What can you do to help prevent the spread of rogues and make sure that rogue software vendors stop profiting from their unscrupulous business? Follow these tips below to tell what’s real and what’s not when it comes to security software – and share them with friends and family who may be vulnerable to rogue threats.

1. Do not fall for scare tactics. While browsing sites, be cautious of pop-ups warning you that your system is infected and offering a product to clean it up. Never pay for a program that installed itself to your computer. This is a hallmark of rogue software.
2. Use security software with real-time protection and keep it up-to-date. If you know that you have anti-virus, anti-spyware, and a firewall on your PC, you can safely ignore security alerts you receive that do not come from your chosen security software provider. (Rogue security software will often try to lure computer uses by using legitimate looking pop-up messages that appear to be security alerts.) Also, most anti-malware programs, like Lavasoft’s Ad-Aware, will help keep you protected from rogues because they can detect and remove these programs.
3. Access experts at the Lavasoft Support Forums or other security forums and ask about the software you are considering before you decide to purchase it.
4. Read the software reviews at reputable sites like Download.com. Do not blindly trust individual sites offering security products. You can also refer to Lavasoft’s Rogue Gallery to check to see if a program in question is listed as a rogue.
5. Ask knowledgeable friends and family members about quality software they use. Keep in mind that when you search for trustworthy security software online, rogue products can, and often do, appear in the search results list.
6. Practice online skepticism. Be aware that rogue security software does exist on the Web, and be vigilant about avoiding it. These programs are designed to appear genuine – meaning they may mimic legitimate programs, use false awards and reviews to rope you in, or employ other deceptive tactics. It’s also a good idea to familiarize yourself with common phishing scams, and to be cautious of links in e-mail messages and on social networking sites.

Contributed by Erin Earley, editor of Lavasoft News, the anti-malware pioneer’s educational industry newsletter, has written extensively about computer security issues and the risks that affect computer.

Tags: Blog, Protect Against Malicious Software Add Comment »

You may not be familiar with the term ‘rogue software’ but there’s a very good chance that you or someone you know either has experienced it, or will in the near future. As malware writers inundate the web with rogue anti-malware programs, this kind of trickery is becoming more and more common, and now poses one of today’s greatest security challenges to computer users. 

Let’s take some facts and figures on these fake anti-malware programs into consideration: 

• In the end of December, the U.S. FBI released its first public alert on scareware, warning computer users to be wary of pop-ups that report security problems on their PC’s.
• The estimated dollar loss to victims that this type of malware has resulted in, according to the FBI: $150 million.[1]
• According to Lavasoft Malware Labs analysts, the number of rogue applications is rising at an alarming rate. In 2005, 11 new rogues programs were found; in 2006, 39 new rogue programs were found; in 2007, 119 new rogues were found; in 2008, 225 new rogues were found; in 2009, 233 new rogues were found. December 2009 alone saw the release of 28 new rogues – almost one new rogue per day.

What exactly is a rogue?

Due to today’s range of online risks, most of us are well aware that we need anti-malware protection on our computers in order to stay safe and secure online. The problem: not all anti-malware programs actually do what they say they will, and some are really just malware in disguise.  In fact, malware authors are using your recognition that security software is a needed part of your online defense to scam you.

Rogue security applications are sometimes referred to as scareware because they try to frighten users into thinking they need to buy a certain program. Taking the form of legitimate-looking anti-virus, anti-spyware and anti-malware products, these rogue applications appear beneficial from a security perspective but provide little or no protection, generate misleading alerts, or attempt to lure you into a bogus transaction; essentially, they are malware, pretending to be genuine Internet security programs, and they aim to steal your money, private information, or expose you to other high risk cyber threats.

How do these rogue programs propagate?

Rogues are distributed in a variety of ways, using social engineering tactics to deceive and mislead people. For example: 

• You may see an ad for a security software product pop-up on your PC as your browsing the Web, warning you that your PC is infected with malware, prompting you to download a specific program to remove it.  
• It may be distributed by a fake codec (supposedly necessary to view a certain video). 
• You may see messages that appear to come from your operating system, telling you that your system is infected, and pushing you to take a certain action, like visit a website or download a program. 

