Computer Security : important caveat not all websites are safe

Everyday we’ve seen people get infections on there systems and most don’t understand that they’ve been duped and have installed the software themselves.

In this article we will talk about how most people will willingly install these Trojans and virus themselves for several different reasons.

ineluctable truth about Human Nature

These malware authors know all about how people think.    It usually happens when people think they are seeing something provocative and something you can watch in your private homes.   There are several different ways to do this:

• News stories –  Alas this is always being used to spread malware.   For example Erin Andrews Peephole malware.
• Fake photos files — This is also a very common ploy, to make people think it is a Photo but in reality it is an Executable.  Example : MichealJackson.JPG.EXE
• Fake Codecs — You visit what you think is a popular movie and it says you need to install a codec.  This is another way for people to get infected with a Trojan, or a Virus.   For example : Harry Potter and the Half Blood Prince malware.

Facebook games having Scareware redirect Sites

I was on Facebook Yesterday doing my usually just playing one of my games when all of the sudennly this pops out:

As you can see this seems to be another site which is a scareware site, the site Powerantivirusscannerv2.com is trying to scare you into buying a fake antivirus.   I don’t know if it was Facebook doing this or if I got the redirect cookie somewhere else.    Although if you have downloaded the program that they want you to install or even think you have this fake antivirus installed, Spywareremove has the information needed to remove off your system.  It seems they are going to use social sites more and more and you should be careful.  I also have some good resources like Free Anti-virus and Free firewalls that would help protect you from this threat.

Somethings to consider when you see something like this pop up are?  Do you have antivirus or a firewall?  If so, then you shouldn’t be worried to much.   Always look to see if you can see if it is a webpage and not from the system.  This is something the scammers are always trying to do to get your money.  Remember these sites are not really a trustworthy site and should be avoided at all cost.  I also recommend using the Hijackthis software to look for these rogue softwares in your system to better protect your system.

Juste Goes from Twitter to Facebook

According to Twitter Spam report:

“Best video” not so great — we’re working on it.
No matter how good that “best video” looks, don’t go to any juste.ru domains. We’re aware of the situation and are working on it.

Some sources have started to report this and how it was being sent out. It seems to be some kind of Virus that is taking control of your Twitter account. Althought this is not unusal, what is Unusual is that some have reported this jumping from Twitter to Facebook.

Juste.Ru seems to have been designed for both platforms and someone must of been logged into both to make this happen.   If you’ve gotten this message on Facebook you should just delete it and tell the person who sent it they need to do a system check.   Also if you have been hit by this virus, first thing to do is clean your system before you do anything else.   Then reset your password, this way you won’t be giving the virus access to the new password.

New Facebook Phishing campaign!

According to Sans Internet Storm,  They have seen some signs of a new Phishing campaign like the Look at this Phishing campaign that went through a few weeks ago.  At the time of writing that report they weren’t being resolved they now are being resolved making you look like you are logging into Facebook:

Sites that are hosting these are in Belgium and are Redbuddy.be, Redfriend.be, and picoband.be.     If you recieve this with these urls you best thing you can do is just to delete them.   Some people have said it is using the term “look at this” I am unsure as to is or not but you can usually tell because of the the URL and if it isn’t Http://www.facebook.com or Https://www.facebook.com then you aren’t logging into Facebook but are logging into a fake site.

We’ve talked about why criminals want to use your account and why they need to get your passwords.  I know they want to take control of your account for one reason or another but that is where the Facebook users need to keep watch on the URLS being displayed when you log into Facebook.    If you did that then you are one step ahead of the nefarious criminals and can be at peace.  Just like the Look at this campaign if you did visit those sites and given out your password it is strongly recommended to reset your password.

Facebook and Twitter Phishing going on today!

According to Techcrunch we have one phishing site ground around peoples inboxes on facebook with it say “Check areps.at”.  You go to the site and you will think your at the facebook login but your not.  I wouldn’t suggest going to any of these sites, it has been reported by Phishtank.

Some of the sites to avoid today are : “nutpic.at, bests.at, areps.at, kirgo.at” each site will make you think your at facebook but this is what most will call a Phishing scam.  Some other things to avoid are some Twitter phshing going on today as well.

