Given the rise in smart phone usage over the past few years, QR (Quick Response) codes have increasingly become a popular tool for traditional retail outlets trying to connect with online audiences., with Village cinemas being just one of  a string of Australian businesses to adapt the technology recently.

Now that QR codes can now be found on flyers, websites, buses and billboards they have become a new target for cyber criminals – always looking to exploit the latest technology for their own gain. Malicious QR codes can easily be placed over legitimate QR codes using printed stickers for small and widespread attacks on your personal and financial details.

Not only could these savvy criminals target legitimate forms of advertising, but they could also easily distribute their own flyers and advertisements via guerrilla marketing techniques offering up enticing deals. It shouldn’t come as a surprise, cyber-criminals have been doing this for years in the form of email phishing campaigns. Just as with that form of attack, QR codes could send mobile web browsers to malicious websites to complete web forms and download malware, infecting your device or stealing your details for more sinister use.

Llyod Borrett, AVG security expert:

“You must think of your device as the being the powerful mobile computer it is. Take similar security precautions when out and about with your smartphone or tablet as you do when using a personal computer at home or work. Have always on, up-to-date security software installed on your device. And, always think through every action before you click on a bargain.”

 

“Our surveys show that the majority of people aren’t even password protecting their smartphone and tablet devices,” said Borrett. “Yet they need to be doing much more, including installing a good security solution like AVG Mobilation for Android. Then they will have protection in place that will check apps and web site content for malware should they be tricked into using a malicious QR code.”

For further information and security tips, see the AVG website.

Continue Reading

AVG (AU/NZ) knows there’s more to keeping a business safe than installing Internet security software alone; it’s about understanding the relevant internal and external threats.

Melbourne, 27 April 2011 – AVG (AU/NZ) Pty Ltd, the distributor of the award-winning AVG Anti-Virus and Internet Security software in Australia, New Zealand and South Pacific, has launched its latest weapon in the fight against corporate cyber crime, the AVG Online Security Audit.

The free Security Audit provides small to medium businesses (SMBs) with customised reports on their security needs. This quick and easy survey tool for small business owners will help them understand where they are today and recommend ways to protect themselves from the dangers of malware attack and Internet crime.

The Security Audit reviews how employees use the company’s and their own equipment -from computers and laptops to smartphones and USB sticks – and what policies are in place for the use of business and private hardware, plus access to social networking and other Internet usage.

AVG (AU/NZ) will then email the business a personalised audit report created from the information provided which identifies where the problems lie and recommended actions. The report can be converted to a printable PDF document for use in discussion with staff and the development of security strategies. AVG (AU/NZ) also provides links to a range of guides to assist businesses to bolster their security efforts.

AVG (AU/NZ) has identified five ‘doorways’ through which cyber criminals are spreading malware and accessing company data:

1. Social networks;
2. Instant messaging and spam chat;
3. Insider threats from employees;
4. Unsecured remote technologies used by staff; and
5. USBs and smartphones.

Lloyd Borrett, Security Evangelist for AVG (AU/NZ) Pty Ltd, says, “Keeping your business safe means far more than installing anti-virus or Internet security software alone; it’s about understanding the threats relevant to your business. The AVG Online Security Audit is the latest development in a series of resources that we’ve designed to help SMBs and stop them becoming easy targets for attack.”

An insight to the extent of the problem was revealed when 2,000 SMBs were surveyed in the US and UK for the “AVG SMB Market Landscape Report 2010“. More than half (52 per cent) had no IT security guidelines for their staff, while one in seven had no Internet security software or solutions in place at all. SMBs are becoming prime targets for cyber criminals, with the survey revealing at least one in four have already experienced a security breach.

The Online Security Audit has been added to AVG’s Business Resource Centre, a free online library of guides and tools that can help protect companies from identity theft, data breaches, online banking break-ins and other computer crimes. It includes the 11 page AVG Small Business Security Guide, which is an action template covering the establishment of policies through to the documentation of processes to secure workplace practices and technology use.

