A lot of attacks have used the Blackhole exploit URLs. According to the Threat Report H1/2012 by F-Secure Labs, as many as 1 out of 25 emails contain spam with such a malicious URL which is intended to deliver a malicious payload to a victim’s computer. The Blackhole exploit kit targets vulnerabilities in the operating system, old versions of browsers such as Firefox, Google Chrome, Internet Explorer and Safari as well as many popular plugins like Adobe Flash, Adobe Acrobat and Java.

As normal spam filtering may not catch these kind of threats, it is important to understand the new forms of the spam emails. Ordinary spam definition updates are too slow and usually do not protect you from the Blackhole exploits, so Real-time URL reputation check is a must to have.

Windows and Java continue to be the most popular targets. F-Secure Threat Report H2/2012 states that a vast majority of exploit attacks in general relate to four commonly known vulnerabilities in Windows or Java, and all of these already have security patches.

With this in mind, it is essential to protect servers and email efficiently enough from attack.

F-Secure E-mail and Server Security solution uses the same awarded DeepGuard technology as Client Security, which has been given the Approved Corporate Endpoint Protection certificate by AV-Test. Check out the latest supported platforms on our Downloads page.

E-mail and Server Security was the first product launch for which I was responsible for on the marketing side here at F-Secure. And this is my first blog post in Save and Savvy as well! Time seems to have been flying since I joined the company at the beginning of March, there are so many interesting things going on.

Cheers, Eija

Share this

Our solution blocked 100% of the representative set of malicious apps discovered in the last 4 weeks tested. Nice.

The test went beyond just testing the ability to block bad software.

PC Magazine‘s Neil J. Reubenking explains:

Antivirus protection is important, but for mobile users additional security features like anti-theft can be just as important. In the initial test of Android-based antivirus, AV-Test noted whether each product included specific additional security features: 1) anti-theft (remote lock, wipe, and locate), 2) call blocking, 3) message filtering, 4) safe browsing, 5) parental control, 6) backup, and 7) encryption. In the latest test, products are scored on whether they include extra security features, either the seven from the preceding list or other useful security features.

You can see our complete score card here.

We want to congratulate all the fellows on who work to make our Mobile Security the best protection in the world.

And you can try Mobile Security for free here.

Cheers,
Sandra

Share this

• It’s free;
• it’s fast;
• it works on your Windows PC EVEN if you have security software from another company installed;
• it’s light — less than 5 MB — and doesn’t require installation;
• it eliminates viruses;
• and now it removes one of the most difficult-to-remove malware in existence — advanced rootkits.

Rootkits are tough to detect and even harder to get rid of. They boot up even before your operating system does and often require restarting your system from a CD or flash drive with the help of customer service or an IT expert.

But with our Online Scanner, you can remove them easily, quickly and for free with just a few clicks.

Millions of computers around the world are infected with rootkits like TDL and ZeroAccess. To make sure your PC isn’t one of them, run Online Scanner and then make sure your PC is protected with security solution like our Internet Security 2013 that protects you against advanced threats.

Cheers,

Sandra

Photo credit:  AnyaLogic

Share this

I’m not going into the big picture about anonymity and privacy here. I’m going to present a tool that can be used to obfuscate your true identity. The anonymity network TOR. This is a tool and network that provides fairly strong protection against anyone who try to find out where a connection over the Internet really came from.

Let’s first debunk two myths.

• This kind of stuff is only needed by criminals. I’m a law-obeying citizen! Well, yes. It is in most cases OK to surf without this kind of protection. But it is also good to be aware of this possibility. There are situations where it can be smart to cover your traces even if you have perfectly honest intentions. And being anonymous is not wrong in any way, you have the right to use this kind of tool if you like.
• I don’t know how to do this. I’m no hacker. Don’t worry. Using this tool is no harder than installing a program on your computer.

So what’s the problem we are trying to tackle here? Practically all services on the net log all access. This log contains the so called IP-address that you are using, no matter if you have entered your real name at the site or not. The IP-address is a numeric code that is unique for all devices that connect to the net. Your ISP assigns one to your computer (or router, or modem) automatically when you connect to the net and you don’t have to worry about that. When you surf “anonymously” on a site, the site owner will know this IP-address but not who it has been assigned to. That information remains in the ISP’s log and is typically revealed only to authorities when investigating crimes. (Depends on local laws.) So you can under normal circumstances be traced back to your ISP, but the trace stops there.

So you have a certain level of privacy when surfing from home. But what about your computer at work? Here the company is in the ISP’s position. All traffic you generate can easily be traced to the company, but not to your workstation. The company’s administrators may be able to trace further, but that depends on how the internal network is managed.

Here’s some examples of situations where the default protection may be insufficient:

• Your ISP may protect your identity, but how reliable is that? Someone may present fraudulent accusations to get access to your true identity. People may misuse their access rights and leak data. The ISP’s employees are just humans after all. You don’t have to worry about that if you are using TOR.
• What if you discuss something online from work, but the topic is totally unrelated to your employer? Or even in conflict with your employer’s interests. Then it’s best if no one afterwards can claim that someone from that company made a comment in the discussion.
• If you consider becoming a whistle-blower, get TOR! Handle the case through TOR exclusively. This is a tricky situation where you may break contracts or even the law, and still do very much good for the society. You may have to pay a high price for being a hero unless you protect yourself.
• TOR can circumvent some national censorship schemes. This benefit is obvious in totalitarian states, but might be more relevant to you than you think. Finland, for example, is considered to be a democratic country without severe human rights problems. But despite that we have an Internet censorship scheme that was developed to stop child pornography. Now it is misused to block on-line poker, criticism against the authorities and many other things. The list of censored sites is secret and site owners can’t challenge it in court. But TOR-users have free access. (Yes, seriously! Sounds like China or Iran but this is in EU.)
• TOR is not only protecting your identity, it also encrypts traffic and prevents 3^rd parties from finding out what you are doing and who you are communicating with. This may be beneficial if you don’t trust the network you are using. A good example is FRA in Sweden. They have legal rights to intercept all network traffic crossing Sweden’s borders, including traffic in transit to other countries. A bummer for us here in Finland as our cables to the world go west.

TOR is a privacy network that routes your traffic through a chain of several randomly picked servers before it goes to the site you are accessing. The traffic is encrypted all the way from your computer to the last relay machine. The protocol is also designed so that the relaying machines never know more than they need to know. The first server knows who you are but not what you are doing or what site you are accessing. The last server can see your traffic in plaintext and knows where it is going, but do not know who you are. None of this is however logged by the TOR relays as their purpose is to ensure your privacy. Even if someone with malicious intent would get hold of one of these servers, they would not be able to reveal your secret.

The simplest way to use TOR is to download and install the browser bundle. It consists of two parts that work together seamlessly. “Vidalia” is the control center that sets up the chain of secure servers and handles communication. “TorBrowser” is a Firefox-based web browser that is preconfigured to communicate through TOR. It makes it easy to start using TOR, no nerdy settings needed. A separate browser is also really necessary to guard your privacy as your normal browser is full of cookies that can identify you.

Installing TOR is easy, but that alone does not guard your identity. If you want to be truly anonymous at some certain site, you need to follow some additional guidelines.

• Do not use a user name or account that you have used previously without TOR. That account can be connected to your real IP-address using old log entries. Start fresh and create a new account through TOR. Needless to say, your new alias shall not give any hint about your true identity.
• Make sure that all your access to the site where you want to be anonymous is through TOR. Even a single login from a connection that can be traced may reveal you.
• If you have to provide a mail address for your new account, use TOR to create a new mailbox in a webmail service of your choice and use that address exclusively. tormail.org is an alternative if you are paranoid.
• Think about what info you submit when anonymous. Personal info is naturally no-no, but also other kind of knowledge may reveal you or limit the number of possible persons behind your alias.
• Don’t use both your anonymous identity and your real identity from the TorBrowser at the same time. This makes it possible to tie them together as they both would use the same IP-address. You can use the Vidalia-console to refresh the IP-address that is shown outwards. Make sure you do this before logging in with another identity, or use your real-life identity from your normal browser instead.
• Don’t break the law. That is of course good advice in generic as well. In this case a criminal investigation will pose a greater threat against your anonymity as the authorities have much more abilities to trace you.

Disclaimer. I hope you never truly need this kind of protection. But if you are in doubt, play safe and cover your tracks. Also keep in mind that it is tricky to be truly anonymous on the net. That is especially true if you are wanted by the authorities. Do not rely solely on this article if you are in a situation where your personal safety depends on anonymity, like for high-end whistle-blowers or opposition activists in non-democratic countries. What’s said above is a good start in these situations too, but you should get a more comprehensive understanding of on-line anonymity before putting yourself at risk.

Check what your surfing looks like from the site owners’ perspective. This site reveals the info. If using several connections, like home and work, check all of them. If you install TOR, visit the site from the TorBrowser to see how the address has changed.

Safe surfing,
Micke

PS. Another way to see the need for anonymity. The law protects our property against thieves, but still we use locks. The law protects our privacy on-line (to some extent), but most people do not enforce that in any way. TOR is for privacy what a lock is for theft. Why not play safe and lock it?

Photo by zigazou76 @ Flickr

Share this

F-Secure is about to host our annual Hackathon in Bangsar South at our Kuala Lumpur office on April 12-13.

It will kickoff F-Secure’s 25th Anniversary celebrations in the APAC region. The theme is “Securing service in the Web” and developers will be provided with a variety of APIs for web reputation and real-time malware detection from our cloud network.

The winner gets to have dinner with our own Chief Research Officer and inductee to the Infosecurity Europe Hall of Fame — Mikko Hypponen

You can sign up here.

Cheers,

Jason

Share this

- (phone rings) Hello.
- Hello, I’m calling from American Express. Are you Mr. *****  ******?
- Yes, great that someone finally reacts to my reclamation.
- First I need to verify your identity. What’s your social security number?
- Excuse me but you are calling me on a number that you have in your register, so you can be pretty confident that you are talking to the right person. But I have no way of knowing that you really are from Amex. So YOU tell ME what my social security number is. I know you have it on file.
- (silence) Well, eh … we must identify our customers to be able to serve them by phone. It’s company policy.
- Yes, I know that. But I’m certainly NOT going to give out my number to a stranger who calls and asks for it. I really need some kind of identification from you first.

It went on like that for a while until I proposed a compromise. I told her the first part of my number and she told me the last digits. It all matched and we were able to proceed.

This post is not about American Express, it is about a severe and widespread problem that is visible in this case. The problem is these Social Security Numbers, SSNs, or National Identification Numbers which is a proper global term. They appear in most countries, in many forms and under many names. But they all have two things in common. They were designed to be unique and distinguish persons with the same name. And they are misused for identification.

The practice of using the SSN as proof of identity is really fundamentally flawed. They are used in the same way as a password, knowledge of the “secret” is supposed to prove who you are. The problem is just that the SSN isn’t designed to be secret. If you are a little bit Internet savvy, you know the basic rules for safe passwords. Think of your SSN as a password. It’s assigned once for your whole lifetime and you can’t change it. You are forced to use the same SSN on all services you use. It’s printed on various documents, depending on what country you live in. It’s recorded in numerous registers, and you don’t even know where all those registers are and who’s got access to them. Would you handle the password to your favorite net service this way? Hell, no! Still knowledge of this fundamentally flawed “password” may enable anyone to get credit, order goods, close accounts, etc. in someone else’s name. Scary!

But what can we do about it? Let’s refresh the memory with some practical advice about how to handle your SSN.

• Do some googling and look for national advice about SSN security in your country. Laws and practices vary and a local source is typically more accurate. But here comes some generic advice.
• Do not give out your SSN unless you know who he other part is.
• Verify that the other part has a valid reason to use your SSN before you reveal it.
• If a business demands your SSN, you can refuse to give it but the business can refuse to serve you. You can either comply or spend your money elsewhere.
• Some try to phish for SSNs, look out for fraudulent web forms that ask for it.
• Check what documents you carry in your wallet that have the SSN printed. Avoid carrying those documents daily, if possible, as your wallet may get stolen.
• Invoices, tax documents etc. may have the SSN printed. Think about how you dispose those papers. If you have a shredder, use it.
• Needless to say, don’t post the SSN on the net in any context.

This will help a bit, but not cure the fundamental problem. Your SSN is still used and stored so widely that you may be the victim of identity theft even if you do all this.

The problem is really the misuse of SSNs as proof of identity. And the next question is obvious, what should we use instead? Yes, that’s right. There is no common, safe and reliable method for identifying a caller. Some companies have their own methods to improve security. They may require both your SSN and for example a customer number or invoice number. Better, but still not good as those additional numbers aren’t protected very well either. The banks have good systems with sheets of one-time passwords, or similar. These system have been developed with security in mind and are typically reliable enough. They are developed for on-line access but often work for identifying a caller as well.

Banks have good systems, but they are unique for each bank. We would really need national systems, or even better, a global system for reliable identification of persons both on-line and over the phone. More and more of our transactions cross borders and national systems do not help if you are dealing with someone overseas, like in this case. The problem is not technical, public key cryptography and digital signatures could be deployed to achieve this. But agreeing on a reliable global identification standard that won’t become a privacy threat would certainly be a significant political achievement.

So we probably have to live with this flaw for quite a long time. National solutions will no doubt become available in some countries. Estonia is usually quick to utilize new technology and this is no exception, An electronic ID is a good fundament even if reliable identification over the phone still would require some additional technology. But the rest of us just have to acknowledge the risk, keep our non-secret SSNs as secret as possible and hope for the best.

Safe surfing,
Micke

Image by DonkeyHotey @ Flickr.

Share this

94% of all mobile malware the F-Secure Response Labs analyzed in Q4  targets Google’s Android platform.

You can get the whole report here.

Here’s what the growth of mobile mobile malware looks like over 2012.

As Android threats have grown, Symbian malware has nearly disappeared. Why? Symbian which used to be the world’s most popular mobile OS is disappearing. Nokia phones are increasingly moving to Windows Phone, which — as you may have noticed — is attracting no threats. The world’s second most popular mobile platform Apple’s  iOS for iPhones and iPads also had no threats found in 2012.

Why the difference? It comes down to platform openness and App store security.

How can you protect your phone from these threats?

1.  Stick to the official app stores.
Apple and Microsoft have strict guidelines for their app stores and Google’s Play store is increasingly adopting restrictions that prevent bad apps from ever showing up. If you only get apps in the official stores, your chances of getting a bad app are almost zero.

2. Check out reviews.
Malicious apps are often weeded out by active users who rate and review software. If an app doesn’t have positive feedback and a lot of it, you probably don’t want to be the one who tests it out.

3. Keep your phone’s software updated.
Your smartphone is a mini PC with the same software issues that your PC has including software that continually needs to be updated. This may require some help from your carrier depending on your phone –  but the basic rule is: The more current, the better.

4. Be very careful when giving your mobile number out.

The main thing to keep in mind is that while your family and friends may want to pry on your phone to see what you’re up to, the most likely reason a criminal will be targeting you is pretty obvious.

You guessed it: FOR THE MONEY.

Cheers,

Jason

Share this

Soon I get a mail from a nice young lady. Let’s call her Mrs. Witney De Villiers, as that is what he or she called herself. (Probably a randomly picked false identity, any similarity to real existing persons is purely coincidental.) She was very keen on buying my boat and we had a nice conversation over a couple of days. I did unfortunately not sell the boat, but I got a nice story to tell instead. I will not bother you with all the details, so here’s a shortened version with all the important parts included.

- Hi, I’m in Mexico and I want to buy your boat. How long have you had it? What’s the final price? (Well, I’m in Finland and this is the point where I became more or less convinced that it is a scam.)
- I have had it for five years.
- OK, the price is fine. I want to buy it. Please take down the ad. What’s your PayPal account info so that I can make a payment? I’ll cover the PayPal charges. (Needless to say, the ad remained up.)
- Good news. I can accept wire-transfer which would be a lot cheaper for you than PayPal. (She can’t accept if this is a traditional PayPal scam.)
- Sorry, but I can’t do wire-transfers now. I only have access to PayPal because bla bla blaa …. (Yes, another scam-indicator.)
- OK, I created a PayPal account. Here’s the account info. But there’s some paperwork we need to handle before we proceed. Please fill in the buyer’s part of this attached contract and mail a scanned copy to me. I also need a picture of your photo ID. (The provided PayPal account info was false.)
- Great! I have made the payment. “Check your mail as there should be a confirmation mail from PayPal. I made an extra payment of 3650 € and I’am sure you noticed that, you’ll have to send the extra amount to the Shipping Company through Western Union right away, so that they can come ahead for the pick up and also you should send your address where they have to come for the pick up and also the necessary Western Union Payment Information.” (All the key elements in this very traditional scam becomes visible at this point. This is where you should realize what’s the name of the game, if you haven’t figured it out already. A faked mail from “PayPal” appears in my spam folder.)
- Hold your horses. We need to do the paperwork first. See my previous mail.
- “I want you to know that I have made an arrangement for you to receive the copy of my ID and my other necessary data for the boat. I want you to know that the courier representative coming over for the pick up has all he said documents in an enclosed confidential envelope with him which he will deliver to you in person.”
- Well, we really need to close the deal and have a legally binding agreement before we can arrange for transportation.
- “I understand your concern and certify that all sales is final. Your show of concern has given me a very good fact that you are indeed an honest seller hence, the reason why I am using this medium to confirm to you that all sales is final and I am satisfied with the present condition of the Boat.. so you can now proceed with the western union and get back to the paypal with the western union scan receipt so they can release all the fund into your account immediately..More so, send me a copy of the western union receipt… i look forward to read from you…” (Contract and passport files attached. Oh gosh what a poorly faked British passport!!!)
- Thanks, but you forgot to sign the contract.
- “Oh sorry, I write my name as the signature.. i hope to receive a copy of western union receipt from you today…” (That “signature” was typed, not handwritten.)
- Just want to let you know that I need the SIGNED contract before 3 PM. Otherwise I will not have time to go to the bank. And I’m traveling tomorrow so I will be unable to handle transactions. (To create urgency is a common scammer tactic. )
- “Have signed on the contract.. i wait to read from you with the western union receipt..” (Printed, handwritten and scanned this time. It’s 4 AM in Mexico when this part of the conversation takes place.)
- WTF!!! The bank refused the transaction. The recipient is on some kind of international blacklist, apparently suspected for criminal activities. (Well, I wasn’t completely honest here.)
- “How about you go there and split up the money in to 2 and send on two transaction.”
- I’m certainly NOT going to send any money to a blacklisted company!
- “here is another shipping company info [another private person in US] I wait your story again” (We enter the threatening phase. A while later a mail appears in my spam folder. “PayPal” will take “LEGALACTION” and hand me over to FBI if I don’t pay in 24 h.)
- What are those clowns at PayPal up to now? They talk about some legal action against me even if I haven’t entered into any legally binding agreement to transfer money. Do you have any clue, or maybe I should contact PayPal directly and ask what they think they are doing? (Let’s see how/if they react. Contacting PayPal would reveal the scam instantly.)

Next I got a long mail pointing out how honest this lady is and how keen she is to do business with nice and honest sellers like me. But she can’t unfortunately do anything about the PayPal actions as the purpose of all that is to protect both the seller and buyer. She points out that even a smaller sum would be enough to release the payment into my PayPal account (ok, we are in the bargaining phase). At this point I decided that this blog post is becoming far too long and chose to not respond at all. She didn’t get back to me either. They probably realized that they are not going to get 3650 € from me and gave up.

As you have noticed, I became wary at a pretty early stage. There were several details in this conversation that made me suspicious. 37 to be more precise:

1. The boat is of a local brand made for the Finnish market and totally unknown pretty much everywhere else. Why did she want this particular brand and model? Boats are also different in Mexico and Finland. My boat would be a real oddity over there.
2. The boat is far too cheap to make it feasible to ship across the Atlantic.
3. Smaller boats are inexpensive and widely available in the US. Buying one from Europe would be madness even if shipping was free.
4. Buyer showed very little interest in the object. A 10 years old boat is not a bulk item. Every such boat has a soul of its own. One would be mad to buy without seeing it.
5. Only one question was asked about the price. And it was no problem to proceed even if I ignored that question. Well, price doesn’t matter if you have no intention to pay.
6. The buyer paid a lot more interest in the payment process than in the object of the deal.
7. The buyer was extremely keen to pay and close the deal, but not to make any official papers that would prove her ownership. It should really be the buyer who cares about the papers and the seller who cares about payment, and not the other way around.
8. Messages in the beginning of the conversation were very generic boilerplates. They were designed to work for any kind of goods. It doesn’t sound very convincing when selling a boat and the other part insists on talking about “the merchandise”.
9. No other method of payment worked except PayPal. Naturally, as their scamming technique is based on PayPal.
10. I’m supposed to make a payment to a courier company, which indeed do exist. The address to receive the payment has however nothing to do with that company. Both courier companies seem to use private persons in US as their billing contacts. Strange.
11. A common tactic throughout the conversation was to ignore questions and requests that were not part of the script. They were addressed only if they stalled the process.
12. The buyer had no problem “sending the money” even if the provided PayPal account was false. “PayPal” also had no problem sending mails to this non-existing account holder.
13. The scam includes sending a fake message from PayPal stating that the money is on hold until the shipping agent has been paid. This fake is obvious if you know how PayPal works or know how to check the sender’s true mail address.
14. The whole scenario match the very common scam where the victim is lured to pay money to someone and is promised more money later. The Nigerian scams belong to the same group and use a logic that is quite similar.
15. At one point they claim to be satisfied with the present condition of the boat. They have made no attempt to find out in what condition the boat is.
16. This Mrs. Witney De Villiers seems to be a true cosmopolitan. She is using an address and phone number in Mexico for this deal but her passport is British. At one point she also mentioned a phone number located in the British Virgin Islands. A Google search revealed that young ladies with an identical picture are living in at least two different places in US, but are using different names.
17. If the husband of Mrs. De Villiers is still around, then he should do some Googling too. Seems like at least two dating sites have profiles with the photo of his wife.
18. If you look European and hold a British passport, one could assume that you know English. But I guess that means nothing, people are so sloppy with grammars nowadays …
19. And the passport. Oh gosh! Where should I start? The name has apparently been replaced, very bluntly, I might add. The first thing that strikes the eye is that the new name is in a different font than the rest of the passport. The font isn’t even close. But they did at least get the color right. All text is black. That’s an achievement considering their overall Photoshop skills!
20. The background behind the replaced name does not have surface structure that is coherent with the rest of the passport.
21. They didn’t apparently know how to scale pictures in Photoshop as the passport’s photo is smaller than the place reserved for it. (The photo of “Mrs. De Villiers” can be found on the net with more than sufficient resolution to fill the whole space.)
22. The empty space around the passport’s too small photo is very badly cloned.
23. If replacing part of a text line, make sure the new text is vertically aligned with the old text. It looks funny otherwise. Using the same text size also helps. And yes, I mentioned the font already.
24. The passport’s signature is readable. But wait a minute! It reads Gabriella B and not Witney De Villiers!
25. The embedded metadata in the passport’s picture file reveals that it isn’t saved by a camera’s firmware. The file comes from Adobe Photoshop CS4 for Windows.
26. The content of the optically readable bottom lines do not match the standard for passports.
27. Got a contract with a typed signature instead of handwriting. The habit to handwrite signatures should be fairly well known globally.
28. When I finally got a signed contract, the signature bears no similarity to the signature in the passport, even if both are supposed to be signed by the same person. They didn’t even try to mimic he signature in the passport.
29. The signed contract seemed to be scanned with a Konica Minolta multifunction device. “Mrs. De Villiers” mentioned however earlier that one of the reasons why she couldn’t do wire transfers was that she was out boating. Well, she could of course be cruising with a well-equipped boat, but buying mine would be a big step down in that case.
30.  “Mrs. De Villiers” is very keen to get the receipt of the transport agency payment herself. The faked mails from “PayPal” do however clearly state that it is PayPal who need the receipt to clear the transaction, and not the buyer.
31. This young lady in Mexico seems to have unusual working hours or staff that works shifts to answer her mail. Replies are received promptly throughout the European working hours.
32. When the payment is delayed they start to threaten the victim. “PayPal” claims that legal actions will be taken if the payment isn’t made, and the seller hasn’t fulfilled that part of the “agreement”. Interesting in a situation where the seller hasn’t made any legally binding commitments to relay money.
33. When they enter the threatening phase, they try to use FBI to scare the victim. Finland is not part of the US, which the scammer may or may not know. Looking up the name of the local police, or even using Europol, could have increased the scare-factor. They do mention the “World Law Enforcement Agency”, but selecting an existing agency might have been more effective.
34. The first threat mail arrive less than 48 h after the initial notification that “PayPal” has a pending transaction. No previous mails do however contain any information about a deadline for the payment or anything about legal consequences if no payment is made.
35. At one point she started bargaining and suggested that I should send at least some money ASAP and the rest when I have got the money on my account. 20 minutes later I receive a mail form “PayPal” that clearly states that the full 3650 € must be paid before the funds are released. There were many more discrepancies between the messages from “Mrs. De Villiers” and “PayPal” even if both came from the same source.
36. When the bargaining starts, she mentions that I can pay a smaller part first if I’m short on cash and need to borrow money. Well, a couple of days ago I claimed that I had tried to transfer the whole sum, so it should be clear that I have the money.
37. Some of their boilerplates seem to have been in use for many years. Googling key phrases will reveal the scam immediately and point to discussions and warnings that are several years old.

Fake passport. Some parts blurred to protect victims of identity theft.

Sounds hilarious, doesn’t it! The scam is so obvious when presented in this way. And forcing the scammer out of the ready-made script makes the act crack up even more. But the sad fact is that people are lured by these guys daily. A lot of this seems to be done in volume so they must be dealing with a significant number of victims every day. Their way to do business very quickly and easily may seem feasible for smaller bulk items, and may not ring the alarm bells in the same way as when dealing with bigger items. Big or small item, it’s always a good idea to take a critical look at the whole case and look for discrepancies like this. Many of the points listed above are on their own enough to spot the scam. Also make sure that they can’t orchestrate the show on their own. Think about what you need to be able to trust the other part, and be persistent about getting what you want. Reluctance to comply is a pretty strong sign that something is fishy.

The core point for anyone who runs into cases like this is however to understand how the scam works. That’s the key to recognizing it in practice. You are promised money but something must be paid before the transaction can be completed. Sounds familiar? Yes, this is basically the same scenario as in the Nigerian scams. The core of the scam is that the money you are to receive is just a promise, but the money you transfer to someone else is real. The PayPal-based scams may be somewhat more effective as many people trust PayPal. It’s not an official bank, but many people think of it as a bank. You may believe that this trusted party is holding the money and securing the transaction. In reality, all you have got is a faked mail. There is no PayPal transaction and the promised money is just numbers written in the mail.

If you fall for the scam and pay, the scammers will vanish like smoke in thin air. PayPal can’t help you as this has nothing with them to do. The scammers have just misused PayPal’s name. And the payment method used to collect your money is always irreversible and provides no security for the sender.

So to summarize. If you ever consider engaging in a transaction with strangers and where money is relayed through you, you should:

• Validate the reasons for the transaction. Most proposals of this kind are scams.
• Make sure that you really know who you are dealing with. Demand proof of identity.
• Make sure that the money is under your own control before making any payments to others. Cash or a deposit in your own account is pretty safe. (Added: See the comments below for an issue with this.)
• Make sure that you are not engaging in money laundering.

What really strikes me is how poorly this false buyer’s role is created. Some simple Google searches is all it takes to reveal the scam. And many discrepancies would have been so easy to fix. Are these guys really “America’s dumbest criminals”?

Maybe, maybe not. The point is probably that you need to be suspicious before you turn to Google. And once there you will find descriptions of this type of scam no matter how well the scammers have tried to eliminate discrepancies in their story. So once you get suspicious, it’s game over for the scammers anyway. The most profitable tactic for them is maybe to run the scam en masse without caring about the details, and just harvest those who won’t get suspicious until it’s too late. Or maybe they’re just stupid and can’t do any better? (Believing that anyone would fall for that fake passport would indicate the latter.)

Well, the boat is still for sale. Anyone interested?

Safe surfing,
Micke

Message from “PayPal”. Note the sender’s address and the scam warning. The warning is actually authentic and copied from real PayPal messages. This may be good advice against phishers, who just know the mail address but not the victims real name. All “PayPal” mails in this case had the correct name in the beginning.

Share this

Thursday night and checking Facebook on my mobile before going to sleep. One of my friends is complaining about how hard it is to use Yahoo mail abroad. Problem logging in and now there’s some problem with the account. “Your E-mail account has exceeded its limit and needs to be verified, if not verified within 24 hours, we shall suspend your account. Click Here to verify your email account now.” And when you try to resolve it, it doesn’t even work. You just end up on the login page! Damn Yahoo!

