About Antivirus Software

Symantec Slapped with Class Action Lawsuit

2010-02-09T00:01:48Z

A New York man has petitioned the court to open a class action lawsuit against antivirus vendor Symantec over claims the vendor has not complied with previous court orders regarding the automatic renewal of antivirus software. Gregg Keizer of ComputerWorld reports on the latest lawsuit.

Weigh in: is Auto-Renewal of Antivirus Software a good or a bad thing?

Symantec Slapped with Class Action Lawsuit originally appeared on About.com Antivirus Software on Tuesday, February 9th, 2010 at 00:01:48.

Permalink | Comment | Email this

Dear Anna, Get a Life

2010-02-03T04:16:06Z

The virtual ink on my post "Scammsers Love This Time of Year" had barely dried when I found this dating scam example in my junk mail folder:

Hello. My name is Anna. I am 25 years old.
My friend gave me your information and your e-mail address. They have been communicating online with a man who gave my friend your information and your e-mail address. She said that you are looking for relationships online, and want to get acquainted with the girl. I decided to write to you to know you better.

"Anna" then goes on to describe "herself". She claims to be a nurse:

From childhood I dreamed to work and help people and now my dream has come true.

"She" also claims to be athletic, "healthy and beautiful", "cheerful and sociable". Anna also claims to be single and looking:

I am looking for strong, long relationship. I'm serious in my choice. I can give a man all of what he wants to give her love and tenderness, I want to love and be loved - I think that is the desire of any girl. I hope that one day we will try to realize our dreams together. I think that our acquaintance will bring us many enjoyable moments, and we can meet one day. I would be happy to have a friend like you and I hope that our friendship will be continued.
I know several languages and can speak English and Russian.
I send you my picture. I hope you like it in my next letter I send you other my photo, and now I ask you to write me.

In addition to speaking English and Russian, Anna speaks fluent scam-ese. And what Anna really wants is a sucker to send her cash.

Dear Anna, Get a Life originally appeared on About.com Antivirus Software on Wednesday, February 3rd, 2010 at 04:16:06.

Permalink | Comment | Email this

Scammers Love This Time of Year

2010-02-02T15:02:17Z

Valentine's Day is approaching, which means not only love is in the air - there will likely be increases in online dating scams as well. It's also tax season in the U.S. which means fraudsters will be out in full force, trying to trick consumers into falling for the ubiquitous IRS tax refund scams.

With a little common sense, both scams should be easy to avoid.

If your lovely foreign pen-pal claims she needs $$$ for plane tickets, custom officials, or any other reason, run - don't walk - to the nearest Close button in your email client. If not, you will likely find yourself saying farewell to your hard earned cash and there won't be a fond hello waiting from your alleged foreign beauty. Chances are, the person at the other end of the dating scam is a scraggly beefy rip-off artist.

And if the IRS sends you an email claiming you have an unclaimed tax refund, don't reply to that email or click any links provided. Remember, the IRS is an official government institution and legalities alone would preclude them from notifying customers of sensitive tax information via email. If you still believe it's legit, pickup the phone and use the yellow pages to contact your local IRS office to verify.

Scammers Love This Time of Year originally appeared on About.com Antivirus Software on Tuesday, February 2nd, 2010 at 15:02:17.

Permalink | Comment | Email this

Spamdexing: Plague by Apathy

2010-01-26T13:54:15Z

Spamdexing is a method used to inflate the search engine rankings of a particular page, generally for malicious or unethical purposes. Attackers modify pages on legitimate sites to contain keyword-rich links to promote the sites of their choosing. Because the search engine will rank the links based on the popularity of the compromised site, spamdexing can often result in malicious links appearing at the top of search engine results pages (SERPs).

Spamdexers tend to favor .edu sites for their spamdexing campaigns, and it seems that many .edu site admins don't seem to care. When RSnake of ha.ckers.org tried to reach out to some of those admins and notify them of the problem, they either didn't respond or accused him of ambulance chasing. His blog post, ".EDU Hacks and Ambulance Chasing", provides some example searches that reveal just how widespread the problem is.

Before you proceed to try any of those searches, it's probably worth noting here that the majority of online pharmaceuticals are likely to be counterfeit pills that at best do nothing and at worst can cause real physical harm.

Spamdexing: Plague by Apathy originally appeared on About.com Antivirus Software on Tuesday, January 26th, 2010 at 13:54:15.

