Tag: malware

Discussing Cryptolocker and Internet of Things security on ABC Radio

This morning with Linda Mottram on ABC 702 I’ll be discussing Cryptolocker ransomware and the security of the Internet of Machines.

If you missed the program, you can listen to the segments through Soundcloud.

Tuesday morning with Linda Mottram on ABC 702 I’ll be discussing Cryptolocker ransomware, the security of the Internet of Machines and the tech industry’s call for less internet surveillance.

It’s only a short spot from 10.15am and I’m not sure we’ll have time for callers, but one of the big takeaways I’ll have for listeners is the importance of securing your systems against malware, there’s also some security ideas for business users as well.

We’ll probably get to mention the ACCC’s warnings on smartphone apps and the current TIFF bug in Windows as well.

If you’re in the Sydney area, we’ll be live on 702 from 10.15, otherwise you can stream it through the internet.

Potentially unwanted applications – what are we are installing on our smartphones?

Do we really understand what we are installing on our smartphones? Sophos Labs thinks potentially unwanted applications or PUAs are a growing problem.

One of the notable things about the technology industries is there are always new terms and concepts to discover.

During a visit to Sophos’ Oxford headquarters last month, the phrase ‘Potentially Unwanted Applications’ – or PUAs – raised its head.

PUAs come from the problem application developers have in making money out of apps or websites. The culture of free or cheap is so ingrained online that it’s extremely hard to make a living out of writing software.

As result, developers and their employers are engaging in some cunning tricks to get customers to download their apps and then to monetize them, particularly in the Android world which lacks the tight control Apple exercises over the iOS App Store.

“What’s interesting about Android,” says Sophos Labs’ Vice President President Simon Reed, “is it’s attracting aggressive commercialisation.”

The fascinating thing Reed finds about this ‘aggressive commercialisation’ is where the distinction lies between malware and monetisation and when does an app or developer cross that line.

Reed’s colleagues Vanja Svajcer & Sean McDonald explore where that line lies in a paper titled Classifying PUAs in the Mobile Environment which they submitted to the Virus Bulletin Conference last October.

In that paper Svajcer and McDonald discuss how these applications have developed, the motivations behind them and the challenge for anti virus companies like Sophos and Kaspersky in categorising and dealing with them.

The authors also flag that while the bulk of the revenue generated by these apps comes from advertising, there are serious privacy risks for users as developers try to monetize the data many of these packages scrape from the phones they’re installed on.

Svajcer and McDonald do note though that potentially unwanted applications aren’t really anything new, we could well classify many of the drive by downloads that plagued Windows 98 users at the beginning of the century as being PUAs.

What we do need to keep in mind though that what is driving the development of PUAs is users’ reluctance to pay for apps and that it’s going to take a big change in customer attitudes for this problem to go away.

For businesses, this is something managers are going to have to consider as they move their line of business applications onto mobile devices, as Marc Benioff proposed at the recent Dreamforce conference.

Sophos’ Simon Reed believes potentially unwanted apps won’t be such a problem in the workplace however. “Consumers may have a different tolerance towards PUAs than commercial organisations,” he says.

The prevalence of PUAs on mobile devices does underscore though just how careful organisations have to be with who and what can access their data. It’s another challenge for CIOs.

Social malware and cunning tricks

Malware writers are moving onto using social media apps to harvest addresses and personal information.

Last week an interesting media release from anti-virus company Bitdefender appeared in the inbox describing a tricky little scam that promises to change Facebook page colours but actually grabs a user’s information to set up fake blogs associated with the victim’s email address.

Those fake blogs in turn link to a working from home scam, the type which are becoming depressingly common online. No doubt the malware authors have some sort of interest in that scheme.

What makes this malware interesting is how it brings together a range of opportunities for the malware writer – social media, apps, data aggregation, identity spoofing and the Ponzi affiliate schemes that are prevalent as people try to find new ways to supplement their income.

Many people say “I’d never get caught by these scams” but the reality is the scammers are rat-cunning, if not clever. Assuming you’re immune to these because you’re too smart, or you use a Mac or there’s nothing of value on your computer is a risk in itself.

Here’s the media release from Bitdefender.

Google Chrome App grabs identities, forges blogs in victims’ name to promote scam

Bitdefender catches Facebook colour scam with both hands in cookie jar

SYDNEY/AUCKLAND November 19, 2012 – A Google Chrome app that promises to change the colour of Facebook accounts instead nabs authentication cookies and generates dozens of blogs registered to the victims’ Gmail address, in a new scam analysed by Bitdefender, the leading global antivirus company.

