Computer Security Articles

Who would have thought it? A free anti-virus program for Apple Macs being named best anti-malware solution ahead of those security products for boring old Windows.

Well, that’s exactly what happened at the SC Magazine Awards Europe 2011, held last week at the London Hilton on Park Lane.

Over 530 of the industry’s top companies saw Sophos Anti-Virus for Mac Home Edition successfully beat rivals including products from McAfee, Kaspersky and Symantec to win the coveted title of Best Anti-Malware Solution, at the glittering awards dinner.

Naked Security’s own Carole Theriault was on hand to receive the award, flanked by Qualys CEO Philippe Courtot and dead-pan comedian Stewart Francis.

Carole was uncharacteristically lost for words when I asked her how she felt, but I think what has surprised all of us is just how open Mac users are becoming to the idea of security their computers with anti-malware software.

Although the number of malware threats targeting Mac OS X is much much less than Windows, that doesn’t mean that they are non-existent. And Sophos’s free anti-virus for Mac home users has opened many eyes to the fact that security doesn’t have to be an unpleasant experience.

Sophos Anti-Virus for Mac Home Edition’s success at the awards wasn’t the end of the night as far as Sophos was concerned. The company was also named Information Security Vendor of the Year.

A tremendous result in such a competitive marketplace. Our thanks go to SC Magazine’s judging panel for recognising the hard work done by everyone at Sophos in the last year, and for our users and readers for supporting us!

And if you’re still dithering about whether you should run an anti-virus on your Mac at home, then do read the reviews… and then download our free Mac anti-virus.

Pursuing vulnerabilities in local software that is accessible through the web browser has been an effective attack vector. The following 4 free tools can help you identify locally-installed browser plugins that are behind on security patches.

Google Chrome and Secbrowsing

Users of Google Chrome rejoice—the browser flags common insecure plugins without the need for any additional tools. The alert appears when you attempt to load content that makes use of the vulnerable plugin:

If you’d like to be notified of outdated plugins proactively, even before Google Chrome has the need to use the plugin, install the optional Secbrowsing extension from Google.

Mozilla Plugin Check Page

Mozilla set up the Plugin Check page identify insecure plugins. The page works in Firefox as well as other browsers, and doesn’t require any tool installation. Mozilla provided some technical details regarding inner-workings of the server-side tool for those seeking additional information about it.

Qualys BrowserCheck

Qualys BrowserCheck is a free lightweight tool for scanning common browsers for vulnerable plugins. The tool needs to be installed locally, and is well documented by Qualys.

Secunia PSI

Secunia is well-known for Secunia PSI—a free local application to identify vulnerabilities in installed software. The tool is able to scan for not only insecure browser plugins, but also for vulnerabilities in other local software.

My Perspective

Secunia PSI rules when it comes to providing a comprehensive scan of local applications. In this, it exceeds the coverage of Qualys BrowserCheck, and would be my first choice if I were to install a scanner.

My kudos go to the Google Chrome team for building plugin-scanning capabilities directly into the browser. This approach has the potential of providing more complete and accurate results than the install-free Mozilla Plugin Check page, while providing the user with automatic alerting.

— Lenny Zeltser

Facebook users should beware the latest scam doing the rounds on the social network. A so-called opportunity to win free tickets with Southwest Airlines may look like a dream come true, but in fact is an opportunity for scammers to harvest your information.

Naked Security reader Wayne told us that he’d seen the messages being spread from the Facebook account of his daughter and her work colleagues, and further investigation found others users’ accounts being used to spread the scam links.

What’s interesting, as our friends at Facecrooks point out, is that the messages are being spread via comments on other users’ walls rather than as status updates.

Messages include:

sweet! i just got 2 free flight vouchers from Southwest Air to fly to any destination i can think of lmao! i didnt believe it would work but it was, got it here..[LINK] try for yourself i just figured i would share with everyone

hey, i got my free Southwest airfare from [LINK] u should submit for a your own pair while they are still offering them!

hi, i just got my free Southwest airfare from [LINK] you should claim your own pair while its still available!

Southwest is offering complementary flights..but for a short time only: [LINK]

wassup, i just picked up my free Southwest tickets from [LINK] you should request yours while its available!

