Posts tagged as:

anti-virus

How a free breakfast day at McDonalds can lead to malware danger

McDonald's Meal Malware

McDonald's Meal Malware

I don’t know if you’re the sort of person who wakes up in the morning, and the first thing you long for is a McDonalds’ breakfast – but if you are, you might just be exactly what malware authors are looking for.

Researchers at SophosLabs have seen a malicious email that has been spammed out across the world in the last couple of days pretending to come from McDonalds.

The email claims that the fast-food giant is offering free breakfasts in each and every of their many thousands of restaurants around the globe. Chances are that there are many people who would love the prospect of munching on a McDonalds first thing in the morning.

McMalware Email

McMalware Email

Part of the email reads as follows:

McDonalds invites you to The Free Breakfast Day which will take place on 26 June, 2011, in every cafe of ours.

Free Day’s menu!
- Ranch Snack Wrap (Crispy)
- Chicken Selects Premium Breast Strips
- Premium Caesar Salad with Grilled Chicken
- Strawberry Triple Thick Shake
- McCafe Hot Chocolate

Print the invitation card attached to the letter and show it at the cash desk of any of our restaurants.

But beware! There is no such thing as a free lunch… or breakfast.

The attached file is, of course, malicious. Sophos detects the ZIP file as Troj/BredoZp-DV and the Invitation_Card.exe file contained within as the Troj/Bredo-HU Trojan horse.

In an attempt to fool computer users into believing the file is safe, the EXE file has a Word icon.

Don’t forget – you should always be suspicious of unsolicited attachments sent to you via email!

http://nakedsecurity.sophos.com/2011/06/21/free-breakfast-day-mcdonalds-malware/

{ Comments on this entry are closed }

The Best Antivirus Software in 2011, According to PC Magazine

The Best Antivirus Software in 2011

Best Antivirus Software, 2011

Antivirus vendors have included “2011″ in their product names since the summer of 2010. Now that the year 2011 has actually arrived it’s time for a new look at the whole collection. Several of the latest additions attempt to crank up protection by running two different antivirus engines, and some actually succeed. This batch also brings a new Editors’ Choice for free antivirus and a new shared Editors’ Choice for commercial antivirus.

As always, when I say “antivirus” I mean a utility that protects against all kinds of malicious software, not just viruses. Trojans, spyware, rootkits, keyloggers, adware, scareware – a proper antivirus must handle all of these.

Standalone or Suite?
Many of this year’s products blur the line between standalone antivirus and security suite. In the past the presence of a personal firewall has been one defining suite element; not any more. There’s a fully-functional firewall inside Panda Antivirus Pro 2011. eScan Anti-Virus 11 and McAfee AntiVirus Plus 2011 also offer firewall protection. Norton AntiVirus 2011 doesn’t include a complete firewall, but its intrusion prevention feature is more effective against exploits than most full-blown suites.

Spam filtering is another component typically found in a suite. The spam filter built into BullGuard Antivirus 10 is reasonably accurate and unusually helpful at setup time. eScan also offers a spam filter, but it’s not something you’d want to inflict on your Inbox.

StopSign Internet Security 1.0 includes an optional firewall with spam filtering built in. None of the independent labs have tested it, though, and its performance in my own malware blocking and removal tests was so poor that I didn’t bother evaluating those optional features.

BitDefender Antivirus Pro 2011 offers full remote management of other BitDefender installations across the network. McAfee can monitor other installations remotely and fix problems. Panda and Norton can at least let you know when another installation has problems, though they won’t fix those problems remotely.

BitDefender includes a very effective phishing prevention tool, as does G Data AntiVirus 2011. The LinkScanner component in AVG Anti-Virus Free 2011 also works to block phishing sites, as does McAfee’s SiteAdvisor. AVG and Norton both scan the links on your Facebook pages to protect you from Facebook scams and viruses. BitDefender and Kaspersky Anti-Virus 2011 both check your system for security vulnerabilities, though BitDefender takes the concept a bit farther.