Stop! This message is not about a problem with the mail system, it’s a very typical phishing mail. I responded with a warning, and yes, the link had indeed been clicked and the credentials entered on a page that looked like the Yahoo login page. That made my friend a phishing victim like so many other Internet users. It was the beginning of a long night trying to figure out how to change the mail password using a tiny mobile screen. But the case came to a happy end. The password was apparently changed before the attackers had a chance to take benefit from the account, thanks to the swift reaction.

How to spot a phishing attempt?

• It arrives as a mail message. Mail can be sent by anyone and it is trivial to spoof the sender’s address so that it seems to come from your mail operator or some other company you trust.
• People think less when they are afraid so it tries to create a sense of danger. Something bad will happen unless you react. The closure of your account is a very common threat when phishing for e-mail accounts.
• People think less when in a hurry so it tries to create a sense of urgency. You need to act right now. This lowers the risk that the victim checks out the facts first. The 24h deadline is a typical trick to achieve this.
• It links to a web page that looks like an official page of, for example,  your mail operator. But it is actually controlled by the attacker, who also receives any information you enter. You are hacked if you enter your mail user name and password, or other valuable information.

My friend is not a computer newbie, and did in theory know all this. But the attack succeeded anyway. How is this possible? Imagine that it is late in the night and you are tired. There are other people distracting you. You are traveling and really depending on your mail account. And on top of that, you have had problems and expect even more trouble with this operator. So this is a very typical situation where the fingers can be faster than the brains. This is really the optimal situation for an attacker to hit, and they happened to send this phishing mail at the right wrong time.  Honestly, are you sure this couldn’t happen to you?

Ok, so what should I do to avoid being phished?

• First of all, do not click links in mails! This is not just about phishing, many get malware too by clicking links. But there are also legitimate links that friends send to you. So you should always think about who the sender is (remember, the apparent sender can be spoofed), in what style and language the message is written, what the claimed content of the link is and how does all this fit together? To summarize, do I expect this kind of message from this person (or company) at this time? This way you should be able to spot the legit links.
• If in doubt, check what address the link is taking you to before you click. Note that the text forming the visible part of the link may look like a web URL but still be linked to a totally different address. Hover the mouse pointer over the link and examine the address that the mail client or browser shows you. Make sure that the address match the company or site that the link is claimed to point to. For example: The login to Gmail should start with “https://accounts.google.com/” but a phishing site targeting Gmail may use an address like “http://accounts.google.com.etw368hj.nu/”. The latter does NOT belong to Gmail.
• Get familiar with the login URLs of your favorite services BEFORE you run into a phishing mail. Then it is a lot easier to spot the spoof. The address may look long and nerdy, but you only need to mind the part after the double-slash “//” but before the first single slash. That part identifies the server that you will access. (Your browser may show the address without the initial “http://”, in that case just examine the part before the first slash.)
• Get familiar with the concept of secured web pages and how to recognize them. Login pages of important services are typically protected this way. Their addresses start with “https://” instead of “http://” and your browser shows a lock or similar symbol next to the address field. You can examine the certificate of the server you are connected to by clicking the lock, and this is reasonable hard proof about who’s running the service. Needless to say, the phishing sites can’t duplicate these cryptographic certificates.
• If you suspect that there really may be a problem with your mail account, then log in with the link that you normally use to access the account. Do not use a link in a mail message. Look for info banners and pop-up messages shown in the browser after you have logged in. These messages are a lot more reliable and can generally be trusted. Mail operators are well aware of the phishing threat. If you get a mail claiming that there’s a problem, then you can be pretty sure that it isn’t true. The mail operators do not communicate in that way.
• If you still fall for the scam, attempt to change your password right away. This is also a good time to think about if you have used the same password on other services. Say that john.doe@gmail.com is using the same password as john.doe@hotmail.com. If one get hacked, then the hacker just need to try some of the common mail services to get access to more accounts. This would be a good time to brush up your password practices.

As a practice, examine the link above and try to figure out where it points and what company it belongs to without clicking it.

Safe surfing,
Micke

Phishing @ Wikipedia.

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.

Share this

Cybercrime doesn’t just affect end users. Infected networks cost providers huge losses through needing to deploy expensive internal resources to clean, repair and manage any damage caused. In addition to direct theft of data, operators experience additional financial pressures from increases in service calls from infected end-users, researching and refunding fraudulent charges, reduced network bandwidth and damaged brand association – let alone the risk of potential fines and penalties.

Reduce your risk, improve your anti-cybercrime activities, and enjoy more profitable customers with F-Secure AntiBot: a cutting-edge, new product specifically designed to clean an operator’s network of botnets.

• Secure your network and attached devices
• Provide customers a significantly differentiated offering via a more secure network
• Reduce costs from increased help-desk usage, fraudulent billings, and repair costs associated with cyber crime
• Provide customers with a safe and uncomplicated experience

F-Secure AntiBot is designed to automatically detect and identify infected network devices and remotely disinfect them. It can guide end-users through a simple cleanup process that reduces or eliminates the need for expensive and time-consuming calls to your helpdesk and support services – thus providing a more customer-centric and positive experience.

A Bot is a malware-infected device that gets taken over and remotely controlled by cybercriminals. A Botnet is created when cybercrimals are able to take over a number of devices and link them together to perform broader activities and more extensive damage – like sending mass spam that hogs a network bandwidth, sending text messages to premium numbers, or flooding recipients with unwanted ads. They can even take a device “hostage;” requiring a ransom to be paid before ceding control back to the owner.

“Botnets are not only extremely disrupting to consumers, in that they impact device and Internet performance, they are also a risk to their privacy.” says Pekka Mettälä, Head of Global Business Development at F-Secure. “Private credentials like passwords can be stolen, giving access to online bank accounts, social media accounts, and other personal data. Operators who can provide customers with more simplified or automated and robust protection from botnets, will enjoy a distinct advantage over their competitors as well as more satisfied and loyal customers.”

Operators benefit directly through reducing their network’s vulnerability and through doing their part towards stopping the proliferation of botnets and cybercrime. Expensive resources previously dedicated to repairs and maintenance after an infection is discovered, can now be utilized for more productive activities.

Customers benefit from an overall reduction of risk as well as a more simplified process for dealing with their infected devices.

Cheers,

Melissa

Share this

One of the major trends is no doubt the increasing importance of exploits and vulnerabilities. And you have probably already heard the nagging about how important it is to patch your system. That IS good advice and our threat report shows how it is getting even more important. But I don’t want to just repeat the nagging. I want to take the opportunity to dig a bit deeper into this issue and explain what it is all about.

There are basically two ways to get malware into your computer; to trick you to install it and to utilize a vulnerability. All software in your computer is written by humans, and as we know, “mistake” is our human race’s middle name. Mistakes in computer programs are called bugs and a vulnerability is a special type of bug. Many bugs just affect the functionality of the program. Something may not work or work in an unexpected way. Applications are supposed to handle errors in a graceful way. But they may encounter erroneous data that the programmer didn’t anticipate. The application wreaks havoc and starts behaving in an unplanned way, and this may breach security. If this can happen, then there’s a vulnerability in the system.

An exploit is data that is carefully crafted by a hacker. Its purpose is to create an error that is no accident . What happens after the error is not chaotic after all; it is orchestrated by the hacker. He has at this point gained unauthorized control and the next task is to make sure that some malware is installed permanently on the system. The attacker has successfully exploited a vulnerability.

This may happen by just visiting a web page. The web page is a document that is rendered by your browser. If your browser has a vulnerability and you visit the wrong page you may be victim of a so called drive-by download. You surf the page comfortably unaware of the fact that a program silently is installed on your computer. And that’s not a friendly program!

But I have bought an antivirus program for good money. Doesn’t that protect me? Yes, that’s good. But we still recommend that you pay attention to patches as well. Your security product will detect and block malware that is about to execute. It will monitor your file transfers over the net and block harmful content. It will even check what sites you surf and warn when entering hostile territory. And if all that fails, executing programs are watched for suspicious behavior. But all this is a cat and mouse game. The bad guys come up with new clever tricks to circumvent all these layers and the security researchers upgrade the product to cope with them. If you are unlucky you can hit malware that your product can’t cope with yet. Remember that no product will ever give you 100% protection no matter what the sleek marketoids are claiming! But you are still fine if you have patched the vulnerability that the bad guys try to exploit. The malware has to go through that bottleneck so why not plug the hole? It can’t be done by your security vendor; it must be done by the vendor of the affected software. Your security suite can just build layers of security around the hole, but not correct errors in other products.

OK, I’m convinced. I want to start patching my system now. But how? One problem is that you probably have software from several vendors on your system. They all have to produce patches for their own product and there is no single outlet that would provide patches for all vendors. That’s one of the reasons why we have made F-Secure Safe Check . This free tool checks the security of your system from several different angles; your patching status is one of them. And you will get instructions about how to patch if that is needed. Why not run it right away!

Micke

PS. Some definitions: (Source: Wikipedia)

Vulnerability
“In computer security, a vulnerability is a weakness which allows an attacker to reduce a system’s information assurance.”

Exploit
“An exploit (from the verb to exploit, in the meaning of using something to one’s own advantage) is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behaviour to occur on computer software, hardware, or something electronic (usually computerised).”

Patch
“A patch is a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance.”

Share this

One in ten – sounds like a lot, but what does this mean in practice?

One of our product managers illustrated the significance of a high threat detection rate with a practical example. On average, an employee faces two malware per year (depending on the Internet usage profile of the users and the other layers of the protection, of course). In a company of 500 employees, with a detection rate of 92%, 80 infections in total will pass the traditional malware protection. If the detection rate is 99%, only 10 attacks out of one thousand will succeed. A minor difference in percentage points can make up a major difference in practice.

With this in mind, we believe that detection rate is a key factor in the value of security.

With businesses spending sizable sums of money to clean up damage from malware, high malware detection rates take on greater importance. Have you ever wondered how much it costs to have your business down for one day? Companies are not only spending for malware cleanup, but costs are also incurred as a result of lost productivity, loss of data (such as trade secrets, intellectual property and private customer data), investigation, and post-incident management. And how about your company’s reputation – how much is it worth? Add all these together, and malware that has gone undetected can have serious ramifications to a business. And that’s exactly why even a one percent higher detection rate can save thousands.

Recent examples of attacks with possibly multifold consequences include the patient records of an Australian medical centre held to ransom, as well as Internet advertising network NetSeer suffering a hack that also affected any Web page that included an ad served from NetSeer’s servers – among others several high profile Web sites and news agencies. And these are only a tiny fraction of all the examples out there.

Cyber attacks are not only costly to large enterprises, but also affect small and medium sized businesses (SMBs). Small firms are increasingly popular targets for attacks, as they are not as likely to be adequately protected. In fact, according to Verizon 2012 Data Breach Investigation Report, 79% of data breach victims from the past year were targets of attacks mainly because they were found to possess an exploitable weakness rather than because they were pre-identified targets. In addition, the same study states that victims don’t usually discover their own incidents, but they’re typically discovered by third parties only weeks or months after the initial instance – when significant damage has already been done.

To stay on top of the latest threats, we are launching F-Secure Client Security 10 that provides proactive protection for corporate desktops and laptops. It offers enhanced security with DeepGuard 4 threat detection technology that has been tested by AV-TEST with top-notch scores against new malware. In these independent tests for preventing new “zero-day” malware attacks, DeepGuard 4 performs at 98 to 100%, while the industry average hovers around 90 percent.

So why does detection rate matter? The answer is simple: even a single incident can be one too many.

And that’s why our aim is to “Protect the Irreplaceable.”

Share this

This time of the year is always interesting. It is the time when Labs looks back on the past half-year to summarize what has happened in the threat landscape. I can proudly announce that the report for H2 2012 has been published and is free for you to download and read!

The report is once again packed with highly interesting reading on the threats that we all face when using the net. And this report is not just a repetition of what has been published in the media. A compilation like this makes it easier to spot the trends and the big picture. Thanks guys for putting it all together! And of course for the continuous research effort that it is based on. (I’m not going to list all the names here, the full list of contributors can be found in the report.)

Here’s some teasers…

Botnets. ZeroAccess was easily the most prevalent botnet we saw in 2012, with infections most visible in France, United States and Sweden. It is also one of the most actively developed and perhaps the most profitable botnet of last year. Read more about ZeroAccess and botnets in general at page 15 – 20.

Exploits. Java was the main target for most of the exploit-based attacks we saw during the past half year. This is aptly demonstrated in the statistics for the top 10 most prevalent detections recorded by our cloud lookup systems. Learn more about exploits at page 25-27.

Banking trojans. With regards to banking-trojans, a botnet known as Zeus—which is also the name for the malware used to infect the user’s machines—is the main story for 2012. Browse to page 21-24 to read how the traditional way to rob a bank has become hopelessly old-fashioned.

The web. Common sense is still important when surfing, but it is becoming increasingly difficult to spot the dangerous places. Ad-networks are integrated in an increasing number of sites and can distribute malware through web portals that should be trustworthy. More about the web’s dangerous places at page 28-31.

Mobile devices. Did you know that there is malware on all commonly used mobile platforms? But Android has the questionable honor to lead the pack, and the others are far behind. The full story is on page 35-37.

The threat report covers all this and a lot more. Why not make sure that you are up to date on the threat scenario by continuing to the report. It is highly recommended reading.

Micke

Share this

Last Wednesday marked the beginning of our first lecture at the Aalto University (Espoo campus) in Finland for our Reverse Engineering Malware course for the spring 2013 semester. This course expands and continues F-Secure’s longstanding efforts to promote education in information security, which started in 2008 with a course in Malware Analysis and Antivirus Technologies with the Helsinki University of Technology.

Aalto University’s Reverse Engineering Malware course is taught by security researchers from our Security Lab in Helsinki. The program teaches students about what malicious code is, how it can be analyzed, and how to reverse engineer executable code for different platforms, such as Windows and Android.

Towards the end of the course, students are also exposed to more advanced topics, such as understanding the latest techniques in binary obfuscation and exploits. The syllabus is designed to encourage a very hands-on approach to learning reverse engineering. Our security researchers personally craft exercises and lab assignments to help students gain an understanding of how malicious code works, for example by looking for hidden messages in the code (with keys to help them to achieve the goal of the exercise, as seen in the example below).

Do note that F-Secure does not use or write real world malware in our academic courses.  F-Secure strives to positively motivate programmers and includes modules that cover topics like ethics and legal issues in the course to encourage them to use their skills for a good cause – helping to protect the end user.

Over the other side of the world in Kuala Lumpur, Malaysia, where our other Security Lab is located to cater for the Asia Pacific region, we are partnering with Monash University (Sunway Campus) for the first time to develop a similar Malware Analysis syllabus, with a greater focus on the Android platform. The growing dominance of the Android platform in the smartphone market has also led to a tremendous growth in malware targeting devices using that operating system.

In conjunction with the lecturers from the School of Information Technology of the Sunway campus, and several security researchers from F-Secure’s Kuala Lumpur Security Lab, we are developing the syllabus from the ground up with brand new lecture and lab materials to help students whom are active in the security field gain a broader perspective of this field, as well as develop the specialized skills needed for analyzing malware.  Subjects and techniques covered in the lectures and lab sessions include, among others interesting topics, understanding the Android security framework, the operating and file systems, static and dynamic analysis of malware.

For those who are interested in understanding executable code inside out (literally) and are passionate about security, this is definitely the course for you! You can follow along on the Labs’ weblog for updates.

Share this

Have you ever wondered if that machine that gives you cash make also be swiping some? Do you know how to tell if an ATM skimmer has been adding to a banking machine? Are you using your primary bank account when you travel?

Then you need to watch this.

Our Mikko Hypponen and Sean Sullivan from the F-Secure Labs explain the risks you face when using an unfamiliar ATM.

Share this

You may have heard about Storify. A new tool that you can use to publish private conversations in Facebook. Scary, isn’t it? Or that’s at least the angle many headlines take. But the full picture is a lot less dramatic. In fact, Storify does not enable you to do anything that you couldn’t do before, it just makes it easier. And it is an excellent reminder about the risks with so called private messages.

Most legislations provide a fairly high level of protection for messages in transit. The goal is to prevent 3^rd parties from eavesdropping and tampering with the messages. But what many forget is that the parties involved in the communication have rights to use the message. It means that the recipient has fairly free hands to use what you write as soon as the message hits the inbox. Your only protection is really your trust in the other part. You may write things that both parties understand should remain private, and it may be sufficient protection today. But what about the future? We all know that trust can change. Many who have gone through a divorce know that the person you trust the most of all may become your worst enemy.

So what about Facebook and Storify? It’s just a good reminder about what can happen to “private” messages. The same threat exists in any kind of messaging service. Not only on the Internet, phone calls can be recorded and misused as well. Letters on paper can be copied, scanned and published. Facebook didn’t provide tools for publishing private messages, but that never prevented users from using copy-paste or taking screenshots of the messages. And our good old e-mail is no better. It has a button called Forward for this purpose.

The only thing that can protect you from this kind of leaks is to not write things that would be embarrassing if published. Be polite and adopt a no-nonsense attitude even in private communications. Think twice before reveling secrets over electronic communication systems. Even if you use encryption it only protects you against 3^rd parties, not against the recipient. And last but not least. Do not turn your friends into enemies. That’s probably the biggest reason for leaked private messages.

Micke

Photo by Sam Catanzaro @ Flickr

Share this

Stop! You should always stop and think when an unknown website asks for your mobile phone number (well, actually when asked for any kind of personal information). Knowing your number is the key prerequisite for someone who want to scam you with premium rate text messages. Ask yourself the following questions when you encounter a page like this:

• In what way do I benefit from giving my phone number to this organization? Do they have a valid reason to reach me by phone?
• Do I know this organization and is it trustworthy? Do I even know what organization I am dealing with?
• Am I accepting legal terms when submitting my number? Have I read them and did I understand them?
• Do I need to participate at all? Can I live without the opportunity to win an iPod, or whatever they offer me?

Most people already know that one should be careful when entering mail addresses at fishy websites. Your junk mail folder may start to fill up much faster than before. But what about your mobile phone number? It’s easy to forget that the mobile number is a key to a billing system. It can be a lot more harmful if it gets in the wrong hands. You may get an unpleasant surprise in the next phone bill.

How does the scam work? Someone puts up a web page where you can sign up for anything that sounds interesting. A lottery is a typical example. Your phone number is required as part of your personal information. And you are of course keen to get it right as you want to make sure they can reach you if you win. There’s also the usual checkbox indicating that you accept the terms, but who cares about those legal details?

Well, you should care. Somewhere deep down in the terms there is a paragraph where you agree to receive informational text messages, or whatever they are called, for a price that can be several Euros each. Yes, that’s right. The billing system of our mobile phones supports messages that are paid by the recipient. This scheme is not even illegal as you have agreed to receive them. And needless to say, the sender is impossible to reach if you change your mind and want to terminate the agreement.

You should leave out your phone number or steer clear of the site if you have any doubts about it. If the organization isn’t trusted, but you still feel that you really have to participate, get familiar with the legal terms. Yes, I really mean reading them!

Another variant of the scam is to send you an unexpected text message that invites you to a quiz, a lottery or something else. Responding to the message means in practice that you sign up to the scam.

So what about Frankfurt? Well, the page asking for my phone number was pretty nicely designed. It looked legit. But there was a legal document that users must accept. So I decided to not use the network. It’s much nicer to spend the remaining 20 minutes before departure reading a good book about sailing in the Mediterranean than reading legal terms.

Micke

PS. I’m of course not claiming that the Frankfurt network login is a scam. The point is that I can’t know for sure, and I don’t have to take the risk as the benefit I could have gained was very small.

Photo by whiteafrican @ Flickr

Share this

We’re proud to be featured in The Forrester Wave™, Endpoint Security Q1 2013 as top-ranked in Strategy. Forrester Research Inc. called us a Strong Performer and gave us the highest score among all vendors for our product roadmap and strategy.

What makes our approach to securing the workplace so appealing is that we don’t see ourselves just offering our clients security software—we take away the worry of securing your office and let our professionals do the job. I recently had a discussion with an end customer of ours in the media industry. He told me that he’s not really interested in what happens in the background and how our products work – he only wants to know that the level of protection is sufficient. And this is not a unique case; we’ve heard the same story from many of our customers.

This simple, breakthrough approach also makes it easier and more affordable to deploy the award-winning security we’ve been providing for more than two decades.

“We think this vision is closely aligned with the bigger climate change where IT all over the world is moving to procuring services rather than products,” Forrester said.

Forrester also praised our rootkit detection and DeepGuard, which we’re especially proud of. Deepguard anticipates threats using heuristical, behavioral and reputation-based technologies.

The other morning when I was commuting to the office in freezing cold weather, I started thinking about layered protection – a term we use to describe the way our protection technology is built. Security is a bit like weather; we forecast it to be able to be prepared. And the colder it gets, the more layers we need to protect us. It is not always that we need all the layers we’ve got at the back of our closet, but we still need to have them come the winter frosts – and the same logic goes for the different layers included in our security products.

Just as clothing companies develop better materials, we continuously develop new technologies to protect our customers

Forrester credited our Labs’ research and gave our Client Security credit for performance, anti-malware detection and customer feedback.

The best news is that they evaluated us even before our new Software Updater tool, which makes it easy to keep your network patched and protected, was released. And that’s a big part of how we try to be smart—by always improving.

Here are some of our tips on securing your business network. And you can find out more about our corporate service portfolio here.

[Photo by Sean MacEntee via Flickr]

Share this

If you’re on the Internet, you’re probably being monitored. If you’re using a free service, you’re giving up some of your privacy as a payment. If you post something online, you have to assume that it could easily be shared with anyone with an Internet connection.

But that doesn’t mean you have to give up your privacy when you turn on your PC or phone. Here are 5 basic resolutions that will help you make sure that prying eyes can’t get easy access to your data online.

1. I will have a strong, unique password for every account that contains private information.
If you’re super concerned about protecting your privacy, you’ll use unique, unguessable passwords for all your accounts and update them 3-4 times a year. For your most important accounts, this is essential. But for your webmail, banking and Facebook accounts, if you have them, good password hygiene is a must. Here’s a system to create strong passwords you’ll remember.

2. I will go “Friends only” on Facebook.
Sharing your digital life with your friends only won’t guarantee your privacy — ask Randi Zuckerberg. But it will help limit your potential leakage from private to public. Facebook isn’t completely private, of course, ever. But if you want to share everything, Twitter or a blog are probably better options.

3. If I use Gmail, I will turn on two-factor authentication.
If you use your Gmail for business, the extra-layer of security of two-factor authentication is essential. Just make sure that your phone also has some sort of anti-theft or Find My iPhone app installed in case a thief gets ahold of your device. You may also want to clear your Google history, if you’re not interested in that existing.

4. I will log out of any account I’m not using and lock my PC and phone when it’s not in use.
This is just good common sense that I personally ignore on a regular basis. Not in 2013! It reduces how you’ll be tracked, it makes it less likely your own accounts will be used against you.

5. I will keep my software updated.
Our smartphones and PCs are actually quite secure if we keep them patched and protected with update system and security software. This, as you know, can be time consuming, so I’ll update as they come up and for my PC, I’ll use F-Secure’s free Health Check.

Happy 2013,

Jason

[Photo by Triple Tri]

Share this

Here are a few suggestions to help you get off to a safe start from the moment you’ve got your system up and running.

PC–Laptop or Desktop

1. Make sure you’re running the most up to date software.
There have likely been several system updates since your hardware was packaged and you opened it. Hopefully your system updated itself or prompted you to update as you installed. But it’s always a good idea to double check. You can do go to Windows Update for your Windows machine. On a Mac, just click on the apple in the top left of your desktop and select, Software Update. You also want to make sure your other software is current and isn’t leaving some hole that can be exploited by an online criminal. You can update each program one-by-one or use our free Health Check.

2. Install security software.
Of course, as company that’s been protecting computers for 25 years, we believe security software including anti-virus is crucial. But don’t just take our word for it. Most, if not all, law enforcement agencies, governments and experts agree that you need security software if you’re planning to use the Internet. So if you aren’t going to use our award-winning Internet Security–which we invite you to try for free–please use another.

3. Choose a backup.Yes, we’re also in the backup business because we believe it’s essential to safe, smart computing. But if you aren’t going to use our Online Backup, you can use an external hard drive, DVDs or some other backup solution. But as our Mikko Hypponen demonstrated in his TED Talk, a reliable backup can save the day.

You may also want to: Uninstall all the programs that came on your PC as promotions if you know you won’t be using them. If you’re super security conscious, you should also disable all your Java plug-ins or make sure they never get enabled–unless you need them.

Smartphone or Tablet

After you’ve registered your accounts and synced your phone when possible, your mobile device is a lot like your PC.

1. Install mobile security.
We also offer Mobile Security for Android that protects your smartphone and tablet from bad apps and scams that are even more tricky on mobile browsers. Some say Android is replacing Windows as the number one target of online criminals–if that happens, it will be the result of too many people not protecting their phones.

Sorry, there’s no iPhone mobile security available yet because Apple isn’t allowing anyone to develop such apps and is relying on keeping bad guys out with its well-policed app store. But if you do not jailbreak your iPhone, it will likely be safe from bad apps.

2. Choose a backup.
You can choose from a variety of backup services for your smartphone, which as you know soon fills up with irreplaceable content. You can also backup by dragging and dropping your content to your backed up PC whenever you dock your phone.  Set up your Android to save your settings regardless of what happens to your device. Just go to Settings > Privacy, and make sure that “Back up my settings” and “Automatic restore” are checked off.

3. Install Anti-Theft.
It just makes sense that you’re more likely to misplace your phone or tablet than your PC. But it’s also simple to track your device and protect your data if it falls out of your hands. We offer free Anti-Theft. Apple offers a Find My iPhone app for free.

4. Stick to Official App Stores.
If you get your apps from the official Google Play or ITunes store, you will likely never deal with a malicious app. Be sure to check user reviews and stick with software that has a proven record.

Enjoy your new toy!

Sandra

Share this

1. The end of the Internet as we know it?
“Depending on the outcome of an important conference taking place now in Dubai, a lot of things could happen in 2013,” says Sean Sullivan, Security Advisor at F-Secure Labs.That event, the World Conference on International Telecommunications, could have a major impact on the Internet as we know it. “The Internet could break up into a series of smaller Internets,” Sullivansays. “Or it may start to be funded differently, with big content providers like Facebook and Google/YouTube having to pay taxes for the content they deliver.”

The WCIT event is a meeting convened by the International Telecommunication Union (ITU) to finalize changes to the International Telecommunications Regulations treaty. In attendance are regulators representing governments from around the world, not all of whom are interested in Internet freedom. There is concern that some regimes would want to shift control of the Internet “from the geeks, and give it to governments,” as Sullivan puts it. New measures are also being proposed in the name of Internet security that privacy advocates suggest would mean the end of anonymity on the Internet.

2. Leaks will reveal more government-sponsored espionage tools
“It’s clear from past leaks about Stuxnet, Flame, and Gauss that the cyber arms race is well underway,” says Mikko Hypponen, Chief Research Officer at F-Secure Labs. While we may not always be aware of nation-states’ covert cyber operations, we can expect that governments are more and more involved in such activity. In 2013, we’ll most likely see more leaks that definitively demonstrate this, and from countries who haven’t previously been seen as a source of attacks. As the arms race heats up, the odds of leaks increase.

3. Commoditization of mobile malware will increase
The Android operating system has solidified in a way that previous mobile operating systems haven’t, extending from phones to tablets to TVs to specialized versions of tablets. The more ubitiquous it becomes, “the easier to build malware on top of it and the more opportunities for criminals to innovate businesswise,” Sullivan says. Mobile malware will become more commoditized, with cybercriminals building toolkits that can be purchased and used by other criminals without real hacking skills. In other words, malware as a service, for Android.

4. Another malware outbreak will hit the Mac world
2011 saw scareware called Mac Defender, and in 2012 Flashback took advantage of flaws in Java. The Labs predict 2013 will bring another Mac malware outbreak that will have some success within the Mac community.

“The author of the Flashback Trojan is still at large and is rumored to be working on something else,” Sullivan says. “And while there have been smart security changes to the Mac OS, there’s a segment of the Mac-using population who are basically oblivious to the threats facing Macs, making them vulnerable to a new malware outbreak.”

5. Smart TVs will become a hacker target
Smart TVs are plugged into the Internet, they’ve got processing power, and since they typically aren’t equipped with security, they’re wide open to attacks. Adding to their vulnerability is that unlike home computers, many smart TVs are directly connected to the Internet without the buffer of a router, which deflects unsolicited traffic. Also, consumers often don’t change the factory default username and password that have been set for web administration, giving easy access to hackers.

“It’s very easy for hackers to scan for smart TVs on the Internet,” says Sullivan. “When found, they only need to use the default username and password, and they’re in.” 2012 already witnessed LightAidra, a breed of malware that infected set top boxes. 2013 could see smart TVs being used for such purposes as click fraud, Bitcoin mining, and DDoS attacks.

6. Mobile spy software will go mainstream
2013 may see a rise in popularity of tracking software, and not just for parental control purposes. There has already been growth in child safety apps that monitor kids’ activities, for example, their Facebook behavior. “Of course this kind of software can also be used to spy on anyone, not just kids,” Sullivan says. “The more smartphones there are, the more people will be seeking out software like this – to find out what their ex is up to, for example.”

