1. Computing
Send to a Friend via Email
Tommy Armendariz

Tommy Armendariz Antivirus Software Blog

By

Follow me on:

Check for Heartbleed Vulnerabilites with Chromebleed

Wednesday April 16, 2014

ChromebleedThere are multiple scanners available that you can use to protect yourself from the Heartbleed bug. These scanners require you to manually enter the websites you want to inspect. If you're looking for a more intuitive approach, I recommend using Google Chrome's extension called Chromebleed.

When installed, Chromebleed notifies you if a website is currently vulnerable to the Heartbleed bug. Evidently, Chromebleed is only compatible with Google's Chrome browser and can't be used with other popular Internet browsers such as Internet Explorer, Firefox, or Opera.

To install Chromebleed, open your Google Chrome Internet browser.  Then, perform the following steps:

  1. Click the bar on the top right corner with three black horizontal bars on it.  From there, click on "Settings."
  2. On the upper left corner of the Settings page, click on "Extensions."
  3. Click on "Get more extensions."
  4. On the Search box, type Chromebleed and press enter.
  5. Click the blue "+ Free" button to install Chromebleed, and then click "Add" on the confirmation box.

Chromebleed will run in the background when using Google Chrome.  You will notice a Chromebleed icon (bleeding heart) directly to the left of the "Settings" button.  Right-click on the Chromebleed icon and click on "Options." Ensure you have the "Notifications Activated" and "Show All Notifications" boxes checked. With these options enabled, Chromebleed will notify you if the site you're visiting is protected from the Heartbleed bug.

Companies Asking Customers to Change Passwords Due to Heartbleed Bug

Monday April 14, 2014

Heartbleed BugThe Heartbleed vulnerability has been around for two years and it's uncertain if cybercriminals have exploited it during this time frame. Now that the news is out, it's very likely that malicious actors have attempted to harvest your personal information.

Consequently, companies are advising their customers to change their passwords in case their accounts have been access by cybercriminals. If you still don't know what Heartbleed is, well, it's a vulnerability in OpenSSL that can be exploited by an attacker by sending malicious "heartbeat" requests to obtain information on the targeted server. If successful, the leaked information can contain encryption keys, usernames, passwords, etc.

"This might be a good day to call in sick and take some time to change your passwords everywhere - especially your high-security services like email, file storage, and banking, which may have been compromised by this bug," stated a representative from Tumblr.

On April 8, 2014, a list of the vulnerable top 10,000 Alexa websites was published on GitHub. However, many of them listed may have resolved the issue.

Windows Trojan Downloads Ransomware Cribit

Monday March 31, 2014

Cribit RansomwareWindows users infected with a particular Trojan downloads ransomware that encrypts computer files and demands Bitcoin payment to decode the data. According to Trend Micro, the Windows Trojan called Fareit is an information stealer that downloads other malware, such as Zeus. Recently, it has been determined that Fareit also downloads "Cribit."

One of the Cribit variants uses an English message for ransom, and another variant delivers a multilingual ransom note which includes 10 different languages. In the ransom note, users are directed to a Deep Web website accessible only through Tor. The malware demands $240 worth of Bitcoins. To avoid being infected, avoid clicking on embedded links in emails and keep your software updated on a regular basis.

Image ©Danielle Walker

Two Ukrainians and One American Charged for Cybercrime Operation

Monday March 24, 2014

Identity TheftThree men, believed to be part of an international cybercrime operation, were charged with conspiracy to commit identity theft, access device fraud, and wire fraud.  The group targeted financial institutions and major organizations in the United States.

