Security Protection – Harry Waldron MVP Rotating Header Image

July, 2013:

AVAST AV – Most widely downloaded software in Europe

AVAST provides a good free AV offering and is popular in Europe as noted in recent download trends:

http://blog.avast.com/2013/07/25/avast-is-most-downloaded-software-in-europe/

QUOTE: Softonic, one of the world’s largest download site for Windows, Mac and mobile, has just announced that avast! Free Antivirus is the most popular download in Europe.  Thank you to our users who have downloaded AVAST from Softonic!    Read Softonic’s Software Trends (PDF) report to learn more about popular downloads and trends.

 

Malware – Janicab has Mac OSX and Windows variants

AVAST and F-Secure are reporting multi-platform variants in the Janicab malware family

http://blog.avast.com/2013/07/22/multisystem-trojan-janicab-attacks-windows-and-macosx-via-scripts/

http://www.f-secure.com/weblog/archives/00002581.html

QUOTE: Last week, we wrote about a script-based malware targeting Mac users. Yesterday, the folks from avast! revealed a Windows version.  On Friday, July 12th a warning from an AVAST fan about a new polymorphic multisystem threat came to an inbox of AVAST. Moreover, an archive of malicious files discussed here were attached. Some of them have been uploaded to Virustotal and therefore they have been shared with computer security professionals on the same day. A weekend had passed by and articles full of excitement about a new Trojan for MacOs started to appear on the web. We decided to make a thorough analysis and not to quickly jump on the bandwagon. The key observation is that the final payload comes in the form of scripts needed to be interpreted by Windows Script Console resp; Python in the case of MacOs. Moreover a script generator that creates new malicious Windows file shortcuts was also included.

Facebook – New version of Video Ads Hoax circulating

Facecrooks security shares a new Facebook hoax that is actively circulating:

http://facecrooks.com/Scam-Watch/Facebook-Video-Advertising-Hoax-Spreads.html

QUOTE: Though Facebook is actually considering adding video ads to users’ News Feeds, a hoax message purporting to be from Mark Zuckerberg is spreading across Facebook that claims that these ads will radically change user experience on the site.

We are currently looking into playing video ads as a way to increase the profitability of Facebook,” the fake Zuckerberg message reads. “These ads will stop what you are doing every ten minutes and play for anywhere from 15 to 60 seconds. You will then be able to resume what you were doing prior to the ad playing.” The hoax message then goes on to say that users should share this message (with a photo of Zuck) if they don’t want Facebook to implement video advertising.

The reason scams like this work is simple: they combine people’s fears about Facebook with a grain of actual news. While Facebook is considering video ads, it would never introduce a product that would halt users from using the site for any length of time. Even if they did want to implement video ads, they wouldn’t send out a survey asking users for their opinion. This scam is one of the more realistic ones that’s been distributed lately, though upon any close level of examination, it’s still an obvious a hoax.

Facebook – New Insights program tracks user behavior

As Facecrooks security notes Facebook users should carefully select goods and services they like, as increased tracking of user behavior generates advertising revenues.  While not a major security or privacy threat, users should be aware their online behaviors are being tracked to help generate advertising data and revenues

http://facecrooks.com/Internet-Safety-Privacy/New-Facebook-Insights-Allow-Businesses-to-Closely-Track-User-Behavior.html

QUOTE: Facebook has promoted itself as one of the best platforms on the Internet for advertisers to reach their customers, and it’s easy to see why: with an active user base of over 1 billion and comprehensive tracking analytics, advertisers can target their audiences more than ever before. Indeed, some of Facebook’s new analytics tools for its Pages are more far-reaching than ever.  While hash tags have so far failed to take off on Facebook, companies can still closely observe user behavior using analytics.

One new Facebook analytic details the reach of a page to both fans and non-fans, as well as an “optimal posting time” function that shows a page’s administrator what times of day their user base is most active. Facebook’s Insights also allow page administrators to closely track user engagement with all of their content.  While none of this represents a dire threat to your online privacy or security, you should be extra aware of how your Internet habits can be used by companies before you “Like” a page. While clicking that thumbs-up seems like a fairly innocuous gesture, advertisers can gain all sorts of information about your Facebook habits when you designate yourself as a “Fan” of something.