7. Free tablets will be offered to prime content customers
Tablets and e-readers are all the rage, and more and more often in closed ecosystems such as the iPad with iTunes or the Kindle with Amazon. As the Kindle price keeps dropping, the Labs predict that 2013 may bring a free e-reader or tablet for prime customers of companies who charge for content, like Amazon or Barnes & Noble. “Closed ecosystems are more secure, but you have to trust the provider to protect your privacy,” says Sullivan.

For ongoing analysis from the F-Secure Labs, follow News from the Lab.

Share this

85% of people who bank online are afraid of conducting transactions via public PCs or via open wireless network because of 21st century bank robbers.

Share this

However, this convenience serves only as further motivation for cybercriminals targeting unassuming shoppers as they use search engines to find gifts for their loved ones. Google search results for products often include links to ‘poisoned’ sites, or malicious websites that can infect an unsecured computer or smartphone with viruses, worms and other malware, putting one’s personal and financial information at risk.

The more popular an item is, the more likely it will attract a dangerous search result, which could lead to malware or an unreliable merchant. Here are the products we anticipate will be targeted by cybercriminals this holiday season:

1. Nintendo Wii U – Available as of this past weekend, the Wii U is expected to be a big seller like the original Wii, which was sold out for nearly an entire year after its launch
2. Kindle Fire HD – Tablets are all the rage right now, and a $199 sets this 7” to sell big, with some predicting that the Kindle Fire HD will outsell the iPad mini by two to one
3. iPad mini– This budget-friendly Apple tablet is flying off the shelves, with it taking just minutes for the white iPad Mini to sell out at its initial launch
4. Hot video game titles – New titles like Halo 4 and COD Black Ops 2 are shattering sales records. In fact, Halo 4 raked in $220 million in its first day on the shelves
5. Pre-sale tickets for The Hobbit – Scheduled to come out December 18, pre-sale tickets for this great stocking stuffer are already going fast
6. Windows 8 Certification–With the launch of Microsoft’s Windows 8 software has come a flurry of interest in computer monitors and PCs that boast certification rights
7. iPhone 5 / Samsung Galaxy 3– It is predicted that this December quarter, Apple will sell 46 million iPhones, and with retailers already advertising Black Friday deals of nearly 75 percent off on the Samsung Galaxy 3, both smartphones will be in demand
8. Touchscreen gloves – We expect the overall demand for touch devices to drive the sale of related accessories
9. Furby – Remember this furry little creature that created utter chaos back in the 90’s – well he’s all any kid can talk about for this holiday season
10. Breaking Dawn DVD– With Breaking Dawn 2 experiencing a $30.4 million opening, the first Breaking Dawn DVD and other Twilight movies will be popular stocking stuffers

Here are three tips from F-Secure to ensure you stay safe while shopping online this Cyber Monday, and throughout the 2012 holiday season:

• Visit retailers’ websites directly if possible (e.g., www.amazon.com vs. searching ‘Amazon’ on Google)
• Use Internet security software that features browsing protection (or check links with F-Secure’s free Browsing Protection)
• Always check a site’s URL before making any purchase (look to make sure you’re at the correct online store and that the page URL begins with https://, which means it’s secure)

For more advice on staying safe online, including our tips for protecting credit card information while online shopping.

F-Secure’s list of the ‘most dangerous gifts’ was compiled based on market analyst data and gift list inclusions. An analysis of Google Trends has shown items on this list are positioned to spike in search volume during this holiday season.

Cheers,

Sandra

Share this

This is a guest post from Klas, an F-Secure expert. Enjoy!

You read about it in the news all the time these days: “Zeus Banking Trojan steals $1 million from U.K bank accounts”or “SpyEye: New PC virus steals your money!”

More and more people are doing their banking online and criminals go where the money is. It is clear that malware designed to steal money from online banks has become a real and actual threat.

Creating  banking trojans, unfortunately, is now pretty easy. There are ready made toolkits that criminals without the technical know-how can buy in order to create their own variant. A few clicks and the criminal has created his own personal piece of nastiness, designed to steal money from specific banks or accounts. Malware-as-a-service as our own Mikko Hyppönen put it.

So what exactly is a Banking Trojan? As with any other Trojan, it is a program that has been installed to your computer one way or another without you knowing its real purpose. Once there, it simply waits quietly in the background until you access your online bank. It will then start recording the information that you enter and send it back to criminals. It can now do automatic transactions in the background or alter the information that you see in order to buy time for the attacker to use your bank credentials for fraudulent transactions. Once the criminal has gotten your bank details there is no knowing what he or she can do.

So how to you protect yourself?

Here are 4 ways to make sure that when you bank on your PC, it’s as safe as it can possibly be.

1. Keep your operating system updated.
Think of your operating system as the walls around your house that keeps developing holes. Luckily, the maker of the wall will keep patching the holes. All you have to do is update your system software. You can do this on your Windows PC by going to windowsupdate.microsoft.com. On your Mac, you can go to the Apple menu and selecting “Software Update.”

2. Keep your software updated.
The programs on your PC also develop vulnerabilities that need to be patched or you may allow criminals a foothold into your life. You can update each application individually or you can use our free Health Check, which checks all of your major applications and your operating system to make sure they’re patched and protected.

3. Don’t click on links in emails from your bank.
It’s a good idea not to click on links in an email unless you specifically asked for it, such as a password refresh. A common practices is to spoof a bank’s look and send a scam email to thousands of recipients hoping to find a few that use the bank. You can avoid this by going to your bank’s site directly and calling them if you have a question.

4. Use Internet Security that has banking protection.
F-Secure’s Banking Protection automatically detects when you’re visiting an online bank. It notifies you that additional Banking Protection is enabled and adds an extra layer of security by only allowing access to banks or trusted sites that are necessary to do online banking. All other new connections will be prevented. In other words, there is no possibility for the attacker to get your bank details. Once you’re finished with your online banking, you simply end the Banking Protection mode and everything is back to normal. Sort of like unbuckling your safety belt when you’ve reached your destination. And no extra apps, plug-ins, or special browsers are required.

Banking Protection is a part of F-Secure Internet Security 2013 and works together with all the other security layers. All existing users of F-Secure Internet Security 2013 will receive Banking Protection as an automatic update in the first quarter of 2013, and those who do not want to wait can download the update now.

You can find out more about our new Banking Protection here.

We hope you enjoy the protection!

Image credit: MoneyBlogNewz

Share this

Browse more infographics.

From jet packs to underwater cars, Bond movies have featured some technology that’s more fun than practical–at least so far. However, mobile phones and fingerprint security devices also turned up in Bond films before they existed in real life.

What’s your favorite Bond movie gadget? Let us know in the comments.

Share this

Keeping up with these changing tactics is a job for the F-Secure Labs—not you. But there are some basic precautions you can and must take so that way the expert virus hunters know can be used to protect your company’s irreplaceable assets.

1. Never reuse your work passwords for personal accounts.
You need to make sure your work passwords are strong, reasonable for you to remember and unique! The last thing you want is a Facebook or webmail hack to lead to a compromise of your work network. Also avoid using your work email for personal accounts.

2. Use a separate browser for work and web browsing.
This is good for both focus and security reasons. If you do any banking for work or use any secure credentials do it all in one browser such as Chrome or Firefox. Then use another browser for research or personal communications to minimize the chances of compromising your company data.

3. Always lock your PC when you’re not in front of it.
This piece of advice almost goes without saying but we have to remind you that an unlocked PC should be thought of like an open wallet. You probably wouldn’t ever walk away with that in plain sight, would you?

4. Make sure you’re running the latest versions of all your software.
Yes, that’s all your software, like operating systems, plugins such as Flash and Java, Microsoft Office and any browsers in use – not just security software. However, keeping up with software updates can be a time-consuming, costly process. Our new Software Updater feature makes this easy.

5.  Be sure your organization has solid security product coverage on all layers of your IT environment, from laptops and desktops to servers and mobiles.
In case you’re unsure of how to stay protected or lack the resources for it, find an expert who can guide you through security issues and knows the dangers out there.

We believe that keeping your organization secure doesn’t have to be time consuming or difficult. With the right solution and the right partner, you can devote your time and resources to your commercial priorities – without compromising on security.

Cheers,

Emma

Share this

President Ilves was recently named by TechCrunch one of 20 Most Innovative People In Democracy 2012. He and President Barack Obama were the only two elected leaders on the list. They called Estonia, ” the most technologically advanced democracy on Earth.”

Why? “…citizens vote online, enjoy universal access to medical records, and can perform most government services without leaving their laptops (Estonians filed their taxes online long before it was popular in the U.S.).”

As a result cyber security is a constant concern and an area the president understands well. Tallinn, Estonia is the home of the NATO Cooperative Cyber Defence Centre of Excellence.

Our Vice Preside of Consumer Security Maria Nordgren briefed the president about F-Secure and then our Chief Research Office Mikko Hypponen presented on cyberthreat landscape as seen from the F-Secure Labs.

Stuxnet, Flame, cyberwarfare and all the risks that countries face online all came up in the discussion that went on for hours. The president visited the famous F-Secure Labs.

In the President Ilves tweet documenting the visit he noted that he spent more time discussing cyber security with Mikko than he did meeting with the president of Finland.

This looks to be the beginning of a beautiful friendship.

Share this

As we prepare for the holiday season, we thought we’d review a few smart tactics to make sure that the only one who is spending your money is you.

1. Make sure your PC is patched and protected.
This is a standard piece of advice we always share but it’s especially crucial for people who rely on their PC for their financial transactions. Keep your PC updated with the latest system, application and security software. Our free Health Check makes this easy. With an updated and protected PC, you’ll avoid more than 99% of the trouble you might face online.

2. Go directly to the site
When you’re shopping online, it’s always best to stick to retailers you know and trust. Go to the site directly and search there. Avoid clicking on links in your email to go to a store or your bank so you don’t end up at a scam site. If your bank contacts you with a problem, go to the site on your own, or just pick up the phone and give them a call.

3. Look for the “s” in “https:”.
Only enter your information in if you see that extra “s” in your URL. It stands for secured and it’s an extra layer of protection that keeps your account information private.

4. Shop and bank when you’re secure.
Only shop when you know you’re on a network and a PC that’s protected. A computer in an Internet cafe may have a keylogger that tracks your credit card number or password. An open “free Wi-Fi” network, may be convenient. But it’s also risky for shopping or banking. If you use your smartphone or tablet to shop or bank, make sure you have security software on it that includes anti-theft protection that will you allow you to deactivate your device if you lose it. That way when you lose your phone you don’t lose control of your money.

5. Check your accounts.
Try to limit your online shopping to one credit card, and make sure you check that account on a regular basis. Make it a weekly chore to check your account statement and your bank account. Then you’ll be ready to contact your institutions as soon as you notice a problem. The longer a criminal has access to your account, the more trouble they can do–of course.

With these few precautions, you can worry less about your security and more about what you’d actually like to buy.

Cheers,
Sandra

Image credit: Images_of_Money

Share this

This is a guest post from Karmina, an expert from F-Secure Labs. Enjoy!

Little is known about the team in the F-Secure Labs that focuses on tracking down threats. Usually, those contacting the Labs are looking for solutions such as detections and removals. Though mostly working in the background, I’m proud to be part of that team that deals with preventing threats from infecting further.

Proactive protection is my daily mantra. The usual question that I ask when analyzing a threat is where did it come from? If we are able to determine the source and block it from there, then it won’t proceed to infect your computer. My job is to spot threats and track down their possible sources, from social networks to email spams to application stores. Then I need to understand the threat’s behavior and how it spreads. They usually leave distinct trails and have certain characteristics that make them identifiable. It’s fun, in the sense that I feel like I’m a detective trying to uncover something. It’s like building a puzzle where I examine the pieces and put them together to see the bigger picture.

In the Labs, teamwork is important. I provide the information that I gather to other teams so they can build solutions such as website ratings, detections, and removals. We work together toward a common goal: to protect you and provide online safety. From blocking malicious URLs that push information-thieving wares into computers, to scouring application stores worldwide for Trojans disguised as interesting apps, we try to catch them all and protect the users.

Considering that I didn’t plan to get into this field, I’d have to say that I enjoy doing this. Due to constantly evolving threats, I learn a lot of new things daily. I feel fulfilled when I uncover a mystery. I’m glad I ended up in the online security field. My career is also why I’ve had the chance to live in three different countries. I get to see the world while doing interesting work. All in all, not bad!

Share this

We started off by asking Emma what it is she likes most about her job.

“It’s quite difficult to pinpoint one single thing that I most enjoy at work,” she told us, “since one of my favorite things about my job is the variety of tasks. However, one of the best parts of my job is definitely creating content. Telling stories is fun, and I hope that we also succeed in communicating in ways and about topics that are relevant and of interest to our target audience.”

That audience is made up of F-Secure partners —some of the best and brightest business minds around the globe.

Like many of us at F-Secure, Emma enjoys the unique opportunity to work with and around some of the world’s foremost experts in digital threats.

“During my time at F-Secure, I have had the chance to learn not only a whole lot of new things about marketing, but also about the industry and the threat landscape,” she said.

Her job also puts her in touch with the current challenges that exist in securing the workplace.

“There’s no single threat that most affects businesses,” she told us. “Rather, organizations of all sizes are affected by cyber crime in all it’s different forms and variations, but one clear purpose: to steal money and confidential data. Even small businesses are increasingly becoming the target of these attacks, as many of them lack the resources and expertise to protect their irreplaceable assets.”

The threat landscape is always evolving but one aspect that is increasingly scary to businesses is software vulnerabilities.

“Recently, we’ve seen an increasing amount of attempts to gain access to a computer through vulnerability exploitation – the art of finding a security hole in any software and using that as a way to infect the machine. Vulnerabilities in Java and Internet Explorer have been all over the news, and criminals haven’t left these opportunities unused.”

She pointed out a perfect example of this. @TimoHirvonen from the F-Secure Labs recently posted an example of just how quickly a criminal can go from vulnerability to exploit. It’s scary.

That’s where F-Secure comes in, of course.

Emma explains: “Our portfolio covers a whole range of customer needs, from organizations willing to manage their solution on their own to a fully outsourced solution where IT security is managed by a trusted partner. We protect all layers of the organization from desktop PCs, laptops and mobile phones to file servers and email servers. In addition, our advanced management tools make it possible to monitor and manage a network.”

F-Secure was the first security company in the world to offer security as a service. Many businesses find that by relying on us for the best protection in the world doesn’t just save them time and money. It frees them up to concentrate on what matters most.

“Security as a Service has proven to be a success and it is increasingly popular among businesses. Outsourcing security to a partner means worry-free and reliable protection that is always backed up by F-Secure’s world class technology,” Emma told us. “When professionals take care of security, you can focus on your core business. Security as a Service is a great solution especially for those businesses, large and small, that don’t have the necessary expertise.”

How can F-Secure affect your workplace?

“Ensuring high-quality protection ensures uninterrupted work and keeps an organization running. Actually, the challenge with security is that it is only noticed when something negative happens,” she said.

But for Emma, security that works best is security that you don’t notice.

“Security is paramount for business but it should not come at the cost of usability. Our objective is to offer our customers the best protection without unnecessary impact on performance or distraction.”

When this happens everyone performs better.

“At best, IT security can improve productivity,” she said. “Think about email, for example. Email is a vital business tool for companies, but spam email traffic can reduce employee productivity and burden the IT infrastructure. Effective and accurate virus and spam filtering saves internal network bandwidth and increases productivity.”

Most businesses have had email security in mind for years but forward-thinking businesses are thinking ahead. Optimal software performance prevents online crime and keeps businesses functioning optimally when it matters most.

“Another example could be updating software. Keeping software up-to-date fixes holes in security,” Emma told us, “but can also keep software and applications running smoothly and reliably during critical times.”

For business, those critical times are the last moments when you want to think about security. And that’s why Emma and F-Secure are here, so you don’t have to.

Share this

This link almost inevitably leads to something you don’t want–a phishing scam or a malicious page.

There’s one way to avoid this problem complete: Don’t click on links people send you via Direct Messages on Twitter.

But is there a larger message here, something that extends beyond Twitter? Sure!

Don’t click on that link in an email from your “bank.” Don’t click on that link on Facebook that promises an outrageous video. Don’t click on that link that screams “FREE!” In this era of shortened and spoofed URLs, you can’t be sure where any link will take you.,

It’s always best to go directly to your bank or financial institution’s site or Google for videos or images related to the hottest scandal. Nothing is a hundred percent reliable but you’re adding a layer of protection.

If you really must click on a questionable link, check it with our free Browsing Protection first.

Cheers,

Jason

Share this

He’s known for being a code warrior, writing fantastic tweets and tracking down the makers of the world’s first PC virus:

And as you can see in that video, he’s also known for his ponytail.

Yesterday, Mikko did something no one expected — he cut that famous ponytail off.

Why? For a good cause, of course. Mikko’s ponytail was auctioned off for $2,000 and the proceeds went to a children’s cancer hospital.

Cheers to you, Mikko, though we hardly recognize you now.

Sandra

Share this

Consumers are adopting these technologies just as quickly. According to F-Secure’s 2012 global consumer survey, 45% of consumers are already using smartphones to access the Internet, 18% are using tablets and 10% smart TVs. And the numbers are increasing all the time.

You might say that these developments are finally heralding the era of ubiquitous computing. But it’s important to remember that the attackers will follow the users. That’s why having up-to-date protection on all your devices is as critical as ever.

To that end, the newest version of F-Secure Mobile Security offers universal Android protection – for all your Android devices, even your smart TV or set top box. Smart TVs are a new frontier for threats from cybercriminals, so it’s reassuring to know that our solution is there to protect as the technology develops and the threats grow.

Share this

Do you have Java plugin in your browser? You’re vulnerable. Unless you run J2SE 1.x from the 1990s. And you shouldn’t. seclists.org/fulldisclosure…

— Mikko Hypponen (@mikko) September 26, 2012

Java plug-in vulnerabilities haven long presented opportunities for online criminals. In December of last year, Mikko wrote, “Do you need Java in your web browser? Seriously, do you? If not, get rid of it.”

How do you get rid of the Java Plug-in? Our Labs has made a helpful guide for the following browsers:

• Mozilla Firefox
• Google Chrome
  
• Apple Safari
  
• Microsoft Internet Explorer

Seriously, take Mikko’s advice and disable it now. And if you need to use it again, just disable it when you’re done.

Cheers,
Jason

Share this

My name is Timo Hirvonen and I work in the F-Secure Labs as Anti-malware Analyst. I have two major areas of focus in my work: exploit prevention and F-Secure DeepGuard.

Exploit analysis and prevention is my passion, and I love the challenge it offers.

I find fighting against exploits important; nowadays exploit kits are the main infection vector so no matter how safely and wisely you browse you might still get infected. By stopping the exploits, we block the attacker from executing any code on the victim’s computer, which in turn protects against many kinds of threats: ransomware, banking trojans – you name it.

The second cool part of my job is working with the F-Secure DeepGuard technology. I try my best to make sure it offers our Security Response the best possible tools to fight current and also future malware. The main idea behind DeepGuard is simple but extremely powerful: it monitors the behavior of unknown applications. Modern malware evolves quickly, and often each user gets infected by a unique copy of the malware. This poses a challenge for traditional detection technologies.

For DeepGuard, however, this is not a problem since there is one trait that all malware have in common: they exhibit malicious behavior. It is really an awesome technology, and we have had great results in protecting our users from serious threats like the infamous banking trojan Zeus.

Working in the F-Secure Labs was a dream of mine even as a teenager. I have now been with F-Secure for little over two years, and I can say it feels great to first work hard with all the talented the people in the Labs to solve some challenge, and then get the reward of seeing the fruit of your labor protecting all our users out there.

I can truly say that my job is a dream come true.

You can try out Deep Guard as part of our Internet Security 2013.

Share this

UPDATE: Microsoft has issued an update to secure Internet Explorer. Our Internet Security 2013‘s Browsing Protection keeps you safe on any browser you use.

Microsoft is warning about a vulnerability in its Internet Explorer browser that is actively being exploited to inject the Poison Ivy Trojan.

No simple update is available and the fix Microsoft suggests is complicated. The flaw is only in Internet Explorer versions 9 and earlier. Internet Explorer 10, which is bundled with Windows 8, is not affected.

For this reason, F-Secure Labs is currently recommending that you avoid using Internet Explorer. “We know that this vulnerability has been used by criminals,” Mikko Hypponen, F-Secure’s Chief Research Officer said. “The only secure way to use the internet is to change your browser.”

Our Labs blog suggests, “You can take a pick from Chrome, Firefox or Internet Explorer 10 for now.”

Image by hashir.

Share this

THIS SWEEPSTAKES IS NOW CLOSED: Please ‘like’ our Facebook page for more sweepstakes and Internet security tips.

We know that what we protect is more than information on your hard drives. It’s the precious memories in your digital images and videos. It’s the peace of mind that comes with knowing your personal and work documents are secure. It’s the security of knowing that your credit card will work the next time you use it, and there won’t be any strange charges on your next bill.

To celebrate the launch of F-Secure Internet Security 2013 and how we protect you, we’re giving away an HP Pavilion Laptop g6-1d80nr 15.6 inch laptop protected by Internet Security 2013.

All you have to do is answer the following question in the comments of this post: What on your computer do you care about protecting most?

Is it a specific photo, a game, a video, a file? Be as specific or general as you’d like to be.

Just read the rules for this sweepstakes and post your answer below for your chance to win.

Cheers,

Sandra

Image by Bob West.

Share this

It all starts inside the F-Secure Labs in Helsinki, Finland and Kuala Lumpur, Malaysia. Our security analysts spend endless hours investigating the digital landscape to guarantee immediate reaction to new and emerging online threats with frequent updates. Our Labs receives tens of thousands samples every day. Thousands of those are suspicious — trojans, worms, ransomware, etc. Their constant investigation and dissection of malicious software ensures prompt and effective response to all outbreaks.

At this moment, samples are being collected from Moscow, Russia, Birmingham, England and Riverside, USA. And these are just a  tiny fraction of the samples that will be tracked today. You can follow the F-Secure’s real-time sample activity here and see the suspicious samples we’re processing now.

F-Secure products are the result constant collaboration. Our R&D team keeps F-Secure ahead of the curve, offering best technology to face the newest threats. Our UX team keeps our interface welcoming and intuitive. Last but not least, our Customer Care is there to support you when you need it most.

We will protect you, right now, whenever you’re online. Our flagship product, F-Secure Internet Security 2013 is out now and it gives you the best protection for your and your family’s online life.  You can try it for free for 30 days here.

If you’re already have a license for F-Secure Internet Security, you can download Internet Security 2013 here.

Share this

Mikko Hyppönen believes that nation states are using these complex, difficult-to-detect malware to attack each other. Cyber warfare has become a viable option, often preferable to conventional warfare or diplomacy. “Just like modern hi-tech research revolutionized military operations over the last 50 years, we are going to see a new revolution, focusing on information operations and cyber warfare,” Mikko writes in his introduction to the report. “This revolution is underway and it’s happening right now.”

What else in happening in online security? Real threats to owners of Apple computers. Flashback was the first massive malware outbreak on the Mac OS X platform. It infected more than 600 000 Macs around the world.

Several of policed themed ransomware attacks have appeared around the globe, and they’re expected to get increase. Simply put this malware type employs extortion techniques to make money out of the victims. It takes control of the user’s computer, then leverages the victim’s surprise, embarrassment and fear to push them into paying the ransom demanded in order to regain control of their files.

At the F-Secure Response Labs in Helsinki, Finland, and Kuala Lumpur, Malaysia, security experts work around the clock to ensure customers are protected from the latest online threats so F-Secure Internet Security will give you the best possible protection.

You can download the full report  from the Labs section of our site.

Share this

Our Chief Research Officer Mikko Hypponen recently sat down for a brief discussion on online crime. Below are five of the most important things he explained about online crime and what you can do to prevent it.

1. There is no geography online. You’re as likely to be a victim of a criminal from across the globe as across the street. It is as if the Internet has given free plane tickets to criminals all over the world.

2. It’s probably more likely that you’ll be a victim of crime online than in the real world.

3.There are three groups responsible for most online threats: criminals, hacktivists/online activists and governments. They all have different targets. Criminals target everyone, often in search of credit card numbers. Hacktivists are trying to send a message or play a joke and are difficult to interpret or defend against. Governments generally target other governments.

4. There are precautions that make using the Internet is usable: always back up your files, keep your software patched and always have security software running.

5. Despite online crime, the Internet is still responsible for much more good than bad. That’s why we must protect it.

Cheers,

Anna

Share this

Most mobile malicious software comes from third-party or unofficial markets.  The 5033 malware samples analyzed by the labs between April 27 and June 27 of this year included the first ever mobile malware in the wild that uses the highly effective “drive-by download” method. If an Android device was configured to allow installations by unknown sources, this malware—called Trojan-Proxy:Android/NotCompatible.A—downloads and waits to be installed. If the user is tricked into installing the file by the software’s name, which includes “update,” “security” or both, the device becomes part of a bot network.

Websites aren’t the only new way to infect Android devices. Twitter, the mini-blogging phenomenon that has flourished on mobile phones, is being used as a method of infecting mobile devices. New malware variant Cawitt.A accesses a Twitter account to get a server address, which it maintains contact with. When it receives instructions, the malware sends out SMS messages to certain numbers, and forwards data on the device’s International Mobile Equipment Identity (IMEI) number, phone number, and Android ID to the server.

Of the variants discovered this quarter, 39 were profit-motivated. This matches a peak reached in the third quarter of last year and speaks to why mobile malware is advancing. Authors are finding new ways to use target users including attacks that target specific regions. In Spain for instance, there were several reports on banking-related attacks, which offer the promise of major monetary reward for the most sophisticated online criminals.

Have we reached a point in time when using an Android without mobile security software is as unthinkable as surfing the net on an unprotected PC?

Cheers,

Jason

Share this

The US government had kept hundreds of thousands of Internet users infected with DNSChanger online. And they announced they would stop doing so, rendering many with a connection they could not use. How many users would be affected? A few hundred thousand. OH, NO!

Well, the event came and went and no one seemed to notice. The education spread by the security industry, operators and the news media had been enough to keep the consequences to a minimum. Maybe the computers that were affected probably weren’t being used? Maybe the affected users have no way to complain? Not likely in this connected world. But in the end, only a few hundred thousand machines were affected. A drop in the bucket.

But later the same week came news of leak of over 450,000 Yahoo! passwords. Again alarm bells went off. Some of the same people who were pointing out that DNSChanger only affected a drop in the huge Internet bucket were now informing all users everywhere of a huge security problem. Maybe because so many millions of users have had a Yahoo! account at some time this story seemed even bigger than it was.

The fact is that both of these events were a big deal to those affected. But not many people were affected, percentage wise.

For the great majority of Internet users, the scares reported on the news are just that: scares. However, if you follow a few precautions, most of those scares will never affect you. So what do you actually need to worry about? Here are 3 big things.

1. Passwords.
Use strong and UNIQUE passwords for each account you really care about. We recommend this system. Never use the same password for your work and home accounts. Never use a password that any friend or family member can guess—or a word that appears in a dictionary.

2. Keep your system updated and protected.
Updated system, application and security software are your best protection from most threats. Unless you are a systems administrator for a country that builds nuclear weapons, this will protect you from 99.9% of the attacks you might face. Our free Health Check makes keeping your PC patched and protected easy.

3. Think before you click.
Never click “install” or “run” on any software you did not seek out. Never click on a link in an email, even on your phone; they can be as dangerous as attachments. Go to the site directly instead. And if a link on a website or a social network seems too good to be true—if it’s super sexy or gossipy or offers something for free—assume that it is too good to be true.

We’ll keep you updated on odd threats as they come up. But with these basic precautions you can expect to connect easily whenever and wherever you want.

Cheers,

Jason

[CC image by Anonymous9000]

Share this

That means: Unless you purposely set out to put a new program on your computer, don’t click “install”, “run” or “continue“.

This rule is increasingly important in a world where the malware is being socially engineered to cause you trouble. Take this recent case from the F-Secure Labs where a web exploit can tell if you’re using a Windows, Mac or Linux PC. Once installed it knows exactly what trojan to install and it connects back to its source to find more malicious code.

How do you avoid getting bad software trying to install itself on your PC?

Kreb’s Number Two Rule will help you with that: “If you installed it, update it.”

The software on your PC is as only as secure as its latest update. Your job is to make sure that you keep up with the updates for your system software and all the applications you use. Our free Health Check makes that easy on Windows PCs.

Of course, we also recommend that you run updated Internet security software. Our Browsing Protection will block most of the sites with harmful payloads. You can try F-Secure Internet Security free.

Share this

Who will be affected?
Around 300,000 computers around the globe are still part of a botnet called DNSChanger. The botnet altered DNS server settings on the infected computers to conduct click-fraud schemes. Last year the FBI and Estonian authorities arrested the gang behind DNSChanger. Since then, US Courts have authorized running “clean” servers for infected IP addresses. And those servers are set to be turned off on July 9th.

