The Latest Internet Security Threats That You Should Be Aware Of

Ads by Google

muo newyearmalware intro   The Latest Internet Security Threats That You Should Be Aware OfMalware never sleeps. It certainly doesn’t celebrate New Year’s Day or get a hangover.

In fact, malware is always changing, adapting, being rewritten and re-released in a seemingly infinite number of ways, with the express intention of making your life difficult – and making the writers or owners of the code as much money as possible.

It’s not a good deal, is it?

Security threats have increasingly come from new directions and that isn’t looking set to change in 2013. There are new risks you should be aware of, exploits of popular applications, increasingly sophisticated phishing attacks, malware, and scams targeting our love of social networks and photo sharing, and threats associated with viewing online videos.

YouTube Risks

Who would have thought that watching or uploading video to YouTube could lead to a Trojan horse? The threat, of course, doesn’t lie with YouTube itself but scammers sending spoof emails claiming to be from YouTube and accusing you of uploading material that is considered illegal.

As reported by Sophos, the message is as follows:

Subject: Your video may have illegal content
Attached file: Content_ID755658_Matches.zip

Message body:
Your video may have content that is owned or licensed by Music Publishing Rights Collecting Society.

No action is required on your part; however, if you are interested in learning how this affects your video, please open attached file with Content ID Matches section of your account for more information.

Ads by Google

Sincerely,
- The YouTube Team

By attaching the Troj/Agent-XXC Trojan horse, the senders hope to unpack their tools onto your system, slowing your PC, changing settings and causing a lot more problems.

Sophos AV tools can deal with this threat. You should check that your own antivirus tools are updated with the necessary profiles to tackle Troj/Agent-XXC Trojan horse, and always be wary of messages with bad English and odd attachments.

Adobe PDF Threats

Since 2011 an exploit that attacks Adobe Acrobat and Adobe Reader has caused problems for users who fall foul of the use of malicious JavaScript in form data within a PDF document.

muo newyearmalware pdf   The Latest Internet Security Threats That You Should Be Aware Of

The exploit copies the user’s data by duplicating the temp folder, allowing the owners of the malware to access personal information of the computer’s owner.

Removal of this exploit is a combination of finding and deleting the dangerous XFA file (or the infected PDF document), deleting %temp%\file.dll, updating your Adobe software and running your antivirus software with updated profiles.

This threat could particularly cause havoc on business computers – don’t take any chances!

Fake App Scams

We’ve previously told you of third party app store websites where you can download Android apps and how to install them. However, this isn’t always wise, particularly if the chosen website is peddling virus-infected apps or fake apps that scam the user.

muo newyearmalware fakeapp   The Latest Internet Security Threats That You Should Be Aware Of

One such example is the Angry Birds: Star Wars app scam, in which your phone is hijacked and used to send premium rate SMS messages before the game is even installed! This tactic isn’t limited to Angry Birds games of course – any game or app can adopt the same tactics.

While third party app stores are good in theory, they should be thoroughly vetted and downloads checked for additional code before you even think about using them. For the best results, rely on Google Play when buying Android apps and games.

Instagram Bug

Android isn’t the only mobile platform where users are at risk. iPhone users running the Instagram app are at risk of having their accounts hijacked by a malevolent user on the same network using an ARP (Address Resolution Protocol) Spoofing attack.

Instagram screenshot   The Latest Internet Security Threats That You Should Be Aware Of

This relies on a few things, mainly the initial plain text cookie that the Instagram app sends to the photo sharing service’s servers. A hacker can hijack the session, take control of an Instagram account as well as glean personal information. Controlling an Instagram account might enable a hacker to spread malware or delete photos, perhaps replacing them with something more in keeping with their purposes. These actions will no doubt result in the account being blocked for a TOS breach.

As yet there has been no word of the vulnerability being fixed. This is worrying, as all Instagram needs to do is push an update that ensures that the initial cookie is sent over an encrypted (HTTPS) connection.

DHL/Courier Spam

If you’re a regular eBayer, Amazon shopper, or user of any other online shopping service, you’ve probably had a few visits from courier services.

One of the most common current threats is spam email claiming to be from DHL or any other courier service. The scam is simple: the message tells you that your parcel has been delivered to a local post office and you should go and pick it up (as reported by GFI Software).

There’s a trick, of course: you need to download a postal receipt, in reality a web form into which you enter your personal details for the sender of the email to walk away with.

Dear Customer,

Your parcel has arrivesd at the post office an October 25th.
Our postrider was unable to deliver the parcel to your address.

To receive a parcel you must go to the nearest DHL office and
show your postal receipt.

Thank you for your attention. 

This classic phishing-by-spam message is low on technical sophistication but gets points for keying into that desire to be home when the delivery is made. Should you receive a message such as this, delete it, or at the very least mark it as spam.

Conclusion

The threats will keep on coming – this is a fact. As long as there is digital technology and money, bandits will attempt to use one to get their hands on the other.

muo newyearmalware outro   The Latest Internet Security Threats That You Should Be Aware Of

Awareness is your first and best tool. Antivirus, anti-malware and anti-spam tools are just that: tools to help you remove any infection or threat. By staying aware and sharing details of the latest Internet security threats, however, we can at least hope to keep the scammers at bay…

Image Credit:Hacker Attack Concept on Black Background via Shutterstock,Virus smartphone via Shutterstock, Mr White,Magnus Manske

Ads by Google

12 Comments - Write a Comment

Reply

dragonmouth

Do the YouTube and Adobe PDF threats affect Linux computers or only Windows computers?

Alberto Lerma

Only windows computers.

Christian Cawley

They will only affect Windows computers, but remember that as a user of the Internet we all have a responsibility to other users, regardless of which OS they’re using.

Reply

Nevzat Akkaya

Oh those hackers…..

Reply

Rubis Song

Thank you so much for this awareness lesson

Reply

claudine ratelle

Thank you very much for this article. I’m definitely not a computer geek and I get very scared of those things!

Christian Cawley

Awareness is the best answer. If you’re scared, you can be fooled – these creatures prey on fear, so by keeping people informed and aware, we can beat them!

Reply

Keith Swartz

Virus, malware & spam; if you have ever been a victim of one [God-forbid all three!] then you will understand just how bad this stuff has gotten. Hang-em high!

Reply

Don Gateley

Don’t forget the UPnP attack. It’s old news, I know, but I missed it. My system had over the last week or so been driven to its knees. Browsing had become an exercise in frustration and I was blaming Firefox for letting asshole plugins bring things to a near halt. While FIrefox gives absolutely no forensic tools to determine or help with this it wasn’t the culprit. Yesterday I read on RT.com about the UPnP vulnerability, opened my router, disabled UPnP and the system immediately started performing as I don’t remember it ever performing. Apparently new UPnP exploits are very problematic.

This needs some wider publicity.

Christian Cawley

Hi Don – the UPnP vulnerability is something that occurred while this article was being processed. As a result we have something in preparation to explain the attack and your best response over the next week or so on MUO.

Reply

Paul G. Williams

This is very useful info. Thanks
Maybe you can have a regular feature telling readers about new threats.

Reply

Ron Lister

It’s a sad fact of life. Just be careful and diligent.

Your comment