Antivirus Software

Trojan:JS/Seedubator.B and Android/NotCompatible.A are two very good examples of how you can become infected with malware just by simply visiting a website. You don't have to click on hyperlinks to get infected with drive-by downloads because cyber criminals target website and browser vulnerabilities.

Trojan:JS/Seedubator.B uses iFrames (inline frames) from a legitimate website to link to other websites. Cybercriminals use iFrames to place malicious content into reliable websites, such as a JavaScript advertisement which may download malware on your PC. Click here to learn more about Trojan:JS/Seedubator.B.

Android/NotCompatible.A is similar to the Seedubator.B malware. This malware specifically targets Android devices, such as smartphones and tablets. If you're an Android user, be careful what sites you surf and what you download. The cybercriminal can disguise a link and name it "Android Update" to entice you into clicking the link. However, this may in turn install the malware on your device.

You should always have your systems updated with the latest patches and releases. Always use an antivirus application and ensure that your virus definition files are up-to-date. Furthermore, one of the best prevention method is to ensure that you have the latest Internet browser version installed and that you have the appropriate settings configured with security add-ons.

_{Image ©Ryan Whitwam}

A common way to get infected with malware is by visiting compromised websites. Cybercriminals use drive-by download attacks to gain access to your system. Drive-by downloads are malicious programs that are installed on your computer while visiting an infected website or viewing an HTML email message. Just like other malware, drive-by downloads are installed without your consent and can infect your PC, tablet, or smartphone.

Drive-by downloads are dangerous because you don't have to click on a hyperlink within a webpage or email to get infected. The malware installs on your computer just by visiting the compromised website or by opening the infected email. Drive-by downloads are considered to be client-side attacks, which target vulnerabilities within your system. The malware can exploit browser and system vulnerabilities due to low security settings.

Once installed, the malware deployed by a drive-by download is capable of stealing your personal information by logging your keystrokes and can install additional malware.  iLivid and Seedabutor are malware examples that are deployed by drive-by downloads. The best prevention method is to ensure that you have the latest Internet browser version installed and that you have the appropriate settings configured with security add-ons. Furthermore, you can view your emails in plain text with no HTML formatting. Disabling HTML features can prevent an infected email from compromising your system.

Image ©K. Lawrence

The Firefox Redirect Virus can be an annoying, dangerous malware. Similar to the iLivid Virus, it reconfigures your Firefox browser by changing your security settings and home page, and modifying your Domain Name System (DNS) settings. Consequently, the Firefox Redirect Virus manipulates your search engine results and loads malicious websites. It will attempt to infect your system with additional malware, such as logic bombs and Trojan horses.

Please be aware that Mozilla Firefox is not responsible for the Firefox Redirect Virus. Mozilla offers a simple way to restore your Firefox Internet browser to its default settings. The Reset Firefox feature provides a fast and easy way to fix most of your issues, including the Firefox Redirect Virus. This feature also allows you to keep your bookmarks, browsing history, passwords, and Internet cookies. Perform the following steps to reset your Firefox browser to its default state:

1. Launch your Mozilla Firefox Internet browser. Click on the Firefox button located on the upper-left corner, select Help, and click on Troubleshooting Information.
2. The Troubleshooting Information support page will be displayed on your Firefox browser. Click on the Reset Firefox button located on the upper-right corner.
3. When the confirmation window opens, click on Reset Firefox.
4. The Firefox browser will close and a window will list the information that was imported. Click Finish, and Firefox will open with its default settings.

These steps may help you remove the Firefox Redirect Virus. As always, keep your antivirus and antispyware applications updated to combat the latest malware threats. If you use other browsers, such as Internet Explorer, you will encounter similar security threats. Ensure that your browser is running the latest version.

Image ©Mozilla Firefox

A recent vulnerability has targeted Adobe Reader and Acrobat users. In February 2013, Adobe discovered that Adobe Reader and Acrobat memory corruption vulnerabilities exist in the following versions:

• • 11.0.01 and earlier
  • 10.1.5 and earlier
  • 9.5.3 and earlier

By using the compromised application, the vulnerability can crash your application process and can allow a remote attacker gain access to your system and perform attacks such as causing a denial of service, deploying logic bombs, reconfiguring your Internet browser, or executing additional malware. Other malware may include threats such as Firefox Redirect Virus and iLivid virus.

Adobe has released the following updates for all affected versions. The updates address the vulnerabilities that cause the application to crash and help prevent remote attacks. Adobe recommends that you apply these updates immediately to mitigate these security risks.

To ensure you always have the latest Adobe updates, I recommend you use Adobe's update mechanism. If you have not changed your product's default settings, then you should already be receiving the latest updates on a regular schedule. If you are unsure that you have the latest updates installed, you can check by navigating to Help -> Check for Updates.

In addition to updating you Adobe product, you can also protect yourself by disabling Javascript, enabling Protected View, and enabling Data Execution Prevention (DEP) in versions of Windows.

Image ©Adobe

When you search for something on Google, you usually use keywords such as "Las Vegas deals," or "free antivirus applications." Search Engine Optimization (SEO) is the process of improving website visibility by ranking high on search engine results. SEO involves using keywords that people often use on search engines. Proper SEO usage can generate high traffic to a website.

Blackhat SEO Poisoning is a technique used by cybercriminals to trick search engines into ranking a malicious website high in the results page. People land on these sites by entering certain keywords on search engines and clicking on rogue links from the compromised results page. This allows the attackers to have control of web traffic and enables them to lure users on to their infected sites. Cybercriminals have successfully distributed fake antivirus applications, such as Disk Antivirus Professional, through malicious web pages and use Blackhat SEO Poisoning to achieve web traffic.