According to Trend Micro there is one where the url looks like it is a twitter url but isn’t (tvviter[dot]com).  The site is what people would call a typosquatting site.   This makes people think they are on twitter but aren’t.   If you go to these to sites and have given out your passowrd, it is strongly recommended that your reset them:

Facebook password reset page

Twitter password Reset Page

If you would like to know more about what phsihing is please check out my blog for more information.  Don’t forget to check out the forums for more information on this or just to talk about anything on your mind.

It is looking like a Phish to me Niggabook

This site looks to be another phishing attempt, a poor one at best. I go there and it seems that you get the Facebook Login screen. According to:

If it isn’t showing Http://www.Facebook.com or Https://www.facebook.com then it probably is a a phish site.   If you’ve did use your password with this site, I’d strongly suggest changing it.   If I find out more I’ll let you know.   I know that the site is from Godaddy but if this was done by accident or not I do not know.   I don’t make the Name up Niggabook.com is the site and until more things become clear, steer clear of the site for the time being.   When I find out more, you’ll be the first to know!!

Facebook malware sending people to junglemix.in Phishing!

It looks like this is the newest phishing attempt for the Facebook community.  According to Sans, there is malware trying to send out messages to go to “junglemix.in”.  I visited the site and it redirects me to “http://fblight.com/”.   This is a phishing site because you can see from the address bar.   As of writing this post, it has been flagged by Phishtank that this is a phishing site.  I am glad people are reporting these types of sites to prevent people from getting there account stolen.

Find out the other phishing attempts that have been talked about, keep yourself safe.  Also this is a good time to install some free Anti-virus or Free Firewall software to help protect your computer from Malware.

Facebook Phish : “Look at this!”

Facebook seems to be coming the most widely used Social Website around right now, I went to Alexa to see what it said about how many users go there a day and I find this:

So No wonder there are a lot of people who want to get your personal information. Yesterday there was a new email that was spreading with the Subject “Look at this!” and it points to fbstarter.com. When you go there you will find it looks really like Facebook but your not really at facebook sign in page. They want to use your Facebook account to gather information about your email account, or who your friends with. They also might try doing the old Scam of asking for Money because they are someplace and can’t get home without your help.  They could also want to spread a virus through your account, or steal your identity.

At the time of writing this the site is active and looks like Facebook but really isn’t.   You should always login in to Facebook the right way by going to:

http://www.Facebook.com

or

https://www.facebook.com

Another Facebook Phishing going on again! (fbaction.net)

(Click image to enlarge it)

It looks like site fbaction.net (Don’t go there) is a phishing site for people today.  It looks like it would send out an Email with the Title being “hello’” and a link to this website.  This is being sent from people friends and should not login to Facebook through this site.  Remember the other Phishing sites that happen with Facebook.

Someone is wanting your password to either spam others or to use it for other nefarious means.   For the time being anyone sending your a link should be sent through facebook and you will examine them one at a time.   You should not got this site.

Some other things you can do if you have done this is to reset your password.  You could also change it manually but you might not be able to use your current password because the Nefarious person has changed the password.  This will allow you to change the password without the current password.   You should also consider using a good Password Manager, this will help you identify a fake Facebook site really easily.

Hijacked Accounts being used to spam

I just read this from Security Fix and Thought I should talk about it some to better help people fix this:

Dear Friend,

New shopping new life!

How are u doing these days?Yesterday I found a web of a large trading company from china,which is an agent of all the well-known digital product factories,and facing to both wholesalers,retailsalers,and personal customer all over the world. They export all kinds of digital products and offer most competitive and reasonable price and high quality goods for our clients,so i think we you make a big profit if we do business with them.And they promise they will provide the best after-sales-service.In my opinion we can make a trial order to test that.

Look forward to your early reply!

According to Security, they are advertising the Easylifeing.com domain and have compromised GMAIL and Yahoo Mail.  This resembles the ones that happen to some other Accounts.   Check Yahoo article and the Hotmail Article for other example of compromised accounts.

Careless Facebook profiling can lead to Identity Theft!

I just got in contact with a old friend from High school and another friend of mine suggest the new friend. I was looking at her profile and couldn’t believe what I saw:

As you can see this is not good I was amazed at how many people are giving out there birthdays and who they are married to to friends and family. So we heard about how people are claiming they need help or are in need of desperate money. This is nothing new, as you know people are having hard economy times and people are using the social engineering to scam people out of money.

I feel that I should warn people the important necessity.   You shouldn’t be broadcasting your DOB and who your married to to your friends, just in case they get hacked.

