOW I cant believe that you can see who is viewing your profile!I just saw my top 10 profile peekers and I am SHOCKED from who is viewing my profile!You can also see WHO VIEWED YOUR PROFILE : (bad link)

 Please try to avoid these messages and if you see them do not click on them. No app can tell you who is viewing your profile. 

Trend Micro Brazil Website hacked

 It seems Trend Micro Brazils website has been hacked. According to a report (I am using a Google Translate link because the article is not in English). Now don't say Trend is the only security vendor site to have been hacking because a few of them have been hacked before.

 So once again this hack will be added to the long list of sites that have been hacked recently. So if you are a web owner I highly recommend that you go through and start making sure you site is secure and everything is updated to the latest version.

Sony Portugal and Citibank Hacked

 Sony Portugal seems to be the next Sony site to be hacked. This is once again is bad news for the corporation. Once again it was an SQL injection, so once again I must say I hope Sony is going through and checking all their sites for SQL weaknesses.

 The next site that has been reported hacked it CitiBank. Reports say data was accessed for about 20K credit cards in North America. This was another large attack with the recent string of attacks. In fact you just have to go to the IGL-Security homepage and see all the sites I have listed as being hacked.

 Like always I recommend you never use the same password on all your sites. All it takes is one site being hacked and hackers getting your password then they would have access to all your accounts.

Tuesday, June 7, 2011

Sophia Pretty...she is watching everyone 51min at a time

 Who viewed your profile scams are spreading hard through Facebook at the moment. However instead of listing a random friend of your it just lists random names. Here is the scams message:

 See Who Is Watching Your Facebook Profile Right Now?!
Top Viewers:

Sophia Pretty with 51 minutes last week.

Paul Steward with 56 minutes last week.

Jeremy Faith with 87 minutes last week.
  Now unlike most of the other scam these are the same names for everyone clicking on it. So its "pretty" strange way to do it. Once again this is a scam and do not go to the short link posted on the scam page. Those people do not exist and they are not watching your profile.

What causes Anti-Virus False Positives

 False Positives from AV software can come up any time. Some major FPs have happened (Like an AV deleting an important Windows File) and some minor FPS have happened (an AV detecting a not very popular file). However as nice as it would be to not have to worry about the problem they do happen. So what causes these?

 File Behavior:

 Programs that hook deep into the system (like other security software) are one of the main causes of FPs. AV programs watch the behavior of files to see what action they take and compare them to the behavior of malware. System tools that hook deep into the system behavior like malware is some ways which is why they set off FPs.

 File Stealth:

  Online gaming has grown pretty large over the past few years with high speed internet becoming available everywhere. However with the rise the cheaters have came along also trying to "hack" the games to gain advantages. I really don't get what you get out of cheating on a game, you don't earn anything of real life value. You may get your online stats higher but that is not worth much.

 So with the rise of cheating the game devs came out with Anti-Cheat program. The Anti-Cheat programs run in the background as you play the game looking for "cheats" to launch so it can kill them and the game you are playing. The game devs really try to "protect" the cheats and add things like "randomly naming files on load" and "double packing/crypting" to keep the Anti-Cheat safe from people trying to get around it.

 However the work of the Anti-Cheats leads to many AV's detecting them as suspicious files. A lot of malware is randomly named so when a Anti-Cheat randomly names a file it makes it look suspicious. A lot of malware attempts to pack and repack its file to make it harder for AV engines to scan. When the Anti-Cheat does that it makes it look like malware to the AV. Also finally most Anti-Cheat attempt to hide so they can not be simply killed. A lot of rootkits do the same thing, this rootkit like behavior is one of the other things that set off the Anti-Malware engines.

 As today's threats continue to get more complex AV vendors continue to work on how to best prevent FPs from coming up. The cloud has allowed vendors to white list good files to prevent them from being detected. However that has not cut down every FP that could possibly come up. Even cloud products still get FPS.

