05/30/2011

Facebook "Baby Born Amazing Effect" is a Scam

Given the size of the Facebook network, it should be no surprise to any of us that the scammers are trying to target their next victims here, too.

The fine folks at antivirus software company Sophos have been keeping tabs on the latest Facebook scam, "Baby Born Amazing effect". This particular scam is being tracked by Sophos security researcher Graham Cluley who says,

Messages are spreading rapidly across Facebook, as users get tricked into clicking on links claiming to show an amazing video of a big baby being born.

"The messages are spreading with the assistance of a clickjacking scam (sometimes known as likejacking) which means that users do not realize that they are invisibly pressing a "Like" button to pass the message onto their online friends.

Now the real questions:

  1. What danger does this pose?
  2. How do I get rid of it?

What danger does this pose>

The actual danger to a Facebook user is pretty negligible.

The scam is that by tricking people into "Liking" their video, they're able to artificially inflate their Facebook "Like" count. Real "Like" counts tend to grow pretty slowly, so for someone looking to make a mint in Facebook, garnering a lot of "Likes" can bring in real money fairly quickly.

How do I get rid of it

Here's how:

    [See: Image 1]
  1. Find the offending message on your Facebook page.
  2. Select Remove post and unlike.
  3. [See: Image 2]
  4. Go into your profile (top right corner)
  5. Select "Activities and Interests"
  6. Remove the "Born Baby Amazing Effect" (and anything else you don't like)


[Image 1]


[Image 2]


[N.B. We have to give full credit to Graham Cluley and Sophos for snagging these screenshots from within Facebook so we can help people get rid of this crap.]

Just to reiterate, this particular scam doesn't carry any typical virus payload and doesn't pose any threat to your PC. The only threat is in tricking other friends of yours to do the same thing and ultimately in helping a scammer inflate his or her bank account.

The one caveat here is that if you've made your Facebook personal profile information public, you have shared this information with the scammer, so who know what they're up to.

Put another way: you might want to reconsider what information you're sharing publicly within Facebook.

05/29/2011

Just How Prevalent are Viruses?

One of the questions we're most often asked is,

C'mon... do I really need antivirus software? Doesn't it just slow your PC down anyway?

Our answer? "Yes, and no, not really1."

It turns out the need may be even more acute than we believed, as One in every 20 Windows PCs whose users turned to Microsoft for cleanup help were infected with malware, and according to a Computer World piece, "New malware scanner finds 5% of Windows PCs infected, that's according to Microsoft's own data on their Microsoft Safety Sacnner.

Yowza.

Here's the first kicker: that only counts the number of folks who used the Microsoft tool, and doesn't count those who:

  1. downloaded the tool on one PC and moved malware from a second (or third or other computer)
  2. took their computer to Best Buy or their local PC repair shop
  3. had their geek niece/nephew/neighbor fix their computer
  4. consulted search engines for to repair their PC on their own
  5. installed antivirus software on their own
  6. gave up and purchased a new PC

Here are a couple of other interesting tidbits from the Computer World article,

On average, each of the infected PCs hosted 3.5 threats, which Microsoft defined as either actual malware or clues that a successful attack had been launched against the machine.

This is almost as interesting to me as the 1-in-20 stat. What this seems to show is that when you run your PC without antivirus software, chances are when it gets hit, it gets really hit.

Why?

Certainly some portion of those may be multiple infections arising from the same initial infection, but the bulk are no doubt infections happening at different times and perhaps even via different infection techniques.

This means when you lack protection, it's not that you get infected once, and you're done. On the contrary. Having one virus doesn't mean you can't get more. In fact, you'll probably have three-and-a-half.

Another important tidbit: the majority of the infections came via Java exploits, interesting most of all because they

Given that we ourselves test every product we review with live viruses and all sorts of other malware, we know that no antivirus software is perfect. The bottom line is though that antivirus software does give you a significant advantage and help keep your PC protected and virus free.


