Virus Attacks that Couldn’t Happen without your Cooperation
Attacking computer networks these days, or installing a virus in a fortress of security at a major corporation involves doing more than making clever coding and performing clever digital confidence tricks on company employees to beguile them into clicking on something. A recent survey of hundreds of government agencies and corporations in the US found that nearly three-quarters of all computers in them had infections of one kind or another. These are organizations that spend billions of dollars in computer security every year. What ways do the hackers have of getting past such impregnable defenses?
Usually, it could be something really low-tech, but very clever. One way that has been reported recently, has been this: a hacker designs for good virus, loads it on a pen drive, and silk screens the company logo on the face of the drive. He then leaves it somewhere conspicuous, on the company’s premises, as in the parking lot or an ATM. The hacker hopes that a company employee will discover it, plug it into his company laptop to find out who it belongs to, and by doing this, will activate a virus inside that will steal all the company passwords stored on the laptop. It will then phone home, with its cache of stolen passwords. Most firewalls and other defenses do not count on having a company employee personally bring something in like this.
The Google attacks in China were a twist on the traditional phishing tactic. They were called spear-phishing attacks. They send counterfeit e-mails to people, taking the trouble to design the e-mails with official-looking emblems and stationery, but they aim for a specific person in the organization, and they mention a well-known friend in the from-address section too. It is all about getting past an employee, and having him invite the virus inside by his own actions. They don’t just need anti virus software anymore. They need anti-gullibility behavioral training for their employees.
Cell phones are not such targets for now with hackers so far, because there are so many models and so many different operating systems. But with a very popular model like the iPhone, things could start happening, that would turn the smart phone into a surveillance device that records pictures and audio. They can even tap into an iPhone, to learn exactly where the owner is, with GPS.
In a high-tech world, low-tech is often the way infiltrations take place these days.Often, we are just looking at hoof prints and thinking exotic zebras, when we should be thinking donkeys. We need to think low-tech once again today.
Another Cheap Shot from the House of Malware – Scareware
Everyone’s experienced it: you visit a webpage and a flashing banner on top that looks like a Windows dialog box informs you (falsely) that a virus has been discovered on your system and it invites you to click on it to help you disinfect. When you press on it though you are taken to a website that will in all probability download a computer virus to infect your heretofore clean system. They have a name for it now: it is called Scareware – probably because it achieves its ends through scaring people into playing into the hands of the exploiters. What the manipulators have in mind, could be anything from trying to sell you useless software, right down to obtaining your cooperation for installing malware on your computer. Published statistics say that this is quite a popular way these days in which to attack computers or make an easy buck; there has been a fourfold increase in programs of this kind that float about on the Internet in the past year alone – there are about 10,000 of these now abroad. They also use the term Scareware for legitimate security programs like antivirus software too that try to put up a show of doing a good job by constantly alerting the user to every little unremarkable thing in an alarmist way. A similar-sounding but unrelated term is Ransomware – a virus that holds your system to ransom threatening to erase everything unless you pay up.
A well-publicised case of Scareware recently visited visitors to the technology blog Gizmodo. Apparently, >malware programmers bought advertising space on the website, posing to be a well-known company. When visitors clicked on the advertisement though, they ended up downloading malware. >A similar attack occurred on the website of the New York Times publication last month too. Perhaps the best answer to these hit-and-run attacks is to use premium antivirus software: that way you would not ever be tempted to check out substandard antivirus findings on websites and would be protected from them if you still were.
WordPress has released a new version 2.8.2 to download
Many webmasters are engaged with WordPress to establish their business by taking advantage of using the blogging software. Although there are number of benefits to be realized by using WordPress, some entrepreneurs are facing serious issues like security vulnerability. In order to make sure its users have the most secure platform available WordPress has released a new version 2.8.2 security patch.
This new version will help webmasters to get rid of an XSS vulnerability that was identified by a site admin. The XSS vulnerability will allow hackers to access the admin page by inserting certain code in a form. The previous version of WordPress 2.8.1 was released just two weeks ago.
Anyone running WordPress 2.8 or 2.8.1 can upgrade to this latest version right away. The latest major version is faster than ever. Don’t delay! WordPress 2.8.2 is available for download here. Development on 2.9 is already underway, with a bunch of feature list. Hope the WordPress team will release it soon.
Upgrade to Firefox 3.5.1 to trounce critical JavaScript glitch in Firefox 3.5
Mozilla released Firefox 3.5 on 30th June 2009, and claimed that it contains more improved features than the previous version, supporting new web technologies, improving performance and ease of use. On July 9, Firefox user “zbyte” submitted an error report to Mozilla’s bug tracking system. According to the report, the browser crashes when text is typed into an input box in the site apport.ru instead of fetching the search result.It is found that the security flaw lies in the Firefox’s Just-In-Time (JIT) Javascript compiler. Due to the vulnerability, the JIT compiler could become corrupt when a user lands on a tainted web page and paves way for an attacker to insert a malicious code on the user’s computer.
Initially, Firefox advised its users to turn off Javascript or use Noscript add-on. Another simple solution was to set “javascript.options.jit.content” to false in the configuration page which can be opened by typing about:config in the address bar.
Finally, Mozilla has come up with a permanent solution by releasing a new version of Firefox 3.5.1 which fixes the critical security vulnerability. Just upgrade your browser to the newer version to safeguard it from Javascript vulnerability. Don’t forget to enable your Javascript after updating your browser to the 3.5.1 version. Another issue that was making Firefox take a long time to load some Windows systems was fixed in the new version.