Am I infected?
Probably not. But go to http://www.dcwg.org/detect/ and find out now.

See, we told you that you probably weren’t infected.

On the odd chance you are, you can use our free tool to reset your settings. You should do this now even though the courts are likely to extend the servers for a bit longer. Why now? If you’re infected your computer is a “zombie” and vulnerable to new infections. And these new infections won’t be run by a court in the United States.

For more about DNSChanger visit the F-Secure Labs blog.

Cheers,

Anna

[CC image by Brad Montgomery]

Share this

Now iPhone is battling Android to be the most popular smartphone platform in the world.

F-Secure Labs received one of the first iPhones to make it to Europe. Chief Research Office Mikko Hypponen immediately tested it to make sure it could handle a Finnish winter.

As you can see, the iPhone survived and thrived. And on the five-year anniversary of its release Mikko decided that Apple deserved a little congratulations.

iPhone is 5 years old today. After 5 years, not a single serious malware case. It’s not just luck; we need to congratulate Apple on this.

— Mikko Hypponen (@mikko) June 28, 2012

Despite the fact that just about every version of its OS has been opened up or “jailbroken” by users, there has not been one piece of malware that has been able to successfully infect unmodified iPhones. If security is the “art of making nothing happen”, Apple’s iPhone security has been a work of art. And they’ve done it with strict controls of applications via their own app store.

However, some experts disagreed with Mikko’s assessment—including our own Security Advisor Sean Sullivan.

@mikko And yet… there’s FlexiSPY. No version of XProtect for iOS, and Apple won’t allow security vendors access. I’ll withhold my congrats.

— Sean Sullivan (@FSLabsAdvisor) June 28, 2012

Let’s break Sean’s response down. FlexiSPY is malware that was written for “jailbroken” iPhones. XProtect is describing the built-in feature in Apple desktop operating system starting with Snow Leopard that scan files to see if they are malicious.

His last point is a major grievance that security experts like Sean and Mikko have been airing for a long time. Apple will not work with vendors like us so that we can provide additional, optional anti-virus protection. Realtime anti-virus would be an essential layer of protection in the case of a malware outbreak.

But Apple has five years of success to counter that argument.

One thing for sure is that you cannot use your iPhone believing you’re magically free of all threats. You’re just as likely are more likely to be victimized by a phishing scam, as we’ve learned to accept dodgy-looking mobile sites on our phones.

Your kids can also get into trouble by accessing content or people you can limit on your phone. That’s why we released F-Secure Child Safe for your child’s iPhone or iPad. It’s our first iOS app and we’d love for you to check it out.

Was security a big concern when you picked out your phone? Let us know in the comments.

Share this

To request an invite you have to tell us a bit about yourself and your computer experience. The point isn’t to make your life difficult. We just want to make sure that we find people who will really use the software and give us feedback on how to make it even better.

This year’s update includes several new features we’re proud of. Internet Security 2013 Beta supports Google Chrome—the world’s most popular browser. Browsing Protection no longer depends on a browser plugin, offering better performance regardless of which browser you’re using. Deepguard, our behavioral engine, is improved and the Beta now uses the Windows firewall with more filters for extra protection.

If you’re the kind of person who loves to play with and possibly break new technology, we’d appreciate your time. Become a Beta tester. You get six months subscription to the product, a chance to influence the product and chance to win prizes—if you’re one of the best of best when it comes to providing feedback.

Thanks for your time and helping us produce the best protection possible.

Cheers,
Jason

Share this

F-Secure Labs has covered the recent discovery of the Flame malware, a cyberweapon that is being used to target very specific users for surveillance purposes. Unless you’re a nuclear scientist or the system administrator of a weapons developer, you’re not likely to be targeted by such advanced malware.

Still regular, everyday cyber criminals will take advantage of any sloppy mistakes you make while relaxing. So let’s get a few security precautions out of the way so you can have a good time.

1. Update your devices before you go.
Make your system software is updated on your PC, smartphone and tablet at home on your safe and secure network. A patched and protected system along with updated security software is your best protection against threats. (Our free Health Check makes that easy.) Avoid taking software updates while on the road, especially while using hotel Wi-Fi. Criminals have used faked updates on hotel Wi-Fi to infect users with malware. If you follow Krebs’s Number One Rule for Staying Safe Online–“If you didn’t go looking for it, don’t install it!”—you’ll be fine.

2. Back up your hard drives and put a remote lock on your phone.
Traveling with the only digital copy of irreplaceable data or media is not a wise choice. Before you leave your house, back up your devices hard drives. (If you don’t have a backup option, you can try our Online Backup for free.) You should also put a software on your phone that gives you the ability to lock a lost phone and erase it if necessary. (Our free Anti-Theft for Mobile does this for Android and Symbian phones.)

3. Use direct DSL or cable connection when you can; if not, use encrypted Wi-Fi with a VPN.
If free public Wi-Fi is your only option and you do not have a VPN, consider yourself watched. Try to use one-time passwords for services that offer them such as Facebook and Hotmail. Using free Wi-Fi or a public computer for shopping and banking is definitely not recommended.

4. Don’t click on links or attachments in email, especially from email you were not expecting.
This is a piece of advice from the Labs that we keep repeating because everyone knows the attachment but the link part is new. Links can lead to scams, which on your phone especially may look as official as any bank website.

5. Be careful about sharing your location.
Most of the fear about sharing location online comes from a very few examples of people being robbed by Facebook friends. The basic rule is don’t tell anyone online that you’re not home who you wouldn’t tell in real life. So you probably don’t want to broadcast your vacation on your public social networks. Why not use email—like we did in the olden days?

Using your devices to improve your vacation is not a problem as long, as you take a few precautions. You earned the chance to rest and relax so enjoy it.

Cheers,
Jason

[CC image by gavdana]

Share this

Online criminals know millions of us are bound to be obsessed with the Olympics. So they’re going to use our interest to lure us into doing dumb things we would not normally do.

Here’s what you can to do help avoid current event threats.

1. Be wary of any email or private message that includes attachments or links.
Everyone knows opening an email attachment you weren’t expecting is dangerous. However links in emails can easily lead to malicious attacks or scams. Be extra suspicious of any emails related to topical events and celebrities. If you must click the link, check it with Browsing Protection first. Also keep in mind that private messages in Twitter with links often lead to phishing scams. While these scams probably won’t lead to malware, they could end up with a very embarrassing spamming of all your friends and followers.

2. Keep your system patched and protected.
The Olympic-themed malicious PDF the Labs found relied on an exploit in older versions of Adobe Reader. Other attacks will use other exploits. This is why it’s crucial you keep your Adobe Reader, Java, browsers, operating system and security software updated. Our Health Check makes this easy on your PC.

3. If a message is about a current event or seems to good (or bad) to be true, pause for a moment.
If you are looking for information on breaking news use the Google News search when available. If you get an email from your bank or credit card company that seems odd, call your institution. If you get a message that says someone has been saying bad things about you, don’t click on the link. Because this is the Internet. Of course someone is saying bad things about you somewhere. Clicking on the link can only lead to bad things, like a scam.

Events like the Olympics bring the world together. With some savvy, you can enjoy the games without the trouble of a comprised computer.

Cheers,

Anna

Share this

Why has Chrome grown so quickly since it was first launched less than four years ago?

Our Chief Research Officer @Mikko Hyppönen has a theory: Security.

He gave this explanation at Google Zeitgeist 2012 on May 22:

Chrome is actually excellent in security senses. And I’m not saying that just because we are at a Google event.

Looking at real world statistics of people who surf the web and happen to visit a website that has an exploit kit waiting, users surfing with IE or Firefox have—in practice—a much higher risk of getting infected than users with Chrome. And I do believe that’s one of the reasons why Chrome bypassed IE in popularity globally just yesterday—after IE had been the number one browser in the world, Chrome became number one just yesterday.

Share this

(You can download the whole report here.)

1. A vast majority of mobile malware is targeting the Android operating system.
New families and variants of Android malware keep cropping up each quarter, and this trend isn’t slowing down. In Q1 2011, 10 new Android malware families and variants were discovered. A year later, this number has nearly quadrupled. 37 new families and variants discovered in the first quarter of 2012 alone. In the first quarter of 2011, 139 malicious Android application package files (APKs) were identified. In the first quarter of that number grew to 3063.

2. If Android users stick to official Google marketplace Play, they should be fine for now.
F-Secure Labs has seen a handful of examples of bad apps popping up in the official Android Marketplace, which has now become Google Play. But these examples are extremely rare compared to the thousands and thousands of good apps available. Apps that you haven’t found inside an official marketplace and begin installing themselves on your phone are much more likely to be malicious.

3. Mobile malware developers are after your money and they’re increasingly sneaky.
We’ve now reached the era where the bad guys believe there is money to be made by invading your smartphone. A vast majority of Android malware is now profit motivated. And with money on their minds, criminals tend to step up their game. Malware authors craft their infected or trojanized applications to defeat anti-virus signature detection. They distribute their malware in different application names, and trojanizing versions of widely popular applications including the most popular app ever to come out of Finland—Angry Birds.

What’s especially sneaky about today’s malware is just how well it can hide itself.

F-Secure Labs Security Advisor Sean Sullivan explains: “Today what we’re seeing are malicious Android applications that have bundled legitimate apps such as Rovio’s Angry Birds Space. First the malicious “wrapper” tricks and manipulates the user into granting permissions that allow the malware to subscribe to premium rate services. But then… the malware actually dos install a working copy of the promised game. At this point there is little to be suspicious of and nothing to troubleshoot. The user gets the game that he was promised.”

How long might a user go without knowing he or she is infected? That remains to be seen.

[CC image by keith.bellvay]

Share this

Now think about this: 57% of the mobile phone users we surveyed said their mobile phone contains more important information their wallet. MORE!

Over the last few years, our mobile phones have grown from a useful toy to our digital connection to world. Think about what’s on your phone’s hard drive. Your have your email, your phone numbers and contacts, texts. What else? You use it to bank, shop, enjoy apps and, in some places, even as your digital wallet.

F-Secure Labs has pointed how phishing scams are newly effectively on mobile phones. Bad apps, mobile botnets and spyware are no longer theoretical threats. Mobile malware that is designed to to seek make money grows more sophisticated all the time.

Is your phone as protected as it could be? Here are 5 ways you can secure your phone

1. Do not click links in your email.
Phishing scams are more powerful on mobiles and links can lead to scams or possibly even bad apps. You’d never click on an attachment from a stranger in your email. Think of links in emails the same way whether you’re on your phone or your PC.

2. For apps, stick to trusted marketplaces and vendors.
Apple’s walled garden method of approving all the apps in the iOS store has created a level of security that hasn’t been available on for Android users. There have been somewhat rare instances of bad apps showing up in the Android Marketplace, which is now Google Play. In general if you stick to the official marketplace, check reviews and research vendors you’ve never heard of, you’ll have a good chance of only installing safe apps.

3. Never install software you did not seek out.
Did you know QR codes can trigger an app install on your phone? The likeliest way you’ll get mobile malware is by installing it. So if any app asks to install itself without you intentionally seeking it out, immediately cancel if possible.

4. Lock your phone and put a remote wipe app on it.
Would you leave your open wallet lying around? You should always lock your phone the same way you lock your PC when you aren’t using it. For extra protection consider a remote-wipe software such as our free Anti-Theft for Mobile. It gives you the power to lock and erase your phone wherever you are.

5. Keep your system updated and get a quality security app if available.
You phone is a little computer. Old software can have vulnerabilities that can lead to mobile malware trouble. Take any software update your provider or phone manufacturers offer. And keep your apps updates. For the kind of protection for your mobile you’ve grown to expect for your PC, consider mobile security software. You can try F-Secure’s Mobile Security for free.

Cheers,

Jason

Share this

What do these trojans do?

Our Chief Research Officer Mikko Hypponen explains, “They lock up your PC, claim that it was locked by the police as you had illegal content on your system and demand a payment to open up the PC.”

So, yes. Your files are literally held ransom (which is a great reason to always have some sort of backup).

The Trojans have claimed to be representing Bundespolizei, New Scotland Yard and the United States Department of Justice. (@Mikko has posted the examples shown here.) Of course, they are actually representing online criminals.

This story has been misreported to suggest that POLICE are actually behind them. Maybe this speaks to our willingness to listen to anyone pretending to be an authority—since who among us hasn’t ended up somewhere online we probably shouldn’t have been?

But, no. Do not be fooled. Criminals are simply exploiting our fear of authority to extort money.

The best way to prevent infection is to keep your PC and your system software patched and protected.

If you do see a screen that resembles one of the examples shown in the GIF above and you are an advanced computer user, you can use our Ransomcrypt Decryption Script.

As much as we all might fear the police, online, it’s the bad guys who are usually out to get us.

Share this

Here’s what you need to do to secure your Mac:

1. Use our free tool that detects and removes the Flashback trojan.
Apple has not yet released a tool to remove Flashback. That’s why we’re offering this free tool that does two things very quickly. It detects Flashback and if you have it, it removes it. Follow the steps on the Labs’ blog now.

2. If you run an older version of Mac OS X, update to a current version.
Go to your Apple menu and select “Software Update”. If you can’t update to the most recent release, disable Java in your browser or uninstall Java. These instructions show you how to disable Java.

3. Consider a Mac antivirus.
Mac malware seems to come in fits. Check out this search of our Labs’ weblog to get a sense of how it’s becoming more common. You can hope that Mac’s control over the ecosystem will keep it relatively immune to malware in the future. Or you can take the same advice we offer for every computer you own, keep your system and security software updated. We, of course, offer an Mac Antivirus.

Cheers,

Jason

Share this

F-Secure Labs has laid out the steps to detect and, if necessary, remove the trojan. Advanced users should do that now. Start at step 1.

To prevent further infections, F-Secure Labs recommends all Mac users update, disable or remove their Java client plugin/installation. (Windows users, too. Actually. But for once, we’ll make this post almost entirely about Mac malware.)

How to Update or Disable Your Java in Mac OSX

Update
1. Go to the Apple in the upper left-hand corner.

2. Select “Software Update” from the menu.
3. The program will check for new software.
4. Update all of your software including Java.

Disable

Snow Leopard (Lion doesn’t come with Java by default)
1. In Finder, go to “Applications” folder.
2. From “Applications” go to “Utilities” to “Java Preferences”.
3. Uncheck everything in the General tab.

Safari
1. Open Safari.
2. From the Safari menu, select “Security”.
3. Uncheck “Enable Java”.

Chrome
1. Input the address “chrome://plugins“ into Chrome’s address bar.
2. Scroll down to “Java”
3. Click “Disable” for any instance of Java you see.
4. Use the same procedure to start using Java again, just click “Enable”.

Cheers,

Jason

Share this

This sweepstakes is now closed. Please ‘like’ our Facebook page for updates on more F-Secure news and promotions.

Congratulations to our winner, Earl.

For years, analysts predicted that all of our devices — PCs, laptops, DVD players, mobile phones — would merge into one all-purpose device that would handle everything we do digitally. Surprisingly we are seeing more and more that people are actually travelling with up to three devices — a phone, a tablet and a laptop. All three perform similar functions but provide vastly different experiences.

We’ve discussed the proper way to secure all your devices. So now we have a question for you: For mobile connections, do you use a tablet a mobile phone or both?

By answering this question in the comments below, you’ll be entered to win a Samsung Galaxy Tab 10.1 with F-Secure Mobile Security.

Just read the rules and post your answer in the comments below.

BONUS ENTRY: Want an extra chance to win? Click here and take our quick mobile survey then post the comment “SURVEY COMPLETED” in an ADDITIONAL comment below.

Thanks for your time,

Anna

CC image by 3 Sverige

F-Secure Internet Security 2012
MORE THAN MOBILE SWEEPSTAKES – COMPETITION RULES AND PRIZES

By entering the Safer Shopping Sweepstakes promotion you accept the Official Competition Rules and the Privacy Policy (http://www.f-secure.com/en_US/privacy.html).

If you do not accept these rules, please do not enter this promotion.

1. The sponsor of this promotion is F-Secure Corporation, located at Tammasaarenkatu 7, Po. Box 24, 00181 Helsinki, Finland (“Sponsor”).
2. The promotion will begin at 12:00 PM PDT on April 3 , 2012 and end at 12:00 PM PDT April 19, 2012.
3. This promotion is void where prohibited or restricted by law. No purchase is necessary to enter.
4. 2 prizes — Samsung Galaxy 10.1 16 GB with a retail value of $449.99 and 1 F-Secure Mobile Security with a retail value of $39.99 — will be given as prizes in this promotion at the close of the competition.
5. Only two (2) entries per person per Sweepstakes will be accepted. Each comment posted constitutes an entry. Further attempts made by the same person and entries generated by a script, computer programs, macro, programmed, robotic or other automated means will be disqualified.
6. The winner will be chosen randomly from the people who participated in the competition by commenting on the “More Than Mobile Sweepstakes” page. Sponsor will notify the winner via email. If the winner does not respond within seven (7) days, he or she will forfeit the prize and another winner will be randomly chosen. This prize is shipped to the winner within 45 days of the making successful contact with the winner.
7. The winners are responsible for any taxes associated with receipt of the prizes. Sponsor reserves the right to substitute the prizes with other prizes of equal or greater value if the prize is not available for any reason.
8. Odds of winning the prizes depend upon the total number of eligible entries received.
9. No purchase or software download is necessary to enter or win. Purchase or software download will not increase your chances of winning.
10. To enter, visit http://safeandsavvy.f-secure.com/2012/04/03/more-than-mobile-sweepstakes/ and comment on the post up to two times. To comment you must provide your email address, which will not be made public. Entries are the property of Sponsor and will not be acknowledged or returned. Comments made be edited by F-Secure without explanation. We are not responsible for the content posted or linked.
11. Any entrant who attempts to cheat or tamper with the More Than Mobile Sweepstakes shall be disqualified by the Sponsor’s sole discretion.
12. The name of the winner will be announced via the F-Secure Twitter channel http://twitter.com/FSecure, F-Secure Facebook page http://www.facebook.com/FSecure and F-Secure’s Safe and Savvy blog http://safeandsavvy.f-secure.com/ once the winner has been contacted. By entering, the entrant agrees that his/her name, country and/or picture can be published at F-Secure’s aforementioned channels if he/she wins.
13. By entering, entrants agree to release and hold harmless Sponsor and all of its representatives from and against any and all costs, expenses, claims, demands, proceedings, suits, actions and/or liabilities for any injuries, death, loss or damage of any kind arising from or in connection with i) the distribution of any prize, ii) entrants’ participation in and/or entry into the campaign, acceptance or use of any prize or unavailability of any prize. Prizes are provided “AS IS” without warranty of any kind from the sponsor.
14. Employees of Sponsor and family members of such employees are not eligible to enter.

© 2011 F-SECURE CORPORATION. ALL RIGHTS RESERVED.

Canon PowerShot SX130 IS

Share this

What is Ransomware?

It is malware that upon infection expands Internet Explorer to a full screen (F11). Ransomware then displays a message claiming to be from a local police unit. The message usually states that your computer has been used to browse sites containing child and animal abuse. It also might claim that your PC has been used to send e-mail spam on topics related to terrorism. Or you may be accused of piracy. Thus your computer has been locked until a fine is paid.

It’s scary and the Labs has seen it in Finland, Germany and various other European countries. As with all malware, if it works, it will end up all over the world eventually.

The Labs reminds you: “If your computer is ever compromised by Ransomware, do not pay anything to the malware authors.”

In almost all cases, paying the fine does not free up your computer anyway. Also remember that neither the Finnish police nor any other Police in the world uses Paysafe, Ucash, PayPal or any other prepaid billing systems for fines. If any message is demanding your credit card or any other payment method it is most certainly a scam and not legitimate government official.

How can you prevent ransomware?

1. Keep your PC updated with the latest system and security software. Our Health Check makes that easy.

2. Especially update your Acrobat PDF reader to the latest version, or switch to another PDF reader.

3. Update your Java runtime. Or, if you do not need Java, it is highly advisable to uninstall it. If you do need Java, at least consider disabling it within the browser when not in use. Or, switch to Google Chrome which will ask before Java is executed from unknown sites.

Cheers,

Anna

Share this

Here are a few precautions that will help protect you on all the laptops, desktop or mobile devices you use.

1. Keep your system and security software updated
This is a tip we always recommend for PCs. But it’s especially important on mobile devices and Macs too. Several important security updates have been included in recent updates of OS X. Our Mobile Security is available for Android, Symbian and Windows Phones. Research to find the best security for your device and keep it up to date.

2. Back up your device
A piece of content that exists only on one local hard drive is a piece of content at risk. Use some method of backup for your computers. If your phone has a backup capability enable it. If it’s available for your mobile, we recommend you use some remote lock software. Our Anti-Theft for Mobile is free. This way even if your device is out of your control, you can still protect your private data.

3. Get your software from a reliable source
For mobile phones, use official markets or vendors you know and trust. Never install software that suddenly appears on your computer or a mobile. You can give a criminal full access to your computer with the wrong click so take downloading and installing seriously. So don’t be afraid to take to cancel and research a product before installing it

4. Watch where you click, especially in emails
Most of us know never to open attachments we don’t expect in an email. But the links in an email can lead to a malicious site or a scam. Phishing scams have new power on mobile phones where we expect web pages to look strange and unfamiliar. Avoid clicking the links in emails you receive, especially from your bank. Go directly to the site you need to use or even call your bank directly if you have a question.

5. Keep your devices and accounts secure
Lock your computers and devices when you aren’t using them. And use a strong, unique password for all of the accounts that matter to you most.

The good habits you’ve picked up from being a smart PC user will benefit you however you connect to the web.

F-Secure’s new Safe Anywhere gives the world’s leading operators and ISPs the ability to protect PCs, Macs and mobile devices with one award-winning solution. Find out more about Safe Anywhere here.

Jason

CC image by LGEPR

Share this

Our corporate product F-Secure Client Security has just won the BEST PROTECTION 2011 AWARD by AV-TEST. AV-TEST is an independent testing organization that evaluated 7 corporate protection products throughout 2011.

All of our security products, including F-Secure Internet Security 2012, are based on the same technology as the award-winning F-Secure Client Security, which is why this is a time to be proud.

This award means we are continuing the success we have had in the past years with our security products. And now we are also the leader in protecting corporate customers.

While I’m being immodest, I can’t forget to add that F-Secure Internet Security 2012 has also won many awards, including AV-Comparative’s Top Rated -award, and 1st positions in com! -magazine’s comparative review and CHIP Magazine’s comparative reviews in Germany, Netherlands and Italy.

And to be even bolder, we plan on continuing to improve our security products so we can stay ahead of all the threats facing our customers.

Find out how you can get best protection for your business with F-Secure Client Security.

And if you don’t yet have our award-winning Internet Security protection, try it for free.

Cheers,

Anna

Share this

The fact is millions, if not billions, of relationships have begun online. And that number is growing as the lines between offline and online merge.

Online dating is an especially interesting issue for us because it merges many of the issues we think about most: security, online safety, content control and social networks.

The fact is by “putting yourself out there” online, you do open yourself to risks you might avoid otherwise. You may also open yourself up to the person you’ll spend your whole life with. If you want to give it a try or try it again, we recommend a few precautions.

1. Trust your instincts.
A rule of dating that is often mocked is “Be yourself.” It’s so vague and unhelpful. But what people seem to be saying is “Trust you gut.” If something gives you a bad feeling, if you regret signing up for a site, if you regret making a date, step back. The great thing about dating online is that you’re increasing your options. So don’t worry about blowing one opportunity. If something gives you a bad feeling, back off and apologize. Don’t be afraid to cut off contact or even erase emails before you open them. It’s your gut, protect it.

2. Remember that the Internet never forgets.
Anything you do online creates some sort of data trail. Any message you send can be made public. Any picture you post can be reposted. In the past, only celebrities had to worry about their private activities being made public. Now we all do. So imagine that anything you share could go public and definitely close any accounts once you’re done using them.

3. Secure your PC.
When using any social network, you should make sure all the applications and your security software are patched and protected. (Our Health Check makes that easy.) Also keep in mind that by putting your email out in the world, you’re making yourself more vulnerable to email scams. For this reason we recommend never clicking on the links in emails.

4. Get the low down.
Talk to your friends who have tried out online dating. Ask them for their tips and regrets. If you don’t feel comfortable chatting with someone you know, Match.com has a nice list of all the possible safety precautions you should be taking. Also, Google the people you’ll be meeting, and their email addresses. You may be surprised at what you find.

5. Go the extra mile.
The Electronic Frontier Foundation recommends, “Get a throw-away email address, avoid using your name, and avoid paid sites that would elicit your credit card number and billing information. To maintain the highest levels of privacy, consider taking steps to obfuscate your IP address, such as using a VPN.” Also, you should use https on secured networks whenever possible. Keep in mind that any site you trust with your data is only as good as its privacy policy and its word.

Cheers,

Jason

CC image: Julien Haler

Share this

Banking Trojans have been around since at least 2007 and they have become part of our everyday lives. In recent months, ZeuS Trojans have targeted to Finnish banks, resulting in financial losses for hundreds of customers. The success of these trojans has been startling and similar attacks are occuring around the globe.

How does a ZeuS Trojan work?

First, a trojan has to find a computer that is not fully protected. Once it infects a PC, the malicious software sits waiting until it is activated when a customer establishes an online connection to his or her bank.

When this happened to customers in Finland, they saw a message that said, “We are sorry, there is an error and we are working to fix it.” At that point the attack is a success. Personal information provided by the customers can then be exploited and cash transfers can then begin. Often customers do not even realize that they’ve been attacked until long after the transfers are made.

F-Secure’s Labs’ Threat Research Team has been investigating banking trojan cases for more than half of a decade. F-Secure’s Security Advisor Sean Sullivan says: “While Finnish banks have excellent safeguards and protections, we should remember that some of those protections are almost 20 years old. Cyber criminals have had plenty of time to work out new strategies.”

What can we do to protect ourselves?

Here’s Sean’s advice:

1) Don’t panic. It’s a real problem, but no more so than getting your pocket picked in the real world.

2) Keep your software up to date, and uninstall that which you don’t use. (e.g., Java). We recommend F-Secure’s Internet Security 2012, of course.

3) If you feel there’s something unusual about your online banking experience, call your bank and chat with their support. They are more than happy to help you!

Cheers,

Anna

CC image by: BFS Man

Share this

That’s why we thought now would a good time to discuss why password security is so important on a site like Facebook.

What does a hacker get if he gets your password?

He gets immediate access to your account and the opportunity to change your password to deny you access. That’s bad. What’s worse? He could then get access to any other sites where you use the same combination of login and password. If this includes your email, he could wreck major havoc.

How to protect yourself

1. You should use a unique combination of login and password for ANY site that matters to you.
2. Choose a strong password that can’t be guessed.
3. Watch where you click on Facebook.
4. Keep your system and security software patched and protected.
5. Don’t click on links in your email.

What should you do if you think you’ve been hacked?

Change your password immediately. Then change the password of any account that uses that same password.

Cheers,

Jason

CC image by familymwr

Share this

Sean Sullivan, F-Secure’s Security Advisor, explains why:  “The problem isn’t a particular vulnerability; it’s that Java always has the latest, most popular vulnerability to exploit.”

The good news most people do not even use Java anymore. (Some confuse it with Javascript, which is still widely used.) The bad news is online criminals all over the globe are successful infiltrating systems through a program that may not even be necessary.

So if you don’t need it, get rid of it. If you need it later, you can always install it later.

If you don’t want to remove it or need to it to run a specific application, you need to make sure it is always updated.

Cheers,

Jason

Share this

We’ve put together a quick snapshot of this year’s online shopping environment in the US. It also includes some useful tips to protect yourself whenever you’re shopping over the Internet.

We hope you enjoy it and have wonderful holiday and new year wherever you are.

Cheers,

Anna

Share this

That was the happy challenge we at F-Secure faced with Internet Security 2012. Our goal couldn’t just be improved protection for your computer and online life. We also wanted to make Internet Security 2012 even faster and easier to use for you and family. And we’re proud to say that the best protection in the world…JUST GOT BETTER!

F-Secure Internet Security 2012 is now available here. If you’re a current customer, your free upgrade is available here.

“Our antivirus test success last year was awesome,” says Mika Stahlberg, VP F-Secure Labs.”In spite of that, or rather inspired by it, we have made a large number of improvements to our security core during this year. Our internal tests show that with new technologies like DeepGuard 4 and ORSP online detections, Internet Security 2012 will be a faster product with superior detection rates compared to its predecessor.”

All online safety settings are now personalized for each user to keep virus and spyware out while stopping spam and phishing emails. The firewall hacker-proofs your Internet connection.  Browsing Protection protects you whether you’re browsing the web or connecting on Facebook by blocking phishing scams and unsafe websites. Parental Controls keeps kids away from nasty web content and can lock them out before they get getting bleary-eyed from excessive screen time.