 In my honest opinion every vendor is going to have FPS. However slight risks of FPs will have to be taken in order to keep detection rates up. However I am not saying go out and take a big risk in a detection pattern that could knock out Windows machines. It all depends on what its worth to you. Someone will not be happy either way: More Heru Patterns = More change of people getting angry over FP but less people angry over infection or Less Heru Pattern = Less people angry about FPs but more people angry about malware infections.

Monday, June 6, 2011

Watch out for Ipad (and other random) Mention Spam

 Today Apple announced the new iOS 5 and Mac OS versions. Due to the a lot of people are tweeting about the latest Apple stuff and talking about it around the web. That leads us to the very common mention spam, and its really hitting twitter at the moment with everyone talking about Apple Products. In fact doing a twitter search shows the mention spam is going very strong at the moment. Here are some of my favorite I have seen:

 Brand New Batman with zero cost <- I never knew you could buy a batman.


 The new xbox Air could be yours- on us <- I always wanted air that came from an Xbox.


 We're giving away a Free Batman <- Robin is not included in the package.


 Now like always these are all scams. Please avoid from clicking on them, you will not be getting any of these things you were offered.

What do you think this article is going to be about?

 If you guessed it will be about bacon you are incorrect. However if you guessed Sony being hacked and then data leaked to the public you are correct. So once again I am blogging about another Sony Hack and/or data loss/leak.

This time a file containing Sony Computer Entertainment Developer Network Source Code has been released by the same hackers who hacked PBS, Nintendo, and released the large database of 1 million passwords from Sony Pictures. You can see information as it comes in via twitter which is what I personally do. No comments have came from Sony yet however if they say anything I will inform y'all.

 In fact many eyes are on Sony as they prepare to give some keynotes over at the E3 conference. I have a feeling this may come up at some time because when they are talking. I guess we will all find out when Sony speaks.

Sunday, June 5, 2011

Sony Pictures Russia Hacked (update: and possibly Sony Music Brazil)

 Well it seems the Sony Pictures hackers are not done with hacking Sony Corp. Reports are flooding in the Sony Pictures Russia has been hacked this time. Once again it seems it was hacked via a SQL injection attack. Doing a quick search for Sony Pictures Russia it shows the tweets are flooding in that it was hacked. No official word yet on what was done but I am watching for it.

 Update: Sophos is reporting that no personal information was released this time, this was just showing a vulnerability in the Sony site. The question will be how long it will be till Sony fixes the security vulnerability and if someone will try to use it to steal data before they fix it. On the bad side this is most likely not going to help Sony's image on site security. 

 I honestly hope Sony is going through right now and checking all their sites for SQL injection vulnerability. If you held an account on Sony Pictures Russia now would be a good time to look into what account information you have over there. Reports are not out yet of what was hacked. The only information out right now is a link spreading to a paste bin.

 It also seems that Sony Music Brazil has been hacked. I don't think think the two hacks are related but its worth noting  that they have been hacked.

 We will be updating this article as we get more information.

Nintendo Hacked

 You know how I said it seems daily I am writing about hack attacks? Well it seems it is time for me to write about another one. A report has came out from PC World that Nintendo has been hacked this time. On the bright side it seems that no personal information was revealed this time. However this just shows how active hackers have been in the recent few days.

 Now is a real good time to go make sure all your passwords are different on each site you are a member of. That will really help in case a site you are a member of becomes hacked.

Saturday, June 4, 2011

Free Subway offers, yes they are still spreading.

 I decided to check back into those Free Subway offers that were spreading on Facebook not to long ago and what do I find? The offers are still spreading, and they are still spreading as strong as they were last time I checked.

I decided I am not going to keep repeating what I have already said and just say something plainly. I highly recommend you watch out for these types of offers. In fact Sophos took a nice look into these offers just to see how much personal information was given away in your "attempt" to get the free giftcard.

Look at who?

