Tag Archive for Exploits

Avoid Trickery on Facebook and Twitter (pt. 1)

The popularity of social networking sites like Facebook and Twitter has created a malicious hacker wonderland. A fantastic place for them to exploit the users of those sites. Their goals? To infect computers with malware, trojans, and viruses. There are a variety of exploitative programs out there. Some obtain personal information, sometimes voluntarily, sometimes through nefarious means, while others transform a computer into remote-controlled “zombie” machine.

Why do people fall prey to these schemes? Because they lack (1) anti-virus and (2) malware protection programs on their computers; amd they lack the skills necessary to spot and avoid the potential risks. Free service and the ease and seeming anonymity of point-and-click make increase the chances they will lower their guard.

Malicious Hackers Top Tricks

Hijacking Twitter’s Trending Topics. This technique has become popular in the last three months. Basically, hackers create new Twitter accounts and then post messages related to whatever the trending or “hot” topic of the day may be.  As a result, the post gets included in Twitter search results. The hackers message includes a link or web address that they hope unsuspecting users will click and explore. The link, unfortunately, leads the user to an infected website.

Hijacking Legitimate Accounts. This works on Facebook, Twitter, and any communications website such as Yahoo! mail, Hotmail, and Gmail, to name a few. Here the hacker breaks into legitimate accounts. Once in, they start sending out messages on that account. The messages, as above, include links to malicious and/or fraudulent websites. Since the tweets, posts, or emails come from a legitimate and trusted account the established base of friends and followers is more likely to respond. On Twitter, this makes it more likely that others will spread the seemingly legitimate message from a known and trusted source. This increases the range or “reach” of the threat.

ReputationDefender.comDangerous Email. Another method of encouraging social networking users to click malicious links is the timeworn technique of sending “spoofed” email. In this instance, the hackers create messages that appear to come from a social networking site like Facebook or Twitter, and even MySpace. The messages asks that you to “update your account” or open an attachment.

Tomorrow: 8 Safety Tips for Social Networking

Avoid Trickery on Facebook and Twitter (pt. 2)

Last week I discussed some of the recent tricks being exploited by hackers on Facebook and Twitter. These tricks can be harmful to your:

  • personal identity
  • your personal finance
  • and your online reputation

These risks come from: 

  • malicious links in tweets and posts
  • account hi-jacking
  • and email spoofing

How To Stay Safe

To better avoid the risks and dangers of social media sites you should employ these best practices as much as possible. You may already be following many of these, but it is best to review them and keep them fresh. Iften we follow the safest road, and when no dangers seem apparent, we can get lulled into a false sense of security and let down our guard. Or in this case, our computer guards.