Permalink | Comment | Email this

Microsoft Releases Zero Day Patch

2010-01-21T17:57:42Z

Microsoft has released MS10-002, a cumulative patch that addresses at least 8 separate Internet Explorer security vulnerabilities believed to have been the avenue for targeted attacks against Google, Adobe, and multiple other companies in early December. Yahoo, Dow Chemical, Northrop Grumman, Juniper and Symantec were among the companies alleged to have been breached in the attacks.

With few exceptions, the various vulnerabilities impact Internet Explorer v5.01 through to version 8 running under various flavors of Windows (including XP, Vista, and Windows 7). The patch comes close on the heels of yet another zero day in Internet Explorer, as reported by eWeek.

Microsoft Releases Zero Day Patch originally appeared on About.com Antivirus Software on Thursday, January 21st, 2010 at 17:57:42.

Permalink | Comment | Email this

What's Quicken Trying to Hide?

2010-01-17T14:08:56Z

Intuit, makers of Quicken financial software, are instructing users who wish to manually update Quicken 2010 to "Pause or temporarily disable all virus scanning and Malware protection for at least 15 minutes before starting the update process." This is in addition to the requirement that Quicken be granted unfettered access to the Internet. How ironic that at a time when sensitive financial data is being aggressively targeted by cybercrooks, Intuit wants Quicken users to disable their system security entirely.

If Quicken is using update components that might be flagged by antivirus software as being malicious, then Quicken should inspect those components rather than offload the risk to consumers. And if the components aren't suspicious but are somehow being blocked by antivirus, then Intuit owes it to their Quicken customers to work with the antivirus vendors to ensure a solution that doesn't place users at risk.

Shelley Elmblad, About.com guide to Financial Software, provides more details around this Quicken update debacle. My advice: until Intuit/Quicken gets their act together, avoid applying any updates from that vendor.

What's Quicken Trying to Hide? originally appeared on About.com Antivirus Software on Sunday, January 17th, 2010 at 14:08:56.

Permalink | Comment | Email this

FBI Offers Me $3 Million USD!!!

2010-01-15T14:10:39Z

A girl can dream, can't she? Scammers would have me believe that the FBI (anti-terrorist and "monitary" crimes unit, no less) found my name in a beneficiary database and now they want to send me $3 million smackaroos. Alas, the dream would quickly turn into a nightmare if I were to respond - it's just a classic Nigerian 419 scam. Here's a copy of the bogus email, complete with typos and misspellings:

ANTI-TERRORIST AND MONITARY CRIMES DIVISION
FBI HEADQUARTERS IN WASHINGTON, D.C.
FEDERAL BUREAU OF INVESTIGATION
J. EDGAR HOOVER BUILDING
935 PENNSYLVANIA AVENUE, NW
WASHINGTON, D.C. 20535-0001
DATE: 01/2010,
Website: www.fbi.gov

Fund Beneficiary

This mail is to inform you that it came to our notice and we have thoroughly investigated by the help of our intelligence monitoring network system.

we saw your name (in the Central Computer among the list of unpaid contractors, inheritance, next of kin and lottery beneficiaries that was originated from Africa, Europe, Asia Plus Middle east and Americans) among the list of individuals and companies that your unpaid fund has been located to the Western Union Money Transfer which is the paying bank now.

Your name appeard among the beneficiaries who will receive a part-payment of $3 Million United State Dollars and has been approved already for months.

You are required to send your name and address Where you want your fund to be sent to you through WESTERN UNION MONEY TRANSFER to them.

Below is the contact address of the Western Union Money Transfer in west Africa.

Name: Mr. Morris Brown
Email Address: westerndept@windowslive.com
Website:www.westernunion.com
Telephone:+234-809-691-0447

The maximium amount you will be receiving per a day starting from tomorrow is $7000.00) and the MTCN NO# will be sent along with the Text Questions &Answers for you to receive your fund through any Western Union Location in your Country.

Send your information to Mr Morris Brown. of Western Union Money Transfer in NIGERIA.

You are require to pay for the Activation Fee which will cost you the sum of $280us dollars to them so your transfer can start immediately.

Recivers Full names:
Address:
Occupation:
Age:
Phone numbers:
Country/State:

Once again, I apologize to you on behalf Of the UN (UNITED NATIONS) failure to pay your funds in time, which according to records in the system had been long overdue.

Your's Sincerely,
Mr.Raphael Wilson
Fbi Esq Agent

FBI Offers Me $3 Million USD!!! originally appeared on About.com Antivirus Software on Friday, January 15th, 2010 at 14:10:39.