“We know SMBs are not experts in IT or the specifics of the ever changing security sector. They often cite lack of time as a reason for not looking into the issue of risk and protection. With the launch of this free AVG Online Security Audit we’re actively trying to make things easier for them to keep their businesses safe. It’s an invaluable tool for SMBs to get them started on the right track. While AVG focuses on protecting their business, they can focus on growing it,” Borrett said.

Businesses can access AVG’s Online Security Audit to get their tailored security plan at http://audit.avg.com.au/ or watch the “Discover AVG’s Online Security Audit” video on YouTube – see http://www.youtube.com/watch?v=TtyeT2JdmbU.

AVG (AU/NZ) has a comprehensive range of security tips on its web site at http://www.avg.com.au/resources/security-tips/. For video tips from AVG (AU/NZ), see http://www.youtube.com/user/avgaunz.

Continue Reading

Leading security software vendor McAfee has warned SMEs to implement measures that encrypt or give the ability to format (erease all data) smartphones and other mobile devices incase they are lost or stolen.

The warning comes of the back of  a report issued by the company revealing there were over 20 million new malware threats identified last year alone, many of which are specifically targeted towards mobile devices. The report also makes mention of the Zeus Trojan which successfully infected Bristish Goverment computer networks.

Cheif  Technology officer for McAfee Asia Pacific explains:

“You need to look at the risk profile of your devices. First of all, identify what you are doing on that device? What are you actually using it for?”.

“Then you can make a decision about adding security. The first thing I would recommend is that people look at securing the actual data on their device… but that doesn’t mean you have to have a next-generation security product on there.”

“The creators of the Zeus botnet repurposed an old version of a commercial spyware package. Android/Geinimi, a Trojan inserted into legitimate mobile applications and games for the Android platform, was one of the most important threats of the quarter.”

“But this is a scenario that made people stock and look at what was happening. It’s going to get to a situation where people decide they need to add protection to their phones because we’re seeing so much action in this space.”

“You need to make sure that you are using the inherent features of the device. Most smartphones come now with some sort of password identification, and you should configure that and make it strong. Few people actually leverage these features.”

“You also need to make sure that if the device is lost, the data that sits on that device is secure. That’s more important than anything else and is typically overlooked because it’s been so difficult.”

“This year was massive for us, and we’re seeing an average of 55,000 new threats every day. It puts significant strain on the security model people are using, on whatever device they are using.”

Continue Reading

Microsoft has issued a warning to the 900 million users of it’s Internet Explorer web browser admitting that they are at serious risk of having their PCs hacked and their private information stolen by attackers.

Microsoft has also confirmed that they haven’t developed a permanant patch for the exploit yet, however users are advised to apply a temporary fix that will prevent hackers from being able to exploit the vunerability and install malcious software (aka malware) which can infect a users PC simply by visiting a rouge of infected website.

According to Microsoft’s Angela Gunn “an attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicked that link, the malicious script would run on the user’s computer for the rest of the current Internet Explorer session”.

She went on to say that “such a script might collect user information (eg., email), spoof content displayed in the browser, or otherwise interfere with the user’s experience”.

Althought Mozilla Firefox and Google Crome have made inroads into the PC browser market, Microsoft’s Internet Explorer still remains the most widely used browser with over 50% marketshare.

For more information, visit the Official Microsoft blog post regarding this issue.

Continue Reading

According to the security company Dasient, over 1.3 million website host malware – a figure up from the previous quarter. The figures, which were released in the companies Q2 Malware Report had some pretty interesting findings:

• Malvertising campaigns usually begin on a weekend with IT staff are out of the office
• Attacks originating from Javascript are on the rise, with javascript injections up 19%
• IFRAME injectors have decreased 11%
• ASP pages are becoming popular targets from attackers

Dasient also released some figures on the top 3 ways websites get hacked:

Third-party widgets

A whopping 75% of all websites are using external Javascript widgets on their websites such as  embedded videos, polls and traffic analytics. Service providers are not immune to being comprimised and make good targets for attackers.

