Friday, August 31, 2012



.JAR
AND
SHYLOCK



"Shylock" was a nasty Java exploit several years ago. The holes that were exploited were patched by Oracle back then. Shylock got it's name because when the virus code was examined, Security engineers found references from Shakespeare's play, "The Merchant From Venice".

This is less of a history lesson, and more about the fact that "Shylock" is back, and perhaps, more dangerous than ever. A valid response from you may be: "If the holes were patched, what's the big deal?", and my answer is simple:not everyone updates their computer. I've been to more places than I care to remember where a users PC had Java versions 2-5 on them, and I'm not sure what else the new and improved Shylock takes advantage of either. I do know that it tries to change it's characteristics when downloaded to avoid detection.

You should take a few minutes to read the security blog post on Symantec's website, which also has an easy-to-follow graphical map which helps explain it better than mere words could do. Be sure not to miss exactly what this does, once it begins to nest in your PC. Surf well, surf safely.......

'Nuff Said,
Brian

[Symantec/Norton user for over two decades]

Thursday, August 30, 2012



ORACLE GETS OFF THEIR COLLECTIVE BUTTS




Yes, Oracle has issued a patch that according to RAPID7, stops an attack using the JAVA exploit we've been facing all week.

"It appears that it's effective in blocking the exploit," Tod Beardsley, the engineering manager for Metasploit, said early Thursday. "We just finished testing it 10 minutes ago." [source: Computer World]

The update -- designated "1.7.0_07-b10" -- was published along with a bare-bones release note on Oracles website, and followed that with an alert shortly after 1 p.m. ET.



ZERO DAY JAVA EXPLOIT 4 DAYS LATER




I have had several MAC calls this week for fear they had the JAVA exploit, but a quick check told me both computers were 1.6.0 and I told them not to update JAVA any further until this whole mess is settled out. Meanwhile, in the rest of the world:

Firefox is telling it's users to disable JAVA completely (I.E. users should do the same).
 
Security firms have found packages added to the exploit and if a computer is infected, the package opens and out jump a bunch of other Virus/Trojans.

From Computer World:

"Patrik Runald, director of security research at Websense, said his team had found more than 100 unique domains serving the Java exploit."

Other security firms are telling users to un-install JAVA entirely [ed. - something I did on Monday. I haven't had any problems without it, so until I do, it won't be re-installed]. Some reports say this "HOLE" won't be patched by Oracle until October.

Sharks are in the water, surf safer -
Brian

Monday, August 27, 2012














A Zero day Java7 exploit is putting Windows, Linux, and MAC users at risk right NOW, regardless of which browser is used! Computer World writes:

"The unpatched bug can be exploited through any browser running on any operating system, from Windows and Linux to OS X, that has Java installed, said Tod Beardsley, the engineering manager for Metasploit, the open-source penetration testing framework used by both legitimate researchers and criminal hackers."

Apparently the bug is not in Java 6, and security experts are advising users to disable JAVA immediately. Again, from Computer World:

"Mac owners can disable the Java plug-in from within their browsers, or remove Java 7 from their machines. To do the latter, select "Go to Folder" from the Finder's "Go" menu, enter "/Library/Java/JavaVirtualMachines/" and drag the file "1.7.0.jdk" into the Trash"

Windows users, can either un-install JAVA, or disable it via your browser. For I.E. browser users you cango to Tools\Internet Options\Security\Internet\ and disable active scripting.

Even having done this, try to avoid browsing sites you've never been on before, and hopefully you won't suffer a drive-by JAVA attack.

Thursday, August 23, 2012



CRISIS/MORCUT MALWARE IS VIRTUALLY HERE






Please forgive my play on words, as this is a no joking matter (but I couldn't help it). Malware known as "Crisis/Morcut" has jumped the barrier between the real and the virtual PC, much like Neo in the Matrix.

This Malware actually infects Windows PCs running VMware. Apparently computers, known to be infected, were snagged by a malicious JAVA applet (JAVA_AGENT.NTW). The two key components of this applet have their own special tasks: One infects MAC's, the other looks for Windows machines running the VMware. The MAC part opens up a backdoor to the computer, while the Windows partner is a "Worm", identified as "WORM_MORCUT.A".

We'll hear more about this in the days to come, but at least you know - it's coming.

Monday, August 20, 2012




IT'S TIME TO PUT YOUR THINKING CAP ON
[I AM]




First of all, if you didn't read the post from the 19th, please do as it help will verify the seriousness of the matter.

