Apple and Big Potatoes
Posted by Brian Gallutia on Aug 4, 2010
Last year, I wrote an article for this site entitled “Welcome to the party Mac..” where I tried to dispel the common myth that Apple computers were impervious to malware and viral infections. My argument called the Apple platform “small potatoes” because up until the past year or two, Apple systems did not have enough market share for virus writers to focus their efforts on compromising Apple’s operating systems for profit.
With the proliferation of the iPod, iPhone and now the iPad, the “curse of popularity” now afflicts Apple’s iOS. Gizmodo is reporting on a new exploit that allows a hacker to gain total control of your Apple device by loading a compromised PDF file:
Right now, if you visit a web page and load a simple PDF file, you may give total control of your iPhone, iPod touch, or iPad to a hacker. The security bug affects all devices running iOS 3.1.2 and higher.
This security threat is particularly scary because all that is needed to infect an iOS device is a link to the PDF. No user interaction is required other than following a link or being redirected to a “malicious” PDF file.
Safeguard yourself by keeping on top of this issue and making sure that you keep your iOS devices updated with the latest security patches. It is unclear when Apple is going to be addressing this particular issue, but it is my hope that they don’t hold another press conference (ala’ the iPhone 4 antenna debacle) and decide to spend most of the time blaming Adobe for the problem ;)
Fake Anti-Virus is 15%
Posted by Brian Gallutia on Apr 27, 2010
Elinor Mills with CNET (who is quickly becoming my favorite go-to writer for all things malware) took the time to parse through a recent 13-month analysis that Google performed between January 2009 and February 2010.
The report states that..
Fake antivirus–false pop-up warnings designed to scare money out of computer users–represents 15 percent of all malware that Google detects on Web site..
As Elinor’s article points out, scammers are turning more and more to social engineering and trickery to infect users with Fake Anti-Virus malware and trojans in order to gain access to user information and sensitive data.
Earlier today, I had a conversation with a long-time customer of PCS’s regarding a small rash of infections she was having to deal with on her network. This customer has invested in the proper hardware and software solutions to insure that her network is secure, but malware continues to get through because the habits of her end-users are contributing to the infections.
When Fake Anti-Virus presents itself through a web site, it takes on the familiar role of an anti-virus program warning the end-user of an infection that needs to be cleaned. The end-user (who is used to this type of behavior from AV programs) accepts the offer to “disinfect” and in turn, becomes infected by essentially doing what the end-user thinks is the “right thing” to do.
Unfortunately, the only sure defense is to make your users aware of this type of attack. If they get a warning that their system has become infected, make sure they know the procedure to follow to avoid infection. If you’re an small business or a personal computer user and something about a warning message you’re getting just doesn’t look right, contact us – we’re ready to help.
Porn Virus Hits
Posted by Brian Gallutia on Apr 16, 2010
The BBC is reporting on the activities of a new computer virus from Japan named Kenzero…
Masquerading as a game installation screen, [Kenzero] requests the PC owner’s personal details.
It then takes screengrabs of the user’s web history and publishes it online in their name, before sending an e-mail or pop-up screen demanding a credit card payment of 1500 yen (£10) to “settle your violation of copyright law” and remove the webpage.
PCS hasn’t yet run across this new infection, but users should be wary of its existence. Please read the full article for more details.
PDF: Beware
Posted by Brian Gallutia on Apr 7, 2010
Elinor Mills with CNET News reports on the up-and-coming dangers facing Adobe PDF documents and those who utilize the format.
According to the report, PDF files could be used to spread malware to clean PDF files stored on a target computer running Adobe Acrobat Reader or Foxit Reader software.
Jeremy Conway, product manager at NitroSecurity, created a proof of concept for an attack in which malicious code is injected into a file on a computer as part of an incremental update, but which could be used to inject malicious code into any or all PDF files on a computer.
The attack requires the user of the computer to allow the code to be executed by agreeing to it via a dialog box. However, the attacker could at least partially control the content of the dialog box that appears to prompt the user to launch the executable and thus use social engineering to entice the computer user to agree to execute the malware, said Conway.
The good news is that both Adobe and Foxit have provided solutions / fixes to remedy the exploit. Please take a moment to update your PDF reader software to insure that you and your business are not exposed to this potential threat.
Adobe Reader: http://get.adobe.com/reader/
Foxit Reader: http://www.foxitsoftware.com/downloads/index.php
Anthony “Tony” Gray
Posted by Brian Gallutia on Mar 31, 2010
Over the weekend, an employee of a long-time customer of ours passed away suddenly from a viral infection at 41 years old.
PCS would like to honor our friend Tony Gray by passing along information on a trust fund that was set up for his children, Amiah and Lindsay..