If you do click on the links you’re taken to a webpage which looks like the genuine Southwest Airlines website, but instead urges you to connect with it via Facebook.

The offer of free tickets may have proven too attractive a lure, of course, and so you might agree to proceed – whereupon you are greeted with the all-too-familiar sight of a Facebook dialog asking for your permission to install a third-party application.

This rogue application can access your profile, and post messages from your account – allowing the scam to spread widely.

You’ll then be presented with a series of questions and offers, which scoop up your personal information. Would you be prepared to give this level of information about yourself to a complete stranger in the street? (Well, perhaps you would as the video we made on the roads of Bristol proved..)

But you shouldn’t be so keen to share your personally identifiable information, especially when you cannot be sure what is going to be done with it.

Will we see more of these air ticket-related scams in the future on Facebook? I would bet money on it. After all, everyone dreams of the idea of flying off somewhere without having to pay for the privilege. In the past, we’ve seen Facebook scams regarding free tickets with JetBlue and Delta Air Lines, so it’s not really a surprise to see the latest scam use a similar ploy.

If you have been hit by scams like this on Facebook, and are struggling to clean-up your profile, here’s a YouTube video I made which describes what steps you need to take:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 60,000 people regularly share information on threats and discuss the latest security news.

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.

There seems to be a rather nasty spamrun taking place on many .edu sites hosting forums at the moment. Filtering out lurid trackback spam and genuine .Edu articles about pornography in various search engines reveals pages and pages of forum spam, dubious keywords and sites that currently look like this:

Click to Enlarge

As you can imagine, the shot above is one of the tamer spamruns.

Elsewhere, you have the kind of pages that induce headaches for bloggers hovering their fingers over the “blank this out” key:

Click to Enlarge

Notice that 45 people have hit the “Like” button – I’m hoping those are spam accounts and not regular forum users.

Most of this seems to have kicked in since around the 4^th or 5^th of February, and there doesn’t seem to be much in the way of spam control or preventative measures going on right now so please be careful if looking around your University forums, official or otherwise. While not everything in the below screenshot is related to this spamrun, it should give you an idea of the kinds of things in circulation:

Click to Enlarge

The sites currently being targeted desperately need to take control of the situation – if things continue as they are, I can’t imagine many users being persuaded to stick around…

Christopher Boyd

A VPN can be a wonderful thing, if you have one. If not, there are a wide range of free / paid services out there – the problem is knowing which ones are legit and which ones, er, aren’t so legit. Another issue is that free / paid VPN services can vanish quite quickly – on any given list, you tend to find entries scored out or mentioned services flatlining without warning.

With that in mind, let’s take a look at a free service.

Click to Enlarge

The free trial plans sound good, fast server speed is always a bonus and MIA serverlogs / ISP logs ensure you’ll be flying under the radar with a total lack of personal information straying into parts unkno-

Click to Enlarge

…surveys? Offers? Downloads? Entering emails, zipcodes and more besides to access a “secret page”?

Click to Enlarge

Oh dear.

Signing up to Macbook competitions, gucci boot giveaways and sparkly Twilight graphics seems a little at odds with what’s on offer here, much like this example from a little while ago.

Is there anywhere a CPAlead popup doesn’t appear these days?

Christopher Boyd

If you’re using free WiFi hotspots to connect to websites like Facebook, you had best be careful.

A number of politicians in Missouri appear to have learnt that lesson the hard way – with five people on the House side of the Capitol reporting that they have had their Facebook accounts hacked since the beginning of the year.

And suspicious minds are leaning towards the theory that hackers took advantage of a free, open wireless network to sidejack state representatives’ Facebook accounts and post mischievous messages such as

"I love lobbyist! All the free food and stuff you get. This job is awesome!"

Victims who had their Facebook accounts hacked in January included Democrat Stacey Newman and Republicans Donna Lichtenegger and Dave Schatz. Lichtenegger says that on the day a hacker posted an unauthorised message from her account, she had used the House’s free public WiFi.