Third-party Advertising

Dasient says 42% of websites are serving up some kind of external advertising. When the adverts get compromised it’s referred to as “malvertising”. There have been some high profile cases, even here in Australia with popular eCommerce website DealsDirect.com.au infected with malware via advertisements back in March 2010.

Third-party applications

This last one is very common, and Dasient claims 91% of websites are using some kind of outdated web applications. These include Content Management Systems (CMS), blogging tools, CRMs, forums etc.

Continue Reading

Microsoft has announced the release of a 253 page ebook targeted at teenagers which aims to give greater understanding of Internet security topics.

An excerpt from the book:

“Braden is a typical 14-year-old. Over the past 6 months, he’s grown three inches, gained four shoe sizes, and eaten his way through nearly a ton of pizza. He’s also unintentionally trashed his family’s computer no less than 12 times. First, he down- loaded some cool emoticons to use with his IM messages. Those smiley faces came with embedded adware that overwhelmed him with pop-up ads and slowed down the speed of virtually everything. Then Braden installed a “free” video game that contained a Trojan program that let spammers in Russia take over his computer and use it to forward junk email. A few weeks later, Braden responded to what looked like a legitimate email asking him to confirm his Facebook login information…”

You can download the book in full or chapter-by-chapter on the Microsoft website: Own Your Space: Keep Yourself and Your Stuff Safe Online.

Continue Reading

Designed to aid users in preventing the spread of malware online, Threat Labs is a new portal service that will aggregate quantitive web threat detection data collected by AVG with data collected from the firms LinkScanner technology.

Rather than a replacement of existing software, Threat Labs will compliment existing software by giving users the opportunity to query a specific URL for more information. The unique tool is available to everyone and not limited to AVG customers. The software provides detailed statistics including a timeline, analysis of outbound links and a detection map.

“Web threats are constantly evolving and it is our mission to provide consumers with the resources they need to not be victims of Internet crimes,” said JR Smith, Chief Executive Officer of AVG Technologies. “What really excites me about Threat Labs is that it is all about what makes AVG a different security software company from our competitors because it is based on people powered protection. From the standard AV tools and malware detection, to more cutting edge resources like threat labs and our new social media tools, AVG is committed to a product line that is effective against the risks we understand today and the threats that are evolving as we speak.”

Continue Reading

Melbourne and Amsterdam, 13 August 2010 – It should go without saying that the best way to deal with malware is, of course, not to get infected in the first place.

Lloyd Borrett, Security Evangelist for AVG (AU/NZ) says, “Being aware of what products are being targeted by the bad guys may help you as well, so it may be useful to know that at the moment Adobe products are virtually the number one target across the world with millions of PCs being hit by infected Adobe PDFs. Others are being pwned via Adobe Flash ads via Facebook and other social media web sites.”

Attackers send a file that has malicious code embedded in it. Once the file is opened, the computer is infected, typically with some form of identity theft malware that then steals data.

The Adobe PDF and Adobe Flash browser plug-ins are also used in “drive-by download” attacks where malware is downloaded onto the PC while the user is surfing the web.

“Adobe products, just like Microsoft Windows and Microsoft Office, have near universal use on home and business computers making these applications prime targets for the bad guys,” Borrett continues. “Unfortunately, since the bad guys realised this and turned their attention to finding security holes in them, they have been very successful.”

Of course, the easiest way to avoid the risk of being compromised via these Adobe products is not to install them! However, this is virtually impossible for most home and business Internet users.

So if you must use Adobe Reader, then please take the time to secure it.

