Want to see who has viewed your Facebook profile? Take care..
July 26, 2010 by admin
Filed under Security News
I’m increasingly being asked by folks on Facebook if it’s possible to tell who has been viewing their Facebook profile. A number have been attracted to webpages and Facebook applications that claim to be able to give you a secret insight into who is spying on your profile.
Well, if you’re one of those people who are curious about who might be watching you online, take care.
Right now we’re seeing a significant number of Facebook users posting messages such as:
OMG OMG OMG... I can't believe this actually works! Now you really can see who views your profile!!! WOAH
and
See who views your Facebook profile in real-time!!!
However, like the “Justin Bieber cell phone number” scam and the “This mother went to jail for taking this pic of her son!” scam, the links pointed to in your friends’ status updates are not to be trusted.
If you make the mistake of clicking on the link to one of these pages offering to tell you who is viewing your Facebook profile, you will find that the people behind the “services” want you to do a few things first.
For instance, they’ll ask you to “Like” their pages (which means you are spreading the link to friends in your social network), and they will ask you to advertise their site by posting an “OMG” message (with a link) to at least five different places on Facebook.
After all that hard work you would hope that they would give you access to the powerful Profile Spy app wouldn’t you? But I’m afraid your luck is out.
They’ll next ask you to hand over your personal information by taking numerous surveys – before ultimately trying to trick you into handing over your cellphone number which they’ll sign up to an expensive premium rate service.
Remember, this scam doesn’t work as the result of clickjacking, or a vulnerability on Facebook. The scammers are achieving their ends because of human gullibility – pure and simple. If people considered what they were doing and thought twice about the possible consequences then we would see nothing like as many of these attacks occurring, and our news feeds on Facebook would see less spam.
Surveillance rootkits on smartphones
February 24, 2010 by admin
Filed under Security News
Liviu Iftode and Vinod Ganapathy, two researchers at Rutgers University, have revealed some experiments they have been conducting, showing how rootkits could be used to take control of smartphones.
The scientists have shown that a malicious attacker could cause a smartphone to “eavesdrop on a meeting, track its owner’s travels, or rapidly drain its battery to render the phone useless”.
Watch the following YouTube video to learn more:
It’s a cute little video, but how realistic is this threat in reality?
I don’t think the kind of attack described by Iftode and Ganapathy is a big deal right now.
Yes, it is possible to change or put software onto a smartphone (by, for instance, installing a rootkit) so that the mobile device then performs malicious functions. For instance, code that enables covert remote surveillance, battery drainage or silently steals data.
Of course, this relies upon the smartphone allowing you to make changes to its low-level software. Popular smartphones like the Apple iPhone lock down that kind of meddling to a great extent.
So, the key thing to remember is that the bad guys have to somehow get the malicious rootkit onto your phone in the first place.
How are they going to do that?
They would either need to have physical access to your smartphone, exploit an unpatched security vulnerability or use a social engineering attack to trick you into installing malicious code. Even if they went down the “trick” route they would be relying upon the phone’s OS to allow you to install unapproved apps (iPhones, for instance, are strictly controlled by their Cupertino-based overlords, allowing users to only install code that has been approved and checked by the AppStore).
So it doesn’t sound like what Iftode and Ganapathy are describing is actually any different from the rootkits that infect traditional desktop computers. The main difference is that there are probably less opportunities (and thus much harder) to infect a mobile phone than, say, a computer running Windows.
Furthermore, I would argue that the typical mobile phone user is still typically less used to installing applications than their Windows counterparts, and so the chances of success via fooling the user into installing a dangerous application can be assumed to be even lower.
Iftode and Ganapathy have not demonstrated any revolutionary new way of getting round the biggest hurdle for those wanting to spy on smartphones: how are they going to get the malware onto the phone?
If I really wanted to snoop on someone’s phone I think it would probably be easier to swap my victim’s mobile phone for an identical (but bugged) device rather than go to all this effort with no promise of success.