You can protect yourself from these attacks by using URL filtering solutions, enable search engine filtering options, and analyze the search results links carefully before clicking on them.

Image ©G. Smith

Sneaky cybercriminals are attempting to trick you into purchasing fake antivirus applications by having a pop-up message appear on your computer screen alerting you that your system is infected. However, these malware alerts are false and the antivirus application is fraudulent. It claims that it performed a system scan and has detected several infected files. Furthermore, if you want to have these files removed, you must pay and register the bogus antivirus application. People are usually tricked because the pop-up box looks very similar to other official antivirus applications. It usually has icons that mock Microsoft security tools and the list of malware looks credible. The Trojan horse is part of a malware family group called Winwebsec. Winwebsec is distributed under a variety of names, including Disk Antivirus Professional. When installed, the malware will prevent you from launching other applications and will continuously request that you activate the fake antivirus application.

Even if you have a legitimate antivirus application installed on your machine, you can still be prompted with a Winwebsec variant if you do not have the latest virus definitions installed. Protect yourself by keeping your operating system patched and your antivirus updated. Also, make sure that your firewall is enabled.

Image ©J. Hertz

With the end of tax season approaching, identity thieves are using clever techniques in an attempt to steal your sensitive information. The latest scam comes in a form of an email pretending to be from TurboTax.   TurboTax users are claiming they are receiving fake emails with the title "TurboTax State Return Rejected." This is an example of a phishing attack. The email includes an infected .zip file and recommends that you open the file so that you can identify the issues with your tax return. However, if you open the attachment, the malicious code is executed and can infect your computer with malware.

Once installed, the malware may use keystrokes and loggers to monitor your surfing actions. A keylogger records your keystrokes and sends the information to a remote attacker. The identity thief can use this information to gain access to your bank accounts, email, etc.

This link contains an image copy of the fake TurboTax email. If you receive this email, you should perform the following steps:

• Do not open the attachment.
• Delete the email.
• Ensure you have an updated antivirus application.
• Keep up with operating system updates.
• Don't click on suspicious hyperlinks.
• Use an updated web browser with anti-phishing security features.

By following these simple steps, you can help prevent scammers from stealing your personal information.

Images ©TurboTax, Intuit

A phishing scam, such as Loyphish, is the practice of sending unwanted emails to users with the intent of tricking them into revealing sensitive information. The email may appear as if it was sent from a legitimate source, such as a financial institution, and will request that you click on a link and update your banking account information. However, the link directs you to spoofed website that looks identical to the bank's official site.

Scammers are using different phishing techniques with Facebook. They have created a spoofed verification page that attempts to steal your personal and credit card information. Instead of reaching out to potential victims via email, the scam starts out as a link to a video or image that is posted by a Facebook user. By clicking on the link, the user is taken to what appears to be a Facebook login page. After logging in, the fake website requests users to update their account security settings and provide additional information, such as a mobile phone number and credit card information. The website then steals the personal information once the user submits the data.

If you're unfamiliar with a link or suspicious of the link destination, do not click it. Pay close attention to the URL and ensure that you are on a legit webpage prior to submitting your sensitive information. If you're unsure, it's best to manually enter the URL on your Internet browser to certify you are on the official website.

Image ©Facebook

The Sirefef malware (aka ZeroAccess) is a severe, multi-component family of malware. Sirefef can be implemented in a variety of different ways, such as a rootkit, virus, or a Trojan horse.

To help protect your computer from the Sirefef malware, perform the following steps:

1. Keep Current with Operating System Updates -- Important system updates provide significant benefits such as improved security. Not keeping up with operating system updates will make your PC vulnerable to malware threats such as Sirefef. Ensure you use the Automatic Updates feature in Windows and have your computer automatically download Microsoft security updates.
2. Use an Antivirus Software -- Even though Sirefef can disable antivirus applications once it has been installed on your machine, having an antivirus application installed prior to becoming infected with the malware can help prevent infection. You must update the antivirus application with the latest signature files.  Out-of-date signature files will be render the antivirus application useless not only against Sirefef, but against other malware such as the FBI virus.
3. Be Cautious of the Websites You Visit -- Keep away from unknown sites and don't click on links within emails unless you're absolutely sure it's safe to do so.
4. Don't Download and Install Pirated Software -- Sirefef is often distributed by exploits that promote software piracy. Pirated software can introduce other threats, such as the Suspicious.Emit malware.

Sirefef can cause significant damage to your computer in a variety of ways. By performing these mitigation steps, you can help prevent this malicious attack from infecting your computer.

Image ©Ryan Whitwam

Bad Piggies, the spinoff puzzle game to the insanely popular Angry Birds, was released on September 27. The game runs on Apple's iOS, Android, Windows, and Apple Mac. It is yet to be released for Google Chrome, and spammers have taken advantage of this opportunity.

Malware developers have created a Google Chrome fake version of Bad Piggies. Although the game looks like the official game, it is unplayable. According to the Chrome Web store, the fake game has been downloaded more than 8,000 times.

Spammers have used Google Chrome to distribute malware in the past. Fake Chrome applications have the capability of collecting data from user web sessions and can install plugins to monitor websites visited. As of the beginning of October, over 80,000 Chrome users have installed infected Chrome applications.

Security experts blame Google's process for confirming the legitimacy of an application. Google does not provide full security on the Chrome Web store for its users, and consequently, you must be cautious of what apps you download and install.  If an app requests far too many permissions compared to their counterparts, you are better off not installing it.

Image ©Bad Piggies