Phishing with swine flu as bait

Friendly Computers reminds you to only open e-mail attachments and links from people you know. A recent e-mail scam is using fear surrounding the swine flu to infect computers with malware. Read more below…

Phishers and spammers have caught swine flu fever and are exploiting fears around the outbreak to try to sell pharmaceutical products or steal information, security experts said Tuesday.

The e-mail scams have a subject line related to the swine flu and typically contain either a link to a phishing Web site or an attachment that contains malicious code, the US-CERT said in an advisory.

One scam features a malicious Adobe PDF document titled "Swine influenza frequently asked questions.pdf," according to Symantec. The malicious PDF file has been recognized as "Bloodhound.Exploit.6" and it drops malicious InfoStealer code onto the victim's computer, the company said.

One spam with a subject line "Suspected Mexican flu toll hits 81" includes news headlines from legitimate agencies and asks recipients whether they are located in the U.S. or Mexico and if they know anyone affected by the outbreak. Recipients are asked to go to a Web site to fill in a form or reply to the e-mail and include their e-mail address, address, and phone number, according to a post on Symantec's blog.

McAfee Avert Labs also has information on swine flu-related spam on its site.

Cisco IronPort estimates that swine flu-related spam accounted for up to 4 percent of the worldwide total at its peak.

CERT tips for protecting against scams are to avoid following unsolicited Web links or attachments in e-mail messages and maintain up-to-date anti-virus software. More information is on the CERT site here and in a downloadable PDF.

Source: http://news.cnet.com/8301-1009_3-10229392-83.html

Another Adobe Reader security hole emerges

A security flaw has been found in Adobe Reader, and experts suggest you disable JavaScript to prevent this flaw from being exploited. Friendly Computers has more information below…

Security experts are recommending that people disable JavaScript in Adobe Reader following reports of a vulnerability in the popular portable document format reader on Tuesday.

The vulnerability appears to be due to an error in the "getAnnots()" JavaScript function and exploiting it could allow someone to remotely execute code on the machine, according to an advisory from the US-CERT.

"US-CERT encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk," the post said. "To disable JavaScript in Adobe Reader, open the General Preferences dialog box. From the Edit-Preferences-JavaScript menu, uncheck 'Enable Acrobat JavaScript.'"

Reader 8.1.4 and 9.1 for Linux are vulnerable and other versions or platforms may also be affected, according to Security Focus.

Adobe said it was aware of reports of a potential vulnerability. "We are currently investigating, and will have an update once we get more information," Adobe said on its blog.

At the RSA security conference last week, F-Secure Chief Research Officer Mikko Hypponen said Internet users should switch to using an alternative PDF reader because of the security issues with Adobe Reader. A list of them is available on the PDFReaders.org Web site.

Of the targeted attacks so far this year, more than 47 percent of them exploit holes in Acrobat Reader, while six vulnerabilities have been discovered that target the program, he said.

Just last month, Adobe issued a fix for an Acrobat Reader hole that attackers had been exploiting for months, after issuing a patch for a critical vulnerability in Flash player the month before.

Source: http://news.cnet.com/8301-1009_3-10229070-83.html

Finjan finds botnet of 1.9 million infected computers

Friendly Computers found out a huge botnet affecting over 1.9 million computers. Read more below…

SAN FRANCISCO--Security firm Finjan has uncovered what it says is one of the largest bot networks controlled by a single cybergang, with 1.9 million infected zombie computers.

The botnet has been in use since February, is hosted in the Ukraine, and is controlled by a gang of six people who are instructing the Windows XP-based machines to copy files, record keystrokes, send spam, and take screenshots, Ophir Shalitin, Finjan marketing director, said in an interview on the eve of the RSA security conference.

The gang has compromised computers in 77 government-owned domains in the U.S. and elsewhere, he said. Nearly half of the infected computers were in the United States. Nearly 80 percent of the infected computers are running Internet Explorer, while 15 percent are using Firefox, Finjan said.

The criminals operating the botnet can make as much as $190,000 in one day renting out the zombies to others, according to Finjan Chief Technology Officer Yuval Ben-Itzhak.

The command-and-control server being used to control the infected PCs is instructing the bots to download and execute a Trojan horse, which is detected by only 4 out of 39 antivirus products, said Shalitin.

The Trojan installs malicious executables that communicate with other computers, inject code into processes, visit Web sites, and other activities the user has no involvement with, according to a post on the Finjan Malicious Code Research Center blog.

"Overall, the cybergang can remotely execute anything it likes on the infected computers," the post says.

Source: http://news.cnet.com/8301-1009_3-10223716-83.html

Is it really safe to download software?

