Facebook Malware

Every year, there is a resurgence of Facebook malware and in some way or the other would result in this malware posting on your Facebook wall and to make it worse would either post on your friend’s wall or tag them.

This method allows the malware to propagate and to garner greater visibility even though these are the methods used by a malware specialized in targeting Facebook users. However the content in most cases are porn images and they may relate to some fictitious, eye-popping, attention grabbing news.

Fortifying user-accounts and strengthening their security has taken precedence, however when it concerns Social Networking, the entire ideology of “secured account” changes dramatically. Its not just about your own account, it is also related to those accounts which belong to your relatives, friends, colleagues and et al.

We may consider splitting the issues created by Facebook Malware into two distinct parts

1: The Malware

The malware spreads itself by posting links to a pornographic image or video from the account of previously infected users. The postings generally tag not more than 20 friends of the infected. If and when a user opens the link pertaining to the post, the video begins to play but then stops and asks the viewer to install a fake Flash player containing a Trojan downloader with the actual malware. This malware can even manipulate keystrokes and mouse movement.

2: It’s Propagation

In order to tackle the menace associated with Malware the following tips and tricks would ensure that you as the account holder do not get infected nor would your account assist the malware in propagating.

TIPS for Securing your Computer

1: Do not click on shortened or unknown links: Facebook spammers mostly disguise links to suspicious websites by using URL shortening service, which misleads you to think you are clicking on a legitimate article or blog. These links lead to sites that can eventually install malware or spyware on your computer.

2: Know what to look for: Facebook spammers get more creative on various tactics to make you fall for something harmful and how elusive they can be to get spotted. If you notice any one of the following traits on a Wall post, group or page, it’s recommended that you don’t click it.

3: Avoid giving authorization to wary games and apps: If you are enticed to permit a Facebook program to post on your own and your friends’ walls, then you should think twice. Close the game or app that can access your private information and networks any time. Why would you give access to all of that information to a real stranger?

4: Look for telltale signs of spam: If you see any of your friend posting multiple links or videos to multiple friends’ walls, then it’s possibly the work of a spammer. Eg. If you see a wall post from a friend stating Facebook finally offers a way to see who views your profile, then never believe it and click on it. Moreover, pages that warn they are not authorized by Facebook could be harmful to your computer.

5: Take action as soon as possible if you fall for a spam link or page: There are a few ways you can handle the situation if you find out you’ve been spammed:

  • Remove spam wall posts by either clicking the “X” to the right of the post, or marking it as spam via the same dropdown menu.
  • Get rid of games that may be spam by going into “Account Settings”, and then “Manage Apps”. There you can edit and remove permissions.
  • Change your Facebook password.
  • Consider enabling secure browsing via Facebook Security settings.
  • Prevention is always better than cure! Install any eScan Anti-Virus and Internet Security Suite software for Home and Small Office to perform proactive and regular security check on your computer.

However, the above mentioned tips would appear useless when one of your contacts on Facebook is affected by a Facebook Malware. Hence, you protect your self and to cease the malware from propagating, ensure that your Facebook account is configured as shown in the below mentioned screen-grabs.

clip_image002

clip_image003

These settings, when configured as shown above would not only safe-guard your Facebook timelines from the spam posts, but also those which might be posted through the accounts of any of your friends. Besides, it would also stop the tags from being displayed directly on to your timeline.

Posted in eScan 11 | Tagged , , , | Leave a comment

New Ransomware that charges $500 to Unlock your Android Device

Our security researchers have recently encountered a new Ransomware in Android, which is used by hackers to extort money from users called Android.Trojan.SLocker.D

What is Android.Trojan.SLocker.D Ransomware?

It is a ‘Fake FBI Alert’ malware, which locks out Android users from accessing their phone. Victims cannot access their phone unless they have paid the ransom amount demanded by the cyber-criminals.

How does Android.Trojan.SLocker.D Ransomware work?

It typically propagates as a spam email attachment or an APK file pretending to be an Adobe Flash Player update. When the Android user presses “Ok” to continue, a FBI warning is displayed on the screen which prevents the user to navigate away.  In addition to it the fake FBI message informs the victim that they have broken the law by visiting pornographic website. It was also found that screenshots of browsing history of the victim is displayed. The scammer claims to have screenshots of victims face and knows their location.

This type of Ransomware demands $500 in form of Money Pak or PayPal My Cash transfers as a release fee and if victim attempts to unlock the device without paying the money, the amount is increased to $1500.

Our researchers also found that malware victim’s files were not encrypted instead home screen and back button is disabled and when the phone is restarted the malware still remains.

So how can we safeguard ourselves against Android.Trojan.SLocker.D Ransomware?

Below are some tips suggested for same:

  • Use trustworthy antivirus software (eScan) on your phone and update it on regular basis.
  • Download applications from their official website or from an official store such as Google Play for Android.
  • Open emails only if you are positive about positive about the source.
  • Regularly backup your important files.
Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , | Leave a comment

Corporate Espionage through Social Engineering

Are you working in a company that was a victim of Corporate Espionage recently? If yes, then you need to read this. Even if you don’t, still you need to read this.

What is Corporate Espionage?

Process of spying business competitor or intelligence agency or internal organisation for vested interests is called Corporate Espionage or Economic Espionage.

One of the recent high profile cases of Economic Espionage, six Chinese citizens were arrested on charges of stealing sensitive wireless technology from US Companies. To know more click here http://on.wsj.com/1JXw2C8

What is Social Engineering?

Social Engineering is an art and science of getting people reveal their sensitive information. It is broadly classified into three categories namely Human based, Computer based and Mobile based.

