The Four-eyed Journal » Malware

Another malware spreading via Facebook Chat

jhay — Mon, 21 Mar 2011 00:00:34 +0000

Is there another worm or malware spreading through Facebook? For the last two days, I’ve been receiving chat messages from my online friends about an app that allegedly gauges how ‘addicted’ someone is. Addicted to who or what, it’s any body’s guess for now, but the message includes a shortened URL using the Bit.ly service. Check out the screenshot on the right. There’s another version of this suspicious message that says:

WTF: G1RL made suicide after her DAD posted THIS mess@ge on her wa11::[shortened URL here]

Curious but cautious, I looked for a way to reveal the long URL hidden behind the shortened URL included in the message.

After some Googling around, I found RevealURL.com which basically allows anyone to expand the shortened URLs they have to see what the actual long link is without actually navigating to that link.

That shortened URL was revealed to be pointing to a page on the domain spursoland dot info. I checked again using the same service, but this time it revealed a different domain, aclebite dot info. So it means that what or whoever generates the shortened URLs draws its source from a list of domains that are redirected to a suspicious-looking Facebook app which I would get to later on.

Again, curious as to what could be in that site, I used AVG’s Online Web Page Scanner to check if the site contained any malicious code or malware as is common with this suspicious messages and websites.

AVG said that the site spursoland dot info was ‘safe and clean’ I took the great risk of visiting the URl in Chrome’s Incognito mode to try to see where it will lead. It redirected me to a Facebook app called ‘spursoland’ or ‘aclebite’ which is clearly looks like something not to be trusted.

Be careful with this app page. It means trouble.

Clearly, the messages was designed to lure or trick Facebook users into visiting the suspicious app and liking it. From then on I don’t know what will happen next, but probably, the Facebook app will lead users to a website containing more malware that will either infect their PC or attempt to steal some private information like contact’s email addresses, credit card information etc.

The important thing to remember here is, DO NOT CLICK on the links your friends share with you via chat the instant you receive them. Take time to pause and read carefully the whole message. You would immediately sense if something is odd with the message, especially if it seems to be out of the ordinary that your friend would suddenly message you with this particular topic which you know isn’t really one of his or her interests.

The best way to deal with this kind of chat messages is to send a private message to your friend and tell them you ‘received‘ that message from them. If it was automatically sent without their knowledge, then they’d also be surprised to know that the message was sent from their account. It would also be solid proof that their PC has been compromised by malware. So doing an anti-virus scan is needed to fix it. It’s also a good move to change the current password on their social networking account, in this case their Facebook account to help avoid a repeat of this problem.

If you would be curious as to see where the suspicious shortened URLs lead to, you can use online tools, like the ones I’ve mentioned above, to check it out first before opening the link on your browser. But still, it’s best that you do not open the links at all. Hackers and spammers nowadays are targeting social networking sites like Facebook more and more because of their ever growing size and popularity.

Top 5 Malware in SE Asia according to BitDefender - Windows Autorun feature the most exploited

jhay — Wed, 06 Oct 2010 01:00:33 +0000

Yesterday, I received a press release from BitDefender about their list of the top 5 malware in South East Asia.

According to them, the leading causes of malware infection are not upgrading and updating operating systems and anti-virus solutions and of course, not scanning removable devices like thumb or external drives.

Which is very true, as most of my non-techie friends rarely develop the habit of installing updates for their OS and AV softwares. And it would usually take some quick-explaining to help them realize that it’s wiser to disable the autorun feature in Windows as this is one of the most exploited in the OS.

BitDefender’s figures were based from data taken from July to September 2010. Neatly summarized in this graphic below:

The top 5 malware are:

Trojan.AutorunInf.Gen
Win32.Worm.Downadup.Gen
Win32.Worm.Downadup.B
Trojan.Generic.4338773
Win32.Worm.DownadupINF.Gen

What has caught my attention is BitDefender’s description of Trojan.Generic.4338773 which according to its media release:

a newcomer with great “negative” potential. This is a generic detection for cracks and keygens targeting various AV products. (Emphasis supplied.)

So this malware sniffs out illegal copies of AV products since it detects for “cracks and keygens” for various AV products? It seems that security vendors are really behind some of the malware that’s been infecting PCs the world over.

Which makes good business because it helps them crackdown on software pirates but increases their profits by pushing users to buy licensed AV products. Ah yes, the conspiracy theory that security software vendors are behind some of the malware out there so that they can keep on selling their AV products.

