Taking spot in BitDefender’s monthly hall of shame is the malware Trojan.AutorunInf.Gen.

BitDefender, a company which produces anti-malware security solutions, produces a monthly e-threat report in which it lists the latest malware baddies.

And top throughout February was the Trojan.AutorunInf.Gen which is what’s known as a generic mechanism which uses removable devices – including external hard-disks, memory cards and flash drives – to spread malware between devices.

Removable devices are the theme of BitDefender’s February e-report and they warn against the ease by which these handy aids can be compromised. Indeed, say BitDefender, they are responsible for around 9% of global infections.

Catalin Cosoi, BitDefender’s senior researcher, said:
“External devices should be scanned on a regular basis. This safe practice should be used especially when these devices have been plugged into library computers, copy shops, and other public locations that are known to be likely sources of infection.”

Conficker, or Kido, or to give its correct title, Win32.Worm.Downadup.Gen, is proving very resilient, appearing regularly in the nasties line-up.

Catalin Cosoi, BitDefender’s senior researcher, added:
“The continuous presence of Win32.Worm.Downadup.Gen — also known as Conficker or Kido — in our monthly e-threat lists proves most users are reluctant to update their operating system and locally-installed antimalware solution, in addition to installing the security fixes issued by Microsoft more than a year ago. Newer variants of the worm also install rogue antivirus applications, amongst others.”

Coming third and fourth in the list is to gain access to a computer via manipulated PDF files and various vulnerabilities found in the Adobe PDF Reader JavaScript engine. Once they have compromised a computer, malicious code is then executed from the ‘dirty’ machine.

The complete list is made up of:

1. Trojan.AutorunINF.Gen 9.09
2. Win32.Worm.Downadup.Gen 6.24
3. Exploit.PDF-JS.Gen 5.13
4. Exploit.PDF-Payload.Gen 4.21
5. Trojan.Wimad.Gen.1 3.37
6. Win32.Sality.OG 2.77
7. Trojan.Autorun.AET 1.92
8. Worm.Autorun.VHG 1.85
9. Exploit.Comele.A 1.48
10. Trojan.SWF.HeapSpray.B 1.40

BitDefender was particularly keen to highlight the invidious threat called Trojan.Wimad.Gen.1, sitting at number five. This is one Trojan that likes to hide in favourite downloadable television series and movies.

Guest Article by Neil Camp

As people rely on ever more complicated smartphones, it’s clear the information on a lost, or stolen phone, could be used for nefarious means and to combat this, F-Secure has launched F-Secure Anti-Theft for Mobile. Now days it is not just your computer that needs the best pc protection software.

It’s a stand-alone smartphone solution which has at its core three security solutions: remote locking, remote wipe and theft control.

F-Secure Anti-Theft for Mobile serves both the Symbian and Windows phone platforms.

The remote lock function works by a single SMS message which quickly locks the smartphone once it’s loss is discovered. The remote wipe function works in the same way, via one quick SMS message, but it instantly erases all the data on the phone. The theft control function comes into play if someone tries to change the SIM card. It locks the device and informs the registered owner of the new number.

Arnoud de Vaal, Director at F-Secure’s Mobile Business Unit, said:
“You carry your smartphone with you where ever you go, which means it can be particularly prone to being lost or stolen. Nowadays our mobiles contain a great deal of personal and confidential data that need protection. F-Secure’s standalone anti-theft software provides an easy and affordable way to make sure this information is not misused by anyone.”

F-Secure Anti-Theft for Mobile is an upgrade to the existing F-Secure Mobile Security and can be activated using the inbuilt automatic upgrade system and purchased for a fee.

Guest Article by Neil Camp

McAfee has just announced its latest Email and Web security Appliance, version 5.5, which is designed to protect small and midsized businesses against the latest email and web-borne threats, manage Web and email traffic and usage, and reduce system administration requirements. And all this in a single, integrated appliance.

The McAfee Email and Web security Appliance 5.5 has a number of new features and functionality.

First and foremost is Artemis and TrustedSource™ Technology Integration. This is the first time that this application will utilise links to global threat intelligence from its Artemis and TrustedSource technologies. This believes McAfee is the most precise and comprehensive threat intelligence system in the world.

Second up is Appliance Clustering with Load Balancing. This means that multiple appliances can be clustered to share scanning responsibilities for improved resiliency, scalability, and consolidated management and reporting.

Third on the list is Simplified Installation. Very important in reducing installation time and for improving overall user experience, auto-detect network settings provides an easy to use configuration wizard.

Fourth are new Content Policy Wizards. This facility simplifies the creation and set up of content policies through the new configuration wizards and advanced dictionaries simplify policy creation, which enables greater enforcement flexibility and reduces false positives and configuration errors.