Internet Security 2011 was fast. But fast is now even faster. F-Secure’s cloud-based real-time protection delivers instant reputation data about websites and files. This is how we identify and block harmful websites and emerging threats immediately around the world.

For the first time, F-Secure Internet Security 2012 also protects you against unwanted mobile broadband bills. When you’re roaming with a computer using Windows 7, Internet Security automatically optimizes the computer’s mobile broadband use to prevent 3G mobile broadband bills from exploding.

It’s the award-winning protection millions count on, optimized for 2012. We hope you’ll let us know what you think.

Cheers,

Anna

Share this

If you love the Internet

The US government declares every October Cyber Security Awareness Month (NCSAM). Of course, around F-Secure every month is cyber security awareness month, but we appreciate the opportunity to join with millions of other people to spread the information we all need to stay safe online.

For safety tips from the organizers of NCSAM go to StaySafeOnline.org and for the government’s official cyber security site visit OnGuardOnline.gov.

We also want to share some of our favorite awareness posts from the last few months. Check them out then let us know in the comments of this post if you have any cyber security questions you would like us to answer.

What Credit Card Fraud Taught Me

How to Use the Internet Safely—Before, During and After Your Next Vacation

3 Things You Need to Know if You Use Online Banking

An Introduction to LinkedIn Privacy and Security

How to Protect Your Privacy if You Use Facebook

Cheers,

Anna

CC image by br1dotcom

Share this

Man-in-the-middle attack allow the attacker to intercept messages between you and your bank. The criminal then sends its own messages to both parties. Just this week, F-Secure Labs has observed multiple man-in-the-middle attacks against at least two Finnish Banks. Other new man-in-the-middle attacks utilize the computing power of our smartphones to trick us out of account information.

Here’s what you should know to keep the thieves out of your digital piggy bank.

1. Never click on links from bank e-mails.
When you’re busy, it’s easy to make a mistake and click on a bad link, especially on our phones.  Sean Sullivan from F-Secure Labs says the best strategy is to, “Go to the bank via a browser bookmark.”

2. Know that criminals are targeting your smartphone.
F-Secure Labs has followed Spitmo, a man-in-the-middle attack that targets phones, since spring. And now an Android version has been spotted. This attack pretends to install application that protects the phone’s SMS messages. If you receive an SMS that asks you to install such software on your phone, take the time to contact your bank directly.

3. Keep your system and security software updated.
The registered owner of the site being used for this week’s Finnish bank attack owns more than 90 sites. So as one attack goes down, another one might go up. It’s important to have browsing protection that could prevent you from visiting a site hosting a known attack. And it’s even more important to make your PC is patched and protected. Our free Health Check makes that easy.

Bank robber Willie Sutton never actually said that he robs banks because “That’s where the money is.” But if he lived today, he might have tweeted it.

Criminals will never stop scheming of ways to get into your bank account. By staying aware of their latest tricks, you’ll do your best to keep your money where it belongs.

Cheers,

Jason

Share this

Here’s what we found out:

1. How concerned are you about your child’s safety online?
• Not concerned 6%
• Somewhat concerned 44%
• Very concerned 50%
2. Are you more or less concerned about your child’s safety online than you were in the past?
• More concerned 82%
• Less concerned 18%
3. Are you more concerned about your child’s online safety at school or at home?
• School 53%
• Home 47%
4. What are you most concerned about in regards to your child’s online safety (choose from below):
• Encountering predatory individuals on social networks or forums 63%
• Contracting dangerous viruses or malware which can compromise personal or financial data 23%
• Lack of exercise/dangers of extended PC use to physical health 13%
5.  Do you feel you know where to find information about how to keep kids safe online?
   • Yes 58%
   • Somewhat 37%
   • No 5%

Here’s  a quick analysis of the results.

1) Despite most people knowing where and how to find info to keep kids safe online (58%), 94% are still concerned about their child’s safety online, with the majority of that group describing themselves as ‘very concerned’. Also, the vast majority of parents (82%) are more concerned about their child’s safety online now vs in the past.

2) Parents are approximately  three times more concerned about their children encountering predatory individuals online vs contracting malware which could compromise financial or personal data (63% vs 23%)

3) Parents are nearly twice as concerned about their children encountering viruses and other malware online than the potential negative effects of extended computer use, such as muscle strain or obesity.

Cheers,

Anna

CC image by Tim & Selena Middleton

Share this

For the first time millions of smartphone users woke up to the fact that their mobile devices may be collecting data that has generally been considered private. As billions of users around the globe adopt smartphones as a tool of choice for business and banking, rapid shifts in marketshare are creating a mobile landscape with unprecedented privacy issues and increasing security risks.

On February 11, 2011, the world’s largest phone manufacturer Nokia announced that it will be transitioning from the Symbian operating system to Windows Phone 7. This historic alliance can be seen as a response to the increasing global popularity of Apple’s iOS and Google’s Android mobile platforms. In early 2011 Google’s Android has passed Symbian as the world’s most popular mobile OS,.

Thus far, the diversity of mobile platforms—as compared to the PC world where Windows dominates—along with application approval processes—such as those employed by Symbian and Apple—have limited the impact of mobile attacks thus far.

Yet Android’s growing popularity and open application development process may present some concerns for consumers. Not only have trojanized apps appeared in third-party marketplaces but in March 2011 more than 50 rogue apps were even removed from Android’s official market place.

As Android evolves to 3.0 to support tablets with customized interfaces from various manufacturers, its lack of a centralized process to patch security holes may create the possibility of ongoing exploits. These vulnerabilities will surely be exploited as the number of users using their phones for financial transactions on these platforms grows. Meanwhile, privacy concerns have sparked a federal grand jury investigation in the United States about the kinds of user data mobile app makers are collecting and sharing with advertisers.

Finally, the SpyEye mobile malware, which works in combination with a PC banking Trojan, exemplifies the high stakes cat-and-mouse game pitting financial institutions and law enforcement agencies against online criminals. This game began on PCs and has now—like most games that start on a PC—gone mobile.

Mobile OS News

In February of 2011, Nokia announced that Windows Phone 7 will be the primary operating system for its future devices. This is a historic switch from the Symbian platform that introduced most of the globe to smartphones. Windows Phone 7 and Xbox are the only Microsoft platforms where applications must be pre-approved by Microsoft before users can run them. As a result, F-Secure does not expect any major mobile malware outbreaks just because of Nokia’s partnership.

Android is now the most popular mobile platform with 39.5% market share. Android’s rise, which was most striking in the United States, went from being the fourth most popular mobile platform to overtaking Apple’s iOS and Blackberry’s OS to become the leading mobile OS in just twelve months. Symbian is currently the world’s second most popular mobile platform, running on 20.9% of mobiles around the globe. As a result of the Nokia/Microsoft deal, IDG predicts that Symbian will be on less than 1% of smartphones by 2015 while Windows Phone 7 will rise to the 20.9% market share now occupied by Symbian.

Android 3.0, also known as Honeycomb, is designed to support tablet computing and compete with Apple’s iPad. Google worked with Motorola and HTC to support the launch of Honeycomb on the Motorola Xoom and the HTC Thunderbolt. These collaborations indicate that Google may be trying to somewhat rein in how developers deploy its OS. However, it also creates uncertainty in how exploits focused on different versions/implementations of the OS will be patched, which could leave some devices vulnerable to zero-day attacks.

iPhone Location Data Controversy

In March of 2011 Forensic researcher Alex Levinson announced that he had found a way to map out where an iPhone has been. The information comes from a location cache file found on an iPhone (Library/Caches/locationd/consolidated.db).

F-Secure Labs’ Mikko Hypponen guessed that this data was for Apple’s global location database. This theory was later confirmed by Apple who claimed that the tracking was a bug. Apple said that the data was track anonymously, per their Privacy Policy, for a record of existing networks similar to the one Google recorded world-wide when their Maps Street View cars were driving around the globe. Apple released a ‘fix’ for the bug that allows users to opt out of location tracking completely for the first time.

Most mobile carriers and smartphone OS makers, including Android and Windows Phone 7, track some form of location data. In addition, a small and growing percentage mobile users use location-based social networks to track their location. However, few had any idea that their entire travel history could be tracked. For the very first time, millions of device owners had to face the new and unchartered privacy implications of smartphone ownership and use.

Dangerous Apps and More Privacy Problems

Apple has embraced a “walled garden” approach for the development of applications that run on the iPhone iOS. All apps available through its official App Store require Apple’s approval. Apple also holds all developer revenue in escrow for 30 days or so. As a result, most scams are shut down and removed before the scammers can benefit. Of course, the iPhone “jailbreak” has created an underground market of unsanctioned apps that Apple has no control over. But users must actively seek out these alternatives.

In contrast, Android’s approach to application development has created what could be called a “Wild Wild West” atmosphere that has been exploited by rogue developers. Malicious apps are often copies of copyrighted apps that have been trojanized and then sold to consumers as legitimate software. These trojans can lead to information leakage and high data usage, which could leave users with inflated phone bills. Previously these malicious apps were primarily distributed in third-party marketplaces, primarily in mainland China. However in 2011, they reached the official Android Market.

In January, a Chinese version of the “Steamy Window” application for Android was found repackaged with a trojan. F-Secure Labs saw this as a clear sign that Android malware was on the rise.

Soon thereafter a new Android trojan named ADRD appeared. ADRD was mostly found included in several applications from a third-party application provider in China, with the applications repackaged to contain the trojan. Most of the infected applications were wallpaper-related.

Then in March, the threat of trojanized apps hit the mainstream. More than fifty apps were removed from the official Android Market. The malicious applications were uploaded using various developer names. According to the androidpolice.com report, one of the malicious applications contained a known exploit (“rageagainstthecage”) for gaining root access.

In response to the breach of security, Google used its “Kill Switch” to remove the trojans from Android handsets. Google also forced an install of a program called Android Market Security Tool to affected phones. This was only the second time Google has used its Kill Switch.

Google also realized a security tool to affected users. Ironically, a trojanized version of the tool was found on a mainland Chinese network.

Google’s purchase of Motorola is likely to fuel Android’s growth on smartphones and tablets. Android 4 is scheduled to arrive this October,  creating tablet competitors to the iPad. Tablets are more likely to be used  to do things traditionally done on PCs, such as online banking, and that could very likely increase attacks on tablets.

Consumers will soon recognize that mobile devices require many of the same security precautions as PCs. Software needs to be updated and applications should be researched before installing them on your smartphones. F-Secure Labs released a list of tips for protecting your mobile device.

Even when applications aren’t malicious users still need to be aware that phones may be sharing confidential data with app makers without the owners’ knowledge. Federal prosecutors in New Jersey are investigating several smartphone application creators, including Pandora, for allegedly sharing user data—such as GPS location, gender and age—with third parties without notifying users, in violation of the United States’ Computer Fraud and Abuse Act. While no charges have been filed, this can be seen as a serious wake-up call to application developers in regards to how they protect customer data.

Both Twitter and Facebook released https browsing support in early 2011 for PC-based web browsers in response to Firesheep, a tool that makes it possible to see what information is shared over free open Wi-Fi networks. Facebook’s implementation still has some glitches and not all social networking sites secure their data this way. Users need to be aware the information on phones (and laptops) shared over unsecured Wi-Fi is vulnerable to eavesdroppers. Use a VPN when connecting over Wi-Fi whenever possible. At the time of writing, many mobile apps and mobile web browsers do not support https browsing.

The Cat and Mouse Game Hits Mobile

For nearly a decade, financial institutions have been striving to keep ahead of online criminals. They’ve secured their sites, implemented anti-phishing technology and offered to SMS one-time passwords or mTANs to customers to protect their accounts. As banks innovate, criminals make it their business to keep up.

In late 2010, security blogger Brian Krebs discovered that -the authors of two popular botnet kits had merged to form what he called a “supertrojan.” In March, a variant of SpyEye was used in a new “man-in-the-mobile” attack on a European bank.  This attack combined a trojan that affects a PC’s web browser with a mobile trojan that verifies itself, forming a unique new attack that might have tricked even the savviest of users.

The trojan injects fields into the bank’s webpage to phish the customer’s mobile phone number and the IMEI of the phone. This is done under the guise that the bank needs that information to make SMS transfers MORE secure. The bank customer is then told the information is needed from their mobile. A “certificate” is sent to the phone with a notice to the user that it can take up to three days before the certificate is ready. Using the IMEI of the phone, the criminals can create a “developer certificate” that bypasses security prompts. If the trojan is  installed, the one-time password can be stolen, along with all of the customer’s money.

Users should keep in mind that while banks make their best effort to secure digital transactions, actually going into a bank for important transactions or transfers is still a wise idea.

Where is Mobile Malware Headed

Recent mobile malware makes it very easy to imagine what data e-criminals are after. In addition to banking and other crucial credentials, photos are an attractive target. This malware targeting Symbian phones can’t steal your photos, yet. But it’s close.

The data we keep in our pocket holds an incomprehensible amount of data and access to our lives. The question is, what are we willing to do to protect it.

Share this

ShareSafe helps you share better. Win rewards for sharing great links while protecting your friends from spam and malicious links. This video shows you how it works:

You earn 10 points whenever you share a link with ShareSafe. Earn even more points when your links are clicked or liked. If a friend of yours accept your invitation to join ShareSafe, you earn 50 points plus bonuses as more and of your friends join. And these points will help you win prizes picked out just for you.

This is the beginning of a movement to make Facebook an even better place for connecting with your loved ones. Thanks for checking it out and sharing it with the people you want to protect most.

Cheers,

Sandra

Share this

At last week’s TED Global my colleague Mikko Hyppönen, F-Secure’s Chief Research Officer, gave an awesome  talk on computer crime issues. He became only the second presenter to give a TED Talk about computer security. The first one was Ralph Langner, who spoke about Stuxnet in TED at Long Beach in February 2011.

Photo: James Duncan Davidson / TED

Mikko has been described in US government documents leaked by Wikileaks as an “infosec rock star” and in his talk he highlighted our collective role as the first generation that got online. He described his journey to find and meet the creators of the first PC virus. Defeating the next global virus outbreaks depend on international cooperation to track down and stop cybercriminals. That’s why Mikko is calling for the creation of an international collective of law enforcement to fight online crime.

To understand why Mikko received a standing ovation, you have to see the talk itself. It’s now live at http://on.ted.com/Hypponen

After you watch Mikko’s talk, be sure to check out his journey to meet the creators of the PC virus:

Enjoy!

Cheers,

Sandra

Share this

In a recent Facebook Question, we found that more than 83% of respondents plan to use the Internet in one way or another while on holiday. 41% will connect on their laptops while 35% will depend on their mobile devices for their digital fix.

Using your devices while away from home presents some security risks. Whether you chose to plug in, tune out or a little of both, a few precautions will help keep your data and your identity safe while you enjoy a little rest and relaxation.

Before

Backup your PC and update your system and security software
A patched and protected PC is your best defense against any online threat. But because you can’t always predict what will happen to your actual laptop or device, you should make certain your irreplaceable documents and media are all backed up and safe in cloud or at home.

Contact your credit card company to let them know if you’ll be traveling abroad
If you’ve ever been a victim of credit card fraud, you know the charges can start coming from anywhere. Thus credit card companies often block transactions that are made far away from your home. While this is for your own protection, it can hinder you when you’re in the midst of your travels. Be proactive. Let your card company know your travel plans when you’re going abroad.

Don’t post your travel plans on your public social networks
When you live online, it makes feels comfortable to share your personal lives with people you don’t know that well. If you’re a master of privacy settings or Google+ Circles, you can feel more comfortable sharing your itinerary. They key point: don’t tell anyone your travel plans who you online wouldn’t tell in real life.

During

Secure your browsing when using public Wi-Fi
If you’re connecting to a wireless network you don’t control, use a VPN. If you can’t, secure your browsing whenever possible with https connections.

Use extra precautions on public computers
You never can know for sure what sort of malware is on a public computer. Your every keystoke could be logged. When using a public computer, avoid online banking and shopping. And use one-time passwords if they are available as they are for Facebook and Google.

Watch for shoulder surfers
Keep on an eye who is watching what you type and input. And if you leave your laptop in your room, leave it in a safe when available.

After

Check the credit card you used for irregularities
Reviewing the bill of the card or cards you’ve used for travel and/or online purchases  is always a good idea. Report any questionable charges ASAP.

Backup your pictures and videos from your trip
The sooner you get your media backed up, the better the chance that you’ll be enjoying digital  memories of your trip for years into the future.

Now share your pictures with you social networks
Or don’t. Either way, you’re safely back up home with your PC and your memories intact.

Cheers,

Jason

CC image by Spree2010

Share this

1. To build up buzz for a new product—as in the case of Gmail and now Google +.
2. To test and improve a piece of software nearing release.

Right now we are in the middle of the beta for Internet Security 2012. And if you are now thinking, “Yes, I want to test this piece of new software till smoke is coming out of my PC” then we hope you’ll sign up for our beta program. However, as Internet Security 2012 is still being developed we don’t think the beta is for everyone.

We offer free licenses for our Anti-Theft for Mobile and have in the last year given out licenses to our Mobile Security and even our 2010 AV-Test Product of the Year Award-winning Internet Security via our Facebook Page. And when Internet Security 2012 is available to the public, we hope the whole world will take our free trial.

But for the beta, we’re only looking for passionate software experts who will help break our software. Yes, break it. Or at least tell us how to make it perform better for you. That’s how we work to bulletproof the protection we provide. It’s hard work and the finished result is a tribute to the beta testers’ tenacity and ingenuity.

Are you a software aficionado yourself ? Do you know any experts that would like to put our protection to the test?

The sign up process is in-depth and it will help you or your friends and us know if the program is a good fit.

Thanks for following us. Your interest in F-Secure is greatly appreciated.

Cheers,

Sandra

CC image by Ryan Tir

Share this

Malicious software has only been effectively used to make large sums of money for less than a decade. But now it’s hard to ever imagine a world without online crime.

In 2011, we’ve already seen hackers take down Sony’s PlayStation Network for weeks. Dozens of Malicious apps have been removed from Android marketplace. And the United States government indicated that it could retaliate to cyber attacks as they would to conventional attacks.

We asked F-Secure’s Chief Research Officer Mikko Hypponen what he forecasts for the rest of 2011. Here’s what he expects:

• More hacktivist attacks along the lines of Anonymous and Lulzsec.
• Mobile malware continues to grow, but only on Android.
• Cyber warfare remains a hot topic.

We’ve linked to a Labs blog post about current events related to each prediction for more insight. For breaking news, be sure to follow Mikko and F-Secure Labs Advisor Sean Sullivan on Twitter where they break news pretty much every day of the week.

Cheers,

Sandra

Creative Commons image by skenmy

Share this

Message shown by the Cabir Bluetooth-Worm

From late 2010 to the first few months of 2011, there’s been a fair bit of buzz in the tech media about how mobile malware may be the big IT security issue for 2011. (To be fair,  I also said something similar in a previous post.)

Even though PC threats are still hugely more prevalent, mobile malware tends to get more press because they’re like the up-and-coming starlets of tech threats – they’re fresh, new, interesting, and frankly, just a little sexier than plain ol’ Windows malware.

At least – they are to IT security pros. For the average man on the street? Not so much. For many smartphone users, especially those only recently transitioning from ‘dumbphones’ to smartphones, ‘mobile threats’ can still be a pretty nebulous concept.

Since it seems likely that we’ll be talking more and more about mobile threats from now on, I reckoned this would be a good time for a quick tour through the world of mobile malware. And to make thing easier, let’s break this guide into 3 articles covering the 3 most important questions for a new (or even not-so-new) smartphone user:

What (should I be worried about)?
Why (should I be worried)?
and How (do I protect myself)? 

So let’s get this tour started with…

What (should I be worried about)?

Mobile malware is nothing more than malicious programs designed to run on operating systems (OS) used by mobile devices. The most common devices affected are mobile phones, though PDAs, tablets and other consumer electronics may be affected if they also use the targeted OS.

A very short history

Mobile threats aren’t a new phenomenon – the earliest mobile malware we have on record is Cabir (image above), which came out in June 2004. However, until the last 2 years or so, mobile malware hasn’t been a big deal.  For most of the last 10 years or so, the number of distinct mobile malwares created has been in the low hundreds – a drop in the ocean compared to their millions of PC counterparts.

Why? Mostly because PCs are easier to attack, there’s more of them, and there’s enough financial and personal information on them to make it worth the attacker’s efforts. Nowadays though, smartphones are rapidly gaining more allure as targets for malware authors, and for much the same reason PC threats have become so prevalent: exposure to the Internet.

Getting connected – to malware

Up until about 3 years ago (the ‘DumbPhone Era’, if you like), mobile threats were most commonly transmitted from user to user as Bluetooth worms, SMS-worms, etc. This limited distribution pattern tended to reduce the impact of mobile malware – the attacker had trouble distributing the malware to huge numbers of people, and an individual user generally couldn’t spread the infection very widely either.

That was before the Internet came to the phone. Nowadays, almost all smartphone users can connect to the Internet via a browsing program on their mobile phone (a mobile browser). Taking advantage of (currently) cheap data plans from telecom companies, smartphone users have been going online via their phones in record numbers in the last couple years .

Unfortunately, this new-found connectivity comes with an unintended side effect. For PC users, their broadband connection to (and behavior on) the Internet has proved to be the most significant pipeline for malware distribution. For mobile users – ditto.

In the last few months, almost all mobile threats we’ve seen have arrived via the mobile browser or by the user downloading a bad app from the Internet – and it seems safe to say that in future, most of the major mobile threats will be distributed over the Internet.

Threats evolving

Image displayed by Skulls.D

There are a few distinct threat types favored on the mobile device, though these preferred types can change over time. Even as recently as last year, trojans (malware distributed using fake names, such as Skulls.D at right) and worms (particularly Bluetooth-worms) were the main threats for mobile users. By end 2010 and early 2011 though, we started seeing trojanized apps, rogue apps and online attacks targeted at mobile audiences.

Trojanized apps are a more sophisticated take on the ‘classic’ trojan, which was usually just a malicious file distributed under the stolen name of a legitimate one – say, a system update or game. Trojanized applications, on the other hand, are legitimate files that were reverse-engineered and adulterated with malicious code. The ‘Frankenstein’ program that results is usually very similar to the original, and may even be fully functional. Examples of this type of malware are Trojan:WinCE/Terdial and more recently Trojan:Android/BgServ.A and Trojan:Android/DroidDream.B.

Rogue apps are simply fraudulent programs that say they do something, but don’t. This is the mobile equivalent of a rogue, PC scareware that’s been around for many nears. There’s nothing particularly new about this threat on phones either – we posted about possibly fake mobile banking trojans in 2010 and even earlier – but as new smartphone users are still likely come in contact with these malicious programs, the danger remains present.

On a different front, now that mobile browsing has become a major activity for smartphone users, online attacks that have troubled PC users for years are starting to affect mobile surfers too. Our Labs Weblog reported one phishing website that appeared to have formatted its fake URL to make it harder for mobile viewers to tell it’s a fake site.

An interesting point mentioned in the post was that a phishing attack may even work better on mobile browsers, as the lack of screen real estate works against the user by concealing any tell-tale ‘phishiness’ in a website’s URL. It’s early days yet, but I suspect it won’t be too long before we have to start coming out with a new Web Browsing Do’s and Don’t list specifically for mobile users, as PC-focused lists may not work for a mobile audience.

Summary

Of course, these are just the three most notable types of mobile malwares we’ve seen in the first few months of 2011. Only time will tell how the attackers will refine their strategies and creations to take better advantage of mobile audiences. If the recent trend we’ve seen in the Labs is any indication, with more mobile samples being sent in for analysis, it seems pretty plausible that the next six months will see some new threat types turn up.

In summary though: Now and for the foreseeable future, PC threats will still be much more prevalent, no question about that. We are however starting to see more mobile threats emerging, as the large numbers of mobile phones accessing the Internet present a new, accessible and attractive target for attackers. At the moment, these new threats require the user to either download a malicious app or visit a malicious site.

Part 2 – Why should I be worried?

Part 3 – How can I protect myself?

Share this

While malicious software has aggravated PC users for more than 25 years, Apple devotees have generally avoided troubles with malware. This magical-feeling of immunity helped many Mac users develop a religious-like faith in their computers. But this faith has been shaken in recent weeks for some fans by a threat many PC users have become familiar with the hard way: scareware.

Apple has downplayed the impact of the attacks by the Mac Defender rogue antivirus family, but anecdotal evidence from Apple Store Geniuses suggests the problem is widespread. On May 24th, Apple acknowledged the problem and issued guidance to help users avoid and remove Mac Defender. An update that protects users from these attacks is expected from Apple by the beginning of June.

If you use the Safari browser on your Mac, you should immediately disable automatic file opening. You can do this by going to Preferences -> General then uncheck “Open ‘safe’ files after downloading”. Mac users also need to develop a healthy suspicion of any program that attempts to install itself, as many PC users have.

In some ways, facing undeniable security threats is a compliment to Apple. In 2008, an academic paper predicted that Macs were likely to become a focus for online criminals around the time they hit 16% market share. Macs now make up 15.36% of the PC market in the US. But, as F-Secure Labs explains, one data point isn’t enough to explain why many Mac users are thinking about security for the first time.

Apple products aren’t likely to face the flurry of attacks that now target Windows XP in the near future, and Mac users can take action to protect themselves.  F-Secure has offered Mac Anti-Virus through our operator partners for a while. We recently decided to offer it directly to consumers, and recent events prove that our timing couldn’t be better. You can try our Mac Anti-Virus for free now using the promo code AVMAGL.

I imagine that some Mac loyalists would disagree that Macs need AV. Why use an umbrella when it’s not raining? they might ask. We would argue that skies are starting to get a little gray. As F-Secure’s Chief Research Officer Mikko Hypponen recently tweeted, “Slowly but surely, Apple will be targeted by more and more malware. Apple should realize this and stop trying to hush it up.”

Cheers,

Sandra

CC image Rolon2000

Share this

For the second year in a row, an F-Secure survey has found that nearly 3 out of 4 Facebook members are not “friends” with their boss on the site. A steady feed of news about people losing jobs over comments or images they’ve posted on Facebook has made many of us worried about who we friend and what we post.

An US court recently ruled that you should expect anything you post on a social could go viral—no matter what your privacy settings are. Even if the courts where you live aren’t as skeptical of social networking privacy, the fact remains: if you post something on Facebook, you never know who might see it. So even if you never post about your job or ever worry about having to find a new job, you know there are risks of sharing your private life on Facebook.

Social networking has only become a mainstream phenomenon in the past decade. Most of us are still learning the etiquette and risks of social media. That doesn’t mean social networking is any more dangerous than any online communication. For most people, the dangers of social networking are roughly as perilous as those of email. You could send the wrong thing to the wrong person, open a bad file and infect your PC or give criminals access to your account or private information.

For this guide, I’m assuming you know the basics of PC security. You have a strong password and your PC is patched and protected. I figure you lock your computer or smartphone, and you would never leave yourself logged in to Facebook on a computer you aren’t using. If you’re doing all that, you’re avoiding most of the serious threats you’ll find online. Now you’re ready to get into advanced strategies for staying safe on Facebook.

1. Unless you have a good reason not to, use the “Friends Only” privacy setting.
Have you noticed that people you don’t know appear in your Facebook feed?  Those are friends of your friends. They’re showing up because they either commented on something a friend of yours posted or vice versa. And you may be appearing in strangers’ feeds in the same exact way—if your privacy settings are at “Friends of Friends.”

One reason Facebook is so popular is because it replicates the social context of our lives. We feel as if we are in the presence of friends and family—some of whom we haven’t seen in person since before there was a Facebook. That makes us comfortable. Maybe even a little too comfortable.

By going to Account> Privacy Settings> and selecting “Friends Only”, you are only sharing with the people you’ve approved as friends. You can still change specific settings to make them more or less public. But you’ve created a boundary you can imagine in your head.

(If you’re on Facebook to market yourself or a product, you should definitely start a Facebook page or switch your profile to a page.)

On Facebook, the one thing you can always control is what you post. You can’t control your friends’ comments on what you post, and you can’t—in any immediate way—stop other people from taking your information or media and resharing them. This is why some people prefer Twitter where your information is either private or public. If someone comments on or repeats your posts, they do it on their own profile. On Facebook, strangers can comment on everything you do—unless you change your privacy settings to limit access to “Friends Only.”

Some people are so comfortable on Facebook they may not even realize they are sharing private details that can be used to crack passwords or security questions. The average Facebook user has 130 friends. If you’re simply opening your life to all of your friends, you’re opening your life to 16,900 people. That’s great if you’re actively seeking new friends. But it is a lot or one brain to process. And you can always visit your friends’ walls and click on their friends if you’re looking for new people

“Friends only” not only is a good move to protect your privacy and identity, you may find that it also helps your Facebook experience by freeing you up to give more attention to the people you care about most.