But I have little worries about malware, worms and viruses. It’s because I’m using Ubuntu Linux as my primary OS.

What do you guys and gals think? Which anti-virus software do you use? Have you PCs or laptops been infected by one of these malware? How did you solve the problem? Do share in the comments thread below.

Datablitz website tagged as malware host by Google Chrome

jhay — Thu, 05 Feb 2009 13:43:26 +0000

Could this be an “aftershock” of the human error at Google which tagged every site in the Internet as malware last January 31, 2009? Upon visiting Datablitz’ website (http://www.datablitz.com.ph) a few minutes ago, it was tagged by Google as a site that could harm my computer for it allegedly hosts some malware. Check the screen shot I took below:

Datablitz site tagged as malware

I used Google Chrome because it’s my default browser, checked the same site using Firefox and no warnings appeared. Does that mean that Firefox uses a different process and reference to tell whether a website is dangerous for visitors or not?

Have you experienced the same thing using Google Chrome?

Why my pc was never infected by viruses, worms and trojans from email attachments

jhay — Thu, 24 Jul 2008 23:40:44 +0000

Long before my blogging days, I have always read from the forums I frequented, read from websites and in signs in most internet shops that I should be very careful of any email I receive that has an attachment.

They were right, because back then and even up to now, viruses, worms, trojans and other badware are spread through email via attachments. However I was a bit puzzled. If that were really true, then how come my computer has never been infected by such badware when in fact I had the habit of checking out what those email attachments were. Plus, the rise of email groups which we used in classes to share notes, lectures and readings also needed to have a look at attachments to emails I’ve received.

I’m not kidding, the only way my computer was ever invaded by viruses, et. al were through infected diskettes and later on flash drives from my classmates and friends or from the internet shops I visited. Thankfully, despite the many invasions, my anti-virus programs have successfully fended off any badware that has ever managed to touch my computer.

Still, I was puzzled as to how come there are still reports, stories and warnings about the spread of new destructive viruses via email all over the world? My friends, classmates and teachers were being infected too and even consulted me on what to do once their PCs have been ravaged by badware.

I helped them clean-up their PCs, encouraged them to use the same anti-virus tools and other security apps I use and even repaired the PCs of some of them. Still, they get infections from email attachments.
This prompted me to think deeper into the matter.

Since we were practically using the same set of security apps (AV, firewall and other tools) what else could be considered as a “point-of-vulnerability” or entry on their PCs.

The answer dawned upon me when one of my friends while using my desktop computer asked why Outlook was in such a ‘pristine’ state, he accidentally launched it and the auto-configuration wizard greeted him. I answered, “What is Outlook for anyways?”

Yes, though I’m geek and a blogger, back then I have no idea what Outlook was for. Going back, the conversation went on like this (I’ve already translated it into English and restored it from my half-life memory)

James: You don’t know what Outlook is for? It’s an e-mail client.

Me: What’s an email client?

James: WTF? You’re a geek and you don’t know what an email client is?

Me: Dude, I’m a geek but I did not invent the internet, email or an email client.

James: It’s a program that handles your email for you. With it you don’t have to be online all the time to read and reply to email.

Me: Sounds cool. But why use an email client when I could access my email using a web browser?

James: But you need to be online to do so.

Me: But isn’t that how email works? You need the internet to do email.

James: Not with an email client. Like Outlook, it downloads all you email on your computer so that you can read it even when you’re not connected to the internet. When you make replies to email, it saves it so that when you do get back online it then those replies are sent.

Me: I see. That is neat. But wait, when you say it downloads all your email on your computer does that mean the attachments are included?

James: Of course, what good is an email client if attachments wouldn’t be downloaded as well.

Me: Aha! That’s it!

—–

And that is the “point-of-entry” I’ve been looking for. That’s the explanation why warnings about opening email attachments still prevail to this day. That’s the reason my PCs have never been infected from an email attachment. All this time I’ve been accessing my email directly on the internet where my email providers (Hotmail and then Gmail) were scanning the attachments for me. My ignorance of email clients have been saving me from viruses, worms, trojans and other badware that is the scourge of using computers since time immemorial.

I’ve recently installed Mozilla Thunderbird on my notebook, just to try it out. After a few days, I was back to using Gmail on the web browser. It’s so much better and safer.