Tag Archive: Trojan

globe2Safety is basic but not everyone may be aware of it in terms of using the net and your devices. Since your digital device is commonly used for storing, documenting and communicating information, you should keep them safe, too, but also not only that you should protect them from any malware but to secure your device all the time.

Here are tips to get you started:

  1. Stay focus and alert, so protect your device such as Smartphone from lost or theft by always being alert.
  2. Since these devices may not be big enough for best viewing especially when you’re in a busy, noisy place, you may not see fraudulent sites. Example, instead of Amazon.com, you may not see Amaz0n.com. Therefore, you should check the URL you are visiting especially if you’re shopping.
  3. Don’t jailbreak your phone, as it may become susceptible to more intrusion and malware if you do.
  4. Update and secure your security applications, as they can protect your device from any attacks such phishing and malware.

Learn more tips to protect your device and keep out of trouble. Check out the full story from the source.

Source: The Star

 

Staying Safe Online

globe2This is the season to be jolly, but also the time when you need more security online, as hackers, opportunists and fraud artists are on the look out on how to commit fraud and gain profit from you.

Check out these tips and learn how to stay safe for the holidays.

  1. Avoid clicking on pop-up ads.
  2. Update your software by updating your app once a week, as new versions from time to time may be available.
  3. Use hard-to-hack passwords.
  4. Consider installing anti-spyware and anti-virus software.
  5. Activate Timeouts on your mobile.

There you have some of the best ways on how to protect your account from any stressful hacking and security issues this holiday season. Read the full story at the source.

Source: Mashable

Computer-WarningAnonymous had hacked several government websites for one year, FBI says. There had been numerous attacks since December of last year that has been recorded. A brief about Anonymous: It’s a group of hackers, who had stolen data from a campaign and had accessed the US government computer systems about a year ago. An activist from the same group has been sentenced to a 10-year stint in jail for sending out more than a thousand of emails from Stratfor, a private intelligence firm.

Source: The Guardian

 

onlinesecure2An interesting post from Information Week is about online security checks. If you want to check on the weakness of your system, then you will just have to find out by using a trusted website that will mount a harmless hack attack on your firewall, server and system. A trusted site for this will check on your security level. Don’t think this is a bad thing as it is a harmless attack and using it will report to you any vulnerable points in your system. It’s so interesting! Check out the source.

Source: Information Week

 

If we’re talking about security, Google isn’t our 100% go to source just by recalling what had happened when the Google Play app store had been plagued by malware in 2011.

Maybe, Google’s just too busy to see the loopholes in their security systems, as they’re just pretty occupied with left and right updates and innovations like the ongoing prep for the KitKat Version 4.4 and experts revealed that the company still has to address what’s missing and there’s plenty of that!

Third party security software developers—Kaspersky, McAfee and Lookout—have fixed and plugged the holes that the tech giant has failed to see.

To give you a clearer picture of security problems being discussed, let’s refer to the well-known security software, Bitdefender, ideas.

Malefactors are Google Play’s big Kryptonite as it is very vulnerable to attacks from them.

What are the results? A parade of malware, Trojans, viruses and spyware… Up to this date and time, there is no accurate data or stats to reveal the number of users who had suffered an onslaught of security attacks in the recent months.

What Google Has Done So Far?

Recently, Google has teamed up with Bouncer, an application that monitors any malicious software activity. Then, there is the Android Device Manager that helps find stolen gadgets (a service that only third party vendors use to offer).

Next there’s the Android 4.3 Jelly Bean, which has brought some for operating system security. One thing is its Android Sandbox that’s made to avoid any malicious program attacks on the operating system.

However, the capabilities of sandboxing remains hidden to developers and users and as a result then limits what third parties can do to protect mobile users outside of Google’s fence.

Bitdefender Security Ideas for Android

Hackers are unstoppable that they penetrate the world of mobile users, even while they’re asleep such as stealing credit card data and installing malicious programs in their mobile device. There are a lot of fake applications and thiefware in Google Play up to this time. Here are some security ideas from Bitdefender:

Allowing Antivirus Scanner APIs

If applications were made by different developers, they are not likely to interact with each other, a problem for security software developers as they can’t perform their scanning capabilities on those apps and so they can’t protect them from any malicious attacks but this can be addressed if they would allow antivirus system’s API to target malware and protect users through the life cycle of the app.

Controlling Over Individual App Permissions

When you’re downloading apps on android, it asks what the app is allowed to do such as collecting your location, accessing your text messages and even your calendar. Why would game apps for instance ask for that data? Bitdefender says that mobile user should have the power to grant only selected permissions when downloading the app provided that those choices won’t disable the app. This way any user can take control of his privacy and keep those apps from accessing data that they don’t need to function.

Allowing A Few Applications to Survive a Full Wipe

Thieves can ruin your digital life once they got a hold of your phone as you’ve probably used it to purchase online for instance. In addition, a thief can also wipe your phone and then sell it. One thing: You can now remotely wipe your phone or device to protect your important data. On the other hand, wiping your device will also delete any security tools that will not allow you to search for the thief or run your Find My Device app.

If Google would give the chance for some applications to run or survive a full wipe in their KitKat 4.4, then it might help improve security especially after your phone has been stolen. However, a malware, according to experts can also survive by imitating or mimicking any security software installed in your device, so it may be advisable that you delete everything to keep the enemy from getting itself into your territory.