Once the malicious app is installed from Google’s Chrome Web Store, it starts displaying a large Google Ads banner redirecting users to a “work from home scam.” When clicking the sign-up link, users are redirected to a fraudulent website.

“Scammers gave a new twist to the old change-your-Facebook-colour scheme that’s been luring users to fraudulent websites to grab credentials and other sensitive data,” says Chief Security Strategist, Catalin Cosoi. “By creating dozens of blogs for a single account, the scam spreads like wildfire among Facebook friends.”

The blogs generating under the email address of the victims, which are used in further disseminating the scam, have registered a large number of hits among users in the US, the UK, Germany, Spain, Romania, and other countries.

The app can also post wall messages on the victims’ account. The messages use friend tagging to convince the victim’s friends to visit the blog domains. Each time the app posts on a users’ timeline, it links to one of the auto-generated blogs as to avoid blacklisting.

Bitdefender encourages users to use an antivirus solution and the free application Safego, which protects Facebook and Twitter accounts from scams, spam, malware and private data exposure.

ABC Nightlife: Apps down the farm

For the October ABC Nightlife spot we’ll be looking at how the agriculture sector is using smartphone and tablet computer apps

If you missed this program where we covered a wide range of subjects, you can listen to the ABC Nightlife podcast of the show.

Paul Wallbank joins Tony Delroy to discuss how technology affects your business and life.

This week we’re talking about how the agricultural industry are using smartphone apps and the web. A list of apps for farmers is available from the NSW Department of Primary Industry website.

We’ll also be looking at how machines are talking – in agriculture, the next generation of farm equipment will be sending data straight to the farmers’ tablet or laptop computer using the technologies we’re seeing in jet engines and other high tech equipment.

Connecting everything does come with risks. A US report found that networked medical equipment is rife with malware and the Defense Signals Directorate points out that out-of-date computer systems are one of the main causes of data breaches.

One of the things driving the apps world is cloud computing and Google have given a rare glimpse into the data centres that run their services.

Social media is one of the things that are driving cloud computing, but there’s traps for businesses in posting information about customers and staff. We’ll be looking at those as well.

We’d love to hear your views and comments so join the conversation with your on-air questions, ideas or comments; phone in on the night on 1300 800 222 within Australia or +61 2 8333 1000 from outside Australia.

Tune in on your local ABC radio station or listen online at www.abc.net.au/nightlife.

You can SMS Nightlife’s talkback on 19922702, or through twitter to @paulwallbank using the #abcnightlife hashtag or visit the Nightlife Facebook page.

Dealing with the DNS Changer Trojan

On Monday computers infected with the DNS Changer Trojan will stop surfing the net. Make sure you aren’t infected.

On Monday, thousands of computers around the world will be cut off the web as the servers behind the DNS Changer Trojan Horse are shut down.

The DNS Changer did exactly what the name says – it changed a computer’s Domain Name Service (DNS) settings so that all web traffic went through servers belonging to the virus writers.

Eventually the writers were caught and the computers were seized, in order to avoid disruption the servers were left running but they will be shut down on Monday.

On Monday, those computers still infected won’t be able to surf the net until the problem is fixed.

How Do I Know I’m infected?

As part of the Shutdown, the DNS Changer working group was set up. On their site they have a  detection tool website that will tell you if your computer is infected.

How can I fix the problem?

The easiest fix is with the Microsoft Malware Scanner which will check your computer for the DNS Changer virus along with other malware. If the scanner detects a problem it will remove the virus. IT Queries also have instructions on Removing A Trojan.

To prevent further infections, it’s necessary to install an up to date anti virus. A good free one is the Microsoft Security essentials tool.

The DNS Changer Trojan was very effective malware and it illustrates why computer users need to be careful of where they go on the mean streets of the Internet.

Malware’s third party path

How to take care in a changing world of cybercrime.

One of the few constants with computer security is that threats are constantly evolving.

Malware – malicious software like computer viruses, worms or Trojan horses – are the most common security threat the ordinary technology home or business users will encounter on their PC, laptop or smartphone.

During the big computer virus epidemic of the early 2000s the main target were Windows 98 or XP machine running Internet Explorer as these were so easy to infect.

Today, it’s harder to infect Windows systems and the malware writers have become more sophisticated in the tools and methods they use to catch victims.

Right now, we’re seeing the malware writers focusing on  weaknesses in third party software such as Java, Flash and Microsoft Office.

Mac users have been affected by the Flashback worm which used flaws in the Java computer program and now Adobe have released an emergency update to their Flash application to fill a security hole that could affect all operating systems.

Along with being more sophisticated in their methods, today’s malware writers are also more organised with real criminal objectives as opposed to the earlier generations that were derided as “script kiddies”.