They attempted to steal at least $15 million from US customers and organizations by hacking into bank accounts, brokerage firms, and government agencies.  Targeted organizations include:

  • Ameritrade
  • Aon Hewitt
  • Automatic Data Processing
  • Citibank
  • Electronic Payments
  • E-Trade
  • Fundtech Holdings
  • iPayment
  • JP Morgan Chase
  • Nordstrom Bank
  • PayPal
  • TIAA-CREF
  • US Department of Defense Finance and Accounting Services
  • USAA
  • Veracity Payment Solutions

The cybercriminals transferred money from hacked accounts to pre-paid debit cards.  The money was then withdrawn from ATMs and/or funds were used to make fraudulent purchases.  Furthermore, the stolen identity information to file fraudulent tax returns with the IRS.

The three individuals charged with these counts are Sharapka, Yanovitsky, and Gunderson. The indictment identifies Sharapka as the criminal leader of an enterprise called the "Sharapka Cash Out Organization."  Each suspect faces a maximum of 20 years in prison for conspiracy to commit wire fraud, 5 years for access device fraud and identity theft, and two years for aggravated identity theft.

Image ©Jeff Hughes

Mac Malware: Fake Angry Birds Game Steals Your Bitcoins

Friday February 28, 2014

AngryBirdsCybercriminals have distributed the OSX/CoinThief malware that steals Mac users' Bitcoins. The threat is disguised as various applications and games, including Angry Birds.

ESET Security Professionals warn that the malware is being distributed through torrents. In addition to Angry Birds, cybercriminals have disguised OSX/CoinThief as various popular Mac OS X apps such as BBEdit, Pixelmator, and Delicious Library. "There is clearly strong evidence that the trojan was specifically designed to profit from the current Bitcoin craze and fluctuating exchange rates," security expert Graham Cluley stated on ESET's WeLiveSecurity blog.

Once the malware is executed, OSX/CoinThief installs a web browser extension and monitors the victim's web traffic. An additional component that runs in the background checks for wallet login credentials and sends the information to the attackers. The malicious web extension is called "Pop-Up Blocker." If this extension is present on your Mac Internet browser, you're probably infected. Another way to find out if you're infected with OSX/CoinThief is to open Activity Monitor in the Utilities Folder and look for a process called com.google.softwareUpdateAgent.  This process is created by OSX/CoinThief.

Image ©Angry Birds

Virtual Currencies Continue to Fuel Malware

Saturday February 1, 2014

bitcoin1.pngMcAfee predicts that virtual currencies will fuel malware attacks globally in 2014. In general, growth in virtual currencies benefits and promotes economic activity. However, this has also provides cybercriminals with an anonymous payment infrastructure that they use to collect money from their victims.

Ransomware attacks, such as CryptoLocker, will continue to flourish as long as these attacks remain profitable. Furthermore, we may see new ransomware attacks aimed at enterprises.

The good news is that thought the ransomware payload is unique, the methods cybercriminals use to distribute ransomware (spam, drive-by downloads, infected apps) are not. Therefore, keeping systems current and practicing good security practices will keep you relatively safe from these threats.

Finally, the emergence of virtual currencies and its anonymous transaction infrastructure has led to the development of a number of "Deep Web" marketplace sites that specialize in retail distribution of illegal products and services. The largest of these sites was Silk Road, which was shut down by the FBI on October 2013. Although the closure of Silk Road was a huge win for law enforcement, there are many of these Deep Web marketplaces operating globally. This issue is not going away anytime soon.

Image ©Phil Williams

Snapchat Hacked!

Friday January 3, 2014

SnapchatOn the first day of 2014, more than 4.5 million Snapchat user names and phone numbers were leaked online and made available for download. The hacker group responsible for the leak claims they had notified Snapchat of the vulnerability but Snapchat never responded.

SnapchatDB.info, the now suspended website, housed the leaked account information. On the site, the hacker group stated they censored the last two phone number digits to minimize spam and abuse but may release the digits under certain circumstances. The group explained their motivation was to raise awareness and stated "companies we trust with our information should be more careful in dealing with it."

