Expert Virus Removal Services and Technical advice.

We are Providing Computer users with Expert Virus Removal Services and Technical Advice.

Threats and their Removal.

Do you need a quick solution to a technical problem? With our live remote-assistance tool, a member of our support team can view your desktop and share control of your mouse and keyboard to get you on your way to a solution.

Spywares and their Removal.

Are you worried that your computer might be nfected with Spywares? Then this is were you can find Support.

Advices for Protecting the Computer.

Expert Advices for Protecting your computer from attacks from all threats

Different Anti Virus Software and Tools.

Familiarizing different Anti Virus Software and removal Tools.

November 27, 2010

Facebook: Risky Communication!

A group of scientists has demonstrated the possibility of stripping away the anonymity from significant numbers of users of popular social networking sites. Any technology allowing the identification of users of social networking sites, the collection of data about their habits and the prediction of their behavior can be used to cause harm. For example, such data can reveal a user’s sexual habits, or render somebody open to blackmail. But despite the fact that this threat is well known, very little has been done to prevent it.

The researchers demonstrated the possibility of this type of attack by identifying a user who was simply browsing the web. An attacker can probe the victim’s browser history for any URLs that may reveal membership of any social networking groups. By combining this information with previously collected data it is possible to identify any user of a social network who happens to visit the attacker’s website. In many cases, this allows the attacker running the malicious website to uniquely identify his visitors by the names which they use in their corresponding social networking profiles.

 
This type of attack requires very little effort to carry out and has the potential to affect many millions of registered social networking users who have group memberships.

Ref: iseclab.org/papers/sonda-TR.pdf

November 26, 2010

Using Shortened URLs: Security Risks

URL shortening services such as TinyURL.com and Bit.ly are becoming trendy attack methods. We all share website links with each other through emails, blogs, social media sites, book marking websites and word of mouth and we rarely, if ever, think about the potential security risk this simple act can raise. You may not want to automatically click on the shortened URL after you read this.

What is URL Shortening?

The compacted URLs produced by services such as TinyURL.com, bit.ly, is fine, and many others are convenient and save space, but they can also be used to hide the identity of malicious sites. The idea behind URL shortening or link shortening is very simple, take a long URL and encrypt it to produce a shorter URL. This is what URL shortening services do.

Security Risks
  • Allow spammers to override spam filters as domain names like TinyURL are automatically trusted.
  • Prevent users from checking for suspect URLs by obfuscating the actual Web-site URL.
  • Redirect users to phishing websites in order to get sensitive personal information.
  • Redirect users to malicious websites, just waiting to download malware.

Fortunately, there are several ways to look behind a shortened URL to see exactly where the link will take you - before you click it! Every URL-shortening service I'm aware of offers one or more ways to preview the real destination of a shortened link.

For example, here's a typical bit.ly URL that I created. All it does is take you to the http://www.techsupp247.com/ home page, but there's no way to know that in advance - it's a blind link:

bit.ly/tsp247

So you want to see where the link really goes before you click it.  It's easy: all you have to do is copy the link, paste it into the address bar of any browser window or tab, and add a plus sign to the end, like this:

bit.ly/tsp247+


Adding a plus sign to the end of any bit.ly URL brings you to a special bit.ly page that shows you information about the link, including the full, expanded URL. Using the information on that bit.ly page, you can decide whether the link is safe and worth following.

TinyURL has a similar option. But instead of adding a plus sign at the end of a link, you prepend the word preview. For example, here's a regular TinyURL link to the Windows Secrets home page:

http://tinyurl.com/TS247

Copy that link into the address bar of your browser and add the word preview:

http://preview.tinyurl.com/TS247
Now the link will bring you to a preview page that displays the full, expanded URL. Like all the other major URL-shortening services, TinyURL offers an easy way (circled in green) to preview the true destination of a shortened link.
All the major URL-shortening services have similar ways of letting you preview what's behind their URLs.
If you're checking lots of links, it can be tedious process to manually copy, paste, and edit URLs. Several sites offer automated scripts to make things a bit easier. For example, when you encounter a suspicious short URL, you can try Longurl.org, ExpandMyURL.com, or LongURLPlease.com

Firefox users can install the bit.ly preview add-on to allow previewing of short URLs without needing to leave the page you're on. Despite the name, the add-on works for many URL-shorteners - not just bit.ly. Chrome users can also download a similar extension for that browser. There is no fully automated preview tool for Internet Explorer, although several URL-shortening apps are available in the Microsoft IE Add-ons Gallery. Just type url into the search bar.

Conclusion

URL shortening is a useful and convenient service; just make sure you exercise some common sense and an ounce of caution to avoid being exploited by a shortened URL. Many industry experts say that we shouldn’t click on active links, whether they’re in e-mail messages, IM messages, or tweets. That’s an unrealistic expectation; so just make sure to approach links with caution. If possible, use one of the preview features to check out the link first.