She later posted an apology on Facebook about the message which claimed she loved free gifts from lobbyists:

To my Facebook Fans, I want you to know that my Facebook page has been hacked today. As I was traveling back home this afternoon someone decided to hack into my Facebook and write this false statement about me liking lobbiest and getting lots of free food. First of all I'm not eating most of the food at the Capitol because I've plegded to myself to loose the freshman 15 instead of gaining. The last posting I placed was to let folks know how to recieve my Capitol Report. Sorry for the statement. Donna

Hmm.. she might do well to buy a dictionary.

Tools such as the Firefox plug-in Firesheep make it easy for anybody within range to jump onto your Facebook account if you’re using an unencrypted WiFi connection, for example at a coffee shop.

The victims of the current spate of Facebook hacking at the Missouri State Capitol building (three Republican legislators, one Democratic legislator and one Republican staffer) have all been using the free WiFi network provided for visitors and workers according to media reports, rather than a secure, encrypted connection.

Facebook recently allowed users to choose full SSL/HTTPS encryption throughout their session to stop accounts being compromised through unencrypted WiFi using tools like Firesheep.

Facebook hasn’t rolled out that functionality to every user yet, but I would recommend that every user enable it as soon as possible. Here’s a YouTube video showing you how:

_{(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like.)}

If you’re a user of Facebook, in addition to selecting the new HTTPS option, you also benefit from reading our guide on how to secure your profile.

And don’t forget to join the Sophos page on Facebook, where we regularly alert on the latest security threats on the social network.

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

Security start-up CloudPassage is offering two free services to protect cloud-based virtual servers by maintaining firewall policies and also checking for software vulnerabilities.

Full story: Network World on Security

Best free antivirus We’ve added lots of NEW freebies since we did the video! antivirus-software.tech.officelive.com UPDATES: www.youtube.com FREEBIES with tech support: antivirus-software.tech.officelive.com What is the best free antivirus software? As we mentioned in the video, the best free antivirus software is actually a combination of several different free software programs. If you combine the right programs, you will have a good level of protection for your computer. The free software will protect you from virus, malware, spyware, hackers, phishing, scams, fraud web sites, and a lot more. All of the freebies on our list will give you real time protection against threats both known and unknown. In order to give your computer a high level of protection, you need the following: (1) antivirus (2) antispyware (3) firewall (4) secure web browser (5) anti-hack tool (6) fraud, scam, and phishing filter (7) a good sandbox to isolate your browser and other programs while they are running.. We are only going to recommend the very best free antivirus software and security tools. All of these are ones that we have tested and we know that they work. Be sure to un-install any antivirus or antispyware software you currently have on your computer before you install anything from the list. Here are the freebies: 1. Antivirus: Avira or Avast. 2. Antispyware: Malwarebytes or Spyware Doctor. 3. Firewall: Zone Alarm or PC Tools Firewall Plus. 4. Secure web browser: Explorer 8 and/or …

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

This seems to be circulating through the Facebook pages of people with Indian names. Clicking on the numerous Facebook “like” mechanisms would of course spread this thing pretty quickly

The whois information for the connected web site shows it was set up last week with a service provider in Delhi.

(Click graphic to enlarge)

(Click graphic to enlarge)
 

(Click graphic to enlarge)

   Sharing it and “liking” all the buttons on the page results in lots of stuff being sent to your friends such as:
 

(Click graphic to enlarge)
Which, of course they can share (spam) with their friends:

(Click graphic to enlarge)

The collection includes one of those “whose spying on you?” scams.

(Click graphic to enlarge)

And a great tool bar for “Bible enthusiasts” which is installed by a Trojan:

Tom Kelchner

Full story: GFI Labs blog

If you are enthusiastic about VIPRE, you might consider nominating it in About.com’s 2011 Readers’ Choice Awards.

The awards will highlight the best products, features and services in categories including technology, hobbies and parenting. About.com will be accepted the nominations from Jan. 13 to Feb. 4 at 11:59 p.m. (Eastern.) Nominees will be named Feb. 11 and winners will be announced March 15.

About.com gives no prizes, “…just the bragging rights that come with getting recognized by the readers of one of the biggest networks on the web,” they said.

