Tuesday, April 24, 2012

Laptop manufacturers sometimes accidentally step on security with "promos"

A little word to the wise about Notebook laptops.  When using my Verizon New iPad as a hotspot, I tried to connect to it from the list of available Internet connections from Windows 7 (the notification icon).  Toshiba "threw up" one of its announcements in front of the Microsoft Network Options page (Home, work, or public) in such a way that the cursor set it to Home instead of Public, which was intended.  Later, I found all the saved pw's had gone away.   Eventually, W7 threw out another icon and gave me a chance to fix it, so it was OK in the end.  But here is the case where a respectable company (Toshiba) interferes with the proper security of a computer to try to sell you more stuff.  Not good at all. 

The next day, as I was on Blogger in Firefox and trying to upload photos, Toshiba took it upon itself to start Internet Explorer to show me its announcements, again a disruption.

Sunday, April 22, 2012

Slate: cell phone spam problem is exploding

Will Oremus has a major article in Slate on smartphone text spam, dated April 13, here.  It appears on page G4, Business, of the Sunday Washington Post with the title “Spammed? Do Not test “STOP””. 

The problem is growing rapidly, possibly to the point of becoming costly for smartphone users, and mobile phone companies need to do a lot of upgrading of spam filters and in their ability to respond to spam complaints.

Spammers often generate their wares automatically, putting different SIM cards in their devices to generate the spam and then discarding them so they won’t be traced.

When someone replies to a cell text, that confirms the number, which can be “sold” to other spammers.

One way users might get mobile spam is to respond to fake "social surveys", often generated by misspellings of common domain names.  But this problem can become confused by legitimate surveys which some newspapers are now "requiring" as an alternative to paywalls.  

Related story here, April 8. 

Saturday, April 21, 2012

FBI working group warns users about DNS Changer, could lose Internet connection July 9 when temporary "pontoon bridge" goes down

The FBI and other law enforcement are reminding home and business computer users that they could lose Internet access on infected computers July 9, 2012, if infected with the DNS Changer.   Most infections would have occurred through spam and phishing attacks. 

The working group “DCWG” has instructions here. Users can test their computers for infection and there are products that remove the virus.   The malware redirects web requests to servers owned by hackers to resolve web addresses. 

The Rove working  group has been operating replacement DNS servers which will stop on July 9.

The most complete explanation of this problem that I could find is by Ben Grubb at an Australian site, here.    

The Associated Press has a detailed story by Lolita C. Baldor, link

DCWG offers this link on malware.

See earlier stories on this problem Feb 23, 2012 and Nov. 9, 2011. 

Friday, April 20, 2012

Kaspersky warns of link-tracking "trojan", possibly recent

Today, on my Toshiba notebook computer, while I was testing it with my iPad hotspot, Kaspersky warned me about a potential torjan called “Trojan.JS.Frame.yi”, which I see that I documented here Feb. 22, 2012.  But it also tracked the item to “lynktracker.com/XrstX/public”.  Curiously, the incident happened only once, and while Kaspersky was updating its data file.  This could relate to a data signature not available until today.
Neither McAfee, Norton, nor Webroot/Sophos have returned similar results. 

However, the "trojan" may be what the older Webroot/Spysweeper application used to call a "tracking cookie" and would quarantine as such. Kaspersky would not let it "load". 

Google Safebrowsing has a seemingly self-contradictory report which says that Lynktracher has been always seen as safe, but today (April 20) detected suspicious activity and had “infected” 400+ domains, many of them on blogspot.  I have reason to believe that it could gave something to do with one particular third party gadget advertising  (clothing) fashions.   As a precaution, I removed this gadget today from one of my blogs that had it. 

The link is here. The contents of the report here could change quickly. The Safebrowsing report on "blogspot" itself is interesting, and blog names can be inserted into the search parameter. 

Lynktracker has a good reputation with “Webutation” here

McAfee also has a favorable report here. But the domain cannot be accessed directly (gives a "Forbidden"). 

It would seem likely that the item has to do with tracking consumer behavior for behavioral advertising, and could not run if a browser “do not track” option is turned on.  But behavioral tracking is not by itself defined as malicious.

Tuesday, April 17, 2012

Mac users get a security wakeup call from the Flashback Trojan

Mac users are starting to have to get more attention from cybercriminals, according to a tweet from Webroot and TechNewsWorld yesterday, in this story about the Flashback Trojan, link here

Recently, my own Macbook prompted me to upload a security fix for Java which I believe is supposed to stop the Trojan.  I use Norton anti-virus (Symantec) on my Mac.  So far, I do rather limited surfing and email on the Mac, working mostly with my own music and video.

The malware prompts the user to download a bogus Flash player, which the Mac does not supply on its own.  Flash players should be downloaded only from Adobe.  Intego has a discussion here

The Trojan would appear to make the Mac machine then a zombie for later DOS attacks. 

(There is a distantly related story on my COPA blog April 9 about a fictitious "shakedown" or scareware virus.)

Picture: from DC Metro.  Yes, some 16-year-old's are "bottomless pits" without gaining weight. 

Monday, April 16, 2012

Administration says US is all too vulnerable to cyberattack

John O. Brennan, President Obama’s senior advisor on homeland security, has an op-ed Monday in the Washington Post, “Time to protect against the dangers of cyberattack,” link here.  Brennan sees these threats as much more existential in nature than personal privacy issues. 

A good question is why power grids and other critical infrastructure can be reached topologically through the Internet at all.  But anyone who worked in I.T. in any major industry for a span of years, as I did in several (insurance, health care, credit reporting) knows that business operations do have weak points and targets that determined enemies (or maybe corporate or foreign spies) can undermine.  For example, it took industry until the early 1990s to develop really secure elevation procedures for mainframe production systems.  

Sunday, April 08, 2012

Cell phone spam getting harder to stop; Cell phone spoofing could lead to raided bank accounts

The New York Times is reporting today that cell phone and smart phone spam is getting harder to stop, in a story by Nicole Perlroth, link (website url) here.

Mobile spamming would be regulated by both the 2003 Can Spam Act, and the Telephone Consumer Protection Act.

Spammers seem to react to “stop” or “no” responses by treating them as verification of a working number that can be sold to marketeers.

Consumers may find themselves accidentally subscribing to “impossible to stop” services.  One way these may happen is by responding to unwanted “social surveys” often offered at misspellings of common domain names (including Facebook).

Messages go against the consumer's limit and can result in extra charges that could be hard to reverse. 

A company named Cloudmark is developing ways to report and combat spam, as with this link

Byron Achohido has a video for USA Today on cell phone spoofing, in a video link provided by Cloudmark.

Sunday, April 01, 2012

Spammers try to offer to "get you back up on Facebook"

Today, I found an email in my AOL inbox, not screened out, which was titled "Getting back onto Facebook".  It appeared to have been rigged to appear to have come from Facebook's normal emailing mechanisms.  I immediately went to my Facebook account and found it working normally, so this must have been another instance of spam, trying to goad me into giving up Facebook logon information.  Doing so would in fact violate Facebook TOS.