According to GFI, random Twitter users have been tweeted with the URLs with .tk extension. After being clicked, these links redirect victim to googleapi17.ru/l(dot)php?l=os&ampr=5519&ampa=29# which presents itself as Anti-virus Scanner (typically to scammers, grammar mistakes are included)  page and reports something like that:

Anit-Virus ScannerCheck your phone for viruses!Maybe Your phone is infected , and someone has access to your personal information, such as photos, messages, call history, contacts, history of sites visited, passwords to websites and more. Immediately start scanning for viruses!

Depending on which machine, PC or smartphone, victim is on, he is additionally offered to download a file. Computer users are offered to install VirusScanner.jar while smartphone users – VirusScanner.apk. Luckily, .jar file seems to be not working because of some error. However, .apk file can easily be  installed on the smartphone and additionally give rogue anti-virus for the victim, reported as Trojan.Android.Generic.a.

It should be expected that scammers will change the destination of the malicious URL in the future, so you should avoid on clicking all suspiciously-looking tweets. In order to  prevent such attacks in the future, you should definitely start using mobile anti-virus software.

Source: Gfi.com

In order to spread their malware, attackers have been using pop-up windows notifying to update widely-known software product that is necessary to view a particular web page. Though it is not a completely new method to infect computer users, criminals could have been successful in spreading it. However, FBI gives no further information about the capabilities of this malware and hotel names that have been discovered to be included into this attack.

In order to avoid this attack, you should take extra caution before updating software products abroad because there is a huge chance to be included into this hotel wireless login scenario. You should simply make sure you update your programs before traveling and make sure you use Internet Security software products to prevent malware infiltration.

Source: techweekeurope.co.uk

Trend Micro released a simple plug-in that makes the implementation for CloudStack users very quick, when comparing to the months of investigation and development when they are creating an encryption solutions with their own hands. That’s the new road for innovative cloud encryption service.

This new key management system is patent-pending for Trend Micro SecureCloud. It lets administrators set the policies which determine when and where the data can be accessed. Integrity and identity rules can be added optionally.

This new way of Cloud protection helps to support the internal governance. It also shows how to comply with regulations of HIPPA, Sarbanes-Oxley, PCI DSS and more. The Cloudstack license was moved from GPL to Apache License 2.0, and made this project to run with Apache Software Foundation, which made CloudStack a true community run project.

Apache CloudStack has a new SecureCloud plug-in, which is a simple module that makes the process of synchronizing cloud assets easy. This will easily define the encryption key and release policies for the data volumes which will be encrypted. Security is very important these days, so there is an increased demand for all security products. Quality products like SecureCloud makes customers forget the hard work and process about making Cloud syncing secure.

The vulnerabilities that may lead the malicious software to run code without user interaction are marked as “Critical”, as these are the worst vulnerabilities for Microsoft. The MS12-034 patch is aimed to fix attack vectors exploited by Duqu, which targets industrial control systems. Another patch, called MS12-029 fixes a remote code execution exploit when user opens an infected RTF file.

Always remember to update, and if you have your auto-update feature off, you should click on the windows update icon on the “Start” menu to get the latest security updates. Additionally, Adobe released an update too, for Adobe Illustrator, Photoshop, Flash Professional and Shockwave Player. All Windows and Mac computers who run Adobe Shockwave Player should update their software to the newest version (11.6.5.635 currently).

Not so long ago, FBI stated the shutdown of a huge clickjacking botnet with the cooperation of Estonian authorities and other antimalware organizations. They raided almost 100 servers that were infected by this malicious code. Moreover, seven people were arrested and charged with computer intrusion and wire fraud crimes. Those actions stopped a malware known ad DNS changer, which was infecting computers since 2007.

DNS Changer malware is made to replace the Domain Name System (DNS) on infected machines to address to some malicious routers or servers. It is widespread because it infects both PC and Mac systems. The redirected traffic served to spam, send malware and more. Additionally, it blocked access for antimalware sites and OS updates, to defend itself from removal.

And when FBI will shutdown the servers, which fixed the redirected traffic for infected computers, millions of internet users will lose internet connection. So the question is, how to check if you’re infected? That’s not so hard. FBI and DNS Changer Working Group made some step-by-step guides, and there are lot’s of self check tools on the Internet. Additionally, FBI made a form where you can enter your IP to check if you’re infected.

