Malware never sleeps. It certainly doesn’t celebrate New Year’s Day or get a hangover.
In fact, malware is always changing, adapting, being rewritten and re-released in a seemingly infinite number of ways, with the express intention of making your life difficult – and making the writers or owners of the code as much money as possible.
It’s not a good deal, is it?
Security threats have increasingly come from new directions and that isn’t looking set to change in 2013. There are new risks you should be aware of, exploits of popular applications, increasingly sophisticated phishing attacks, malware, and scams targeting our love of social networks and photo sharing, and threats associated with viewing online videos.
Who would have thought that watching or uploading video to YouTube could lead to a Trojan horse? The threat, of course, doesn’t lie with YouTube itself but scammers sending spoof emails claiming to be from YouTube and accusing you of uploading material that is considered illegal.
As reported by Sophos, the message is as follows:
Subject: Your video may have illegal content
Attached file: Content_ID755658_Matches.zip
Your video may have content that is owned or licensed by Music Publishing Rights Collecting Society.
No action is required on your part; however, if you are interested in learning how this affects your video, please open attached file with Content ID Matches section of your account for more information.
- The YouTube Team
By attaching the Troj/Agent-XXC Trojan horse, the senders hope to unpack their tools onto your system, slowing your PC, changing settings and causing a lot more problems.
Sophos AV tools can deal with this threat. You should check that your own antivirus tools are updated with the necessary profiles to tackle Troj/Agent-XXC Trojan horse, and always be wary of messages with bad English and odd attachments.
Adobe PDF Threats
The exploit copies the user’s data by duplicating the temp folder, allowing the owners of the malware to access personal information of the computer’s owner.
Removal of this exploit is a combination of finding and deleting the dangerous XFA file (or the infected PDF document), deleting %temp%\file.dll, updating your Adobe software and running your antivirus software with updated profiles.
This threat could particularly cause havoc on business computers – don’t take any chances!
Fake App Scams
We’ve previously told you of third party app store websites where you can download Android apps and how to install them. However, this isn’t always wise, particularly if the chosen website is peddling virus-infected apps or fake apps that scam the user.
One such example is the Angry Birds: Star Wars app scam, in which your phone is hijacked and used to send premium rate SMS messages before the game is even installed! This tactic isn’t limited to Angry Birds games of course – any game or app can adopt the same tactics.
While third party app stores are good in theory, they should be thoroughly vetted and downloads checked for additional code before you even think about using them. For the best results, rely on Google Play when buying Android apps and games.
Android isn’t the only mobile platform where users are at risk. iPhone users running the Instagram app are at risk of having their accounts hijacked by a malevolent user on the same network using an ARP (Address Resolution Protocol) Spoofing attack.
This relies on a few things, mainly the initial plain text cookie that the Instagram app sends to the photo sharing service’s servers. A hacker can hijack the session, take control of an Instagram account as well as glean personal information. Controlling an Instagram account might enable a hacker to spread malware or delete photos, perhaps replacing them with something more in keeping with their purposes. These actions will no doubt result in the account being blocked for a TOS breach.
As yet there has been no word of the vulnerability being fixed. This is worrying, as all Instagram needs to do is push an update that ensures that the initial cookie is sent over an encrypted (HTTPS) connection.
If you’re a regular eBayer, Amazon shopper, or user of any other online shopping service, you’ve probably had a few visits from courier services.
One of the most common current threats is spam email claiming to be from DHL or any other courier service. The scam is simple: the message tells you that your parcel has been delivered to a local post office and you should go and pick it up (as reported by).
There’s a trick, of course: you need to download a postal receipt, in reality a web form into which you enter your personal details for the sender of the email to walk away with.
Your parcel has arrivesd at the post office an October 25th.
Our postrider was unable to deliver the parcel to your address.
To receive a parcel you must go to the nearest DHL office and
show your postal receipt.
Thank you for your attention.
This classic phishing-by-spam message is low on technical sophistication but gets points for keying into that desire to be home when the delivery is made. Should you receive a message such as this, delete it, or at the very least mark it as spam.
The threats will keep on coming – this is a fact. As long as there is digital technology and money, bandits will attempt to use one to get their hands on the other.
Awareness is your first and best tool. Antivirus, anti-malware and anti-spam tools are just that: tools to help you remove any infection or threat. By staying aware and sharing details of the latest Internet security threats, however, we can at least hope to keep the scammers at bay…