November 25, 2010

Businesses - corporate under attack!

It is interesting to note that malware specifically designed to target corporate information systems does not exist. The tools of the hackers’ trade remain the same regardless of whether the target is a private individual or a company, the only real difference is the scale of damage, so companies have to pay particular attention to their own protective measures. The cybercriminals are far more interested in attacking companies than private individuals as the potential rewards from such attacks are considerably higher. It is very rare indeed for a hacker or virus writer to work for nothing. Usually when they feel the need to put their professional abilities to the test they try to ensure that their efforts are duly remunerated. Hackers that attack companies generally do so for the following reasons:

  • To steal confidential information, including financial, with a view to profiting from its usage or resale,  for example, databases belonging to financial organizations 
  • To disable a company’s IT infrastructure with a view to extorting money from that company for returning its IT infrastructure to operational condition. Additionally, a hacker may want to do damage to a company’s reputation or interrupt their business processes by the use of DDOS attacks
  • To use the IT resources of one company for the purpose of attacking other companies.

Cybercriminals do not have to attack a whole organization to get their hands on financial or confidential information. It is much simpler to carry out an attack by targeting an individual victim in an administration or HR department where the level of computer literacy is usually fairly low

Methods of attack

How do cybercriminals gain access to corporate information? What vectors of attack do they choose?

The Structure of a typical corporate network
is usually much more complex than the one
displayed in the picture
Networks belonging to large enterprises with geographically diverse subdivisions have equipment located in different towns and sometimes even different countries, as well as hundreds of kilometers of communications cables. All this makes it very difficult to prevent unauthorized network access or the interception of confidential information transmitted over the network.

Hacking can occur on both private and publicly accessible sections of a network – usually the Internet. In such a case, the cybercriminal does not need to be physically near the hacked channel, using hackers tools and methods available on the Internet it is possible to hack a network remotely.
A hacker does not usually need
direct access to the target
computer within an organization:
these days attacks are carried out
remotely via the Internet

Probably the most popular method for infecting computers is via the use of programs called Trojans which infiltrate a target machine through malware links in spam, instant messaging, and the exploitation of vulnerabilities in different software applications.

Of all of the abovementioned methods of infection, it is the vulnerabilities in software that is one of the biggest problems within the corporate environment. Large corporate networks are made up of a huge number of component parts: workstations, servers, laptops, smartphones, all of which may operate under the control of a different operating system.

Another loophole used by the criminals is the multiplicity of staff and the resulting multiplicity of computer network users and access points. The larger the numbers of end-users and nodes, the more chance there is of an accidental oversight in security procedures or an intentional violation of security policy. Unfortunately, companies rarely do have all-encompassing security policies in place, thus the cybercriminals continue to actively abuse the situation and commit targeted attacks.

Education

One of the keys to successfully minimizing corporate attacks is to educate staff on a constant basis, and not just technical staff, but administrative staff too. Obviously, when a user has no real knowledge of the basic rules of computer security there can be no guarantee that hackers won’t be able to enter the corporate network. It is imperative to teach the staff to think twice and remain cautious.

November 24, 2010

Dangerous Clouds!


The non-profit Cloud Security Alliance has published a report defining the foremost cloud security threats.

Cloud computing is a kind of distributed system whereby all computer resources are provided to the users in the form of Internet services. As the technology becomes more and more popular, criminals use it to improve their reach, avoid detection and increase the effectiveness of their activities. Enterprise and home users need to better understand the risks associated with the adoption of cloud computing.

The authors of the report identified the following seven threats:

1. Abuse and nefarious use of cloud computing
Providers of infrastructure as a service offer their customers the illusion of unlimited compute, network and storage capacity, often coupled with a frictionless registration process where anyone with a valid credit card can register and immediately begin using cloud services. Some providers even offer free limited trial periods. By abusing the relative anonymity behind these registration and usage models, spammers, malicious code authors and other criminals have been able to conduct their activities with relative impunity.

2. Insecure Application Programming Interfaces
Cloud computing providers expose a set of APIs that customers use to manage and interact with cloud services. Provisioning, management, orchestration and monitoring are all performed using these interfaces. The security and availability of general cloud services is dependent upon the security of these basic APIs.

This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure.

4. Shared technology vulnerabilities
Cloud computing vendors deliver their services in a scalable way by sharing infrastructure. Often, the underlying components that make up this infrastructure were not designed to offer strong isolation properties for a multi-tenant architecture. To address this gap, a virtualization hypervisor mediates access between guest operating systems and the physical compute resources. Still, even hypervisors have exhibited flaws that have enabled guest operating systems to gain inappropriate levels of control or influence on the underlying platform.

