Throughout the last two years, scareware (fake security software), quickly emerged as the single most profitable monetization strategy for cybercriminals to take advantage of. Due to the aggressive advertising practices applied by the cybercrime gangs, thousands of users fall victim to the scam on a daily basis, with the gangs themselves earning hundreds of thousands of dollars in the process.

Not surprisingly, Q3 of 2009 was prone to mark the peak of the scareware business model, whose affiliate program revenue sharing scheme is not only attracting new cybercriminals due to its high pay-out rates, but also, is directly driving innovation within the cybercrime underground acting as a reliable financial incentive.

This end user-friendly guide aims to educate the Internet user on what scareware is, the risks posed by installing it, how it looks like, its delivery channels, and most importantly, how to recognize, avoid and report it to the security community taking into consideration the fact that 99% of the current releases rely on social engineering tactics.

What is scareware?
Basically, scareware, also known as rogueware or put in simple terms, fake security software, is a legitimately looking application that is delivered to the end user through illegal traffic acquisition tactics starting from compromised web sites (Sony PlayStation’s site SQL injected, redirecting to rogue security software), malvertising (MSN Norway serving Flash exploits through malvertising; Fake Antivirus XP pops-up at Cleveland.com; Scareware pops-up at FoxNews; Ukrainian “Fan Club” Features Malvertisement at NYTimes.com), or blackhat search engine optimization (9/11 related keywords hijacked to serve scareware; The most dangerous celebrities to search for in 2009; The Web’s most dangerous keywords to search for), to ultimately attempt to trick the user into believing their computer is already infected with malware, and that purchasing the application will help them get rid of it.

Upon execution, certain scareware releases will not only prevent legitimate security software from loading, but it will also prevent it from reaching its update locations in an attempt to ensure that the end user will not be able to get the latest signatures database. Moreover, it will also attempt to make its removal a time-consuming process by blocking system tools and third-party applications from executing.

There have also been cases where scareware with elements of ransomware has been encrypting an infected user’s files, demanding a purchase in order to decrypt them, as well as a single reported incident where a scareware domains was also embedded with client-side exploits.

Share on Facebook

You know about the big players in the AV field — but a number of lesser-known tools may serve your needs as well (or even better).

Viruses come and go. Some of them are simply annoyances, but others are nasty little bits of malicious single-minded code that want to take down your machine or take away your data. Fortunately, there are plenty of tools out there that can help you deal with the problem. Some of those tools are well known: Symantec, McAfee, Norton. But you can also find tools that will serve you at a fraction of the cost or a fraction of the CPU processes.

I’m going to introduce you to some of these lesser-known antivirus tools. In the end, you will have more tools for your toolkit than you ever though you would have… all of which are ready to immunize you from machine-crushing code.

1: BitDefender
BitDefender is one of my favorites on the list. Why? Because it has one of the best graphical virus tools available for the Linux operating system. Of course it doesn’t offer just a Linux solution. BitDefender offers antivirus for both Linux and Windows, as well as for various server installations. In fact, BitDefender has solutions for mail servers, Samba servers, desktops, and much more.

2: Avira Antivir
Avira Antivir has, in many cases, found viruses where others have not. One of my favorite uses for this solution is to slap it on a Linux machine (the Linux version is command-line based, but does have a GUI if you prefer), attach an infected Windows drive externally, and run Avira on that drive. Much like BitDefender, Avira will find viruses many other solutions won’t find. And because it is mostly command line, it is also quite a bit faster than other tools.

3: ClamAV
ClamAV is mostly a mail server antivirus for Linux, but it does a bang-up job. If you’re hosting a Linux-based mail server, you will want to include ClamAV on it; otherwise, you risk winding up spreading the love of viruses around the globe.

4: Avast
Avast is not as much a wallflower as the other tools, but it certainly has never been crowned Prom Queen. It’s an outstanding tool that offers a lot of options many other tools over look. One of my favorite aspects of Avast is the built-in rootkit check. You can’t go wrong when you know your antivirus is keeping you safe from rootkits.

5: rkhunter
rkhunter is not so much an antivirus tool as it is an anti-rootkit tool. If you’ve never come across a rootkit on a machine, consider yourself lucky. Very lucky. Rootkits are the Mac Daddy of viruses. And if your current antivirus solution doesn’t protect you from rootkits, either add a rootkit protection tool on your system or uninstall and install one that does!

6: Dr.Web CureIt!
Dr.Web CureIt! is an interesting tool in that it requires no installation. It’s a simple binary file that, when double-clicked, will execute and scan your machine. The only drawback is that to get the latest definitions, you have to re-download the tool and use the newest version. But how easy would this tool be to use as a portable virus scanner?