As always, Friendly Computers reminds you to keep your anti-virus and operating system updated. Aside from this, here are a few more tips to prevent your machine from being infected with viruses or spyware. Read below…

1. Software is just code. Some of it is written well, some of it is written poorly, and some of it is written well to do poor things (and vice versa). In other words, software is only as good as its author, that author's intentions, and the application of those intentions to a given purpose. If the software is a game that you download and play for hours of free or low-cost fun, then you may think of downloading software as a positive activity. If the software is a screen saver that secretly injects your system with resource-hogging and privacy-ruining spyware that can't be easily removed without hours of troubleshooting, then you'll likely consider it a negative activity. Either outcome is possible; neither outcome is 100% representative of what is possible.

2. It's fun to download programs that allow you to accomplish new tasks with your computer. Generally speaking, from reputable sources, software should be relatively benign. The root of the problem is, of course: How do you know who's reputable? Let's compare extremes. A site like CNET's download.com, with plenty of links to and from countless outside, big-name sources and well-written, in-depth reviews with detailed system requirements and clear notice of whether a piece of software was scanned for malware or not, is about as safe as safe gets on the Internet. On the other hand, a site with blinking text advertising FREE downloads and program descriptions tapped out in the broken English of a chimpanzee kindergartener and a URL that ends in something like .ru instead of .com should be a red flag. To use the "hike in the woods" analogy once more, such a dubious site is like the poison ivy to CNET's sunflower.

3. Search Google (or your search engine of choice) for what other people are saying about the software in question. Seeing where it's hosted (and if its developer has a site for it) can give you some clues, too. If your search results are primarily links to a multitude of forum posts bashing the software as being loaded with malware, spyware, viruses, and other nasties, you'd be well-advised to avoid it. If you can find evidence of the software being hosted by or linked from sites you've come to trust, then the odds are good that it's probably okay.

4. Always be wary of a forced download -- like your browser telling you that you need to install something in order to view a Web page. No! Just about the only browser plugin you need these days is Adobe Flash, and that should only be downloaded and installed from Adobe's Web site -- nowhere else.

5. When installing any program, read every single step thoroughly. Some installers will also give you a few browser toolbars or "bonuses" that serve to do nothing more than clutter up your computer. Look for boxes to uncheck -- reputable software developers will give you the option to opt out of such offers during an install.

6. Never, ever download software that's been pirated or cracked. That's got "bad news" written all over it in red marker. There's no quicker way to compromise your system than to use code that doesn't come from a trusted source. The number of spyware, virus, and general malware infections would plummet (I'd bet by 90%) if the world stopped using P2P networks for illegitimate media trafficking.

7. Don't assume that, just because you're using a non-Windows operating system (like Linux or Apple's OS X) that you're safe from the threat of a potential security breach. While it's true that most unscrupulous malware programmers will target Windows because it's the most used operating system in the world (and a better investment of their deviously utilized time), you're always going to have some joker going against the grain and spoiling a good thing for everybody.

8. This should be obvious without having to say it, but make sure you've always got security software running (and, for the love of Pete, keep it updated)!

9. If you want to be truly safe, just don't download anything! Err on the side of caution. Use the Web -- there's plenty of great stuff available online that doesn't have to be downloaded onto your system that will give you the function of what we think of as "software." Compare Google Docs (Web-based and free) to Microsoft Office (install required and costly) for just one example.

Source: http://edition.cnn.com/2009/TECH/expert.q.a/04/22/downloading.software/

SMS messages could be used to hijack a phone

Surely you know that your computer can be hacked into, but did you know that it is possible to hack into a cell phone as well? Friendly Computers warns you to be careful of who you give your cell phone number to. Read more below…

An attacker with the right toolkits and skill could hijack your phone remotely just by sending SMS messages to it, according to mobile security firm Trust Digital.

In what it calls a "Midnight Raid Attack" because it would be most effective when a victim is asleep, an attacker could send a text message to a phone that would automatically start up a Web browser and direct the phone to a malicious Web site, said Dan Dearing, vice president of marketing at Trust Digital. The Web site could then download an executable file on the mobile phone that steals data off the phone, he said.

Dearing demonstrates how this can be done in a video on YouTube.

In another type of attack, an attacker could hijack a phone by sending a type of SMS message called a control message over the GSM network to a victim's phone that is using a Wi-Fi network and then use special toolkits to sniff the Wifi traffic looking for the victim's e-mail log-in information. This attack is explained in another YouTube video.

While the attacks at this point are proof-of-concepts, they could be done if someone has the requisite knowledge and toolkits, said Dearing. Trust Digital recently announced software called EMM 8.0 that can help organizations protect employee phones from these types of attacks, he said.

"This is a completely real threat," said Philippe Winthrop, a director in the global wireless practice at Strategy Analytics. "We will see these attacks. It's a matter of time."

Source: http://news.cnet.com/8301-1009_3-10222921-83.html?tag=mncol;title