07/06/2012

Internet Blackout for Thousands This Monday. Are You One of Them?

Is this a hoax, or some kind of Y2K scare tactic? Unfortunately, it's very real for about 65,000 U.S. citizens.

I'll give you the good new first: if you've been running antivirus software for the past couple of years, you're probably fine and won't be affected. All the major antivirus companies have been on top of DNS Changer since it came out a few years back and have either blocked or removed it from any infected computer.

So, what exactly is going on?

Over the past 5 years, some Estonian cybercriminals infected approximately 4 million computers with a virus called "DNS Changer." The FBI (and other International law enforcement agencies) finally caught up with these criminals, arrested them, and seized the infected server farm that was doing all the damage.

Then everything should be fine, right?

Not exactly. The problem is, the FBI had to keep those infected servers running since March. Why? Anyone who has a computer infected with DNS Changer would instantly lose Internet access if these servers were shut down (since the infected computers rely entirely on these malicious servers for Internet access).

The FBI decided to give people a chance to clean up their computers before they pull the plug on these malicious servers this coming Monday (7/9/2012). If for some reason you don't run antivirus software, or are just unsure if you're infected, you may lose Internet access on Monday for several hours.

What exactly does DNS Changer do?

In a nut shell, DNS Changer takes over your computer's DNS and points you towards fake search results populated with malicious websites. Any one of these fake sites will further infect you with trojans or other viruses designed to steal passwords, send you spam, or just steal your money flat out. Nasty business.

For instance, if you were infected with DNS Changer, and you did a search for "Netflix," then clicked one of the fake search results, you would be redirected to a bogus (and dangerous) site called "BudgetMatch" instead.

Or if you clicked a search result for ESPN, you might see fake ads on ESPN's site directing you to a fake timeshare business.

As I mentioned above, if you've been regularly running antivirus or Internet security software on your computer, you're almost certainly safe from losing Internet access this Monday, but we recommend that you at least do a simple test to make sure.

U.S. users can click this link to see if their DNS is working properly (which indicates DNS Changer isn't affecting you):  http://www.dns-ok.us/

You should see this if your computer is safe:


For other countries, and more information, you can visit this site: http://www.dcwg.org/detect/

If you do find that you're infected, you should install some antivirus software to try to get rid of DNS Changer. In many cases, however, your computer may be so infected that it might be too late even for that. In that case, you should seek out a professional to diagnose and solve the issue.

 

07/02/2012

SpyEye is Back to Steal Your Money

Back in 2010 a very clever and sophisticated botnet hit the hacking world called "SpyEye." Over the next couple of years, this malware package has been responsible for over $100 million dollars stollen from small to mid-sized business in the US and abroad.

What is SpyEye?

If it weren't so evil, it would be incredibly genius. Basically, it's a software package that can be modified to do many different (and devious) things. It can be sold, bought, and passed around from hacker to hacker where they can easily modify the source code to do their bidding.

Here's just a few examples of what SpyEye, and the off-spring of SpyEye can do:

  • Form-grabbing -- steals any information you enter into a browser form: like banking websites.
  • POP3 Grabbing -- steals your POP3 email credentials to harness your email client for all kinds of nasty business.
  • FTP Grabbing -- steals your FTP login credentials in order to hack into your servers.
  • CC Autofill -- looks like a legitimate credit card form field, but ultimately steals your credit card information.
  • PHP-MYSQL -- hacks into your server database to gather virtually everything your business has in the db (which is almost always everything).
  • Invisibility -- Invisible in processes list, hides itself as a hidden file, invisible in your registry.

SpyEye was the basis for the infamous "Zeus" bonnet that stole millions of dollars.

That's just the tip of the iceberg. If stealing your bank information (and money) wasn't enough, there's a new version of SpyEye proving to be even more frightening.

Early detections show that this new version tricks you into installing a small bot that takes control of your webcam and microphone. Why? According to Dancho Danchev of ZDNet, this looks like a testing ground to break into the facial recognition login feature that banks may use in the future.

That's right, this SpyEye version is trying to get ahead of the game by figuring out out to hack facial recognition software when/if it becomes a reality for online banking.

We'll have to wait and see if that comes to fruition, but the point is, hackers are alive and well. They're looking forward for security breaches, as well as new technologies to exploit.

Well, almost all of them. The good news is, authorities in many countries are taking cybercrime very seriously. Just recently, British police busted a Baltic hacker trio that was actively stealing from UK banking customers. They got away with over £100,000 before they were caught, but this was only three guys.

Earlier this year, Microsoft, led by US Marshals, seized a cache of botnot servers which were utilizing over 800 domains to steal banking info.

The other good news is, antivirus software companies quickly moved to block and protect against future SpyEye and Zeus hacks.

If your antivirus software is up to date, chances are you're probably fine. But don't get too comfortable, being protected by software is just the first step. You need to be a smart user and be wary of clicking on suspicious links -- either online or in your email. SpyEye is sneaky and doesn't always look like malware.

People have been fooled into clicking fake Justin Bieber news, fake Facebook pages, and other dirty tricks. Resist the urge to instantly click on a link. Hover over it. Does it look legitimate? Do you know who sent you the email? If Justin Bieber was really in a car crash, you can easily confirm it with a simple search.

Stop, think, be cautious. That's just as important as having good antivirus software.