- Security Center
- English ▾
- Contact Us
The business-oriented social networking site, LinkedIn, has had a recent bout with malware, as you may have seen by all of the buzz this week in the news headlines. As most of you who use them know, social networking sites, while having many advantages to users, have long been targeted by socially engineered scams - meaning you need to take care when roaming around on these types of sites.
In terms of the issues seen lately on LinkedIn - profiles on the site were created to act as a staging point for the distribution of 'FakeAlert' software. This malware serves typical scareware messages claiming that your machine is infected and that you should install the rogue anti-malware application that the warning message is peddling. Despite the FTCs recent efforts in tackling the scourge of rogueware, the fact that these applications continue to proliferate proves they still provide a significant return of investment for malware authors.
The LinkedIn profiles themselves consisted of links that claimed to lead to pornographic images/video content of various celebrities. Upon landing at these sites, victims were invited to install a codec to allow them to view the (non-existent) video; the file was not a video codec, but malware. This method of attack continues to prove to be extremely effective. The social engineering technique being applied is, sociologically, extremely interesting; despite users increasing awareness of Internet safety (i.e. maintaining download discipline, avoiding untrustworthy sites, and generally being aware of the pitfalls when navigating the seedier side of the 'net), using a combination of celebrity and sex to entice continues to be effective.
On the plus side, LinkedIn.com has worked very quickly to deal with this threat - it's encouraging to observe the site's administrators' rapid response time. When the scam first became apparent, many profiles were removed immediately. Currently, all of the malicious profiles that we located have now been cleaned up.
Microsoft is releasing another "out of band" update tomorrow. This update is to fix a recently discovered zero day vulnerability in Internet Explorer 7 that is actively being exploited.
More information about the vulnerability can be found at Microsoft's Security Advisory page.
Recently, we came across this rogue: Antivirus Plus. What makes this one different from others was that it was distributed directly as a fake video codec. They have now removed the fake alert step in between.
AntivirusTrigger is a new rogue anti-spyware application and a clone of VirusTrigger. It will give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove the reported threats.
...they snatch their "presents" from gullible computer users!
As the holidays are quickly approaching, many people around the world plan to do some serious shopping for Christmas presents. Unfortunately, this time of year also means a peak in cyber crime activity. In shopping malls - and other crowded places - thieves are lurking around, waiting to get their hands on people's well deserved earnings. One mistake, one lost moment, and your wallet may be gone forever.
As the volume of malware increases, the more signatures we add into Ad-Aware's Detection Database. Naturally, with the huge increase in bad stuff out there, the size of definition files will increase in line with the amount of malware detections we add.
We are disappointed to announce that the FRA-law that we discussed in yesterday's blog was actually accepted as law by the Swedish Riksdag (national government) yesterday. The number of delegates voting for the new law was 143 and the number of delegates voting against the law was 138. The number of delegates that were absent, and therefore did not vote, was 67. Only one delegate refused to vote on the matter. Apparently, there was "no time" to wait for a proper investigation of the entire proposal and the addendum, and the decision was to accept the law quickly and then wait for an extra addendum proposal this autumn. The fast process was highly criticized but the directive was to come to a resolution before the summer holidays.
There is an ongoing debate about whether FRA, the Swedish National Defense Radio Establishment, should be allowed to extend their surveillance activities to include the surveillance of wire-based Internet traffic and phone conversations that pass the Swedish borders.
The proposed law was first discussed in 2007, and a decision was tabled during this past year. The proposal has resurfaced with the same vague wording as in the original proposal presented a year ago, and there are few clear rules for when such extended surveillance activities should or should not be allowed. There is also a big question mark regarding the authorization of the wire-based surveillance activities as well as the storage and the destruction of sensitive surveillance data.
You may read product reviews, but how much do you know about the anti-malware product testing process?
We'd like to call your attention to one of our recent white papers, "How NOT to Test Anti-Malware Products" by Lavasoft CTO Joe Wells. You can find the article online in the Lavasoft Security Center.
Stay tuned for future white papers on the subject of correct anti-malware product testing.
A new rogue, known as XP AntiVirus or XPAntiVirus, has been making the rounds. Typical of fraudware, this rogue anti-virus software creates registry entries for fake, non-existent malware that it then "detects" when it scans your PC. This tactic is used to scare you into purchasing the software.
While the program does come with a removal option, when PC users attempt to uninstall it, XP AntiVirus will start up again the next time they reboot.