5. Data loss/leakage
The threat of data compromise increases in the cloud. Examples include insufficient authentication, authorization or audit controls, operational failures and data center reliability.

6. Account, service & traffic hijacking
Cloud solutions add a new threat to the landscape. If an attacker gains access to your credentials in the cloud, they can manipulate data, eavesdrop on your activities and transactions, return falsified information and redirect your clients to illegitimate sites. Your account or service instances may become a new base for the attacker. From here, they may leverage the power of your reputation to launch subsequent attacks

7. Unknown risk profile
One of the ideas of Cloud Computing is the reduction of hardware and software ownership and maintenance to allow companies to focus on their core business. This has clear financial and operational benefits, which must be weighed carefully against the contradictory security concerns — complicated by the fact that cloud deployments are driven by groups who may lose track of the security ramifications.

These threats described are not listed in order of severity.

November 23, 2010

CLOUD COMPUTING: AntiVirus in the CLOUD?

             Practically all of the major antivirus companies have started using in-the-cloud technologies or are planning to use them in the nearest future. Despite the undoubted advantage with regard to the struggle against attacks, in-the-cloud technologies are themselves sure to be a prime target for the cybercriminals.

The eternal conflict between virus and antivirus has, up to the present moment, been largely going on at the level of files and processes on the end users’ machines. Malware programs have been trying to destroy the antivirus system by different means or attempting to persuade the user to switch it off themselves.

With the beginning of cloud- technology detection and categorization, a new front has opened up in this war. Malware programs, or to be more precise – their authors, will have to solve the problem of attacking the cloud. Although technologically it is practically impossible to destroy the cloud, direct mass DDoS attacks aside, it is quite vulnerable in terms of its own functionality - receiving, processing and sending information to and from the end users.

Problems within the very architecture of the majority of antivirus clouds will be actively used by the cybercriminals, and the first examples of such actions can be seen already. The most widespread and simple method of disabling cloud technologies is to block computer access to the cloud. More complex methods include the substitution of data –with the aim of ‘trashing’ the cloud with false information, as well as modification of the data received from the cloud.

Such ‘trashing’ is probably the most dangerous threat. Blocking access to the cloud or the modification of responses from the cloud specifically affects only infected users, but inputting false data into the cloud
will influence every single user. This would bring with it not only an absence of detection, but also to a more serious problem – false positives, which would lead to a general decline in the level of trust in cloud-based technologies and to the necessity to revise or alter their performance algorithms.

With the increase in the number of antivirus technologies that operate using in-the-cloud technologies, there will be a constant quantified and qualified growth in the number of attacks upon them from malware programs on clients’ computers, and additionally with the help of special services, supported by the cybercriminals.

GLOOMY STATISTICS.

A fake scanner based on Javascript looks quite genuine to an inexperienced user
            There are many types of malicious programs designed to scare people into buying a licence for a worthless program usually for windows. Their names may differ depending on the functionality and the way of packing/compressing the binary files. Thus, rogue antivirus programs may be contained in, among other examples, the following signatures: not-a-virus:FraudTool (this program is ascribed to the ‘not a virus’ category due to the lack of a malicious payload, apart from its attempts to persuade users to pay money for a nonfunctioning application), Trojan.Win32.RogueAV, Trojan.Win32.FraudPack or Trojan-Downloader. Win32.Agent.

The diagram refers to FraudTool signatures and shows the Top10 rogue antivirus programs. Due to the huge number of signatures it is difficult to tell for sure just by the name whether a particular malicious program represents a group of rogue antivirus solutions or not.

A bogus YouTube website. A false message informs the user that it
is necessary to update their copy of Flash Player. Cybercriminals
often covertly insert malicious programs into a user’s system by
this method, any one of which may be a rogue antivirus solution
In total, there were 266,090 victims of FraudTool.Win32 in all of the countries. First place goes to Vietnam with over 120,000 cases of FraudTool.Win32 infection.

A study shows the number of malicious programs detected on particular days for the period from March to June. From mid-March, the number of infections has systematically decreased. In March, there were 192,000 infections in total, in April 150,000, in May 135,000 and between 01 and 17 June 58,000 infections, which indicates that the number of infections in June will probably be even smaller than in May. However this fact only proves that like everyone everywhere, cybercriminals also like to take their vacations in summer. As with other malware distribution, scareware peaks in spring, autumn and before New Year.

Microsoft as the biggest software vendor is engaged in a campaign against this type of fraud also. Its website informs visitors how to remove an unwanted program and how to tell the difference between a false version of Windows Defender and the real one,which is built into the Windows system.