And there are many ways to fix it. Although the best way to remove DNS Changer malware is to use a reputable anti-spyware software, sometimes you will need to do a full reinstall of your system to ensure that you’re fully repaired. Here are some tools that can remove DNS changer:

• Kaspersky Labs TDSSKiller
• McAfee Stinger
• Microsoft Safety Scanner
• Trend Micro Housecall
• MacScan

Keep in mind that if your machine will be infected after the deadline – you will lose your internet connection. The fixing methods will remain the same, but the loss of the internet will probably make it harder to clean up, because you will need a separate and obviously clean computer to download removal tools.

The increase of cloud corporate data attacks are because of increased computer attacks by web-hackers, who target smartphones and tablets, says Craig Scroggie, Symantec Chief of Australia-New Zealand division. It was published in Theaustralian.com at May 1, 2012. Hackers tend to move to corporate hacking operations because of social networking based attacks.

Cybercriminals choose social networks, particularly Pinterest, Facebook and Twitter, because of the huge market of end-users there. Hackers obtain information which they use for revenue, Scroggie described.

In addition, Symantec is analyzing spam activities too. According to it, the biggest spam source this year is pharmacy spam. It takes nearly 40% of all the spam on emails, while jewelry spam is responsible for almost 20% of all junk emails. In addition, sex-themed spam increased to total of 15% of the total spam.

Finally, Symantec recommends using a reputable antivirus and anti-spyware software, which would be able to fight, and unfamiliar malware too, and would provide the best safety and firewall to your computer.

The fact is that facebook doesn’t take care of privacy as it should do. Some users might even be surprised that facebook gets reports every time a user opens a site with a “Like” button, and it doesn’t matter if they press it, or even if they have a facebook account. That only shows how much personal data can be gathered without any knowledge of user.

This privacy situation is bad. CR (Consumer Reports) made another report, where they gathered info during the past 12 months about what american users did in Facebook. Here’s data and rates:

• 39.3 million identified a family member in a profile
• 20.4 million included their birth date and year in their profile
• 7.7 million “liked” a Facebook page pertaining to a religious affiliation
• 4.6 million discussed their love life on their wall
• 2.6 million discussed their recreational use of alcohol on their wall
• 2.3 million “liked” a page regarding sexual orientation

This report shows that some people share way too much of personal information in the net. Almost 4.8 million people potentially showed burglars where and when they will be, while almost 4.7 million users “Liked” some health conditions, which insurance companies might use against them.

Even if you share your information only with friends, if your friend is using Facebook Apps, your data might be taken to a third party without any notice. And that’s not all.

CR report shows that there are privacy-related problems rising – almost 11% of households who use facebook have reported that they had various troubles, like a login without permission or some threat from external person.

However, Facebook claims that it takes privacy concerns seriously – they check privacy access tens of billions of times every day, and they want to implement some greater access records for users to see their facebook activity. Although, that’s not enough.

Additionally, the laws in US do let the federals see and control as much of the information as social networks collect. Two main things Facebook needs to take concern about are better protection and password security lapse increase. Facebook users should follow these tips:

• Think about what are you sharing
• Check your facebook page regularly on how it looks to users
• Don’t share personal information
• Understand which parts cannot be protected
• Show your wall posts only to friends
• Disable “Tag Suggest”
• Block Apps that are snooping info.
• Don’t share everything with every friend on facebook. You can choose specific filters.
• If you need to protect your data for a while, disable your acc.

People look for the best cost every time, whether they experience business or household data loss. Most of them are taken by the appeal of free evaluations, cropped prices and the cheapest options, never thinking much about the situation. Then they find out that the data recovery service provider passed some “hidden” fees, or even charged for unsuccessful recovery, maybe even couldn’t understand the issue of this situation.

It is always a good practice to look for offers with a free consultation and access to actual data recovery engineer. Always choose from providers who give you the complete listings of all recoverable files before you make any order or purchase decision. Try to obtain the actual price and the difficulty level of recovery. Additionally, ask if spare parts are needed. That might give you additional charges. Finally, always make sure that there is a post-recovery support option to make sure your data migration process completes successfully.

You might be confused that you don’t need a proactive data loss plan, if you never experienced significant data loss or long down-time. However, adding a data loss plan to your backup system is as much important as your homeowner’s insurance. If you ever get to experience a data loss, it is always very important to look not only for a professional looking website offering data recovery, but to contact the company and see if it can answer specific questions about platforms, virtual environments, databases and e-mail systems. Always check if the service provider has the right geographic location and good engineering capabilities that also supports a multitude of languages, data protection laws and currencies.

