What’s the story?

The FBI last week issued warning of a new phishing scam known as “Gameover”. Should the malware gain access to your PC, it can steal usernames, passwords and even circumvent user authentication on banking web pages.

The FBI said it has seen an increase in the use of Gameover, which is an email phishing scheme using the names of prominent government financial institutions — the National Automated Clearing House Association (NACHA), the Federal Reserve Bank or the Federal Deposit Insurance Corporation (FDIC).

The FBI says Gameover is a more recent variant of the Zeus malware, which was created several years ago and was designed to specifically harvest banking information.

Who is affected?

Given that the scam is perpetrated via email, anyone could fall foul of this scheme.

Here’s how the FBI describes the scam: “Typically, you receive an unsolicited e-mail from NACHA, the Federal Reserve, or the FDIC telling you that there’s a problem with your bank account or a recent ACH transaction. (ACH stands for Automated Clearing House, a network for a wide variety of financial transactions in the U.S.) The sender has included a link in the e-mail for you that will supposedly help you resolve whatever the issue is. Unfortunately, the link goes to a phony website, and once you’re there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information.”

How do I stay safe?

Make sure you do not fall prey to a phishing scam like this with AVG’s top three tips to staying safe.

• Too Good To Be True

In these days of New Year sales it is tempting to open up an offer that seems too good to be true. More often than not, these “incredible offers” aren’t legit and you should exercise caution when investigating.

• Trust Your Instinct

If you receive an email claiming you’ve paid nearly $300 for a flight that you’re unaware of, chances are that you haven’t. These tricks play on your insecurities, be confident in your actions online.

• Get Protected

Getting a basic level of internet security can help protect you from phishing attacks and fraudsters by warning you when you are going to an unsafe site. AVG’s Linkscanner™ technology does this before you land on the page so that you are aware of the threat prior to exposure.

Related articles

• BBB: Top scams of 2011 (seattlepi.com)
• How to Boost Your Phishing Scam Detection Skills [Security] (lifehacker.com)

Fake AVG scam on Twitter

Twitter has seen a flurry of activity talking about AVG and its products. The tweets contain a link, hidden by a link-shortener and encourages users to go a website made-up to look exactly like the official AVG site.

Does this situation seem familiar? I have just downloaded an awesome application which should contain thousands of new desktop pictures. The site name is www.bestsoftwareforever.com and wow, it must be pretty good. So, I run it and then this avast! AutoSandbox popup appears. Oh guys, why are you annoying me? I know what I am doing.

In few seconds, the AutoSandbox scan ends and another message appears: “This file appears to be malware”. Oh @$#%%, what is this application about? Probably it is a fake application which would harm my private data stored on the hard drive. Luckily, avast! and the AutoSandbox feature saved me this time.

The scope of behavior for AutoSandbox has been expanded for the new avast! 7.
The new AutoSandbox is now able to scan and analyze the behavior of selected files. In addition, this feature is connected to the FileRep cloud feature which identifies new files for additional analysis. So now we are able to warn you even before we have had the opportunity to examine this malware in our Virus Lab. This is a marked difference from the previous avast! 6 which was limited to only sandboxing suspicious files.
It also happens that the AutoSandbox toaster appears for programs which you are pretty sure are not infected. And in many cases, this can be intensely irritating: especially if you are a vendor of the application and you don’t want it to be marked as a potentially harmful program. In avast! 7, there is a new option to disable AutoSandbox. This might be useful for software developers when, for example, their internal application builds are being AutoSandboxed as low-reputation files.

Several reasons why we activate the AutoSandbox:

• Static analysis finds the file suspicious

Static analyses checks file content and looks for suspicious strings in file headers similar in virus definitions. Main static analysis reasons are:

• Application is not signed

It’s not mandatory to have a signed application, but signed software is statistically less likely to be harmful.

• Use of executable file encryption/compression

App writers and installers(self extracts) like executable compression/encryption because it makes reverse engineering more difficult. But, it is also used by malware to hide from antivirus scanners. A compressed/encrypted file without a digital signature is doubly suspect.

• The file prevalence/reputation is low

All new unknown files are potentially dangerous. Whenever they have become widespread, there will not be a reason to AutoSandbox them anymore.

• The file origin/source is suspicious

Freewebs and some file distribution servers have a reputation for paying less attention to the quality and origin of their software than official distribution servers. This is a long-run issue of reputation and income management.

• The file is executed from a remote/removable media

Running an application from the USB drive may cause the AutoSandbox dialogue box to appear –but the same app from your local hard drive may not. That is because many harmful apps are spread through removable media, increasing the odds of potential danger.

• Generic heuristics/suspicious context
• Invalid digital signatures
• Suspicious file names

• And there are more…

The guiding principle is that we secure your computer not only from known viruses/malware but also from viruses/malware which have not yet been uncovered.
So, the next time if you see an AutoSandbox popup appearing for your new application, read the message carefully. If you are not sure, run the app first in the AutoSandbox to prevent potential damage.

Original post:
AutoSandbox – why are you annoying me?

In connection with the numerous instances of infection caused by the latest modification of the Internet worm Klez (Klez.e), Kaspersky Lab has developed a free utility for detecting and deleting this malicious program.

Upon starting-up this utility, Kaspersky Lab recommends closing all user applications. After the computer has been rebooted, an anti-virus scanner should be used and all remaining infected files should be deleted.

We also recommend not using e-mail preview options during this epidemic.

You can download the CLRAV utility here.