Microsoft Active Protections Program (MAPP) – July 2013 changes

Microsoft details changes this month associated with it’s MAPP initiative:

http://blogs.technet.com/b/bluehat/archive/2013/07/29/new-mapp-initiatives.aspx

http://www.microsoft.com/security/msrc/collaboration/mapp.aspx#

QUOTE: MAPP was our answer to a common phrase used back then: “Update Tuesday, exploit Wednesday.” This was a time when exploit writers had developed full automation for reverse engineering our security updates and building exploits. Security vendors received information at the same time as everyone else and had to then develop and test signatures before applying the updates. MAPP gave the security vendors, the “good guys,” a head start against the “bad guys.” In the years since its inception, MAPP has been successful in allowing these vendors to release protections when we release the updates so that our customers have the time they need to test and deploy them.

Today, we are introducing a few changes based on the changing threat landscape and feedback from our partners.

MAPP for Security Vendors – First, in order to have a clear definition of the existing MAPP program and be able to convey how the new programs differ, we are now calling what the world today knows as MAPP, “MAPP for Security Vendors.” So, on top of streamlining and improving the quality of detection guidance, we are expanding the signature development window from one to three business days for MAPP partners who meet certain stringent criteria.

MAPP for Responders – Through this new program, MAPP for Responders, we are working to build new partnerships and community collaborations that will enable strategic knowledge exchange. Microsoft intends to contribute to this effort by sharing threat indicators such as malicious URLs, file hashes, incident data and relevant detection guidance. Employing a “give to get” model, the community will benefit when data they provide is enriched by aggregating it with data from others.

MAPP Scanner– The MSRC employs some of the brightest engineers in the industry, the sort who build tools such as !exploitable, OffVis, and EMET. MAPP Scanner, currently in a closed pilot program, is a content-based vulnerability scanner developed by our security engineers to aid in investigating incidents. We are introducing MAPP Scanner as a cloud-based service that can be used to scan Office documents, PDF files, Flash movies, and suspect URLs, to determine if they are attempting to exploit a vulnerability.

Going Forward – As with Microsoft’s other security initiatives, such as the BlueHat Prize and our new bounty programs, the mission for MAPP is simple: mitigate entire classes of attack and protect customers. We have a long history of working across many different communities to drive this mission and will continue to do so.

Windows 8 – Users will need to migrate to 8.1 within two years

With Windows 8, Microsoft has introduced versioning rather than service pack updates as the key approach for being on latest build.  The requirements to be on latest build for update support will be similar to what is required for being on latest service packs

http://www.computerworld.com/s/article/9241230/Microsoft_mandates_Windows_8.1_upgrade

http://blogs.windows.com/windows/b/business/archive/2013/07/30/windows-8-1-enterprise-preview-now-available.aspx

QUOTE: Windows 8 customers will have two years to move to Windows 8.1 after the General Availability of the Windows 8.1 update to continue to remain supported under Windows 8 lifecycle. With the availability of Windows 8.1 Enterprise Preview, it is time to start planning your deployment  – and there are deployment tools and guidance available to help make these updates seamless for customers.

Windows 8.1 Enterprise Preview – Now Available

The new corporate preview version for Windows 8.1 is now available

http://blogs.windows.com/windows/b/business/archive/2013/07/30/windows-8-1-enterprise-preview-now-available.aspx

http://technet.microsoft.com/windows/hh771457.aspx?ocid=wc-blog-wfyb

QUOTE: Windows 8.1 Enterprise Preview is now available for download for customers to start testing the operating system in their environments. Windows 8.1 Enterprise Preview builds on the Window 8.1 Preview which is currently available, adding premium features designed to address mobility, security, management and virtualization needs of today’s enterprise.  Here are the premium features that will be offered to customers as a part of the Windows 8.1 Enterprise edition:

* Windows To Go Creator

* Start Screen Control

* DirectAccess

* BranchCache

* Virtual Desktop Infrastructure (VDI)

* AppLocker Windows Enterprise Side-Loading

These Enterprise edition features add to the broader range of the new business capabilities in Windows 8.1. These features included:

* Assigned Access

* Inbox VPN Clients

* Open MDM

* Workplace join

* Remote business data removal

IE10 – Rated as top browser in Privacy tests by NSS Labs

All current versions of browsers improve user privacy protection. In recent testing, NSS Labs rated IE10 as being most secure in area of privacy controls.