1Yes, crappy antivirus software slows your machine down. Definitely. The best antivirus software, doesn't.

05/25/2011

Mac Defender 2.0... Malware Creator Responds to Apple Update

Apple may've taken a lot longer than anyone would have liked to respond to the Mac Defender fake antivirus malware, but he/she/they haven't.

In fact, on the heels of Apple's announcement, the Mac Defender creator has already fired another salvo back across Apple's bow.

The latest?

According to Intego, a Mac-centric antivirus firm, the latest version, dubbed "Mac Guard," that has upped the ante and made stopping it all the harder.

For starters Intego says in their blog post on Mac Defender,

Intego today discovered a new variant of this malware that functions slightly differently. It comes in two parts.

"The first part is a downloader, a tool that, after installation, downloads a payload from a web server.

"As with the Mac Defender malware variants, this installation package, called avSetup.pkg, is downloaded automatically when a user visits a specially crafted web site.

 

Yikes. Auto-download? That sounds a lot like Windows malware to me.

And, here's where it gets really ugly.

Apple, in their infinite wisdom, has Safari, the default browser on the Mac, in its default configuration, automatically open so-called "safe" files after downloading.

Translation, it downloads on its open and even opens itself for you... all on its own! Yay! Before you know it, and without your asking for it, the standard, friendly looking Mac installer is in front of you. All on its own.



What next? All you have to do is click 'Continue' and so on as you normally would, and poof! your machine is infected.

The thing is, a lot of people won't know any different. All they see is the friendly-looking installer (that can't be harmful, right??), and a 'Continue' button.

What do they do? Click 'Continue,' of course!

What's more, according to Intego, is Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program. [Editor's note: emphasis theirs.]

This whole Mac Defender/Protector/Security/Guard trojan malware is causing more than a little buzz, including a piece on Mac Guard on ZDNet.

In the article, author Ed Bott's [Editor's Note: Botts... an apropos name for someone in Internet security], says,

Apple appears to be treating this outbreak as if it were a single incident that won’t be repeated. They seriously underestimate the bad guys, who are not idiots.

"Peter James, an Intego spokeperson, told me his company’s analysts were 'impressed by the quality of the original version.'

"The quick response to Apple’s move suggests they are capable of churning out new releases at Internet speeds, adapting their software and their tactics as their target—Apple—tries to put up new roadblocks.

 

That about sums up our take on things here, too. Seriously, Apple, these were a couple of real missteps on your part. First the long delay.

Then the craptastic response. C'mon. How 'bout disabling the inane Automatically open "Safe" files. That's not really a default, is it?

That's the best the company that makes innovative products like the iMacs, iPhones, iTunes, iPods, and iPads can do?

Maybe this is going to be a long road after all.


[N.B. The original Apple announcement on Removing Mac Defender, which we discussed in an earlier blog about Mac Defender, mentioned two steps Apple was taking to combat Mac Defender. They were going to be:

  1. releasing a Mac Defender remover as part of their next update and
  2. having OSX do some sort of realtime intervention if you tried to install the malware.]

05/24/2011

Mac Malware Removal: No Help from Apple Support

Even though our focus (at least for now) is on Windows antivirus software and malware removal, we've had a few people contact us asking about the malware known as Mac Defender1 (previously discussed in our blog on Mac antivirus software).

Here's the short version: it does not automatically install itself onto your Mac. It does require you to manually install it to be infected. And, the main way it's getting installed is when people are tricked into installing it.

How do you get rid of it?

Well, apparently, even though it's not that hard, you can't turn to Apple Support for help, as according to ZDNet there's No Help from Apple Support Reps Removing Mac Defender, although there is now an official Apple help article on Removing Mac Defender.

Although we've not tested the removal steps ourselves, given that the removal instructions come from Apple itself, you can be sure they work and are legit.

And, yes, all the top Mac antivirus software is already detecting and removing the malware.


MacDefender is known alternately as MacSecurity or MacProtector

05/23/2011

What about Mac Antivirus Software?

