|
Network Services
October 28, 2009
Fake Facebook e-mail contains Trojan
A new variant of the Bredolab Trojan horse is attached to a fake "Facebook Password Reset Confirmation" e-mail.
Threat Rank: HIGH
Some users are receiving the e-mail from "The Facebook Team," according to the security firm. The sender's e-mail address displays "service@facebook.com." In reality, the address and sender were spoofed.
The e-mail was accompanied by an attachment named, "Facebook_Password_4cf91.zip and includes the file Facebook_Password_4cf91.exe" that, the e-mail claims, contains the user's new Facebook password.
When a user downloads the file, it could wreak havoc on their computer. The Trojan horse Bredolab "executes files from the Internet, such as rogue anti-spyware. To bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe. Bredolab contains anti-sandbox code (the trojan might quit itself when an external program investigates its actions)." In other words, it's bad.
Facebook said that users should be "suspicious of unexpected emails claiming to be from Facebook." The company also said that it will never send users a new password as an attachment.
What to do: Don’t open emails with attachments that you are not expecting. Contact BDS if you think you have opened an email like this.
Desktop Lock Up (Trojan)
Trojan.Ransomlock.D is a Trojan horse that locks the desktop making the computer unusable. It then asks the user to purchase a license in order to restore access to the computer.
Threat Rank: HIGH
What to do: If you see anything like this call BDS immediately to restore your computer back to normal.
October 21, 2009
Why is Cyber Security a Problem?
You've heard the news stories about credit card numbers being stolen and email viruses spreading. Maybe you've even been a victim yourself. One of the best defenses is understanding the risks, what some of the basic terms mean, and what you can do to protect yourself against them.
What is cyber security?
It seems that everything relies on computers and the internet now — communication (email, cellphones), entertainment (digital cable, mp3s), transportation (car engine systems, airplane navigation), shopping (online stores, credit cards), medicine (equipment, medical records), and the list goes on. How much of your daily life relies on computers? How much of your personal information is stored either on your own computer or on someone else's system?
Cyber security involves protecting that information by preventing, detecting, and responding to attacks.
What are the risks?
There are many risks, some more serious than others. Among these dangers are viruses erasing your entire system, someone breaking into your system and altering files, someone using your computer to attack others, or someone stealing your credit card information and making unauthorized purchases. Unfortunately, there's no 100% guarantee that even with the best precautions some of these things won't happen to you, but there are steps you can take to minimize the chances.
What can you do?
The first step in protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them.
Hacker, attacker, or intruder - These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain. Although their intentions are sometimes fairly benign and motivated solely by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting. The results can range from mere mischief (creating a virus with no intentionally negative impact) to malicious activity (stealing or altering information).
Malicious code - Malicious code, sometimes called malware, is a broad category that includes any code that could be used to attack your computer. Malicious code can have the following characteristics:
o It might require you to actually do something before it infects your computer. This action could be opening an email attachment or going to a particular web page.
o Some forms propagate without user intervention and typically start by exploiting a software vulnerability. Once the victim computer has been infected, the malicious code will attempt to find and infect other computers. This code can also propagate via email, websites, or network-based software.
o Some malicious code claims to be one thing while in fact doing something different behind the scenes. For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder.
Viruses and worms are examples of malicious code.
Vulnuerability - In most cases, vulnerabilities are caused by programming errors in software. Attackers might be able to take advantage of these errors to infect your computer, so it is important to apply updates or patches that address known vulnerabilities.
What to do: If you feel that you are not fully protected, call BDS for a full security assessment today!
Child-Proofing iPhone With New Browser
Prevent Exposure to Inappropriate Websites
InternetSafety.com calls on parents concerned about exposing their children to objectionable content on the Apple iPhone to combine Apple's new parental controls with a child-friendly iPhone browser like Safe Eyes Mobile.
Apple's new parental control settings allows parents to restrict movie, TV show, music, podcast and application access by user age, but it lacks the ability to prevent children from accessing inappropriate websites through the iPhone's Safari browser.
In the latest iPhone software release, parents can enable age restrictions in Settings -> General -> Restrictions. Movies, TV shows, music, podcasts and apps that have already been downloaded but fall outside the age range designated by parents, based on standard industry ratings for media as well as Apple's recently implemented age rating system for apps, disappear off the iPhone's home screen to prevent user access.
