'); document.write('

Simple Mac Security Tweaks'); document.write('
Just because you bought a Mac, it doesn\'t mean you don\'t have to think about security. To get you started on the right track, here are a few simple tweaks to help ward off uninvited \'guests\'.
As for browsing, you\'re still better off using NoScript - a free Web security addon that only works with Firefox.
Simple Mac Security Tweaks originally appeared on About.com Antivirus Software on Wednesday, September 1st, 2010 at 11:43:02.
Permalink | Comment | Email this
'); document.write('
That Phish Smells Good...'); document.write('
Ned Scott apparently was a Hollywood still photographer in the mid part of the 20th century. TheNedScottArchive.com is an effort by his son, Norm Scott, to memorialize the black and white artistry of his dad. Unfortunately, however. thenedscottarchive.com is also a compromised website, which presumably unbeknownst to its owner is acting as a man-in-the-browser attack vehicle in a Bank of America phishing scam.

The phishing scam arrives via an email carrying an attachment named \"Account Verification File .html\" (extraneous space is part of the filename). The subject line of the email is \"Irregular Card Activity\" and the body of the email message reads in part:

We detected irregular activity on your BankOfAmerica Card on 08/25/2010.
For your protection, you must verify this activity before you can continue using your card.
Please download the file attached to this email and fill out the information to review your account.
We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account.

Your first reaction might be to scan the attachment with your antivirus software. But as seen in this VirusTotal report, none of the 42 scanners tested see anything remiss with the file attachment.

Antivirus software is reactive protection, so it\'s no surprise that all 42 of the scanners tested failed to detect this threat. Would there be better luck with one of the online analysis tools that don\'t rely on signatures? Unfortunately not - both JSunpack and Wepawet also saw the file as benign.

On the plus side, Wepawet did unpack the source code enabling a close manual inspection of the contents. The manual inspection revealed the submitted data was being processed not by Bank of America, but rather by http://thenedscottarchive.com/includes/js/verificare.php. Sadly, submitting that obviously malicious file to Wepawet also resulted in a \"benign\" declaration. Perhaps worse, a URL check of http://thenedscottarchive.com/includes/js/verificare.php reveals that 7 out of 7 anti-phishing tools proclaim it a \"Clean site\".

So what\'s the lesson here?

Compromised websites are a clever and very effective way for attackers to hide their malcode. A vote of \"Clean site\" is all but meaningless in today\'s hostile Web environment. Reputation scanners don\'t base their decision on the code contained on the site, nor on the present condition of the site, but rather on what\'s known about the website from the past.

Secondly, when it does come to analyzing malcode via an automated analysis tool, take any report of \"benign\" with a grain of salt. Instead, read through the code line by line so you can make the proper determination yourself.

And third, just because 42 antivirus scanners don\'t detect malware in a file, it doesn\'t mean the file is safe.

For those not skilled in reading source code, just know that your bank will not send you an unsolicited email attachment. If you do receive a notice from your bank via email, do not open any attachments or click any links in that email. Instead, visit your bank in person, or call them on the phone using the number on the back of your bank card, or log in to your online account by typing the URL into the browser directly and check for any valid bank messages that appear in your account screens.
That Phish Smells Good... originally appeared on About.com Antivirus Software on Friday, August 27th, 2010 at 12:03:56.
Permalink | Comment | Email this
'); document.write('
Yoyo DDoS Botnet Discovered'); document.write('
Researchers at Arbor Networks have discovered a new family of trojans designed to launch distributed denial of service (DDooS) attacks. Dubbed YoyoDDoS by Arbor Networks researchers, the trojans install a backdoor that causes infected systems to be joined to the YoyoDDoS botnet. Upon infection, the backdoor establishes a connection to the command and control server, using a hard-coded host name and port.