Go here to read the rest:
Free Update Thwarting Klez.e

I recently came upon another alarming article which reveals thousands of credit cards are on sale on Russian websites. The piece isn’t referring to those prepaid cards you pick up at the market. It’s talking about the cards in your wallet.

Last Friday, the German federal government decided on a law against internet scammers and subscription traps – the so called “button” solution. Sites like www.software-und-tools.de often cheated unsophisticated and often defenseless surfers, taking from them a three-digit sum while the surfers just thought they were downloading a freeware program. I’m happy with this new law – even if it is years too late and probably not comprehensive enough.

Using the example of www.winload.de, a well known page here in Germany, I want to introduce a relatively new scam today that is, unfortunately, also used by supposedly reputable sites.

Those currently downloading software through the www.winload.de portal must read the content of the page below the download button – where most users will not scroll – very carefully. (Update: After informing the website owner the Opt-Out infos are now visible above the download button)  If you simply click the “Download” button, you will experience a surprise. After installation, the settings for the homepage and the search provider are changed – without any prior notice within the setup. In addition, an unsolicited toolbar is installed whose license conditions allow the operator to:

• Change of the default search engine in your Internet Browser’s built-in search box
• Change of the default Homepage of your Internet Browser
• Add an alternative “Page not Found” functionality
• Add other search related services
• Install updates on the PC
• Send notifications to the user
• Collect location-based information
• Collect information contained on your Social Network account and/or site

The world's largest information security event, the annual RSA Conference, is over for another year. Most of the more than 18,000 people who attended the 2012 gathering are probably back home now, getting ready to go into the office. What will be top of mind for them, apart from “How did I manage to survive 5 days of non-stop security-speak?”

This was the twenty-first year the event was held and, if the last 20 years are anything to go by, one thing that most conference attendees are not thinking about right now is the enormous gap between security discourse at the show and security reality down at street level. To illustrate my point I will contrast one unhelpful platitude I heard last week, with something that happened to a friend of mine on the last day of the show, something that directly links data security to life and death.

First, the platitude: “You don't need antivirus any more.” This piece of nonsense was suggested to me in several conversations I had with attendees on the floor of the RSA exhibition hall. It has also been discussed in the Wired article: Is Antivirus Software a Waste of Money?

If you read between the lines you get the picture: Some security experts figure they are safe enough without AV. But listen closely and I doubt you will hear anyone willing to stake their career on advising companies, in a professional capacity, to abandon AV protection. (You also have to wonder exactly what AV software those experts were using that let them down so badly they want to abandon this basic layer of information protection.)

Now to my friend's street-level information security experience. She was walking her dog near the courthouse in a city of considerable size (that will remain nameless to protect the innocent, the guilty, and the accused). On the sidewalk she sees a USB stick and picks it up. Seeing nobody around, and thus unable to determine ownership of the device or any data that it might contain, she takes it home and plugs it into her computer (which is equipped with AV software that automatically scans USB devices when you insert them–she's a security expert but not one of those “you don't need AV” security experts).

There were no viruses on the device, but there were dozens of documents, mainly Microsoft Word .doc and Adobe .pdf files. Judging by the file names she figured they contained some serious legal content. So next comes the moral dilemma: Do I try to open a file or two to determine ownership, thereby risking accusations of “snooping” from the owner when I get their drive back to them? And what is the alternative? It's hard to imagine a classified ad or flyer stapled to the neighborhood telephone poles that says “Found: One USB drive containing over 200Kb of legal documents, please call me if you think it belongs to you.”

My friend did not reveal what was in the two documents she opened, and from which she was able to determine who owned the drive (which has now been reunited with its owner). All she said was: “It was serious stuff, scary life and death stuff that's likely to be in the news soon and frankly I was very uncomfortable that it was in my possession.”

So, as thousands of security experts continue to absorb all they heard at RSA last week about the cutting edge technologies that will take information security to the next level, I'm scratching my head and asking myself: Why were the files on that USB device not encrypted? After all, they were created with two applications that are capable of file encryption: Microsoft Word and Adobe Acrobat.

Ignore the chorus of crypto experts who pipe up saying “those encryption schemes have been hacked.” That is surely not the point. The point is that twenty-one years after the first RSA Conference, big name criminal attorneys and the para-legals they employ don't yet understand enough about information security to take cheap, basic, and practically-effective defensive measures. Makes you wonder just how much of an impact the information security industry has really had.

Perhaps security experts should take a break from grabbing media attenton with contrarian views on basic data protection like antivirus software and spend some time talking security to mere mortals at street-level. Indeed, maybe it's a good moment for us all to think about the reality of what information security means to most people today. Here's one thing it shouldn't mean: an unencrypted USB key holding someone's life or death, lying on the sidewalk.

Go here to see the original:
Information Security Disconnect: RSA, USB, AV, and reality

At the end of September, in one of the People’s Republic of China’s technology capitals, the city of Tianjin, took place the large yearly national conference devoted to the computer virus threat and the development of effective methods of defense. Taking part in the conference for the first time…

See the original post here:
Kaspersky Goes East

Kaspersky Anti-Virus wins yet another Virus Bulletin 100% award. Virus Bulletin, a British magazine specializing in the computer virus problem, has published in its November edition the results of its regularly scheduled anti-virus product comparison tests. This time the tests were conducted…

Link:
Flawless Once Again

In the June edition of Computer Shopper, the leading UK computer equipment magazine (www.computershopper.co.uk), Kaspersky