Outpost Antivirus Pro 7.0 and BitDefender can block transmission of user-defined private data, a feature usually found only in suites. Ad-Aware Pro Internet Security 9.0, AVG, Kaspersky, and McAfee will tune system performance and wipe out traces of computer and Internet use. Sometimes it’s hard to remember that the product is “only” an antivirus, not a full suite.

The true standalone antivirus isn’t dead, however. For example, F-Secure Anti-Virus 2011 sticks to the business of virus protection without any sign of morphing into a mini-suite.

Twin-Engine Trend
Several late-season additions aim to double your protection by using two antivirus engines, with varying degrees of success. G Data’s dual scan doesn’t take much longer than the average single-engine product, and it includes powerful phishing protection. However, it doesn’t thoroughly clean up the threats it detects, and a failed cleanup effectively killed one test system. TrustPort Antivirus 2011 ran a bit slower than G Data and failed significantly in my testing. After its alleged removal some threats were still running. In the malware blocking test a few threats that it claimed to block managed to install and launch anyway.

Double Anti-Spy Professional v2 turned in the best performance of the twin-engine antivirus tools. It scans first with one engine, then with the other, and it also requires two separate updates. It’s noticeably slow, but effective enough that it’s worth waiting for.

Adjustable Interfaces, Built-in Support
Some users want to hear about every little security event, but most prefer a product that just does the job, without making a fuss. Ad-Aware Pro appeals to both with a choice of simple or advanced mode. BitDefender goes even further. Not only can its users choose basic, intermediate or expert view, they can build a personal collection of their most-used tools.

Webroot AntiVirus with Spy Sweeper 2011 totally focuses on keeping everything as simple as possible. It updates automatically, scans while the system is idle, and interacts with the user through a completely redesigned interface. All the detail a tech-savvy user might want is available, but hidden when not needed.

The user interface for Trend Micro Titanium Antivirus + 2011 discards the standard landscape-orientation window for a skinny vertical panel that takes up minimal space. McAfee, too, has switched to a vertical interface.

Norton reserves a panel across the bottom of its main window for interaction and communication with other security components. Initially the panel shows an interactive world map of security activity, but it can also connect with Norton Safe Web for Facebook or with your Norton Online Backup account.

Built-in and automated support features grace many of these tools. BitDefender includes a search box for help topics right on its main screen; a built-in tool will gather system information and contact an agent for chat-based support. Norton’s one-click support system gathers diagnostics and offers relevant FAQs or chat-based support. Kaspersky’s built-in support tool can send diagnostic reports to the company and process purpose-built scripts to fix specific problems. Panda’s PSCAN lets remote analysts request samples and push fixes without requiring full chat-type interaction. BullGuard offers built-in access to e-mail and live chat support with a message center to manage your support interactions. eScan links to live chat and online help.

[click to continue…]

{ Comments on this entry are closed }

Top 10 Security Threats for 2011

Top Ten Security Threats - 2011

Top Ten Security Threats

Imperva announced their predictions for the top ten security trends for 2011 which have been compiled to help IT security professionals defend their organization against the next onslaught of cyber security threats.

The trends have been detailed below:

1. Nation-sponsored hacking: When APT meets industrialization
Nation-sponsored hacking specifically-targeted cyber attacks will incorporate concepts and techniques from the commercial hacker industry. These campaigns will contain a different malware payload than the traditional attacks conducted for monetary gain. However, these attacks will use similar techniques. These Advanced Persistent Threat (APT) attacks will borrow techniques, such as automation and viral distribution, making them all the more powerful and potentially more successful. An example of such an attack is Stuxnet, which was not searching for data to monetize, rather it was focused on gaining control of crucial infrastructure.

Both classes of attack (hacker industry and APT) are going to use some of the same techniques so some security controls are applicable to both. On the positive side, given you’re covered against the cyber mafia you should have some of the controls to be protected from certain APT attacks. As APT is persistent, if a certain attack does not succeed, another one will come into play. The traditional security controls do not deter these relentless, state-sponsored hacker organizations. For the enterprise as well as government, this means increasing monitoring of traffic and setting security controls across all organization layers.


