Attempts at maintaining software internet security took a further blow when news of a Firefox 4 crack which spreads Trojans started doing the rounds.

Software internet security is precarious at the best of times, so news of ‘free’ versions of the Firefox 4 browser have been greeted with a groan all around. ‘Cracked’ versions of the software are in fact being used to spread malicious malware, and tricks unknowing users into downloading a free crack of Firefox 4 browser.

Upon download, users are suddenly infected with trojans and their computer often becomes riddled with these dangerous pieces of malware. Unfortunately, this is another case of the word ‘free’ being used to lure internet users into using websites and downloading things that should not be touched with a barge pole.

It is not unusual for cracked versions of well known software to contain malware such as trojans; this unpleasant discovery is often a side-effect to downloading such versions.

If the use of the word ‘free’ that may have intrigued you into visiting sites that offered this cracked version of Firefox 4 browser, then this is when the trap seems to get quite bizarre. Mozilla, on their main website, are already providing free downloads of the beta of Firefox 4. This new version of the browser is not only free of trojans that these cracked versions are often infested with, but it also free to download from a reputable website. This makes downloading the virus ridden version entirely pointless.

The exact danger of these versions have been highlighted by researchers at Sunbelt, who tested these dodgy Firefox 4 downloads and found that (at least) five different pieces of malware could be in the download. This is guaranteed to be unhealthy for a user’s computer, and all for a download that is freely available from its true creator’s source.
Maintaining software internet security starts with providing your computer with antivirus programs, but it also seems that not falling into traps of ‘free’ downloads of cracked versions of software is up there with some of the top ways to keep your computer clean and healthy.

Guest Article by Neil Camp

A new study has again warned that porn site users are opening themselves up to attacks from cyber criminals.

Porn sites users are at risk because the sites they frequent not only often harbour malware, but also entrap users in various schemes and shady deals.

The report, which highlights the dangers that porn site users face, was prepared by the International Secure System Lab.

Dr Gilbert Wondracek, who led the study, said that the intense competition amongst the online porn industry made matters far worse: ”They have almost inadvertently created a whole ecosystem that’s easy to abuse for cyber crime on a large scale. There are studies looking at the profitability and economics of the industry but we are the first to come at it from a security and more technical point of view.”

The techs at the International Secure System Lab built their own porn sites and quickly discovered that many porn site users are very vulnerable to computer viruses and loopholes.

Dr Gilbert pointed out that the study had been basically carried out to test the commonly held assertion that porn site users are at risk. He added: “There are studies looking at the profitability and economics of the industry but we are the first to come at it from a security and more technical point of view.”

Dr Gilbert stressed that it was often hard for the average user to tell a porn site which is honest, compared to one that might be hiding malware threats.

Of the 35,000 porn site domains studied in the report, it was discovered that 90% were ‘free’ sites and that these acted as ‘funnels’ for sites that require payment to view their content.

The 35,000 domains published some 269,000 individual websites. The study looked at all these sites and discovered that a touch over 3% were booby-trapped with malware, including viruses, spyware and adware. What’s more, many other sites used tools such as JavaScript catchers which make it hard for porn site users to actually leave the site.

Other sites immediately transferred those people hoping to view a video, to say a number of affiliate sites, which creates a circle of click trading. Dr Gilbert said: “Visitors are being abused as click bots. It’s cut-throat competition. Everybody tries to get as much traffic as possible.”

Porn site users are being told to be aware of “safe browsing modes” when visiting such websites and to keep their anti-virus software up-to-date.

Guest Article by Neil Camp

Top malware in May according to computer security company BitDefender is an Autorun trojan.

May’s top malware goes by the name of Trojan.AutorunInf.Gen and represents just over 13% of all global malware. It’s designed to use external hard drives, memory cards and flash drives to spread malware. And although Microsoft may have discarded its Windows Autorun feature from its latest operating systems and from Vista SP2, early versions are still vulnerable.

Next on the top malware list for May is the infamous Kido, or Conficker, which goes by the tag of Win32.Worm.Downadup. This nasty virus takes a bow for around 6% of global infections and attacks a Windows vulnerability. It spreads via local network computers and stops users trying to access Windows updates and security companies web pages. Latest versions of Windows has removed the vulnerability, but people using older operating systems should ensure that they have updated their operating systems and anti-virus applications.

