BitDefender, the creator’s of one of the industry’s fastest and most effective lines of internationally certified security software, has released some top tips for festive shoppers to take whilst online shopping.

Says BitDefender’s senior Antispam researcher Catalin Cosoi
“Taking advantage of the many benefits of online shopping like competitive pricing, great selection, or even freebies like zero shipping fees and free gift wrapping, doesn’t have to cost consumers more than they’ve bargained for.

“By being aware of a few key issues, consumers can shop safely with the knowledge they need to protect their personal information and their PC.”

First top tip is know where you’re shopping from and read the small print. BitDefender are keen to remind people that not every website is legimate, with some cybercriminals either creating virtual copies of well known branded sites, or creating their own very convincing merchant sites. In short, only buy from those who are genuine high-street, or online retails.

Second top tip is beware of those online merchants who want more than your name and email address in order to cash in a coupon. Remember that a legitimate site will not ask for more than is necessary to redeem the coupon. But many illegal and bogus sites target online shoppers with online promotions and to entice a consumer to enter personal information in order to receive coupons or other merchandise. This is then used elsewhere, mainly to build clone identities.

Third, and anyone who ignores this point do so at their peril, never use a PC to shop unless it has an up-to-date and properly working security suite on board. Surf, or email, without such a security suite and it’s only a matter of time before you become infected.

Fourth, stick to the sites you know and trust, or have used successfully before. If unsure about a site, have a look in the chat rooms and forums, and see if there are any rumours, or gossip.

Fifth – remember the old adage that there is no such thing as a free lunch. You must be very wary of special offers, or unbelievable deals. They can often end with your computer being infected.

Sixth tip; use credit cards where possible, as they offer more protection than debit cards, and even better, see if you can pay cash on delivery.

Finally, look out for the https connection to a website. It’s not a guarantee of safety, but most of the sites thus connected are safe.

Guest Article by Neil Camp 

As the festive time approaches, McAfee is warning people to be on the look out for a whole host of scams and online attacks.

Ironically, the season of goodwill can be one of the most dangerous times to be online, as cybercriminals take advantage of the holiday season to steal consumers’ money, identities and personal and financial information.

Jeff Green, senior vice president of McAfee Labs, said:
“Cybercriminals’ use their best schemes during the holidays to steal people’s money, credit card information, social security number and identity. These thieves follow seasonal trends and create holiday-related websites, scams and other convincing e-mails that can trick even the most cautious users.”

So McAfee have listed the top 12 scams of Christmas.

• Number one is the invidious charity phishing scam. At Christmas, many people’s minds turn to giving to charity and this is also the time when the number of phishing emails that seem genuine – but are in reality bogus and designed to steal donations, credit card information and the identities of donors – jump dramatically.
• Number two concerns companies who are extremely busy during the festive season with orders and aren’t always as observant as they should be. Cybercriminals are adept at sending out fake invoices and delivery notifications appearing to be from the large courier companies, but which are designed to obtain credit card details to credit back the account (money for nothing in effect), or require users to open an online invoice or customs form to receive the package. And once that is completed, the person’s information is stolen or malware is automatically installed on their computer.
• Number three is when cybercriminals exploit people on social networking websites. Christmas is a time when people often communicate and catch up on things, and as such, they are open to attack. Hackers send out genuine looking “New Friend Request” e-mails from social networking sites, but many users fail to realise that there are often platforms for all types of viruses.
• Number four is the popularity of holiday e-cards at this time of year. McAfee discovered last Christmas a worm masked as Hallmark e-cards and McDonald’s and Coca-Cola holiday promotions.
• Number five is about offers that appear to be a really good deal. Recently McAfee uncovered a new holiday campaign that leads shoppers to malware-ridden sites offering luxury gifts from Cartier, Gucci, and Tag Heuer with apparent huge discounts. The products never existed of course, but the cybercriminals use such tactics to part people with their personal and financial details, and then their money.
• Number six – online shopping has exploded over the recent years, but those people who use hotspots (found in cafes, airports and hotels) should be careful if they make purchases then and there. Users on open hotspots can be spied by hackers who can then steal personal and financial information. McAfee reminds people that they should never shop online from a public computer or on an open Wi-Fi network.
• Number seven is another scam which dispassionately exploits people at Christmas. Those searching for a holiday ringtone or wallpaper, Christmas carol lyrics, or a festive screensaver, can be directed towards bogus websites which contain files, to be downloaded, that infect a user’s computer with spyware, adware or other malware.
• Number eight is another scam which targets people who are especially vulnerable. Out of work people can become especially desperate in the approach to a holiday season to try and obtain work, in order to afford Christmas. Cybercriminals are quick to promise of high-paid jobs and work-from-home moneymaking opportunities. But, of course, once interested persons submit their information and pay their “set-up” fee, hackers steal their money instead.
• Number nine is scams which involve cybercriminals preying on auction sites which become especially busy during the holiday periods. The solution here is for buyers to be very cautious about what goods they are buying and who from. Basically, if it looks a great deal, then be sceptical.
• Number ten is a perennial problem: the password stealers. To do most things on the internet requires a password; anyone who copies that password can then masquerade as a particular person, download their financial and personal details, and even order goods on their behalf. Passwords are stolen in a number of ways, not least pieces of code, malware, which record keystrokes and key logging activities. These can then be used to calculate a given password.
• Number eleven is another perennial: email banking scams which tend to increase during a holiday period, as the logic goes that people are more anxious to ensure they don’t get locked out of their account during busy purchasing times. It involves tricking customers in revealing their bank details by sending official-looking e-mails from financial institutions. The email, which is usually quite a good copy of the real thing, asks users to confirm their account information, including a user name and password, with a warning that their account will become invalid if they do not comply.
• Number twelve is the increasingly used ransom scam. Using several holiday scams, hackers gain control of people’s computers and then act as virtual kidnappers to hijack computer files and encrypt them, making them unreadable and inaccessible. The scammer’s pitch is then simple: pay me money and I will release your computer’s files. Straightforward and effective, but particularly nasty.