Infections, data theft, unbootable PC'S unfortunately become as common as those of us who suffer allergies in Houston. Just because you have an Anti-Virus software, does not exclude you from the class of infected users, and perhaps we should start thinking "Out-of-the-box" for ways to combat this. Yesterday's post was alarming enough, and now a report from NSS LABS in Austin Texas leaves me wondering "how do you keep from being infected?"

I realize, as you should, that the report was about some specific threats, and that some AV software which fared well, may not do as good against another type threat, but the answer is definitely not running more than one Anti-Virus on your PC.

I wasn't very happy where Norton fell amongst the 13 products tested, however it (the product) has yet to fail our family after a decade of use. The article about the test was picked up by PC WORLD, which is where I first read about it, then I went to the TSS website to download complete results. As the article on PC WORLD'S website pointed out:

"Antivirus firms will doubtless point out that the attacks were crafted in the lab, that the the vulnerabilities chosen were fairly recent, and that only two were looked at. Making judgements on the basis of such a narrowly-defined test offers only one indication among a number."

However, from reading both the article and Test report, I can no longer recommend a free anti-virus for you to use.

I can ask you "Would you rather pay $80 for an Anti-virus now, or possibly spend over $200 removing an infection and a chance of losing all of your pictures, music, and data?" (which could still happen, but with a far greater chance if you continue to use free anti-virus software).

You can read the PC WORLD article HERE.

'Nuff Said,
Brian

Sunday, August 19, 2012


SHAMOON
[HINT: It's NOT A WHALE]


Yes, your PC could be under attack by "Shamoon", it's the latest....(clue: picture to the right) Trojan that usually targets businesses, Government websites, etc. but anything can happen so be on alert. This Trojan is a destructive little bugger which gets the data it wants off your PC, then destroys it's path leaving your PC DOA. Yes, this could very well be a format hard drive situation, as it corrupts or removes your Master Boot Record (MBR). As of this writing, the largest Anti-Virus companies are hard at work on SHAMOON, however, they have yet to discover what data it is after and relaying to a remote server.

UPDATE:

"Shamoon" is also labeled as "Disttrack" by other Anti-Virus software and Trend Micro reports it overwrites any Document, Picture, Video, or Music on the computer rendering them useless and unrepairable. It has been known to use the file names "Clean.exe" or "Dvdquery.exe".

'Nuff Said,
Brian

Thursday, August 16, 2012



BAD NEWS OF THE WEEK....



There is another ZeroAccess Trojan floating out in cyberspace - make sure that your anti-virus software is updating, and it wouldn't hurt to run a Malwarebytes scan just to make sure your AV security hasn't been compromised by the PUM.Disabled.SecurityCenter trojan.

And, once again, there is a Trojan that takes advantage of another hole in Adobe Flash. According to Trendmicro, it takes the form of a .DOC attachment in an email. Hopefully (for the bad guys) you'll be lulled into la-la-land and open the attachment, thus enabling the exploit. Once again, please keep your Adobe Reader, and Flash updated, along with JAVA.

Thursday, August 9, 2012


DO WE, AS HUMANS (or Aliens posing as human) DEMAND INFORMATION REGARDLESS OF PRIVACY RISKS?

If you think about this for awhile, this issue has a double-edged sword. We want more information, and we want it faster, but when it comes to each individual, we want our privacy.

This dilemma is something Actors face once they make the "Big Break", and are suddenly in demand. While making a huge sum of money it becomes very clear to see what they gave up to stay there. [ed. - in case you were dozing off, "Privacy" is what they lost]

I don't know how many customers I've personally added to our database as a new customer, but when I ask "And your home phone number please?", quite often hear one of two things:
  1. "Oh, we have a phone but don't answer it any longer so let me give you my cell number"
  2. "We only use our cellphones, so put that down under "Home".
We (my wife and I) haven't had "Landlines" for years now, opting for cell phone use only, as many other people do to avoid crank calls, time-share calls, scammer calls, etc. That is our privacy. If we want to hear from you - we'll give you our numbers.

Another form of privacy is your email address. Not quite as private as a cell phone number, but nonetheless it presents a layer between us and "THEM" [ed. - No. Not the giant ants]. Many people, myself included, have multiple addresses with multiple purposes. Now what if your email addresses were easy to find?

I read an AP story this morning where Google was trying out an experiment where you could do a google search for someones Gmail address - and get it. I'm not crazy about that idea because if it passes, then they'll place that bar a bit farther away, slowly-but-surely eating away at our privacy. Yes - this is an experiment, and yes, you'll have to sign up to be part of it, but something in my gut is hoping this experiment will fail.