In third place and close behind the Conficker on the top malware list is another Trojan which accounts for some 5% of all infections. It’s official name is Trojan.FakeAV.KUE and it’s based on JavaScript code. It creates anti-virus scams and the malware gets hosted either on sites that unknowingly carry the virus, or malicious sites. Once people download this type of malware, it triggers various fake alerts offering rogue antivirus software.

Coming fourth is the May top malware list is Win32.Sality.OG. It’s the only file infector virus in the top ten and it’s a device which appends its encrypted code to executable files (.exe and .scr binaries). It does this by deploying a rootkit which kills any antivirus applications on the computer. This means that it remains undetected and unable to carry out its malicious tasks.

In the fifth place is a new one to the top malware charts. It’s a Trojan and is responsible for a tad over 2% of infections. Called the Trojan.Swizzor.2, it acts as a pathfinder for a number of other pieces of malicious software.

BitDefender’s top malware chart for May includes:

1. Trojan.AutorunINF.Gen 13,24%
2. Win32.Worm.Downadup.Gen 5,84%
3. Trojan.FakeAV.KUE 5,11%
4. Win32.Sality.OG 2,68%
5. Gen:Variant.Swizzor.2 2,12%
6. Trojan.Autorun.AET 2,02%
7. Gen:Heur.Krypt.24 2,01%
8. Worm.Autorun.VHG 1,97%
9. Gen:Variant.Rimecud.2 1,91%
10. Exploit.PDF-JS.Gen 1,76%

One things is for sure, try to avoid any of the top malware for May.

Guest Article by Neil Camp

One of the top computer security software companies has produced its list of top ten malware threats for May.

Florida based Sunbelt Software compiles a monthly top ten malware threats report and the data comes from the company’s VIPRE Antivirus, its anti-malware solution, and CounterSpy, its antispyware application.

And the top ten malware threats for May reflect a growing trend towards behaviour-based detections.

What’s more, the top ten malware threats within May were also amongst the top ten for April, with May’s leading position going to Trojan.Win32.Generic!BT with 27.8% of detections, which was top in April and with more detections, 33.7%.

Coming up on the inside of the list of top ten malware threats for May is INF.Autorun (V) whose detections grew by over half from April to May. The previous period had seen a 40% increase; so the influence of this particular piece of malware is growing considerably and is likely to stay around for some months to come.

Newcomers to the top ten malware threats list for May were FraudTool.Win32.AVSoft (v) which popped in at number eight with 1.3% of detections and Trojan.Win32.Agent at number nine with just over 1.2% of detections. The first one of these little beauties – FraudTool.Win32.AVSoft (v) – installs rogue antivirus software – and the second – Trojan.Win32.Agent – downloads a varying variety of viruses and is a particular insidious Trojan downloader.

Tom Kelchner, Sunbelt Software Research Centre Manager, said about the top ten malware threats:
“The list of ThreatNet top-10 detections in May did not change significantly from the previous month – with a continued high volume of Trojan downloaders. However, the level of generic detections has steadily increased over the past few months, highlighting the importance of behavioural testing via a "sandbox" method to stop malicious applications without individual signature updates. This is a good strategy for stopping zero-day malicious code, or previously unknown malware, which is being generated by the bad guys with more frequency.”

The complete top ten malware threats is as follows:

1. Trojan.Win32.Generic!BT 27.79%
2. INF.Autorun (v) 3.63%
3. Trojan.Win32.Generic.pak!cobra 2.14%
4. BehavesLike.Win32.Malware (v) 1.95%
5. Trojan-Spy.Win32.Zbot.gen 1.78%
6. Trojan.Win32.Generic!SB.0 1.35%
7. Exploit.PDF-JS.Gen (v) 1.34%
8. FraudTool.Win32.AVSoft (v) 1.32%
9. Trojan.Win32.Agent 1.28%
10. Trojan.Win32.Malware 1.25%

The majority of the threats contained within the top ten malware threats are delivered via social engineering, or stealth installations.

Guest Article by Neil Camp

When it comes to finding out about the top malware and spam trends, then the latest report from computer security giants McAfee, covering the first quarter of 2010, is a great place to start.

It discovered that top of the list for top malware and spam trends is a USB worm that has grabbed number one position for top malware worldwide. Furthermore, it concluded that spam trends differ considerably from country to country. What’s more, spam originating out of China and other Asian countries is on the increase. And, early 2010 has been marked by major events, such as earthquake news, which has led to many web searches being poisoned.

The top malware and spam trends report also concluded that most malicious URLs are hosted by US based servers.