Summary:

Rogue antivirus programs are quite successful, which seems to be confirmed by the fact that cybercriminals look for new methods to entrap unwary users. Cybercriminals are getting better and better at making their products similar to known security applications. As a result, companies lose the trust of their customers, whilst the customers themselves, quite apart from money, can lose passwords and logins to bank and email accounts, social networks, etc. This means that the identity of the victim is under threat. We can easily predict what will happen next. With a new ID, a cybercriminal can open a bank account in somebody else’s name and use it with impunity, as it is the victim that will be responsible for the cybercriminal’s actions.

November 19, 2010

Hijacking Google services!

An international research team has demonstrated the possibility of hijacking Google services and reconstructing users’ search histories. Firstly, with the exception of a few services that can only be accessed over HTTPs (e.g. Gmail), researchers found that many Google services are still vulnerable to simple session hijacking.

Next they presented the Historiographer, a novel attack that reconstructs the web search histories of Google users, i.e. Google’s Web History, even though such a service is supposedly protected from session hijacking by a stricter access control policy. The Historiographer implements a reconstruction technique that rebuilds the search history based on inferences received from the personalized suggestions fed to it by the Google search engine. The attack was based on the fact that Google’s users receive personalized suggestions for their search queries based on previously searched keywords. The researchers showed that almost one third of monitored users were signed in to their Google accounts, and of those, half had their Web History enabled, thus leaving themselves vulnerable to this type of attack.

Next they presented the Historiographer, a novel attack that reconstructs the web search histories of Google users, i.e. Google’s Web History, even though such a service is supposedly protected from session hijacking by a stricter access control policy. The Historiographer implements a reconstruction technique that rebuilds the search history based on inferences received from the personalized suggestions fed to it by the Google search engine. The attack was based on the fact that Google’s users receive personalized suggestions for their search queries based on previously searched keywords. The researchers showed that almost one third of monitored users were signed in to their Google accounts, and of those, half had their Web History enabled, thus leaving themselves vulnerable to this type of attack. The attacks demonstrated are general and highlight concerns about the privacy of mixed architectures using both secure and insecure connections. The research data was sent to Google and the company has decided to temporarily suspend search suggestions from Search History in addition to offering Google Web History pages over secure protocol HTTPs only.

November 18, 2010

Crimeware: A new type of threat to our security.

      Crimeware is malicious software that is installed in a covert manner on computers and performs illegal actions unanticipated by a user running the software, which are intended to yield financial benefits to the distributor of the software. Main crimewares are similar to Trojans. There are differrent types of Trojans designed to do different things. For example, some are used to log every key you type (keyloggers), some capture screenshots when you are using banking websites, some download other malicious code,and others let a remote hacker access your system. Commonly they will steal your confidential information and send it to the criminal. Using these information, the cybercriminal is then able to steal your money.

During the past two years, crimeware attacks have increased at a far greater rate than the normal virus. International gangs of virus writers, hackers and spammers are joining forces to steal information and collect huge profits illegally.

Given the newness of this threat type, and the potential of how it might evolve in the future, further clarification and dissection of the definition of crimeware will likely be required.


How can you protect yourself from crimeware?
  • Install Internet security software.
  • Install operating system patches and application patches. Turn on Automatic Updates. And update Microsoft® Office regulary.
  • NEVER open an attachment sent in an unsolicited (spam) email. The same is true for email messages or IM (Instant Messaging) messages that contain links.
  • Update your security software regularly, at least once in a day. Keep your other applications updated.
  • For everyday use, create a separate user account with only limited access rights. By doing this, you limit a malicious program’s access to valuable system data.
  • Backup your data regularly to a CD, DVD, or external USB drive.

November 17, 2010

Is your Instant Messenger safe?

        Currently there are no widespread outbreaks of malicious code circulating via instant messaging. In the past, however, some malicious code did take advantage of IM. Always use normal security precautions whenever you use IM.

How They Attack?


Malware


How You Know
  • IM attachments, just like email attachments, can carry destructive viruses, Trojan horses, and worms
  • Some new worms use IM software to send themselves to every member of your buddy list
What To Do
  • Don't open attachments or click on Web links sent by someone you don't know
  • Don't send files over IM
  • If a person on your Buddy list is sending strange messages, files, or web site links, terminate your IM session

SPAM

How You Know
  • Some Spam can contain offensive language or links to Web sites with inappropriate content
What To Do
  • Reject all Instant Messages from persons who are not on your Buddy list
  • Do not click on URL links within IM unless from a known source and expected

Vulnerabilities

How You Know
  • Most instant messages still travel unencrypted across the Internet, exposing private conversations to anyone who can find a way to listen in.
 What To Do

November 16, 2010

Countrywise Dangerous Key Words (Search Terms)!

        From more than 2,600 popular keywords, the first five pages of results across each of five major search engines are examined. On average, each keyword generated a little more than 250 results. Each keyword a category and a country and then ranked them by the risk of their resulting URLs. In addition, using data from Hitwise, a search intelligence company conducted much deeper dives into specific keywords.

