When Antivirus Software Fails You: How to Stop (and Defeat!) a Real-World Trojan & Social Engineering Attack
It isn't every day you get to see what a real Trojan or Social Engineering attack looks like.
When you do, there's seldom time to even take screenshots: you just want to get the heck out of Dodge.
But, this time, in putting together material for our upcoming free workshop, Get Secure, when I came across a real attack I was able to record it.
If you've ever wondered what an attack looks like, here's your chance to see one.
Here's the best/worst part: nothing stopped it.
- Not our Internet Security Software.
- Not any of our browsers' built-in malware protection
- Not even Windows 10 built-in security.
See for yourself how it happened and what you can do to stop it.
This file opens in a new tab / Window for you.
What we've got here, my friends, is a list of the top five Add-Ons we like most (and use.)
In one way or another, the ones we've chosen are all geared towards improving your online privacy, security, or both. Sure, some of our favorites are popular and used by a lot of people; chances are though that even most security conscious uber geeks haven't heard of all of 'em we list.
Have a look at our list and feel free to throw your own $.02 in if there are ones you know of we missed.
Five Great Firefox Add-Ons(At Least Some of Which You've Never Heard Of)
|Add-On Name / Link||About The Add-On|
Perspectives ProjectIs that secure site really who it says it is?
The SSL system is imperfect. At its core are the Certificate Authorities (CAs). The first problem: it's possible to perform a Man-in-the-Middle (MiTM) attack against a CA.
The second problem: the CAs, while historically among the most secure organizations online, are also not impervious to attacks. Crackers have breached the gates and gotten into CAs.
In either case, all bets are off. That site you think is secure is anything but. Once a CA is compromised, any communcations you have with a "secure" site can be intercepted and read like it's on the front page of Yahoo.
The Perspectives Project solution is a system of public network notaries to monitor the world's SSL certificates and help ensure the certificates are legit.
Running the Firefox Add-on is a cinch, and once you've used it even for a few minutes, you'll likely have the same, "Oh!" feeling like we did when we first started running it.
ShareMeNotThe ubiquitous social media icons you see on just about every site (including ours), are tracking what we do and where we go online. How can you keep their functionality and lose Big Brother?
To web geeks, it's no surprise that these little icons are tracking our every move online. What may be a surprise? It's very easy to keep their functionality and ditch their privacy-invading tracking with ShareMeNot.
Aside from how easy to use it is, the best part is that even if you forget to log out of your Facebook, Twitter, LinkedIn, Google/GMail, or Digg account (among others), ShareMeNot has still got your back.
In fact, that's when it works best. You can stay logged into your Facebook or GMail account and keep the great functionality of the "Like" and "+1" buttons as you surf but don't let 'em track where you're going online or what you're doing.
NoScriptScripts are everywhere. Some are good; some are evil.
Tip the scale in your favor.
NoScript creator Giorgio Maone and the folks who develop NoScript take a unique approach to scripts: don't trust any. Until you do.
And, interestingly, not only do most sites still work even when scripts are disabled, but enabling necessary scripts on sites you trust is a piece of cake.
All-in-all it's a beautiful piece of work.
Adblock PlusGet the content, kill the ads.
Advertising is one thing. Intrusive, annoying ads are another.
Adblock plus is a great answer to the problem.
Sure, there's overlap between what NoScript and Adblock can do, but Adblock is geared more towards stopping ads than NoScript.
Another interesting feature is it lets you "collapse" (i.e. hide) sections of a web page. Great for getting the content you want and avoiding the seemingly unavoidable in-your-face ads.
Using it is easy, too--just start with any of the 50+ existing lists. Then if and when you want to customize it, you can do that, too.
BetterPrivacyThere are cookies, and there are evil LSO cookies. Luckily, dealing with them isn't as hard as it once was.
Local Shared Object (LSOs) are a special, particularly evil type of cookie. Known as "Super Cookies," they're Flash, and they get placed onto your system's central folder. Thus, they're much, much more permanent than regular browser based cookies. Super Cookies go where you go, and you can't see or delete them with a garden variety "delete cookies."