When the restrictions are turned off, the affected apps will reappear, permitting parents to share their iPhones with children without being forced to limit their own device usage to content suited for elementary or junior high age.
In addition, if parents have enabled age restrictions, the iPhone displays a warning about objectionable content if users attempt to download age-inappropriate content from the App Store.
October 14, 2009
Misleading Application
Threat Rank: MEDIUM
Who’s at Risk: Windows users and Removable Storage devices
What can you do: If you believe you have been infected, contact BDS immediately.
Type: Application
Name: SecurityTool
The program reports false or exaggerated system security threats on the computer.
SecurityTool is a misleading application that may give exaggerated reports of threats on the computer. Similar Security Risks
Name: SystemSecurity
Twitter an Emerging Terrorist Tool
The appeal of Twitter, the free social networking and micro-blogging service, is that it lets people stay in touch with their friends in pretty much real time.
That fun tool can also be put to nefarious uses, according to an addendum to the 304th Military Intelligence Battalion periodic newsletter, available on the Federation of American Scientists' (FAS) Web site.
The paper tracked some of the latest tactics terrorist groups use to organize and described some techniques that are emerging.
"The [Twitter] member can send Tweets (messages) near real time to Twitter cell phone groups and to their online Twitter social networking page.
Twitter members "can also mashup their Tweets with a variety of other tools including geo-coordinates and Google (NASDAQ: GOOG) Maps or other electronic files/artifacts. Members can direct and re-direct audience members to other Web sites and locations from 'Tweets' and can engage in rapid-fire group social interaction."
A nugget of truth
"Al-Qaida's younger generation has shown a surprising degree of sophistication in adopting emerging high-tech Western communications standards -- Internet Relay Chat, PalTalk, YouTube, MSN Chat, PGP Encryption -- in order to stay one step ahead of law enforcement and intelligence agencies," Even F. Kohlmann, senior terrorism consultant at the NEFA Foundation, told InternetNews.com by e-mail from Guantanamo Bay, where he is attending a military commissions trial.
October 6, 2009
Malicious Worm Threat found on USB Drives
Threat Rank: HIGH
Who’s at Risk: Windows users and Removable Storage devices
What to do: If you believe you have been infected, contact BDS immediately.
Info: Mal/AutoInf-A is a malicious file usually found on USB drives or other removable storage devices, such as iPods or memory cards for cameras. The presence of Mal/AutoInf-A is indicative a worm infection, since worms are the most common means for this malware to spread from one computer to another.
After copying malware to the removable device, the worm will then create a copy of itself on the device. When the infected removable device is connected to a computer with the 'auto insert notification' feature enabled—as it is by default—Windows will search the device's root directory for the presence of an autorun.inf file.
Once the worm starts running, it copies itself to Windows system folders. When a new removable storage device connects to the computer, the worm replicates itself in the method described above.
More INFO: In order effectively to remove all of the components of a Mal/AutoInf-A infection, you need to remove both the Mal/AutoInf-A file and the associated executable that created it. Removing Mal/AutoInf-A itself alone will not resolve the infection.
Good Files being found as Bad
Threat Rank: MEDIUM
Who’s at Risk: Anyone
What to do: If you believe you have been infected, contact BDS immediately.
Info: A packer is a tool that compresses or encrypts executable files. Malware authors often use packers to conceal threats from detection by antivirus software. Backdoor.Tidserv!gen detects a packer that is not known to be used for legitimate purposes.
If one or more files on your computer have been classified as having a Backdoor.Tidserv!gen threat, this indicates that the files have suspicious characteristics and therefore might contain a new or unknown threat. However, given the sensitive nature of this detection technology, it may occasionally identify non-malicious, legitimate software programs that also share these behavioral characteristics. Therefore, it is recommended that users manually check all files detected as Backdoor.Tidserv!gen by Symantec antivirus products for potential misidentification.
In rare cases where a legitimate file has been misidentified and subsequently quarantined, your computer may behave abnormally or you may find that one or more applications no longer function as expected.
Apr09
Jun09
Jul09
Aug09
Sep09
Oct09
Nov09
Dec09
Jan10
|
