February 3, 2009

Mac malware will become endemic amongst high-risk groups

January 26th, 2009

Posted by Adam O'Donnell

Two Mac trojan outbreaks were spotted in the past week leaving several people, including myself, to wonder if the tipping point for the Mac malware epidemic has arrived. Frankly, I don’t know, but I tend not to think so. I do think, however, that Mac malware will now become endemic amongst the high-risk groups such as file-swappers.

This past week a trojan claiming to be the latest iWork release was spotted on file sharing networks. Shortly thereafter, a similar trojan was sighted that masquerading as a crack for Photoshop CS4. Both events are making some people question whether or not the Mac’s long tenure as being a malware-free system is coming to a close and to face facts and install AV software.

The short answer is if you are a relatively well-behaved computer user, probably not. Mac malware is not endemic amongst the general population due to these events. The trojans of the past week is not self-propagating beyond the high-risk population, namely file swappers, and is relatively easy to find, analyze, and remediate. This is in stark contrast to PC users who have been hit with the Downadup/Conficker worm, which propagates via three orthogonal vectors and includes one remote exploit, and actively prevents you from visiting websites that contain remediation tools.

I do think cialis vs generic cialis the relative halcyon days of malware-free Macs are coming to an end. Anyone who is currently infected by the new malware will remain infected without direct human interaction due to the lack of any automatic mechanism for the identification and removal of malware. That means there is a non-zero population of Mac users who are now compromised and will remain compromised unless they either clean their machine or they buy a new system. Sounds familiar, right?

The question I want answered is whether or not the monetization rate of compromised Macs is sufficient for the malware authors to continue to pursue the platform. If not, these events will be a blip on the radar; otherwise, Mac owners better keep their Time Machine backups up to date.

Permalink • Print • Comment

August 20, 2008

New Spam: From CNN and MSNBC?

I have received several phone calls this week from readers saying they have been getting a ton of spam e-mail from CNN and MSNBC. The e-mails have headlines indicating they are breaking news alerts from either of the very popular news companies. Now, I'm sure all of you are smart enough to know that CNN and MSNBC would not actually send out spam, but where are the e-mails coming from?

Well, the e-mails are an attack from a botnet. Currently, several Web sites have been taken over by the worm and they are sending out millions of e-mails a day. While the e-mails look like they are from CNN and MSNBC, they're propecia low dose not.

If you receive an e-mail from CNN or MSNBC, do not read it! You should immediately delete those messages and mark them as spam. Reading those e-mails and clicking on the links inside will put your computer at risk. You will be prompted to install a file that says it's an update for the Flash player. That's actually a virus. Installing that program will infect your system and turn your computer into a spam machine.

Usually, I would say you should report the issue to the company that is being spoofed, but in this case, they're already very aware of the issue. Just hang in there and the messages will stop once the offending computers are taken offline and disinfected.

If you have been fooled into installing the "Flash Update," you should run a full virus scan immediately. Until next time, stay safe out there, my friends!

Permalink • Print • Comment

April 6, 2008

Caller Complaints

I’ve just about had it with telemarketers! They’re calling more frequently and at inappropriate times. Plus, with the idea they're trying to scam me looming in the back of my mind, I'm about ready to stop answering the phone!

But now, there is something we all can do about it: complain! Not only can you vent your frustrations about a specific company calling your house or cell phone, but you can research the number and see what other people have to say about them as well.

In the middle of the page, you’ll see a search field. Just type in the number you want to look up online cheap viagra and click Search. That will bring up a page that displays the number of times it has been searched, the complaints for the number, as well as, a complaint form for you to fill out.

Beneath the search field, you will see columns for recently searched numbers divided up by the last seven days, the last 30 days and all the time. Below the columns, you’ll see the color code for the bullets by the numbers.

On the side menu, you will find three sections:

File a Complaint – This one will take you directly to the complaint form. If you scroll past the form, you will find helpful tips about how to give the best detail in your complaint.

Stop Telemarketers – Here you will find five articles that will not only make you more aware of what is going on, but also how you can fight back. I am incredibly sick of spoof numbers! 000-000-0000 is what will show up on your caller ID, which is simply an attempt to hide the caller’s identity. I get anywhere from three to six of those kinds of calls a day. Talk about annoying! I highly recommend reading the second article in this section, as it explains in more detail how spoof IDs work.