2. The insider threat is much more than you had imagined
In this upcoming year, we expect to see a growing awareness to security incidents of an “insider job” nature. Attention will grow as a consequence of an increased flow of incident reports where data theft and security breaches are tied to employees and other insiders. The cause of this trend will be the emphasis put on new regulations covering the act of notification and disclosure (rather on the actual protection of data).

To deter insider threats, organizations should therefore:

  • Enforce access controls such that access is based only a business need-to-know level. This includes eliminating excessive privileges.
  • Provide the proper access auditing tools to data centers. These auditing tools should monitor who accesses what data

3. Man in the Browser attacks will man up
Man in the Browser (MitB) attack sophistication is going to increase, as well as moving forward to more types of online applications. As a consequence, more online service providers are going to include this in their list of priorities for 2011, shifting the responsibility for mitigating the risk from the consumers to the service providers.

While avoiding infection by proxy Trojans is presumably the responsibility of consumers, MitB attacks are quickly becoming a concern of online service providers. The actual rate of infection and the proliferation of the many types of MitB malware suggest that providers must be able to serve (and protect) customers who might be infected with one type of malware or another. Just as the evolution of vehicle safety drove manufacturers to include device such as ABS, Air Bags and ESP, rather than rely on us to drive carefully, so will online service providers need to invest in mechanisms that allow them to conduct business with allegedly infected consumers. Among the technologies that we foresee as helpful are strong device identification, client profiling, fast security code evolution, session flow tracking and site-to-client authentication.

[click to continue…]

{ Comments on this entry are closed }

Fake AV, SEO Poisoning Top Malware Threats

ZDNet's Scareware GuideAttackers increasingly focused on fake antivirus and black-hat SEO techniques to target victims on the Web in April.

The volume of malware continued to increase in April as online scammers and malware distributors took advantage of major events according to security experts. Fake antivirus software and poisoned image search links were particularly prevalent in April.

There were over 73,000 new variants of malware released daily in April, a 26 percent increase over April 2010, GFI Software found in its monthly analysis released May 16. Cyber-criminals exploited several high-profile events, including the U.K. Royal Wedding of Prince William and Kate Middleton, the Easter holiday, the anniversary of Yuri Gagarin becoming the first man in space and the release of President Barack Obama’s birth certificate.

Seven of the top 10 malware threats were Trojans, according to GFI’s top 10 malware list for the month. Trojan.Win32.Generic!BT, a generic malware classification that encompasses a variety of Trojans, continued to be the biggest threat, accounting for over 20 percent of total malware detected. The Zeus/Spyeye Trojan and fake antivirus were also part of the top 10. [click to continue…]

{ Comments on this entry are closed }

Symantec claims spam continuing its downward spiral

Symantec Security

The latest state of spam and phishing report from Symantec claims to show that spam levels are continuing to fall in the wake of the takedown of the Rustock botnet back in March of this year.

The report appears to confirm reports from the BBC and security researcher Brian Krebs, although the slightly bad news is that phishing volumes appear to be up.

Delving into the statistics from the report shows that March spam dropped by 27.4% in that month, along with a further drop of 5.4% in April.

This means that spam now accounts for 74.8% of all email messages – a significant drop on the 89.2% figure noted in April last year, Infosecurity notes.

Phishing levels, however, rose by 15.6% in April says Symantec, noting that this growth was fuelled by a rise in phishing websites created by attack kits, which increased by 26.2%.

According to the security vendor’s report, many of the phishing attacks seen exploited the death of Osama bin Laden and spoofed legitimate media brands as the source to create trust and a feeling of authenticity.

These attacks, notes the report, attempted to trick users into clicking on links that supposedly led to uncensored photos and videos from the raid but instead pointed to malicious files or poisoned web pages.

Phishing attacks do appear to be taking over from spam, as the report notes that phishing emails that used unique URLs increased by 12.3% during April.