So there’s real risks in not taking basic steps to protect your computer system.

Have the latest updates

When your system asks you if you want to install updates, do so. Both Macs and PCs have an automatic update function which you should enable and pay attention to.

Individual software packages like Java, Flash and Microsoft Office have their own update reminders which you should also pay attention to.

Sometimes though the malware writers distribute fake updates to fool people into installing their software so if you are suspicious about an update, check online to see if you have the latest version.

Run computers in Restricted User mode

One of the big weaknesses for all systems is there is a tendency to run as an Administrator. In older Windows systems this gives almost complete control over the system and can still create problems in newer systems as well as with Mac or Linux systems.

Every user should be run as a Restricted User and this can be set up in the Windows Control Panel or Mac Preferences.

Have an antivirus

While the antivirus industry loves flogging overpriced and overfeatured software that generally slows your computer down as much as it protects the system, it’s still worthwhile having.

For Windows users, the free Microsoft Security Essentials is fine for most users. For Mac users, the free ClamAV or Sophos Anti-Virus for Mac are good choices.

Use a third party browser

Generally using the built in web browsers – Internet Explorer in Windows and Safari on the Mac – tends to amplify security risks. So use a third party browser like Firefox, Google Chrome or Opera.

Be careful

Malware writers, like all crooks and conmen, try to exploit human weaknesses so their tricks often appeal to our greed, fear or lust.

Try to avoid websites offering pirated software, movies, music or pornography and never click on emails or pop up adverts that claim you’ve won the lottery or been infected with a virus.

Cybercrime is real and growing although we should keep in the threat in perspective and not fall for the hysterical headlines we often see in the media.

The risks are going to continue to evolve as the crooks move onto trying to exploit weaknesses in smartphones, social media platforms and cloud computing services.

Despite this, most people won’t be affected by malware or other computer crime by being careful. Just don’t count on being lucky.

Ending the era of Mac complacency

Does the Flashback bug end the Mac’s virus free status?

The news that the Flashback Trojan has infected an estimated 600,000 Apple Mac computers has been greeted with joy by the dozens of industry experts that have predicted a virus holocaust for smug Mac users for nearly a decade.

While the Flashback malware – the earlier versions could be described as a computer Trojan Horse while the later editions are more like a computer worm – is a real risk to Mac users and it’s important to take this risk seriously.

The Netsmarts business site looks at how Mac and Windows users can protect themselves from Flashback and its variants.

One of the key things in the advice is to make sure anybody using the computer has limited rights; as a Managed User on the Mac and as a Limited User in Windows. This dramatically reduces the opportunity for bad things to happen while online.

I’ve discussed previously while user privileges are one of the reasons why the Mac has historically been less prone to infection to virus infections than their Windows cousins.

Microsoft made the decision in the 1990s not to tighten Windows’ security settings and their customers paid the price for the next decade. This was compounded by some poor implementations of various technologies in Microsoft Windows.

This isn’t to say the Mac, or any other computer system, doesn’t have security bugs. Every operating system does and it’s a conceit of everybody immersed in new technologies, be it cloud computing back to horse drawn chariots, to believe their products are magically infallible.

Part of the crowing from the security experts and charlatans who’ve been desperately predicting a “Macapocalypse” for nearly a decade overlook this.

Even with the proven problem of the Flashback virus, its unlikely we’re see the deluge of malware like that of the early 2000s simply because the Mac OSX, Windows 7 and all the other mobile and computer operating systems don’t have the structural flaws that Windows 98, ME and early versions of XP had.

Much of the Mac versus PC argument in security is irrelevant anyway; the main game for scammers and malware writers has moved to social media services like Facebook and this is where computer users need to be very careful.

However the stereotype of the “Smug Mac” user was true, one caller to my radio show claimed he didn’t have a problem with spam because he had a Mac. Nothing could convince him that email spam wasn’t related to the type of computer you used.

To be fair to Apple they never made the claim their computers were invulnerable to malware, apart from the odd dig at Microsoft. Their users did it for them.

That type of smug Mac user are those who do need a wake up call. For the industry though, it’s business as usual although some will be feeling a little smug their hysterical predictions of the last decade came true in a small way last week.

702 Sydney Weekend computers: April 2012

Join Paul and Simon Marnie to discuss the tech that affects your home and office

On ABC 702 Sydney Weekend computers this Sunday, April 8 from 10.15am Paul Wallbank and Simon Marnie will be looking at the end of innocence for Apple Mac users, the DNS Changer Virus and how political campaigning is coming to a Facebook site near you.