In Loving Memory of Anthony “Tony” Gray
A trust fund has been established for his two daughters, Amiah and Lindsay, to help with their continued education. If you wish to donate to the fund please send all proceeds addressed to the Anthony D. Gray Children’s Gift Trust at any Pinnacle Bank Branch within the greater Nashville area, or mail it to:
Pinnacle Financial Partners
211 Commerce Street
Suite 300
Nashville, TN 37201
Smelly Phish
Posted by Brian Gallutia on Oct 14, 2009
This week e-mail users have been getting bombarded with messages that read like the following:
Dear user of the phoenix-now.com mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (your@emailaddress.com) settings were changed. In order to apply the new set of settings click on the following link:
The above is a phishing attack, meant to get you to divulge private information to someone that definitely does not have your best interests at heart.
If you receive something like this and are unsure whether it is valid, please contact us, your Internet Service Provider (ISP) or the mail service provider you use.
Welcome to the party Mac..
Posted by Brian Gallutia on Apr 23, 2009
Macintosh computers are now being targeted by malware writers.
Welcome to the party Mac users. Your seat is right this way…
On April 1, Mario Ballano Barcena and Alfredo Pesoli claim to have discovered the first Mac zombie botnet in existence. The botnet stems from a Trojan horse embedded in a iWork ‘09 trial version that was making the rounds on file-sharing networks. The risk first came to light in January when security firm Intego warned of the potential threat hidden in the files.
I must admit that I am reporting this to you with a small amount of schadenfreude. I don’t have enough fingers on my hands to tell you the number of arguments I’ve gotten into with Mac users on how “stable and secure” a Macintosh computer is. Please allow me this opportunity to use this post as a soapbox for present and future arguments I may get into on this subject…
The real reason that Apple computers are more stable and secure with regards to viral and spyware attacks is for this reason and this reason alone: Mac users are small potatoes.
People lose sight of the fact that virus makers used to be kids in basements trying to see if they could program the next big inconvenience to the most people possible. Now, with the advent of spyware and pop-ups, the reasons are very clear: money and money. As long as there are web site marketers out there that will pay-per-click, there will be virus and spyware writers set on maximizing clicks by putting as many pop-ups in front of your browser as possible.
Now, if you were a virus/spyware writer looking to make a quick buck and you needed to strike as many people as possible in a short amount of time (until someone writes a tool that removes your handiwork), which platform would you choose? Would you choose a computing platform that has less than 3% of the desktop computing market, or would you shoot for the 90th percentile? The answer is obviously the highest percentage of computer users, and those are Windows users.
I said it before and I’ll say it again: Mac’s days of wine and roses are almost over. The bigger Apple gets, the bigger a target they will be for virus writers.
The worst part of all of this is when that day comes, the Mac faithful who have been computing in their iCoccoons won’t know how to avoid infection when it comes looking for them. They won’t be prepared for all of the pop-ups and all of the lost productivity hours that a serious case of spyware can manifest.
Don’t fear, Mac users – PCS will be ready to provide assistance when the day of reckoning approaches. We’ve been in the trenches, we know what you’re in for, and yeah, we can help.
See this scar? Yea, this big one right here? I got that back during the Sasser invasion of 2004…
Malware Alert – Colonial Bank
Posted by Brian Gallutia on Dec 10, 2008
Be aware of a new scam out in the e-mail jungle from “Colonial Bank.” The subject is “Colonial Bank on progress – New Demo Review” and the link takes you to what appears to be a valid site, but when trying to view the demo, you are told to update your Flash player:
The infection-type works just like Koobface, so steer clear of this hack attempt. If you get into trouble, please remember that you can always tap PCS for help.
Malware: UPS Packet Service
Posted by Aaron on Jul 28, 2008
Welcome everyone to the new PCS website. I know the site has been up for a little while now but since this is my first addition to the blog I wanted to welcome everyone anyway.
I got an email this morning from “UPS” saying this:
From: UPS Packet Service
Subject: UPS Paket N0143034179
Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office
Your UPS
The email was a little bit different than this but the same idea. The email came with an attachment that I was supposed to download and run in order to get my package. This email is actually a virus and spyware installing email. I wanted to pass this along because the email almost fooled me. I am actually expecting a package and when I saw this I wanted to make sure that I was going to receive it. I did not open the attachment and just deleted the email. UPS has released a statement about this here:
http://www.ups.com/content/us/en/about/news/service_updates/virus_us.html
This is also a good time to remind everyone about safe email practices. DO NOT open any attachments from anyone unless you know what the attachment is and are expecting an attachment from that person. It is also good practice to confirm with a contact that they indeed sent you an attachment and that it is safe. The best way to spread a virus is for the virus to send to people in your contact list. So if a friend gets infected it will try and infect you also. If you have further question please contact any one of us here at PCS for further help.
