Posts tagged as:

toolbar

Google Says Hundreds Of Gmail Accounts Hijacked

Google Gmail Hacked

Google Gmail Hacked

An attack from China has affected hundreds of users, including senior U.S. government officials, Chinese political activists, officials in several Asian countries such as South Korea, military personnel, and journalists.

Google has detected a campaign to gather Gmail account credentials that appears to originate from Jinan, China, and is warning users to take a few minutes to review their security settings.

Eric Grosse, engineering director for Google’s security team, said in a blog post that hundreds of users have been affected, including senor U.S. government officials, Chinese political activists, officials in several Asian countries such as South Korea, military personnel, and journalists.

“The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings,” Grosse said.

By changing these settings, which are only evident through the appropriate Gmail Settings tab page, the attackers could generate copies of incoming and outgoing email that would be forwarded without the account holder’s knowledge.

Google declined to provide further details or information about those it believes may be behind the attack.

In January 2010, Google reported that it had uncovered “a highly sophisticated and targeted attack on our corporate infrastructure originating from China.” Google said at the time that it had reason to believe that one of the main goals of the attackers was to compromise the Gmail accounts of Chinese human rights activists.

In that respect, the attack was not very successful: While Google acknowledged that the attackers had stolen unspecified intellectual property, it stressed that only two Gmail accounts appeared to have been accessed.

Jinan, capital of Shandong Province in Eastern China, happens to be the location of the Lanxiang Vocational School, one of the two Chinese schools linked to the 2010 attack against Google.

An October 2009 report on Chinese cyber espionage prepared by defense contractor Northrop Grumman said that the Chinese military maintains at least six technical reconnaissance bureaus for gathering cyber intelligence in the Lanzhou, Jinan, Chengdu, Guangzhou, and Beijing military regions.

The current attack differs from the 2010 attack in that it doesn’t involve a vulnerability in Google’s infrastructure; it is simply a phishing campaign to dupe users into revealing their Gmail login credentials.


Google said that it detected the phishing campaign through its cloud-based security and abuse detection systems, through the reports from users, and through a report published in February on the Contagio blog, a collection of malware samples and threat analysis. The company said it has notified victims and the relevant government authorities.

Google is advising Gmail users to consider steps to improve the security of their accounts. The company recommends using two-factor verification, using a strong password, only entering account information at the proper Google domain, checking Gmail settings for unknown forwarding addresses or unauthorized account delegation, watching for suspicious account activity warnings, using Google Chrome, and reviewing security education materials available online.

{ Comments on this entry are closed }

Google, Yahoo, And MySpace Ads May Infect Computers

Infected Search?

Infected Search?

Antivirus company Avast alleges that ads served by companies such as Google, Yahoo! and Fox, and published on websites such as the New York Times and TechCrunch, have included bad software that could infect your computer.

Users don’t even have to click the ads to be affected. Their browser gets infected just from loading the ads. CNet has the story.

The report allegs these companies’ ad platforms include exploits that allow malicious hackers to run a JavaScript exploit called JS:Prontexi.

Prontexi is a Trojan horse targeting Windows machines that looks for further vulnerabilities in software such as Adobe’s Reader and Acrobat, Java, QuickTime and Flash. It pops up fake antivirus warnings to trick you into installing further malware. The malware started spreading in late December. Since then, Avast has found it has infected more than 2.6 million computers. Almost 530,000 of those were from Yield Manager and more than 16,300 from DoubleClick.

The worst affected are Yahoo!’s Yield Manager, Fox Audience Network’s Firmserve.com and Google’s DoubleClick. Together, these networks serve over 50% of all internet ads. DoubleClick has been the least affected and Google has been the fastest at tackling the problem, according to CNet and Avast.

A Yahoo representative confirmed the report and said it was investigating the situation, but didn’t provide much information. “We have identified the creatives in question and are working to make sure they been deactivated in our system,” the company said in a statement.

“Yahoo is deeply committed to providing a high-quality experience for users, advertisers, and publishers. We expect our members to support and abide by our standards and guidelines around acceptable ad content and behavior,” the statement said. “On the rare occasion that an ad is served that is in conflict with our expectations and guidelines we take action to remove it as quickly as possible.”

A Google spokesman said the company had discovered malware in ads from DoubleClick on its own and halted them. “In this case, we stopped several of the ads in question on the same day, independent of this report,” he said.

