Posts Tagged ‘Malware’

Google: ‘Your computer appears to be infected’

Published by pratyushkp on July 22nd, 2011 - in Social, Technology

It’s only been a few weeks since the world’s web users woke up to discover a big black bar at the top of their Google search results (introduced when Google+ was launched).

Now, some users of Google search might start seeing something else close to the top of the world’s most famous home page.

The warning message reads:

Your computer appears to be infected.
It appears that your computer is infected with software that intercepts your connection to Google and other sites. Learn how to fix this.

At first glance, you might be worried when you see this message and think you could be on the receiving end of a fake anti-virus attack.

After all, haven’t you been warned hundreds of times in the past to trust the anti-virus software you installed on your computer, not unexpected messages that pop up on websites you visit?

All is explained in a Google blog post, however.

Damian Menscher, a security engineer at Google, describes how he identified that infected computers were sending search traffic through proxies to the search engine. The intention of the cybercriminals behind the scheme was to modify the search results served up by Google to point to money-making pay-per-click sites instead.

In all, Google estimates that a couple of million Windows PCs may be affected around the world by the strain of malware they are hoping to warn users about. The firm says that it’s already been able to successfully warn “hundreds of thousands of users”.

Fortunately, although Google does not scan your hard drive when you search for things via google.com, it can detect the unique traffic signature from visiting infected PCs and make a pretty informed guess about your computer’s health in regard to this malware strain.

Google is hoping that the warning message will encourage users to update their anti-virus software, scan their computers and become more conscious of security issues.

I think what Google is doing should be applauded – anything which warns computer users about genuine malware threats has to be a good thing.

But, sadly and inevitably, there is the potential for cybercriminals to mimic the Google warning and direct users to dangerous downloads and scams. Of course, that isn’t a reason why Google shouldn’t warn their users, when it believes it has identified a security problem.

The danger is that many people may know what their own anti-virus software looks like when it displays a warning, but may be less familiar with how the Google warning presents itself, and where it links to.

Furthermore, Google points users to visit one of its webpages for further advice on how to fix the problem.

So, always be careful about what you search for, and the links you click on when trying to find anti-virus software.

No-one should be fooled into believing that Google’s initiative is any substitute for regular anti-virus software and sensible security practices. Google is attempting to alleviate a very specific malware issue that communicates with its infrastructure.

Google, you get my thumbs up for an imaginative idea that could help with a small part of the malware problem.

Source :- http://nakedsecurity.sophos.com

  • Google: ‘Your computer appears to be infected’ (nakedsecurity.sophos.com)
  • Google senses proxy requests to warn users of malware infestation (arstechnica.com)
  • Malware Affecting Google Search in Windows OS (shoutmeloud.com)
  • Your Computer Appears To Be Infected, On Google Search (ghacks.net)
  • Google Warns Searchers Of Windows Malware Infection (informationweek.com)
  • Google Warning Virus Victims (newser.com)

Google Takes Down Over 11 Million CO.CC Sites

Published by pratyushkp on July 7th, 2011 - in Social, Technology
Image representing Google as depicted in Crunc...

Image via CrunchBase

Google has taken down over 11 million sites it has deemed “spammy.”

According to The Register, the .co.cc subdomain, owned independently by a Korean company, is not an authorized second-level domain (such as .co.uk). Google classified it as a “freehost,” meaning that it allows users to register single sites for free.

Oliver Fisher, a member of the Google Anti-Malware Team, wrote a post on the search engine‘s Online Security Blog to explain the massive take-down.

“Google’s automated malware scanning systems detect sites that distribute malware,” said Fisher. “To help protect users we recently modified those systems to identify bulk subdomain services which are being abused. In some severe cases our systems may now flag the whole bulk domain.”

The Register notes that a recent report showed that .cc had twice as many phishing attacks as any other domain extension, especially because of the .co.cc subdomain. The company that owns .co.cc says it has 11,383,746 registered domains.

As Search Engine Land points out, Google wiped out content from a freehost before. For example, the search engine banned a Polish freehost due to a large volume of spam.

Google’s been vigilant about cutting down on spam since its early days, when employees had to manually search for porn sites to filter them out of results. Recently, the site introduced a series of changes to further cut down on spam and content farms.

Source :- http://www.huffingtonpost.com

  • Google Removes More Than 11 Million .co.cc Domains From Search Results (digitizor.com)
  • Google Search police strike again, send ‘cc.co’ domains into oblivion (digitaltrends.com)
  • Google dumps all 11+ million .co.cc sites from its results (go.theregister.com)
  • Google Delists All CO.CC Domains From Index (searchengineland.com)
  • Google blocks .co.cc, attackers are now using .co.tv (sucuri.net)
  • Google Removes All Sites Under .CO.CC Over Security Concerns (circleid.com)

Rihanna and Hayden Panettiere sex video spreads Mac malware on Facebook

Published by pratyushkp on June 2nd, 2011 - in Social, Technology

Image by Getty Images via @daylife

Hot on the heels of an earlier Mac malware attack spreading via Facebook links, we are seeing another attempt to infect Mac users on the social network – with what claims to be a sex video of celebrities Rihanna and Hayden Panettiere.