The 8 Most Important Ways to Protect Your Identity and Privacy on Facebook

1. Unless you have a good reason not to, use the “Friends Only” privacy setting.
2. Turn on Secure Browsing
3. Secure your account
4. Take a look at what others see when they see you and decide if you want search engines to find your profile.
5. Turn off Instant Personalization and audit your apps
6. Watch where you click
7. Decide if you want your name and image to appear in Facebook ads.
8. Start using Facebook lists.

This guide is in progress, so let us know what you think. What are the best ways to protect your identity and privacy on Facebook?

Cheers,
Jason

Share this

Offering mom tech support is one way to thank her all she did and does for us. And helping mom on the PC is almost as popular as sending her flowers for Mother’s Day.

71% of those surveyed in a recent F-Secure poll of 142 Internet users conducted tech support for their moms. 25% of those who offer mom support do it often.

And moms do need help. 43.5% have experienced some security issues on their PCs. Meanwhile, 62% percent worry about their moms’ online security. Either children are more aware of security threats than their parents or they worry about their parents even more than necessary.

The many moms at F-Secure appreciate the irreplaceable relationships that our products help protect. And we hope you and your mom are aware of the free tools we offer to help keep PCs healthy and moms worry-free.

Health Check makes sure that a PC is patched and protected with the latest software updates. Microsoft, Apple and Adobe are always releasing fresh security fixes for their software. Keeping up with each update is a challenge. Health Check makes it easy.

If your Mom’s computer is acting strangely and she’s experience lots of pop-ups and system slowdown, have her try our Online Scanner. It can help her get rid of the viruses and spyware causing the problems.

And here’s an article I found very useful:  Shop savvy: 7 practices to shop safely online.

Best to you and your mother as you enjoy another safe year together.

Cheers,

Sandra

Share this

The advice offered in 2001 still applies. Here’s a quick review of the key things you know to protect your credit card accounts online.

1. Follow your bills closely.
Credit cards are, in general, better for online purchases than alternatives. Try to limit your purchases to one card and check that one account’s bills closely. Report any questionable purchase(s) to your card holder immediately. If you live in the United States and believe you have been a victim of identity theft, you should contact the Identity Theft Resource Center for help. Otherwise contact local law enforcement.

2. Only shop on secure sites.
Even if your PC is completely patched and protected, you still need to use caution when shopping online. Stick to online retailers you trust or have researched. Make sure that when it’s time to submit your credit card details, you’re on a secured site with a URL that begins with https.  If you’re ever in doubt, stop the transaction and contact the retailer by phone.

3. For worry-free shopping, use one-time credit card numbers for online purchases.
The best way to avoid online credit card fraud is with temporary card numbers. Bank of America, Citibank and Discover all offer some version of a temporary credit cards for their customers. If you had used one of these numbers to pay for your PlayStation Network account, for instance, you wouldn’t be worrying about anyone going on a spending spree in your name.

Are you comfortable using your credit card online? What else do you do to prevent credit card theft?

Cheers,

Jason

CC image by JD Hancock

Share this

“It is a truth universally acknowledged, that a single man in possession of a good fortune, must be in want of a wife.” – Jane Austen

There are few non-sporting events that draw as much attention from all over the world as the wedding of an heir to the British monarchy. When Prince Charles married Diana, television told the story. For the marriage of Prince William and Catherine, the Internet will not only broadcast the images it will also allow us to engage in a global conversation in real-time.

Until the ceremony takes place on April 29 and for a few days after, you’ll probably see the word “wedding” more often than an avid reader of Jane Austen does. One report says that the wedding is being mentioned every 10 seconds online, and the guests haven’t arrived yet. Most of the headlines and links featuring “the wedding” will lead to legitimate sites—but some will invariably lead to a variety of scams and malware. This is true when celebrities die, when disaster strikes and you can expect the same when Catherine says “I do” to William.

If you’re actively avoiding the wedding, you’ll avoid most of the risks. But for you royal watchers out there, here are a few tips for avoiding digital wedding crashers.

1. Follow the official site, Twitter, Facebook, Flickr and YouTube pages.

• http://www.officialroyalwedding2011.org/
• http://twitter.com/clarencehouse
• https://www.facebook.com/TheBritishMonarchy
• http://www.flickr.com/photos/britishmonarchy/
• http://www.youtube.com/user/TheRoyalChannel

These official sources are going your safest sources of information. Of course, users can post links in the comments. So avoid links users post unless you trust the domain being linked or check the link with a resource like our free Browsing Protection.

2. Search for Royal Wedding news using Google and Bing’s News Filters.
Google has recently changed its algorithm to deliver safer, higher quality results. However, during breaking news rogue sites use the dark arts of search engine optimization to zoom up search results. This doesn’t happen, however, in Google and Bing’s news sites. Why? The news sites listed there have all been vetted and verified. Click on news, if it is available in your area, and click without worry.

3. Make sure your PC is patched and protected.
Every month, at least, Microsoft, Apple, Adobe and the world’s biggest software makers release updates to their products that plug security holes. These updates are often crucial for your online safety. However, checking for updates for every program on your PC can be time-consuming and confusing. Our Health Check makes the process easy. Give it a try to protect yourself from those bad clicks we all occasionally make.

Cheers,
Sandra

CC image by humberpike

Share this

Every year Americans celebrate the end of winter with a ritual called “March Madness”. 64 of the top college basketball teams from around country compete in a tournament to decide who will be the National Champion. It’s a smorgasbord for hoops fans and—for a little while—the games get in the way of work, school and, occasionally, breathing.

You have to admire the fairness of the system. Anyone in the tournament can win and no one can predict what’s going to happen.

Internet security has the unpredictability of March Madness without any of the fairness or fun. There’s just no simple way to look at all the threats out there to see which you should worry about most… until now. That’s why we’ve put together our own Sinister 16.  But don’t expect any good sportsmanship here. It’s just 16 of the most ruthless online threats facing off to decide which one is the master of digital chaos.

Fill out your bracket and check back in a few days to see the winner.

Share this

The first PC virus

1. Brain, 1986
More than a decade before anyone had ever heard of Napster, the first PC virus was designed to fight piracy. The author who came up with the word “cyber,” William Gibson called Brain “basically a wheel-clamp for PCs.”

Basit and Amjad Alvi created and marketed medical software in Lahore, Pakistan. They were interested in two things. First, they wanted to check the multi-tasking functionality in the new DOS operating system (so-called “TSR” systems). Secondly, they wanted to see if there are security vulnerabilities in DOS compared to other operating systems such as Unix.

When they realized that DOS was quite vulnerable, they had the idea to write a snippet of software that would monitor how the software and the floppy disks move around. Brain spread virally via 3 1/4-inch disks, and within weeks, the Alvi’s had to change their phone numbers.

25 years after the creation of first PC virus, in early 2011, F-Secure’s Mikko Hypponen went to Lahore, Pakistan to visit the address in the code. He found the Alvi brothers still there, running a successful business. The following video includes the first video interview Amjad and Farooq have given about Brain ever.

Some early fun

Most of the early viruses were variations of the same theme: “Gotcha!” Users knew they’d been infected because that was exactly the point. Like a digital pie in the face.

2. Stoned, 1987
Created by a high school student in New Zealand, Stoned was supposed to be harmless. It simply displayed the message “Your PC is now Stoned!” on your screen. However, as the first virus that infected a PC’s boot sector, Stoned established that viruses could control a computer’s function from the moment it turned on. Bob Dylan should be proud.

3. Form, 1990
Form became one of the most widespread viruses ever. On the 18^th of each month, it produced a clicking sound from the PC’s speaker whenever a key was pressed. Annoying, but harmless.

Other variations on this early innocent sort of “gotcha” virus included V-Sign, which displayed a V on your screen. The Walker virus showed an elderly man walking across your screen. Elvira scrolled text in the “A long time ago, in a galaxy far, far away” style a la Star Wars. And then there was Joshi. Every year, on the Joshi’s birthday, this eponymous virus displayed a birthday message. The machine refused to boot up until the user typed “Happy Birthday Joshi.”

4. Michelangelo, 1992
Michelangelo would override everything on a hard drive on specified dates. A variation of Stoned with much crueler intentions, Michelangelo was probably the first computer virus that made international news.

5. VCL, 1992
Virus Creation Laboratory made it easy to whip up a malicious little program by automating virus creation using a simple graphical interface.

Getting Destructive

Early MS-DOS and PC-DOS viruses did some damage to PCs, usually intentionally, but virus writers soon began to actively seek to wreak havoc by actively disabling computers.

6. Happy99, 1999
Happy99 was the first email virus. It greeted you with “Happy New Year 1999” and emailed itself to all  contacts in your address book. Like the very first PC viruses, Happy99 did not cause any real damage, though it did spread to millions of PCs around the world.

7. Monkey, 1993
A distant relative of Stoned, Monkey secretly integrated itself into data files and spread seamlessly. It was the early ancestor of a rootkit, a self-concealing program, and it prevented booting from a floppy disk. When it was removed improperly, Monkey prevented any sort of booting at all.

Upgrading to Windows

In the early 90s, viruses became macro viruses and took on Microsoft’s new OS, Windows. Written in the same languages as applications like Microsoft Word, macro viruses appeared in late 1995. In just three months, they became the most common virus type in the world.

8. Concept, 1995
The first virus that infected Microsoft Word files, Concept became one of the most common viruses in the world because it could infect any OS that could run Word. Share the file, share the virus.

9. Melissa, 1999
Allegedly named after a female exotic dancer familiar to the virus writer, Melissa combined a virus and an email virus. It infected a Word file then emailed itself to all contacts in the user’s address book and became the first virus to span the globe in only hours. Melissa combined the jokey motivations of the early virus writers with the destructiveness of the era. This virus inserted comments from “The Simpsons” into users’ documents. Not so bad. But Melissa could also send out confidential information without the users’ notice. D’oh!

Not long after Melissa, Microsoft virtually eliminated macro viruses by changing how its Visual Basic macro language works within Office applications.

Crashing the network

Before firewalls, computer worms generated huge amounts of network traffic, disrupting systems by pure volume. These worms generally did not affect individual users but they could rock the infrastructure of both private businesses and governments.

10. Code Red, 2001
The first worm that spread without requiring any user interaction at all and thus spread around the world in minutes, Code Red hid from detection and carried out various functions on a cycle. On Days 1-19, it spread itself. From the 20^th to the 27^th, it launched Denial of Service attacks on various addresses including the White House. And from the 28^th day till the end of the month, it rested.

10. Loveletter, 2000
The computer worm that broke millions of hearts, Loveletter is still one of the biggest outbreaks of all time. It spread via email attachment and overwrote many of the crucial files on the PCs it infected. This outbreak was an incredible successful attempt at social engineering. Using the promise of love, it convinced millions to open the attachment, causing an estimated $5.5 billion in damage worldwide. Guess there are a lot of people out there looking for a little love.

12. Slammer, 2003
Network worms require just a few lines of code and vulnerability to spark real world trouble. Slammer took down Bank of America’s ATM network and 911 services in Seattle. Even the air traffic control system was not immune.

13. Sobig, 2003
Sobig was a quick improvement on Fizzer (see below). Some versions waited for a couple of days after infecting a machine before turning affected machines into e-mail proxy servers. The result? Massive spam. AOL alone reported stopping more than 20 million infected messages on one day.

14. Mydoom, 2004
Mydoom spread over email and the Kazaa Peer-to-Peer (P2P) network. It set new records but was old school in the sense that the motive wasn’t monetary. Mydoom executed Distributed Denial-of-Service attack on one particular website and opened a backdoor on infected computers, which left the machine open to remote access.

15. Sasser, 2004
Sasser came in through a vulnerable network ports and slowed or crashed networks from Australia to Hong Kong to the UK.

Money. Money. Money.

In the last decade, the motive for virus writing has become obvious: Money. The technology still tends to be variations on a theme, but modern virus writers utilize advanced user psychology and social engineering to draw users into traps that they’d probably been warned about several times.

16. Fizzer, 2003
Fizzer was the first virus designed to make money. It arrived as an infected attachment. Once opened, it took over infected computers and forced them to send spam.

Ever-evolving threats

As the real-world impact of viruses was felt in the early 90s, business, government, software makers and the Internet security industry put fires out and collaborated to minimize threats. Virus writers, too, evolved to avoid detection, creating advanced malware that could even be programmed to be patient.

17. Cabir, 2003
The first mobile phone virus in history, Cabir targeted Nokia smartphones running the Symbian operating system. It was spread via Bluetooth and proved that whatever shape PCs evolve into, they will be targeted.

18. SDBot, 2003
SDBot was a Trojan horse that bypassed normal security to secretly control a computer. It created a backdoor that allowed the user to do several things including sniff for passwords and the reg codes of games like Half-Life and Need for Speed 2.

19. Haxdoor, 2005
Haxdoor was another Trojan horse that sniffed for passwords and other private data. Later variants had rootkit capabilities. Even Brain used techniques to cloak itself, but Haxdoor employed far more sophisticated methods. A modern rootkit can turn a computer into a zombie computer that can be controlled without the user’s knowledge, sometimes for years.

20. Sony BMI, 2005
In 2005, one of the biggest record companies in the world had the same idea that the Alvi brothers had in 1986: Use a virus to prevent piracy. On its audio CDs, it included a music player program and a rootkit that controlled how the owner could access the audio tracks. The result was a media firestorm and a class-action lawsuit that ended with Sony offering users money and free downloads.

Cyber Sabotage

Computer viruses have had real world effects for decades, but in 2010 a computer virus may have changed the course of history.

In November of 2010, Iranian President Mahmoud Ahmadinejad confirmed that a cyber attack had indeed caused problems with their nuclear centrifuges. And in January of 2011, Russia’s ambassador to NATO said that Stuxnet could cause a “new Chernobyl.”

21. Stuxnet, 2010
An unusually large Windows worm—about a 1000% larger than the typical computer worm, Stuxnet most likely spread through USB device. It infects a system, hides itself with a rootkit and sees if the infected computer is connected to a Siemens Simatic factory system. If the worm finds a connection, it then changes the commands sent from the Windows computer to the PLC Programmable Logic Controllers, i.e., the boxes that actually control the machinery. Once running on the PLC, it looks for a specific factory environment. If this is not found, it does nothing.

F-Secure Labs estimates that it would take more than 10 man-years of work to complete Stuxnet. This complexity and the fact that it could be used to impair the ability of a centrifuge to enrich uranium while providing no monetary gain suggest that Stuxnet was probably developed by a government—though which government is unclear.

22. Storm Worm, 2007
Machiavelli said it’s better to be feared than loved. Seven years after Loveletter, Storm Worm capitalized on our collective fear of bad weather and first spread generally via an email message with the subject line “230 dead as storm batters Europe.” Once the attachment was open, a Trojan backdoor and a rootkit forced the PC to join a botnet. Botnets are armies of zombie computers that can be used to, among other thing, send out tons of spam. And this one sucked in ten million computers.

23. Mebroot, 2008
Mebroot was a rootkit built to hide from the rootkit detectors that quickly became part of many Internet security suites. It is so advanced that if it crashes a PC, Mebroot will send a diagnostic report to the virus writer.

24. Conficker, 2008
Conficker quickly took millions of computers all over the globe. It exploits both flaws along with Windows and weak passwords along with several advanced techniques. Once a system is infected, further malware can be installed and the user is even prevented from visiting the website of most Internet security vendors. More than two years after it was first spotted, more computers are infected by the worm every day. F-Secure’s Chief Research Office Mikko Hypponen has said that in many ways Conficker is still “a great mystery.”

25. 3D Anti Terrorist
This trojanized “game” targets Windows Mobile phones and was spread via freeware sites. Once installed, it starts making calls to expensive numbers leaving you with large charges. This strategy of hijacking a mobile app or cloaking a malicious app is still new, but it’s likely to one of the main ways the virus writers will attack mobile devices.

Where are we 25 years after Brain?

In 2011, a PC running an updated version of Windows 7 is quite secure, especially when running updated security software. Now that we know more about viruses, we know how to fight them, and ideally prevent them. So, hopefully, in 25 years viruses will have gone the way of macro viruses and we won’t have to make a new list.

Cheers,

Sandra

Share this

Here are a few intriguing facts about the first PC virus:

1. The gentlemen who wrote the virus—Amjad Farooq Alvi and Basit Farooq Alvi—included their name, address and phone number in the code. Before long, of course, they had to change that phone number.
2. The name of the virus—Brain—is also the name of a successful telecommunication business that the brothers still run in Lahore, Pakistan.
3. The virus could only be spread via 5 ¼-inch floppy disks and still managed to be reach around the globe in a matter of weeks.
4. The first PC virus was also the first rootkit, a program designed to conceal itself.
5. The brothers designed Brain to test the multi-tasking functionality in the new DOS operating system.

What was the most interesting thing you learned from Mikko’s trip to Pakistan? Let us know in the comments.

Share this

Now that took the quiz know how much smarter you are than John, here’s a quick review of why you shouldn’t do anything John does online.

1. Use unique, strong passwords for all of your important accounts.
John uses the same password for every account. That means if a hacker gets a hold of John’s Twitter password, that hacker would have access to every account John uses at work or at home. Creating and remembering unique, strong passwords is a must for your most important accounts. This system for creating and remembering strong passwords makes it easy.

2. Keep your computer’s software patched and protected.
You probably know which operating system you’re running. John doesn’t. He thinks it’s the one with the “windows.” A PC or a Mac running the latest versions of Windows 7 or OS X is probably as safe as any PC since the birth of the virus. However, if your OS and your applications aren’t patched you may be vulnerable to the kind of attacks John has to deal with on a daily if not hourly basis. Checking all of your applications for updates on a regular basis can be time-consuming. Our free Health Check makes it easy.

3. Realize that you’re vulnerable when you’re on an open Wi-Fi network.
When you use an open Wi-Fi network, the data you enter is only encrypted on secure pages, which start with https. Banks and credit card companies encrypt their sites however not all web email is encrypted. If you’ve ever emailed passwords or personal information, it could be accessible to a hacker. On an unsecured Wi-Fi network, you could get sidejacked by someone using a tool like Firesheep. Using the tracking data in your browser, a hacker can easily pretend she or he is you.

If you have to check your email or get on a social network and you only have open Wi-Fi, make sure you are using a secured session.

How to Secure Sessions

VPN
A virtual personal network is the best way to defend yourself from any snoopers. Most large companies insist on their employees using a VPN while doing any business over a wireless network. That’s a strategy John would never follow, but you should, especially if you make purchases or work with confidential information while on public Wi-Fi. Here are some strong VPN options for you to consider.

HTTPS Everywhere

If you use Firefox, you can use HTTPS Everywhere by The Tor Project and the Electronic Frontier Foundation, which will encrypt your communications on several major websites.

Twitter
You can secure any Twitter session by typing in an “s” after the http in the browser bar. If you click here, you’ll go to https://twitter.com and session will remain secure until you log out.

Facebook
This feature is still being rolled out to some users. And it is not entirely secure.

You can activate secured browsing by logging in. Then go to Account> Account Settings> Under “Account Security”, check the box for “Browse Facebook on a secure connection (https) whenever possible”.

PLEASE NOTE: If you use an app, any Facebook app, you’ll get this warning:

PLEASE NOTE: If you use an app, any Facebook app, you’ll get a warning that you are now entering unsecured browsing.

If you continue on to unsecured browsing, your session is not unsecured and you are now vulnerable to a sidejacking attack. You will have to return to the same setting when you are done with the app to enable secured browsing again.

John was recently sidejacked by a friend who posted a hilarious Photoshop of John in the bathtub. Too bad it happened on a day when the HR department of a company that was about to hire John checked out his profile.

Gmail
Login and go to the “Options” wheel in the uppermost right corner.

Select “Mail settings”.

Under “Browser connection”, select “Always use https”.

Hotmail

Go to https://account.live.com/ManageSSL and login if you have to.

Select “Use HTTPS automatically (please see the note above)”. And check out the note for the exceptions, of course.

4. Check to make sure a site is legitimate and secure before you make a purchase.
John will buy anything from any site. He bought his Snuggie from a website that had more pop-ups than the old AOL. Don’t be like John. Stick to online stores with good reputations. When you try out a new retailer, do a quick search for customer feedback. If you are still unsure, save yourself the trouble and money. Even if you trust a site, always check the URL of the page for two things before submitting your credit card number: 1) Is it a secured https page that will encrypt your information? 2) Am I really on the site I meant to be on? Try to use one credit card for all your online shopping and check the activity on that account often. Check out these safe shopping tips.

5. Don’t be afraid to reject or ignore a Facebook friend request.
On Facebook, wrong click and you could end up spamming your friends with something that will definitely waste their time and possibly your money. The best way to avoid becoming a victim or perpetrator of spam is to eliminate spam from your news feed. This requires you only friending people who are careful where they click. John, of course, lets spammers go on spamming as he adds more and more friends. You, however, should be careful who you add. If a friend shares some spam, inform them in a friendly way that they may have made a mistake. If it keeps happening, unfriend her or him.

Something else to remember: If you wouldn’t tell someone in person that you’re going to be out of town, don’t use Facebook to do so. If your Privacy Settings are set to “Friends of Friends”, you could be sharing your travel plans with thousands of people when you post them on Facebook. Before you post anything, ask yourself, “Would I be okay if all the friends of my friends’ friends knew this?” If your friends are anything like the average Facebook user, you could be thinking about more than a million people. (The average Facebook user has 120 friends. 120 X 120 X 120 = 1,728,000 friends you could be sharing with.)

6. Never use a password that is in the dictionary or could be guessed by a friend.
We’re back to passwords again because they can tend to be a weak link in many users’ security. And this weak link can be easily strengthened. The number of people who use “password” or their first name to secure their accounts is mind-blowing. Even John wouldn’t be that silly. It’s just as silly to use any word in the dictionary. Why? Because when a hacker uses a program to figure out your password, what do you think it tries first? Your passwords have to be unique and complex. They should also not be anything that could be guessed by a friend. If someone you know can guess your password, a stranger might be able to do the same thing by studying your Facebook profile.

7. Keep an eye out for Phishing Scams, even when you’re on your phone.
A Phishing Scam is a sneaky attempt to get you to turn over your financial data to criminals. That’s right crooks have found that Internet users, like John, will occasionally just hand over the account information needed to commit credit card fraud. All they do have to do is pretend to be a trustworthy site with official looking graphics and people fill in the forms and click submit. The best way to avoid Phishing scams is to check the URL of the webpage you are on to make certain it is on the domain of the bank or institution you think it is. Also, be skeptical of any email that contacts you asking you to change your password. If you’re ever in doubt, contact the institution directly. All of your accounts have values to a scammer, so keep in mind that you can even be phished for your Facebook account—and even when you’re on your phone. That’s why our Mobile Security blocks such scams.

8. Password protect your Wi-Fi network.
There’s plenty of good reasons to secure your home Wi-Fi network. You don’t want your neighbors to have access to private info. You don’t want strangers to slow down the connection you’re paying for. You don’t want people to use your connection to take part in illegal activities. The only reason to leave it open is if you want to give someone like John access to your digital life. Here’s how to set up a security key for your wireless network.

9. Don’t open strange email attachments (without scanning them).
The first computer security rule you probably learned was “Don’t open email attachments from strangers.” This is still true—even though John forgot it long ago. In fact, targeted attacks that use social engineering and profile their victims are becoming more advanced all the time. You should still refuse to open any attachment that you were not expecting. If you feel you must open an attachment, download it to you PC and scan it with your Internet security software first.  Here’s more on how to deal with email attachments.

10. Don’t expect anyone else to protect your privacy.
Do you blame your telephone when you use it to tell someone something you shouldn’t? Then you can’t only blame Facebook when you post information that may cause you trouble. Even when you use the privacy settings correctly and keep your account under control, your information is only as secure as the people you share it with. If you need to share any information that could cause you trouble at work or could be used to answer your security questions, use private messages, email or even that old-fashion marvel the telephone. And never, under any circumstances, shout your password in public through a megaphone. John still hasn’t learned that one yet.

Which of these tips is most important? Which is John least likely to follow? Let us know in the comments.

Cheers,

Sandra



Share this

Installing an infected program

Zimry, a Malware Analyst in F-Secure’s Kuala Lumpur Labs, was recently doing some analysis on malware designed to infect Android phones. During the analysis, he ran some malicious samples on a smartphone installed with F-Secure Mobile Security to make sure the phone would be protected.

Since Safe and Savvy has writing about mobile security, we thought we’d use this sample to show you our Mobile Security in action.

The test samples used were related to the new Android trojan, which seems to be targeted towards users in mainland China and are being distributed on free file-sharing networks there. The samples were trojanized programs – that is, an attacker took legitimate programs, inserted their own malicious code and recompiled the program to create malware. The samples we’ve seen so far came from a third-party application provider in China. Most of the programs are advertised as offering wallpaper for phones.

At right (above) is an example of an infected program being installed on the test phone. During the installation process, the file is scanned by Mobile Security – and it is detected as infected.

Scanning results

Some users don’t have Mobile Security set to automatically scan files at installation. In which case, the infection is only discovered when the phone is manually scanned. After a manual scan, the user would see a notification like the one at left, informing them that the programs are infected.

As you can see, Mobile Security detects the infected files as two trojans, from two separate families:

• Trojan:Android/Adrd.A
• Trojan:Android/Geinimi.A

Adrd trojans behave as straight-forward (but still nasty) Trojan-Clickers, whereas trojans from the Geinimi family, are more sophisticated, almost powerful enough to be classed as Backdoor programs.

Another feature Zimry tested was Browsing Protection. He tried browsing a website known to be a phishing site. On an unprotected mobile browser (i.e., no antivirus installed), he managed to get to the actual phishing screen with no warning:

Phishing site

On the test phone however, since he had Browsing Protection enabled, what he saw was this:

Warning

Since harmful sites like this may also be hosting trojans, Browsing Protection would also be a good precautionary measure against unintentionally coming across and downloading such malware.

So it’s nice to know Mobile Security works at three key points – potential download, during installation and on scanning.

Are you using our Mobile Security? You can still try out it out for free.  We’d appreaciate your feedback. All pertinent comments/suggestions/constructive criticisms will be passed to the development team to improve our protection.

Thanks,

Alia

Share this

The key element of privacy is choice. You don’t want to share your location, for instance, with strangers so you don’t do it.

Or do you?

A picture used to be worth a thousand words. But that was before metadata. Now, in some ways, a picture can read your mind— or at least find you on a Google Map. When  the digital camera on most smartphones takes a picture, an EXIF (Exchangable Image File) is automatically created. EXIF files include a lot of data that can be very useful to analyze and track photos. It may also include the exact location where a photo was taken.

That means that if share your photo on Twitter on Facebook, you could be sharing your location—possibly with the whole world. Go to ICanStalkYou.com and you’ll see thousands examples of people sharing their location, often without even realizing it.

If you aren’t a celebrity or living in a region where kidnapping is prevalent or being stalked by an ex, you might fine with people knowing where you are. But the key to privacy is choice. Do you want to strangers to know where you are? If the answer is no, you need to turn off geotagging on your phone.

ICanStalkYou.com explains how to shut geotagging off now. And Lifehacker offers instruction on how to remove the information from the photos you’ve already taken.

If you take control of your location privacy, you won’t have to think twice next time someone says, “See you around.”

For more on this subject, check out: “Can I Stalk You? An Intro to Location-Based Service Security“

Cheers,
Jason

CC image created by daniellehelm

Share this

February 8^th is Safer Internet Day. This annual event promotes safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world. Internet safety is not a game. Do you know how to talk to your kids about online safety?

What’s special to us about this Safer Internet Day is that it comes almost exactly 25 years since the first computer virus emerged into the wild. From 1986 to 2011, the digital world–and the threats we face–have evolved with the speed of Moore’s law.

Think about the way the technology evolved since 1986 when a virus could only be spread by physically putting a 5.25-inch floppy disk into a PC that weighed as much a very healthy turkey. Today, the tiny computer/ smartphone you carry in your pocket is exponentially more powerful than those first PCs. Remember crossing your fingers as you tried to connect to the Internet through a modem? Today we go online wirelessly from almost anywhere, even at 30,000 feet in the air.

So, what do you think the next 25 years will bring? How will we use the Internet in 2036?

We’re inviting you to share your predictions for a chance to win an HP Pavilion dm1z series laptop protected by F-Secure Internet Security, AV-Comparatives Product of the Year for 2010. And you can enter to win up to three times.

Entry #1: In the comments of this post, answer the question: What do you think Internet will be like in 25 years? You can focus on the hardware or security or gaming or video any aspect of digital life in the future that interests you.

Entry #2: Make a video of your answer to the question “What do you think Internet will be like in 25 years?” Post the video on YouTube or any video sharing site then  link to your video in an ADDITIONAL comment on this post. (We’ll be featuring some of these videos. If we use yours, we’ll give you a 1-year license to F-Secure Internet Security.)

Entry #3: Change your Facebook or Twitter profile image to a picture from 1986 (or as close as you can get) to commemorate Internet Safety and the anniversary of Brain. If you’re younger than 25, you can use a picture of your parents from 1986. Then let us know you did posting an ADDITIONAL comment on this post. You can link your profile or just post the words “Changed my profile picture.”

