A researcher by the name of Dan Kaminsky will soon be unveiling an attack that could be used to hijack certain routers. This web-based attack can be used to gain complete access to your router and change settings within. By doing this, a hacker could change the DNS settings to hijack the user to an unknown location on the internet.

A DNS related attack could be used to make a user think they are going to a legitimate website, while actually redirecting the user to a malicious website that can be used to steal identity or track online activity. Both are a serious breach in online safety. The main problem is that the user would have no idea this is happening. The browser would still show that its directing to the correct address. Also, because this attack happens at the router and not on the computer, Antivirus and Anti-Malware solutions can not detect it.

Read the rest of this entry »

There used to be a time when our society was built and maintained by blood, sweat, and hard work. Today, however, our world runs on information and communication. With the ever growing amount of digital information that we create, modify, and share on a daily basis the need for ensuring the security of that information also increases.

One of the most common methods in today’s world for transferring our important data from one place to another is the ubiquitous USB memory key (or Thumb drive, or Memory stick, or little magic contraption of wonderfulness). With the current availability of high capacity, small form-factor USB flash memory comes a universal availability of inexpensive storage devices. Don’t believe me? Go to your local computer store (heck even Wal-Mart) and look for the USB drive section, if there is not an entire aisle in the store dedicated solely to these little titans of data migration then there is definitely a large section of one.

This universal availability comes at a cost though, more of us every day are loading Gigabytes worth of personal, corporate, or even government related information onto these, for the most part, COMPLETELY unsecured devices. There is also a growing trend, in all forms of consumer electronic devices, towards making everything as small as the laws of physics will allow. How many Über-micro cell phones have you lost? When’s the last time you set that Ipod mini down and couldn’t remember where? Now compare the size of most modern electronic devices to your USB drive, it’s virtually invisible isn’t it? So what happens when you misplace your memory key (which, incidentally, I did this morning. No idea where that thing is.) that contains all of your personal photos, hours of music, or top secret plans to take power from your boss and rule with an iron fist? Your only option, in most cases, is to hope that some Good Samaritan finds it, realizes that you’re the only geek in the place, and returns it to you. That’s a pretty scary “disaster recovery plan” if you ask me.

Read the rest of this entry »

To many Windows users, it sounds all too familiar. Attempting to watch a video online, a prompt directs them to download a codec to enable viewing. However, the download is malware, and it infects their computer.

Now this popular, and successful social engineering technique is being used to spread a Mac OSX trojan, OSX.RSPlug.A. At this time spam is being flooded onto Mac forums trying to lure users to the sites where this is employed. The pornography sites present a still image of a video. Clicking on the image to play the video returns the following message:

Quicktime Player is unable to play movie file.
Please click here to download new version of codec.

After that page loads the malware is download as a disk image (.dmg), and launches an installer. The installer requires the user to enter the admin password. If the password entered then the malware infection is complete. This infection alters DNS setting to redirect web pages, and advertisments for porn sites. However, it could just as easily be used for phishing attacks, or search redirects.

Read the rest of this entry »

Is your system infected with a backdoor trojan, or remote access trojan? Maybe you received a warning from your antivirus, antispyware application, or someone helping you? What is a backdoor trojan, and why should you be concerned?

A trojan is a malicious application that appears to do one thing, but actually does another. Like it’s name sake, the mythical Trojan Horse, malicious code is hidden in a program or file that appears useful, interesting, or harmless. Popular examples are video codecs that some sites require to view online videos. When the codec is installed, it may also install spyware or other malicious software.

A backdoor trojan differs from a trojan in that it also opens a backdoor to your system. They’re also sometimes call Remote Access Trojans (RAT). These are the most widespread and also the most dangerous type of trojan. They are so dangerous because the have the potential to allow remote adminstration of your system. As if a hacker were sitting at your keyboard, only worse. There’s almost no limit to what they can do. Some common uses:

Read the rest of this entry »

Merijn, the creator of HijackThis™ recently sold the popular application used to remove malware to Trend Micro™. In addition to improvements like support for Windows Vista™, they’ve added a deceptively titled “AnalyzeThis” button. While the average user likely thinks the AnalyzeThis button provides helpful information for diagnosing their log, it’s main purpose is to send the HJT log data to Trend Micro. Unfortunately, unless you carefully read the Trend Micro End User License Agreement, you would probably never know that the AnalyzeThis button submits the data from your HijackThis log to Trend Micro for use by them and their partners… (read more)

HijackThis is now Spyware? [TomCoyote]

Much of the malware problem the past year has been rougue malware applications installed by the zlob trojan. There are too many to list. Among the popular ones have been SpyDawn, Virusburst, SpyAxe, SpySheriff, WinFixer and SmitFraud.

The latest in this long line is System Live Protect. Like the others, it looks very much like a legitimate application. Even a Microsoft application in this case. However, it reports greatly exaggerated or false system reports and warnings in an effort to entice the user to purchase a “registered version” that will remove the alleged threats.

Read the rest of this entry »

Join Microsoft MVP’s from Geeks to Go and other security sites for a live chat!

We invite you to attend an Q&A with the Microsoft Security MVPs. In this chat the MVP experts will answer your questions regarding online safety issues such as phishing, spyware, rootkits as well as server related topics. If you have questions on how to protect your PC, please bring them to this informative chat.

When: Thursday June 21st
Time: 4pm PST and 7pm EST
Where: TechNet Chat Room :

www.microsoft.com/technet/community/chats/chatroom.aspx

Click here to add to Outlook

Upcoming Technet chats [Microsoft]

Landlord, one of our Geeks in Training has done a mini-review of Eset’s new Smart Security Suite now in beta. Smart Suite adds a firewall and anti-spam function to the NOD32 anti-virus scanner.

I’ve just downloaded the new Eset Smart Security Beta to check it out, and see if Eset continue their tradition of low-memory consuming products. It offers anti-virus protection with the successful NOD32 engine along with a firewall and anti-spam protection. I haven’t checked its detection rates and success, but seeing as it’s based on the excellent NOD32 engine I know what to expect from it.

I’ve got a very good first impression: the interface is much better than it was in the original anti-virus product, which was very confusing and unfriendly. The new interface is uncluttered and better suited to the current Vista look.

Read the rest of this entry »

GeekSquad, the well marketed, much advertised, but seldom recommended tech support team at BestBuy is no stranger to bad publicity. A GeekSquad agent was recently caught video taping a client in the shower. Prior to that they were sued for using unlicensed software by Winternals.

Now it seems current and former agents are joining the chorus. GeekSquadSecrets.com (registration required) has some interesting information. For example, a new “agent”, Johnny Utah. He’s not an agent at all, but is simply a remote connection to techs in The Philippines and Malaysia. Plunk down $199 to have a virus or other malware removed, only to have the tech connect it to a remote connection, walk away and then collect your money?

Read the rest of this entry »

Dino Dai Zovi, the New York-based security researcher who took home $10,000 in a highly-publicized MacBook Pro hijack on April 20, has stated in an interview that he thinks Vista is more secure than OSX.

From your research on both platforms, is there a winner between Mac OS X 10.4 and Vista on security?

I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft’s Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code. I hope that more software vendors follow their lead in developing proactive software security development methodologies.

Contest winner: Vista more secure than Mac OS [MacWorld]