Phishing websites with IP domains instead of alphanumeric ‘regular’ web addresses, also increased slightly during April by about 5.5%, and web hosting services comprised 12.0% of all phishing, a massive increase of 10.3% from the previous month.

Interestingly, Symantec found that 89.0% of the phishing sites were hosted on free web hosting sites, whilst 13.0% were typosquatting – typosquatting refers to the practice of registering domain names that are typo variations of popular websites.

{ Comments on this entry are closed }

How to Recognize a Fake Virus Warning

Watch out for fake anti-virus alerts

Scareware: FBI Warns That Those Pop-Up Security Warnings Pose a Threat to Your Computer

I have a friend in the real estate business who told me that he wanted to pick up his computer and hurl it through a window.

The cause of his frustration was an incessant series of pop up messages on his computer screen that warned he had a virus on his computer. He could not figure out how to make the pop ups go away and eventually his computer ceased working.

He presumed that the warnings were legitimate, but he later learned that he was the victim of “scareware.”

He didn’t know that the FBI put out a warning this month about the threat of pop up security warnings.

The FBI states that pop up messages claiming that you have a virus and you are in need of anti-virus software may, ironically, actually contain a virus that could harm your computer, cause costly repairs or, even worse, lead to identity theft.

The FBI states that those pop up messages contain “scareware”, fake or rogue anti-virus software that looks authentic, but they are not.

Scareware is sold to unsuspecting computer users who fear viruses on their computers. The scareware is either useless or contains damaging malware programs. The cyber criminals convince users that he or she has a virus that has infected their computer and then offers anti-virus software to remove it. The virus does not in fact exist until the user downloads the scareware
The term scareware describes software products that often generates a bombardment of pop up warning messages that makes using your computer difficult.

The message may display what appears to be a real-time, anti-virus scan of your hard drive. The scareware will show a list of reputable software icons; however, you can’t click a link to go to the real site to review or see recommendations. The FBI says that cyber criminals use botnets —collections of compromised computers — to push the software, and advertisements on websites deliver it. This is known as malicious advertising or “malvertising.”

Once the pop-up warning appears, it can’t easily be deleted by clicking on the “close” or “X” buttons. If you click the pop-up to purchase the software, a form to collect payment information for the bogus product launches. In some instances, the scareware installs malicious code onto your computer, whether you click the warning or not. This is more likely to happen if your computer has an account that has rights to install software.

The FBI says that downloading the software can result in viruses, malicious software called Trojans, and/or keyloggers— hardware that records passwords and sensitive data —being installed on your computer. This malicious software can cause severe damage and the inability to use your computer.

The Federal Trade Commission (FTC) notes that the scareware scam has many variations, but there are some telltale signs. For example:

  • You may get ads that promise to “delete viruses or spyware,” “protect privacy,” “improve computer function,” “remove harmful files,” or “clean your registry;”
  • you may get “alerts” about “malicious software” or “illegal pornography on your computer;”
  • you may be invited to download free software for a security scan or to improve your system;
  • you could get pop-ups that claim your security software is out-of-date and your computer is in immediate danger;
  • you may suddenly encounter an unfamiliar website that claims to have performed a security scan and prompts you to download new software.

The FTC reports that scareware schemes can be quite sophisticated. The cyber criminals purchase ad space on trusted, popular websites. Although the ads look legitimate and harmless to the website’s operator, they actually redirect unsuspecting visitors to a fraudulent website that performs a bogus security scan. The site then causes a barrage of urgent pop-up messages that pressure users into downloading worthless software.

Fake anti-virus example screenshots

Example screenshots of fake anti-virus alerts

The FTC suggest that if you’re faced with any of the warning signs of a scareware scam or suspect a problem, shut down your browser. Don’t click “No” or “Cancel,” or even the “x” at the top right corner of the screen. Some scareware is designed so that any of those buttons can activate the program. If you use Windows, press Ctrl + Alt + Delete to open your Task Manager, and click “End Task.” If you use a Mac, press Command + Option + Q + Esc to “Force Quit.”

Lastly, make it a practice not to click on any links within pop-ups.