 L00k at Wh0? That's the name of the new scam twitter app going through the twitter world. The scam app is spreading via the following message:

 OMG this actually works! see who viewed your Twitter profile: (Bad link)


 Once again I want to remind everyone that its impossible to see who viewed your profile and that you should ignore any apps that say they can. If you already accepted it make sure you go into your account settings and remove that apps permission from posting on your profile. Then delete all the tweets it made to prevent others from clicking on it.

Infragard Atlanta Hacked

 Another day another hacked site it sounds like. Once again they were hacked by the same people who hacked PBS, and Sony Pictures the other day. Once again people are are reporting the hacked users have been using the same password at multiple sites, once again that is sad news because it puts a lot of people in danger of being hacked. So if you used Infragard make sure you change your password on all of your sites that had the same password. In fact if may be a good idea to change all of them to something that is not similar to any of your past ones.

Friday, June 3, 2011

Sony hacked again (yes I used this title again)

 Wait you may be asking again?!? Well yes I am sad to say Sony has been hacked again. This time it was Sony Europe and only 120 usernames, passwords, and even mobile phones were released this time. So if you are a Sony Europe account holder I recommend going and changing all your user names and passwords. This is the same hacker who hacked the Canada Sony shop.

 Once again this is a SQL injection and all the passwords were plain text. Hopefully Sony is going through right now and making sure all their sites are safe from SQL injection attacks.

The end of ClearCloud

 If you read some of my past posts you know that I use and recommend ClearCloud DNS. It was honestly the first DNS of used. How I saw some sad news today over at the ClearCloud forum, ClearCloud will be discontinued and fully shut down later this year. So if you are a ClearCloud user I recommend that you take it off from your security setup or when its shut down you won't have an internet connection. Sorry to all of you that just started using it, I had no idea till today that it was going to be discontinued.

Mac Malware: Getting Serious

 A security researcher posted an article about something he found interesting, and something you Mac users may want to start watching out for. What he found was Proof of Concept Mac OS Ransom trojans.

 Now I have never experienced a ransom trojan, and a ransom trojan is something I would never ever want to be hit with. For those of you who do not know what a ransom trojan is it is simply a virus that locks you out of your whole machine till you say you will pay money to unlock it. It is something no one wants to go through, and its clear to understand way. Now why are these trojans possible you may ask? Think about all the information you have on your computer. Your photos, documents, money information, how much you be willing to pay to get it back?

 So how serious are these malware writers taking the MacOS. Well if they work on it like they are working on the Mac FakeAV's it will be pretty serious. Today Apple has released another security update in order to remove the newest Mac FakeAVs. This just shows are focused they are on making FakeAV programs for Macs. 

Sony Pictures Hacked (update)

 Yesterday I wrote about Sony being hacked again, so I figured now would be a good time to post some updated information about it.

 First off the AP has reported they contacted some of the people they found data on in the breech. The people they contacted confirmed the data was true, so this shows that parts of the database are true and are still correct. So what does this mean? It means that if you had a Sony account your data may be at risk. If you or someone you known is just saying "Oh Sony is hacked oh well no one will care about my info I will just ignore the warning" then I must urge you to keep an eye on your accounts. Hackers want everybody's account access even if you think you are a nobody you are a somebody to them.

 Stay safe from the phishing scams you may get saying they are from Sony if your email was in the database. I will continue reporting if I get more information.

Thursday, June 2, 2011

Are Stand Alone AntiMalware/AntiSpyware apps dead?

 A couple years back their was the AV product and their was the AntiSpyware product. However over years the line between the two has disappeared with AV products now detecting all forms of Malware. So is the time over the stand alone AntiMalware/AntiSpyware app? Now this will all be in my opinion but I am stall going to share it with y'all.