'Nuff Said,
Brian

Monday, August 6, 2012



ANDROID BASED MALWARE GROWING FASTER THAN FORECASTED








GRAPH SOURCE: Trendmicro

Sunday, August 5, 2012


UBISOFT AND DRM

DO YOUR CHILDREN HAVE ANY RECENT GAMES BY UBISOFT?



According to an article on TECHDIRT, Ubisoft has been playing around with DRM (Digital Rights Management) to make it harder for the game to be counterfeited.

The story continues on how an unsecured plug-in is installed in the browser and the person wanting to play the game has to go to a website (they did not specify Ubisoft's only) to start the game. Apparently the coding of this unsecured plug-in is messy enough that it allows a backdoor and the ability for ANY website to use the backdoor to do whatever they want to do on your computer. Does anyone else see a problem?

'Nuff Said,
Brian

Saturday, August 4, 2012

IT'S WHAT I DO


WOULD YOU LEAVE A NOTE ON YOUR FRONT DOOR SAYING, "HI, WERE NOT HOME NOW, AND WON'T BE BACK FOR HOURS"?

[ed.- Of course well, hopefully not]


Most parents know how dangerous the Internet can be, and if they have children, they usually try to get this across to their child whenever they become of "PC AGE". Maybe a few years go by, and the child is a teenager now, so parents - It's time for a refresher course! [ed. or, as the "Thing" from the Fantastic Four might shout: "It's clobbering time"]

I didn't research any hard facts or actual data, but I would make and educated guess that at least 75% of teenagers who use a cellphone, use a smart phone with features offered by Android and iPhone, with "APPS" like.........."FACEBOOK".

And I've read, and heard about my many horror stories regarding their need to inform their friends what they are doing at a particular time, where they are doing it, and if it's a Movie, you can pretty well figure out how long that will last, and when they get home they find out they were pretty well cleaned out.

Posts like:
  • We're just going in to the theatre to see Spiderman
  • Alice and I just sat down at Texas Land and Cattle for Steak Dinner off the Southwest Freeway.
  • Hi everyone! We just wanted to let you know that our cruise is going great and we'll fill you in with the facts when we get back next week!
  • Grrrr. I'm stuck at work for at least another two hours, maybe more. I'll be lucky to get home by midnight. Grrrr.
Notice a pattern? IF this news is only going to friends (that don't blab to less-than-honest-friends), you might be okay. But with the number of accounts being hacked into, it's very possible you've just told a completely dishonest stranger that it's a great time to go to your apartment or home and clean it out.

Five years ago I would have put the odds of this happening as "Astronomical". Today, I'm not so sure - and neither should you. It's really a good time to sit down with your teenager (or in some cases, husband, or wife) and re-enforce how lax security is, and they should be less willing to give this information out. You could suggest they wait a day and then tell their friends that they were out last night pretty late but had a good time. This has been my public service announcement for the week.


[VIEWING CHART]

I'd like to thank all of you out there who have actually taken the time to read this Blog, and hopefully you have received a little extra information to keep you ahead of the hackers curve. The chart above is a graph which shows when I had the most viewers, I while I don't recall the exact number, between July 27th and Today, this Blog has had over 2500 views. Thank you - Very Much!

'Nuff Said
Brian

Friday, August 3, 2012



EVER GET THAT SICK FEELING IN YOUR STOMACH?

[WHEN YOU OPEN YOUR IN-BOX]


You never really know (at times) when you've been scammed or when an email is trying to scam you. Take this fine example, the subject line catching my eye first:

"Your Amazon Local Order is Confirmed: APPLE Gift Cards"

I opened my email to see, what you see below:



So, according to this, I just spent $1,000 on APPLE gift cards. When you get an email like this, don't click on any of the links. I went to my Amazon Account "Recent Orders" to confirm this didn't take place, followed by quick look at my bank account. Everything was fine. Be aware of email scams like this.

Wednesday, August 1, 2012




YES, I'M CROSS POSTING HERE


If you'd like a quick look at the new Microsoft Outlook.com, check out my other Blog HERE!




DO YOU KNOW WHAT A "RAT" IS?





NOPE....

Well, yes, that is a rat, and they come in all sizes. The rat I was asking you about was the "Remote Access Trojan" used by a group of Chinese hackers called "Luckycat". If I asked you, "What OS did they attack first?" You would be correct if you answered "Microsoft Windows". Heck, I think almost all of these groups attack Windows (in it's various flavors - XP, Vista, 7, and very soon 8) just to get their feet wet.

Well, Luckycat is now breaching the Android operating system, so - if you smell a rat in an APP [ed.- or SMS message], perhaps you've discovered a Remote Access Trojan!! Trendmicro seems to be on top of things like this, so if you're using your Android Phone or Tablet without protection, I would recommend it.