Permalink | Comment | Email this

McAfee Claims IE Exploit, not Adobe, Behind Google Attacks

2010-01-14T19:42:57Z

Antivirus vendor McAfee has obtained samples of some of the malcode they presume to have been used in the corporate attacks reported by Google earlier this week. According to George Kurtz of McAfee, "We are working with multiple organizations that were impacted by this attack as well as the government and law enforcement. As part of our investigation, we analyzed several pieces of malicious code that we have confirmed were used in attempts to penetrate several of the targeted organizations." Which could be construed to read 'not Google', but that isn't exactly clear.

In any event, McAfee is claiming the attacks they investigated were made possible via a zero-day vulnerability in Internet Explorer, noting that while other versions were also vulnerable "so far the attacks we've seen using this vector have been focused on Internet Explorer 6." This could just as well be interpreted as, 'the companies that have asked us to investigate are running ancient versions of IE and thus this is the exploit that was found.'

Equally plausible, the attackers have long since switched out the malcode used or shutdown the sites altogether and the samples being shared now are, forensically speaking, questionable. That is, after all, the greatest benefit to attackers working in-the-cloud: what existed on the site an hour ago can be changed on a whim, so that it is vastly different than what is currently being delivered - much less from a month ago. And the eventual malware that does get delivered at any stage is typically entirely dependent on the configuration of the system making the request. It's even possible (and likely) that exploits were targeted to specific companies, so the malcode experienced by one company would have no bearing on that experienced by another.

In any event, whoever was using IE6 - you really need to update.

McAfee Claims IE Exploit, not Adobe, Behind Google Attacks originally appeared on About.com Antivirus Software on Thursday, January 14th, 2010 at 19:42:57.

Permalink | Comment | Email this

Google to be Commended

2010-01-14T12:49:45Z

In all the efforts to detail what's known about Google's recently announced breach, the most important detail is often being overlooked. I confess that in my own original report, I too failed to mention it. The most important point is that Google is willing to put their own experience out there in an effort to shed light on what is a tremendous (and ever-growing) problem - specifically, that western world companies are undergoing targeted attacks by cybercriminals from foreign countries.

The attack on Google is not an isolated occurrence; sadly, it isn't even uncommon. Everyday, cybercriminals are making concerted efforts to plant backdoors and data theft trojans on the systems of companies with valuable intellectual property. Some of the goals: to gain competitive advantage, to disrupt stock markets, and to counterfeit goods. The only difference between the Google attack and all the others is that Google had the courage and concern to openly admit what happened.

In A Heated Debate at the Top, Wall Street Journal reporter Jessica E. Vascellaro discusses the internal debates that occurred among Google's top executives as they came to a decision regarding their discloure. In the article, the author notes: "How the debate ultimately resolved itself remains unclear. The three ultimately agreed they should disclose the attack publicly, trying to break with what they saw as a conspiratorial culture of companies keeping silent about attacks of this nature, according to one person familiar with the matter."

By being brave enough to do so, Google is paving the way for other companies to do the same. Only by open cooperation and admission - with law enforcement, security vendors, and even the media - can this open warfare on western businesses be stopped.

Google to be Commended originally appeared on About.com Antivirus Software on Thursday, January 14th, 2010 at 12:49:45.

Permalink | Comment | Email this

Haiti, Earthquake, and Scams

2010-01-14T10:52:24Z

Whether it's the 2010 earthquake in Haiti, the 2004 tsunami in the Indian Ocean, or the U.S. presidential election, natural disasters and other breaking news events are almost always piggybacked by scammers trying to capitalize on the event.

Big news spelling pay dirt for scammers isn't new; it's been happening since, well, the beginning of modern history at least. What is different is that thanks to the Web, scammers have farther (and faster) reach than ever before.

If you're moved to donate to Haiti earthquake relief funds, search engines are probably not your best friend. Scammers will buy up keywords and set up bogus donation websites. Not only will they steal your contribution, but they will also probably infect your system with scareware. Email missives, Twitter alerts, and Facebook pleas are even worse risks.

Your best bet is to contact your local Red Cross, Salvation Army, church, or other known reputable agency and ask them to detail the various legitimate relief efforts and where you can donate.

Haiti, Earthquake, and Scams originally appeared on About.com Antivirus Software on Thursday, January 14th, 2010 at 10:52:24.

Permalink | Comment | Email this