There seems to be a playbook of standard hacker tactics after a celebrity death or an event of worldwide interest like earthquakes or tsunamis.  Hours after the announcement of pop diva Whitney Houston’s death, scammers had already devised schemes to prey on fans seeking information – appearing to recycle those used after the deaths of Michael Jackson and Steve Jobs.

A Facebook message, claiming to link to a video of Whitney Houston’s autopsy, takes the user to a page with an embedded YouTube video. When you try to play it, a pop-up message appears instructing the user to update their copy of Adobe’s Flash from a bogus site. The video scam has become viral.

“Scammers are out in force after an event like this, so fans looking for information are safest on known sites,” said Jindrich Kubec, head of avast! Virus Labs. “Be wary of sites asking for personal information, or asking you to download or update something.”

When Houston’s death became a trending topic on Twitter, a scam emerged that linked to a supposed tribute site filled with wallpaper and ringtones, eventually leading to a survey site that requires private information to complete and claim a prize. The purpose of these scams is primarily identity theft.

“Social media users need to be especially cautious clicking on links reporting on Whitney Houston’s death. Stick with sites you know, and avoid passing around suspicious links,” said Kubec. “Some sort of email and charity scam is inevitable as well, so be vigilant.”

It is expected that spam campaigns, like the one offering free iPAd giveaways, following Steve Jobs’ death, or fake charity funds designed to steal money from grieving fans will also emerge shortly.

Dear Miss Deborah,
Three months ago, I started chatting with a guy I met online, and we really hit it off – we have so much in common! He looks quite handsome in the photos he sent. He sent me flowers and a sweet teddy bear. Isn’t that romantic? We haven’t met yet, because he is actually supervising a construction project in an African country, but we will when he gets back. I can’t wait.

Yesterday, I got a message from him explaining how he is unable to cash his checks and asking if I could wire him money so he could come home. I’m starting to like him more each day, and I want to meet him. What should I do? Risk rejection or send him the money?

Sincerely,
Single and looking again

Dear Single and looking again,
Somewhere deep inside, your wee small voice warned you before you lost more than your heart. I’m glad you listened. Modern-day singles often turn to online dating sites to find their soul mate, and according to the marketing materials lots of relationships and even marriages are being made through these sites. Unfortunately, mixed among your potential Prince Charmings are scammers who target the lovelorn with well-played deceptions. After establishing a relationship, the smooth-talking scammer plays on emotional triggers to get the victim to provide money, gifts or personal details.

These “sweetheart” scams are known as Nigerian scams, and can take months or even a year to develop. The Secret Service and other U.S. agencies, as well as foreign authorities, have issued warnings on the scams, also known as “419″ or “advance-fee” frauds. In one version, the victim is tricked into sending money to the African country using some irreversible method like a wire transfer. In another variation, the scammer asks their victim to “re-ship” items to locations in Nigeria, essentially acting as the “middle-man.” The scammer purchases items from the victim’s home country, with stolen credit cards, and asks the victim to forward them on, because they have trouble getting them delivered out of the country.

Match.com says in a statement about dating scams,  “…we have over 100 fraud team agents who manually review every profile before it’s allowed on the site. But a few of these sophisticated criminals still slip through all of our checks…”

To avoid being ripped off and left broken-hearted, remember a few things:

• Keep all communication within the dating site, since they often monitor for fraud
• Do not send or wire money to anyone you have not met face-to-face
• Keep your personal information, like credit card number, PIN, and social Security number to yourself

As you have experienced, you never know a person just from writing to him online. The next time you find someone you are interested in, meet him in person sooner rather than later. See if there’s any chemistry. Risk rejection and get it over with. It’s up to you to find out if he’s real or not.

Good luck,
Deborah

View original post here:
Online Dating Advice for the Lovelorn

Since you asked for avast! Free Mobile Security (for Android) and we gave it to you, we wanted to celebrate its launch with our Community. Thus, from December 22, 2011 to January 22, 2012 we offered a contest where you could win 10 Samsung Galaxy Nexus phones and 300 free avast! Internet Security licenses.