The FBI recommends that you take precautions to ensure your operating systems are updated and your legitimate security software is current. If you receive these anti-virus pop-ups, close the browser or shut down your computer system. Run a full anti-virus scan whenever the computer is turned back on.

Call me today at 262-203-4459 and I will clean up, tune up and speed up your entire system so your computer can run like new again. Guaranteed.

{ Comments on this entry are closed }

Watch Out For Fake Virus Alerts

Watch out for fake virus alerts

Watch out for fake virus alerts

Rogue security software, also known as “scareware,” is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions.

How does rogue security software get on my computer?

Rogue security software designers create legitimate looking pop-up windows that advertise security update software. These windows might appear on your screen while you surf the Web.

The “updates” or “alerts” in the pop-up windows call for you to take some sort of action, such as clicking to install the software, accept recommended updates, or remove unwanted viruses or spyware. When you click, the rogue security software downloads to your computer.

Need affordable virus and malware removal? Call me at 262-203-4459.

Rogue security software might also appear in the list of search results when you are searching for trustworthy antispyware software, so it is important to protect your computer.

What does rogue security software do?

Rogue security software might report a virus, even though your computer is actually clean. The software might also fail to report viruses when your computer is infected. Inversely, sometimes, when you download rogue security software, it will install a virus or other malicious software on your computer so that the software has something to detect.

Some rogue security software might also:

  • Lure you into a fraudulent transaction (for example, upgrading to a non-existent paid version of a program).
  • Use social engineering to steal your personal information.
  • Install malware that can go undetected as it steals your data.
  • Launch pop-up windows with false or misleading alerts.
  • Slow your computer or corrupt files.
  • Disable Windows updates or disable updates to legitimate antivirus software.
  • Prevent you from visiting antivirus vendor Web sites.


Rogue security software might also attempt to spoof the Microsoft security update process. Here’s an example of rogue security software that’s disguised as a Microsoft alert but that doesn’t come from Microsoft.

Example of a warning from a rogue security program known as AntivirusXP.

Example of a warning from a rogue security program known as AntivirusXP.

For more information about this threat, including analysis, prevention and recovery, see the Trojan:Win32/Antivirusxp entry in the Microsoft Malware Protection Center encyclopedia.

Here is the legitimate Microsoft Windows Security Center:

Screenshot of legitimate Microsoft Windows Security Center

Screenshot of legitimate Microsoft Windows Security Center

To help protect yourself from rogue security software:

  • Install a firewall and keep it turned on.
  • Use automatic updating to keep your operating system and software up to date.
  • Install antivirus and antispyware software such as Avast! Antivirus and keep it updated.
  • If your antivirus software does not include antispyware software, you should install a separate antispyware program such as Windows Defender and keep it updated. (Windows Defender is available as a free download for Windows XP and is included in Windows Vista.)
  • Use caution when you click links in e-mail or on social networking Web sites.
  • Use a standard user account instead of an administrator account.
  • Familiarize yourself with common phishing scams.

If you think you might have rogue security software on your computer:

Scan your computer. Use your antivirus software or do a free scan with Windows Live safety scanner. The safety scanner checks for and removes viruses, eliminates junk on your hard drive, and improves your PC’s performance.

Need help with virus and malware removal? Have questions about computer cleanup and system optimization? Call me at 262-203-4459. Or you can contact me here.

{ Comments on this entry are closed }

Windows 7 Service Pack Leaked

Windows 7 Service Pack 1 Leaked

Windows 7 Service Pack 1 Leaked

I ts release date is a month away but the first combined service pack for Windows 7 and Windows Server 2008 R2 is available as a torrent.

The first service pack (SP1) for Microsoft’s Windows 7 and Windows Server 2008 R2 products has been leaked onto the internet.

The beta had only been released to testers for a matter of days before it emerged as a torrent. But downloaders run the risk of malware and infections if they chose to take this route.

The SP1 build number is 7601.16562.100603-1800.

Microsoft confirmed the release of SP1 earlier this month but warned users there would be no major changes to the operating system.