Keywords were ranked in two ways:

1) The average risk of all results and
2) The maximum risk of the riskiest page of results.

What Makes Certain Search Terms Risky?

Why are certain keywords or search terms riskier than others? While it’s not always possible to understand the minds and motivations of today’s sophisticated hackers. Hackers are most successful when they can attract a large number of victims. One way to target big crowds online is to track current events - everything from celebrity meltdowns and natural disasters to holidays and popular music.

One key tool cybercriminals use to snare victims is to get them to download a computer file or program that comes with a malicious payload.

With these two concepts in play, let’s take a look at one of our riskiest search terms: free music downloads. On average, 20.7% of results were risky (compared to just 1.7% of all search terms) and on one results page out of the 25 search engine pages rated, it is found a whopping 42.9% of results risky. As consumers continue to convert their music libraries to digital formats like MP3 files, many consumers have heard that the web can be a source for free music. If the consumer is already looking for music, then they already have the mindset of being willing to download something - and that makes the malware author’s work easier.

A website’s subject matter or type of content can also affect its riskiness. Two such examples are lesser known pornographic and gambling sites that can be used to host malicious software such as exploits, dialers, Trojans, and other malware. This type of content can lead consumers down the dark alleys of the Internet, and consumers expose themselves to more risk when they attempt to search for these terms.

When determining “market size” for their scams, cybercriminals may look at the total number of website links a search term yields. Googlebattle.com is a good tool for illustrating this. An Anti-Virus giant found “Brad Pitt” more dangerous to search for than “Hugh Jackman” (14.3% maximum risk to 9.1%). Similarly, Googlebattle produces 26.4 million hits for “Brad Pitt” and just 5.5 million for “Hugh Jackman.”

It’s important to note that the number of website links is just one factor a cybercriminal might use when weighing whether to target a keyword. For example, Googlebattle finds Olympics soccer has more links than Olympic swimming, but for U.S. audiences in particular, “Michael Phelps” was a more popular - and riskier - search term.

Similarly, spikes in news coverage can also drive even consistently popular keywords out of the “most risky zone.” For example, three popular female celebrities are Cameron Diaz (15.6% maximum risk), Angelina Jolie (8.3%) Oprah Winfrey (7%) and Beyonce Knowles (7%). But searches for Zuma Rossdale, the daughter of Gavin Rossdale and Gwen Stefani, can be as risky as 25%, suggesting that malicious or unscrupulous players do pay significant attention to news events.

Countrywise Dangerous Key Words…














November 12, 2010

Microsoft's Recommendations!

Microsoft recommends that you install security software to help protect your computer from viruses and other security threats, and that you keep your security software up to date.

Some companies use products that appear to be Antivirus programs to install viruses or malware on your computer (Called as Rogues or Scarewares). When you install this program, you might also be installing the virus or other malware, without knowing it. Many companies, including those listed on this page, distribute antivirus programs. You should carefully investigate the source of antivirus and other products before downloading and installing them.

Recommended Windows 7 security software providers: 
The Antivirus companies listed below provide consumer security software that is compatible with Windows 7.

Recommended Windows Vista security software providers:
The Antivirus companies listed below provide consumer security software that is compatible with Windows Vista. 


Recommended Windows XP security software providers:
The Antivirus companies listed below provide consumer security software that is compatible with Windows XP.

Important: Before you install antivirus software, check to make sure you don't already have an antivirus product on your computer. If you do, be sure to remove the product you don't want before you install the new one. It can cause problems on your computer to have two different antivirus products installed at the same time.



November 11, 2010

Software vulnerabilities in computing!!

In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information guarantee.

Software vulnerability is commonly called a "bug" in software which may allow a third party or program to gain unauthorized access to some resource. Software vulnerability control is one of the most important parts of computer and network security for the following reasons.
  • Virus programs use vulnerabilities in operating system and application software to gain unauthorized access, spread, and do damage.
  • Intruders use vulnerabilities in operating system and application software to gain unauthorized access, attack other systems, and do damage.
  • Some software itself may be hostile.

If software vulnerabilities did not exist, I believe that viruses would not exist and gaining any unauthorized access to resources would be very difficult indeed.

This may be due to weak security rules, or it may be that there is a problem within the software itself. In theory, all computer systems have vulnerabilities; whether or not they are serious depends on whether or not they are used to cause damage to the system.

