The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Opinions |A School for Cybercrime: How to Become a Black Hat

Fabio Assolini
Kaspersky Lab Expert
Posted January 17, 13:40  GMT
Tags: Cybercrime Legislation

Life looks good for Brazilian hackers: the absence of a specific law against cybercrime leaves them feeling so invulnerable that the bad guys are shameless about publicizing their thefts and showing off the profits of a life of crime. We showed some of this in a presentation at the latest Virus Bulletin Conference, and it’s commonplace to find YouTube clips of Brazilian bankers and carders reveling in their ill-gotten gains and rubbing their easy money in the faces of hard-up victims (there’s one example here, and several more out there). It’s also common to find bad guys’ profiles on social networks such as Twitter, Tumblr, etc. Everything is done out in the open, without fear of being caught.

To help new “entrepreneurs” or beginners interested in a life of cybercrime, some Brazilian bad guys started to offer paid courses. Others went even further, creating a Cybercrime school to sell the necessary skills to anyone who fancies a life of computer crime but lacks the technical know-how. On a website dedicated to selling these courses and promoting the “school”, a careful search turns up courses like “How to be a Banker”, “Kit Spammer” or “How to be a Defacer”.

Opinions |What to Do About Carrier IQ

Kaspersky Lab Expert
Posted December 07, 16:41  GMT
Tags: Google, Apple, HTC

There’s been a lot of talk about a piece of software installed on many mobile devices called Carrier IQ. The intended purpose of the software according to the manufacturer is to collect metrics to improve many functions of the device on which it’s installed. The uproar has been that this software has access to so much private user data.

Opinions |Does Android Malware Exist?

Kaspersky Lab Expert
Posted November 29, 22:00  GMT
Tags: Google

I’m often asked about the real danger of Android malware. This is a difficult question as it has many factors to consider, such as your location, your device, how many apps you install, and how reckless you are with the apps that you choose.

There are two common factions often at odds with each other. There is one side of the argument that states that the threat to Android is overblown, and that because the number of malicious samples discovered so far is so small in comparison with Windows malware, it’s insignificant. In fact when a company discloses their findings and they show any type of marked growth in this sector, they’re often accused of scaremongering to generate sales.

Opinions |Chromebook - A New Class of Risks

Costin Raiu
Kaspersky Lab Expert
Posted May 12, 12:53  GMT
Tags: Google

We are certainly living in interesting times. It was less than a week ago that a rumor appeared that Apple is going to switch to ARM processors for its next generation of laptops.

Obviously, this has very interesting implications for the future of computing and seems to indicate the increasing need for a computing platform that uses less power and that can be used for a day without the need for charging.

Earlier today, Google surprised the world by announcing the Google Chromebook – a netbook (huh, aren’t netbooks dead?) computer concept, built for now by Samsung and Acer around the Atom N750 CPUs. With 2GB of RAM and 16GB of SSD storage, the specifications are somehow low-end, however, this might not be a problem because as Google says in their promo, the web has more storage space than any computer. The price, when these will be available, is believed to be in the range of $400-$500.

When I saw the announcement, I thought to myself – why would anybody ever buy something like this?

Opinions |Where am I?

Kaspersky Lab Expert
Posted February 21, 10:45  GMT
Tags: Social Networks, Targeted Attacks, Location-based services

I don’t know about the rest of the world, but in Russia the most popular SMS message is “Where are you?” But very soon that particular question is going to be irrelevant.

A few days ago Gartner published its list of the top 10 mobile applications to watch out for in 2012. First place went to Location-Based Services (LBSs).

Of course, there’s nothing new in technology that can pinpoint a mobile phone user’s location, and the whole range of services that comes with it offering information about individual users has been in the works for some time now.

But the thing is...

A few days ago one of my colleagues, who was in San Francisco listening to Bill Clinton’s keynote session at the RSA Conference, noticed on Facebook that his GPS and mobile services had gone a bit haywire. According to Google Maps, he had managed to visit Berlin, Disneyland in Florida and make it back to San Francisco all in the space of 2 minutes.

Another visitor to RSA also said that his location had been given as Disneyland in Florida for almost the whole week and that it was going to be difficult explaining to his boss what he’d been doing there instead of San Francisco :)

But on a more serious note, we are witnessing a very interesting process in human behavior. On one hand, users of mobile devices are increasingly willing to make public their exact whereabouts! I constantly see messages from my colleagues sent via Foursquare, for example, stating that they have arrived home (with a map of the town) or they are currently at some airport or other. This level of information is incomparable with the amount of personal data people used to make public. ‘Location’ used to mean the name of a town or city, but now it’s: “I’m here, right now!” to within a few meters.