How to secure Adobe Reader

1. Open the Adobe Reader application and choose ‘Edit’ and then ‘Preferences’.
2. On the left you will see several different categories of options to modify.
3. Under the ‘JavaScript’ category there is a checkbox ‘Enable Acrobat JavaScript’. Make sure this checkbox is not ticked/selected so that you disable Adobe Reader’s ability to run dangerous JavaScript from a PDF.
4. Under the ‘Security’ category, to specify that digital signatures are handled securely make sure the ‘Verify signatures when the document is opened’ checkbox is ticked/selected.
5. Under the ‘Security (Enhanced)’ category, make sure the ‘Enable Enhanced Security’ checkbox is selected to help with data protection and privacy.
6. Under the ‘Trust Manager’ category we’d recommend you disable Acrobat’s ability to call external applications to handle non-PDF file attachments. So, after the ‘PDF File Attachments’ heading, make sure the ‘Allow opening of non-PDF file attachments with external applications’ checkbox is not ticked/selected.
7. Then click on ‘OK’ to exit changing the preferences.

Adobe is working to address the security vulnerabilities in its products, so it’s vital to make sure you regularly check for updates to Adobe Reader, Adobe Flash and other Adobe applications. Turn on the automatic updates so that your Adobe software stays up-to-date.

Borrett adds, “And also don’t forget to install a complete security suite solution like AVG Internet Security that will provide you with total protection as you work, shop, bank and play games online.”

AVG (AU/NZ) has a comprehensive range of security tips for home and business users on its web site at www.avg.com.au/resources/security-tips/.

Continue Reading

The Bad Guys of the Internet – Know Your Enemy

AVG (AU/NZ) helps home and business users understand who they need to protect themselves against

Melbourne, 5 August 2010 – Today, almost all computers are connected to the Internet. This means they’re connected to other computers – which involves risk.

We use our PCs for both work and play. We shop, bank and play games online – even when we’re at work – but we also work when we’re at home. The web is a research tool and an entertainment centre, letting us access music, movies, TV shows and much more. In doing so we store useful information, indeed even vital private and personal information, on our PCs.

Lloyd Borrett, Security Evangelist at AVG (AU/NZ) Pty Ltd, says: “Therefore, it is extremely important that you store your information properly and keep it secure. It’s also important that you protect your PCs from misuse, abuse and data loss. Why? Because there are bad guys out there and you don’t want them getting their hands on your information.

“Bad guys? Yes, it’s a term we Internet security people use frequently, but do you fully understand who the bad guys are? Before you can properly arm yourself against a security attack and/or breach by the bad guys, it helps if you know who to watch for so that you can put in place the proper layers of defence.”

There are actually quite a few unique categories of bad guys to look out for. They are variously referred to as hackers, crackers, script kiddies, cyber criminals, cyber spies, cyber extortionists, cyber activists, cyber terrorists, cyber warriors, and even unethical friends or staff. Technically a cyber crime is any intentional breach in computer security via the Internet, or some other illegal act facilitated by the Internet.

Know Your Enemy:

Hackers

In the early days of computers, “hackers” were white hat good guys who tried to do no harm and hacker was a benign term. Hackers illegally accessed computers to learn more about them, or to find security holes in the computer or the network to which it’s attached. They did nothing malicious, used their skills for good purposes and took pride in the quality of hacks that would leave no trace of an intrusion. Today’s white hat hackers are typically computer security experts, who specialise in penetration testing and other security testing methodologies to ensure that a company’s information systems are secure.

Crackers

During the early 1980s the lay of the land changed and we started to see the rise of “crackers”. This refers to a person who intentionally accesses a computer, or network of computers, for evil reasons – typically, with the intent of destroying and/or stealing information. Today these bad guy crackers are sometimes referred to as black hats, or mostly just hackers. Usually, both hackers and crackers have very advanced computer and networking skills allowing them to develop scripts or programs to help them attack computer systems and networks.

Script Kiddies

Hacking tools can sometimes fall into the hands of “script kiddies”, who often use them randomly and with little regard or perhaps even understanding of the potentially harmful consequences. These script kiddies usually have very limited computer skills and can be quite immature, trying to effect large numbers of attacks in order to obtain attention and notoriety.