A software vulnerability is a state in a computing system (or set of systems) which either:
  • allows an attacker to execute commands as another user
  • allows an attacker to access data that is contrary to the specified access restrictions for that data
  • allows an attacker to pose as another entity
  • allows an attacker to conduct a denial of service

When an attack is made possible by a weak or inappropriate security policy, this is better described as 'exposure':

An exposure is a state in a computing system (or set of systems) which is not a universal vulnerability, but either:
  • allows an attacker to conduct information gathering activities
  • allows an attacker to hide activities
  • includes a capability that behaves as expected, but can be easily compromised
  • is a primary point of entry that an attacker may attempt to use to gain access to the system or data is considered a problem according to some reasonable security policy

When trying to gain unauthorized access to a system, an intruder usually first conducts a routine scan (or investigation) of the target, collects any 'exposed' data, and then exploits security policy weaknesses or vulnerabilities. Vulnerabilities and exposures are therefore both important points to check when securing a system against unauthorized access.

Only approved software should be operated on the organization's network. This is so hostile programs cannot gain access to the network. Hostile programs may be written with some useful functionality, but may perform a hidden task that the user is not aware of. This type of hostile program is normally called a "Trojan Horse". The ways to help determine whether a program is hostile may include:
  • Does the progam come from a reliable source?
  • Is there proof that the program came from the source such as a digital signature?
  • If the source code is available for the program, the code may be checked to be sure there is no hostile content.
  • A reliable third party may be able to check out the software and certify that it is safe.
  • Does the creater of the program attempt to hide their identity? If the creator of the program attempts to hide their identity then there may be reason for suspicion. If the program creater does not hide their identity and can be reached, it is less likely that the program is a hostile program.
  • Has this program been run by other people or organizations for some period of time with no adverse consequences?

Computer security is not an exact science and it is a matter of reducing the chance of an intrusion. Probably the best method of being sure of the reliability of a program is to allow a reliable third party to check the program. I believe it is likely that these services may become more popular in the future. Program writers may even send source code to these service providers for certification with source code covered by a nondisclosure agreement.

November 3, 2010

Dangerous Celebrities in Cyberspace!!

This year, the search results for celebrities are safer than they've been in previous years, but there are still dangers when searching online. "Through consumer education and tools, consumers are getting smarter about searching online, yet cybercriminals are getting sneakier in their techniques. Now they're hiding malicious content in 'tiny' places like shortened URLs that can spread virally in social networking sites and Twitter, instead of on websites and downloads.

Cameron Diaz has been named the most dangerous celebrity on the web for 2010 by a top security firm.

Research by the security firm, which has been acquired by Intel, revealed that web users searching for images, screen savers and videos of the 'Knight and Day' actress have a one in ten chance of being presented with results that lead to malicious web pages.

According to the research, cybercriminals often use the names of popular celebrities to trick web users into visiting sites infected with malicious software. Those navigating to the site could find the malware installed on their computers.

Pretty Woman star Julia Roberts was named the second most dangerous celebrity on the web, while Justin Timberlake's current girlfriend, Jessica Biel, took third place.

Also said that while movie stars and models top the 'most dangerous' list this year politicians including US President Barack Obama and Sarah Palin are among the safest celebrities to search for on the net.

The top 10 celebrities from this year’s study with the highest percentages of risk are:


Position
Celebrity
1
Cameron Diaz – Searching for Diaz results in a one in ten chance of landing on a risky site. She has most recently been in the spotlight with blockbuster movies, "Knight and Day" and "Shrek Forever After." When "Cameron Diaz and screensavers" was searched, 19% of the sites were identified as containing malicious downloads.
2
Julia Roberts – Academy Award-winning actress Julia Roberts is one of America's sweethearts, and will soon be in the spotlight with her upcoming release of "Eat, Pray, Love." The overall risk of searching for Roberts is nine percent, yet searching for "Julia Roberts and downloads" results in a 20% chance of downloading a photo, wallpaper or other file laden with malware.
3
Jessica Biel – Last year's Most Dangerous Celebrity fell two spots with searches resulting in fewer risky sites this year. Biel continues to be in the spotlight with her on-again, off-again relationship with Justin Timberlake, and appeared in "The A-Team" in June 2010. While her overall search risk is 9%, searching for "Jessica Biel and screensavers" results in a 17% chance of landing on a risky site.
4
Gisele B√ľndchen – The world's highest-paid supermodel moved up two spots since last year. Searching for "Gisele B√ľndchen and screensavers" can prove risky, 15% of the search results for this beauty can put spyware, malware or viruses on your computer.
5
Brad Pitt – Pitt is often in the spotlight with news of his movies and his personal life. It's no wonder why this leading man has been in the top ten for the past three years. He moved up in rank five spots this year. Downloading photos, screensavers, or other files of Brad can potentially put adware or spyware in your computer.
6
Adriana Lima – Searching for downloads of this Brazilian beauty can direct users to red-ranked sites. Lima is best known for being a Victoria's Secret Angel since 2000.
7
Jennifer Love Hewitt, Nicole Kidman – Searching for these Hollywood starlets resulted in an equal number of risky download websites.
8
Tom Cruise – With recent buzz around his MTV Awards performance as well as his movie, "Knight and Day," Cruise rises to the top ten.
9
Heidi Klum, Penelope Cruz – Both of these ladies are consistently in the spotlight, and share the #9 spot. Cybercriminals use their names to lure people to risky sites. Klum hosts "Project Runway" and Cruz has been in the spotlight recently for her role in the "Sex and the City 2" movie and is expected to be in the fourth film of the "Pirates of the Caribbean" series.
10
Anna Paquin – This "True Blood" star is as dangerous on the web as she is on the screen. Searching for screensavers of Paquin can lead you to downloads filled with malware.