High up in the top malware and spam trends report is the fact that the increasing use of removable devices, the majority being USB drives, is acting as a beacon for the most popular malware. Infections that are related to AutoRun held the top and third places. In fifth place are password stealing Trojans which include generic downloaders, gaming software and unwanted programmes, all designed to collect statistics anonymously.

Looking at spam, the report concluded that whilst rates are steady, the subjects differ from country to country. The report shows that the most significant amounts of diploma spam come out of China, South Korea and Vietnam. Diploma spam is all about buying bogus job qualifications in order to get jobs.

Whereas countries such as Singapore, Hong Kong and Japan – says the report – are known for high rates of Delivery Status Notification spam.

Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee, said:
“Our latest threat report verifies that trends in malware and spam continue to grow at our predicted rates. Previously emerging trends, such as AutoRun malware, are now at the forefront. We were also surprised to find some of geographic difference in spam related topics, such as the volume of diploma spam coming out of China.”

The top malware and spam trends report also discovered that Brazil, China, Chile, Colombia, India, Indonesia, Philippines, Romania and Thailand, do have a higher proportion of malware infections and spam. McAfee says this may be down to the rapid increase in computer and internet use that these countries have experienced in the last few years, and that as a result, they lack a proper appreciation of security awareness.

The top malware and spam trends report that hackers continue to make use of bad news events, such as the earthquakes in Haiti and Chile, in order to bump their malicious sites up the site engine rankings.

As to where most of the new malicious URLs are hosted, the top malware and spam trends report concludes that 98% are hosted in the US, mainly because this is where most of the Web 2.0 services are provided.

So, when it comes to the top malware and spam trends report, use it to help keep yourself from the hackers out there.

Guest Article by Neil Camp

One of the largest providers of Windows security software is warning companies to be on their guard during the 2010 football World Cup for attacks from the malware community. And to help, they have produced their top tips for world cup computer security.

The Sunbelt Software top tips for world cup computer security are aimed at UK bosses who fear that their employees will take every opportunity, whether with permission, or not, to watch matches – many of which are taking place during office hours – and follow not only England, but various other teams.

But warn Sunbelt Software, the tournament and the interest it will generate not only amongst supporters and the wider community, means that hackers are on the prowl, hence the need for the top tips for world cup computer security.

Malware writers will see employees trying to get their football fix, no matter how, as a great opportunity to launch attacks. And one of the biggest risks, say Sunbelt Software – the authors behind the top tips for world cup computer security – is fans desperately searching for footage on any site to see how their team is progressing. Many of the sites offering such footage will, say Sunbelt Software, be hotbeds of potential computer attacks, containing viruses, platforms for phishing attacks, banner advertising and fake video streaming codec downloads.

So, when it comes to safe 2010 football world cup enjoyment, what should bosses and employees be on their guard against; what are the top tips for world cup computer security.

Top of the pile of the top tips for world cup computer security are infected files, many offered as email attachments, or downloads, that promises such things as special World Cup pictures, news, results, free tickets, or match lists. It is best to avoid these.

Second up in the pile of top tips for world cup computer security is search engine optimization poisoning, which sees the hackers endeavouring to get their malicious sites to the first pages of the listings. This is why it’s essential that new urls are carefully studied before using them and that only sites that a user trusts, are used for such things as news updates and football features.

And such things as fake antispyware programmes will be out in force, tempting users to sign-up to bogus claims that a computer is infected and that a sum of around £50 will put things back to rights again.

Next up in the top tips for world cup computer security is a warning against social networking scams. Sunbelt Software say that they expect malicious links on Twitter, fake applications on Facebook and other tricks on some of the popular 2.0 websites.

Another of the top tips for world cup computer security is the area of website defacements. This concerns websites that are popular at the time of a certain event, or tournament, and are targeted by the hackers. Sometimes it might just involve the simple defacement of a website, but it could involve a totally compromised website which is turned into a delivery mechanism for illegal content.

David Parkin, Sales Director EMEA, Sunbelt Software, said:
“All it takes is one employee to disregard this advice and the entire organisation could be put at risk. It is our hope that business leaders will distribute these tips throughout their organisation and print out further copies and post them in communal areas. By following this simple four-point checklist we can all enjoy this year’s World Cup safely via the Internet.”

Guest Article by Neil Camp

The latest threat report from BitDefender shows that top of the nasty parade for March was a USB Trojan.