This is where BetterPrivacy comes in.
With it you can manually manage LSOs, or set it up to automatically delete 'em when anytime you close (or open) a browser. And you can keep the LSOs/Super Cookies where they belong... not on your system.
Adobe issued a couple of critical patches this month to its Flash, Acrobat, and Adobe Reader products including one today for its Acrobat and Adobe Reader programs.
Adobe Acrobat & Adobe Reader Flaws and Upgrade/Patch
As for Adobe Reader as of the writing of this piece, the latest version of Adobe Reader is:
Here's how you can check your version and what you should see:
These security flaws in Acrobat and Reader--and Adobe's handling of it--has had fairly widespread discussion including coverage at Kaspersky's 'threatpost' security blog.
Kaspersky's Ryan Naraine in his piece about the Adobe security patches says,
The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file.
What's so important about this particular set of updates is the number of different types of systems that are affected, and while some antivirus software may be able to offset some of the threats posed by these security flaws in these programs, it's not worth the risk.
What's already clear is that there are security exploits in the wild that are taking advantage of these security holes, and if you're running Flash, Reader, or Acrobat (about 95% of the world is), your computer may be susceptible, regardless of what type of system you run--even a Mac.
Adobe Flash Player Flaws and Upgrade/Patch
The Flash Player (and the upgrade, of course) and Adobe Reader are free and only take a minute to install. (Adobe Acrobat isn't free but the security patch is.)
Here's the official Version Test for Adobe Flash Player.
On that page, you'll see what version of Flash Player you're running. As of the writing of this piece, the latest version for all systems is:
Don't take our word for it though, here's the official version information page for the Adobe Flash Player
Here's what the page looks like when it tests for your version of Flash Player (click the image below for a larger version plus our notes):
It's worth mentioning in our tests of the newest version of Flash Player, a reboot was sometimes recommended and other times not; regardless of whether or not you're prompted to reboot, it certainly won't hurt.
It's getting more commonplace for a bug to be a security issue on different computers--not just PCs--these days, but in these particular cases, just about every system was affected. Here's a breakdown of what the affected programs and systems looks like:
|Program||Affected Versions||Affected Systems|
|Adobe Flash Player||
Ever read .PDFs or watch something in Flash?
Most people do. In fact, something like 99% of all computers have Flash installed likewise a huge portion of computers have Acrobat Reader, too.
As such, if you're in that 99% pool, you're probably vulnerable, as roughly 80% of all computers still are according to internet security firm Trusteer.
A couple of weeks ago, we covered the Flash / Acrobat Reader Security Advisory, and now there's more warning on WebProNews about the same Flash / Acrobat vulnerabilities.
In the posting there by Chris Crum he quotes Trusteer's CEO, Mickey Boodaei, as saying,
"Adobe is facing some major security challenges and one of its biggest hurdles is its software update mechanism.
"For some reason, it is not effective enough in distributing security patches to the field.
"Given the lack of attention this situation has received to date, it appears that few people understand the magnitude of the problem. We recommend that all enterprises and individuals install the latest Flash and Acrobat updates immediately.
[Editor's note: emphasis is mine.]
We originally covered this vulnerability two weeks ago saying,
"...there's an urgent update that Adobe has just made to Acrobat, Flash Player, and Adobe Reader."
So, now that there are others adding their voices to the chorus, and we're all saying this is a big deal, please visit this page on Adobe's site which covers the Acrobat/Flash security update.
If you're reading this article, please, stop what you're doing, go to that URL, *read* it, and follow Adobe's instructions.
Regardless of if the rest of your Windows OS is patched, regardless of whether or not you have a software firewall running, and regardless of whether or not you've installed the best antivirus software or an Internet security suite, you still need to do this.
Acrobat and Flash live outside of the normal Windows Update mechanism, and thus, they can not be upgraded via Windows Update and are best upgraded manually, (i.e. don't rely on the Adobe autoupdater.)
In our humble opinion, this vulnerability has every bit the potential to be even bigger than the Conficker worm from early April this year because of the enormous install base Acrobat and Flash have.