 Now when you think back of the major stand alone AntiMal/AntiSpy applications you may think of CounterSpy, SpySweeper, Spyware Doctor, Spybot, and Ad-Aware. Now these apps are not as popular as they use to but some are still there. Here is where they are at today:

 CounterSpy: Just recently discontinued

 SpySweeper: Still being sold and is currently in 6.1. Webroot released another version that added Antivirus Scanner using the Sophos Engine.

  Spyware Doctor: Its still here, currently in version 8 and has added a behavior blocker. They have been acquired by Symantec the creators of Norton Antivirus

  Spybot Search and Destory: Just recently released the first beta of version 2.0. It will be the first Spybot version with real time protection.

  Ad-Aware: Ad-Aware is still there but you can no longer get a version without built in Antivirus protection. The AV is now powered by Sunbelt Software who used Counterspy.

  So what happened to these programs? AV programs extended into detecting all types of malware and people went back to running just one program in real time protection. People went back to thinking why pay for two programs when I can just buy one that does them all? Yes I still see many people running these programs I am not saying they are dead and are going away, however I don't see as many people running them as I used to.

 So is space still open for an AntiMal/AntiSpy program? The answer is yes and two tools have been strongly proven the space is open and people will pay for products to detect what their AV misses. Those programs as you may have guessed are: SuperAntiSpyware and Malwarebytes Anti-Malware. They are the two go to tools if your machine gets infected and your AV is not detecting anything. It just goes to show if you have a program that is preforming well, can run with other AV programs, and spreading quickly via word of mouth you can have a successful product in the space.

Sony Hacked Again (How many times have I said this)

 Well according to the Twitter World Sony Pictures and Sony BMG Belgium and Netherlands was hacked, and lot of public data was released onto the internet. A lot of people are talking about it if you do a quick twitter search you will see for your self. No final count of how much personal data was released has but put out but reports are saying its in the millions. By millions that includes password data once again for Sony Pictures. I have also seen reports that coupon codes were released for music, and personal data on the staff over at Sony.

 It is said they used a simple SQL attack according to them. Sadly none of the passwords were encrypted. All of the passwords were plain text so your password may be in danger. The hackers this time were the same people who hacked into PBS just a few days ago. We will report once we hears Sony's response (if any)

 If you had a membership at any Sony site and used the same password at more then one site I highly recommend you go and change your passwords now.

Update 1 *rumor* A rumor is going around gov and military passwords were in that dump of information included. No idea if its true or not but I thought I would inform y'all of the rumor

Is the Antivirus Dead?

 With malware continuing to come at a quick rate and AV vendors only able to detect so much some have wondered "Is the AV dead?" In my honest opinion the AV is one of the most well know parts of computer security.  In my opinion the everyday user does not understand other types of security tech such as HIPS, Some Sandboxes, and registry tweaks. However the AV as we know it is not the same scanner that it was when it first started. So the tradition AV may be dieing but not the AV as whole.

  When the AV first started is was just the basic scanner. Eventually background protection was added along with automatic updates. Those three things made up the traditional antivirus program, which is why we called them the Antivirus scanner. However the time of the traditional AV are passing/over for an AV program like that can't keep up with today's amount of malware. Antivirus programs are changing, here are some examples how AV programs have changed:

 Heuristics: Heuristics gave AV programs the ability to detect new malware and variants of malware that the AV did not have a sig for. However heuristics are not able to detect all new malware and can cause false positives on clean software.

Code Emulation: The ability to virtually run a file to check its behavior added a good improvement in detection for many AV engines. However once again that was not a fool proof way to detect all malware.

 Behavior blocking: Behavior blocking is great for the prevention of new malware. However most of the time the user has to decide on if they want to allow the behavior or not. So each user has a 50% chance of allowing a bad behavior or blocking a good one.

 However that is just what has been added. New tech is being added each year to all the AV programs. Here are some things I think will really help improve each AV product:

 Cloud: The Cloud Tech is really starting to take off. We even have full Cloud AV products being launched like Panda Cloud and Prevx. As more and more vendors start to add cloud into their products I think it will really help their detection rates.