  1. Don’t assume a link sent or posted by a friend is “safe”: Your friend may have lowered their defenses, or not exercised caution with their online activity. As noted earlier, your friend’s account could have been infected, hacked, or hi-jacked. You may want to contact your friend first and check with them if the link is genuine. Many times I have found that they received the link from someone else, and just forwarded it assuming it was safe. They didn’t know that the friend be fore them hadn’t investigated the link either.
  2. Don’t assume a message from a friend is “safe”: Does the message sound like something your friend would actually say? Have they spoke on the subject before? Perhaps their accound has been hi-jacked. One of my own email accounts got hijacked this past summer, and the hacker sent messages from my account saying I was in need of money. One of my friends, believing I was in danger, sent $600 cash.  If you’re unsure, try to contact them through another channel. In my situation, many of my other friends sent me texts and made phone calls to me to check it out.
  3. Don’t assume Twitter links are safe just because Twitter scans for malware: In August 2010, Twitter partnered with Google to use Google’s Safe Browsing API. This technology checks URLs or web links against Google’s blacklisted sites. This prevents spammers from posting malicious URLs to Twitter, but it does NOT prevent them from using shortened address services such as bit.ly or tinyurl.com.  Hence….
  4. Don’t Assume Bit.ly and TinyURL Links are Safe: These legitmate address shortening service make it easy to convert long web addresses into short addresses. Bit.ly, in particular, is Twitter’s address or URL shortening service partner. Bit.ly, too, uses Google’s Safe Browsing API and two other blacklists to identify malicious links. BUT although the service doesn’t prevent users from posting these links, it will warn you when you click that the site being linked to is infected. BUT they’ve been known to miss a few according to various anti-virus services such as Kaspersky. As we’re learning, nothing online is ever completely safe, but then again, is anything ever?
  5. Use an up-to-date web browser: There are dozens or more browsers to choose from. There’s Microsoft Internet Explorer, Mozilla Firefox, Apple’s Safari, AOL’s online software, Opera, Google’s Chrome, and many more. They are periodically updated and “patched” by their respective companies. Hackers will find flaws in these programs that can be exploited. That means Internet Explorer users, the most frequently attacked, should be on IE8. Firefox is number two on the hitlist, but it alerts you when an update is available (if you have the most recent version that is). The same goes for Google’s Chrome browser.
  6. Keep Windows and Mac O/S up-to-date: As always, Windows users should make sure their systems are current with the latest patches from Microsoft. Automatic updates should be turned on. Mac issues updates periodically, too, though not as often as Microsoft.
  7. Keep Adobe Reader and Adobe Flash up-to-date: Since Microsoft, Apple, Google, and Firefox have been so diligent with updates, patches, and security; hackers have set their sights on these programs. A lot of malware exploits known vulnerabilities in Adobe’s software packages. One common attack from hackers directs victims to malware-infected sites that request you update your Flash or the Adobe Reader in order to view content on the site. DON”T DO IT using their links!  Instead, go directly to Adobe’s site (www.adobe.com) on your own and download the latest version. Why not do that right now? Go ahead, I’ll wait here.
  8. Don’t assume you’re safe because you use a Mac: Didn’t I hint at this on number 5 and 6? It’s true, Mac users are less “targeted” than Windows users, but they’re not immune. The truth is there are fewer Macs out there, so they present a smaller target, so hackers are less likely to attack them. But as they grow in popularity then get targeted more and more. Popular public opinion has it that Macs are invulnerable to viruses. This isn’t true. As a matter of fact, Apple has started to include some malware protection in their latest operating system, but it only protects users from two attack forms. There are currently several hundred attacks out there that specifically target Apple computers. The true number may be larger, but since so few Mac users use anti-maleware protection software, it’s hard to tell what the actual figure is.
  9. Beware of email messages from social networks: Email addresses can be “spoofed” by hackers, so you can’t assume a message from Facebook or Twitter is really from those sites. Don’t open attachments you’re not expecting, and be wary of clicking on links that request you “update your account.” And if you do click, and you arrive at a page that asks you to log in, DON’T.  You could be delivering your personal account info into the hasnds of a hacker. Instead, always access your favorite sites directly by “typing” the URL or web address into your browser or clicking in with your Bookmarks or Favorites.

As I mentioned before. many of these practices are the same ones you should already be following from earlier risks. Hackers tend to elaborate on pre-existing schemes and attack forms, and so you should elaborate on pre-exisiting safe practices.

So always keep your computer and browser up-to-date, and don’t open attachments. PLUS don’t assume your friend has been playing it safe either.  How often do we talk with friends about updating somputers and anti-virus programs? Not often, right?

But we should because malware hackers are getting trickier, and know they are seeking to use the trusted identities of our friends on Facebook and Twitter, to lull us into a false sense of safety. So use caution when friends send or provide links. Specially if it is out of the ordinary for them. After all, the risks aren’t on Facebook and Twitter, but in the sites they link to.

Watch the connections.

Emergency IE Patch Released Today


Microsoft typically releases its updates on Tuesday evenings, but today they will be issuing a special patch specifically for Internet Explorer. The patch will be released at 1:00 PM EST. Windows XP users can get the patch downloaded and installed by going to http://windowsupdate.microsoft.com/. Windows Vista users can get the patch by either by going to http://windowsupdate.microsoft.com/ or by clicking “Windows Update” on their Start menu.

What’s the patch for?

The patch fixes a flaw which allows thieves to remotely take over a computer and steal passwords and — potentially — financial information.  The scam works by secretly planting malicious code on hacked Web sites.  The code causes Explorer to crash briefly, then allows thieves to take over the infected computer. Microsoft said one in every 500 computers that use Internet Explorer — up to 2 million computers worldwide — may be infected.

Initially the problem was though to be unique to the current IE7 browser, but it has since been discovered to exist in versions as old as IE5, and even in the upcoming IE8 browser.

Is this a virus?