Our contest question was…

We asked you to predict how many users of avast! Free Mobile Security there will be by February 10, 2012, 12:00 CET.

Responses showed us…

Roughly 50,000 contest participants showed us that we should actually do it more often. So even if you weren’t lucky this time, make sure you won’t miss our next one!

Results are finally in…

As February 10 is here, we can finally tell you that, as of today, we have 2 168 960 users of avast! Free Mobile Security.

Winners to be announced…

In the next 10 days, we will announce the 10 winners of Samsusng Galaxy Nexus phones. Our winner will find his or her name in this format on our Facebook banner: Martin F.. And we will contact the winner via email, to arrange prize delivery.

The next-closest 300 responses will receive (via email) free licenses of avast! Internet Security.

Keep watching…

If you participated in our contest and your prediction was close to our final number above, be sure to follow our Facebook page and check your email regularly!

Visit link:
Avast! Free Mobile Security Contest results.

Scam artists and cybercriminals are looking to turn romance into profit now that Valentine's Day approaches, possibly taking over your computer in the process. According to ESET researchers in Latin America, we can expect the quest for love to be leveraged as an effective social engineering ploy to enable the bad guys to infect unsuspecting users with malicious code.

Malware authors, always eager to exploit their victims' susceptibility and curiosity, see great potential for “romantic” hyperlinks that lead, allegedly, to greetings cards, poems, songs or videos. On the right you can see an early example of such a “card of love” received in the run-up to Valentine’s Day, 2012, analyzed by our research team in Latin America:

Apart from the disappointment that the victim might experience when he realizes that the secret admirer is no such thing, there’s also the significant issue of the risk to all his sensitive financial information.

As you can see from the picture on the right, the victim receives an email “greetings card” that purports to be a declaration of love which appeals directly to the reader’s romantic spirit, trying to make him believe that he is someone’s One and Only. Then, to encourage him to download malware, the letter ends with three ellipses and the link inviting him to read the “full message”, which in reality leads to malicious content.

If you were to follow this link it would try to download a malicious program that is detected heuristically by ESET products as a variant of Win32/Injector.HVG Trojan. (According to the information gathered by our Latin America researchers, the threat in question was downloaded approximately 430 times between January 20 and 24).

If there is no antivirus software running on the victim's computer and this Trojan file is downloaded and executed, then Injector.HVG proceeds to modify the victim’s hosts file in order to divert him from certain Chilean banking sites to pages that look similar to the original, but are actually phishing sites created by cybercriminals with the sole purpose of tricking the victim into disclosing his bank details.

As February 14 approaches we are likely to see more malware using love and roses to reel in more victims. This time last year, ESET Latin America put together a blog post with more examples of Valentine scams, so that readers would be better prepared when surfing the Internet. What follows is a summary of their advice.

1. Malware in social networks

Social networks are a major vector for attacks using social engineering. We hate to pour water on romantic inclinations, but all posts in social media relating to the Valentine theme, especially eye-catching messages about special offers and exclusive gifts should be regarded with suspicion, in order to avoid infection and forestall potential threats.

While this example is from Twitter, various kinds of scams exploiting gift cards and other special offers are also seen frequently on Facebook.

In particular, be wary of messages that direct you to web pages using shortened hyperlinks, such as this one from bit.ly. While bit.ly is a very reputable service, it can be abused by the bad guys, looking for a way to mask the final destination of a link. In fact, these types of links have become a fundamental component of the attacker’s toolkit. If you feel you really need to check out where a bit.ly link goes without clicking it, enter a plus sign on the end of the link in the browser URL field (like this: http://bitly.com/w5LAnh+)

Did you now that…

• 26% of children report having a public social networking profile
• 12% of European 9-16 year olds say they have been bothered or upset by something on the Internet
• …however, 56% of parents whose child has received nasty or hurtful messages online are not aware of this

Today, in more than 70 countries worldwide, the ninth annual Safer Internet Day is being celebrated as part of a global drive to promote safer Internet usage for children and young people. This year’s campaign, “Discover the digital world together…safely” is focused on connecting generations and educating each other. Tech-savvy youngsters can teach older generations how to use new technologies, while parents and grandparents draw on their life experiences to advise younger generations on how to stay safe online.

