Security Protection – Harry Waldron (WP) Rotating Header Image

January, 2012:

Facebook – Avoid Fake Profile reporting applications

The Facecrooks security sites warns users to avoid installing apps that report to watch user profile information (as they currently do not exist)

http://facecrooks.com/Scam-Watch/omg-i-just-n0ticed-who-keep-watching-my-profile-and-photos-it-was-really-shocking-to-know-facebook-scam.html

QUOTE:  Clicking “Allow” will give the scammer access to your Facebook data at any time and the application will be able to post to Facebook as you. This will allow them to spam their scam messages to all of your friends. This particular application is called “Pr0file Watcher”, but scams like this are known to use multiple Facebook apps. Anytime you install a third party Facebook application, you give the application developer access to your personal data. Always be very selective on the apps you install, and only install them from well-known, trusted sources.

FaceBook – Use caution in installing applications

http://facecrooks.com/Internet-Safety-Privacy/why-you-should-not-install-fun-entertaining-facebook-applications.html

QUOTE: We often have readers ask us questions about specific Facebook applications. Some apps generate an enormous amount of spam and can annoy your Facebook friends. Others are outright scams and should be avoided entirely. For example, any application offering to show you who has viewed your profile, who your Facebook stalkers are etc., are guaranteed to be fraudulent. Facebook doesn’t allow developers access to the data required to create apps like this.

Android.Counterclank – Update from Symantec

http://www.symantec.com/connect/blogs/update-androidcounterclank

QUOTE: Last week, we posted a blog informing Android users of the discovery of new versions of Android.Tonclank, which we have named Android.Counterclank. The blog generated a bit of discussion over whether these new versions should be a concern to Android users. When classifying applications, our focus is on whether users want to be informed of the application’s behavior, allowing them to make a more informed choice regarding whether to install it.

Android.Counterclank – SYmantec Malware description http://www.symantec.com/security_response/writeup.jsp?docid=2012-012709-4046-99

Zscaler – Analyzes URL safety

Zscaler analyzes the safety associated with website links as noted below:

PC Magazine: Zscaler – Analyzes URL safety http://securitywatch.pcmag.com/internet-crime/293516-zscaler-zulu-flags-dangerous-sites

Zscaler – Analyzes URL safety (Home Page) http://zulu.zscaler.com/

QUOTE: Security experts constantly warn you to avoid clicking links in tweets, emails, Facebook posts, and so on. Even if the sender is a friend, the link might have been added by a virus. So does that mean you can never check out the latest viral video? Sure, you can do that. Just check the URL with ZScaler’s free Zulu URL Risk Analyzer first.

SuperBowl – Six ways to avoid online scams

This PC Magazine article share good protective approaches:

SuperBowl – Six ways to avoid online scams http://securitywatch.pcmag.com/none/293485-super-bowl-xlvi-6-ways-to-avoid-an-online-scam

QUOTE: Six methods of protection include:

1. Buy tickets from legitimate or licensed resellers 2. DON’T leave sight of the site 3. Pay using encryption (SSL) 4. Scrutinize your ticket 5. DON’T share personal information 6. 6. DON’T fall for online scams

For more, see 11 Tips for Safe Online Shopping

FaceBook – Valentines Malware themes circulating

Trend Labs shares an important holiday warning to be cautious in selecting any link, app, or theme:

FaceBook – Valentines Malware themes circulating http://blog.trendmicro.com/facebook-valentines-theme-leads-to-malware/

QUOTE:  It’s never too early to get ready for Valentine’s day, it seems, even when it comes to malicious attacks. Recently, I came across a scam in Facebook that leverages the upcoming occasion.   The said attack begins with a post on affected users’ wall inviting other users to install a Valentine’s theme into their Facebook profile

MS12-004 Early malware attacks starting to appear in wild

Trend Labs documents early developments for malware attacks that exploit the Windows Media Player vulnerabilities patched under MS12-004 during the Microsoft January updates.  Corporate and Home users should patch promptly and avoid all suspicious objects offered in email or websites