In addition, check if the chosen provider actually invests to develop its abilities to recover data from new devices, using new tools and giving specialized services, that ensure the latest and the hardest data recovery issues are addressed without failures.

The reality is that only few organisations are actually prepared for the worst situations. However, when the data loss occurs, everyone looks for an IT department that could handle that. After that, they realise that not every organisation has the right staff and experience to expertise in the real data recovery, when speed and quality is required.

Additionally, there are many companies who doesn’t have the data recovery plan in place. Of course, the third party might seem as the most logical solution, but not all data recovery providers give you access to the actual engineers who work on your case. That’s very important – make sure that your data recovery provider gives you ability to work with them step-by-step, informing you about the process and what actually can be recovered. A great plan would be to find a recovery service provider, which would perform emergency, remote or even onsite recoveries on your proprietary or unique systems.

We have to keep in mind that not all data recovery specialists can be treated equally. People tend to make mistakes thinking that data recovery can only be done after hard disk failures, while, in fact, data recovery is possible even when logical errors occur on complex databases or virtual systems, and even if the data is encrypted.

Always make sure that your use a trusted data recovery provider with a long experience in many different situations. You might only have one chance to recover your data, so it is essential to find the right provider that would handle this job with the biggest concern and dedication, regardless the situation or the data size.

Some organisations do believe, that all data recovery providers offer the same level of services. However, not all data recovery provider had the right security protocols, which protects the data recovery process, and tracks everything to ensure your data protection.

Finally, it is important to ensure that your company is using the highest security and process standards for your entire data recovery process, not only the recovering phase. Look for SAS 70 Type II certification in service providers. Additionally, make sure your provider uses a secure ISO-5/class 100 cleanroom environment with authorised entities to handle the most sensitive data. Furthermore, it’s important that your recovery provider can give the recovered encrypted data in the encrypted form as it was before the data loss. ]]> http://www.2-spyware.com/news/post821.html/feed 0 http://www.2-spyware.com/news/post798.html http://www.2-spyware.com/news/post798.html#comments Tue, 01 May 2012 15:25:57 +0000 ugnius http://www.2-spyware.com/news/?p=798 Over the past few days we’ve been seeing an increasing number of drive-by downloads and malware incidents that lead user to rogue anti-virus programs belonging to the family Win32/FakeRean. This malware family was actively distributed during the holiday season and eventually went of the charts on the second week of January. Whatever the reason, it was probably the most successful campaign in the history of scareware. Q1 2012, thankfully, wasn’t dominated by Win32/FakeRean.

How to identify scareware belonging to the family Win32/FakeRean?

Otherwise known as “Multi-name” malware is more that 30 rogues in 1. It uses individual names and looks for Windows XP, Windows Vista and Windows 7. Win 7 Antispyware 2012, XP Security 2012 just to name a few. Here’s what a rogue anti-virus program from the FakeRean family looks like:

If you have this or similar fake antivirus software your computer, you need to run a full system scan using reliable and legitimate anti-spyware software, Spyware Doctor for example. Any other genuine anti-spyware software works fine too. And one more thing, do not pay for the rogue security solution. It might look like a real thing for some of you, but it isn’t. And it definitely has nothing to do with Microsoft.

How to avoid the fake antivirus scam?

First of all, keep your computer updated with the latest anti-virus and anti-spyware software, and be sure to use a good firewall. Secondly, do not download freeware unless you know it’s from a reputable source. Avoid questionable websites and never open an email attachment unless you are positive about the source.

This team is providing an unattended access to various criminal activities like intrusions, hacks and more. We see all the hard work of these charming personalities who solves the crimes of hackers every day. Nevertheless these hard to solve cases may lead anywhere in the world – filmmakers follow every move to catch everything on film.

ZERO DAY is co-financed by BBC Storyville, while the filmmakers are working with reporters like John Markoff (New York Times) and Joe Mell (Reuters). Author Misha Glenny takes part in this film too. 2-spyware team takes part in this project too. The filmmakers are talking with Mark Cuban and Magnolia Pictures, to be able to distribute in US TV and theatres.

2-spyware team invites everyone to support the creation of this film through Kickstarter. By donating money you become an official donor of ZERO DAY. Film is scheduled for release at September, 2013.