Recent activity indicates that identity thieves are hacking into trustworthy profiles before selling on the login details to interested parties. This information is used by spammers to target legitimate users, posting misleading links on their “walls” – personalized message boards.

[Via Computing.Co.UK]

PolyMorphic Win32:Vitro Most Viraulent Virus

This seems to be an virus that is getting some people hit hard.   I wanted to blog about this because of the nature of Virus and Trojans.   I have read reports that this might be from Online Movies, and I have to say this is one reason why you must stay away from certain online movies.  I am going to take a guess that this virus requires a special CODEC, and you downloaded it and installed it.  It Could also be the update the Adobe Flash player idea to but still results in getting the Virus.

As I said before you take a risk when you go to sites you don’t trust or know anything about.   You also should know that if you need a “SPECIAL” codec, you should just go on to another site.  These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.

So what is this Virus:

The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

New Twitter Phishing -jannawalitax.blogspot.com

I read Chris Prillo’s Blog about this and wanted to investigate this even more. When you go to this site it looks like:

When you go here the web address is : http://twitter.access-logins.com/login/ and it looks like it was a redirect form the blogspot.com site.   so what I did an experiment and just took off /login/ on the address and this pops up:

This website looks to like a facebook website so now you have to ask where is this at: Hunan China.  After I did a whois look up it looks like China is at it again.  These are trying to get on to your account to either spam or use it to get people to install software.   So what are things you can do?  If you have a question about this always check it out.  That is why I like to check everything out with these types of phishing scams.   I don’t know why they want twitter accounts, I just know they are doing this now.   So if you get this message:

hey! check out this funny blog about you… jannawalitax . blogspot . com

Facebook: Virus Variant comes back from the dead!

In my recent post, I talked about a Virus that is circulating around on Facebook.  It is know as the Koobface virus and has been changed a little by the programers.   So I what is Techworld saying, just this:

In fact, Koobface is now using one of Facebook’s own features against it, Lovet said. The latest variant uses Facebook’s ability to redirect web links to drive users to malicious websites, often hosted on Geocities.com, Lovet said.

[Via Techworld]

If you have been victim to this little virus, you should check out my Virus removal page and download the programs that should fix this little virus for good on your system.  You should also check out my Previous post I also have some good tips and tricks to prevent the user(YOU) from getting hit by this virus in the first place. This virus is a Good social engineered virus, so please be careful.

Facebook : Beware Spam for breakfast. (Virus)

In today’s society, we’ve been to complacent with people with people clicking links for the social group. In one such article on Channel Web, a nice little blog, says this:

The worm was discovered by IT security provider Kaspersky Lab, which said the threat, Net-Worm.Win32.Koobface.b, is targeting Facebook users by creating spam messages and sending them to the infected user’s friends via the site.

“Unfortunately, users are very trusting of messages left by ‘friends’ on social networking sites,” said Alexander Gostev, senior virus analyst at Kaspersky Lab, in a statement. “So, the likelihood of a user clicking on a link like this is very high.”

[Via Channel Web]

This seems to be a problem people thinking that a link someone sends them is a real good link but actually is a link to a video site. According to this article the links people are sending are actually a fake video link, telling you have to download some update to flash player, by downloading this program. The user gets involved with the virus and the fun begins. So how can you prevent this from happening, two ways one is a very good group of software to make sure you have the latest and greatest video codecs. That too can be something they’ll say you need and if you’ve already installed this list of codecs then you know they’ll not telling the truth and you can quickly get away from the site laughing.

Facebook Virus strikes again

“Look you were filmed all naked!” read the subject header on one iteration of the virus-spreading message, which is being sent automatically from infected accounts to the “friend” list for that account. Clicking the link usually takes users to a page that looks like YouTube, and a pop-up message advises the user to download a Flash plug-in. The download contains the virus, which replicates by contacting everyone on the victim’s Facebook friend list and advancing the hoax.

[Via Boston Media]

This is a good social engineered attack, they seem to have you download a virus into your system.  I Keep talking about how you need to be careful with emails.  I also suggest that you do a complete Virus scan if you think you’ve been hit with this.  There is only one way to prevent yourself from getting this little facebook virus and that is not to click it. Some other things to consider if you found out this was a virus is to contact the person who sent this to them so they to could do a virus scan on their system.