Fifth is Integrated URL Filtering. The 5.5 release is available at no extra cost and includes more than 90 Web site categories providing granular web usage monitoring and policy enforcement. It also includes the McAfee Web Reporter package which allows simplified viewing of web utilization and trends.

Dave Macey, general manager of the Network Security business unit at McAfee said:
“In addition to their market leading security effectiveness, these appliances also provide customers with email and Web usage policy enforcement capabilities, compliance tools, informative dashboards and comprehensive reporting. McAfee’s combined intelligence capabilities add an essential layer of protection to guard against today’s most advanced threats and work by accumulating data from millions of sensors, creating a real-time profile of all suspicious activity and content, and then watching for deviations based upon expected behavior.”

Furthermore, the McAfee Email and Web security Appliance 5.5 provides, says McAfee, the highest level of protection with better than 99% spam detection accuracy.

It will be available globally late in 2009.

Guest Article by Neil Camp 

The online leak of the Microsoft free tool which helps law enforcement agencies to retrieve forensic evidence in the first ‘rush’ of a crime scene is perhaps not as serious as first thought.

This site ran a story a while back which announced that Interpol’s Global Security Initiative (GSI), which focusses on international security challenges, has been given free use of Microsoft’s Computer Online Forensics Evidence Extractor (hence COFEE) to help the fight against cyber crime.

COFEE help scene of the crime officers gather computer evidence in-situ and quickly. This type of evidence is regarded as volatile and not as efficiently collected as traditional forensic evidence. Microsoft hoped that by giving Interpol, and others, COFEE, it would go a long way to help combating the spread of cyber crime.

But reports from various sites online say that Microsoft does not regard the leak as a major leak. It is said to be investigating the circumstances behind it, but pointed out that COFEE is fundamentally an application which contains a collection of digital forensic tools which are common throughout the world. In other words, it is not ‘secret’ code which will unlock forensic tricks and techniques for the criminal community.

What’s more, those in the know said that the leaked version of COFEE was incomplete, with maybe less than 50% of the programme out there. Which leads watchers of the saga to the conclusion that COFEE is about procedure and technique in the heat of the incident, rather than a magical code which allows the police to get the upper hand.

Indeed, some experts have stated their disappointment that COFEE was not better than they had expected. Some went as far as to suggest that other similar programmes on the market would do a better job.

Some cynics have also stated that maybe Microsoft is deliberately downplaying the incident to avoid any embarrassment over its leaking which is not a great advertisement for the company, or the product. Also, others have challenged Microsoft’s relaxed attitude, given that maybe some criminals could learn from the leak and adapt their browsing and internet use accordingly.

Guest Article by Neil Camp 

F-Secure, the Finnish computer security company, has released a free online tool to check the health of your computer.

Called F-Secure Health Check, it is a free online tool that helps to pinpoint security problems and gives clear advice on how to fix them. It examines a person’s computer to see if it is secure and up-to-date for internet use.

Mika Ståhlberg, Vice President of F-Secure Labs, said:
“F-Secure Health Check checks the status of security solutions running on the computer. More than one million people have already used the free tool and our data shows that a third of its users either haven’t installed an antivirus, firewall or antispyware, they are outdated or turned off. Out-of-date or nonexistent security software leave users wide open to malicious software and exploits.”

Additionally, the F-Secure Health Check free tool ensures that a person’s computer’s firewall, antivirus and anti-spyware are working properly, and are up-to-date. It also checks whether the Windows operating system, third party software and Mozilla Firefox and Internet Explorer web browsers are the latest available versions.

F-Secure point out that with more people visiting diverse web sites and using their computers to watch films, or listen to music, the most vulnerable places open to attack are the heavily used web browsers, media players and plug-ins that are often the most open to attack.

The free tool also verifies whether all your irreplaceable files like photos, music and other documents are being safely backed up by an automatic backup solution.

F-Secure say that their Health Check is quick and easy to run, and does not require to be installed.

It includes the following features:

• Windows 7 compatible;
• Firefox and Internet Explorer 8 compatible;
• Automatic backup solution detection;
• Simplified user experience with three steps and a solutions page;
• Optimized for mini-laptops;
• New Java based launch point technology (no more ActiveX).

The free health check tool is one of a number of security diagnostic checks available from the computer security companies. And although they are of course a marketing device which introduces a potential customer to the company, they do have their role to play. But it’s unlikely that after such a free health check, a product purchase is not recommended.

Guest Article by Neil Camp 

Symantec has just announced the worldwide release of Norton Ghost 15.