What do these programs do?

Microsoft’s Help and Support page explains it well, stating that, “Rogue security software might report a virus, even though your computer is actually clean. The software might also fail to report viruses when your computer is infected. Inversely, sometimes, when you download rogue security software, it will install a virus or other malicious software on your computer so that the software has something to detect.”[2] 

At Lavasoft, Malware Labs analysts are in a constant fight to find these rogue programs, and add them to Ad-Aware’s Detection Database of online threats. 

Still, rogue authors know they have a successful business model, and keep churning out new rogues, in order to snare new potential victims. This is shown most evidently by the growth of rogues in recent years. From 2005 to 2009, the number of rogue applications increased by 2,018 percent. 

What can you do to educate yourself and stay safe?

Enter the Rogue Gallery. The Rogue Gallery is part of Lavasoft’s commitment to stop the spread of these rogue programs, giving consumers a practical resource to quickly and clearly identify what programs are rogue – and avoid them. 

“It can be quite difficult for the average Internet user to keep track of these rogue programs. Inspired by the great work done before us by Spywarewarrior.com – a fantastic resource in its day which really helped a lot of users – we wanted to continue the work started and create a site with both historical information about older rogues as well as up- to-date information about the latest rogue threats,” says Andrew Browne, head of the Malware Labs at Lavasoft. 

The Rogue Gallery, powered by the Malware Labs at Lavasoft, lists every rogue added to Ad-Aware’s threat database throughout Lavasoft’s history. It currently houses over 500 rogue applications, and is updated upon each new rogue program discovery. Using this resource, consumers are able to search for rogues in alphabetical order or choose to display the latest threats. Also included on the site is a link to “Submit a Rogue”, giving users the ability to quickly and easily send any suspicious programs directly to the Malware Labs to be analyzed and added to detection if necessary.

“There are many sites that have fragments of information about rogues or just aren’t updated regularly enough to be useful. In the Lavasoft Rogue Gallery, you’ll find the names of every rogue seen, a screenshot of its user interface and additional information about it. We update the site every time a new rogue is identified and hope users will use the information to avoid becoming victims of scareware,” Browne says.

The Rogue Gallery is available at http://www.lavasoft.com/mylavasoft/rogues.

Contributed by Erin Earley, editor of Lavasoft News, the anti-malware pioneer’s educational industry newsletter, has written extensively about computer security issues and the risks that affect computer.

[2] http://www.microsoft.com/security/antivirus/rogue.aspx

Tags: Blog, Protect Against Malicious Software 1 Comment »

Things will change: Wishful thinking in 2010?

A satirical approach to security in 2010

1. More budget allocated for IT security spending

Even though many countries are starting to pull out of the recession, don’t think it will be a bumper year for IT security budgets. You may notice an increase in overall IT spending but come the first bump, IT security projects will be the first to get the chop.

2. Management grasps the concept of an ever-evolving security landscape

The media has been awash with security stories this year but that doesn’t mean that management will be aware of the changing security landscape. Unless they’ve been hit themselves (and hard) many in management will still think that solutions other than anti-virus and anti-spam are a waste of money. The ‘it won’t happen to me’ syndrome will strike again.

3. Employees boost productivity, forsake non-work related browsing

If only. There are too many online distractions for employees these days. Social networking sites, news, entertainment, adult material are just too much of an attraction to ignore. How else are employees supposed to pass the time at the office? If you’re looking to boost productivity, you better have the means to control what your employees are doing online!

4. Security policies are understood and adhered too without enforcement

And they will be asking for monthly updates (sic). Security policies are there to be ignored (like most laws) and employees will only huff and puff when you mention them. How dare you tell them what type of password to use or that they cannot buy stuff from eBay? Putting your trust and faith in a compliant and accepting workforce next year will only create more problems – especially when security is at stake.

