Anti-Malware

The popular open source ecommerce web application osCommerce has been the target of a widespread malware attack, with security experts estimated the number of websites infected at close to 5 million.

Cyber criminals are exploiting a vulnerability in the shopping cart software to install malicious software that attempts to install itself on users computers when they visit an infected site. Since the attack was first identified by security firm Armorize, Google searches show that the number of infected sites in the index has grown from 90,000 to just under 5 million infected web pages.

Exploiting numerous security flaws in osCommerce, attackers residing in the Ukraine are inserting iframes into the unpatched online stores that secretly redirect visitors to the infected files. The infected files are being hosting on the domain names willysy.com and exero.eu. Not surprisingly, those two domains also attempt to exploit several Microsoft Windows vulnerabilities.

If you’re a website owner running osCommerce, it’s suggested that you immediately patch your software using the instructions provided by Armorize here and the osCommerce community here.

Continue Reading

Given the rise in smart phone usage over the past few years, QR (Quick Response) codes have increasingly become a popular tool for traditional retail outlets trying to connect with online audiences., with Village cinemas being just one of  a string of Australian businesses to adapt the technology recently.

Now that QR codes can now be found on flyers, websites, buses and billboards they have become a new target for cyber criminals – always looking to exploit the latest technology for their own gain. Malicious QR codes can easily be placed over legitimate QR codes using printed stickers for small and widespread attacks on your personal and financial details.

Not only could these savvy criminals target legitimate forms of advertising, but they could also easily distribute their own flyers and advertisements via guerrilla marketing techniques offering up enticing deals. It shouldn’t come as a surprise, cyber-criminals have been doing this for years in the form of email phishing campaigns. Just as with that form of attack, QR codes could send mobile web browsers to malicious websites to complete web forms and download malware, infecting your device or stealing your details for more sinister use.

Llyod Borrett, AVG security expert:

“You must think of your device as the being the powerful mobile computer it is. Take similar security precautions when out and about with your smartphone or tablet as you do when using a personal computer at home or work. Have always on, up-to-date security software installed on your device. And, always think through every action before you click on a bargain.”

 

“Our surveys show that the majority of people aren’t even password protecting their smartphone and tablet devices,” said Borrett. “Yet they need to be doing much more, including installing a good security solution like AVG Mobilation for Android. Then they will have protection in place that will check apps and web site content for malware should they be tricked into using a malicious QR code.”

For further information and security tips, see the AVG website.

Continue Reading

Leading internet security software vendor AVG has issued a warning following a new spear phishing email compaign by cyber-criminals pretending to be from the Australian Tax Office offering quick refunds.

According to AVG, nearly 20% (or 2.4 million) Australian tax payers use the eTax software to submit their tax returns each year, providing a new target for internet savvy criminals.

The ATO does indeed send out emails and SMS text messages for it’s service alerts, but they would never request confirmation, update or disclosure of sensitive personal details. Users should treat any links in emails from the ATO as suspicious and always check the URL when opening these links.

According to AVG security export Lloyd Borrett:

“Today, electronic communication is the norm, but it’s important not to let your guard down. In upcoming months, when the prospect of tax refunds is on everyone’s mind, be alert to e-mails and phone calls about money owed to you by the ATO or the need to recalculate your tax.”

 

“Think about all the information included in your tax return – your tax file number, details of investments, retirement accounts, employment, property you own, even your children’s childcare. In the hands of cyber criminals, your identity and more could be at risk.”