Jeff Taylor, McAfee Consumer Operations Project Manager had this to say about the issue:

"The key privacy impact with this break seems to be in the data relationships... The best-kept secret related to privacy relates to PII (personally identifiable information) data relationships, so fundamental advice may include [using] unique user names and secondary email addresses for all social media accounts. Public profiles can be tied together otherwise, and data breaches become more damaging without such steps."

Irfan Asrar, McAfee Mobile Malware Researcher, warns about malicious websites claiming to have the capability of verifying if you're one of the victims of the hack. These sites are setup to farm/harvest information by asking you to enter your number and attempt to do a partial match of the data that was released by the hackers.

Image ©Snapchat

Beware of LinkedIn Job Scams

Tuesday December 31, 2013

LinkedIn

LinkedIn is one of the top social media platforms for job seekers and cybercriminals are finding ways to exploit the site by posing as recruiters.  According to the Better Business Bureau (BBB), scammers create fake profiles disguising themselves as recruiters and then send messages with links to malicious sites that steal your personal information. The legit looking websites often ask for your bank information, Social Security number, etc., and scammers use this information to access your bank accounts and attempt to steal your identity. Business professionals who use LinkedIn within their corporate network should also be alarmed as cybercriminals use these same methods to infect computer systems with malware.

BBB makes the following recommendations and reminders:

  • Legitimate recruiters will never ask for your personal data such as banking information.
  • Always research a "recruiter" who contacts you before providing your sensitive information.
  • Most employers won't ask for a Social Security number until they actually provide you with a job offer.
  • Don't just add anyone to LinkedIn. Do your due diligence and research their profile and connections prior to adding them.
  • You should NEVER be asked to pay for a legitimate job. If a "recruiter" asks you to pay for training, block them immediately.
  • Work-at-home jobs are scarce, so be cautious of these postings.

Finally, ask the "recruiters" if you can call them. If they avoid to speak with you, then you should probably block them.

Image ©LinkedIn

Fake PayPal Phishing Email

Tuesday December 3, 2013

PayPalA fake PayPal email, claiming that you have limited access to your PayPal account due to unauthorized access attempts, is circulating rapidly. To gain full access, the email encourages you to click on a link and go through the login process to confirm your identity. The email appears to be targeting PayPal customers in the UK, but people from other countries may fall victim to this scam as well. The message is well-written and contains the PayPal logo, making it appear legitimate. However, some of the red flags include spoofed sender's email address, generic greeting, and recipients are asked to provide information by clicking on an embedded link.

Legitimate online services, such as PayPal, will address you by name and not with a generic greeting such as 'Dear Customer' or 'Dear Valued Member.' If you receive an email claiming to be from PayPal with these characteristics, don't click on the embedded link. Clicking on the link will direct you to a spoofed PayPal login page that will record your login credentials. After your credentials are recorded, you will be directed to another phishing page where you're asked to enter your contact and credit card information. This data is then forwarded to the cybercriminals who will have the information needed for identity theft, credit card fraud, and PayPal account hijacking attacks.

To be safe, always login to your PayPal account by entering PayPal's address into your browser's address bar.

PayPal Email Phishing Scam

Image ©PayPal

Keep your Personal Information and Identity Safe This Holiday Season

Saturday November 30, 2013

Holiday Safety TipsThe excitement of the holiday season and the ease of online shopping have many cybercriminals looking for opportunities to steal your personal information while you shop online. Follow these tips to help you keep safe from cyber scammers:

  • Always shop from reputable e-commerce sites. Stay away from sites you're not familiar with, and always look for a lock symbol and "https" at the beginning of the URL to confirm that the site uses encryption.
  • As described in the 12 Cyber Scams of Christmas, avoid deals that seem too good to be true because they usually are. Look for signs that an email or website may not be legitimate, such as the use of poor grammar, odd links, and low resolution images.
  • Don't click on email links from senders you don't know. These links may redirect you to malicious websites.

To learn more about emerging malware threats, check out part one and part two of McAfee Labs Third Quarter Threat Report.

Image ©Leigh Langston

©2014 About.com. All rights reserved.