Tag: malware

TinyURL entices the malevolent

Sarah Perez:

TinyURL, one of the most popular URL-shortening services (although not our favorite) is now being used by cybercriminals to redirect web surfers to pages that contain viruses, trojans, and other sorts of malware. According to Finjan’s Malicious Code Research Center, these criminals are using the service to avoid having their web sites flagged by the Safe Browsing mechanisms built in to modern web browsers like Mozilla Firefox and Google Chrome.

Of course, even if the sites were otherwise safe from infectious files, the URL shortening services can still be used to obscure phishing attempts – people don’t pay much attention to URLs they click on as it is, let alone what winds up in the address bar. Further, I look at the safe browsing services as a crutch for prudent internet use – much as anti-virus software is only as good as the definitions within, the same goes ‘safe browsing’. A few warning messages later people think every site without one is safe. But they don’t call them ‘drive-bys’ for nothing.

I don’t click on shortened URLs from anyone I haven’t shaken hands with, or doesn’t have a lot to lose in terms of the interwebs popularity contest if they slip up. And that goes for links in emails, websites, and on services like Twitter.

High finance deserves the middle finger

The bird is the word…

  • In a ‘who drew up the f-ing covenants’ moment, GM just received bailout money but is [insert still, perpetually, or if you feel like being witty, surprisingly] having problems getting labour costs in line. Bankruptcy filing, a certain middle finger to the public, is still on the table.
  • Long ring fingers as compared to index fingers may point to more success amongst traders. And a longer middle finger on the hands of bank CEOs gets the banks more bailout money too…
  • The same goes for the politicians when it comes to selling more US Treasury securities to unsuspecting investors, before sending out the default notices.
  • As for tech, analysts are giving the middle finger to Sony, and Apple probably isn’t far behind.
  • And on an unrelated note, today in People

  • Paris Hilton’s website is infected with malware. Information Week is actually telling the story instead of the tabloids, so if you’re a ‘Hollywood-type’ you can assume the headline isn’t just some codespeak for Ms. Hilton giving you the middle finger.

Adieu.

Subverted search sites lead to massive malware attack in progress

One of the many pitfalls of big, popular search indexes.

Turn Gmail Into a Social Network Hub

Yes, if you really want to parse your social network ever further online, you can engage Gmail for help.

Just keep an eye out for malware while you’re doing it.

StopBadware takes hold

StopBadware, the coalition of big names aiming to protect people from drive-by infections, is on the move. Google is now integrating warnings into it’s search results. Nice.

Google, a “crossing guard” for malware avoiders. No telling what other members of StopBadware are doing, but I’ll guess Websense doesn’t care – they are now someone’s likely acquisition target.

Where social networks and web threats really clash

With all the talk about social networks – the inherent safety issues of “going public,” the politics that won’t help, and the sneaky buggers taking advantage of the situation, we’ve forgotten to take a step back and see what might be headed this way so we can prepare.

You have some much in your face, but what’s next? Well, think about all those public profiles – a great way to develop dossiers. Add the fact that there are groups of like-kind thinkers/feelers banding together for social interaction. Throw in malicious code writers ramping up targeted attacks.

I say it’s a recipe for a big headache.

***UPDATE***

A new study suggests the same.

Virus writers now have a full toolbox

Just a few years back, malicious code writers were meeting in stealthy IRC chat rooms, exchanging ideas on obscure forums, and doing their thing just for fun (and notoriety). Now, it is a money game, and in business you need efficiencies.

Couldn’t think of anything better to drive down time to market in the software game than going open source, and that is exactly what malware technicians are doing. They are leveraging tools like CVS to share code, and it wouldn’t surprise me if CVS and Subversion depositories start popping up all over the place. But how will we know when that happens?

There are now malware search engines as well.

A blue pill cures all problems

When you think of blue pills, you imagine tv ads by politicians, people who are bored with their partners, and people who can’t get enough of their partners. You might also think of a lot of spam, due primarily to the previous points. However, you’d likely never think a “blue pill” could hide malware, completely undetectable, on your Windows computer, but that is exactly what a researcher in Singapore has devised. I suspect the name was an afterthought.

I’d say its good to know that such things are possible ahead of time, so someone can devise a way of detecting the undetectable (always happens). I’d also say I’m feeling pretty comfy sitting in at my desk right now – with one computer running OS X and the other running Fedora Core.

Malware site just won’t die

Despite all the “altruistic” services warning people of dangerous websites (via paid clients, of course), Jose Nazario has found one that just won’t die. Note: various contributors are “ready to take action.” I’d personally love to hear why action has been so absent for so long.

The History of Malware (and more)

Compliments of Sophos (pdf).

I love the introduction, where they say the whole thing about rumored slowing of threats (which never seems to happen). Of course, take all reports of growing threats from security companies with a grain of salt – the same dose of incredulity you would apply to an operating system company saying their software is safe and sound will do just fine.