Sunday, January 31, 2010

Facebook Applications Spreading Spyware

From the direction of Roger Thompson, Chief Research Officer at AVG - that hacked Facebooks apps are being used by Russian cybercrime gangs to peddle rogue antivirus software, part of an ever-increasing trend towards scareware-based schemes for raking in the cash. It should be noted that the applications' developers are victims here too, leaving aside the fact that they left the loopholes that let the bad guys inject code. These Facebook applications are web-hosted: when you add an app, you're using Facebook's servers to link to a third party site hosting that app. What's been happening is that the app has an extra iframe injected, which shows you a fake licensing frame, and when you accept the terms it points you to a Russian scam site that displays those "your site is infected" pop-ups - complete with a "click here to protect your computer" link. At the time of writing, AVG has found eight such compromised applications. My advice id don't use Facebook applications - full stop.

Click Computers – Computer Repair Utah
Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.

Friday, January 15, 2010

Beware of Social Networks in 2010

McAfee foresees threats to social networking sites, banking security and botnets in 2010

McAfee Labs, in its latest report called "2010 Threat Predictions", said it foresees an increase in threats related to social networking sites, banking security, and botnets in 2010.
With the ever growing footprint of social networking websites, McAfee says sites such as Facebook will face more sophisticated threats. The explosion of applications on Facebook and other services will be an ideal vector for cybercriminals, who will take advantage of friends trusting friends to click links they might otherwise treat cautiously. The company also points out that along with Twitter's success we have seen widespread adaptation of abbreviated URL services, such as bit.ly and tinyurl.com. These services now appear in all sorts of communications-making it easier than ever to mask the URLs that users are asked to click.

Email attachments have delivered malware for years, yet the increasing number of attacks targeted at corporations, journalists, and individual users often fool them into downloading Trojans and other malware. McAfee warns that home users and IT personnel should provide extra protection for computers.

Cybercriminals have long picked on Microsoft products due to their popularity. In 2010, McAfee anticipates that Adobe software, especially Acrobat Reader and Flash, will take the top spot. Also, Banking Trojans will become cleverer, sometimes interrupting a legitimate transaction to make an unauthorized withdrawal.

Botnets are the leading infrastructure for cybercriminals, used for actions from spamming to identity theft. Recent successes in shutting down botnets will force their controllers to switch to alternate, less vulnerable methods of command, including peer-to-peer setups.

Click Computers – Computer Repair Utah
Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.

Wednesday, January 13, 2010

New Pay Pal Phishing Scam

Following the receipt of an apparently genuine e-mail from PayPal, users are asked to log in to their account and to provide their credit card information, ATM Pin included, on a fake PayPal web page.

2010 opens with a phishing surprise for PayPal users. The mechanism behind it is simple and it aims two targets in one go: PayPal account and credit card information.

First comes the fake official PayPal e-mail, which urges users to confirm their e-mail address and credit card information as part of a supposedly "innovative" means of monitoring "inactive customers" and "non- functioning e-mail boxes".

As usual, social engineering ingredients come in handy in this kind of messages. In this case, there are two elements which emphasize the urgency of the matter: a restriction and removal warning and a clear deadline, January 12.

If the reference to credit card information in this context does not ring an alarm bell, gullible users will take the second step of the furtive procedure and they will log in to their PayPal accounts. And that's a first strike, as the user name and password are typed on a fake PayPal page.

The third and final step takes users to a page where they are supposed to fill in various personal information, all in the name of standard security maintenance procedures: name, address, credit card number and the like. If the request to provide the credit card's ATM PIN, strategically placed last, does not raise any suspicion, the deal is sealed.

Once again, standard preventive measures will keep PayPal users safe from harm:

•Make sure you always activate or turn on your antiphishing or phishing filter, as well as any other security applications or suites before browsing to your e-banking account. Ideally, you should install, activate and update a reliable security solution.
•Double-check the URL of the page you are on, especially if you are required to fill in credit card information.
•Make sure that the e-banking Web site uses SSL encryption (Secure Socket Layer) and security authentication methods - look for the "https" prefix and the locked padlock. If you are requested to accept a certificate for the session, check that the name on the certificate matches the name of the institution you wish to deal with and that the certificate is signed by a known Certificate Authority such as ThawteTM or VeriSign® before accepting.
•NEVER disclose your PIN to anyone, under any circumstances.
•Avoid using a non-secured computer (like a friend's desktop or job colleague laptop). Still, if you are forced to do so, make sure you at least run BitDefender's advanced scanning on-line tool, Quick Scan, before proceeding.
•Do not check your e-banking account from public computers connected to Internet (like those in a library or Internet CafĂ©).

Friday, January 8, 2010

Computer Running Slow

Click Computers – Computer Repair Utah
Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.

Click Computer's Utah's onsite computer repair leader can usually get your computer back up to speed in 1 hour. We come to you as well as remote sessions. Check out our daily specials, tips, tricks and become a Facebook Fan.