Tom Kelchner

Full story: GFI Labs blog

An update to the good old Flash Player is being pushed by s[c-p]ammers: officialversion.ru/flash/promo/index.asp?aff=11677&camp=esp2_flash_wed How about charging you for something that is free? Supercharge my wallet yeah… The site also charges for other free pieces of software, like OpenOffice… I always believed the best things in life were free… But I guess cyber crooks believe [...]

Full story: Malware Diaries

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

As mentioned in my previous blog, my cell phone was malfunctioning. When it returned to me repaired of course it was completely empty and you have to install all the applications and gadgets again. A favorite website for smartphone-gadgets is XDA Developers.

XDA’s forum is rather popular with smartphone users as it contains most likely the most information, gadgets, themes, software, etc for these phones. And as usual, with popular websites/forums, you will get one additional free item: free online advertisements to watch on every screen.

As a Trekkie I do like to tweak my phone to make myself a federation associate (or so I think). When I went to the XDA forum to download the LCARS Boot Animation, I found an online advertisement that is a nice example of social engineering (and of course not the way an advertisement should be, nor should be clicked on).

As I really would like to have this an animated bootscreen again, I will have to download it. How many people would be tempted to press this big blue blob saying DOWNLOAD, conveniently pointed out by a large green arrow. There is no accompanying text, actually is does not even mention it is an advertisement at all (this is something to improve for the XDA-developers website owners). If you are a frequent visitor and user of XDA, you know that the content that can be downloaded is attached to the messages in the forums.

Ignorantly clicking the big blue blob saying DOWNLOAD you will be redirected to another website that shows similar social engineering tricks. I have removed the name of the website as I think we should not promote this way of distributing their goodies.

Now it is about Phone Screen Savers that I can download for free. Oh no, wait, social engineering. I can easily find them. The Download Free will install something

All it turns out to be is a SearchToolBar.

Social engineering and advertisement of course have been partners in crime for a long time. It has moved from suggestive advertisements in magazines and on radio and television to socially engineered advertisements on the internet, with one goal only: for you to click the advertisement and end-up on the advertiser’s website, so you can buy their products or services. Everytime I see such online advertisement, the first thing that comes to my mind is:

And ehhh… Honestly… Who clicked on the Download Button above??? Do I have to check the weblogs???

Full story: Norman’s security blog

If you’re looking for high-quality free software, here are some of 2010′s best-reviewed and most-popular programs from our Downloads library.

Full story: Network World on Security

To provide free antivirus security means making the product available for people to download.  Obviously, the number of downloads is then a good indication of how popular the product is (well, it needs to be taken with grain of salt… there is more to it than just one number … but it’s a good indication, nonetheless )

First, we got a note from CNet a week or so ago that avast! was the 2^nd most-downloaded antivirus on download.com in 2010 (behind AVG).  Moreover, avast! has the highest editors’ and users’ ranking, which naturally put smiles on our faces.  Download.com is the single biggest downloading site in the world, so to be second there is a great achievement. (BTW, all the best to AVG for the top spot and we hope we will switch places with them this year )

Yesterday, a story from PC World popped-up via the alert notification… advising users “…looking for high-quality free software…“ to check out the “…best-reviewed and most-popular program…”. Yes, avast! Free Antivirus is their TOP choice and download for 2010.  Thank you, PC World!

Btw, both articles are here:

http://download.cnet.com/8301-2007_4-20024438-12.html

http://www.pcworld.com/downloads/collection/collid,1660-order,4/files.html

That got me thinking:  how did we do overall in 2010?   Download.com is the biggest and PC World is certainly influential, but there are more downloading sites out there.  Aside from Download.com, we monitor and have the stats for:   Softpedia.com, Brothersoft.com, Softonic.com, 01net.com in France, Html.it in Italy,   Chip.de in Germany, Dobreprogramy.pl in Poland, Softportal.com in Russia, Superdownloads.com.br and Baixaki.com.br in Brazil, and several others in smaller countries.

In total, we did really well in 2010! Combining all downloads from the sites we measure,  avast! is the MOST downloaded free antivirus with a total of 141,320,488 downloads.   AVG came second with 132 million, followed by 105 million downloads of Avira.