5. Employees will not lose their laptops, USB sticks or hard drives

If the statistics are anything to go by, you had better make sure all your external and portable devices have decent encryption on them and you know exactly what data is being copied. Apart from those with malicious intentions, most employees are just negligent with items that are not theirs… and it is so easy to forget a laptop in the car while they pop into the convenience store. Why they would need to take a USB stick with them to the pub for a pint (and leave it there) is beyond reason… but it happens. So you are forewarned.

6. All suspicious links, emails or web activity are reported immediately

No way. Employees will continue to use IT with little regard for security. The will still click on links in emails or on websites without stopping to think how their actions could compromise security. And if something bad happens, you’ll get the standard response ‘I have no clue how that happened’. The only immediacy you’ll see is a request for help when their Internet connection is down or their email is not working. As if they’ll tell you that they have downloaded a couple of games from a warez site or something funny happened when they connected a USB stick someone gave them.

7. Employees will not fall for social engineering or phishing attacks

Hope lives eternal… but you’re in for a long wait. Too much trust and an element of scaremongering are the main factors why people fall for social engineering tricks. Unfortunately, employees tend to act and then think after they did something. If it’s any consolation even C-level individuals are known to slip up more than once. Hopefully, it won’t happen in your own backyard.

8. Huge decrease in software patches released

Now wouldn’t that make a lot of people happy? Yes, but it won’t be the case in 2010. Products and platforms are more stable nowadays but don’t bet your last dime on a year of fewer exploits and even less frequent Patch ***days (choose relevant day/s of the week).

9. Spam will fall to manageable levels

Spammers will not become an extinct breed in 2010. With spam holding its ground at around 90% of all email, it will take a miracle to drop that percentage down to anything remotely acceptable. The spamming community and their army of botnets will continue sending out spam and more spam. Be prepared for some new nasties in the New Year.

10. Your dreams will come true

Not. If you really are confident that these dreams will materialize, your optimism abounds. While all may sound doom and gloom there will always be a flickering light at the end of the tunnel. It’s just going to take a bit longer to get there and a lot more hard work.

Contributed by David Kelleher of GFI

Tags: Blog 1 Comment »

Cyber thieves are constantly adapting their techniques to get inside of users’ computers, and to ultimately get hold of private or secure information. This year has been no different. To help computer users make sense of what the past year has brought in terms of online security, Andrew Browne, team leader at Malware Labs at the online security company Lavasoft, answers questions on the state of malware in 2009, and what it means for users online security.

In general, what type of year has 2009 been in terms of online threats that users are faced with?

The number of malware samples added to Ad-Aware’s threat database in Q1/Q2 of 2009 has increased by 600 percent compared to Q1/Q2 of 2008. The bad guys have been busy.

What was the biggest challenge that the bad guys presented this past year?

The sheer volume of malware being produced has been the biggest challenge for us – many samples are repackaged versions of the same thing so we have worked hard on making efficient detection routines for ‘same but different’ malware.

Malware writers, rather than simply releasing one version of their creation into the wild, will make changes to the malware so that while the functionality of it remains the same, it looks like a different file. They then release thousands of essentially the same file into the Internet. Our new detection system in Ad-Aware, Genotype, allows us to look at core attributes of this series of malware – we then create detection routines that allow us to detect all of the files that share the same core attributes.

LN: What about what home users are seeing as they browse the Web – has Malware Labs identified any trends in 2009?

Unsuspecting users eager for more information on breaking news and current events have been more likely than ever to encounter a booby trapped website via search engine results poisoned by blackhat SEO (search engine optimization) techniques, spam e-mail or social networking sites.

In order to increase numbers of potential victims, malware distribution has, on occasion, crept onto well known legitimate sites in the form of advertising banners that contain malicious code. Criminals have audaciously impersonated advertising representatives from large companies in order to plant malicious adverts on these high profile sites. The sheer number of visitors to sites like The New York Times, which was affected by a malicious advert this year, means that it is certainly profitable for criminals to go to such unusual lengths.