No, this isn’t a virus. This is an “exploit”.  There is a flaw in the programming of a specific area of the Internet Explorer’s code. It is connected with a HTML web site programming tag called “span”.   The flawed code mishandles the span code, and there are programmers out there exploiting this flaw. The patch fixes the flawed code.

Also, Symantec, the makers of Norton Internet Security and Norton AntiVirus released antivirus signature “Bloodhound.Exploit.219” and “IPS signature 23241 – HTTP MSIE Malformed XML BO” to protect users against this exploit. These updates were released on Decmber 10, 2008. Yet another reason to keep your anti-virus software and subscription up-to-date.

How Do I Update My AntiVirus?

Norton updates can be found here.
McAfee users can use the Virtual Technician here.

Be aware, if you renew your antivirus subscriptions every year, then your computer is likely to be protected already. Modern antivirus programs update automatically at least 4 times per day so long as your computer is connected to the Internet.

My AntiVirus Is Fine, Do I Need The Patch?

I strongly encourage you to download the patch. Multiple layers of protection work better that single layers.


Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

Microsoft Word 2002 Flaw Under Investigation

Tuesday, July 8, 2008, Redmond, WA — Microsoft released a Security Advisory regarding a “possible vulnerability” in Microsoft Word 2002 SP3 (also known as Word XP, but do not confuse it with Windows XP).

What’s Known About This Attack?
Symantec (Norton) and Microsoft are working together on this one.  Symantec is developing an update to detect the document, and Microsoft is working to fix the flawed programming in Word 2002 SP3. Small numbers of people have been tricked into accessing this document delivered by email or by luring them to a hacked web site.

But Aren’t You Curious …
… to know if you have the affected version of Microsoft Word 2002 SP3? By “affected” I mean: If you were to receive and open one of these documents, would you have to worry? Here’s how to find out. (Don’t worry, knowing you have Word 2002 SP3 doesn’t do any harm).

To check if you have Word 2002 SP3, do the following:

  1. Start “Microsoft Word”.
  2. Click “Help” (top right), then “About Microsoft Word” (bottom of menu). A dialog box will appear.
    • Near the top: If it reads “Word 2002” and further along it says “SP3”, then your version of Word is affected. You must see both phrases; if you see 1 out of 2, don’t worry, you’re not a candidate.

What Happens As A Result Of This Flaw?
If, and only if, you have Word 2002 SP3, and if you receive and open one of these mysterious Word 2002 documents from an unknown source … Microsoft Word exits.  Strange, you might say to yourself. And then you reopen the document, and life goes on.

I was unable to find any further information from Symantec or Microsoft on what happens next.

Some reports I found on other web sites say that at the time that Word exits a Trojan (remember the Trojan horse?) program has been activated that records keystrokes. Presumably watching out for passwords, and sending them to the hacker’s remote location.

Another report claims the hackers are able to control your PC remotely. They can search and open files, erase files, and even shut down the computer, but neither Microsoft or Symantec confirm either this or the former scenario. (I suspect many blog reporters found an old report regarding a similar attack that occured back in 2006. At that time, hackers gained remote control over PCs using a similar attack form.)

What To Do?
Microsoft recommends that you “do not open or save Microsoft (Word documents) that you receive from untrusted or unexpected sources.”

Let Me Assure You
Receiving a document by email will not affect you. Opening an email with the document attached will not affect you. Opening your own files will not affect you. Saving your work or working with Word will not affect you.

And, please, if you get an email warning you of “this virus,” please don’t forward the message.

Finally
I suspect that Norton, McAfee and the other anti-virus manufacturers will have found a way to detect and block this before Saturday morning (July 12).

Microsoft will, I suspect, issue a patch within the next 5 to 12 days, to be issued and installed automatically via the Microsoft Update and Office Update web sites, but like I said, I think the antivirus folks will find a way first. (While I write this, BitDefender antivirus has reported they have an update to detect and block it.)

Keep Informed
I’ll also keep you up-to-date on this matter on these pages. Email me at news @ skylarknetworks.com if you have questions or concerns. If you include your phone number and best times to call, I will call you directly. You can also subscribe to Skylarking by once daily email to receive a copy in your Inbox. Or join the Skylark NetWorks Newsletter mailing list and specify interest in “Microsoft Office” products.

Most important: Don’t Panic.  Stay tuned.

Update: No new news on this item as of Monday, July 14.

Update: Patched on August 12, 2008