Oooh, the debate there is around this topic.

I'm of the opinion that the time has come for those of us who run Macs--or those of us that run both Mac and Windows--to pull our collective head out of the sand and start looking at Mac antivirus software.

In case you've not heard about it, the latest Mac  malware (this one is a trojan) is known already by three different names:

  1. Mac Defender
  2. Mac Protector
  3. Mac Security 

No matter its moniker, it's 100% bull.

Adrian Kingsley-Hughes, writing for ZDNet talks about both the Mac Defender trojan and the state  of denial that most Mac users are in about Apple antivirus software, viruses and malware in his great piece at ZDNet.

Sure, there's the problem of actual viruses that sneak their way uninvited onto your system. This has long been one of the problems Windows users have suffered and those in the Mac camp have been largely unaffected by.

He hits it out of the park in describing exactly what the other problem is. (And this is why Mac antivirus software is a good idea.)

The threats posed by the bad guys are also different. Very different.

"Rather than rely on viruses which spread by using system vulnerabilities, the bad guys have turned to the Trojan.

"This is malware disguised as something desirable - a game, a software utility, a porn video - and it relies on the user choosing to install it onto their system.

"It’s hard to protect against this kind of stuff because the user chooses to override the operating system’s desire to be cautious when it comes to installing stuff.

"Getting people to install their own malware has been a popular trick used against Windows users for some time now, and there’s no reason to think that the same trick wouldn’t work against the modern Mac users, especially given how many of them were Windows users not long ago.

What it boils down to is social engineering more than software engineering. Why bother to try to trick the computer into doing something it shouldn't when it's much easier to trick the person into doing something he or she shouldn't?

Think no on is that naive? How come so many folks fall for the Nigeria 419 scams and wire their hard earned money of to Nigeria and other lands far and wide?

What are we doing about it? We've begun taking our expertise in testing antivirus software for Windows and putting it to work on the Mac.

So, if you're a Mac owner (or have family members, friends, etc who are), keep an eye on our blog, follow us on Twitter (@pcantivirus), or Like us on Facebook. We've got a lot in store right around the corner.

Antivirus Software Comparison Pages Revised

A quick post to begin the week: we just posted revised antivirus software head-to-head comparisons. Have a look here:

Antivirus Software Comparison

The consensus: they're easier to read and faster to get information from.

Got questions or comments feel free to post, or as always, contact us via our email form.

05/20/2011

Is That Your Hard Drive Failing? Nope, It's Probably Malware

If you've never experienced a real-life hard drive failure consider yourself lucky. And warned.

It's only a matter of time before yours goes south. In my case, being a geek both in my personal and business lives for many years now, I've had more hard drives fail than I can count.

Even if you've got good backup software (and you're sure the backups restore properly), the restoration process is always painful and more time consuming than you expect. If you don't have backups, well, well... you may just be screwed.

Sure, there's special hard drive recovery software that can often be brought in to save the day and there are hard drive recovery services, too, although these services can carry a staggeringly hefty price if you have a lot of data to recover, a complex RAID hard drive setup, and/or an especially tricky drive crash.

No matter what, no one, except those folks in the data recovery business like hard drive failures.

It's this fear of data loss that's motivating the latest malware writers to do their thing and create craptastic software no one needs--and certainly no one wants.

Our friends at Symantec, makers of Norton Antivirus Software have spotted something new: malware that fakes hard drive failure. How icky is that?

In this particular case, the malware, which Symantec is calling, "Trojan.Fakefrag" is they say, essentially a wrapper around UltraDefragger.

How do you know if you've been infected? Here's what Symantec says to look for:

  1. It moves all the files in the "All Users" folder to a temporary location and hides files in the "Current User" folder. This makes it look like you have lost all the files on your desktop.
  2. It stops you from changing your background image.
  3. It disables the Task Manager.
  4. It sets both the "HideIcons" and "Superhidden" registry entries to give the impression that more icons have been deleted.