LN: There’s a lot that computer users need to be aware of when it comes to their online security. What do you see as the most significant security challenge to home users this past year – and what can be done about it?

Recognizing vulnerable, unpatched applications on their PC. Ongoing efforts to raise consciousness about the importance of applying operating system patches are making ground. Conficker gained much media attention this year with many of the reports relating an unusually high level of information, highlighting the vulnerability in the Microsoft Windows Server Service (MS08-067) and advising users to apply the patch available for it from Windows Update.

Users have begun to appreciate the need for operating system patching but are probably less aware of the need to apply security updates to applications on the operating system. There is still some work to be done on the part of software publishers. Patches fixing application vulnerabilities are typically slow to appear and when they do appear, it is not always clear to the user that a patch or update is available and that action should be taken.

The latest versions of the Firefox browser will warn users if their version of the Adobe Flash Player plug-in is out-of-date and recommend updating it. Mozilla, publishers of Firefox, plan to work with other vendors to provide similar checks for their plug-ins. This is a big step forward in alerting users that it’s not only the operating system that should be kept up to date with the latest patches.

To home users, I would recommend checking out Secunia’s free Personal Software Inspector application which can help identify which applications on their machine are out of date and have patches or updates available for them.

Contributed by Erin Earley, editor of Lavasoft News, the anti-malware pioneer’s educational industry newsletter, has written extensively about computer security issues and the risks that affect computer

Tags: Blog, Protect Against Malicious Software 2 Comments »

Cyber Monday is coming soon – many SMBs aren’t protected from the threats posed by employees online shopping from work.

Online holiday season retail sales grew 12 percent (Forrester Research Inc.) last year and much of this was done by employees using company computers in the workplace. Last year, 55.8 percent of workers with Internet access said they planned to shop online on Cyber Monday (National Retail Federation). This year does not look like it will be any different with over 40 percent of online shoppers stating they shop online because of the ability to shop at any hour of the day (Shop.org). Further, some say they shop online because of the new websites and tools that are springing up to help consumers locate the bargains they want (MarketingVox).

According to a study published by ISACA, a nonprofit association of IT professionals, the most prolific shoppers are those in the 18-24 age bracket, as 40 percent of those in this bracket said they will spend up to five hours doing online shopping from their desks. Ironically, this group is also typically the least concerned about the security of their work PCs.

“The fact that so many plan to do holiday shopping from their work computers, combined with their lack of concern for how secure their computers are, points to an urgent need for employers to pay closer attention to what employees are doing online during office hours and to educate employees to be careful what sites they are visiting and what files they are downloading”, says David Kelleher at GFI Software.

According to a recent GFI survey of small-medium businesses (SMBs) only 9 percent said they are concerned about internal threats and only 36 percent monitor employee browsing activity. There are two points that merit discussion. First, companies are still ignoring the fact that employees are the weakest link in security and that their actions can cause serious problems. Second, if so much time is spent shopping online during office hours, then that business has a productivity problem.

Business should be more concerned during the holiday season because an increase in online activity and browsing of non-work related websites is both a security risk and a business problem.

The following are some tips that can help businesses to improve both security and productivity.

• Monitor user’s activity 24 x 7 – If your business is concerned that people are spending too much time online and downloading non-work related material, then you need to exert some form of control. Monitoring user activity will cut down on abuse while implementing web security measures will prevent malicious code from entering your network through irresponsible browsing. With proper measures in place, there is no harm in allowing employees to shop online during the lunch break – So long as you know what’s happening.
  
•  Acceptable usage policies. In small organizations, security policies are either non-existent or never enforced. Every organization should provide new employees with an acceptable usage policy that defines how they use corporate computers, what is acceptable in terms of Internet use and what is not tolerated nor accepted. Moreover, this document should be signed by the employee the day he or she joins. This will greatly reduce the risk of an employee who is dismissed for breach of the policy fighting back by saying that he or she was never told what they could or could not do.
    