Cyber Criminals

We typically use the term “cyber criminals” to describe those who use the Internet in illegal ways, or to facilitate illegal or fraudulent activities.

More specifically, cyber criminals are the people trying to put malware onto your system so that they can obtain valuable information such as credit card and bank account details, user names and passwords. This is identity theft and those responsible will either use the information to defraud someone, or sell it on to someone else who will.

Cyber criminals are also scammers and phishers who try to con you into giving them money. They might claim to need your help to transfer large amounts of money, or that you’ve won a prize in a lottery you never entered. Sometimes it’s the promise of an inheritance from a wealthy relative you’ve never heard of.

Some cyber criminals illegally distribute software, music, movies against copyright laws. They might even sell illegal forms of pornography. Typically their activities are entirely profit motivated, though in the cases of cyber bullying and cyber grooming the motivations lie elsewhere.

Not all cyber criminals have sophisticated computer and networking skills. Today, the vast majority of cyber criminals simply use the malicious tools and kits marketed for profit by those creating them.

In effect, most cyber criminals are simply up-to-date script kiddies, but now they’re motivated by profit, not notoriety. For about US$400, almost anyone can buy appropriate scripts and after about four hours of working through the instructions, be fully set up as a cyber criminal. Scary stuff.

Cyber Spies

People trying to illegally obtain information about companies or government organisations are known as “cyber spies”. Typically when the attack is against a business it is profit driven, while when it’s against government organisations it is espionage.

Cyber Extortionists

People who carry out blackmail via the Internet are “cyber extortionists”. For instance, threatening to release confidential information if an individual or company does not pay a large amount of money. Cyber extortionists may put in place a distributed denial of service attack (DDoS) against the web site or network of a business and demand payment to stop the attack. They might trick you into downloading and installing malware/scareware/scamware, for example rogue anti-virus software, and then demand payment in order for it to be removed.

Cyber Activists

Relatively new on the scene are “cyber activists” who use the Internet as a fast and cheap communications tool for their public movements. They may be involved in cause-related fundraising, community building, lobbying and organising public demonstrations. One example is Iranians using Twitter to organise mass protests in 2009.

Cyber Terrorists

Of course, one man’s freedom fighter is another man’s terrorist, so we also have “cyber terrorists”. These are cyber criminals who use the Internet to destroy computers or disrupt Internet-connected services for political reasons. Just like a regular terrorist attack, cyber terrorism typically requires highly skilled individuals, a lot of money to implement, and detailed planning. An example is when hundreds of DDoS attacks in 2007 virtually took down the Internet in Estonia.

Cyber Warriors

It seems that many countries, including the USA and China, have decided that the Internet is a valid tool to fight a war against their enemies. While the Internet can be used to greatly enhance military and economic power, it also presents a soft underbelly to present and future adversaries. Thus governments are recruiting and training “cyber warriors” to use the Internet for offensive attacks, and to protect us from such attacks by others. Sad, but true.

How to protect your business and yourself

Borrett says, “By going online, everyone is exposed to all these forms of bad guys. Thus it’s crucial for both businesses and individuals to keep their information secure so that the bad guys can’t gain access to it.”

Here’s some advice on how to stay safe online:

• Have up-to-date and properly configured Internet Security software on all the PCs you use, for example AVG Internet Security at home and AVG Internet Security Business Edition at work.
• Lock down desktop PCs, laptops and servers by limiting user privileges, eliminating unnecessary applications and having strong passwords. Giving up administrator privileges is a simple way to remove 90% of the risk of malware being able to install and run.
• Understand who might be looking to break through your defences and how they might go about doing it. Think like the bad guys. Hopefully the information we’ve provided here will help you to do this.”

AVG (AU/NZ) has a comprehensive range of security tips for home and business users on its web site at www.avg.com.au/resources/security-tips/.

Continue Reading