Wow. Just about anyone experiencing these things would probably think their hard drive were failing, too.

What next? Again quoting the Symantec researchers,

It then "helpfully" displays a message recommending that you run a diagnostic utility on your computer, launches the Windows Recovery misleading application, and adds a link it on both your desktop and the start menu.

"The misleading application finishes the job, hoping that the victim will pull out their credit card for the $79.50 price tag.

So what's it look like?

Thankfully, they included a screenshot:
.

If you see this on your PC, and you're running antivirus software already, make sure your antivirus definitions are updated and run a full system scan immediately.

If you're not, now's a good time to take a look at getting some. It's cheaper than the malware's $79.50 price to "fix" your PC, and you'll actually be getting something for your money.

05/18/2011

The Latest on the PSN Break-in and Service Restoration

There has been a whooooole lot that has gone on since the original news broke on the Sony Playstation Network data breach.

Among other things, there's been Congressional testimony, which should give some indication as to the seriousness of what has happened. In these testimonies, the Consumerist reports in a piece on the PSN breach that,

Dr. Gene Spafford of Purdue University [who in his testimony before Congress] said that Sony was using outdated software on its servers — and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts.

And, that's not the least of it. It gets much worse. Spafford, the Consumerist piece goes on to say,

...Sony was using outdated versions of the Apache Web server software, which 'was unpatched and had no firewall installed.'

"The issue was 'reported in an open forum monitored by Sony employees' two to three months prior to the recent security breaches, said Spafford.

These accusations raise even more questions, like,

"Whodunnit?"

Reuters in their article on the Playstation Network data theft, Sony points the finger at the hacktivist group Anonymous, who, they say, bears indirect responsibility.

Daily Kos has posted the official, lengthy and articulate response from Anonymous about the PSN Break-in, wherein it says in part,

Whoever broke into Sony's servers to steal the credit card info and left a document blaming Anonymous clearly wanted Anonymous to be blamed for the most significant digital theft in history.

"No one who is actually associated with our movement would do something that would prompt a massive law enforcement response.

 "On the other hand, a group of standard online thieves would have every reason to frame Anonymous in order to put law enforcement off the track.  

 "The framing of others for crimes has been a common practice throughout history. 

In other words: Anonymous didn't do it.

So, back to the PSN and when it's coming back online.

Initially, there was discussion--and ultimately success--in bringing part of the Playstation network back online starting on May 14th, as reported by Joystiq.

It was short-lived though, when a lot of users (again as reported by Joystiq in a posted called PSN website sign-ins disabled) were greeted with a message on May 18th, telling them, The server is currently down for maintenance.

Perhaps most interestingly of all was that Sony wasn't given permission to restart services for the Playstation Network in Japan (where Sony is headquartered) 'til it met two conditions,

  1. Preventative measures
  2. Steps taken "..."regain consumer confidence over personal data such as credit card information."

Where does it stand now?

Accordingly to Engadget, which appears to have the latest as of May 18th, the PSN had to be taken offline again.

According to Sony's official blog response on the outage,

We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved.

"In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.

"Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3.

"Otherwise, they can continue to do so via the website as soon as we bring that site back up.

We're glad service has been restored and sorry to see it came to this.

All-in-all, the whole thing is ugly.

100 million accounts appear to've been compromised, Sony appears it may've been negligent, and definitely bears some blame here, and it has reached a point where both U.S. and Japanese agencies are getting involved at a high level.

What should consumers do? Is this even worth thinking about?

For starters, yes, it's worth thinking about.

Security experts are definitely very concerned about phishing--and more targeted spear-phishing--attacks coming from all the confidential data cleaned from the break-in.

The most obvious step would be to change your email address and close the old account, but let's be honest, that's impractical.

Short of that, the next smartest thing to do is to make sure your antivirus software is updated and your realtime protection and anti-phishing filters are turned on.

I certainly expect this data to be exploited. Practically speaking, it's a gold mine, and I for one don't believe it's a question of "if" attacks will happen but a question of "when."