• Education – Explain to employees why they have to be careful when browsing the Internet. The usual ‘because I say so’ approach does not work with them. It only spurs them to bypass whatever the IT manager is telling them not to do. Employees are intelligent and will understand basic concepts of security especially when they can associate actions with the result it will have on their ability to do their job. Gaining an employee’s understanding is essential if an organization wants their cooperation. Even more so during this holiday season.
   
• Everybody is a potential security threat – SMBs need to approach security without allowing emotions and friendship to interfere. Every employee, including the CEO, is a security risk. Employees need to understand that controls are there for good reason and not because the company doesn’t trust them. The IT manager is employed to ensure the network is as secure as possible; and if that means stepping on people’s toes, so be it.
• Invest in technology – Security should not be considered an expense but a cost of doing business in an online age. It is also recommended that you invest in a security awareness program too. Technology and awareness need to be managed together and not separately.

Tags: Blog 2 Comments »

Small and medium businesses (SMB’s) face the same computer and network security threats as their enterprise counterparts, however they don’t have the same resources available. Implementing effective security takes a combination of tools and skills. Both cost money and both must be maintained and upgraded over time.

Panda Security created the Cloud Protection solution to provide cost-effective enterprise-class security for SMB’s. Cloud Protection is a Software-as-a-Service (SaaS) solution hosted in the cloud, providing managed security while still allowing customers to administer and maintain control as well.

This white paper will explore the value of SaaS for delivering network and computer security for SMB’s. It will also provide a look under the hood at how Panda Cloud Protection works and whether or not it is a viable security solution.

*disclaimer – I was engaged by Panda Security to review the Panda Cloud Protection service and produce this white paper. I was compensated for my services, but compensation was in no way tied to a favorable opinion of the service. The white paper reflects my actual experiences with, and honest assessment of, the Panda Cloud Protection service.

You can download a PDF of the white paper here: Panda Cloud Protection

Tags: Blog 4 Comments »

Social networking presents a paradox when it comes to security. The very premise of ’social’ networking is to share news and information with friends, family, and like-minded individuals, but sharing too much information or being too trusting of those within your social sphere of influence can result in getting your system compromised or your identity stolen.

Facebook and Twitter have both been targeted recently by different attacks. The Facebook attack is more of an old-school style phishing attack. It is designed to look like it came from Facebook and it actually succeeds better than most phishing scam emails I have received.

The attacker is probably capitalizing on the recent modifications to the Facebook homepage to catch users off guard and convince them that changing login information is just another change being made. Both the ‘Update’ button and the link that says ‘Click here’ lead to some malicious destination and not to Facebook.

The Twitter phishing attack is a little more insidious because it attempts to leverage the social aspect of social networking to breach your trust. The Twitter phishing URL arrives via DM, or Direct Message. Unlike normal Twitter tweets that are public domain and can be searched and viewed by all, DM’s are private and can only be sent to you from a user that you follow. The very fact that you are following the person on Twitter implies at least some level of trust between you and that party.

The actual DM is relatively short, saying something to the effect of “ur on here http://twitter-videos…” with the URL being shortened or obfuscated in some way to hide the true URL. If you click on the URL you arrive at a page that looks identical to a Twitter login page. If you enter your credentials on this page you are giving them to the attacker who can then use your account to DM others who follow you and continue the web of phishing.

If you follow me on Twitter you may have received such a DM from me. I fell victim to this attack. Before you slap my wrists for the security oversight, I figured out the course of events and it serves as an additional warning for you.

See- I don’t really use Twitter. I use the service, and I use my Twitter account, but I don’t use the site. Ever. I use Tweetdeck. So, when I got the DM–from someone I trust–I clicked on the URL. When I saw the Twitter login page I didn’t think twice about entering my credentials because I knew I wasn’t logged in to Twitter. Had I been logged in to the Twitter site when I received the DM it would have seemed odd that it was asking me to log in *again*, but because of the way I interact with Twitter it didn’t concern me in the least.

Bottom line: I know its social networking and you’re using it to share with others and be social. Just remember that attackers are actively looking for ways to exploit the implicit trust you place in your social networking connections so always be skeptical and use some common sense.