Guest Article by Neil Camp 

Growth in UK cybercrime increased throughout 2008 at levels not seen since 2006.

And the reason is the credit crunch, says Garlik’s third annual UK Cybercrime report, which fuelled a massive growth in cybercrime. Another contributing factor has been consumer complacency.

The researchers behind the report analyse public data to build a comprehensive view of cybercrime. It was clear that during 2008 cybercriminals adapted to the social and economic changes in the UK to exploit victims in new ways and commit over 3.6 million criminal acts online (that’s over one every 10 seconds).

Furthermore, a growing complacency was noted amongst consumers which demonstrated poor understanding of their responsibility to protect their personal information against fraud.

This was reinforced by findings which showed a 20% increase in account takeover, indicating that criminals have now shifted their efforts from opening new accounts with stolen identities to accessing existing accounts.

The report also discovered that online banking fraud increased by a staggering 132%, with losses totalling £52.5 million, compared to £22.6 million in the previous year. And responsible for most of this were 44,000 phishing websites which specifically targeted UK banks and building societies.

Tom Ilube, CEO, Garlik, said:
“We fear that account takeover fraud will continue to increase in 2009 due to the decline of available credit and tighter credit checking by the banks. Consumers must be extra vigilant of all their online and financial accounts as well as avoiding increasingly convincing phishing scams.

“As threats shift and change, it is essential for consumers to take steps for their own safety: even if they think that it is ‘someone else’s problem’. It is not. Consumers need to be smart online and stay one step ahead of the cybercriminals.”

Dr Stefan Fafinski, of Invenio Research which owns Garlik, said:
“One possible explanation for the sharp rise in cybercrime lies in the consumer reaction to it. Identity theft in particular received a great deal of media and public attention in 2006. As a result, many consumers took the first steps to protect themselves, buying shredders and anti-malware software to feel secure but have since become too complacent and as a result have been hit by the next wave of cybercrime”.

Guest Article by Neil Camp

A new virus is in town and this time it’s got a specific target: online banking customers. Known as the Clampi virus, it represents a major threat to those that bank via the internet.

The Clampi virus is whats known as a Trojan, mainly because of its ability to secretly penetrate a computer, wait patiently until needed, then report bank to its creator, or indeed, take instructions from its creator.

And the cyber criminals behind the Clampi virus have on objective in mind: to steal personal details from a computer.

It is spreading rapidly through the US and UK, infecting computers and then waiting until the time is right to strike. When the user of the computer logs into their bank account for example, the Clampi virus makes a note of the username, password and other pertinent details, which are then sent back to the hackers.

These details are then used by the hackers to enter financial sites and either transfer money, change account details, or set-up frauds.

It is believed that people behind the Clampi virus monitor in the region of 5,000 financial websites and amongst these are most of the UK high street banks. But it’s not just banks; sites run by mortgage lenders, online casinos, shopping operations and email providers are also targeted.

In the US the Clampi virus has already been responsible for thefts of thousands of dollars and its been reported that many schools and businesses have been affected.

The Clampi virus is not new, having been around since 2005, but computer security experts think that this is a new, more virulent strain and poses a major threat to online banking. And they believe it attacks in waves, the UK banks being a major target.

They are unsure as to the true extent of the damage caused in the UK, especially given the covert nature of Clampi’s operation, but think that over 1,000 computers have already been affected. And those running Microsoft Windows operating systems seem to be more vulnerable than most.