AVG has offered the following advice for individuals filing their own tax returns:

• Always open your E-tax filing directly from the ATO’s site www.ato.gov.au, never click through from an e-mail invitation.
• Always use a secure and trusted Wi-Fi or Ethernet connection – While you could file your taxes using your smartphone or laptop from the neighbourhood coffee shop or the airport, simply don’t. File from home or the office where you have a firewall in place and Internet security installed.
• Update your computer’s anti-virus software – New online threats are discovered every day. The first line of defence against these attacks is an up-to-date anti-virus program on your computer or smartphone. Before you start compiling your documentation, run an update on your PC and phone’s security software to ensure you’re fully protected, or download free protection from trusted sites such as www.freeantivirussoftware.com.au
• E-mail over fax – If you’re compiling information with your tax agent or family members from multiple locations, think twice before faxing sensitive materials. E-mail is far more secure, especially if sent and received via a secure Wi-Fi or Ethernet connection and a computer with up-to-date antivirus software. Also ensure you delete those files from your e-mail server once you’ve filed your return.
• If you receive suspect communication from “the ATO”, do not click on any links in an e-mail or answer phone questions. You can report unsolicited e-mails claiming to be from the Australian Tax Office by forwarding the entire email to ReportEmailFraud@ato.gov.au. Keep an eye on the ATO’s security page and the Government’s Stay Smart Online Alert Service for the latest tax related scams.

Continue Reading

A 50,000 surge in Android Market applications in the last year has taken the total number of apps to over 200,000 but has come at a cost – the huge growth has brought with greater attention from cyber criminals with a sharp rise in malicious apps designed to steal user data appearing.

Since the middle of last year there has been a 400% increase in the detection rate of malware on the Google Android platfom, leading to several Android antivirus programs being released onto the market. Some have blamed the open source nature of the Android platform for these figures compared to Apple’s heavily moderated iTunes App store.

These figures were released during a recent mobile security study by Juniper Networks which concluded that the Android Market was the largest distribution network of malware on mobile devices. One particular Android app called DroidDream has been blamed for infecting up to 50,000 Android users before Google could remove the rouge app.

Security firms AVG and Webroot have recently released free and paid versions of their mobile security programs, with software specifically for the Android operating system.

Continue Reading

The FBI has warned computer users worldwide to be on the lookout for unsolicited emails that claim to show video footage or photos of Osama bin Laden being killed. The death of Osama bin Laden has whipped the online world into a frenzy, and had provided cyber criminals the perfect vessel to launch attacks.

Any such email may contain malware of other form of viruses that well infect your computer and attempt to steal personal information from it.

The FBI also urged users to adjust their privacy settings on social media sites like Facebook to prevent the spread of the fake material.

Internet security firm Trend Micro has reported that since the death of Osama bin Laden a new record in tweets per second has been created – a whopping 3,440 tweets per second which peaked upwards to over 5,000 tweets per seconds, making it the highest rate of sustained tweeting on record. The have also issued a warning over malware that they have found:

It is no longer surprising to see peaks in social media activity due to the occurrence of global events. Nor is it surprising to see how fast cybercriminals leverage newsworthy events as social engineering ploys. The same trend was seen with the recent Japan earthquake. We saw a series of attacks that all took advantage of the disastrous event.

 

An event as big as the death of a globally known terrorist will definitely not go unnoticed and will certainly be used in cybercriminal attacks. We can expect several attacks to leverage this emotionally charged development. In fact, within hours after the announcement, we already saw blackhat search engine optimization (SEO) attacks spread FAKEAV variants. We also saw attacks targeting social network users, particularly in Facebook, through pages that claim to contain videos showing footages of Osama bin Laden’s death.

 

Facebook was, however, not the only means cybercriminals used, as we came across spammed messages telling recipients about a video that supposedly disproves Obama’s announcement of bin Laden’s death. The URL embedded in the sample email message is now inaccessible though there may be other variants of the said message in the wild. These can lead to either malware download or phishing sites.

 

Read more on the TrendLabs blog.

Continue Reading

A whopping 77 million Sony PlayStation customers have had their personal details and potentially financial information put at risk due to a hacking attack against the Japanese technology manufacturer Sony.

Sony has been widely criticised for delaying notification of the attack to it’s customers, with the incident occurring on the 17th of April and word only coming out of Sony yesterday (27th April). As we pointed out during the Epsilon security breach, there are no laws that force companies to tell their customers of such a breach – in the wake of these two incidents I dare say this needs to be reviewed as a matter of urgency.