7: ESET Smart Security
ESET Smart Security is from the makers of the NOD32 Antivirus tool that has been around for quite some time. ESET sets itself apart by being an antivirus and a firewall in one. But the firewall isn’t just a standard firewall. It’s a “learning firewall,” in that it observes how its users use the network and, theoretically, adapts to that usage. ESET also protects you from removable data and from viruses that attempt to disable your antivirus protection.

8: ZoneAlarm
ZoneAlarm is an antivirus tool that offers something others do not — DataLock. The DataLock portion of ZoneAlarm uses encryption on your hard drive so that it is readable only by those with the encryption key. DataLock also offers pre-boot authentication so that unauthorized users can’t even boot your machine. Yes, these features can be added from the BIOS or from other tools, but with ZoneAlarm, you have antivirus, encryption, and boot authentication all in one.

9: iAntiVirus
iAntiVirus is for — you guessed it — Mac. Like Linux, nothing is immune (no matter how much the media and the PR say it is). And that beautiful new Mac you bought can use protection as well as that new quad-core Windows 7 machine. iAntiVirus is as inherently Mac as you will ever find in an antivirus tool. Not only is it user-friendly, it has that same Mac interface that everyone has grown to love (or hate). And what’s best, iAntiVirus works like any other antivirus software you have ever used — only it does so on a Mac. So it must be better.

10: Microsoft Security Essentials
Microsoft Security Essentials has to be on this list. After all, it wouldn’t be fair of me to highlight inherently Linux and Mac tools without offering the Windows equivalent. What is really surprising about this antivirus protection is that it is free AND produced by Microsoft. Those two don’t usually go hand in hand. If you want free virus protection, and you want something that will seamlessly integrate with Windows, Security Essentials is your best bet.

Share on Facebook

Microsoft has launched “Fix It” software that keeps an eye on a PC and automatically repairs common faults.

The software basically adds the automatic diagnostics system in Windows 7 to older versions of Microsoft’s operating system.

The software, currently available as a trial or beta version, is intended for users of Windows XP and Vista.

The package also tries to anticipate how security updates will affect a PC before they are installed.

Once installed, the software gets updates about known issues with Windows or any connected devices, and regularly checks to see if a host machine has fallen victim. Once fixes become available it will tell users they are ready or attempt to apply them.

The software has onboard fixes for about 300 of the most widely encountered problems that stop Windows working as it should.

The software also maintains a list of the hardware and software on a machine so if the automatic fix does not solve a problem, it will be able to help users supply detailed information to Microsoft’s support staff about what has gone wrong.

Those signing up and downloading the Fix It software can use it on several different machines.

The free software can be downloaded from Microsoft’s support pages. Windows XP users wanting to use it must have Service Pack 3 for the operating system installed.

The Fix It service began in late 2008, when Microsoft began using the logo to highlight automatic fixes on its support pages that dealt with very common problems.

Anyone clicking on the logo kicked off a download that tried to fix that problem automatically.

Microsoft, like many other software firms, has built a vast database of faults and problems as technology built into Windows reports back about crashes and other bugs that machines encounter.

Share on Facebook

A cyber-espionage group based in southwest China stole documents from the Indian Defence Ministry and emails from the Dalai Lama’s office, a group of Canadian researchers said in a report released on Tuesday.

The cyberspies used popular online services, including Twitter, Google’s Google Groups and Yahoo mail, to access infected computers, ultimately directing them to communicate with command and control servers in China, according to the report, “Shadows in the Cloud”. “We have no evidence in this report of the involvement of the People’s Republic of China (PRC) or any other government in the Shadow network,” wrote the authors, who are researchers based at the University of Toronto’s Munk School of Global Affairs. “But an important question to be entertained is whether the PRC will take action to shut the Shadow network down.” They concluded the network was likely run by individuals with connections to the Chinese criminal underworld, and information might have been passed to branches of the Chinese government. “I don’t know what evidence these people have, or what their motives are,” Chinese Foreign Ministry spokeswoman Jiang Yu said, in response to questions about the report. She added that China could investigate if it were provided with evidence. “Our policy is very clear. We resolutely oppose all Internet crime, including hacking.” Stolen documents recovered by the researchers contained sensitive information taken from India’s National Security Council Secretariat, the group said. They included secret assessments of India’s security situation in its northeastern states bordering Tibet, Bangladesh and Myanmar, as well as insurgencies by Maoists. Confidential information taken from Indian embassies include assessments of Indian relations with West Africa, Russia, former Soviet republics and the Middle East, it said. Information supplied by visa-seekers to the Indian embassy in Afghanistan and the Indian and Pakistani embassies in the United States were also compromised, the report said. “We have heard about the hacking report and the concerned department is looking into the case,” said Sitanshu Kar, spokesman for the Indian Defence Ministry.