Human based Social Engineering: This type of social engineering involves person to person interaction. The US-CERT definition of Social Engineering is more appropriate here, i.e., any attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

Computer based Social Engineering: Making use of computer software to carry out Social Engineering attack.

1 Phishing: It involves cyber-criminal sending an email to the recipient.  The email requests the recipient to confirm banking transaction or reset password or PIN.  The victim opens the link thinking that the email is genuine. The victim is re-directed to a malicious website, which captures the information. Both eScan corporate products (eScan Corporate Edition with Hybrid Network Support and eScan Corporate 360 with MDM and Hybrid Network Support) provide an anti-phishing filter which protects users from both Phishing and Spear Phishing (as explained below).

1.1   Spear Phishing: This type of phishing is intended to target a single user or specific organisation seeking unauthorised access to confidential data by using email as its methodology. Spear Phished emails can be sent in numerous forms. Some of them inform the recipient that the previous email has failed and a link is also provided, which would make the recipient feel that the email is genuine.  The link opened by the victim will be re-directed to website which would request the victim to enter their email address and password or click on the link will download a Trojan. eScan recommends its readers to never open an email attachment sent from an unknown sender, open it only if you are positive about the source and never send or reply to emails which ask for sensitive information to an unauthorized person.

1.2   Identity Theft: Hackers steal victim’s personal information such as name, mobile number, email id etc. for any fraudulent or illegal purpose which is done with the help of keylogger. The best example of an identity theft was a written article about NSA spying users of some of the top Hard disk manufacturing companies for more than a decade. Corporate products of eScan provide Virtual Keyboard which stimulates the user’s keyboard and acts as a secure mechanism for the user to enter sensitive information such as login credentials, banking password and many more. Identity theft also occurs when data is leaked from client’s system either by copying the data to USB, CD/DVD or any other medium. eScan Corporate products and eScan Endpoint Security (with MDM & Hybrid Network Support) addresses the problem of endpoint by providing features such as Recording of files copied to USB, Blocking of CD/DVD, USB Blocking with Password Management and Blocking of auto-play of USB devices etc.

Mobile based Social Engineering

1 Malicious App: Mobile users are tricked by downloading malicious app which pretend to be a genuine one, but ends up posing as illegitimate one. eScan Corporate 360 (with MDM & Hybrid Network Support) has a unique feature to cater to this. The MDM (Mobile Device Management) consists of App Protection, blocks third party applications by default when eScan app is deployed.

 

Posted in eScan 14, Security | Tagged , , | Leave a comment

Malicious Malware

eScan, one of the leading Anti-Virus and Content Security Solution providers, has studied on a recent poll that says 32% of the top IT professionals agreed that data breaches and malware are the top threats that any organization faces.

According to the further enquiry poll, the trends have been noticed that the adverse effect of security programs is likely to get worse in future specifically because of continuous evolution of BYOD practices and increase in adoption of cloud technology, both public and private.

Let us see how malwares are baring their heinous fangs to cripple different sectors of IT industry.

  • Malware threat to Virtual Currencies: Extensive research has found that virtual transactions could result in entrenchment with malware and other prohibited data like child abuse images, pornographic content etc. Bitcoin, a form of electronic currency, uses P2P (peer-to-peer) networks to track and verify such transactions. Most Bitcoin-mining malware arrive via malicious downloads or sometimes through social media. Exploitation of system and/or application vulnerabilities mainly leads to such infection. As a result the ‘cyber hygiene’ gets seriously affected and it becomes an ideal place to host unlawful data or images.
  • Malware attack to Chat rooms: Cyber criminals are always trying to target various Chat-rooms, specially gaming chat-rooms. These are always a matter of entertainment to the kids and teens resulting in easy access for the crooks to convert the chat session into a cyber-trouble. Any malware which is usually associated with web-based delivery are responsible for this. However, there are some genuine chat-rooms which are useful. The guardians’ role is important here. They need to teach their kids about how to remain safe from these hazards. The children should learn not to enter any unauthorized chat-rooms that might appear as a pop-up!
  • Malware target hotel Wi-Fi: Hotel Wi-Fi is sometimes prone to malware attack. Thousands of hotel chains rely on such wireless networks for hospitality of the customers. Very recently researchers had found vulnerabilities in the wireless routers mostly used by the hotel industry which allowed a hacker to spread malware through a hotel’s Wi-Fi network. These malwares can also track sensitive data and attack the hotel’s Internet-connected operational systems. Such vulnerabilities allow the malware to get injected into the guests’ devices and even monitor and steal data transferred through the network.
  • Macro-based Malware: Macros are a series of commands used to complete a task automatically and are generally found in Word Documents and in Spreadsheets. The culprits have once again made use of this capability to compose malware-laden macros. Macros execute immediately after the file is opened; the victim who opens the file remains unaware that anything unnatural happened to his/ her system. Cyber felons prefer macro-based malware because it is versatile and requires minimum effort.
  • “NewPosThings” Malware: The ‘NewPosThings’ malware has been found recently trying to control the hub of IP addresses associated with certain airports. POS malware are always a threat since credit and debit card transactions happen throughout the year. A POS intrusion mainly happens when a card is swiped at any ecommerce transaction. These malware have RAM scraper capabilities, key-logging routines, dumping Virtual Network Computing (VNC) passwords and sensitive information gathering. Most POS systems are Windows-based which makes it simpler to create such malware to run on them. The devices used in such industry are open to the web and sometimes protected with easy passwords making it vulnerable for such attacks. Recently, researchers have detected that the latest malware even de-activates security warnings on systems and creates anti-debugging methods.
Posted in Security | Tagged , , | Leave a comment