According to Jeff Edwards of Arbor Networks, once the bot has received the command to attack, \"the bot immediately attempts to set up two TCP connections to the victim IP address on a port that appears to be random (e.g., 21701). As soon as these initial two SYN packets are sent off to the victim, the bot begins flooding the victim with UDP packets to the same port number.\"

Successful attacks overwhelm the victim system with traffic, causing it to be unable to process or respond to legitimate traffic. For the full analysis, see Arbor Networks\' \"YoyoDDos: A new family of DDos bots\".

Yoyo DDoS Botnet Discovered originally appeared on About.com Antivirus Software on Wednesday, August 25th, 2010 at 13:18:20.
Permalink | Comment | Email this
'); document.write('
\"ZeleniyHach\" Extortion Scam Threatens DDoS'); document.write('
Website owners report being spammed by extortionists who are demanding $200 to \"keep your website away from DDOS attack\". First reported in July 2010, the extortion email seems to be gaining momentum, with even more recipients stepping forward in August.

Rest assured the scammers aren\'t targeting any specific website; many of the claimed targets are parked websites. This indicates the scammers have probably just done a major WHOIS dump and are arbitrarily spamming all of the email addresses contained therein. In other words, the chance of an actual DDoS attack is on par with nil.

Word to the wise: don\'t pay scammers any money and don\'t respond to their \"threats\". These extortion attempts prey on the fearful and gullible.

The scam email reads as follows:

You are welcomed with a command of hackers ZeleniyHach

We hold a huge network of Distributed Denial Of Service Attack, allowing to suspend any web site. We have been watching ___.COM and were able to find out that you have spent pretty money much for its advancement and we want to to offer you to spend a little more yet. Just as little as 200 bucks as a voluntary donation to our fund will keep your web site away from DDOS attack.

200 bucks is not so much also will help you to avoid greater problems in the future.

FOR DULLS..!!! IF YOU DO NOT OFFER TO US 200 bucks WE WILL KILL YOUR WEB SITE!

Unfortunately, we accept only Webmoney Paymer Cheks, so make sure to get your fat asses out and without assistance find out how to transfer money into it. We give you 48 hours. If after 48 hours we will not get 200 dollars, there is one more 0 will be added to 200 bucks, i.e. 2000 bucks and so on until you come to reason.

Stingy pays twice )

When you are ready, just send the check as your response to this message.
In subject matter of the letter specify the domain with greater letters, it is a lot of you We are the one, respect our work.

Respectfully, Top Manager of ZeleniyHach project.
\"ZeleniyHach\" Extortion Scam Threatens DDoS originally appeared on About.com Antivirus Software on Wednesday, August 25th, 2010 at 12:39:44.
Permalink | Comment | Email this
'); document.write('
Depositing Security FUD'); document.write('
It\'s unfortunate, but some marketeers thrive on perpetuating Fear, Uncertainty, and Doubt. One timely example, Trend Micro\'s recent news release titled \"ATMs - Can You Bank on Their Safety?\". Referring to a demonstration at the August 2010 Black Hat conference, the article proclaims, \"One attack required a few seconds for the cybercriminal to open the ATM and insert a USB drive with a code to overwrite its system.\"

Sounds scary, right? Only problem with that story is the demonstrator (Barnaby Jack of IOACtive) was using ATM machines he had purchased online. As in, he had direct physical access.

So when was the last time you saw a bank ATM that was not encased in steel-reinforced concrete?

Depositing Security FUD originally appeared on About.com Antivirus Software on Friday, August 20th, 2010 at 15:16:27.
Permalink | Comment | Email this
'); document.write('
An Unwanted Favour from India'); document.write('
From Rik Ferguson, Trend Micro:

\"I just received a call, not for the first time, from a call centre located in India. The caller knew my name and used it as if to demonstrate that this was not a cold call. Normally I hang up on this kind of call, but this time I decided to let them roll... \"

Read the rest of Rik\'s blog post to eavesdrop on a phone call involving one of today\'s more prolific scams: An Unwanted Favour from India.