{ Comments on this entry are closed }

Spread Firefox Co-Founder Slams Tech Giants for Stealth Plug-Ins

Spread Firefox's Asa Dotzler

Spread Firefox's Asa Dotzler

Asa Dotzler, co-founder of the Spread Firefox project, is more than a little miffed at Apple, Google, Microsoft, and RockMelt for installing plug-ins into Firefox without first asking for permission from Web surfers.

Dotzler made the stealth plug-in discovery when he installed software like Apple iTunes, Google Chrome, and Windows Live Photo Gallery.

“When I installed iTunes, in order to manage my music collection and sync to my iPod, why did Apple think it was OK to add the iTunes Application Detector plug-in to my Firefox web browser without asking me?” he asked in a blog post.

“Why did Microsoft think it was OK to sneak their Windows Live Photo Gallery or Office Live Plug-in for Firefox into my browser (presumably) when I installed Microsoft Office? What makes Google think it’s reasonable behavior for them to slip a Google Update plug-in into Firefox when I installed Google Earth or Google Chrome (not sure which one caused this) without asking me first?” he asked.

Firefox stealth plug-in and extension security issues

Microsoft, Google and Apple install plug-ins without user's permission

Dotzler compared the companies to those that manufacture malware, as a secondary software installation occurred without user permission.

“These additional pieces of software installed without my consent may not be malicious but the means by which they were installed was sneaky, underhanded, and wrong.”

The Firefox advocate had some strong advice for the offending companies. “Microsoft, stop being evil. Apple, stop being evil. Google, stop being evil. And you upstarts like RockMelt, don’t follow in those evil footsteps.”

RockMelt, Microsoft, and Apple did not immediately respond to a request for comment. A Google representative said the Firefox browser plug-in is simply Google Update, which automatically pushes software updates to Google products. The representative stated that Google utilizes this method as a non-intrusive way to deliver updates, and that it doesn’t constantly run, eating up CPU resources.

Update: A Microsoft spokesperson replied to our inquiry with the following statement: “We use web/open standards where possible. To reach as many customers as possible with our web experiences, we use HTML/JS/CSS and try to avoid plug-ins. Office Web Apps are a great example of this. Sometimes we need plug-ins to enable key features. For example, Silverlight improves animations in PPT web app, Office 2010 plug-in lets people switch from web editing to Office 2010 on the desktop to do video editing etc.”

Dotzler’s blog post was first reported by The Register.

{ Comments on this entry are closed }

Some Symptoms of Spyware, Adware and Malware Infection

Symptoms of Spyware

Symptoms of Spyware

The symptoms of a malware infection vary.

Your web browsing speed may be slow. Your computer,  in general,  may be slower that it was and may take much longer to start up than it used to.

It is likely Internet Explorer is modified.  Your homepage and/or search page may be changed,  new favorites that you didn’t create may appear, a new toolbar may appear or you may end up at unknown web sites when you try to do a search.

To prevent you from undoing the browser modifications made by a malware program,  some of them remove or disable the Internet Options from the Tools Menu and from the Control Panel.   If you try to reset your home page and can’t,  it’s likely due to malware.  If you can’t get to anti-virus or security web sites,  but can get to other web sites,  it’s likely due to malware.

Adware will bombard you with pop-up ads. More malicious programs serve up a constant barrage of ads for pornographic web sites.   That’s on top of the pop-ups from the web sites you’re viewing.   If you see pop-up ads even when you are offline,  it’s due to malware.

Actual Spyware (as opposed to other malware) has to phone home to report what it found.   If your firewall provides outbound protection you may see the ‘phone call’ and be able to stop it.

Malicious software may also shut down or disable your anti-virus program or your firewall program. It may prevent the normal activity of your anti-Spyware software.   It may prevent you from accessing Task Manager or msconfig or regedit.

Adware programs may create new icons on the Windows desktop,  task bar,  or system tray.   They may also create popup windows that you are unable to close.   If your computer mysteriously dials the phone on its own,  it may be infected with a porn dialing program.

Once it is installed on the user system,  it’s difficult to uninstall,  you can’t run Windows updates anymore or install other antivirus products. A rise in fake antivirus offerings on Web sites around the globe shows that scammers are increasingly turning to social engineering to get malware on computers rather than exploiting holes in software.   Fake antivirus is easy money for scammers.

from » http://www.michaelhorowitz.com

Need help with virus and malware removal? Have questions about computer cleanup and system optimization? You can contact me here.

{ Comments on this entry are closed }