Remove Spyware and Viruses today

The amount of celebrity deaths in the past ten days, losing icons like Farrah Fawcett, Michael Jackson and Ed McMahon, has been surprising and sad, especially if you believe in the death comes in three’s superstition. What is even more surprising to me is how quickly cybercriminals use the deaths of celebs or latest big news story as a way to lure you into potentially downloading malware onto your computer.

McAfee’s Avert Labs sent out an alert this week reminding everyone to be extra vigilant in light of recent events. In this blog (http://www.avertlabs.com/research/blog/index.php/2009/06/25/) they remind us to be careful of spam emails that offer links to news or photos. “When the users click on the fake links, they are susceptible to any kind of attack, spyware or malware installation, or information theft” the blog says.

This is a great time to remind kids about the danger lurking in their email inbox and also when they do a search. If they do not know who an email is from, they should just delete it without opening it. Many dangers on the net are financially motivated and the criminals will do anything, including spreading false emails or links boasting false information surrounding news events in order to gain access to your credit card number or personal information. Unfortunately, kids are sometimes the ones to open the “door” to criminals, letting them into your computer.

Not all sites are created equal and neither are all emails. A free product like Site Advisor can help you know the difference. Download it and teach your kids how to use it. Kids are curious and even if they don’t know who an email is from, they may want to open it anyway because it has a subject line that gets their attention. Criminals prey on our curiosity. So best arm yourself and your kids to back out of a potentially harmful mistake before your information is stolen or a virus is downloaded.

I subscribe to Google alerts and occasionally one of the links that is returned in the search is to a site that contains malware. A big McAfee Site Advisor alert shows at the top of the email warning me about the dangerous site and what the site could potentially do. Site Advisor, while it is not an antivirus product can help make you aware when an email contains a link to a bad site or a harmful site comes up in a search. It really is nice knowing about the danger before I inadvertently click or before the kids do a search for “free lyrics”!

Charlie Miller, a well-known security researcher who specializes in Mac and iPhone security, yesterday revealed information about a new vulnerability in iPhone that allows remote code execution via SMS. Not a lot is known about the vulnerability, which was announced at the SyScan conference in Singapore, except that Charlie is working with Apple to get it fixed as soon as possible.


(picture from apple.com)

This is about as bad as it gets as the vulnerability seems to allow unsigned code to run which circumvents a core part of iPhone's security model. It's usually only able to run signed code, i.e. Apps that have been approved by Apple. No user-interaction is required which is unlike current mobile malware. InfoWorld has the original story here.

Charlie plans to reveal more information at BlackHat USA.

PS. I'm shift manager for one of our three daily response shifts this week and I'm tweeting about what we're doing on the shift over at http://twitter.com/patrikrunald.

—————

Updated to add: Dan Goodin has more at The Register.

---

On 02/07/09 At 06:30 PM

It's always interesting to browse through the bait document files used in targeted attacks. These are files that have been used to infect specific individuals in different organizations in order to gain access to their computer.

All the documents shown below contained exploits that installed backdoors. Targets of these attacks are not known.















This is just a quick sampling; we get a lot of these.

On 03/07/09 At 09:50 AM

The Wall Street Journal reports that Beijing has delayed its mandate to have Green Dam Youth Escort filtering software installed on all new Windows computers sold in China. The deadline was originally July 1st.



PC World's take is that implementation of Green Dam is only a matter of time.

Our take?

If China wants to require anti-pornography filtering software that's China's business, not ours.

But the same software on EVERY computer sold in China? That's monoculture.

And as we've noted before, monocultures are subject to catastrophic failure in the event of a successful attack.

—————

More: China's Web filtering starts in the West

On 02/07/09 At 01:22 PM

Firefox 3.5 was released yesterday. I've been waiting to try out the Private Browsing Mode, so I installed it today.

Here are the privacy settings from my installation of Firefox 3.0.1.



And when I installed Firefox 3.5 the Private Browsing option was disabled. What?



Seems that the installation recognized my 3.0.1 settings as the equivalent of Private Browsing and preconfigured 3.5 to "Automatically start Firefox in a private browsing session".

Very nice work.



So, nothing changed at all. Except now I have easy options to reconfigure por… paranoi… err, Private Browsing if I opt to do so.

Time to experiment.

Signing off,
Sean

---

On 01/07/09 At 03:46 PM