Facebook worm poses as two blonde women

Yet another attack on Facebook.

If you're a Facebook user be on your guard against the latest worm reportedly spreading on the system.
First identified by Danish security researchers at CSIS, the worm appears to have been spread via malicious links on the social networking site.
The danger, of course, is that one of your Facebook friends may have had their account compromised (maybe they were sloppy with their password security, or gave access to a rogue application) and you might be tempted into clicking on a link seemingly posted by them.
Although the links pretend to point to an image, the truth is that a malicious screensaver is lurking behind an icon of two blonde women:

When the code is run it attempts to download futher malware hosted on a compromised Israeli website.
At the time of writing, the malware is not present on the Israeli website (all that remains is a message seemingly from the hackers), but it is very possible that they are using additional websites to spread their malware attack.

Sophos products detect the malware as the Troj/Dloadr-DKK Trojan horse. If your PC becomes infected it is possible that you also have other malware on your computer, some of which may attempt to steal your banking information or compromise your PC in other ways.
Make sure that you keep informed about the latest malware attacks, scams and other threats on Facebook. Join the Sophos page on Facebook, where over 150,000 people regularly share information on threats and discuss the latest security news.

Here is a link to the full story:
http://nakedsecurity.sophos.com/2011/11/29/facebook-worm-two-blonde-women/

Read More

The 10 best smartphones of the season

For those of you looking for the latest and greatest smartphones this Christmas, here is a link to the 10 best.

 http://www.msnbc.msn.com/id/45421401/ns/technology_and_science-tech_and_gadgets/

Read More

Facebook scam threatens to delete your account.

Here is a link to the latest attack on Facebook and your security.

http://technolog.msnbc.msn.com/_news/2011/11/23/8980543-facebook-scam-threatens-to-delete-your-account

It appears that the perpetrators of this phishing scheme threaten to delete users' Facebook accounts unless they hand over various account details within 24 hours.

Hope you find this article useful and as always: Safe computing.

Read More

How do you get infected with malware?

The answer to the above question is: Social engineering!

Several people have asked me this very question, so to you guys, here is your answer.
For the rest of you, here is some information to keep you safe from malware.

"As the malware landscape evolves, it's helpful to understand how malware gets onto your machine. Knowing the bad guys' strategies gives you the edge while on-line and puts you in a stronger position to defend your data and PC against compromising threats.

We all know that we should install anti-malware software, keep it up to date and run regular scans, apply Windows and application security patches when they become available, use a firewall... well, I won't bore you - you know what to do. But what kind of attacks can we expect and where are they coming from?

It's good to have defences in place to keep your PC secure in the event of an attempted malware infection but having advance warning of the enemy's tactics can help you avoid getting into tricky situations in the first place.

The most common way malware gets onto your system is via the biggest security risk on any computer system - between the chair and the keyboard. According to Microsoft's recently published Security Intelligence Report, almost 45% of infections stem from the malware writer using various social engineering tactics to persuade the user to take some kind of action that results in the user running a malicious file, thereby infecting their own machine.

This means that the malware writer doesn't have to spend time thinking of complex and ingenious ways to infiltrate your machine – they just have to present you with a credible reason to install and run their program.

Compare this idea to a street crime: imagine if someone said they were conducting a survey called “Are Modern Wallets Too Heavy?” and asked to check how much your wallet weighs. Instead of seeing it for the risk that it is, you give them your wallet, PIN number and for good measure, your mobile phone, then punch yourself in the face and hail a taxi for them to make a getaway.

That's a pretty extreme illustration but the point is that you would recognise this as a potential threat and walk away. Most people are unlikely to intentionally install malware on their machine, but if the malware employs a social engineering technique to make it appear credible, you could find yourself in trouble.

A common technique is to prey upon user's fear. People can be easily persuaded if you frighten them. The media frequently reports on cyber-crime and as we mentioned before, we're all aware of the need for an anti-malware program. Bad guys have taken full advantage of this and unleashed hundreds of legitimate looking security applications, that scan your machine then present you with a lot of scary, non-existent infections then try to trick you into buying the software to remove the infection. The best way to avoid this is to use a reputable anti-malware application like Malwarebytes.

Another common tactic is to lure the user into installing an application that will allow them to watch a video, but predictably that application turns out to be malware. Big surprise, no? To a lot of people, it is.

If you are in doubt about an application you have downloaded, you can scan it with Malwarebytes but a cool trick is to upload the file to Virus Total which will give you information about which anti-malware companies detect the file. If you see a lot of hits, it's more than likely malware and you should delete it.

For more information, check the United States Computer Emergency Readiness Team (US-CERT) guide for avoiding social engineering attacks."

Information from Lavasoft News.

Read More