Symantec, which develop and produce the renowned Norton security suite, claim that the Norton Ghost 15 is one of the industry’s most advanced PC backup and recovery solutions. It is also compatible with Windows 7 and offers 25G and 50G Blu-ray Disc support. What’s more, this latest version introduces a new cold imaging feature that images computers without installing the product. Furthermore, Norton Ghost uses Symantec’s ThreatCon indicator to automatically back up PCs in the event of a severe security threat.

Norton Ghost 15 is pitched as a professional-grade backup solution for both home users and small businesses. Amongst it’s many attributes, lost, or damaged files can be recovered and restored in the event of a system failure, even if the computer’s operating system does not start. Additionally, it provides a backup of an entire system, or specific files, and folders, whilst saving recovery points to offsite locations using FTP.

Dave Cole, senior director of consumer products, Symantec, said:
“Norton Ghost has been the essential imaging and recovery product since 1996. Consumers PCs have never been more central to people’s lives, or more at risk due to cybercrime and critical failures. Ghost 15 not only is a powerful disaster recovery tool, but also it adds important features such as Windows 7 compatibility and Blu-ray Disc support to keep current with the way people are using their computers today.”

Symantec highlights the fact that their Norton Ghost 15 is also supported by Windows 7 Bitlocker. This provides enhanced data protection through drive encryption and integrity checking, keeping stored data safe and protected. They also point out that it works with both 25G and 50G Blu-ray Discs and most storage drives. This includes external hard drives, networked drives and recordable, and rewritable, CDs and DVDs. And the hot backups feature allows users to back up their computers without having to shut it down first.

The cold imaging technology employed by Norton Ghost 15 effectively backs up files without installing the product which, says Symantec, saves time and money. A handy feature is that after purchasing a new computer, users can image the PC immediately before any software is loaded which means that factory settings remain intact. It also allows easy back up of a system by simply booting to the recovery environment (which is a light version of the Windows operating system) from the Norton Ghost CD, and then initiating a backup.

Guest Article by Neil Camp 

It may still seem to be the plot from a major blockbuster, but the threat of cyber warfare is now reality warns McAfee in its fifth annual Virtual Criminology Report.

The report has revealed that five countries – the United States, Russia, France, Israel and China – are now armed with cyber weapons. The report also highlights the fact that politically motivated cyber attacks have increased.

Dave DeWalt, McAfee president and CEO, said:
“McAfee began to warn of the global cyber arms race more than two years ago, but now we’re seeing increasing evidence that it’s become real. Now several nations around the world are actively engaged in cyber war-like preparations and attacks. Today, the weapons are not nuclear, but virtual, and everyone must adapt to these threats.”

The McAfee Criminology Report includes insights from over 24 of the world’s leading experts in international relations. This includes Dr Jamie Saunders, counsellor at the British Embassy in Washington D.C. and security experts with experience at the U.S. National Security Agency and the Australian Attorney-General’s Department. Paul Kurtz, former White House advisor, wrote the report on McAfee’s behalf.

For the first time, the McAfee report provides a model to define cyber war. Furthermore, it identifies the countries involved in developing cyber offenses and cyber defences and dissects examples of politically-motivated cyber attacks.

The McAfee report also reveals how the private sector will get caught in the crossfire and worries that due to strict Government disclosure rules,
cyber initiatives and information are often classified, hindering cybercrime defence in the public and private sector.

In a nutshell, the McAfee report identifies a number of key issues and challenges.

William Crowell, a former Deputy Director of the U.S. National Security Agency, says in the Virtual Criminology Report.
“Over the next 20 to 30 years, cyber attacks will increasingly become a component of war. What I can’t foresee is whether networks will be so pervasive and unprotected that cyber war operations will stand alone.”

This year’s report identifies the following issues and challenges.

First and foremost is the fact that cyber warfare is now a reality. McAfee reckons that over the last 12 months, the increase in politically motivated cyber attacks has raised alarm. Targets have included the White House, Department of Homeland Security, U.S. Secret Service and Department of Defence in the U.S. What’s more, a number of countries are actively developing cyber warfare capabilities and are actively involved in the cyber arms race, targeting government networks and critical infrastructures.

Perhaps most worrying, is that cyber weapons are targeting critical infrastructure. In other words, attackers are not only building their cyber defences, but cyber offenses, which means targeting infrastructure such as power grids, transportation, telecommunication, finance and water supplies. The attraction here is that damage can be caused quickly and with little effort.

McAfee makes the point that cyber warfare is undefined. It entangles so many different actors in so many different ways, that the rules of engagement are not clearly defined. Furthermore, there is much debate on how much responsibility should be placed on organizations to protect and educate the public on preventing cyber attacks. It comes down to the fact that without a proper definition in place, it is nearly impossible to determine when a political response, or threat of military action, is warranted.