Some of the topics we’ll discuss include;

If you’d like to learn how to protect your Mac or Windows computers from malware, visit our Netsmarts article on the Flashback virus that explains the security settings and suggests some free anti-viruses.

Listeners’ Questions

While we had a great range of calls from listeners, there was only one we promised to get back to. Kay clearly has a virus infection on her Windows computers and we recommend the free MalwareBytes program to clean it up.

Our IT Queries site has more instructions on cleaning up a virus infection if you’re worried about a sick computer.

We love to hear from listeners so feel free call in with your questions or comments on 1300 222 702 or text on 19922702.

If you’re on Twitter you can tweet 702 Sydney on @702sydney and Paul at @paulwallbank.

Should you not be in the Sydney area, you can stream the broadcast through the 702 Sydney website and call in anyway.

The business of denial

Denying market realities is rarely a good business move

Denial is a powerful sedative, it allows us to trundle dozily along a well worn patch oblivious to the reality our comfortable world has changed.

Last week’s claim that youth is fed up with the iPhone by Nokia’s Niels Munksgaard – who has the wonderful title of Director of Portfolio, Product Marketing & Sales – is a great example of how far and how long denial can continue while there’s still money to pay executive bonuses.

Canada’s beleaguered Research In Motion, manufacturers of the Blackberry phone, showed the same delusions when they released their Playbook tablet computer with the declaration Amateur Hour Is Over.

The only amateur hour was in the hubristic minds of RIM’s marketing team.

While profits keep flowing big organisation can afford delusions – Google can indulge their social media fantasies while the Adwords rivers of gold continue to flow ever faster and Microsoft can continue to indulge their delusions while their Windows and Office products remain immensely profitable.

Microsoft’s “droidrage” campaign, designed to embarrass Google’s Android mobile phone platform, is part of that delusion; for Microsoft’s campaign to work they have to prove there is a widespread Android malware problem, show their system isn’t prone to the same flaws and – most importantly – have enough product on the market to sell to those disillusioned Google customers.

Such a negative campaign has many fallacies – it assumes there are widespread security problems in Android, that Microsoft will pick up disaffected Google customers and there are enough Microsoft based products to grab those sales.

Probably Microsoft’s biggest problem is the assumption that customers actually care about that stuff – for years Windows dominated its market despite being riddled with computer with security holes and malware.

Microsoft succeeded because their competition was delusional; the best example being WordPerfect claiming graphic systems like Windows were a fad at a time when an inferior Microsoft Word was gobbling up their markets.

By the time WordPerfect realised their error and released a truly dreadful WordPerfect for Windows it was all too late, like a stagecoach company realising the motorcar is here to stay.

The problem for businesses in denial is that reality eventually does bite; plenty of people in the newspaper industry believed their advertising based model was secure and profitable – indeed many of the cosseted managers in that sector still believe it is – which now leaves them struggling in a changed world they thought they could ignore.

Denial among incumbents is a great opportunity for newer, more flexible players; for years mobile phone and tablet computer manufacturers were in denial about the usuability of their product – Apple proved them wrong and now commands the most profitable chunks of those markets.

Being the village blacksmith or a buggy whip maker was a good business to be in at the beginning of the 20th Century. Thirty years later those block boys and saddlemakers who hadn’t made the jump found themselves out of work.

It’s going to be interesting to see will be this century’s buggy whip manufacturers.

Securing the USB stick

There are some risks with carrying around private data on a portable drive

While I’m always reluctant to publicise security company’s media releases – believing many of them to be hysterical hype – a quick study by Sophos on lost USB keys has some interesting lessons for all of us who use thumb drives to carry data.

Sophos bought 50 USB drives at Sydney’s CityRail unclaimed lost property auction and analysed them for malware and security risks.

The study – not yet online – found more than 4,400 files including photos, CVs and job applications. Confidential material that could be used for identity theft, stalking or commercial advantage.

Encryption

If you are moving confidential data between computers, it may be a good idea to consider encryption software that protects files from unwanted visitors. Mac OS X has encryption software built in as does  all but the home versions of Windows 7 and Vista.

Should you have a computer that doesn’t come with encryption, or you’re taking the drive between different venues, then you may need a third party encryption program like TrueCrypt. Note you’ll need administrator rights to install the software on every machine you use.

The Malware threat

As a security company Sophos leaned heavily towards the malware aspect with a headline that 66%, or 33, of the drives had some sort of malware on them.

While that statistic is suspiciously high, it does illustrate the risk of plugging USB sticks into school, office and internet cafe computers. Like unsafe sex, the likelihood of catching something nasty increases with the more partners you have.