Read the rules and enter up to three times now. We can’t wait to hear what you have to say.

Cheers,

Sandra

Share this

Here’s  Andreas Clementi, CEO of AV-Comparatives, presenting the award to Mika Stahlberg, VP F-Secure Labs.

You might wonder: what does AV-Comparatives look for when naming its product of the year?

“To be rated ‘Product of the Year’ by AV-Comparatives, an anti-virus program must have very high detection rates of malware, high proactive detection, produce very few false positives, scan fast and reliably with low system impact, protect the system against malware/websites with malicious software without relying significantly on user decisions/interactions, cause no crashes or hangs, and have no annoying bugs.”

Basically, the Product of the Year needs to protect you and your PC nearly flawlessly without bothering you. That has always been our goal, and it’s simply awesome to see that AV-Comparatives recognizes that we’re achieving it.

This incredible honor tops off a great 2010 for F-Secure that included seven Advanced+ scores – the highest possible scores in AV-Comparatives’ tests that measure the protection and performance of the major  antivirus products on the market. F-Secure Internet Security 2011 also won the Gold Awards for the Whole-Product Dynamic Protection and the lowest rate of false positives overall.

And just last week we found out that F-Secure Internet Security received the highest score AV-Test.org’s latest test of the major AV products running on Windows Vista.

We’ve been humbled by these honors but we will not rest on them. In 2011, we look forward to improving our products even more. Because when it comes to protecting your irreplaceable content, information and relationships, excellence is the only option.

Thank you for your continuing support.

Cheers,

Sandra

Share this

Don’t worry. Skynet and its slave army of computers will be taking over in the next eleven months. Computer security is constantly improving and evolving to face new threats. We share these predictions in hopes of avoiding the worst. By keeping up with the evolving threats, you’ll know what you need to do to secure your digital life.

1. More attacks on older versions of Windows
With a PC that’s running an updated version of Windows 7 and Mac OSX, your computer security is pretty strong. “However that’s not what the world is running,” says Mikko Hypponen, Chief Research Officer at F-Secure.

“The most common OS used by computers anywhere in the world right now is Windows XP. And the security level of Windows XP isn’t very good at all.” Updated software with patched vulnerabilities is crucial for security. In fact, the oil spill in the Gulf of Mexico could have been caused in part by the failure of computers that were still using Windows NT 4 from 1996.

You can make sure your PC is patched and protected with our free Health Check.

2. Copycat attacks based on Stuxnet
Stuxnet may be the most significant malware development of the last decade. Just last week a Russian official said that he thought that Stuxnet is so dangerous that it could cause a new Chernobyl. “Stuxnet can attack factory systems and alter automation processes, therefore making cyber sabotage a reality by causing actual real-world damage,” says Mikko Hypponen.

Now that the proverbial cat is out of the bag, similar attacks can be engineered with less effort. “Unfortunately, it’s likely that we will see Stuxnet copycats in the future,” says Hyponnen. For more information on Stuxnet, visit the F-Secure Labs Blog.

3. More mobile malware targeting the Android platform and jailbroken iPhones.
Android apps do not go through an approval process like those required by the iPhone App Store or the Signed by Symbian programs.

In 2010, we saw Android apps that posed as games while spying on users, apps posed as banking apps with no official connection to the banks and apps that attempted to steal users banking credentials. In 2011, the assault on Android phones by individuals with an excellent understanding of mobile applications and social engineering will only get worse.

Jailbroken iPhones also present a unique opportunity for malware writers.

F-Secure does not recommend jailbreaking any device for any reason. The only iPhone worms we’ve seen so far only infected jailbroken devices and we expect that trend to continue or get worse in 2011.

“If a worm infect your iPhone, it could do anything you can do on your phone, and more. So it could destroy or steal all of your data. Track your location. Spam your friends. Listen to your phone calls. Dial the presidents of every country in the world. Anything. And you would pay for all the charges it would create, too,” says Hypponen.

4. Facebook spam goes global
Amidst news that global email spam levels have fallen suddenly, there has been explosion of spam on social networks. Spam has become so prevalent that many Facebook users in United States and the United Kingdom have begun to ignore it.

“What do you do when English speakers are increasing desensitized towards Facebook spam? Language localization,” says Hypponen.

F-Secure Labs has already seen Facebook spam runs localized into Finnish along with runs that were popular in Sweden and Malaysia. As Facebook increases its anti-spam efforts, expect to see the spammers change their tactics and targets.

Cheers,

Sandra

CC image by Kenny Louie

Share this

The 650 million people on Facebook suggest that most of us are getting over—or want to get over—that fear of communicating (or at least sharing pictures) in public. In just a few years, Twitter, YouTube and Facebook have given billions of people the chance to connect to an audience they would never had access to before.

But now that you’re becoming comfortable in public, you may begin to wonder: Am I revealing too much? In a world with the NSA, TMZ and Wikileaks, do I have any privacy? Is it possible to be a public person and still protect my information from being misused?

Friday January 28 is Data Privacy Day 2011, an international celebration of the dignity of the individual represented through personal information. Protecting your irreplaceable data is our mission and we take this mission very seriously. (Here is F-Secure’s Privacy Policy.)

The risks

The more visible, attractive or rich you are, the more you’re a target for the haters, the stalkers and online criminals of the 21st century. Heck, if you have a credit card, you’re a target for both the online criminals and unscrupulous marketers of the world.

Sharing personal information in an age where data can travel faster than lightning requires a 21st century view of data privacy. Some think it’s vain to worry about privacy. But don’t think about your ego, think about social engineering.

Wiktionary describes social engineering as “The practice of tricking a user into giving, or giving access to, sensitive information, thereby bypassing most or all protection.” Criminals have discovered that human error is the easiest vulnerability to exploit. If you’re not careful, your private data (or even public data) can be used to fool you into making mistakes that even your award-winning Internet Security can’t prevent.

Ignorance may be bliss, but it’s not an excuse. Once your private data is stolen, you’ll have to deal with the consequences. The good news is that you can do a lot to make your data more secure

My nephew once told me, “Facebook is so easy that even old people can use it.” And by old people, he meant me.

I agree with my nephew. Most people who use social media don’t suffer significant negative consequences for doing so—or there wouldn’t be millions of new people trying it every day. Stories of people being fired or arrested for what they’ve done on Facebook are rare. But they get lots of attention because Facebook is the superstar everyone knows.

Only a small percentage of those on social media fall victim to the worst of identity theft, malware or scams. And that’s still too many people suffering needlessly—especially because most of these scourges are avoidable.

The lessons

If you learned to manage the benefits and risks of email, you can do the same for social media. Here a few things you can do to help keep your private data private.

1. Decide why you’re social networking.
For some, social networking is an extension of your private life. You mostly interact with people you know or would like to know in the real world. The main topics of conversation are personal. Even when you delve into entertainment or politics or sports, it’s about sharing opinions to have fun and connect. Intimacy is the goal so private things are often shared nonchalantly. For instance, you might reveal what you did on a day when you played hooky from school or work.

For others, social networking is like interacting at a conference. You’re seeking out people in your industry or whom you admire. Conversation is like a cocktail party—being interesting and on-topic matters. When you talk about entertainment or politics or sports, it’s a way to network and establish trust. You want people to feel like they know you, but getting too personal too fast raises red flags. For instance, you may reveal what you did on your vacation but only in a way that you wouldn’t mind your boss reading.

For a growing number of people, social network is a chance to build a little fame or fortune. You’re looking for an audience who trusts and enjoys you to the point you might even sell them things. You converse with fellow influencers and friends but you also broadcast for a targeted or general audience. When you talk about entertainment or politics or sports, you’re entertaining or engaging an audience while establishing expertise. You may share extremely private details or never talk about your personal life. Either way, you’re establishing a persona that’s relatable to the audience you’re trying to attract. For instance, you may reveal a joke a well-known person shared with you.

By the time you’re out of college for a few years, most people have tried out some variation of each of these approaches to social media. And your approach definitely affects your data security.

The rule is: the bigger the audience you seek, the more you have to think about the information you share.

All of us have to protect our ID, account and phone numbers, our address and our Mother’s maiden name. But if you’re an aspiring Disney star or class president, you have to think about which pictures you take—since you know they’ll all be posted eventually. And George Clooney probably shouldn’t use Foursquare to share his location unless he wants to spend his day shaking hands or filing restraining orders.

We all need to be cautious about sharing details that can be used to scam us. If you achieve, or accidentally achieve, fame, your privacy will become even more precious. So if you want to be internet famous, you need to be savvy about which information you share online—or you’ll have to hire people who are.

2. Secure your systems
Don’t use the default password for your voicemail or anything. Use strong, unique passwords for all your accounts. Don’t use work email addresses or passwords for social accounts. Put security software on your PC and your mobile device, if possible. Password protect your Wi-Fi networks. Turn on secure browsing on Facebook. Put a remote lock on your mobile phone. Always lock your PC and mobile devices when you aren’t using them. Keep your system and application software updated. (Our free Health Check makes that easy.) Turn off GPS on your phone and pictures if you don’t want strangers to know your location.

3. Choose services you trust
Any store, service or site that has your data, should have a privacy policy. A key feature of a good privacy policy is that your data will not be shared or sold. By 2011, most reputable online businesses have privacy policies that make that basic promise. But in addition to privacy also have to trust that any organization you trust with your data had security that won’t be compromised. Quality can have a price. If privacy is more important to you than cost, you can buy dedicated email services that won’t serve you ads. Regardless if they charge or not, you should only use reputable online services you trust. Before you enter any data into any website, think, “Do I trust this organization?” If there’s any doubt, ask others what they think.

4. On a social network, your information could be shared with everyone– no matter what your privacy settings are.
Twitter is simple. There are two privacy settings: everyone or “Protect my tweets”. But even if you go with the protected option, your approved followers can still retweet your information to everyone. Facebook’s privacy settings are much more complex. They’re so complex that it almost feels like you should get college credits for really using them. Going with “Friends Only” is a good start, then you have to decide if you want your page on Google (if you don’t want your Facebook page to show up on Google, go to Account > Privacy Settings > Apps and Websites: Edit your settings > Public Search: Edit Settings > Uncheck Enable public search)  and if you want to automatically share your information with other websites.

The safest rule is: get your settings right and still assume that what you post could go public so only share information you wouldn’t mind a future boss (or fan) seeing. NEVER share information that could be used to crack your passwords. Also keep in mind that the information you’re sharing that could be used by identity thieves and social engineers.

5. Be available or don’t
There is a difference between following and friending people. You can follow a lot of people but our brains can only handle around 130 friends. Rejecting or ignoring friend requests can be emotionally difficult, but your privacy is more important than others’ feelings. I say follow anyone on Twitter but on Facebook I’d recommend only befriending people you know or trust. And realize that the person is your friend, not their links. If anyone begins to spam you, let them know the problem. If they keep spamming, unfriend them. If anyone harasses you at all, block their communication. If you’re threatened, contact law enforcement.

You have the right to keep your private data secure while living your digital life to the fullest. All you have to do is respect your own data privacy and do your best to make sure that the people and businesses you interact with do the same.

Cheers,
Jason

CC image by Sudhamshu Hebbar

Share this

They’re 5.25-inch floppy disks. And if you’re under twenty-five years old, you’ve probably never used one as anything other than a coaster for a drink.

But back in the 1980s, these beauties were the state of the art. The forerunner of 3.5-inch disks and CD-ROMS, floppy disks usually held less than one megabyte of data, which meant you could get carpal tunnel taking disks in and out. In fact, if you were going to install Windows 7 using 5.25 inch disks, you’d need 2,084 of them.

In January of 1986—exactly 25 years ago—the first ever PC virus ended up on one of these disks. The virus was called Brain and it was created by “Basit and Amjad” in Lahore, Pakistan. Of course in 1986, there was no public Internet, writing viruses was legal and only science fiction writers and IT experts were worried about the threat of self-replicating computer programs.

Did Basit and Amjad have any idea what kind of phenomenon they were sparking?

F-Secure’s Chief Research Officer Mikko Hypponen has decided to travel to Pakistan to interview the creators of Brain. He’ll find out what they’re doing now and how they feel about the development of computer viruses over the last 25 years. And he’ll be documenting his trip on film and through his Twitter account.

We’d love for you to participate in this adventure. Do you have a question you’d like to ask the creators of Brain? Post it here. Mikko will be taking the best ones with him.

You can also expect lots more information about Brain and 25 years of PC viruses over the next month. We’ll be looking back on the digital world that Brain helped created and forward to a more secure future. And we hope you’ll join us.

Cheers,

Sandra

Share this

(Note: This article is for busy Internet users who are looking for information on how to protect their PCs and their families from malware. For more about the technical side of malware, read Alia’s excellent series “A quick & dirty guide to malware”.)

What is the threat?

The first malware typically vandalized PCs and destroyed files. But since the early 2000s, the primary motive for malware creation has been profit. Online criminals are after your banking information or your credit card numbers or your computer’s processing power. In the worst case scenario, they may even be after private information that could be used to extort you or harm your business. And these sorts of attacks generally have both financial and psychological costs.

The true costs of malware can include your data, your content, your time, your effort and your heartache.

Want a few examples of malware mayhem? Spyware tracks you for advertising purposes and slows down your computer doing so. Keyloggers monitors your every keystroke in an effort to steal your credit card information. Scareware imitates anti-virus software in an attempt to extort a quick payment from you. Ransomware takes your files and demand a ransom in return. Rootkits can turn you PC into a zombie computer and use it to send out email spam or to host illegal materials or to join in attacks on websites. There’s even a malware that exists just to create a fake login page for your bank’s website to steal your account information.

How does malware end up on your PC?

Generally you end up with malware because you installed it. And whether you installed it or not, malware can only work if the program runs without being shut down or deleted.

Malware works like most scams — it requires some conscious or unconscious help from its victims. Thus online criminals have to know more than computer coding. They have to know what mistakes users are likely to make so they trick people who have probably NEVER fallen for a scam in their real lives. And the best criminals can convince even cautious users to make one wrong click.

How do you end up downloading and installing malware? Sometimes malware gets packaged in with more legitimate software. Sometimes simply clicking on a fake error message can trigger a drive-by malware download. And you’re certainly aware of the classic method of disguising malware in an email attachment.

You put yourself at risk when you’re downloading from a disreputable source or a peer-to-peer network of strangers. Seeking out “free” stuff on the Internet can cost you time and money. And this is especially true if you’re browsing and downloading without proper protection.

How to protect yourself from malware

1. Make sure your PC is updated and secure
I hope you’re reading this sitting down because I have quite shocking news for you: the software on your PC isn’t perfect. It may contain exploits or security holes that make it possible for your machine to be infected easily. Software companies know their programs are not perfect. That’s why they release updates. Microsoft, Apple and Adobe all release dozens of updates every year. You need to make sure you have these updates on your applications running or you’re increasing your risk of infection. Our free Health Check software is a quick and easy way to make sure your PC is protected.

Of course, we also recommend always running updated Internet security that includes anti-virus, spyware and firewall. Browsing Protection is another layer of security that can keep you from clicking on the wrong links. If you don’t have Browsing Protection, you can use ours. Check any link for free.

2. Be very skeptical of random pop-up windows, error messages and attachments
Modern browsers have reduced the burden of pop-up windows. But they do still exist. Most pop-ups are far more annoying than harmful. But you might think of pop-ups like broken windows into a neighborhood you were walking through at night. It’s a sign that you should be on guard.

Avoid clicking on any pop-ups that imitate your Windows error messages or error messages that come up when you try to close out of a page. (Force quit out of the program, if necessary.) If any software begins to install itself, close out immediately and run a scan of your Internet security software. You can also use our Online Scanner for free.

Avoid opening attachments at all unless you were expecting them and they come from a source you trust. If you can’t verify the source or feel anxious about a particular attachment yet have to open it, you can download it to your hard drive and have your updated Internet security scan the file before you open it.

3. Remove spam from your life
If you get a piece of spam, let your mail software know. Identify it as spam. You could also unsubscribe but unsubscribe link have been used on rare occasions to trigger a malware attack. Better to let your software handle it. If you have a friend on Facebook who spreads spam or bad apps, let them know. And if they continue spreading spam, unfriend them. You are responsible for your social network. Refuse to associate with those people who are not responsible for theirs.

4. Think thrice before installing any new software
Installing software should never be an impulse decision. Some people say think twice before downloading any software from a source you do not trust 100%. I say think three time.

At the very least, Google the name of a product you want to install. If you’re at all uncertain about whether to click download, consult with a tech savvier friend or your company’s IT guy.

When you install software, you could invite in a nasty predator that won’t leave until it’s done some serious damage. So think about installing software with a bit of the same sort of caution you use when deciding to let someone into your home.

5. Behave online as you would in real life
There’s an old saying in my family: “Don’t go licking the floors of a hospital.” What it means is: “Use your common sense.” You have a natural sensor in your brain that tells you when something feels dicey or unsafe. Trust your gut.

With the right software running and a willingness to step back when you feel uncertainty, you keep your PC and your life malware free.

Cheers,
Jason

CC image by Anonymous9000

Share this

Of course, we all all want to do more healthy stuff, quit smoking, go to bed earlier, avoid stress, bike more and drive less. But what about your digital life? We spend so much time in front of our computers, that we have to be smart about it.

So here are my digital resolutions to make 2011 safer, savvier and a little more fun. Feel free to borrow any or all of them.

1. Use and remember strong passwords.
2. Wondering why the Manolo Blahniks are that so cheap on that website? It could be a scam. Look twice before buying something online. Is the shop trustworthy? Has the shop gotten good ratings? Is the site secure?
3. Clean up your online friends. Only be friends with people you know and unfriend anyone who constantly sends you Farmville requests.
4. Log out from any online accounts when not using them–and always lock your screen (and your phone). Don’t make it easy to accidentally send an email about your hangover to the whole company.
5. Don’t do any online banking on public Internet terminals—even if the landlord is waiting for your rent.
6. Let your credit card company know if you’re traveling abroad.
7. Don’t fall immediately in love with every new device Apple launches in 2011. It’s not necessary to have a complete collection of every iPod or iPhone generation…
8. Don’t write text messages or read emails while driving – not even at red lights.
9. Ski jumping on the Wii is for wimps. Do some real-world sports.
10. Watch some local news on TV – in real-time and not on the Internet or a DVR .
11. Start a social media diet: Limit the time you spend on social networks and meet up with friends in the real world more often – because it’s healthier

Cheers,

Sandra

CC image by Tsutomu Takasu

Share this

Someone once made the comment, “Most people, I think, don’t even know what a rootkit is, so why should they care about it?”

That was in in 2005, when rootkits were an unknown menace for most users. Nowadays, that isn’t quite the case any more, as the number of rootkit infections have exploded in the last few years and lead to more media coverage. In any case, you know a malware has reached evil superstar status when it warrants its own ‘For Dummies’ book.

In the beginning (as in the late 1980s), rootkits were standalone toolkits that allowed hackers to gain root, or administrative access to a computer system (hence the name). Today, the term is usually used to mean programs, codes or techniques that are used to hide malware on an computer.

I’m not going to dwell much on their history or workings (though if you’re interested, Alisa Shevchenko over on Securelist has an excellent article on rootkit history). Instead, I’m going to focus on one particular aspect of rootkits that’s been irritating the daylights out of our Support and Analyst folks recently – why are they so difficult to remove?

Why worry?

Personally, I find it more useful to think of rootkits as operating system controllers. Their entire purpose is to burrow deep into the operating system’s files and subroutines, latching onto and modifying specific processes to gain control over the system. The processes targeted will vary depending on the system and the rootkit in question, but the end result is the same – the rootkit is now in a position to direct the system’s actions for its own ends; it’s become the puppeteer to the computer’s marrionette.

How does the rootkit gain so much control?

A rootkit’s defining characteristic is that it has administrative access – its commands are accepted by the operating system as though they were its own. How this access is gained is another story – a separate trojan may exploit a vulnerability to gain access to a administrator account, or a worm might steal the necessary passwords, any number of things. However the access is gained, the end result is that the rootkit is installed with admin rights, and from there proceeds to do its dirty work.

Rootkits use their privileged access to control the operating system itself, mainly by intercepting and modifying the commands it sends to other programs and basic system activities. Slightly more technically, rootkits usually manipulate various application programming interfaces (APIs), or the subroutines used by the operating system to direct operations (at least, in Windows).

An important point to remember is that these APIs are a built-in features of the operating system. They may be undocumented, or rarely used – but commands made through them are perfectly legitimate, and recognized and treated as such. These APIs can involve and affect every activity performed on the computer, from the mundane (e.g., displaying a folder) to the most fundamental  (e.g., booting up).

There are various types of rootkits based on how deeply they can penetrate the operating system to control its most basic processes (if you want to get more technical,  Joanna Rutkowska has a good article), but in every case, the key idea is the same – commands sent by the operating system can be viewed and countermanded by the rootkit, if necessary; likewise, requests coming from other programs or system processes are checked and filtered by the rootkit before they reach the operating system.

Not like other malware

To illustrate why a rootkit’s manipulation of APIs is significant, let’s compare it to other malwares. When a trojan or virus infects a computer, its interactions with the operating system will usually fall into one of two strategies:

• Strategy 1: Uses the operating system’s standard procedures to run it
• Strategy 2: Exploits a vulnerability (a flaw or loophole) to execute malicious code

Note that strategy 1 involves the malware functioning just like any other program – its processes and files are visible, the instructions between operating system and program are ‘standard’, and so on. Strategy 2 usually involves some novel technique that forces the system to behave in an unintended manner – ‘breaking  the system’, if you like.

Rootkits on the other hand, doesn’t do either. Unlike trojans or viruses, the rootkit doesn’t behave like a separate program being run on top of the operating system; instead, the rootkit acts more like a driver, or one of the operating system’s own components, giving directions on how other programs should be handled. The rootkit also doesn’t exploit any vulnerabilities – it simply uses the operating system’s own features for its own ends.

The thing is, malwares that use Strategies 1 & 2 can be defeated with fairly standard countermeasures: for example, software vendors can release patches to close vulnerabilities, and users can uninstall malicious programs. Rootkits however don’t suffer either problem: there’s no vulnerability that can be patched, and because a rootkit’s first action is usually to hide itself, the rootkit can effectively prevent the user or the operating system from detecting its presence at all, let alone uninstalling it.

Why are rootkits so difficult to remove?

The highly technical reason for this is: you can’t remove a file you can’t find. Remember, the rootkit is in control. If the user starts looking through system folders for suspicious files, or starts an antivirus scan, a sophisticated rootkit can display a clean ‘image’ of the infected folder rather than the actual infected one, or move the infected file to another location for the duration of the scan; it can stop the antivirus from running, or force it to report false scan results; anything, really, to prevent detection.

Malware authors really want their creations stay installed and active on your computer, and they can use the rootkit to perform any number of actions to prevent their malwares – or the rootkit itself – from being detected. Some of the tricks they can use to get their way include:

• Renaming their files to match a legitimate system file
• Burying their processes and files deep within the driver and kernel
• Installing in such a way that they reinstall again if the computer is rebooted
• Actively altering its behavior while antiviruses are running to prevent detection
• Actively changing its own code to make it appear to be a new, unknown program
• Prevent AV/spyware removal programs from opening at all

Heck, about the only thing they don’t do is say they love you and will still respect you in the morning.

How does an AV detect and remove rootkits, then?

Antivirus programs have historically had a difficult time dealing with rootkits, precisely because of how they operate: by using the operating system itself to evade detection and prevent removal. In the case of simpler rootkits, it was possible to look for telltale signs – odd changes, missing or alter folders, etc, to determine a rootkit was present. With more sophisticated threats though, detection meant deactivating the rootkit entirely before it could start active evasion; because once it was active, detection and removal became well nigh impossible.

That status quo has changed somewhat in the last few years, as more antivirus vendors have developed the necessary tools to combat the threat. As rootkits themselves vary in complexity, detecting and removing them requires a multi-layered approach:

• First Line of Defense: Heuristic Scanning
  This preliminary defense can deal with the more obvious rootkits, those that make easy-to-spot changes or ham-fistedly modify normally untouched components. Most antivirus products nowadays include heuristic or behavior-based scanning, which examines each program to evaluate how potentially damaging its actions may be. If the rootkit (or the malware it’s hiding) is found, the AV may be able to find and remove them as usual.
• Second Line of Defense: Specific Malware Removal
  Even with heuristic scanning, standard scanning engines may not detect more sophisticated or devious rootkits.  At this point human ingenuity enters the picture, in the form of Malware Analysts, who analyse the threat and create specific removal scripts designed to find and remove a particular rootkit. These scripts are also called on to scan the computer, looking for specific threats to complement the more general, automated checks.
• Third Line of Defense: Offline Scanning
  Sometimes, a rootkit can compromise a computer so thoroughly that any detection program running on the infected system is hopelessly outfoxed by the wily rootkit. In that event, the safest bet is to perform offline scanning – shutting down the computer so that the rootkit can’t actively hide itself, then scanning the system using an antivirus program or rootkit detection tool that runs off a CD or USB drive.
• Fourth Line of Defense: Manual Removal
  As a last resort, some antivirus vendors will recommend specific manual removal procedures, which only apply for particular rootkits. Generally, this type of removal is considered quite advanced for an average user, and is best left to an IT technician or at least to someone more experienced. Some vendors also develop and publish removal utility programs, either for general or specific rootkit removal.

These detection and removal methods will probably catch most of the rootkits out there, but none of them are 100% certain. In some cases, the fastest, easiest and cheapest possible solution is to simply format and reinstall the entire operating system (assuming of course you have backups of your important files). Determining whether that applies in your case really depends on your personal evaluation of the costs and benefits though, so it’s hard to state any hard and fast rule about this.

Unfortunately, malware authors are ingenious at finding ways to get where they’re not wanted, and the highly complex, multi-layered nature of computing tilts the odds in their favour more than it does to ensuring computer security. Then again, to be fair, humans have lived in houses for thousands of years, and we still haven’t figured out how to totally prevent burglars from invading our homes, so you could probably also credit a natural human genius for finding ways to inconvenience their fellows.

More

If you’re still interested, here are few other articles with more details (some technical, others less so) about rootkits:

• R00tkit Analysis: What Is A Rootkit at OmniNerd
• Kernel Rootkits by Dino Dai Zovi from SANS Institute InfoSec Reading Room
• Rootkits vs. Stealth by Design Malware (PDF) by Joanna Rutkowska, presented at the 2006 BlackHat Conference Europe

Also partially available in Google Books:

• Rootkits for Dummies By Larry Stevenson, Nancy Altholz
• The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System By Bill Blunden
• Rootkits: Subverting the Windows Kernel By Greg Hoglund, James Butler

Share this

Cyber Monday sparks the beginning of the holiday online shopping season. Since 2005, the Monday after Black Friday in the United States has become recognized as the day when the most people shop online. And this is no secret to cybercriminals who continue to target overeager shoppers.

Every year the most desired gifts become lures criminals use to trick us into scams and malware. That’s why a couple of weeks ago we asked you which gifts you believe will be most popular this year.

Here are the gifts you said will be most popular/dangerous this year:

1. Kinect for Xbox 360
2. Apple iPad and iPod
3. PlayStation 3

Be extra careful when searching for these extra hot gifts. Here are 7 other online safety tips that you should read before you start any online shopping spree.

One reason we are more vulnerable to online scams during the holidays is because we’re in such a hurry. In fact, that’s why Cyber Monday is so huge—millions of people sneak their shopping in while at work. And many of us are stressed because we’re shopping for so many people.

This week’s question is: How many people are you shopping for this year?

Read the rules and post your answer in the comments below for your chance to an iPod touch and  F-Secure Internet Security 2011.

BONUS ENTRY: You’re eligible for an extra entry. Complete this quick survey about online shopping and then post “Survey completed” in an ADDITIONAL comment for another chance to win. If you completed the shopping survey already, you’re still eligible for an extra entry this week if you post the additional comment.

Cheers,
Sandra

CC image created by Don Hankins.

F-Secure Internet Security 2011
GET REAL SWEEPSTAKES WEEK #11- COMPETITION RULES AND PRIZES

By entering the Get Real promotion you accept the Official Competition Rules and the Privacy Policy (http://www.f-secure.com/en_US/privacy.html).

If you do not accept these rules, please do not enter this promotion.