And the private sector is the most vulnerable sector. McAfee points out that in many developed countries, critical infrastructure is privately owned, making it a huge target for cyber warfare. The argument is that the private sector relies heavily on the government for protection. Should a cyber war start, governments, corporations and private citizens may get caught in the crossfire. And without insight into a government’s cyber defence strategy, the private sector is not able to be proactive and take the proper precautions.

In all, being targeted by a determined cyber attack on a large scale can reek huge damage.

Guest Article by Neil Camp 

BitDefender, the creator’s of one of the industry’s fastest and most effective lines of internationally certified security software, has released some top tips for festive shoppers to take whilst online shopping.

Says BitDefender’s senior Antispam researcher Catalin Cosoi
“Taking advantage of the many benefits of online shopping like competitive pricing, great selection, or even freebies like zero shipping fees and free gift wrapping, doesn’t have to cost consumers more than they’ve bargained for.

“By being aware of a few key issues, consumers can shop safely with the knowledge they need to protect their personal information and their PC.”

First top tip is know where you’re shopping from and read the small print. BitDefender are keen to remind people that not every website is legimate, with some cybercriminals either creating virtual copies of well known branded sites, or creating their own very convincing merchant sites. In short, only buy from those who are genuine high-street, or online retails.

Second top tip is beware of those online merchants who want more than your name and email address in order to cash in a coupon. Remember that a legitimate site will not ask for more than is necessary to redeem the coupon. But many illegal and bogus sites target online shoppers with online promotions and to entice a consumer to enter personal information in order to receive coupons or other merchandise. This is then used elsewhere, mainly to build clone identities.

Third, and anyone who ignores this point do so at their peril, never use a PC to shop unless it has an up-to-date and properly working security suite on board. Surf, or email, without such a security suite and it’s only a matter of time before you become infected.

Fourth, stick to the sites you know and trust, or have used successfully before. If unsure about a site, have a look in the chat rooms and forums, and see if there are any rumours, or gossip.

Fifth – remember the old adage that there is no such thing as a free lunch. You must be very wary of special offers, or unbelievable deals. They can often end with your computer being infected.

Sixth tip; use credit cards where possible, as they offer more protection than debit cards, and even better, see if you can pay cash on delivery.

Finally, look out for the https connection to a website. It’s not a guarantee of safety, but most of the sites thus connected are safe.

Guest Article by Neil Camp 

As the festive time approaches, McAfee is warning people to be on the look out for a whole host of scams and online attacks.

Ironically, the season of goodwill can be one of the most dangerous times to be online, as cybercriminals take advantage of the holiday season to steal consumers’ money, identities and personal and financial information.

Jeff Green, senior vice president of McAfee Labs, said:
“Cybercriminals’ use their best schemes during the holidays to steal people’s money, credit card information, social security number and identity. These thieves follow seasonal trends and create holiday-related websites, scams and other convincing e-mails that can trick even the most cautious users.”

So McAfee have listed the top 12 scams of Christmas.