Cybercriminals follow the same hot topics as consumers, and create traps based on the latest trends. Whether you’re surfing the Web from your computer or your phone or clicking on links in Twitter about your favorite celeb, you should surf safely, and make sure you’re using the latest security software.

Is Your Money Safe Online?

It is important to keep your hard-earned money safe.

The Internet allows you to make life easy and get better rates. It also adds new risks. While online banking is considered safer than traditional paper-based banking, you need to know what the threats are.

The internet is a convenient place to buy almost anything. Unfortunately, if someone gets hold of your credit or debit card details, they may try to use them to shop online fraudulently.

That's why MasterCard and Visa have developed MasterCard SecureCode and Verified by Visa secure services that offer you much greater protection when shopping online.

Verified by Visa and MasterCard SecureCode both work in the same way - by using personal passwords, used by the consumer, to add an extra layer of protection when you buy online in retailer outlets.
  
Where can I shop?

You can shop anywhere online. Signing up does not in any way restrict your ability to use your card to make purchases online, whether or not the website you are shopping at is currently participating in the service or not. It simply means that when you buy from a retailer that is participating, you benefit from that extra level of security. The number of online retailers registered with these services is growing all the time.

November 2, 2010

Eight threats your Anti-Virus will not stop!!!


News headlines are a constant reminder that malware attacks and data leakage are on the rise. High-profile incidents that make big news might seem out of the ordinary. Yet businesses of every size face similar risks in the everyday acts of using digital technology and the internet for legitimate purposes.

Anti-virus technology was a first and extremely necessary response to security threats that have escalated over the past decade. The original anti-virus concept blocked attacks by using patterns, or signatures, to identify malicious software code. Signature-based detection was sufficient when threats were fewer, farther between and generally less dangerous.

Now that organized criminals relentlessly troll for vulnerabilities, the risk is high for any organization that uses technology in ordinary and legitimate ways. Because exposure lies in such routine situations, organizations must update their protection beyond traditional anti-virus. As news headlines show, letting your guard down has dangerous consequences. Here are eight everyday threats, related incidents from the real world and countermeasures you can put in place.

1. The zero-day threat
2. Working outside the firewall
3. The unpatched PC
4. The uncontrolled application
5. Web insecurity
6. The lost laptop
7. Misdirected email
8. The infected USB device

November 1, 2010

Be careful whenever you're using a public computer!!

Please be careful whenever you're using a computer at a public place such as libraries, internet cafes, airports, and coffee shops, etc.

Check the back of the computer and see if the below device is there.
If so, do not use it!!!!

New storing device fits at the end of the keyboard cable connecting to the computer specialized to save all typed keys in it!!

It could be used commonly in internet cafes, exhibitions, hotels and airports. Please be careful when you access internet from these places to enter your bank accounts online or any other important websites.

After you enter the bank account details and leave the computer, it will be very easy to open your account again as all what you have typed has been saved in the Black Device.  
Therefore, you should check the computer for any suspicious device behind it before using the internet in public places accessing important websites.

These devices are generally known as "key loggers". The brand of keylogger shown in the message is a KeyShark Key Logger and is available for sale at many different computer outlets and websites around the world.


Product information about the device describes it as follows:


This is a device that can be connected to a keyboard to record all keystrokes. It has a changeable password, keyword search, enable/disable option, and stores over a years worth of data.


Keyshark plugs in between your keyboard and your computer. A microcontroller interprets the data, and stores information in the non-volatile memory (which retains the information even when there is a loss of power.) This means that the Key Shark device can be unplugged, and the information will not be lost.

The black Keyshark Key Logger shown in the photographs is in fact only one kind of hardware keylogger. The devices come in all shapes and sizes and are not always black. There are also USB and wifi keyloggers as well as PS/2 devices like the one shown here.


It should be noted that the devices themselves are not illegal and can be easily procured. Possible legitimate applications for keyloggers might be the monitoring of children's use of the Internet, permission based monitoring of staff activity or helping software developers learn how test users interact with new software products. Law enforcement agencies may also use the devices when gathering evidence or intelligence. That said, keyloggers can indeed be used for nefarious and illegal purposes. An unscrupulous Internet Cafe owner or staff member could certainly install the devices unbeknownst to customers.