1. The sponsor of this promotion is F-Secure Corporation, located at Tammasaarenkatu 7, Po. Box 24, 00181 Helsinki, Finland (“Sponsor”).
2. The promotion will begin at 12:00 PM PDT on November 29, 2010 and end at 12:00 PM PDT December 6, 2010.
3. This promotion is void where prohibited or restricted by law. No purchase is necessary to enter.
4. 2 prizes, iPod touch 8 GB with a retail value of $229.99 and 1 F-Secure Internet Security license with a retail value of $59.99 will be given as prizes in this promotion at the close of the competition.
5. Only two (2) entries, per person per Sweepstakes will be accepted.  Each comment posted constitutes an entry. Further attempts made by the same person and entries generated by a script, computer programs, macro, programmed, robotic or other automated means will be disqualified.
6. The winner will be chosen randomly from the people who participated in the competition by commenting on the “Get Real Sweepstakes: Week #11“. Sponsor will notify the winner via email. If the winner does not respond within seven (7) days, he or she will forfeit the prize and another winner will be randomly chosen. This prize is shipped to the winner within 45 days of the promotion closing date.
7. The winners are responsible for any taxes associated with receipt of the prizes. Sponsor reserves the right to substitute the prizes with other prizes of equal or greater value if the prize is not available for any reason.
8. Odds of winning the prizes depend upon the total number of eligible entries received.
9. No purchase or software download is necessary to enter or win. Purchase or software download will not increase your chances of winning.
10. To enter, visit http://safeandsavvy.f-secure.com/2010/11/29/get-real-sweepstakes-week-11/ and comment on the post once or twice. To comment you must provide your email address, which will not be made public. Entries are the property of Sponsor and will not be acknowledged or returned. Comments made be edited by F-Secure without explanation.
11. Any entrant who attempts to cheat or tamper with the Get Real Sweepstakes shall be disqualified by the Sponsor’s sole discretion.
12. The name of the winner will be announced via the F-Secure Twitter channel http://twitter.com/FSecure, F-Secure Facebook page http://www.facebook.com/FSecure and F-Secure’s Safe and Savvy blog http://safeandsavvy.f-secure.com/ once the winner has been contacted. By entering, the entrant agrees that his/her name, country and/or picture can be published at F-Secure’s aforementioned channels if he/she wins.
13. By entering, entrants agree to release and hold harmless Sponsor and all of its representatives from and against any and all costs, expenses, claims, demands, proceedings, suits, actions and/or liabilities for any injuries, death, loss or damage of any kind arising from or in connection with i) the distribution of any prize, ii) entrants’ participation in and/or entry into the campaign, acceptance or use of any prize or unavailability of any prize. Prizes are provided “AS IS” without warranty of any kind from the sponsor.
14.  Employees of Sponsor and family members of such employees are not eligible to enter.

© 2010 F-SECURE CORPORATION. ALL RIGHTS RESERVED.

Share this

We’ve seen evidence of John’s careless ways, doesn’t seem very smart does it?

However the truth of the matter is that you don’t have to be an imbecile to find you have been the victim of cyber theft.   John is not alone – people put themselves at risk everyday.

Over the next couple of weeks we’ll be sharing top tips on how to increase your internet security through our Twitter account using the hashtag ‘#NotSmartJohn’.

These will include methods to avoid getting your Facebook account hacked, your credit card details stolen or your email account accessed.  We’ll be testing your knowledge every Friday, and selecting winners at random.  All you need to do is answer the question on Facebook or Twitter with the hashtag ‘#NotSmartJohn’.

All you need to do to enter is submit your answers in the comments section of our Be Smarter than John Facebook tab or Tweet the answers when we announce the weekly quiz on Twitter every Friday.

In the meantime, to get an idea of how the F-Secure internet security 2011 package might benefit you, we’ve made a free 30 day trial available for download today

Tell us about your experience! If you do test it out we would love to hear your thoughts on the product and/or on cyber-security.  Share your opinions with us in the comments section below, or should you chose to review on your own site, let us know and we’ll share with the F-Secure community.

Hoping that your still smarter than John,

Sandra

Share this

Worm:SymbOS/Commwarrior asking permission for installation

This is the last posting in a three-part series covering common threats a user may encounter.

This series serves as a rough and ready guide, highlighting key features and trends relevant to most users.

In my previous posts, I covered Trojans and Viruses, two ‘big-name’ threats most users are familiar with. Last but not least, we’ll take a look at Worms - a malware type that’s becoming especially prominent as more businesses and users become connected, both to the Internet and to other businesses around the world.

All things worm-y

Worms are, thankfully, one of the more straightforward malware types.  According to this description, this time kindly provided by Wikipedia, a computer worm is:

“…a self-replicating computer program. It uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention.“

The description highlights a peculiar characteristic of a worm – they are surprisingly independent creations, usually designed to handle their own functions without much, or even any, human interaction. Slightly more technically, worms have two abilities that set them apart from trojans and viruses: they can self-replicate and  self-distribute.

No humans necessary…almost

Unlike trojans that use social engineering to convince a user to run them, or viruses that piggyback on other programs, worms need neither a host nor the user to make copies of themselves. Once it’s arrived on a computer, a worm can happily churn out multiple copies of itself without any help.

To be fair, many worms still need a human user to to allow it access to the machine (e.g., click on an infectious e-mail attachment or accept a Bluetooth transmission) before it can start replicating. Nowadays though, we’res eeing sophisticated worms avoiding human contact entirely by exploiting vulnerabilities in the computer or an installed program, allowing them to arrive, replicate and leave without the user ever realizing they were there.

Copies for everyone, don’t be shy!

Worms also actively find new victims themselves, by sending their copies to any vulnerable machine accessible over a network.  Theoretically, worms can spread over any kind of network; as long as one computer has a data connection to another, a sufficiently clever hacker could probably find a way to sneak a program from one machine to the next.

Most antivirus vendors logically and straightforwardly categorize worms based on the type of network they primarily use to spread (email-worm, SMS-worm, bluetooth-worm,  etc). Of course, some worms are also designed to spread over multiple networks, just to make life more interesting and network administrators more annoyed.

Networks are a worm’s best friends

Most of the recent media-reported worm outbreaks have taken place over the Internet, which users often forget is really just a gigantic network of computers. They can also spread on specialized ‘sub-networks’ layered on the Internet backbone – e-mail networks, Internet Messaging, Peer-to-Peer and Internet Relay Chat networks, and so on.

The Mikeey Twitter worm

Then there are social networking sites, which you could think of as hubs hosting multiple, overlapping networks of contacts. Particularly popular sites like Twitter and Facebook have suffered site-specific outbreaks in the last few years, though the vigorous vigilance of the site admins and alert, community-minded users have helped mitigate the threats.

Off the Internet, there are telecommunications networks, which suffer SMS, MMS and Bluetooth based worms. Even isolated intranets or standalone terminals are vulnerable if a user accidentally transfers a worm into the restricted space, though it does require a worm that can infect the ‘bridging medium’, which is almost always removable media. (*cough* thumb drives *cough*).

The Point Is…

If you’ve been following this series, you’ll already know that knowing what type of malware is present gives a good indicator of what kind of damage you need to watch out for. Whereas trojans lead to loss of user data and computer control and viruses deal damage to software integrity, with worms users have to worry about disruption of network stability.

Unlike viruses, a worm replicating on your computer isn’t particularly troublesome, as the copies themselves don’t do damage; it’s when it tries to send out its copies to new victims that the trouble starts. A worm distributing copies of itself over a network can potentially generate overwhelming amounts of traffic, effectively preventing other users from using the connection until the worm stops broadcasting. Given how dependent most businesses today are on stable internal office networks and a working Internet connection, any disruption to either is a serious matter.

Worm infections can have significant financial costs for businesses, in terms of lost productivity and disrupted business transactions. Financial costs aren’t limited to computer users either; infections on mobile devices can also generate unexpected bills, since the worms generally spread by sending out (usually chargeable) SMS or MMS messages.

Worm infections: a good way to annoy other users

The range of fallout from a worm infection is also different. Trojans and viruses tends to limit their destructive attentions to the infected machine; they may affect your programs and data, but other computers on the network aren’t likely to be affected. Worms on the other hand are egalitarian by nature; they love to share the misery, indiscriminately infecting any machines they can reach.

That also makes removal a miserable business, since administrators generally have to shut down the entire network and clean each computer before restarting services, to ensure one overlooked computer doesn’t enthusiastically share its infection with the entire network again.

Uninfected users can also be seriously inconvenienced, as local networks, e-mail services or social networking sites are temporarily shut down to clear out an infection. In major outbreaks, even the Internet infrastructure of entire countries can be slowed by too many infected computers connecting and trying to find new victims. That’s from personal experience, as I’ve had to listen to a voice recording from my ISP telling me they’re very sorry, but Internet connectivity for the whole of Malaysia is currently being affected by the Conficker worm outbreak.

Other effects

Worm:iPhoneOS/iKee's dastardly payload

In addition to the effects of its replicating behavior, a worm bring extra headaches to the party if it includes a malicious payload. Like trojans and viruses, a worm’s payload can involve compromise of the user’s information, take over control of the computer or damage to files. A small sample of payloads we’ve seen delivered by worms are: disabling programs (Email-Worm:W32/Nyxem), infecting files with a virus (Worm:W32/Klez) and installing a backdoor program (Email-Worm:W32/Bagle). Or just setting Rick Astley as your wallpaper (Worm:iPhoneOS/iKee).

And finally, an often overlooked but still significant side effect of a worm infection is the ensuing social awkwardness if it gets out that your computer or phone was the one sending out all those infectious e-mails or SMS messages. Noone likes being pointed to as the computing equivalent of Typhoid Mary.

Worms in the future

Unlike viruses, worms – as a malware type – are still going strong, rivaling trojans as the most common type of malware users encounter today, though the specific type of worm involved seems to have undergone a sea change.

Previous major outbreaks (Bagle, Mydoom and Sobig, among others) involved email-worms, which affected businesses globally as their e-mail systems were overwhelmed and effectively ‘DOS’ed by the worms.  Nowadays, probably because of the extra security around e-mail applications, email-worm outbreaks seem to have died down. More recent worm activities have been Internet-based, as net-worms targeting specific vulnerabilities (such as Conficker) infect Internet-connected computers by the millions.

On mobile networks, Bluetooth-transmitted worms have been vying neck in neck with trojans for the title of most common mobile malware nuisance. So far, most worms on mobile networks have been designed to infect devices running Symbian operating systems, for the practical reason that Symbian has, at least until very recently, held the lion’s share of the smartphone OS market (reported here as 44.6% as of 10 Nov 2010). That may change though as other mobile operating systems rapidly gain greater market share. 2011 looks to be an interesting year for mobile malware; we’ll just have to wait and see…

If you’re still interested

So while we wait to see if worms make more news, here’s some links to other, more in-depth resources on them:

• Internet Worms Walking on Unstable Ground by SANS
• NISCC Technical Note 07/03: Internet Worm (PDF) by National Infrastructure Security Co-ordination Centre, UK

Also partially available on Google Books:

• Elements of Computer Security By David Salomon
• Network Intrusion Detection and Prevention: Concepts and Techniques by Ali A. Ghorbani

Share this

UPDATE: This sweepstakes is now closed. The winner will be contacted and then announced. LIKE our Facebook page for more giveaways and online safety tips.

Online shopping sets a new record every year, and 2010 will be no exception. For millions of people, holiday shopping begins by going to their favorite search engine and typing in the name of the first gift on their list.

Unfortunately, the more popular a gift is, the more likely it is to lead to asearch engine optimization (SEO) attack. At a quick glance, these poisoned results look like every other search result. They promise to deliver you the gift you need at the price you want. But instead they lead you to malicious web pages that can easily infect an unprotected PC.

You can help prevent a cyber criminal from spoiling your holidays before the fun even begins by following these quick tips:

• go to a retailer’s site directly if possible;
• use Internet security software that features Browsing Protection (or check links with F-Secure’s free Browsing Protection);
• an always check a sites URL before making any purchase (looking to make sure you’re at the correct online store and that the page URL begins with https://, which means it’s secure).

You should also be especially careful when searching  for the most popular gifts of the season, which leads to this week’s question: Which gift do you think will be the most popular (thus the most dangerous) this holiday season?

Read the rules and post your answer in the comments below for your chance to an iPod touch and  F-Secure Internet Security 2011.

Good luck and safe shopping to all,

Sandra

CC image #1 created by istolethetv.
CC image #2 created by digitpedia.

F-Secure Internet Security 2011
GET REAL SWEEPSTAKES WEEK #9- COMPETITION RULES AND PRIZES

By entering the Get Real promotion you accept the Official Competition Rules and the Privacy Policy (http://www.f-secure.com/en_US/privacy.html).

If you do not accept these rules, please do not enter this promotion.

1. The sponsor of this promotion is F-Secure Corporation, located at Tammasaarenkatu 7, Po. Box 24, 00181 Helsinki, Finland (“Sponsor”).
2. The promotion will begin at 12:00 PM PDT on November 15, 2010 and end at 12:00 PM PDT November 22, 2010.
3. This promotion is void where prohibited or restricted by law. No purchase is necessary to enter.
4. 2 prizes, iPod touch 8 GB with a retail value of $229.99 and 1 F-Secure Internet Security license with a retail value of $59.99 will be given as prizes in this promotion at the close of the competition.
5. Only two (2) entries, per person per Sweepstakes will be accepted.  Each comment posted constitutes an entry. Further attempts made by the same person and entries generated by a script, computer programs, macro, programmed, robotic or other automated means will be disqualified.
6. The winner will be chosen randomly from the people who participated in the competition by commenting on the “Get Real Sweepstakes: Week #9“. Sponsor will notify the winner via email. If the winner does not respond within seven (7) days, he or she will forfeit the prize and another winner will be randomly chosen. This prize is shipped to the winner within 30 days of the promotion closing date.
7. The winners are responsible for any taxes associated with receipt of the prizes. Sponsor reserves the right to substitute the prizes with other prizes of equal or greater value if the prize is not available for any reason.
8. Odds of winning the prizes depend upon the total number of eligible entries received.
9. No purchase or software download is necessary to enter or win. Purchase or software download will not increase your chances of winning.
10. To enter, visit http://safeandsavvy.f-secure.com/2010/11/12/get-real-sweepstakes-week-9/ and comment on the post once  To comment you must provide your email address, which will not be made public. Entries are the property of Sponsor and will not be acknowledged or returned. Comments made be edited by F-Secure without explanation.
11. Any entrant who attempts to cheat or tamper with the Get Real Sweepstakes shall be disqualified by the Sponsor’s sole discretion.
12. The name of the winner will be announced via the F-Secure Twitter channel http://twitter.com/FSecure, F-Secure Facebook page http://www.facebook.com/FSecure and F-Secure’s Safe and Savvy blog http://safeandsavvy.f-secure.com/ once the winner has been contacted. By entering, the entrant agrees that his/her name, country and/or picture can be published at F-Secure’s aforementioned channels if he/she wins.
13. By entering, entrants agree to release and hold harmless Sponsor and all of its representatives from and against any and all costs, expenses, claims, demands, proceedings, suits, actions and/or liabilities for any injuries, death, loss or damage of any kind arising from or in connection with i) the distribution of any prize, ii) entrants’ participation in and/or entry into the campaign, acceptance or use of any prize or unavailability of any prize. Prizes are provided “AS IS” without warranty of any kind from the sponsor.
14.  Employees of Sponsor and family members of such employees are not eligible to enter.

© 2010 F-SECURE CORPORATION. ALL RIGHTS RESERVED.

Share this

Warning from Windows Protection Suite! A sample scan of your PC has found 20 potential threats.

“What’s this?” Ashley wondered. “Is this my security software? Do I even have security software?”

She was in a hurry, so she clicked, “Protect Now”. Now, the trouble begins.

This scene is repeated over and over on PCs all over world, thousands of times a day. An official-looking alert pops up. It warns that malware has been detected in the system and in order to remove it, you need to activate an anti-virus program. The alert seems rather convincingly to be coming from the system itself, and Microsoft Windows purportedly recommends this anti-virus program. So, what could go wrong?

Once activated, the anti-virus program seems to remove the malware and proceeds to run a full scan on the system as an extra precaution. Upon further scanning, more malware is detected and the trial version, which is limited in capability, won’t be enough. An upgrade to the full version is recommended at a small price.

Ashley’s PC has been disabled by scareware.

What is scareware?

The above situation describes a typical encounter with a rogue anti-virus or security program, which uses scare tactics to push users into purchasing the product. Often, users end up with an incompetent product that does nothing. Turns out that aside from the rogue itself (and the program that downloaded it), the system is otherwise clean. The rogue is just pretending to perform a scan and removing a nonexistent malware.

However, there are instances where the product being “sold” is legit and is quite capable; only the selling method is shady. Usually carried out by affiliate vendors that collect commission for each copy sold, some extreme tactics include corrupting users’ files and to some level, installing an actual malware on the system, just to push users into making the purchase. If a security product is over sold to you in this manner, contact the maker of the product directly. Honest security vendors work hard every day to help eliminate the menace of their malicious imitators.

How does Rogue AV get on my system?

It is possible that you inadvertently installed the rogue on your system yourself, thinking that you were downloading the free version of a legitimate program. But it is more likely that the rogue is installed by another program such as a trojan-downloader. The trojan-downloader might have infiltrated the system through a drive-by-download method such as hitchhiking with another downloaded program or pretending to be another program that users trusted. For more information about Trojans, check out Alia’s quick and dirty introduction to the malware version of con men.

Removing rogues

Removing a rogue could be challenging; some conventional anti-virus program might not be up to the task, perhaps due to the rogue’s non-malware characteristics or stealth techniques. One option is to use a special tool such as the F-Secure Easy Clean. Tools like Easy Clean can handle complex threats that may have escaped your anti-virus program.

If you’re an advanced user, you may want to perform manual removal. You’ll be required to delve into the system to locate and delete everything (files, directories, registry entries) associated with the rogue. Be careful. It’s a challenge.

Tips for protecting yourself

If an unfamiliar alert suddenly flashes on your screen, do not panic and tuck your credit card away.

Rogues aim to scare you until you submitted to purchasing the product. Stay calm and conduct a Google search on this anti-virus product. If it is a rogue, you’ll find threads from credible sources mentioning about this fact, along with the instruction for removing it from the system.

If you are indeed in the market for a an anti-virus or security product, rely on credible names in the industry. Visit their website to learn more about the vendors and their products. Many vendors including F-Secure provide a free trial of their product or access to free security tools. Take advantage and play around with these resources to figure out which product suits you best.

Share this

I’m still worried about my friend John. Everywhere he goes, he leaves a little bit of himself for strangers to find and exploit.  Take John’s recent trip to Stockholm, for instance.

Why am I so afraid for John? Identity Theft.  I’m afraid someone is going to pretend to be John and get him in a lot of trouble. And frankly, John does enough of that himself.

But John won’t listen. Maybe it’s because the term “Identity Theft” is vague. The whole reason you worry about someone damaging your identity is because unless you have surgery or access to incredible forgeries, you will always be you.

When most people talk aboutIdentity Theft, they usually mean simple credit card fraud—someone using your financial details to illegally buy property. But there are many kinds of Identity Theft. Someone can pose as you to commit a crime or to get prescription. Your online identity could be hijacked to harm your personal brand. Loans can be applied for in your name. The possibilities are only limited by a criminal’s imagination.

So, we want to know: What does Identity Theft mean to you? What is the most irreplaceable aspect of your identity?

Read the rules and post your answer on the comments below for your chance to win Flip Ultra HD 8 GBcamera and F-Secure Internet Security 2011, which will help protect your identity.

Cheers,

Sandra

F-Secure Internet Security 2011
GET REAL SWEEPSTAKES WEEK #8- COMPETITION RULES AND PRIZES

By entering the Get Real promotion you accept the Official Competition Rules and the Privacy Policy (http://www.f-secure.com/en_US/privacy.html).

If you do not accept these rules, please do not enter this promotion.

1. The sponsor of this promotion is F-Secure Corporation, located at Tammasaarenkatu 7, Po. Box 24, 00181 Helsinki, Finland (“Sponsor”).
2. The promotion will begin at 6:00 PM PDT on November 7, 2010 and end at 12:00 PM PDT November 15, 2010.
3. This promotion is void where prohibited or restricted by law. No purchase is necessary to enter.
4. 2 prizes, a Flip Ultra HD 8 GB with a retail value of $199.99 and 1 F-Secure Internet Security licenses with a retail value of $59.99 will be given as prizes in this promotion at the close of the competition.
5. Only one (1) entry, per person per Sweepstakes will be accepted.  Each comment posted constitutes an entry. Further attempts made by the same person and entries generated by a script, computer programs, macro, programmed, robotic or other automated means will be disqualified.
6. The winner will be chosen randomly from the people who participated in the competition by commenting on the “Get Real Sweepstakes: Week #8“. Sponsor will notify the winner via email. If the winner does not respond within seven (7) days, he or she will forfeit the prize and another winner will be randomly chosen. This prize is shipped to the winner within 30 days of the promotion closing date.
7. The winners are responsible for any taxes associated with receipt of the prizes. Sponsor reserves the right to substitute the prizes with other prizes of equal or greater value if the prize is not available for any reason.
8. Odds of winning the prizes depend upon the total number of eligible entries received.
9. No purchase or software download is necessary to enter or win. Purchase or software download will not increase your chances of winning.
10. To enter, visit http://safeandsavvy.f-secure.com/2010/11/07/get-real-sweepstakes-week-8/ and comment on the post once  To comment you must provide your email address, which will not be made public. Entries are the property of Sponsor and will not be acknowledged or returned. Comments made be edited by F-Secure without explanation.
11. Any entrant who attempts to cheat or tamper with the Get Real Sweepstakes shall be disqualified by the Sponsor’s sole discretion.
12. The name of the winner will be announced via the F-Secure Twitter channel http://twitter.com/FSecure, F-Secure Facebook page http://www.facebook.com/FSecure and F-Secure’s Safe and Savvy blog http://safeandsavvy.f-secure.com/ once the winner has been contacted. By entering, the entrant agrees that his/her name, country and/or picture can be published at F-Secure’s aforementioned channels if he/she wins.
13. By entering, entrants agree to release and hold harmless Sponsor and all of its representatives from and against any and all costs, expenses, claims, demands, proceedings, suits, actions and/or liabilities for any injuries, death, loss or damage of any kind arising from or in connection with accidents, terrorism, theft, natural disaster, the promotion of the Get Real Sweepstakes, the distribution of any prize, entrants’ participation in and/or entry into the Get Real Sweepstakes, acceptance or use of any prize or unavailability of any prize. Prizes are provided “AS IS” without warranty of any kind from the sponsor.
14.  Employees of Sponsor and family members of such employees are not eligible to enter.

© 2010 F-SECURE CORPORATION. ALL RIGHTS RESERVED.

Share this

Trojan-Downloader:OSX/Jahlev.A: Trojan disguised as a MacAccess Installer

Judging by the comments on my previous post, there are readers out there who want more in-depth postings about malware – worms, trojans, viruses and the like. Pleased to hear it! So, just to bolster the more malware-focused side of Safe and Savvy, this will be the first in a 3-part series in which I’ll take a look at the most common computer threats you may encounter.

As this is meant as a rough and ready guide rather than an in-depth technical scrutiny, I’ll be highlighting general features and patterns to help ‘the average user’ distinguish between different malware types, as well as how each can affect your data or computer.  Links to more technical discussions are available below.

The Big Three

In this series, I’ll be covering Trojans, Viruses and Worms. After all, when most users think of malware, they’ll almost always think of these three first. These are the most commonly found computer threats, the ones with the most media attention, the evil shining stars of the malware world – The Big Three. If you only ever learn the difference between three types of malwares, it should be these three.

Now, perhaps you’d ask at this point, “I have an antivirus program on my computer that will tell me what malware it is, and stop it! Why should I bother?” There are a numerous reasons why you still may want to know about how malware works. But for now, I’ll just highlight this one: an antivirus program only handles identifying and disinfecting threats from the computer; the user still has to deal with the real-world repercussions of malware affecting their personal information.

As an example, an AV could identify and clean a trojan-thief infection from your computer – but if you know that trojan-thieves typically steal account credentials and passwords, you’d also know to check your online banking and gaming accounts to make sure they aren’t compromised. Knowing more about the malware gives you a starting point for evaluating the impact the infection had on your data and system, and how to make sure both are secure.

So without further ado, we’re going to take a closer look at today’s Threat Numero Uno, the trojan.

Trojans

Trojans and their more well-known cousins, viruses, aren’t always easy to tell apart.

Merriam-Webster’s definition of a trojan is:

“A seemingly useful computer program that contains concealed instructions which when activated perform an illicit or malicious action (as destroying data files)”.

Meanwhile, their definition for a virus is:

“A computer program that is usually hidden within another seemingly innocuous program and that produces copies of itself and inserts them into other programs and usually performs a malicious action (as destroying data)”.

Both perfectly correct and succinct – but still a bit obscure. How would the average user know the malicious action was done because of ‘concealed instructions’ rather than a ‘hidden program’? Perhaps an easier way to grasp the essence of a trojan, and how it differs from a virus, is to think of the difference between a parasite and a fraud.

Think of a macro virus that infects a Microsoft Word document; the Word document itself is perfectly legitimate, but it’s carrying a parasite. In contrast, a trojan that pretends to be a game but installs a keylogger on the system is a fraud; the program itself is bogus – it appears to work but is really just a front to deliver a nasty payload.

Most trojans are fairly simple and fit this definition neatly enough. Of course, there are particularly sophisticated trojans that blur the boundaries by including virus-like capabilities (or vice versa), just to make life difficult for everyone. Fortunately, at the moment these blended threats are relatively rare birds, and we’ll leave them aside for now.

Getting Infected

Trojan:AndroidOS/Tapsnake: A trojan that appears to be a game

Trojans are particularly easy run to afoul of because they are deliberately designed and distributed in a way that fools you, the unsuspecting user, into downloading, installing and running it. You could think of trojans as the con men of malwares.

Trojans can appear to be almost any type of program – utilities, games, operating system updates, and so on. Malware authors will often steal the names/facade/details of a legitimate program to make the trojan seem authentic or desirable.

On smartphones, particularly Internet-enabled ones, trojans (and worms) have always been the most common type of threat. Trojans targeted to smartphones are almost always disguised as system-related updates or applications (e.g. Trojan:SymbOS/Skulls) or games (e.g., Trojan:WinCE/Terdial) – both program types a user is likely to trust and/or desire.

For computer users, viruses have traditionally been the more high-profile threat, but in recent years trojans have superseded them and become more prevalent. Trojans used to be most commonly encountered as e-mail file attachments (either spammed out, often by botnets, or sent directly to the recipient in a targeted attack). This strategy required that the e-mail be convincing (or tantalizing) enough to draw the user into executing the authentic-looking attachment.

Fortunately, most users wise up to this tactic pretty fast, which is bad news for attackers. Nowadays, instead of depending on spam e-mails or direct attacks, malware authors or distributors (they might not be the same) seem to be moving their game online; users are now more likely to stumble across trojans when they’re surfing the web.

Trojans Online

Trojans have been found:

• Hosted on malicious sites (search engine results may be poisoned to direct users to these sites)
• Hosted on legitimate sites that have been compromised
• Seeded on torrent sites, forums, newsgroups, and other download sites
• Offered through hijacked social networking, instant chat messaging (IM) and instant relay chat (IRC) accounts

In the online environment, malware authors/distributors seem to turn their creativity to making the malicious websites that host trojans look really authentic and respectable. Again, there’s that element of deception, though now the trickery is focused more on the website rather than the actual file.

A ‘tried and true’ tactic involves the malicious site offering the trojan as a supposed ‘update for a video player’, or ‘patch for a game’ or similar. Another oft-used trick is for the malicious site to mimic or completely copy a legitimate site to lend authenticity to the offered download (for a particularly complex example, see our Labs Weblog entry ZeuS Variants Targeting Mobile Banking).

A particularly effective tactic has the malicious website itself designed to exploit vulnerabilities in the visitor’s web browser, forcing it to automatically download the trojan to the user’s computer. This sophisticated variation on the classic ‘driveby-download’ attack doesn’t require the user to actively do anything at all on the website.

Trojans – after your data, your computer, or both

Once downloaded and executed, the trojan will perform some unauthorized action. Most trojans will fall into one of two general ‘spheres of action’: dealing with data or stealing control of the computer.

Data-dealers

Trojans that target information will either steal data directly from the user/computer, or monitor the user’s behavior in order to gather data. These trojans are password-stealers and keyloggers, the ones that monitor a user’s web browsing behavior and actions on the computer.

Control-stealers

Trojans designed for control allow, or install programs that allow, a remote attacker to control the infected computer. These are the trojans that download programs to the machine, or turn the user’s computer into a proxy so that an attacker can connect to the Net anonymously. These trojans may also include information-stealing trojans as part of their payload, handily compromising both machine and user data.

What Trojans Do

Conveniently, these distinctive behavior groupings makes trojans easy to categorize. You can see the types (right) F-Secure uses to indicate a specific trojan’s actions; most antivirus vendors will use roughly similar categorization schemes.

Some trojans are rather more sophisticated and can perform more than a single type of action. These uber-trojans are generally just categorized as trojans, for simplicity’s sake.

If you’re still interested….

The above is just a very quick highlight of a trojan’s most notable features. You can find more information about trojans here:

• Trojan Horse Attacks by Irchelp
• CERT Advisory CA-1999-02 Trojan Horses

Or partially available on Google Books:

• “Software forensics: collecting evidence from the scene of a digital crime” by Robert Slade
• “IT security survival guide” By TechRepublic

Next

Up next – Viruses!

Share this