Not a bad year

Full story: avast! blog

A scam targeting women on Facebook is spreading very rapidly across the social network, pretending to offer free makeup.

If you see a message like the following being posted by one of your Facebook friends, do not click on the link.

anyone want some free makeup? ive just ordered mine for free and i thought i would post it here before the offer runs out. its stuff like mac, maybeline, estee lauder etc! The site is: [LINK]

Of course, many women on Facebook might be tempted by the offer of free makeup and (without thinking about the possible consequences) click on the link, especially as it appears to have been shared with them by one of their online friends.

If so, they will find that they are taken through a sequence of pages which encourage you to give permission for a rogue application to access your Facebook profile.

Once the third party application has been given permission to access your Facebook information and post messages to your wall, you have walked straight into the scammers trap.

Without your knowledge, they are already posting messages on your Facebook wall spreading the advert for the “free makeup” virally to others on the social network. They are even sending specific messages to your Facebook friends, encouraging them to also take advantage of the free makeup offer.

Here’s what I saw when I deliberately permitted the application to access a test account I own on Facebook (which is only connected to other test accounts – I didn’t want to pass it on to any real Facebook users!):

As you can see one of my “friends”, Susan, has been deliberately targeted by the rogue application which posted a message to my account referring to her. If Susan were a real person she might well be tempted to click further for the free makeup offer.

So, why are the scammers doing this? Well, they want your real email address and phone number. They also want you to complete an online survey which will earn them some commission.

Scams like this need to be killed off, but Facebook seems to be having a bad time stopping them at its end. What’s needed is for more people to be skeptical about such offers, and always be suspicious whenever a third party application requires to access their profile without a legitimate requirement.

If you’ve been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.

And don’t forget to warn your friends about scams like this and teach them not to trust every link that is placed in front of them. You can learn more about security threats by joining the thriving community on the Sophos Facebook page.

Hat-tip: Thanks to Naked Security reader Dave for bringing our attention to this scam. If you have something that you’d like us to investigate, email us at tip@sophos.com

If the news of Firesheep–a simple Firefox extension that allows anyone to hijack social networking or webmail sessions over unprotected WiFi networks–has you worried, a free tool to protect you from Firesheep and its ilk released today by the Electronic Frontier Foundation is for you. –
John P. Mello Jr. on Network World on Security

This video is brought to you by: www.pcmichiana.com Spyware Terminator has been around for quite some time. In this review and quick installation video, I will walk you through all of the features included in this free software package that will help protect your system in real time from spyware infections. It gives you the option to enable virus protection, but that is better left with the experts over at Avast! antivirus instead. This is again, a completely free piece of software for personal use. You cannot use it for commercial use if you want to use the free version, you must buy a license if you wish to do so. Enjoy!

Clip 6/7 Speaker: Nguyen Anh Quynh (Researcher, Japan National Institute of Advanced Industrial Science and Technology) This talk presents eKimono, a new malware scanner for Virtual Machine (VM). By putting eKimono outside of the protected VM, we can fix, or raise the bar in other cases, the most significant flaws in the legacy anti-malware solutions. Advantages offered by our scanner include, but not limited to, the followings: firstly, eKimono is tamper-resistant against malware inside VM, even if the malware compromises the VMs kernel. Secondly, it is harder to be fooled, because eKimono does not rely on the services provided by VM. Last, but not least, our scanner is invisible from VM, so that malware inside never know that they are being monitored. The architecture and implementation of eKimono will be discussed in length. We will show how our scanner easily supports hypervisors like Xen, KVM and QEMU out-of-the-box. The talk will also demonstrate that it is trivial to support other types of VM, such as VMWare, thanks to its extremely flexible design. Technically, eKimono is a top component of a multiple framework architecture. The talk analyses all the layers and explains how we solve challenges in designing and implementing eKimono. The extended application of the below layers is also examined to prove that our frameworks are not just useful for eKimono, but can also be the base to create many new tools, such as such as live memory forensic and VM administration …

Microsoft is now offering free Symantec security software to small businesses for a limited time, through retailer PC Mall, following some grumbling in response to the free distribution of its own security software.

Source: Computerworld Security News