Spyware Sucks

Android phones with fake Netflix malware pre-installed

sandi — Thu, 06 Mar 2014 00:05:08 GMT

Do you own the following products? If so, you might want to read this article…

SAMSUNG GT-N8013 Galaxy Note tablet, SGH-1727 Galaxy S III phone, SCH-1605 Galaxy Note 2 phone, SGH-1337 Galaxy S4 phone, SGH-1747 Galaxy S III phone, SCH-1545 Galaxy S4 phone
MOTOROLA Droid Razar, Droiz 4, Droid Bionic
ASUS A Eee PadA Transformer TF101, Memo Pad SmartA MT301
LG Electronics Next 5

http://www.computerworld.com/s/article/9246764/Pre_installed_malware_found_on_new_Android_phones

For those of you who want to read the Kirsty Ross decision

sandi — Wed, 05 Mar 2014 11:35:00 GMT

http://www.ftc.gov/system/files/documents/cases/140228rossorder.pdf

300,000 routers hijacked

sandi — Tue, 04 Mar 2014 10:41:00 GMT

"So far, the attacks have hijacked more than 300,000 servers in a wide range of countries, including Vietnam, India, Italy, Thailand, and Colombia. Each compromise has the potential to redirect virtually all connected end users to malicious websites that attempt to steal banking passwords or push booby-trapped software, the Team Cymru researchers warned."

http://arstechnica.com/security/2014/03/hackers-hijack-300000-plus-wireless-routers-make-malicious-changes/

Innovative Marketing update

sandi — Mon, 03 Mar 2014 23:19:00 GMT

Innovative Marketin has been often mentioned in this blog over the years....

Here is the latest news - of course, actually getting money out of any of the parties involved is a different matter...

http://nakedsecurity.sophos.com/2014/03/03/scareware-pusher-loses-appeal-against-epic-163-million-fine-poll/

Dear Google and Microsoft

sandi — Sat, 15 Feb 2014 02:34:44 GMT

This alert appeared in Google Chrome today. I have no idea why.

Dear Google: how am I meant to know if this is a “real” Skype extension? There’s no information about the provider/developer on that screen and if I close the dialogue because I don’t want to install something unexpected unless I know it is legit I lose the opportunity to install (there’s nothing in the Extensions window – even disabled – and the prompt to enable disappears from the Customize dropdown).

Dear Microsoft: assuming this was a real Skype extension, and it’s from one of your update processes, can you PLEASE tell me when you’re going to install new stuff before you do it to save me from the inevitable confusion? Auto-update should only be used to update existing stuff without notice, not to add new stuff.

Scammy stuff on Facebook

sandi — Thu, 23 Jan 2014 06:30:42 GMT

Yeah, I know… the sender of the invites to this “event” swears up-n-down that they didn’t like the page, or send me or others an invite, and he can’t find anything in his apps that looks suspicious

Here’s the “event”. Within hours the invite count had reached 784,432.

If you’re silly enough to go to leaked-snapshots.org, you will see a fake Facebook login page…

Did you know you can see all recent signins to your Microsoft account?

sandi — Wed, 22 Jan 2014 09:38:00 GMT

This is very useful information:
http://sbs.seandaniel.com/2014/01/checking-your-sign-in-history-in.html

Fridge sends spam emails as attack hits smart gadgets

sandi — Fri, 17 Jan 2014 23:19:00 GMT

Well, I suppose we knew it had to happen sooner or later...

"A fridge has been discovered sending out spam after a web attack managed to compromise smart gadgets. The fridge was one of more than 100,000 devices used to take part in the spam campaign. Uncovered by security firm Proofpoint the attack compromised computers, home routers, media PCs and smart TV sets. The attack is believed to be one of the first to exploit the lax security on devices that are part of the "internet of things".