MS12-004 Early malware attacks starting to appear in wild http://blog.trendmicro.com/malware-leveraging-midi-remote-code-execution-vulnerability-found/

MS12-004 is rated as a highly critical security patch by Microsoft & ISC http://technet.microsoft.com/en-us/security/bulletin/ms12-004

QUOTE:  Earlier today, we encountered a malware that exploits a recently (and publicly) disclosed vulnerability, the MIDI Remote Code Execution Vulnerability (CVE-2012-0003). (Ed. Note: addressed in MS12-004).  The said vulnerability is triggered when Windows Multimedia Library in Windows Media Player (WMP) fails to handle a specially crafted MIDI file, consequently allowing remote attackers to execute arbitrary code.

In the attack that we found, the infection vector is a malicious HTML which we found hosted on the domain, hxxp://images.{BLOCKED}p.com/mp.html. This HTML, which Trend Micro detects as HTML_EXPLT.QYUA, exploits the vulnerability by using two components that are also hosted on the same domain. The two files are: a MIDI file detected as TROJ_MDIEXP.QYUA, and a JavaScript detected as JS_EXPLT.QYUA.

Facebook – Do not install What Does your Name mean application

The security firm Facecrooks documents a new scam circulating

What does your name mean? Find out here – Facebook Scam http://facecrooks.com/Scam-Watch/what-does-your-name-mean-find-out-here-facebook-scam.html

QUOTE: What does your name mean? Find out Here – >  Installing the application gives the developer access to your basic information. You are also asked on the next screen if you would like to give the application the ability to post to your Facebook Wall. (How nice of them to ask – usually they don’t give you the option  The end game of the scam is the follow survey:

Android Counterclank BotNet – Over 1 million downloads

The new Android Counterclank BotNet has been downloaded over 1 million times and may have infected a large number of users:

Android Counterclank BotNet – Over 1 million downloads http://securitywatch.pcmag.com/none/293451-millions-download-new-trojan-discovered-in-android-market

QUOTE:  Symantec has discovered a new Android botnet that is still thriving in the Android Market and has already been downloaded several million times this year. The Trojan ‘Android.Counterclank’ was packaged in at least 13 free games published by three different publishers, making it harder to trace. Symantec notified Google on Thursday and at press time, 9 of the apps were still available in Google’s official app store.

According to Symantec researcher Irfan Asrar, ‘Counterclank’ can carry out commands from a remote control center on your mobile device. According to Symantec’s virus definition, it steals information and can potentially display ads on your device.  “When the package is executed, a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen,” Asrar wrote. No information on geographic scope has been given, but Asrar said that the sheer number of downloads, 1-5 million, makes it the most widespread piece of mobile malware found so far this year.

 

Spam email – may infect some PCs without opening attachments

Users should avoid spam messages titled as “Banking security update” and in general be careful with all Spam email messages. A sophisticated HTML based attack has surfaced which uses a malicious JS agent.  Plain text viewing of email messages may also improve user safety.

Getting infected just got a whole lot easier, researchers say http://www.darkreading.com/security/attacks-breaches/232500660/new-drive-by-spam-infects-those-who-open-email-no-attachment-needed.html

QUOTE:  According to researchers at eleven, a German security firm, the new drive-by spam automatically downloads malware when an email is opened in the email client. The user doesn’t have to click on a link or open an attachment — just opening the email is enough. “The new generation of email-borne malware consists of HTML e-mails which contain a JavaScript which automatically downloads malware when the email is opened,” eleven says in a news release.”This is similar to so-called drive-by downloads, which infect a PC by opening an infected website in the browser.”

The current wave of drive-by spam contains the subject “Banking security update” and has a sender address with the domain fdic.com. If the email client allows HTML emails to be displayed, the HTML code is immediately activated. The user only sees the note “Loading…Please wait,” eleven says. In the meantime, the attempt is made to scan the PC and download malware.