About Caller Complaints – Here you will learn all about why this Web site was started and what it does.

I hope this site helps you out with your telemarketer problem as much as it did for me!

http://www.callercomplaints.com/

Permalink • Print • Comment

December 13, 2007

Reporting Spam E-mail

We here at WorldStart often tell you about new e-mail scams that are going around on the Internet, but we've never really told cialis prescriptions you what you can do to report all the spam you receive in your Inbox. Lately, I've been asked that question a lot, so I figured it was about time we addressed it. I do apologize for taking so long to do so. Reporting spam e-mail is very easy to do and if everyone does their part, who knows, maybe the bad side of e-mail will finally disappear for good. Let's check it out, shall we?!

First of all, I want to make sure everyone is clear on what I'm referring to when I say spam e-mail. Spam can come in a variety of ways, including messages from business marketers trying to sell their products, forwards, bogus money offers and just any messages you may get from people you don't know. I'm sure you all have gotten your fair share of those, because no matter what you do, it seems impossible to protect your e-mail address from getting into the wrong hands. And I don't know about you, but junk e-mails really get on my nerves and they waste my time!

So, the next time you see a spam e-mail in your Inbox that you think is deceptive, do us all a favor and forward it to the Federal Trade Commission (FTC) at this address: spam@uce.gov You can do that just by hitting the Forward button in your e-mail and typing that address on the To: line. The FTC then uses the e-mails they get at that address to pursue law enforcement actions against the people who send them. They have even put together a new law against spammers, called the CAN-SPAM law, which is designed to hold spammers responsible for their actions. It's nice to know there is something we all can do to help combat the dreadful problem of spam. Do your part today and let's all start to make a difference!

Permalink • Print • Comment

December 1, 2007

Sunbelt Software: Google search results delivering massive malware attacks

November 27th, 2007

Posted by Larry Dignan

For the last two days, security software firm Sunbelt Software has been all over what could develop into a scary trend: Rigged Google search results that deliver big malware payloads.

On Monday, Sunbelt reported “we’re seeing a large amount of seeded search results which lead to malware sites.” The search terms leading cialis online no prescription you to these malware payloads were pretty basic fare.

This screenshot courtesy of Sunbelt shows an example of the malware sites (Sunbelt’s post has a bunch of other examples).

mallinks1238888_thumb1.jpg

On Tuesday, Sunbelt researcher Adam Thomas followed up with another post. Thomas wrote:

Sunbelt Software has uncovered tens of thousands of individual pages that have been meticulously created with the goal of obtaining high search engine ranking. Just about any search term you can think of can be found in these pages.

Simply put, damn near any Google search term–even terms like “hospice”– can take you to one of these malware sites. Computerworld quotes Sunbelt Software CEO Alex Eckelberry as saying “this is huge.” I’m inclined to agree, especially considering Eckelberry’s inventory: “27 different domains, each with up to 1,499 [malicious] pages. That’s 40,000 possible pages.”

Thomas continues:

For months now, our Research Team has monitored a network of bots whose sole purpose is to post spam links and relevant keywords into online forms (typically comment forms and bulletin board forums). This network, combined with thousands of pages such as the two seen above, have given the attackers very good (if not top) search engine position for various search terms.

In our previous post, we mentioned that the malicious pages also contained an IFRAME link which would attempt to exploit vulnerable systems. If you were unlucky enough to run across one of these links while surfing with a vulnerable system, you would become infected with a family of malware that we call Scam.Iwin. With Scam.Iwin, the victim’s computer is used to generate income for the attacker in a pay-per-click affiliate program by transmitting false clicks to the attacker’s URLs without the user’s knowledge. The infected Scam.Iwin files are not ordinarily visible to the user. The files are executed and run silently in the background when the user starts the computer and/or connects to the internet.

Google has been notified and hopefully its fancy algorithm can nuke these bogus sites pronto.

Permalink • Print • Comment
« Previous PageNext Page »
Made with WordPress and Semiologic • Sky Gold skin by Denis de Bernardy