Cite: http://www.bbc.co.uk/news/technology-25780908

Drive-by Download Attacks: Examining the Web Server Platforms Attackers Use Most Often

sandi — Thu, 09 Jan 2014 00:36:00 GMT

The top two - open source Apache and Nginx:
http://blogs.technet.com/b/security/archive/2014/01/08/drive-by-download-attacks-examining-the-web-server-platforms-attackers-use-most-often.aspx

Hitman Pro writeup about the Yahoo malvertizing incident

sandi — Thu, 09 Jan 2014 00:22:00 GMT

It's an excellent write-up, and worth a read:

http://hitmanpro.wordpress.com/2014/01/05/malware-served-via-yahoo-affected-millions/

Lessons for the layman: keep all software on your computer up to date and get rid of Java (you know, the stuff that runs java applets). Run antivirus and keep it up to date (but remember, antivirus is more reactive than proactive and may not catch the really new stuff).

Make no mistake, Yahoo are the victims here as much as those people who are left with infected computers. If you are a publisher or in ad-ops, do what you can to avoid the miscreants: http://www.anti-malvertising.com/

Important information from Google about Chrome support for NPAPI ending

sandi — Wed, 08 Jan 2014 11:15:00 GMT

Cite: http://blog.chromium.org/2013/09/saying-goodbye-to-our-old-friend-npapi.html

"Starting in January 2014, Chrome will block webpage-instantiated NPAPI plug-ins by default on the Stable channel. To avoid disruption to users, we will temporarily whitelist the most popular NPAPI plug-ins that are not already blocked for security reasons. These are:

Silverlight (launched by 15% of Chrome users last month)
Unity (9.1%)
Google Earth (9.1%)
Java (8.9%) *
Google Talk (8.7%)
Facebook Video (6.0%)

* Already blocked by default for security reasons."

"The psychology of malware warnings"

sandi — Wed, 08 Jan 2014 10:58:00 GMT

A fascinating read:
http://www.lightbluetouchpaper.org/2014/01/03/reading-this-may-harm-your-computer/

Direct link to report:
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2374379

Umm, I don’t think that’s quite right…

sandi — Wed, 08 Jan 2014 03:03:15 GMT

Ongoing problems at the English language Moscow Times

sandi — Tue, 07 Jan 2014 23:57:35 GMT

Excellent writeup here:

http://blog.malwarebytes.org/exploits-2/2014/01/hard-times-on-the-moscow-times/

WA official faces prosecution over software favours: Gifts for contracts exchange uncovered

sandi — Tue, 07 Jan 2014 09:59:00 GMT

Just wow: http://www.itnews.com.au/News/368869,wa-official-faces-prosecution-over-software-favours.aspx

More than $1 million in CA products purchased :(

Yep, malvertizing is still around

sandi — Tue, 07 Jan 2014 09:55:00 GMT

I don't write about it as much as I used to, but malvertizing is definitely still around; Yahoo being a recent target:
http://blog.fox-it.com/2014/01/03/malicious-advertisements-served-via-yahoo/

Misleading Flash / Java / web browser update alerts / advertisements-disguised-as-alerts continue to do the rounds as well. If you ever come across such things, please drop me a line via a comment and I will get it looked at.

Intel killing off McAfee name (for some products, apparently)

sandi — Tue, 07 Jan 2014 09:53:00 GMT

Details here:

http://news.cnet.com/8301-1009_3-57616756-83/intel-kills-off-mcafee-security-brand/?part=rss&tag=feed&subj=News-Security&Privacy

I do enjoy Google’s sense of humor…

sandi — Mon, 09 Dec 2013 04:01:45 GMT

It adds some much appreciated levity to a work day.

Misleading advertisements won't be going away any time soon...

sandi — Fri, 06 Dec 2013 22:45:00 GMT

Not when you see reference to the infamous RBN (Russian Business Network) anyway...

Check this out:
http://urlquery.net/report.php?id=8165615

And this:
http://urlquery.net/report.php?id=8165658

I'd recommend you visit this site - find out if your username and password is known to be compromised

sandi — Thu, 05 Dec 2013 10:56:00 GMT

I'd recommend you visit the website in this article, find out if you're email address and password was in a hacked database. It correctly identified the only theft of my username/password that I know of http://grahamcluley.com/2013/12/check-youre-victim-database-breach-pwned/