On the other hand, monitoring people’s whereabouts is of more and more interest not only for law enforcement agencies but also for employers. Your employer can give you a company mobile and in return can expect to receive information about where you are, especially when you’re on a business trip. This type of tracking could even be used in legal disputes!

The situation is ideal for location-based services – there are people who want to publicize their whereabouts and there are other people who want to use that information. The consequences of this can be catastrophic. Here’s just one recent story about how people can be kidnapped and murdered as a result of information made public from their smartphones and posted on Facebook and Google.

OK, you might say these are exceptions and I’m paranoid. Maybe. But it can’t be hard to imagine a situation where a husband and wife end up having an argument after tracking each other’s movements. Or what about if an employer sees that his worker is in Disneyland like the story above? You can hardly blame it all on Bill Clinton :)

The growth in these services will soon lead to such serious problems protecting your personal life that all previous problems will seem like child’s play.

If I created applications for mobile phones, I’d seriously think about an app that didn’t state my real location but a false one!

I’d definitely buy it.

Or at least I’d do everything so that this type of functionality appeared in our Mobile Security product :)

comments      Link

Opinions |WiFi + Airport = Lost password

Dmitry Bestuzhev
Kaspersky Lab Expert
Posted February 12, 13:00  GMT
Tags: Wi-Fi, Identity Theft, Data Encryption, Data leaks

As most travelers know, many airports and VIP lounges offer Wi-Fi connectivity but, unfortunately, these connection are rarely encrypted.   Here’s an example:

All data sent and received travels in clear text, which means anyone could intercept the data for malicious purposes.  This unencrypted data could include passwords, logins, financial information like PIN codes, etc.
Many people also know that it’s always better to use a VPN connection.  However, in many cases,  VPN connection are filtered out and blocked by rules on the network firewall. I tried two different protocols and both were blocked.  Mostly network administrators don’t allow using VPNs from Public WiFi access points only because they want to make sure the network isn’t be used for malicious purposes without any readable network logs.  These policies actually allow to the bad guys to launch really easy  man-in-the-middle  attacks when all traffic pass through a malicious host.

The reality is that using a public Wi-Fi service can expose your really sensitive data to cybercriminals. Recently, we saw some famous people lose their Facebook and other social network passwords by using open (insecure) Wi-Fi connections.

So what is the solution when your VPN is blocked? Well, in some cases, an SSL (https) connection may help. Please, before going to any Website, type in the address bar https:// and then the domain name. After the page is loaded, please check if the certificate used for encryption is a valid one and issued to the site you’re visiting. If you see something wrong with the certificate, stop using the site.
Another solution is to use a cable Ethernet connection instead of a WiFi. Many lounges have such connection as well; it will be much safer for you.
In any case if you’re connected from a public place, it’s better not to use eBanking or ePayment services. That data is the main target for criminals. So, travel safe and keep your personal data safe as well!

10 comments      Link

The cyber-criminal groups behind fake anti-virus (scareware/rogueware) infections have run into some significant roadblocks over the last few years, but there is much more to the overall story.

Some groups have been arrested. Some have had their operations and entire call support centers shut down.
Some groups attracted too much attention, picked off the low hanging fruit and eventually walked away from their botnets.
In some cases, the groups just weren't very skilled at developing anti-anti-malware techniques, blackhat SEO, and malware distribution. They couldn't keep up with the changes in anti-malware technologies, weren't exactly dedicated to the effort, and simply fell off the map.

However, some of the remaining scareware distribution gangs upped the ante and are aggressively developing difficult-to-detect polymorphic installers and difficult-to-remove support components. And the newest of these malware components include some of the first ITW 64-bit malware components to be taken seriously. But, for the most part, the scareware program itself remains the same. The development continues to change and progress, all for the purpose of evading anti-malware solutions and helping coerce the end-user to pay for the fake product, including support/rootkit components like TDSS (and its extreme complexities) or the more recent Black Internet (also known as "Trojan-Clicker.Win32.Cycler") support/rootkit components. These complex Mbr infectors and other rootkit components meant to maintain money-making scareware on the system are signs of this somewhat extreme development effort.

Opinions |The Winlock case - I'm taking bets!

Kaspersky Lab Expert
Posted September 01, 02:25  GMT
Tags: Ransomware, Cybercrime Legislation, Malware Creators

Interesting news on Trojan SMS Blockers (Winlock etc). These programs block Windows and demand a ransom in the form of a text message which is sent to short number for a fee. It's a very popular type of racket at the moment, both in Russia and a few other countries.

The whole affair has now reached the General Prosecutor’s office of Russia – the criminals have been identified and detained (or so it seems) and will be prosecuted in Moscow soon.