http://securitywatch.pcmag.com/privacy/314028-internet-explorer-protects-your-privacy-better-than-chrome-really

https://www.nsslabs.com/reports/2013-browser-security-comparative-analysis-privacy-0

QUOTE: You can buy dozens of security products designed to protect your online privacy in dozens of different ways. Really, though, when it comes down to it, shouldn’t privacy protection be built right into the browser? Truth to tell, the major browsers all have varying degrees of privacy protection built in, but some handle it better than others. A recent report from NSS Labs details the differences. For testing purposes, the researchers examined the latest versions of Internet Explorer, Firefox, Chrome, and Safari. They evaluated each product’s default settings, since the majority of users are unlikely to fiddle with the defaults. Internet Explorer emerged as a clear winner, which may come as a surprise to Chrome enthusiasts.

Conclusions – Internet Explorer provides the best privacy protection of the bunch, says this report. Safari, Firefox, and Chrome follow, in descending order. In its current form, Do Not Track is not effective; the report encourages readers to support legislation strengthening privacy rights.

Malware – Royal Birth scams are circulating

Fake royal birth photos and articles are circulating as “bait” to compromise PC or user security. On all major news events users should exercise caution when presented with email, links, Facebook selections, etc.

http://securitywatch.pcmag.com/spam/314106-royal-baby-pictures-and-video-give-birth-to-spam-scams

http://louisville.bbb.org/article/BBB-Warns-Beware-of-Royal-Baby-Scams-43058

QUOTE: BBB warns, be careful when searching Google for news about the royal baby. Scam artists use fake websites to corrupt your computer. On Facebook, you may see a friend likes an “exclusive” video of the new royal baby. Curious, you click on the link. You are taken to a 3rd party website, where a pop up appears prompting you to “update your video player” before you can view the clip. You click “Ok.” However, when you download the file, you aren’t updating your software. You are downloading a virus that scans your machine for banking and other personal information. Similar scams can be found on Twitter and other social media.

Take the following steps to protect yourself:

1. Don’t take the bait. Just stay away from promotions of “exclusive,” “shocking” or “sensational” footage. If it sounds too outlandish to be true, it is probably a scam.

2. Hover over a link to see its true destination. Before you click, mouse over the link to see where it will take you. Don’t click on links leading to unfamiliar websites.

3. Report Scams. On Facebook, report scam profiles, posts and other suspicious activity

4. Use good anti-virus software. Be sure your anti-virus software is up-to-date!

5. Stick to major and trusted news sites. If anyone is going to have the latest scoop, it’s going to be them.

Android Security – Skullkey trojan horse uses new Master Key Exploit

Android users must be even more cautious when selecting applications, as the new master key vulnerability has quickly materialized into an exploit.  This new attack allows an infected version of an app to spoof digital signature controls.  This new attack is circulating in-the-wild in China:

http://securitywatch.pcmag.com/android/314052-trojans-exploiting-android-master-key-flaw-found-in-the-wild

http://www.symantec.com/connect/blogs/first-malicious-use-master-key-android-vulnerability-discovered

http://www.symantec.com/security_response/writeup.jsp?docid=2013-072322-5422-99

Two apps distributed in Chinese marketplaces are exploiting Android’s “master key” vulnerability, Symantec researchers found. The “master key” vulnerability, publicized earlier this month, allows attackers to modify existing apps by inserting a malicious file with the exact same name as an existing one in the application package.

When Android opens the package file, it validates the first file’s digital signature and doesn’t validate the second because it thinks it has already validated that file. The biggest concern was that attackers can exploit the flaw to create malicious apps which can masquerade as legitimate apps and remotely take control of user devices.

Symantec found two apps distributed in an app marketplace in China that were using the exploit. The apps are used to find and make appointments with a doctor.  The Trojan hides using the Android ‘Master Key’ vulnerability to keep the legitimate app signature valid.  The Trojan allows attackers to perform the following actions:

* Open a back door * Steal sensitive data (such as IMEI and phone number) and sends it to apkshopping.com * Send premium SMS messages * Disable certain security apps by using any available root commands * Send SMS message to all the device’s contacts in order to infect others

More can be found here:

http://msmvps.com/blogs/harrywaldron/archive/2013/07/15/android-security-new-master-key-vulnerability.aspx