Tags: Blog 6 Comments »

ioSafe started a fan page on Facebook to provide a forum for users to share ans discuss experiences with the ioSafe drives, and for ioSafe to be able to share news and updates related to the devices. To provide incentive for users to join the community on the Facebook page, ioSafe is running a contest to give away a 1Tb ioSafe drive.

The original target was 5,000 fans. ioSafe has discovered that driving membership to the Facebook page is easier said than done even if you’re giving away a 1Tb drive. So, the goal has been modified to 1,000 followers. Once the ioSafe Facebook page reaches 1,000 followers, ioSafe will select one lucky fan to win a 1Tb ioSafe drive- a drive that the ioSafe Facebook page says is “Like an aircraft black box for your data.”

There are currently about 500 followers. Go to the ioSafe fan page on Facebook and join to become a fan for a chance to win an 1 Tb ioSafe drive.

ioSafe posted the following rules for the contest on the Facebook page:

RULES: 1. The judge’s decision is final. No bellyaching or petulant whining is permitted! 2. The contest is open to real humans only. Dogs, cats, fish and discarnate entities on the astral plane are excluded. 3. Should you not tell us your address within 14 days of us sending the notification that you’ve won, we’ll give the ioSafe to somebody else. If you think this is unfair, see clause #1.

Tags: Blog 10 Comments »

Microsoft released 13 Security Bulletins today fixing 34 different flaws- a new record. Eight of the Security Bulletins (and subsequently 21 of the actual flaws) are rated as Critical by Microsoft. A couple of them have already been targeted as ‘zero-day exploits’ in the wild.

Check out the links in the October 2009 Microsoft Security Bulletins Summary to view the individual Microsoft Security Bulletins and to download any patches that might be required for your system. Microsoft will discuss the issues addressed in the Security Bulletins and field questions from users during a webcast which can also be viewed after the fact. You can also visit Windows Update to automatically determine what patches or updates your system needs.

Not to be outdone, Adobe also unleashed a barrage of security updates today as well. Adobe addressed 29 flaws in Adobe Acrobat and Acrobat Reader. Make sure you get your Adobe Reader patched so your system won’t be vulnerable to the inevitable attacks coming soon to a PC near you.

Tags: Blog 1 Comment »

This Tuesday is Patch Tuesday- the regularly scheduled day when Microsoft releases Security Bulletins for the month. According to the Advance Notification from Microsoft, this month is a doozy too! There are 13 total Security Bulletins planned for Tuesday: 8 Critical and 5 Important.

That is not the only computer security event coming up this Tuesday though. In ‘honor’ of Patch Tuesday, Check Point is offering ZoneAlarm Pro 2010 for free. The offer runs for 24 hours, beginning at 6am (the time zone isn’t specified- I am going to guess they mean Eastern time?) on Tuesday, October 13. During that timeframe you can visit www.zonealarm.com/only24hours to download a fully-licensed copy of ZoneAlarm Pro 2010 for free.

ZoneAlarm Pro 2010 is a firewall product that combines the popular ZoneAlarm firewall with an OSFirewall that monitors the operating system for changes and suspicious behavior. Check Point designed ZoneAlarm Pro 2010 to complement existing security controls and software to provide even better protection against malware and unauthorized access.

According to Check Point, ZoneAlarm Pro 2010 features include:

• Advanced Download Protection technology that automatically checks and analyzes the programs a user wishes to download to determine if they are safe or malicious. 
• Anti-phishing, both signature and heuristic based, to block more fraudulent sites. 
• Free Identity Protection Services with daily credit report monitoring and Victim Recovery Services that help consumers recover quickly from identity theft.

I have been provided with a free copy of the software for review, but I have not yet installed it. When I do, I will post my review including my experiences with and thoughts about the software. If you download and install it, feel free to comment here and let us know what you think.

ZoneAlarm has an established reputation for providing superior personal firewall protection so its certainly seems worth at least downloading it to try it out. You’ve got nothing to lose– you can’t beat the price.

Tags: Blog 3 Comments »