Between Facebook and its members, who to protect?
Facebook, the most successful social network today, allows its adherents to create very different groups. However Facebook has to protect its system and that’s why some rules have to be respected.It seems to be evident that a group like “Rogue Facebook Apps Early Warning Group” appears as a dangerous threat, even more when one knows that they spread unsafe information. But nevertheless, appearances could be misleading. Actually this group was created to warn its members about attacks happening on the social network and the risky information was divulged by mistake. But the Facebook team disabled the account of the group’s administrator. This decision appears like an unfair punishment.
The red line between knowing to attack and to protect isn’t often easy to determine.
In fact the real stake of “protecting Facebook” is not really to care for the application, but to protect the personal information and data of its numerous members who trust it and its security. We know that Facebook is not just a network of private life but also a job network. Therefore the dangers and stakes are greater.So is it really a shame to form a group which can help adherents to be sure of their privacy and confidentiality? Having to opt between the network system’s survival and our own information, the choice should be quick!
Gumblar, a malware targeting IE users
Scansafe, the largest global provider of Web Security-as-a-Service, reported that a stealthy malware called Gumblar targets users of Internet Explorer and forcibly redirects Google search page results to compromised pages. It also steals FTP details of victims and creates a backdoor on the system. It is named for the domain gumblar.cn involved in the attacks.“The stolen FTP credentials are then used to further compromise any Websites owned or operated by the victim,” Mary Landesman, senior security researcher at ScanSafe, told eWEEK. “As a result, there is exponential growth of these compromises—as more victims are infected by encountering a compromised site, the number of compromised sites also increases and thus more visitors are exposed.”
Landesman told SCMagazineUS.com, “Gumblar attacks have jumped nearly 188 percent over the first week of May.” The report also says that more than 1,500 Websites including Tennis.com, Variety.com and Coldwellbanker.com have been attacked in the first week of May.
The goal of the malware is to siphon dollars from Google’s highly profitable advertising franchises, by replacing links in the Google’s search results page with those of the attacker’s choice.
The attacker has made exploit code unique for every website, so it has become hard to identify a compromised site until it is surfed. Actually, the malware embeds malicious Javascript deep into a website’s source code that exploits the bug in a visitor’s Adobe Flash and Reader programs and makes the victim join a botnet that manipulates their Google search results. So users are advised to make sure their patches from Adobe Systems are up-to-date.
A Google spokesman told SCMagazineUS.com that some compromised sites associated with this exploit may include a warning, saying “this site may harm your computer” associated with their search results listing.
Beware of common online threats and be safe online
UK’s Get Safe Online campaign conducted a study on cybercrime and revealed the following result: to an internet fraudster, an identity is worth £80 and in 2008 the victim rate is raised to 23% compared to 15% in 2007.
It has become a must for every online user to be aware of cyber crimes and the safety measures to be adopted get rid of them. Here we have listed some of the common threats that are faced by most online users with solutions to avoid them.
The main focus of an internet fraudster is to find out personal details of online users, and use those details to gain access to bank accounts, run up bills, create false documents such as passports or birth certificates and carry out benefit fraud.
Generally, hackers send email messages in the name of a legitimate organization such as a bank, demanding the user to update their personal details for security. Remember, that a bank will not ask you to reveal your personal details on email. So don’t pay heed to such emails.
Many hi-tech criminals attract people by sending emails on current affairs or other attractive subjects with an attachment. The attachment could be a booby trap with a malicious program through which they can collect users’ personal details. Install an anti-virus program in your system and update it daily before opening your mail box to get rid of such viruses.
Sometimes, when you open a website, a popup window will appear and say that ‘you have just won a million dollars’ or ‘your computer is affected by a virus’. The message will ask you to click on the window which you should never do. If you click on the message, you will be taken to a website and asked to download a software likely spyware. Simply don’t respond to such popup windows. It is better to enable a plug-in to block unwanted popup windows.
Install a trusted anti-spyware program to safeguard your computer from spyware. As Microsoft’s Windows lacks security, security firms advice online users using Microsoft software to update it as soon as security fixes are available. Online users are advised to use non-Microsoft programs for web browsing.
Related Posts from the Past:
Recent Post
Categories
- 360Contest (5)
- Use Cases (3)
- Agriya Events (6)
- Agriya Ideas (9)
- Agriya News (111)
- Anova (12)
- Burrow (5)
- BuySell (3)
- Channel (7)
- Client Interviews (1)
- Computer Security (7)
- Crowdsourcing (6)
- Developers (2)
- Extensions (1)
- Feedy (2)
- FP Platform (9)
- Getlancer (1)
- GroupDeal (11)
- GroupWithUs (1)
- Holidays (1)
- internet (16)
- Internet News (57)
- iSocial (8)
- latest technology (21)
- Life @ Agriya (1)
- online marketing (15)
- PartyPlanet (1)
- Private Shop (1)
- search engines (9)
- SEO (1)
- SEO Game (19)
- SF Platform (2)
- Social Media News (17)
- social networking (44)
- Startups (2)
- Volume (3)
- Web 2.0 (8)
- web design (6)
- Webmaster Articles (114)
Archives
- May 2013
- April 2013
- March 2013
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
Page optimized by WP Minify WordPress Plugin