Known by the tag Trojan.Autoruninf.Gen, it accounted, says BitDefender, for 13% of total global malware in March. Trojan.Autoruninf.Gen is a mechanism of a generic nature which is designed to spread via removable drives. It exploits an established vulnerability when people swap files using physical devices such as memory sticks.

Number two in March was that old favourite the Conficker, or Kido as its otherwise known. Although at 6% of total global malware in March less than half the threat posed by Trojan.Autoruninf.Gen, it is still being a nuisance and hanging around. Its trick is to exploit a Microsoft Windows vulnerability and to get rid of it, users have to update their operating system and ensure that their anti virus software is up to date.

In third is another old favourite, one which gets hold of Adobe’s PDF Reader’s JavaScript engine and uses it to piggy back malicious code into a computer. It’s known as Exploit.PDF-JS.Gen and it’s a nasty piece of work which uses a very commonly used application.

But talking of nasties, in fourth is one that takes the biscuit. It’s a file infector known as Win32.Sality.OG. What’s makes this family of infectors so bad, is that it’s protected by a polymorphic code, which makes it extremely difficult to firstly detect and then remove. What’s more, the rootkit part of the virus does its best to disable antivirus applications on the computer its attacking. One to be avoided at all costs.

In at number five this is the Trojan.JS.Downloader.BIO. Inserted into legimate webpages via SQL injection methods and tactics, this is actually JavaScript. It only targets those websites built with ASP. Another characteristic of Trojan.JS.Downloader.BIO. is that is forms cookies from bits of information about a victim’s browsing habits which are then sent to a website based in China.

That’s the top five, but here’s the complete BitDefender run for March:

1. Trojan.AutorunINF.Gen 13,40
2. Win32.Worm.Downadup.Gen 6,19
3. Exploit.PDF-JS.Gen 5,30
4. Win32.Sality.OG 2,58
5. Trojan.JS.Downloader.BIO 2,13
6. Trojan.Autorun.AET 1,95
7. Gen:Heur.Krypt.21 1,921
8. Worm.Autorun.VHG 1,78
9. Exploit.PDF-Payload.Gen 1,67
10. Trojan.Wimad.Gen.1 1,42.

Guest Article by Neil Camp

BitDefender, which provides anti-malware security solutions, has won its sixth consecutive VBSpam Award for it’s BitDefender Security for Mail Servers 3.0.2.

This leading application, designed for Linux servers, came out with a Gold following the latest Virus Bulletin Anti-Spam Comparative Review. The review revealed there was only one false positive out of 2,400 legitimate emails.

The test involved using a SuSE Linux Enterprise Server 11 for a 11-day period. Emails were sent to a number of Virus Bulletin email addresses and were mixed with spam emails provided by Project Honey Pot. And the emails were also sent in multiple language and character sets, including English, French, Russian, Dutch, Norwegian and Asian languages.

The result was an impressive 97.84% of spam messages were caught during the test, giving a false positive rate of only 0.04%.

Catalin Cosoi, Senior Researcher at BitDefender, said:
“We are thrilled to receive another VBSpam Award for BitDefender Security for Mail Servers 3.0.2. This award represents our sixth consecutive honour from Virus Bulletin, and we are particularly happy with test results showing only a single false positive out of 2400 genuine emails.”

The company say the success of the BitDefender is based on a new technology based on live query. This originates from the cloud-computing paradigm, providing an immediate response time and protection to users all over the world, regardless of language or what type of spam they receive.

How Does BitDefender Antivirus Software work?

In practice, it works by first scanning an incoming email locally with proprietary, proactive antispam solutions. If the email passes the initial filtering sequence, but still cannot be categorised as spam, or a legitimate message, then a proprietary algorithm extracts key elements from the analysed mail. This then creates something similar to a unique encrypted fingerprint of that message. Finally, if the BitDefender network of servers finds a match in its databases of known spam fingerprints, it issues a block command to the client application.

This provides a very thorough technique of catching spam emails.

Guest Article by Neil Camp

Taking spot in BitDefender’s monthly hall of shame is the malware Trojan.AutorunInf.Gen.

BitDefender, a company which produces anti-malware security solutions, produces a monthly e-threat report in which it lists the latest malware baddies.

And top throughout February was the Trojan.AutorunInf.Gen which is what’s known as a generic mechanism which uses removable devices – including external hard-disks, memory cards and flash drives – to spread malware between devices.