Perversely Apple Macs could be helping spread the malware as Mac users generally don’t use or need anti virus sofware and any viruses picked up on someone else’s Windows system can sit undetected and dormant until they are used on another PC.

Consequently, its good practice to wipe a drive when you’re finished with it so along with deleting malware you are also not keeping unnecessary and possibly out of date files on your drive.

Overall, Sopho’s survey illustrates why cloud services like Dropbox and Box.net are best for sharing data although the USB stick still has an important role when everything else goes wrong.

Avoiding industrial nightmares

How we can harden our computer networks from hacking attacks

The Iranian nuclear program is crippled by a virus that infects their control systems while a hacker claims a Texas waterworks can be accessed with a three word password.

Any technology can be vulnerable to the bad guys – obscure systems like office CCTV networks and home automation services can be as vulnerable as the big, high profile infrastructure targets.

While there’s good reasons to connect our systems to the web, we need to ensure our networks are secure and there’s a range of things we can do to protect ourselves.

Does this need to be connected?

Not everything needs a Internet or network connection, if there’s no reason for a device or network to be connected then simply don’t plug it in.

Keep in mind though that threats don’t just come through the web, both the Iranian malware attack and the Wikileaks data breach weren’t due to hackers or Internet attacks.

Get a firewall

No server or industrial system should be connected directly to the public Internet, an additional layer of security will protect systems from unwanted visitors.

All Internet traffic should go through a firewall that is configured to only allow certain traffic through, if the router or firewall can be configured to support a Virtual Private Network (VPN), then that’s an added layer of security.

Disable unnecessary features

The less things you have running, the fewer opportunities there are for clever or determined hackers to find weaknesses.

Shut down unnecessary services running on systems – Windows servers are notorious for running superfluous features – and close Internet ports that aren’t required for normal running of your network.

Patch your systems

Computer systems are constantly being updated as new security problems and flaws are found.

Unpatched computers are a gift to malicious hackers and all systems should be current with the latest security and feature updates.

This is a lesson the Iranians learned with the Stuxnet worm that was almost certainly introduced through an unpatched system – probably one running an early version of Windows XP or even 98 – which was vulnerable to known security problems.

Have strong passwords

Passwords are a key part of a security policy, they have to be strong and robust while being different to those you use for social media and cloud computing services.

It’s also important not to share passwords and restrict key log in details and administrator privileges to those who require them for their work.

With online services like social media, cloud computing and other web tools becoming a part of business and home life, we have to take the security of our systems seriously. Hardening them against threats is a good place to start.

Cloud Computing Explained: 702 Sydney Weekends

This month’s 702 Sydney Weekend spot looks at cloud computing.

What on earth is cloud computing? Is it just another IT buzzword or something that you can use in your home and business?

On the November 20 ABC Weekends show, Paul and Lex Marinos discussed what cloud computing is and how it can help you.

We also helped out listeners with various computer and tech questions, including the following;

Malware

Sue was caught out by the DNS Changer Trojan that was recently busted by the FBI. Probably the best fix for this is downloading and running the free Malwarebytes software.

Our IT Queries site has instructions on the somewhat convoluted process for removing this Trojan and other viruses from your computer.

Synchronising an iPhone with iCloud and Google Calendars

One advantage we have with the cloud is that it means you can use devices anywhere, however there is a bug where iPhone calendar functions aren’t synchronising with Google Calendar.

Unfortunately the problem is the iCloud and Google services aren’t compatible on the iphone so one has to be turned off.

If your preference is to use the Google services, then you will have to turn off the iCloud services through the iPhone’s settings app and turning off all of the calendar and contact settings.

You may then want to check your Google services are being synchronised through the iTunes settings.

Sharing data between laptops.

One of the advantages with networking is that you can share data between computers. Sonya wanted to know how she can setup her windows 7 laptops to share data to an external drive.

The best option is to use a Windows 7 compatible Network Area Storage device that sits on the network.

For the setup to work, the network name has to be the same on all three devices, Microsoft has instructions for setting Windows7 network name and the hard drive will have the instructions included for setting it up correctly.

It’s also worthwhile using Microsoft’s Active Sync software to synchronise machines as well so you have files stored on your computer.

If you missed Sunday’s ABC program, there’s more details at Netsmarts’ Cloud Computing explained and The Networked Business, we’ll also be running a Demystifying the Cloud webinar on the Australian Businesswomen’s Network at the end of November.

That will probably be the last ABC 702 Weekends spot for 2011 unless there’s something else that comes up.

Subscribers to our newsletter get early notice of any upcoming programs and other useful information on getting more value online. Don’t miss the next program.