Altogether the criminals have earned an estimated 790,000 roubles, or $25K. Moreover, they have caused other damages by blocking or crashing a yet to be determined number of personal and company PCs. Very often people have needed to re-install the OS and all software and then restore data from backups - even after paying the ransom.

But I wanted to focus on the outcome – or the possible outcome of this incident, not on the investigation, arrests and so forth.

Opinions |How does your vacation affect your security?

David Jacoby
Kaspersky Lab Expert
Posted July 22, 11:22  GMT
Tags: Social Engineering, Wi-Fi, Gumblar

Vacation is a time for visiting friends and family, going abroad, eating ice-cream, gardening – whatever helps you regroup and recharge. Computer security is probably the last thing on your mind, even if you’ve taken your laptop home with you to keep tabs on what’s going on at the office.

But as my colleague Christian pointed out in this article last year, summer often brings some serious security issues. And I’ve got recent further proof of this: just a few weeks ago I was attending our annual security conference at a very classy hotel in Cyprus. Everything seemed perfect – until we connected to the hotel Wi-Fi.

If you’ve ever taken your laptop with you on business or vacation, you’ll know the drill. When you want to connect to the Internet via a hotel network, you get redirected to a site controlled by the hotel’s router. You need to either enter a code provided by the hotel, or your credit card details – all on a site which may or may not be secure.

In Cyprus, we found out that the page you get redirected to when you try and access the Internet was infected with Gumblar. The hotel was lucky to have 30+ security experts staying there – but if we hadn’t been holding our conference there, the site could have stayed infected for quite a while!

Logging on via insecure connections isn’t the only seasonal security issue. People’s computer and online habits change when they’re on holiday – they tend to use their computers less, and in short bursts, just to get the information they need. For instance, you’ll often see people logging on for ten minutes to quickly check email, download maps or details about the places they’re planning to visit, etc.

If you’re quickly checking for some information that you need via GPRS or a slow Wi-Fi connection, you’re probably not going to bother updating your antivirus or installing security patches. You might rationalize your decision (if you even think about it) by telling yourself that you don’t go to dodgy sites which are likely to be hosting malware. But our experience in Cyprus really highlights the fact that malware is everywhere.

Ignoring security patches and antivirus updates while you’re on vacation means that if you log on, you are putting yourself at risk. And when you get back to work after two, three, or even four weeks off, if you haven’t been using your computer, the very first thing you should do is make sure that it’s fully patched, and security software up to date. Of course you want to get to all the funny YouTube links etc. that your colleagues sent while you were away – but update before you start checking your mail or clicking through links and attachments.

Insecure networks, infected sites, and vulnerable software and systems are all technical aspects of IT security. But apart from all the technical stuff, lots of people are giving out far too much information on Facebook, Twitter, and even in their Out Of Office replies. Posting that you’re off to some exotic resort for two weeks is almost an open invitation to burglars and other criminals to come and rifle your property while you’re gone…

Simple tips on how to have a more secure vacation

Before you go

  • Don’t write on your social network that you’re going on holiday!
  • Make sure you’ve got all the latest security patches installed, including patches for third party applications such as PDF readers, browsers, chat programs, etc.

While you’re away

  • Make sure that your antivirus is up to date. You never know what might be lurking on the network!
  • Use common sense - don’t enter credit card details or passwords unless it’s essential, and only if you’re confident the network is secure
  • If you’re paranoid, disable programs that autostart such as Skype or MSN – you wouldn’t want someone to steal your passwords over an insecure network.

When you get back

  • Make sure you scan and patch your work computer before you start reading emails and working.

  • Comment      Link

    Opinions |LNK zero-day, the fundamentals

    Kaspersky Lab Expert
    Posted July 19, 18:25  GMT
    Tags: Microsoft Windows

    Over the weekend I spent more time looking into the zero-day LNK (shortcut) Windows vulnerability that Aleks blogged about last week. It’s now been classified as CVE-2010-2568 and is being actively exploited in the wild.

    My main conclusion is that this vulnerability is a fundamental part of how Windows handles LNK files. This means there are two huge negatives – firstly, as this functionality is pretty standard, it's going to be harder to create effective generic detections which don't cause false positives.

    Secondly, I suspect Microsoft is going to have a very hard time patching this one. There doesn’t seem to be any security model associated with how Windows handles shortcuts. This whole situation reminds me a bit of vulnerabilities in the WMF format – it’s another case of legacy code coming back to bite Microsoft.

    We’ve released generic detection for malicious LNK files which try to exploit the feature. I think that the LNK format will start receiving a lot more attention now, both from the good guys, and the bad, so do take a look at the mitigations put up by Microsoft. I’m sure it will be time well spent, as I fully expect this vulnerability to be widely exploited while we’re waiting for the patch.

    Comment      Link