IEEE has a great roundup of data-loss breaches and how the number of incidents continues to grow uncontrollably.
Data Losses/Breaches Keep Growing In UK, US and Around the World: “
Security Lessons Going Unlearned
(Via IEEE Spectrum.)
Archive for October, 2009
Data Losses/Breaches Keep Growing In UK, US and Around the World
October 29th, 2009So You’ve Fallen For the AntiVirus Scam
October 26th, 2009This is pretty typical… you’ve received a really nice looking email stating that there’s a great deal on a new and more powerful anti-virus system for your PC. Who doesn’t want that, right?
This, unfortunately, is a great way to get malware on your machine. How about that… the idea that you’re trying to protect your PC leads you into a trap where you cannot get out installing some kind of crap-ware that, at least, completely goobers up your machine.
So you’ve clicked the link. What now?
Notice… it looks like my browser has disappeared! Oh No! Well, I’d better click cancel because I don’t know what’s going on here!
Well isn’t that strange? My browser is back but it looks like some sort of regular explorer window and it’s scanning my PC. Look at all the viruses I have on my PC… right?
Well, actually I am pretty sure I don’t have any viruses. So I am going to click cancel here.
I love it when they beg! I will click OK here.
Well, how about that! It returned me back to the “Anti-Virus” scanner. I guess I have no choice but to install, right? WRONG!
From the Windows Task Bar (that blue thing on the bottom), right-click with your mouse or trackpad, or whatever, and select Task Manager. This will open up a new window.
Click on the “End Task” button. This will prompt you to confirm.
Go ahead and choose “End Now” to kill this bad-boy.
So… you may ask, what would happen if I go ahead and install the software the way they want me to? Well, all kinds of fun stuff would happen.
First, as you can see, I now have “lots of viruses” on my machine, which they promise to clean… all for only $69. And I can’t clean them or update the software without purchasing a license key. Do I dare trust these folks with my credit-card??? I think not!
Oh, how about that? They’ve changed my hosts file so that all google sites point to some server in Poland somewhere. Hmmm… can you say “Bulletproof Host”?
I wonder what else they’re doing. Wanna bet there’s an infostealer and/or keystroke logger on the machine as well? Signs point to yes! As I analyze, I will fill you in.
The point here is:
1. Don’t click on everything you get in email
2. You can bail out of a hostile web session with Task Manager
3. Don’t believe everything your computer tells you
4. Don’t install software you don’t trust
5. Don’t buy something if you don’t want it
6. Not everything is as it seems
7. etc…
More next time…
Anti-Anti-Virus?
October 24th, 2009So read this article over at Kapersky by Vitaly. Apparently there’s a guy who’s providing A/V tracking info for malware developers so that they can include blacklisted (bad for the malware) IP addresses in their code.
http://www.viruslist.com/en/weblog?weblogid=208187881
Apparently he’s upset with the A/V companies, ‘specially Kaperski at the moment.
The link to the site in question is in the article. Visit at your own risk.
Scan Finds 21,000 Vulnerable Internet Devices
October 24th, 2009Gaaaah! Come on people!
Scan Finds 21,000 Vulnerable Internet Devices: “Researchers scan more than 130 million IP addresses and find more than 21,000 routers, webcams, VoIP systems and other embedded devices vulnerable to remote attack.
(Via Wired News.)