All in all, however, a much more potent keylogging threat to users exists in the form of software keyloggers. Software keyloggers, which can perform the same function as hardware devices such as the Keyshark, are much cheaper and can potentially be installed on a great many more computers. Keylogger software in the form of trojans horses can be installed on thousands or even millions of computers via malware email campaigns that cost the criminal very little to implement. Therefore, it seems probable that serious criminals are considerably more likely to operate software keyloggers than use the more expensive and cumbersome hardware variety.

Facts about P2P file sharing: Know the risks

Peer-to-peer (P2P) file sharing is a convenient way to share public-domain music, audio, images, documents, and software programs over the Internet.

Using P2P, you can store files on your computer and go online to search for and share files with others using the same software; programs such as BitTorrent, Morpheus, Kazaa, LimeWire, and iMesh, among many others.

It's a good idea to understand and anticipate the risks of P2P file sharing before you download your first file.

Risk #1: Exposing your computer to unwanted software


Shared files can contain security risks such as viruses, spyware, and other unwanted software. A file that appears legitimate could be a virus in disguise. Unwary file sharers can download beneficial software that incorporates undisclosed spyware with it.

You can help prevent these dangers by following these steps:

Risk #2: Breaking copyright laws


Reputable P2P software is legal to use, but if you choose to do so, it's important to understand and differentiate between copyrighted and public domain material and to share responsibly.

When in doubt about a given file, it's best not to share or download it.

Tips for file sharing more safely
  • Monitor family P2P use and don't assume that using an Internet filter will protect your family from accessing or downloading unwanted or illegal material.
Because most Internet filters cannot block P2P file sharing, it's important to set guidelines and ensure that all family members are educated about illegal file sharing.
  • Treat all downloaded files with suspicion and use updated industry standard antivirus software to scan each new file before you click it. Set your antivirus software to automatically scan your hard disk on a regular basis, or do it manually yourself.
  • Delete any pirated material found on a family computer, digital audio player, CD-ROM disc, or other storage device and consider disabling the P2P software's downloading option or blocking outside access to the program by changing your computer's Internet firewall settings.
  • Learn all you can about your P2P software and be very careful about which files you make available to others. Most P2P shared files are typically stored in a single folder on your computer (often named "Shared Files").
  • Do not store copies of copyrighted files that you have legally purchased, such as songs from a CD or a licensed retail music site in your P2P file-sharing folder.
  • Back up important files on an external storage device or a CD-ROM disc before sharing or downloading files.

Five Important Tips for using a public computer

Public computers at libraries, Internet cafes, airports, and coffee shops are convenient, cheaper than buying your own laptop, and sometimes even free to use. But are they safe? Depends on how you use them.

Here are 5 tips on using public computers without compromising your personal or financial information.


1. Don't save your logon information


Always log out of Web sites by clicking "log out" on the site. It's not enough to simply close the browser window or type in another address.
Many programs (especially social networking Web sites, Web mail, and instant messenger programs) include automatic login features that will save your user name and password. Disable this option so no one can log in as you.



2. Don't leave the computer unattended with sensitive information on the screen
If you have to leave the public computer, log out of all programs and close all windows that might display sensitive information.


3. Erase your tracks
Internet Explorer 8 offers InPrivate browsing that leaves no trace of specific Web activity.Other browsers also support InPrivate browsing.
Internet Explorer also keeps a record of your passwords and every page you visit, even after you've closed them and logged out.
Disable the feature that stores passwords
Before you go to the Web, turn off the Internet Explorer feature that "remembers" your passwords.
  • In Internet Explorer, click Tools, and then click Internet Options.
  • Click the Content tab, and then click Settings, next to AutoComplete.
  • Click to clear both check boxes having to do with passwords.
Delete your temporary Internet files and your history
When you finish your use of a public computer, you can help protect your private information by deleting your temporary Internet files.

4. Watch for over-the-shoulder snoops


When you use a public computer, be on the look out for thieves who look over your shoulder or watch as you enter sensitive passwords to collect your information.

5. Don't enter sensitive information into a public computer



These measures provide some protection against casual hackers who use a public computer after you have.
But keep in mind that an industrious thief might have installed sophisticated software on the public computer that records every keystroke and then e-mails that information back to the thief.


Then it doesn't matter if you haven't saved your information or if you've erased your tracks. They still have access to this information.


If you really want to be safe, avoid typing your credit card number or any other financial or otherwise sensitive information into any public computer.

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

There was an error in this gadget
Twitter Delicious Facebook Digg Stumbleupon Favorites More