Removable devices are the theme of BitDefender’s February e-report and they warn against the ease by which these handy aids can be compromised. Indeed, say BitDefender, they are responsible for around 9% of global infections.

Catalin Cosoi, BitDefender’s senior researcher, said:
“External devices should be scanned on a regular basis. This safe practice should be used especially when these devices have been plugged into library computers, copy shops, and other public locations that are known to be likely sources of infection.”

Conficker, or Kido, or to give its correct title, Win32.Worm.Downadup.Gen, is proving very resilient, appearing regularly in the nasties line-up.

Catalin Cosoi, BitDefender’s senior researcher, added:
“The continuous presence of Win32.Worm.Downadup.Gen — also known as Conficker or Kido — in our monthly e-threat lists proves most users are reluctant to update their operating system and locally-installed antimalware solution, in addition to installing the security fixes issued by Microsoft more than a year ago. Newer variants of the worm also install rogue antivirus applications, amongst others.”

Coming third and fourth in the list is to gain access to a computer via manipulated PDF files and various vulnerabilities found in the Adobe PDF Reader JavaScript engine. Once they have compromised a computer, malicious code is then executed from the ‘dirty’ machine.

The complete list is made up of:

1. Trojan.AutorunINF.Gen 9.09
2. Win32.Worm.Downadup.Gen 6.24
3. Exploit.PDF-JS.Gen 5.13
4. Exploit.PDF-Payload.Gen 4.21
5. Trojan.Wimad.Gen.1 3.37
6. Win32.Sality.OG 2.77
7. Trojan.Autorun.AET 1.92
8. Worm.Autorun.VHG 1.85
9. Exploit.Comele.A 1.48
10. Trojan.SWF.HeapSpray.B 1.40

BitDefender was particularly keen to highlight the invidious threat called Trojan.Wimad.Gen.1, sitting at number five. This is one Trojan that likes to hide in favourite downloadable television series and movies.

Guest Article by Neil Camp

Computer security giant McAfee says that things have got worse in the last quarter with spam, malware and web-based threat creation reaching record levels.

McAfee’s latest Third Quarter Threats Report, which covers July to September 2009, also revealed that the number of new file-sharing sites which host unauthorised, copyrighted content increased dramatically. What’s more, another trend on the increase is the number of cybercriminals who are extorting website owners with threats of denial-of-service attacks.

There was a 300% rise in the creation of file-sharing sites following the brief shutdown of the Swedish based Pirate Bay operation. Pirate Bay was a torrent site, one that can host links to copyrighted material and very controversial in the authorised spread of content. And with this huge rise in the number of similar sites, cybercriminals are presented with the ideal opportunity to exploit the way certain sites share content. Malware writers are skilled at creating sites to trick users looking to download copyrighted material into downloading malicious programs.

And McAfee warns that the number of these malicious sites could dramatically increase during the fall and holiday blockbuster film seasons.

File-sharing site problems to one side, McAfee reported that spam and malware levels have reached a record high, with threats surpassing previous levels in the last quarter. And rather gruesomely, web-based attacks have also increased as cybercriminals take advantage of celebrity deaths and natural disasters. At such times, website activity and email traffic dramatically increases, and malware authors quick to take advantage of such news stories and chat to hide their malicious intentions.

McAfee now reckon that of all email traffic, some 92% is spam. In other words, a tiny 8% is legimate email traffic.

The increase in web-based attacks – which target people who visit a malicious Web page, and are delivered to users through spam, phishing, social networks and even through redirects from hijacked legitimate websites – are fast becoming the most dangerous weapon wielded by a cybercriminal.

And McAfee estimates that 55% of all malicious URLs are hosted in the US. What’s more, cybercriminals are getting increasingly effective at utilising SEO techniques to drive traffic to the bad sites.

Denial of Service attacks are a particularly odious tactic employed by cybercriminals and McAfee has seen many more attacks in the latest quarter, and with some involving significant ransom demands.

Cybercriminals are offering for sale, to the highest bidder, botnets which are made up of thousands of zombie computers to attack sites. The botnets are used to knock out even some of the most-protected sites. And when offering such sophisticated botnets, the cybercriminals will often demonstrate their capability to prospective buyers with ‘live’ demonstrations, bringing down targeted websites for a few minutes.

Just recently, four Australian sports betting companies were targetted by cybercriminals and their sites taken down during key sports events, which resulted in the loss of millions of dollars of revenue.

Guest Article by Neil Camp