A year ago, the same researchers described a systematic cyber-infiltration of the Tibetan government-in-exile, which they dubbed GhostNet. Some of the command and control centres listed in the GhostNet report went offline, the researchers said, but provided leads for the latest investigation. Domains used in both attacks resolved to an IP address in Chongqing, a large city in southwest China, while addresses in the nearby city of Chengdu were used to control Yahoo Mail accounts used in the attacks, the report said. The report traced part of the network to individuals in Chengdu who are graduates of the University of Electronic Science and Technology of China and alleged to have links with the Chinese hacking community. Attacks using social engineering to gain trust and access have garnered more attention since Google announced in January that it, along with more than 20 other companies, had suffered a hacking attack out of China. Google ultimately withdrew its Chinese-language search service from the mainland. The cyberspies managed to penetrate a circle of individuals with knowledge of Indian military projects, as well as acquiring information about military engineering projects, the report said. A U.N. commission based in Thailand was also compromised. The data gathered by the researchers showed that security breaches in one group can result in the theft of confidential information from another organisation, a factor that makes it hard to distinguish the ultimate purpose of the cyberspying. The researchers said the capture of the emails from the Dalai Lama’s office allowed the spies to track who might be contacting the Tibetan spiritual leader, who China accuses of seeking Tibetan independence.

Share on Facebook

Are you downloading your favourite game or a particular application that allows you to share pictures, videos and information? These days, we have various gaming applications and individual developers coming out with unique and interesting downloadable applications. But, you need to make sure you are not inviting virus to disrupt your mobile handset. You should know that Internet/ mobile applications, if certified, can be trusted; if not, they can hamper your mobile data.

Worms, trojans, viruses and hackers – they not just threaten for your home PC or laptop anymore. As per Trend Micro, an Internet security firm, cyber crooks are on their way into your pocket. The popularity of smartphones like the Blackberry, iPhone and the emerging Droid is on a boom and that’s making them a lucrative target for cyber crooks to cause mischief.

The possibility of someone hacking cellphone became public knowledge when Paris Hilton’s mobile was hacked. Unfortunately for her, numbers of all her celebrity friends were also placed on the Internet – resulting in a barrage of calls to each of them. This was one of the highlighted cases of phone hacking through extracting personal information from the mobile handset.

The ingenuity of cyber criminals to come up with new social engineering angles seems endless. Mobile worms and viruses are similar to those that infect PCs. An unsuspecting user can be tricked into installing a harmless-looking file that infects a device and seeks additional mobile phones to target, often disrupting the phone’s operations.

What can a mobile hacker do? There are quite a number of things that can be done by the mobile hacker. Depending on intent, their main targets are:

Steal your number: Your phone number can be accessed and obtained by hacking. This allows them to make calls and have it charged on your account.

Extract your information: Mobile hacking allows a hacker to contact your cellphone, without your knowledge, and to download your addresses and other information you might have on your phone. Many hackers are not content to just getting your information. Some will even change all your phone numbers! Be sure that you keep a backup of your information somewhere. All you have to do is to ensure that the handset is malware-protected. Here are some quick and easy points a user should keep in mind when downloading applications on mobile phones.

First, identify the source from where you are downloading the application. A general community site that does not have any face is not contactable. For example, download.com is the worst place to get the software from. You can download applications like our P2P software on your mobile.

Check the software for security certificates. Try not to use any unsigned application. These are third-party signatures from Verisign, Symbian and Sun. Absence of any trusted signature can make the application very dangerous. The only warning that you will get is when you install and load the application. So, go for trusted applications.

Once the signature is there, visit the company site to verify application that you have downloaded. Check for warnings, known bugs and the functions that it would provide. This may help you understand the resources the application will take, such as memory, CPU, etc. Applications like file share, Voip, etc use some core OS functionality. In case of a bug, such an application can disrupt other functionalities of the phone.

Social media-based applications that download the files can also bring in a virus-infected file to your handset. In such a case, one should have some anti-virus software installed in the system or the application should check for MIME-type before it allows the download of the content. But, make sure that you protect your handset with anti-virus software to ensure that even if by chance you have downloaded a non-trusted application, security solution providers like Trend Micro or McAfee have anti-virus solutions for you.

Check for your data plan before you start to use an application that uses some sort of data transfers. An application like mBit p2p can generate huge data transfers. The user is advised to get in touch with the customer care to identify an appropriate plan for it. The user can tell the customer support about the desired application and an appropriate plan for the same.

Follow these simple steps and you’ll ahve a happy downloading session. So, treat your smart phones like your laptops or computers, and not a landline phone.

Share on Facebook