The Troj/ByteVer-G trojan is found by Webroot Spysweeper

Today Webroot spysweeper turned up a “Virus found” on Troj/ByteVer-G. So far, there is little information on this Trojan, outside Sophos (the virus engine for Spysweeper) which says it was entered into the database Feb. 5, with this entry. Webroot placed the Trojan into quarantine without incident.

Sophos offers much more detailed instructions for removing Trojans than merely deleting files, here. Trojans may resume execution at startup if they affected the registry. I presume that the Webroot quarantine prevents this from happening.

Curiously, after the sweep, Webroot told me it had just updated the security definition file. I restarted, then cold booted and reran the sweep and found no items.

Earlier, I had gotten a message on my Facebook page regarding a marketing company. I did click on the website, and it kept trying to get me to look at an offer before going away until I clicked out completely and closed Facebook. I don’t know if that was the source. I generally am not interested in “get rich” marketing schemes, as few work.

I could not find any mention of this Trojan at McAfee.

The Trojan may resemble Troj/FakeAvJs-A, already discussed.

About.com offers a discussion of “clean, quarantine, or delete?” here.

US service providers work with National Security Agency; no real privacy problem for ordinary users

Numerous media outlets reported yesterday that a number of major US Internet companies and service providers, most of all Google, are working with the National Security Agency to investigate the recently reported compromises to security that appear to have originated largely in China and be aimed at dissidents. Other possible sources of security problems could include Iran, the Balkans, elements in Russia, and maybe even North Korea, and perhaps radical Islam (but maybe not too likely).

The work with the NSA should not ordinarily affect the privacy of ordinary correspondence and Internet postings, forums, social media, and the like of ordinary users, nor is there any evidence that government is interested in tracking these.

However, webmasters or bloggers who post controversial material could conceivably attract destructive activity, particularly dissidents overseas. In April 2002, a web page of mine (a copy of a chapter of my second book) was hacked at the exact point that I started talking about suitcase nukes (it was a long essay about the response to 9/11, which at the time had happened only six months before). The file turned to jibberish, and the beginning of one other file was overwritten. Some of the jibberish appeared to include the names of remote areas overseas in other languages. A “libertarian” friend investigated and found that the particular ISP had left a Unix SITE command open. The problem never reoccurred. Of course, I recovered quickly by re-ftp since I had clean copies of all my own files. Later in 2002 I received two bizarre emails, including one about Indonesia (shortly before a major bust there) and another with a map showing critical locations in Russia. (I shared these with the FBI.) It seems that bloggers can attract attention and tips, but need to be careful.

Needless to say, I’ve gotten pretty savvy at recognizing “Nigerian scam” (and other phishing) emails from the subject lines (I never got one at all until 2000) and almost never open them (I report them as spam); these particular emails appeared to be trying to convey legitimate information.

Domestic computers are too often zombies in botnets

Jack Goldsmith makes a chilling point about the habits of US computer users in his op-ed Monday morning Feb. 1 in The Washington Post, “Can we stop the cyber arms race?”, link here.

While it’s right to be concerned about foreign cyber spying and hacking on US commercial and security interests, it’s also true that a great deal of the knowledge base on computer crime lives inside this country. He points out that the United States has most of the infected botnet computers in the world, and that many botnet attacks (often DDOS attacks) do result within the US. The mechanisms for these events have been well publicized in the media since about early 2001, well before 9/11. Many of the infected computers have always been poorly protected home and small business computers. After 9/11, some authorities raised concerns that home computers could become targets for steganography, although actual incidence of this does not seem to have grown.

We still could be facing consideration of how much legal responsibility home users should have when they connect to “the Outside” for safetly, just as we do with driver’s licenses and auto liability. Will there be an Internet driver’s license some day?

Media has more stories on password security; problem at "Rock You"

Ashlee Vance ran a story about password security in the Jan. 20, 2010 New York Times, “If Your Password is 123456, Just Make It Hack Me.” The story discusses weak passwords, and the difficulties many home users have in keeping track of many different passwords for different sites. The link for the story is here.

The story reports an incident where about 32 million passwords for social networking sites like Facebook and Myspace were stolen recently from a company named Rock You. The story recommends that users of these sites change their passwords, and use only the strongest passwords. Here is the Rock You statement on the problem, web URL (link).

In the Washington DC area there have been news stories about how some students at a Maryland high school (Churchill), by Michael Birnbaum and Jenna Johnson, link here.

Ransomware and Rogueware: Holding your computer hostage

Here’s another scary story from “The Red Tape Chronicles”, by Bob Sullivan and Panda Labs, “Can your computer be held hostage?: Give me your money, or your computer gets it,” link on MSNBC here.

The latest fad is rather brazen: ransomware. Rather than just phishing attacks and fake anti-virus products, now criminals try to infect machines with programs that disable the machine or encrypt all files until a “ransom” is paid. This is even more aggressive than a category that the FBI calls “rogueware”

F-secure has a report (link “Ransomware: Buy Back Your Own Files”, (web URL)link) on a particular virus called Trojan:W32/DatCrypt which make the user believe that certain common files (like Word documents) have been corrupted. It will invited the user to download and install “recommended file repair software”.

Earlier this month I had an encounter with “FakeAvJs” which Webroot was able to quarantine immediately (see Jan 6).

Phishers become even more subtle, especially with banks

“Phishing attacks” continue to become more subtle. Today, I saw an email purporting to come from Wachovia, and saying that random bank accounts had been selected for “audits” and offering a link to log in for the “audit.”

It’s probably a good idea not to even allow hyperlinks and html to show if your email viewer (AOL) allows you to keep this disabled. I don't know how effective ISP email virus scanners for embedded malware (as in AOL's filter) really are.

Another serious teen cyberbullying case in Massachusetts

The media has reported another serious incident of cyberbullying (apparently with Facebook and text messages) at a high school in South Hadley, MA, resulting in the self-inflicted death of Irish immigrant Phoebe Prince.

ABC News has a video story here, and Boston.com has a story by Kathy McCabe here.

Internet lawyer Parry Aftab commented that cyberbullying sometimes leads to “cyber mobs.”