Sandboxing/Isolating: I think Automatic Sandbox and File Isolating are really going to take off in AV products over the next few years. As vendors find ways to make it simpler for users it will greatly improve the detection ability of each product.

 So in my opinion the traditional AV product/scanner may be dieing but the Antivirus is not dead. AV products are not the same as when they started and maybe 10 years from now AV products won't be like they are now.

The end of Counterspy

 It's a sad day in the computer security world today in my opinion. As you know some security tool (normally known as Anti-Malware or Anti-Spyware programs) are created to be used with your current computer security product. Today I have just found out one of my person favorite Antispyware tools known as Counterspy has been discontinued.

 CounterSpy has been around for a while, almost seven years according to the End Of life page and has been pretty popular through its life time.After trying CouterSpy for the first time late last year it quickly become on of my favorite Anti-Spyware applications and I installed it on all my machines. I was sad to hear that CounterSpy has been discontinued and that I now need to go work on finding a new Anti-Spyware app to put on all three of my machines.

If anyone from the CounterSpy team reads this thanks for such a great product as it was available.

Wednesday, June 1, 2011

More Android Malware found on Market (and removed)

 According to a new report 26 apps were found to contain an Andorid OS trojan known as DroidDream Light. Thirty to 100K users had download the apps with the trojan on it. The trojan starts up once an infected phone gets a phone call and starts transmitting data to a server. The app would be able to download more once it was activated however I have not seen any reports that it had started downloading more.

 That just goes to show just because its mobile does not mean its Immune to malware. Be sure to make sure your downloading the correct app and not some infected copy cat on your mobile phone. Use the same common sense you use when you download apps to your PC.

Facebook Malware now GEO/OS aware

 According to a report from F-Secure they have found the Facebook Malware I blogged about yesterday is now OS aware (installing on Windows and Mac) and GEO aware (it only works in some countries). This is a reminder that everyone needs to take prevention steps when they are online, especially when they are on social networks. Here are some tips:

 1. Install an AV! It does not matter if you are on a Mac or on a Windows machine an AV needs to be installed

 2. Watch out for random links in your Facebook feed. If it does not look like something your friend would say, if it does not say something your friend would say, or it does not sounds like to say your friend most likely did not say it. So just ignore it and ask them if they posted it or not.

3. Use Common Sense, research what the url is (I posted a guide on URL research not to long ago) before clicking.

Reports of Another Sony attack?

 Well according to a report from CNET the group that hacked PBS just a few days ago now has a new target. This time it is reported they are going after Sony. Now Sony has been a big target recently with the PSN Hacks taking down the PSN network for a while, the sweepstakes hack after then, the hack on the companies ISP, and then finally the attack on the Sony Mobile store. Is been a long start of the year for Sony Corp.

 Now it has not been said what the attack is/was and Sony has not said anything yet but if anything happens IGL-Security will report on it.

IGL-Security adds the Google +1 Button

 Hey everyone,

 As you have most likely heard Google has just released the +1 button for web sites. So I have decided it would be a good idea to add this to the blog for those of you who use Google and would like to recommend us to your friends. Also since this could play a part in how sites are ranked on Google is also made good biz sense to add it to. So when ever you see a article you like make sure you check out the +1 button!

Official Google Blog: The +1 button for websites: recommend content across the web

Mac Malware updated once again to Bypass security update

 The Cat and Mouse game continues, a report from ZDNET shows that a new version of the Mac FakeAV has been released just hours after Apple released a security update to stop the malware. This just shows how serious Mac Malware writers are about getting FakeAV programs out are.

 In fact when I look back to the first part of the year I hardly remember any articles about OSX security and Mac Malware. In fact I have only started recently blogging about Mac Malware here on IGL-Security. Remember if you own a Mac you are not immune to malware. I highly recommend if you own a Mac to start looking for Mac Antivirus software. With these outbreaks occurring it would a good idea to start getting prepared now.