And the computer security experts are warning again that people should remain vigilant at all times, reiterating the fact the such viruses are usually distributed embedded in emails, website downloads and instant messages, as attachments and links. They urge anyone not to open links, or attachments, from sources they cannot trust.

What’s more, they remind computer users that they should never send emails, or surf the web, without an up-to-date anti-virus software application on their machines.

Guest Article by Neil Camp

One of the biggest computer security companies has published a list of the most dubious websites for 2009.

Symantec, the company behind the Norton range of anti-virus products has identified the ‘Dirtiest Web Sites of Summer 2009.’ These are 100 sites with the most threats detected by the site ratings service Norton Safe Web as of August 2009. They represent the ‘worst-of-the-worst’ say Symantec, based on the number of threats detected by Norton Safe Web.

Symantec say that it’s no surprise that some 50% of the worst websites are those that feature pornographic content. But what did surprise them was that many of those in the top 100 did feature innocent subject matter, including deer hunting, catering, figure skating, legal services and buying electronics.

And the most common threat found on the top 100 dirtiest sites was malware, followed by security risks and browser exploits. What’s worse, is that simply visiting one of the worst sites could risk exposing a computer to infection and identity theft, even without clicking on an item, or downloading a file.

“This list underscores what our research shows – there has been exponential growth in the number of online threats that are constantly evolving as cybercriminals look for new ways to target your money, identity or assets. In 2008, most new infections occurred while people were surfing the Web1,” said Rowan Trollope, senior vice president, Consumer Business Unit, Symantec. “Norton Safe Web provides visual ratings that let consumers know about potential risks before visiting a site. Armed with this information, consumers are empowered to make informed decisions about which sites to visit.”

Symantec calculated that the average number of threats on the Dirtiest Web Sites list is an incredible 18,000 per site. Indeed, 40 of the 100 Dirtiest Web Sites have more than 20,000 threats per site.

And below is a sample of the Dirtiest Web Sites:

• 17ebook.com
• aladel.net
• bpwhamburgorchardpark.org
• clicnews.com
• dfwdiesel.net
• divineenterprises.net
• fantasticfilms.ru
• gardensrestaurantandcatering.com)
• ginedis.com
• gncr.org
• hdvideoforums.org
• hihanin.com
• kingfamilyphotoalbum.com)
• likaraoke.com
• mactep.org
• magic4you.nu
• marbling.pe.kr
• nacjalneg.info
• pronline.ru
• purplehoodie.com
• qsng.cn
• seksburada.net
• sportsmansclub.net
• stock888.cn
• tathli.com
• teamclouds.com
• texaswhitetailfever.com
• wadefamilytree.org
• xnescat.info
• yt118.com

Avoid the above like the plague.

Guest Article by Neil Camp

Computer security experts are worried that the advances in smartphone technology, such as achieved by the Apple iPhone 3G S will lead to an increased threat of malware.

Basically, as the ability to mobile surf becomes the norm, mobile phones will become just as vulnerable to attack from malware as desktops and laptops.

And what’s more, the popularity of the App Store makes the chance of malware infiltration far higher than before. Experts say that the problems being encountered by PC users now on a daily basis (spam, viruses and identity theft), could become commonplace on mobile phones.

The experts are worried that smartphones, effectively complex multimedia devices which have a number of ways of communicating, and which are updated on a very regular basis, are leaving the security industry trying to play catch up.

So the best solution, claim the experts, is rather than the onus being on the mobile user protecting themselves, is to get the network operators to take control of the situation. They should introduce sophisticated security techniques including anti-flooding technology, anti-spam and virus filtering software, and, blacklisting programmes.

Whether the network operators agree that one of their roles is to act as policemen against malware threats remains to be seen. But if someone doesn’t get a grip on developments soon, warn the security companies, then the situation will get out of hand and mobile surfers will become a happy hunting ground for the cyber criminals.

Guest Article by Neil Camp

A tool has been released which allows the user to take control of a strangers’ Facebook account.

But the computer industry is undecided as to whether the tool, called FBController and designed by an Indian cyber security enthusiast, is really designed to highlight flaws in Facebook, or as a hackers dream.

The designer himself said he created the tool only as a proof of concept and that it’s creation had provided him with a great deal of excitement.

It is not a straightforward tool, because it relies on getting hold of the targets’ session cookies. The tool firstly looks at the communications between Facebook and the computers that use it, and then combines that with the cookie data, before hijacking an account.

Cookies are actually lifted using a different number of techniques, including network sniffing.

A computer security expert believed that the real menace behind the tool was that it could control a number of hijacked Facebook accounts at one time. For him, this confirmed that a large number of Facebook accounts had already been seriously compromised and that the hackers were now looking at ways of taking control of these accounts en masse and implementing their evil acts.

Facebook were said to be aware of the tool’s existence, but that it did not affect their ability to detect and combat an attack from malicious malware.

Guest Article by Neil Camp