AVAST believes that education is a primary tool to staying safe on the web, and that by working together we can all stay safe online. Here are 6 key tips to help you guide the kids in your life to use the Internet safely:

• Talk about the Internet and dedicate time to explore it together with the child. Ask the child to show them what he or she likes to do online, and try not to be shocked or overreact if they do not share the same interests.
• Stimulate the child’s creativity. Point them in the direction of the best online content to explore for their development (or just for fun). The child can learn and discover new sites, play games, write blogs, create websites. Stretch his or her imagination.
• Set up rules or boundaries together. When/Where/Why and for how long can the child use their mobile phone or computer? If you listen to the child and establish fair rules, then he or she is more likely to stick to them.
• Protect personal data and help the child understand that information or photos they put online can remain visible to everybody forever. Help them set up the highest level of privacy settings on social networks.
• Think about using parental control tools to automatically filter certain topics (e.g. violence, porn) and limit the time the child will be able to navigate the web.
• Avoid having a computer in the child’s bedroom. Put it in the living room instead. It will make it easier to follow the child’s web-surfing habits on a daily basis.

If you are planning to visit Europe these days or actually live here… get ready for some very cold weather and temperatures much lower than normal.   -37 degrees Celsius is not a temperature to be enjoyed and we have it here in Czech Republic. Well not everywhere – just in the mountains – but even the -20 we are likely to have tomorrow in Prague is calling for some extra defensive measures:  Stay at home. Keep warm. Sip mulled wine. Read a good book. Watch the TV -  or -  get on the internet to chat, browse,  and socialize.

Of course, from a more global point of view… you could argue that -20 degrees is actually a pretty nice summer temperature, especially in Antarctica.  They have “summer” there right now.  And that brings me nicely to the ‘active users’ count.   To make sure we have decent understanding how many users have our product installed, we measure how many are getting an update of the virus definitions database.   And, with each update, we can locate the user to a particular country or region based on the GEO IP.  It is heartwarming to see that every “Antarctic summer” we have a handful of avast! users updating their virus definitions from Antarctica.  So whoever is down there: Enjoy the summer, mulled wine, good book and internet browsing.  Or what else you do getting through those temperatures.  And please send me a note on how well avast! antivirus is handling in the local weather

VIDEO:   here is a recent map of the global avast! presence.  Pretty good coverage.

Read the original here:
AVAST reaches 150 million active users

I’ve already seen many strange things inside malware packers, but there’s always something surprising. Last time, it was during the analysis of packer used to wrap Zbot, LockScreen and similar binaries (detected under various MalOb-* [Cryp] names). There’s a block of allocated memory with a long list of names. But these names are not used to anything related to malware execution, they’re not visible to the user (unless you emulate/trace the sample), they have no special purpose. But why they are there? And where’s the Czech footprint?

dump of memory block

The highlited name – Zatopek – belongs to the famous Czech long-distance runner (wiki). It’s somehow mysterious (at least for me) how and why he did make it to the list. This list is different from sample to sample and Zatopek doesn’t seem to appear in all of them. Does anyone of you, readers, know something what would put all the names from the list to relation? And which name from the list is interesting for you and why?

Visit link:
Unexpected Czech footprint

Last year, the Egyptian government shut down the Internet for 5 days during the anti-government protests. Last week, some websites on the Internet voluntarily blacked out to protest SOPA. What would happen if the whole Internet went black? Scientists thought it could happen this week.

The massive solar storm that bombarded Earth’s magnetic field Tuesday morning caused minor disruptions to spacecraft and power grids, and airline flights were rerouted to avoid downtime in radio communications. Scientists speculated that if the angle of the electromagnetic burst would have been different, we may have experienced a major power failure like one that happened in a 1989 solar storm. Six million people in Quebec lost electricity then, and the effects were felt through many parts of the continental U.S. because of the inter-connectivity of the power grids. This storm was much stronger.

