Recently, a type of malware called ransomware has begun to appear more frequently. Its purpose is to effectively take data hostage and demand a ransom in exchange for returning it. CryptoLocker, for example, does this by encrypting all document files on a computer and mapped network drives, then requiring a payment of roughly $300. Upon confirmation that the payment has been received, the decryption key is then sent to the victim. In some cases, of course, the decryption key may not be sent even if payment is made.
Naked Security has an article about the recent appearance of “Koler,” a variation of ransomware that issues a fake “police warning” and demanding payment of a fine, again about $300. This malware does not, however, encrypt data. It is also fairly straightforward to protect against, as the Android setting “Allow installation of apps from unknown sources” must be enabled for it to infect a device.
IT support scams seem to be all the rage with offshore con artists lately. These fraudsters cold call or simply aggressively advertise to pull victims in and make them believe they are dealing with large, reputable companies like Microsoft or HP. Once they have made contact, they persuade users to give them remote access to their computers. Typically, the agent uses Windows’ built-in Event Viewer to display a list of routine errors (inevitable on any PC) and claims they are viruses that need to be expensively removed.
Some of these agents also allegedly look for and steal private information on their victims’ PCs, all while charging a typical rate of around $300 to “clean out the viruses.”
Ars Technica has run a story about an undercover FTC investigation into one such scamming operation, a company in India called PCCare247. The company employed 115 people at one point and pulled in $4 million in revenue in a single year, just in the United States.
This particular group may be out of action now, but many more are still around. I just recently had a victim of one of these scammers bring in a perfectly virus-free PC for cleaning based on the word of one such agent. In particular, the elderly and younger people who are less computer-savvy are vulnerable. It’s also important when searching for technical support from a particular company to ensure that the link you click on is from that company’s real domain, e.g. hp.ca rather than hp-support.pcsupport.com or something along those lines.
The first well-known fake mobile antivirus software was called Virus Shield, and it was placed in the Google Play Store. Since then, the malware has become progressively more sophisticated. Now, it seems to be using the names of legitimate antivirus software companies.
Kaspersky posted an article five days ago about a couple of these malware packages using their name, one on Google Play and the other, unusually, in the Windows Phone Store. Most major antivirus vendors have mobile versions of their software, but the layout and apparent lack of source verification in mobile app stores, coupled with the sometimes complicated named software vendors give to their products, can make it easy to mistakenly install the wrong app. For example, in the Kaspersky example above, the real antivirus software is called “Kaspersky Internet Security for Android,” while the fake apps were given the much simpler names “Kaspersky Mobile” and “Kaspersky Anti-Virus 2014.”
It seems that the only safe way to obtain mobile antivirus apps is by visiting the vendor’s website and locating it there, rather than trusting any mobile app store.
A number of news outlets are reporting that the US and UK governments have issued a warning advising users of Microsoft’s Internet Explorer web browser to stop using it for now due to a major vulnerability.
There are a number of alternative web browsers available, including Mozilla Firefox and Google Chrome. Both of them have mobile versions and the ability to synchronize bookmarks, add-ons, and other data with multiple devices.
Media are linking this to the End of Support for Windows XP but this appears to be unrelated, as Internet Explorer versions 6 through 11 are affected by this vulnerability. Windows XP supports Internet Explorer only up to version 8. This does mean, however, that any fix for the problem will not be applied to Windows XP, so it is best to use an alternate browser until XP systems can be upgraded.
No word yet on how long it will take for a fix to be released for newer versions of Windows.
The much-covered Heartbleed vulnerability in OpenSSL, has been detected, exploited, patched, and fixed on every major website by now, so it’s the perfect time to change your passwords.
Heartbleed is a security bug that created a vulnerability in OpenSSL’s Transport Layer Security (TLS) protocol implementation, specifically that of its heartbeat extension. The defect permitted up to 64 kilobytes of memory on an affected server to be read with each heartbeat. Worse, the timing of the bug’s disclosure was such that many servers could not be fixed in time to prevent the potential for some level of exploitation.
It is therefore prudent to assume that at least one of your passwords may potentially have been compromised by Heartbleed. The most widely recommended course of action is to change all of your passwords on all websites once the patch is applied to them. At this point, all major and nearly all minor sites will have the appropriate fixes in place. So take the time to change and memorize a new set of passwords now, if you haven’t already done so.
Conveniently, there is a handy test you can run on any URL to verify that it is no longer vulnerable to Heartbleed.
An increasing number of infections have been reported from the relatively new CryptoLocker malware, which encrypts files and holds them for ransom. Unlike previous ransomware, CryptoLocker makes its targeted files legitimately unrecoverable and also appears to honour ransoms by decrypting the files when paid (at least for now).
Naked Security has a pretty accessible overview of what CryptoLocker does and how to avoid infection. The primary vector appears to be email attachments, so please be particularly vigilant and do not open attachments unless you are certain of their contents.
A Los Angeles high school discovered the danger in freely issuing mobile devices when the security on hundreds of its iPads were promptly hacked.
Ars Technica reports that the students exploited the inherently weak restrictions on modifying their ActiveSync profiles, allowing them to quickly and easily unlock the devices for general use.
US Airways has announced that 7700 of its frequent flier user accounts have been hacked.
Skift reports that mileage credits were taken from a small number of accounts, all of the compromised accounts have been disabled, and that police are investigating.
Microsoft’s announcement that it intends to shut down its long-running MSN Messenger service and replace it with Skype has inspired enterprising malware developers to start offering fake installers.
The original announcement came late last year, but only recently as the cut-off date of April 8 (April 30 in Brazil) approaches have these attacks appeared in significant numbers.
Kaspersky’s securelist.com offers some additional details, including some of the domains involved.
Publicity photos of Prince William covering his day-to-day work as a search-and-rescue helicopter pilot were released with computer passwords visible in the background. In at least one photo, login information is shown printed on a sheet of paper tacked to the wall behind the prince’s head.
Sophos’ Naked Security blog has a good write-up with the sensitive details blacked out, and mentions the importance of changing to much stronger passwords immediately. The Guardian reports that the passwords shown have indeed been changed.