It is believed that only personal details such as customer’s name, email and address have been stolen, however Sony has said it cannot rule out that credit card details have also been affected. Leading security experts have pointed out that cyber criminals could now use the stolen information to steal customer’s identities and acquire new credit cards at financial institutions.

Continue Reading

CBS news is reporting that the US Secret Service is investigating a serious security breach a Epsilon, a company that provides email and data services to over 2,500 client worldwide including major corporations such as Dell, TiVO, Verizon, CitiBank, Target, BestBuy, Barclays and JP Morgan Chase.

Epsilon reportedly sends out an estimated 40 billion emails a year for their clients, so this breach is sure to turn a few heads. No credit card or banking details are said to be affected. As there are no laws to enforce Australian companies to disclose these types of security breaches, many Australians may not even now that they are effected so we should all be on the look out for suspicious emails.

Remember most companies will never ask for your user name, password or banking details via email and always check the URL in the browser address bar when entering log in details from links originating for email. And as always make sure you have updated versions of antivirus software running on your computer.

A list of companies that has disclosed this breach can be found here. Dell Australia is one of the companies known to be affected, and a customer of theres I received this email last night:

An Important Message from Dell Australia

Dell’s global email service provider, Epsilon, recently informed us that their email system was exposed to unauthorised entry. As a result, your email address, and your first name and last name may have been accessed by an unauthorised party. Epsilon took immediate action to close the vulnerability and notify US law enforcement officials.

Whilst no credit card, banking or other personally identifiable information was involved, we felt it was important to let you know that your email address may have been accessed. While we hope that you will not be affected, we recommend that you be alert to suspicious emails requesting your personal information.

To help protect your personal information online we recommend that you do not provide any sensitive information through email, or open emails from senders you do not know. Dell will never ask for your financial information through email.

Dell takes its commitment to protecting customer data very seriously and has notified the Australian Privacy Commissioner and ACMA (Australian Communications and Media Authority). Dell continues to work closely with regulatory bodies and manage customer concerns.

We sincerely regret that this incident has taken place and we will continue to work with Epsilon to ensure that all appropriate measures are taken to protect your personal information.

Please contact us at anz_cust_serv@dell.com should you have any questions.

Sincerely

Deborah Harrigan
Dell Consumer and Small Business Executive Director
Dell Australia Pty Limited

Continue Reading

Mobile Applications installed on Google Android phones that are infected with Malware have managed to make there way onto some users phones via the Android Market, prompted internet search giant Google to remotely activate a ‘kill switch’ that allows them to remotely destroy the apps in question.

Malware threats on mobile devices are a growing concern in the telecommunications industry, with a increasing number of threats being geared specifically towards the Android mobile operating system.

Google has claimed in a blog post that the applications where removed within minutes, and has now taken further action to prevent these attacks occuring in the future. For the post:

“We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications”

“You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.”

Google says the the kill switch feature has been available to them since 2008, but was only used for the first time in June 2010 on two apps.

Continue Reading

Microsoft has issued a warning to the 900 million users of it’s Internet Explorer web browser admitting that they are at serious risk of having their PCs hacked and their private information stolen by attackers.

Microsoft has also confirmed that they haven’t developed a permanant patch for the exploit yet, however users are advised to apply a temporary fix that will prevent hackers from being able to exploit the vunerability and install malcious software (aka malware) which can infect a users PC simply by visiting a rouge of infected website.

According to Microsoft’s Angela Gunn “an attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicked that link, the malicious script would run on the user’s computer for the rest of the current Internet Explorer session”.

She went on to say that “such a script might collect user information (eg., email), spoof content displayed in the browser, or otherwise interfere with the user’s experience”.

Althought Mozilla Firefox and Google Crome have made inroads into the PC browser market, Microsoft’s Internet Explorer still remains the most widely used browser with over 50% marketshare.

For more information, visit the Official Microsoft blog post regarding this issue.

Continue Reading

Continue Reading