If you see messages like the following on Facebook, please do not click on the links.

one more stolen home porn video Rihanna and Hayden Panettiere

Hot Lesbian Video - Rihanna And Hayden Panettiere!!
[LINK]

Rihanna And Hayden Panettiere !!! Private Lesbian HOT Sex Tape stolen from home archive of Rihanna!

For those who don’t follow such things, Hayden Panettiere played the part of the cheerleader in the sci-fi TV show “Heroes“, and Rihanna is a pop star famous for her umbrella-ella-ella.

Not that you’ll get to see much evidence of that if you click on the link as – on Apple Macs at least – you may find yourself ending up on a webpage which tries to infect you with malware in the form of a fake anti-virus attack.

Has a private lesbian hot sex tape really been stolen from the home archive of Rihanna? Personally I think it’s unlikely, but it’s surprising what people will believe these days (and indeed, what celebrities will get up to) so it’s no wonder that some folks might click on the link.

SophosLabs is adding detection for the various components of this Mac malware attack as OSX/FakeAV-DWK, OSX/FakeAV-DWN, OSX/FakeAvDl-A and OSX/FakeAVZp-C. Users of Sophos products, including the free Mac anti-virus for home users, will be automatically updated.

Source :- http://nakedsecurity.sophos.com

  • Rihanna and Hayden Panettiere sex video spreads Mac malware on Facebook (nakedsecurity.sophos.com)
  • Hayden Panettiere’s Having Midget Sex With Mark Sanchez Now (thesuperficial.com)
  • Facebook Video Scam Puts Malware on Mac and Windows (pcworld.com)
  • Are Hayden Panettiere and Mark Sanchez dating — or just fast-food junkies? (latimesblogs.latimes.com)
  • Are Hayden Panettiere And Mark Sanchez An Item? (socialitelife.com)
  • New Couple Alert: Hayden Panettiere and Mark Sanchez (thehollywoodgossip.com)
  • So True? So False? Hayden Panettiere and Mark Sanchez a Couple?! (eonline.com)
  • IMF boss rape video? Mac malware spreads via Facebook links (blogoholic.in)
Tags: , , Hayden Panettiere, Heroes (TV series), , , Mark Sanchez, New York Jets, Rihanna,

Blackhat SEO and Fake anti-virus – Like chocolate and peanut butter

Published by pratyushkp on May 26th, 2011 - in Social, Technology

Image via Wikipedia

Original Article posted on http://nakedsecurity.sophos.com

Author Name – Chester Wisniewski

It’s not exactly a new story that people are being hit hard by fake anti-virus, but I want to draw attention to the sophistication of their software and distribution methods.

Many IT professionals I work with have had to clean up after these infections, and equally as many blame their users for being stupid for getting infected. As a researcher, I know this is not necessarily the case. Certainly, some people make ignorant mistakes clicking links and opening attachments, but many of these attacks are convincing enough that simple computer security advice is not enough to protect users from them.

I just came across another instance of a long running spam campaign pretending to be a message from the user’s ISP telling them to run a file from a web link to update their email program settings. The download led to a fake anti-virus variant that was very realistic.

Dear Customer,

This e-mail was sent by CENSORED.com to notify you that we have temporanly prevented access to your account.

We have reasons to beleive that your account may have been accessed by someone else. Please run this file and Follow instructions:

http://ddd33.CENSORED.com/setup.zip

(C) CENSORED.com

This particular payload behaved much more like a real anti-virus product than ever before. It actually detected my installation of Sophos Anti-Virus and prompted me to uninstall it!

Most fake anti-virus I have run into is distributed through blackhat SEO poisoning. I recently put together a video showing how scammers are gaming Google and Bing to distribute this malware in ways your users may not expect.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

black hat

Aside from its sophistication in trying to remove our product as well as being distributed through an email, today’s sample of fake anti-virus looks and behaves like most others. It has an annoying habit of rebooting your workstation every 15 minutes or so.

To help educate both professionals and end users we have put together some materials on the 10 myths of safe web browsing. This includes some papers, a link to the video above, and a widget you can deploy on your Intranet that helps train users on safer internet usage.

  • Apple finally admits to Rogue anti-Virus problems (thetechherald.com)
  • Self Defense – Sophos Anti-Virus (smilingmac.wordpress.com)
  • Mac fake anti-virus attack adopts new disguise (nakedsecurity.sophos.com)
  • Fake Mac Defender ‘Anti-Virus’ For Macs On The Loose (techie-buzz.com)
  • Remove Fake Anti Virus Immediately ? Secure Your Pc With Best Anti … (besthomesecurityinfo.com)
  • Mac needs AntiVirus? (echlinm.wordpress.com)
  • Run your anti-virus program. (newsiam.wordpress.com)
  • Free Sophos Anti-Virus for Mac: ‘Frankly there’s no reason not to try it’ (nakedsecurity.sophos.com)
  • Free anti-virus for Mac named Best Anti-Malware solution at SC Awards (nakedsecurity.sophos.com)
  • Mac users hit with Fake AV when using Google image search (nakedsecurity.sophos.com)
© Social Media Blog

Ad Plugin made by Free Wordpress Themes