Sure, the mobile phone malware threat is growing – but it’s a tiny raindrop in a thunderstorm compared to regular attacks that strike Windows computers. Slowly but slowly it’s becoming more serious (the recent discovery of financially-motivated malware that targets jailbroken iPhones is proof of that), and undoubtedly we will begin to see more users running anti-virus security on their phones in the years to come.
However, if I was responsible for securing my company’s mobile phones I would be much more worried about the real security threat of staff losing their phones in taxis or on the train, rather than the theoretical risk of surveillance rootkits.
It’s a nice video and presentation that Iftode and Ganapathy made, but I won’t be losing any sleep over it just yet.
More information on the topic of smartphone rootkits can be found in the paper Iftode and Ganapathy have produced: “Rootkits on Smart Phones: Attacks, implications and opportunities” [PDF]
By Graham Cluley, Sophos
Remove, Uninstall Any Antivirus Software with AppRemover
December 18, 2009 by admin
Filed under Removal Tips,Tools and Videos
In this series of posts, we have been reviewing various software and applications, which are specialized to uninstall or remove a particular antivirus or security software.
The need of a specialized antivirus uninstaller arises from the that fact that it is normally very difficult to completely uninstall a security software from your computer through regular uninstall mechanisms.
However, there are a few generalized antivirus uninstaller software, which can work with most of the security software to completely remove or uninstall them. One such software is AppRemover, which is a freeware tool and is able to work with most security applications. The best part of AppRemover is that not only you can use it for a clean uninstall, but you can use it also for failed uninstall situations, where you have tried the built-in uninstall of the application but not have succeeded.
When Do you Need to Use AppRemover to Uninstall Antivirus Software
- When replacing one security application with another
- When competing security applications tie up your computer
- When the application’s built-in uninstall process fails
- When you have forgotten the application password
Here is a nice YouTube Video, which describes the application in details for those, who do not wish to read the stuff online.
Source: thepcsecurity.com
Handy Backup – Automatic Data Backup, Recovery and Synchronization
November 5, 2009 by admin
Filed under Protection Tools
Hardware and software errors, viruses and malware, simple human mistakes – these are just a few reasons why it is important to care about data loss prevention and protect the associated operational processes. While insuring hardware assets seems to be manageable by most people, the question of insuring the most valuable asset, information and information’s integrity is of the same, if not higher, importance?• In addition to “common” file and folder backup, there is a number of presets that facilitate backups of critical data, such as My Documents, Microsoft Outlook, Windows registry, etc.
• Such inevitable for up-to-date backup software features as backup scheduling, backup data compression and encryption are fully supported by Handy Backup.
Handy Backup Website : www.handybackup.net
You can download a full-featured 30-days trial by clicking the following link:
Download Handy Backup.
SOON We will giveaway for our readers some free licenses.
Facebook Applications Used For Phishing
August 21, 2009 by admin
Filed under Security News
It would be easy to think that once someone has logged in successfully to Facebook—and not a phishing site—that the security threat is largely gone. However, that’s not quite the case, as we’ve seen before.
Earlier this week, however, Trend Micro researcher Rik Ferguson found at least two—if not more—malicious applications on Facebook. (These were the Posts and Stream applications.) They were used for a phishing attack that sent users to a known phishing domain, with a page claiming that users need to enter their login credentials to use the application. The messages appear as notifications in a target user’s legitimate Facebook profile, as shown below. The links to the malicious site are highlighted:
Figure 1. Facebook notifications page
After entering the credentials, users would then be redirected to Facebook itself. (The posts detailing these findings can be found at the Counter Measures blog; the initial report is here and a follow-up was posted here.)
While Trend Micro has informed Facebook of these findings, users should still exercise caution when entering login credentials. They should be doubly sure that these are being entered into legitimate sites, and not carefully crafted phishing sites. The particular site involved in this phishing attack is already blocked by the Smart Protection Network.
Image credits: thanks to Rik Ferguson, Countermeasures blog.