An Unwanted Favour from India originally appeared on About.com Antivirus Software on Friday, August 20th, 2010 at 13:36:08.
Permalink | Comment | Email this
'); document.write('
Intel / McAfee Acquisition Insights'); document.write('
Yesterday, Intel announced plans to acquire McAfee for $7.7 billion USD (right on par at 4x McAfee\'s 2009 annual revenue). McAfee and intel have been engaged in a strong partnership for the past 18 months. Perhaps Intel wanted some kind of pre-nup and the only way they could guarantee it was with a formal marriage proposal. For the time being, the two plan to continue living separately with McAfee operating as a wholly owned subsidiary.

Some varied insights on the planned acquisition:
- Intel-McAfee: Quest for Continuity (Channelnomics)
- Intel-McAfee: Horseless Carriage Vendor Buys Buggy-Whips (Forrester Research)
- McAfee and Intel - What This Means for Partners (McAfee)
Intel / McAfee Acquisition Insights originally appeared on About.com Antivirus Software on Friday, August 20th, 2010 at 13:22:10.
Permalink | Comment | Email this
'); document.write('
Scareware Paves the Way for More Insidious Infections'); document.write('
In-your-face annoying scareware does more than trick you out of money and disrupt your computer. Depending on how you react, it could cause you to lower your defenses and leave yourself wide open to further attack. For the how and why, read \"Scareware Paves the Way for More Insidious Infections\".

And while we\'re on the subject, I wonder why so few scareware victims fight the charges?
Scareware Paves the Way for More Insidious Infections originally appeared on About.com Antivirus Software on Friday, August 20th, 2010 at 08:14:52.
Permalink | Comment | Email this
'); document.write('
Your Scam Has Arrived JFK'); document.write('
Scammers are never short of clever tricks. One of the latest examples, an email that arrives with the subject line \"Your package has arrived JFK\". The email goes on to explain:

I am Mr.Dave Potts, FedEx Diplomatic Agent Cotonou Unit; I wish to notify you that your consignments B # FdEx57-BC59-01351 shipped under C Class category B has arrived JFK International Airport . I am presently in JFK International Airport trying to finalize with clearing department of the US Customs but I\'m having a little problem with Custom Authorities here, they are trying to intercept the Consignment but I have US diplomats ID and because of that I instructed that the consignment Box should not be opened or scanned. Consequently, am trying to sort everything out today and connect with next available flight to your state.

Please, i request that you reconfirm the following details before I connect to your state.THE NAME YOU ARE KNOWN FOR (FULL NAME) ADDRESS ON WHERE TO DELIVERY YOUR CONSIGNMENT PACKAGE (OFFICE OR HOME ADDRESS) CONTACT TELEPHONE/CELL NUMBERS (#) YOUR ID OR PASSPORT NUMBERS (#) AND NEAREST AIRPORT TO YOU......

Note that slipped in with innocuous seeming requests for name and address is a requirement to also send your passport number. The sad thing is, somewhere, some poor recipient will actually comply.
Your Scam Has Arrived JFK originally appeared on About.com Antivirus Software on Thursday, August 19th, 2010 at 12:44:23.
Permalink | Comment | Email this
'); document.write('
Disney Sued for Alleged Bad Cookies'); document.write('
We\'ve warned about Adobe Flash cookies in the past. Now, from Dan Goodin at El Reg:

Walt Disney\'s internet subsidiary and several of its partners have been sued for allegedly using cookies based on Adobe\'s Flash Player to track highly personal information about their users, many of whom were minors.

Whether Disney did or did not violate privacy rights is up to the courts to decide. Either way, it serves as a good reminder. Using cookies to contextualize content delivery is one thing. But using them to violate same domain origin policies and track users across websites without their knowledge and consent is entirely another matter. Of course, cloud-based cookies aren\'t the only sneaky tracking techniques of which you should be aware.
Disney Sued for Alleged Bad Cookies originally appeared on About.com Antivirus Software on Tuesday, August 17th, 2010 at 16:08:26.
Permalink | Comment | Email this
'); document.write('