“SP1 will simply be the combination of updates already available through Windows Update and additional hot-fixes based on feedback by our customers and partners,” wrote Gavriella Schuster, general manager of Windows at Microsoft, on the Windows blog.

“In other words, customers can feel confident about deploying Windows 7 now!”

So far SP1 is only available in English, German, Japanese, French and Spanish and if you want the genuine article, the release date is set for the end of July.

Microsoft also confirmed last week it had sold 150 million licences of Windows 7 since its launch eight months ago – equating to seven copies sold every second.


from » http://www.itpro.co.uk

Need help with virus and malware removal? Have questions about computer cleanup and system optimization? You can contact me here.

{ Comments on this entry are closed }

What is Fake AV?

What is Fake AV?

What is Fake AV?

Find out how criminals lure users to malicious sites and scare them into paying for fake threat removal tools.

What is Fake AV?

FakeAV, or Fake Anti-Virus, is one of the most frequently-encountered and persistent threats on the web. This malware, with over half a million variants, uses social engineering to lure users onto infected websites with a technique called blackhat Search Engine Optimization.


Once the FakeAV is downloaded onto the user’s computer, the software will scare them into believing their system is infected with threats that do not really exist, and then push users to purchase services to clean up the non-existent threats. The FakeAV will continue to send these annoying and intrusive alerts until a payment is made.

The great threat of FakeAV is the risk to victims’ personally identifiable information, which is extracted and exploited by the affiliate networks that publish this malware. [click to continue…]

{ Comments on this entry are closed }

Virus, Spyware and Malware Protection With Microsoft Security Essentials

Microsoft Security Essentials

Microsoft Security Essentials

Microsoft pulled the plug on Windows Live OneCare security suite before it reached version 3.

The company promised to replace it (sort of) with a slim, free tool specifically aimed at malware protection. To that end, Microsoft released Microsoft Security Essentials 1.0 late last year, offering consumers protection against malware, but in real-world testing it didn’t impress.

The 8.5MB download installs in about a minute, but its mandatory update of anti-malware signatures can take 10 minutes or more. After updates, the full installation occupied over 170MB of disk space—more than I expected. The installer necessarily turns on automatic updates, which may pose a problem for advanced users who want to control exactly when Windows installs those updates.

A spare, simple interface uses bright colors to reflect security status. When it turns red to reflect a problem, it also offers a big button to correct that problem. Configuration settings are minimal; about the only one you might want to change is the day and time for the weekly scan. When the real-time protection module detects a threat it shows a small pop-up in the bottom-right corner. You can click a button to deal with the problem quietly or click a link for as much detail as anyone could want.

Average Malware Removal

Getting the product installed on all my test systems took hours and hours, but the fault was mine, not Microsoft’s: I’ve been doing back-to-back suite reviews for months, and I let my test systems get behind on their Windows updates, so I had to bring them all up to speed before installing Security Essentials.

Malware acting as a proxy server blocked the update on one system. Downloading a self-installing update package on another computer solved that one. Many products will remove this proxy without correcting the system’s proxy settings, leaving it with no connectivity. Security Essentials removed the threat and fixed the proxy settings; I was impressed. Overall, the installations went smoothly.

The product’s beta version warned that a scan might take a few hours; the release version says a few minutes. It still took over an hour on many infested test systems. A full scan of my standard clean system took over 45 minutes, well over the 30-minute average. A repeated scan was no faster.

Microsoft has publicly warned about the growing problem of rogue security software, called “scareware.” PCMag.com broke out a separate score specifically for scareware samples and found that Security Essentials scored just 4.5 points, another below-average result.

Read more at PCMag >>>

About Microsoft Security Essentials

Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

Microsoft Security Essentials is a free download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.

Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times.

Learn More at the Microsoft Malware Protection Center

Find information, definitions, and analyses of all the latest threats that Microsoft Security Essentials can help protect you against in the Microsoft Malware Protection Center.

Need help with virus and malware removal? Have questions about computer cleanup and system optimization? You can contact me here.

{ Comments on this entry are closed }

← Previous Entries