GNSC Blog

The IT security firm Kaspersky, reported today that it has discovered a malicious mini-site on Twitter. (NOTE: this link does not open to the malicious site)  Twitter is a popular social networking site, similar to MySpace or FaceBook but it’s format is short messaging, not detailed blogging. 

The site supposedly lures readers to download the latest version of Adobe Flash Player but really downloads software that steals information from your computer such as Login ID’s and passwords.

Four things are important to note here.

1. Many people are trusting of these sites since the goal is to create social networks.  Openness is their key to success and the source of their real danger.  FaceBook and MySpace have already been booby-trapped in similar ways.
2. If you are asked to download anything from a site other than the actual software vendor’s site (in this case Adobe), don’t do it.  If you get a note that your Flash player (or any other software for that matter) needs to be upgraded, don’t take the note as real. Close the dialog box and go directly to the vendor’s site and check the situation there.  If the vendor site says your software is up to date, there is a very high likelihood that the note you saw was a scam to exploit your computer.
3. Twitter and other social networking sites are not just popular with teens and college students.  Your employees are using them as well.  So realize this is not just a threat to your home computer, but your office ones as well.  Look at your web filtering reports for these sites.  Many web filters will categorize them automatically in your report.
4. This is a daily reminder of the need to keep your anti-virus and anti-malware programs up to date and why all downloads should be carefully screened. 

Ever use iGoogle? I do and I love it.  It’s as close as you can get to a personalized home page without having to know web code. However, the platform is about to be rocked by a presentation this week at Black Hat, the annual hacker conference.

According to Yahoo News, Cenzic senior security analyst Tom Stracener and security researcher Robert Hansen, better known as “RSnake,” plan to demonstrate a zero-day vulnerability that affects Google Gadgets. What this means is that they are going to announce that knowledgeable web coders will be able to inject malware into your PC, possibly beyond the realm of traditional detection with antivirus and malware protection.

So if you’re an “iGoogle-Google-Gadget-User” what do you do? 

1. The first thing is to educate your users about the dangers of installing unknown software.  This is a good practice no matter what.
2. Watch what comes out of BlackHat 2008.  Follow the mainstream IT Security bloggers as they summarize the presentations.  I’ll post more on this as it gets closer. 
3. If in your opinion the risk of iGoogle malware outweights the benefits, use your webfilter to block it.  Or block the installation of Google Gadgets.   You can still get all the benefits of Google.

Phishing kits, which include the tools necessary to duplicate common websites along with the scripts to steal information submitted by phishing victims are widely available on the Internet but they are boobytrapped.

About 40% of these so called ”kits” are designed to steal whatever information the phishers catch and then send the info back to the makers of the “kits”.

It appears now that phishers are using Darwinian principles to become richer: big fish eating little phish with only the strongest surviving.

How can you avoid being a victim of phishing?  Norman Data Defense suggests three reasons why people are fooled into this:

1. Lack of Knowlege - most people are unaware of the risk
2. Visual Deception - most phishing sites or emails look official
3. Lack of Attention to Security Indicators - we don’t pay attention to the little “lock icons” on our browsers or warnings on SSL Certs

What should you do?

Use these three categories above when you visit a site, even if you type it in your browser yourself. 

1. Remember you can be duped easily by a slip of the finger.  Check your spelling.  Another form of trickery through browser redirection and a DNS exploit can make something phoney look real.
2. Know your site.  If you frequent sites and they’ve changed or look different, check it out first.  Don’t just assume it’s a new layout.  Sometimes this can be a clue something’s wrong. 
3. Don’t just buy from anyone on the Internet.  Just because they have the best price, doesn’t mean they’re the best.  If some item is priced way lower than everyone else, you should be suspicious.   Only buy from reputable companies you know.  A quick check of a website is a dead giveaway.  If the company lists no street or mailing address but only an email address or webform in the Contact Us section, stay away.
4. Never visit an ecommerce or banking site with a SSL Cert, that’s invalid.  Companies with certs keep them updated and valid.  Sometimes they legitimately expire unknowingly.  Just call the company to tell them an ask what’s up.  Chances are they’ve received other calls about it.  If not, you’re helping them out.
5. Look for the lock on your browser when an SSL session is established.  Get familiar with the Cert.  You can find out quite a bit of info from that little lock icon. 
6. If something smells “phishy” don’t eat it.  Call the company and ask what’s up. 
7. Finally, and not to be a commercial for PayPal, use PayPal whenever you can as long as it’s really PayPal and not a Phisher.  With real PayPal, if someone scams you on a purchase, they get you once.  If you give your credit card, they have your number and can run it up.