What would it be like if we lost the Internet for an extended amount of time? For many businesses it would be catastrophic. But on a personal level, it would be freeing. Certainly, communication would be different. If I want my friends to know my status, I actually have to talk to them. Commerce would look differently too.  If I needed to buy something, I would have to visit the bank to withdraw money and then go to the store to make my purchase. Knowledge would still be at my fingertips, but I would have to look in a book to find it. And if I wanted to watch the humorous antics of a funny kitty, I would have to go over to my mom’s house to see Jasmine the cat push her catnip toy across the floor. It actually doesn’t sound like too bad of a day.

What would you miss the most if the Internet disappeared? How would your life change? Share your thoughts on our Facebook page.

If you work at an antivirus company, be sure that family members will soon ask you questions about computers and the latest malware. Sometimes, they will even send you some. The other day, I got an odd email from my cousin, soon followed by a similar note from my sister that contained this:

The two of them – completely unintentionally – sent me a personalized bit of spam/malware. This was quite nice. After all, there aren’t so many Lyle’s in the world and I thought it was really considerate of some malware writers to address me directly. So I asked Jan Sirmer in the AVAST Virus Lab to tell me about how it was done and the goal of this malware. Here are his comments:

1)     They generally get the names by parsing email addresses. Because many users using their first name in their email addresses, for example, name@blabla.com, they can just parse the email address and they have one of your names.

2)     This is a relatively old-fashioned bit of malware designed to steal  personal details. Click on the link and it will show a page with a login table. Your email address is already entered into the “name” slot and it is just asking for your Windows ID password. It doesn’t even check to see if this is a functioning password, just if the length is longer than one character. From here, you will be redirected to crazyonlinequizzes.com/d/p/a3f7r83533 (or a similar location) where it will show that some prize has been won and you can pick which one. A time counter is ticking away to push you to make a fast and thoughtless choice. And of course, once you choose your prize, you will be redirected again to another place to pick it up.

3)     It goes into your address book to get more email addresses so it can replicate itself and continue its search.

Unlike Jan Sirmer, I was sent on an “Africa Safari” game after clicking on the link. But because the avast! Network Shield on my computer stopped the connection, I never arrived and can’t tell you any details about the “prize” I almost won.

Just remember, watch where you click. Even if your name is there and it’s from a close relative.

On the heels of the Zappos cyber robbery last Sunday that left 24M customers fretting over stolen passwords and email addresses, articles are being published about how people can protect themselves online. The number one point is always about passwords. Clean up your passwords. Never Share Your Password. Create different passwords for different accounts.

Sage advice, which we at AVAST support. We even have a dedicated password manager called avast! EasyPass to help you juggle it all. The theft at Zappos and the struggle for greater online privacy made it even more startling when I read about the growing trend among teenagers to share their passwords as an act of trust with their current BFFs.

The Pew Internet and American Life Project discovered that “for some wired teens, a sign of true friendship is for one Internet user to share his screen name and password with a buddy. While such behavior might seem strange in light of concerns about online privacy, the teens who share their passwords see it as emblematic of their trust in their friends.”

The report said that girls are more likely to share their passwords with friends, and teens age 14-17 are more likely to share their security codes than younger ones. Password sharing is especially common among users of social network sites. One-third of all teen Facebook and Twitter users have given others their passwords.

I predict that most of these teenagers will rue the day when they decided to rebel against the voice of authority with password sharing. Interestingly, teens are savvy about their online reputations and what it means for future college entry and job prospects. The Pew report found that over half of online teens say they have decided not to post something online out of concern that it might reflect poorly on them in the future. But they seem to forget that their online reputations can be put at risk if the person they shared log in information with decided to retaliate after an argument or a break-up.

Does this mean we need to start preaching digital sharing abstinence? That will probably work as well as the other kind of abstinence, so we need to look at viable alternatives instead. The National Strategy for Trusted Identities in Cyberspace (NSTIC) program is working with companies to identify Internet-scale solutions that could rely on password alternatives like trusted identity providers and biometric solutions. But for the near future, safe log ins should be practiced by keeping passwords to yourself.

Read this article:
I’ll show you my password, if you’ll show me yours