• Number one is the invidious charity phishing scam. At Christmas, many people’s minds turn to giving to charity and this is also the time when the number of phishing emails that seem genuine – but are in reality bogus and designed to steal donations, credit card information and the identities of donors – jump dramatically.
• Number two concerns companies who are extremely busy during the festive season with orders and aren’t always as observant as they should be. Cybercriminals are adept at sending out fake invoices and delivery notifications appearing to be from the large courier companies, but which are designed to obtain credit card details to credit back the account (money for nothing in effect), or require users to open an online invoice or customs form to receive the package. And once that is completed, the person’s information is stolen or malware is automatically installed on their computer.
• Number three is when cybercriminals exploit people on social networking websites. Christmas is a time when people often communicate and catch up on things, and as such, they are open to attack. Hackers send out genuine looking “New Friend Request” e-mails from social networking sites, but many users fail to realise that there are often platforms for all types of viruses.
• Number four is the popularity of holiday e-cards at this time of year. McAfee discovered last Christmas a worm masked as Hallmark e-cards and McDonald’s and Coca-Cola holiday promotions.
• Number five is about offers that appear to be a really good deal. Recently McAfee uncovered a new holiday campaign that leads shoppers to malware-ridden sites offering luxury gifts from Cartier, Gucci, and Tag Heuer with apparent huge discounts. The products never existed of course, but the cybercriminals use such tactics to part people with their personal and financial details, and then their money.
• Number six – online shopping has exploded over the recent years, but those people who use hotspots (found in cafes, airports and hotels) should be careful if they make purchases then and there. Users on open hotspots can be spied by hackers who can then steal personal and financial information. McAfee reminds people that they should never shop online from a public computer or on an open Wi-Fi network.
• Number seven is another scam which dispassionately exploits people at Christmas. Those searching for a holiday ringtone or wallpaper, Christmas carol lyrics, or a festive screensaver, can be directed towards bogus websites which contain files, to be downloaded, that infect a user’s computer with spyware, adware or other malware.
• Number eight is another scam which targets people who are especially vulnerable. Out of work people can become especially desperate in the approach to a holiday season to try and obtain work, in order to afford Christmas. Cybercriminals are quick to promise of high-paid jobs and work-from-home moneymaking opportunities. But, of course, once interested persons submit their information and pay their “set-up” fee, hackers steal their money instead.
• Number nine is scams which involve cybercriminals preying on auction sites which become especially busy during the holiday periods. The solution here is for buyers to be very cautious about what goods they are buying and who from. Basically, if it looks a great deal, then be sceptical.
• Number ten is a perennial problem: the password stealers. To do most things on the internet requires a password; anyone who copies that password can then masquerade as a particular person, download their financial and personal details, and even order goods on their behalf. Passwords are stolen in a number of ways, not least pieces of code, malware, which record keystrokes and key logging activities. These can then be used to calculate a given password.
• Number eleven is another perennial: email banking scams which tend to increase during a holiday period, as the logic goes that people are more anxious to ensure they don’t get locked out of their account during busy purchasing times. It involves tricking customers in revealing their bank details by sending official-looking e-mails from financial institutions. The email, which is usually quite a good copy of the real thing, asks users to confirm their account information, including a user name and password, with a warning that their account will become invalid if they do not comply.
• Number twelve is the increasingly used ransom scam. Using several holiday scams, hackers gain control of people’s computers and then act as virtual kidnappers to hijack computer files and encrypt them, making them unreadable and inaccessible. The scammer’s pitch is then simple: pay me money and I will release your computer’s files. Straightforward and effective, but particularly nasty.

Guest Article by Neil Camp 

Computer security giant McAfee says that things have got worse in the last quarter with spam, malware and web-based threat creation reaching record levels.

McAfee’s latest Third Quarter Threats Report, which covers July to September 2009, also revealed that the number of new file-sharing sites which host unauthorised, copyrighted content increased dramatically. What’s more, another trend on the increase is the number of cybercriminals who are extorting website owners with threats of denial-of-service attacks.

There was a 300% rise in the creation of file-sharing sites following the brief shutdown of the Swedish based Pirate Bay operation. Pirate Bay was a torrent site, one that can host links to copyrighted material and very controversial in the authorised spread of content. And with this huge rise in the number of similar sites, cybercriminals are presented with the ideal opportunity to exploit the way certain sites share content. Malware writers are skilled at creating sites to trick users looking to download copyrighted material into downloading malicious programs.

And McAfee warns that the number of these malicious sites could dramatically increase during the fall and holiday blockbuster film seasons.

File-sharing site problems to one side, McAfee reported that spam and malware levels have reached a record high, with threats surpassing previous levels in the last quarter. And rather gruesomely, web-based attacks have also increased as cybercriminals take advantage of celebrity deaths and natural disasters. At such times, website activity and email traffic dramatically increases, and malware authors quick to take advantage of such news stories and chat to hide their malicious intentions.

McAfee now reckon that of all email traffic, some 92% is spam. In other words, a tiny 8% is legimate email traffic.

The increase in web-based attacks – which target people who visit a malicious Web page, and are delivered to users through spam, phishing, social networks and even through redirects from hijacked legitimate websites – are fast becoming the most dangerous weapon wielded by a cybercriminal.

And McAfee estimates that 55% of all malicious URLs are hosted in the US. What’s more, cybercriminals are getting increasingly effective at utilising SEO techniques to drive traffic to the bad sites.

Denial of Service attacks are a particularly odious tactic employed by cybercriminals and McAfee has seen many more attacks in the latest quarter, and with some involving significant ransom demands.

Cybercriminals are offering for sale, to the highest bidder, botnets which are made up of thousands of zombie computers to attack sites. The botnets are used to knock out even some of the most-protected sites. And when offering such sophisticated botnets, the cybercriminals will often demonstrate their capability to prospective buyers with ‘live’ demonstrations, bringing down targeted websites for a few minutes.

Just recently, four Australian sports betting companies were targetted by cybercriminals and their sites taken down during key sports events, which resulted in the loss of millions of dollars of revenue.

Guest Article by Neil Camp