Having Built-In Sandbox That Will Isolate Application from Any Non-Trusted Sources

When users download any non-trusted app, they will never know what the app is doing when they are not looking. They never know that their personal information and other important details are being accessed and given to other sources like advertising networks. Bitdefender thinks that those apps from non-trusted sources should be quarantined.

Separating Profiles for Business from Personal Uses

…So Users can prohibit any applications from collecting data from their business profiles (Some applications do this but Android does not have this built in the system level).

What do you think of these suggestions? Can Bitdefender’s ideas work for you? Share in your comments below.

Until Next Time, 

Peter, Your Online Security Guide 🙂

Security researchers in China are warning Android users to be on their guard after claiming to have discovered a million-strong botnet lurking on the platform.

The Android.Troj.mdk Trojan, first spotted by security firm Kingsoft Duba back in early 2011, is thought to be hidden in over 7,000 apps today, including many popular games such as Fishing Joy and Temple Run.

Once installed it allows the attacker to remotely control the victim’s smartphone for a variety of nefarious ends including harvesting contact and messaging details, generating nuisance adware, committing click fraud and downloading additional apps, Xinhua reported.

Source: The Register

Jacksbot is in part a Java-based remote access Trojan (RAT) that appears to be built by a hacking group for the purpose of causing all-too-common malicious activity, including stealing passwords, forcing URLs to load (likely for click fraud), deleting and corrupting files, taking screenshots, logging keystrokes, and otherwise getting personal information.

In the past month a new multiplatform malware package called Jacksbot has been discovered, and while it was initially deemed a minimal threat, it might not stay that way for some Mac, Windows, and Linux users.

Java is an attractive platform for criminals to use because being cross-platform means a single coding effort by malware developers can result in a far more distributable attack package that will affect not only different operating systems (Windows, OS X, Linux, etc.) but will also work in multiple Web browsers on these platforms.

Researchers have spotted a new banking Trojan subbed ‘Tinba’ that appears to have hit on a simple tactic for evading security – be as small as possible.

Its main purpose is to burrow into browsers in order to steal logins, but it can also use ‘obfuscated’ (i.e disguised) web injection and man-in-the-browser to attempt to finesse two-factor web authentication systems.

A particularly interesting feature is the way it tries to evade resident security, injecting itself into the Windows svchost.exe and explorer.exe processes, as well as Internet Explorer and Firefox to give itself access to traffic passing through those.

The effects of malware can be anything from a brief annoyance to identity theft. Protect yourselves against malware. Remove malware as soon as you can. There are a number of programs out there that can help.

Source: PCWorld

Google is spreading information about the DNSChanger malware, but for some the warnings may persist even after removing the malware. Google alert claims users’ internet may shut down on July 9.

Google’s search results page shows a warning at the top that states “Your computer appears to be infected” along with a small description about systems not being able to connect to the Internet in the future.

The message also includes a link to an information page that generally describes what malware is and how to detect it.This alert has had a few people concerned about their abilities to stay online.

This message from Google is an effort to help people who were infected with a widespread malware infection called “DNSChanger.”

The DNSChanger malware is a Trojan horse infection that at its peak affected approximately 4 million PC systems worldwide, with about 500,000 of those being in the United States. When installed, the malware changes the system’s DNS server settings to point to a rogue DNS network set up by the malware developers.

Because this threatens the connectivity of thousands of PC systems, to help inform people of this malware threat, Google has implemented a service that determines if the rogue DNS network is being used by your computer, and then issues you the warning. If you see this warning, then there are several things you can do:

1. Check your DNS settings
2. Update antivirus utilities
3. Run DNSChanger removal tools
4. Clear browser caches and monitor the system

Source: CNET News

According to Symantec’s Annual Internet Security Threat Report out last week, it had blocked a total of 5.5 billion web attacks last year.

Where did those attacks come from? According to the report, one is more likely to be infected by malware placed on a legitimate web site than one created by a hacker.

Religious or ideological sites were found to have tripled the average number of threats for infected sites than for pornographic sites.

Symantec explains, “We hypothesize that this is because pornographic website owners already make money from internet, and, as a result, have a vested interest in keeping their sites malware-free – it’s not good for repeat business”.

It might also be because religious sites often don’t have strong defenses against malware, making them an easy target for malwares, and in turn, infect visitors. Well, most porn wanderers would feel relieved for sure.

 According to Symantec’s Annual Report, there are also several types of malwares out there. Symantec reports more than 403 million varieties.

Increasingly, nasty malwares are moving to mobiles. Mobile phone OS vulnerabilities have almost doubled, with 315 discovered in 2011. The Symantec Internet Security Threat Report indicates that these mobile attacks happened in Android devices because unlike IOS, the Android is an open source.

 The Symantec report was unable to come up with a definite figure regarding how much the hackers were making, but estimated that the Flashback trojan, which is infecting hundreds of thousands of Mac computers, could be generating as much as $10,000 per day.

Also known as Flashfake, the Flashback trojan disguises itself as an install Java applet on hijacked sites. When the user approves it, the trojan runs a piece of code that exploits a flaw in Java to remove OS X’s anti-malware abilities. It then has the ability to steal clicks from ads on Google’s search engine next to regular search results.

 Flashback installs alternative control programs, which turns Macs into bots. Meanwhile, the cyber criminals reap the benefits from the ghost clicks, meaning ad clicks that are not performed by a human, but by a bot instead.

So you take the independent good development with the bad. Remember, these numbers come from Symantec, a company that sells software to protect users from malware attacks.


Source:  Symantec
More Security Software