Farm Town virus warning: Malvertising at work?

Players of the online game Farm Town are being warned to be on their guard for malicious adverts that display fake security warnings in an attempt to dupe unsuspecting users into installing malicious code or handing over their credit card details.

 

SlashKey, the developers of the game which has over 9.6 million monthly active users on Facebook, has posted a warning on its forum advising players to be wary of warnings that suddenly pop-up telling them that their computer is infected:

If you suddenly get a warning that your computer is infected with viruses and you MUST run this scan now, DO NOT CLICK ON THE LINK, CLOSE THE WINDOW IMMEDIATELY. You should then run a full scan with your antivirus program to ensure that any stray parts of this malware are caught and quarantined.

If you do research on many of these spyware programs you will also find a myriad of sites proclaiming they are the only ones who can rid you of these programs. This is not true and on a personal level I urge you to use great caution as some of these so called wonder cures are as much of a scam as the malware you are trying to remove.

 

Hundreds of Farm Town players have responded on the forum, saying that they have been on the receiving end of the attack – but the worry is that many many more users may not have seen the warning and could have been tricked by the fake anti-virus warnings into infecting their computers or handing over personal information.

It appears that the problem is related to the third-party advertising that Farm Town displays underneath its playing window. In all likelihood, hackers have managed to poison some of the adverts that are being served to Farm Town by the outside advert provider.

 

Such malicious advertising (or malvertising as it is known) has been the vector for other infections in the past, including attacks against the readers of the New York Times and Gizmodo.

 

What makes this attack all the more serious, of course, is the sheer number of people that regularly play Farm Town, and that – in all likelihood – they might not be as tech-savvy as the typical Gizmodo reader, and thus more vulnerable to falling for the hackers’ scam.

 

Rather than SlashKey simply asking its players to report offending adverts when they appear, it might be sensible for the company to disable third-party adverts appearing alongside Farm Town until the problem is fixed.

 

It may not be Farm Town’s fault that a third-party advertising network is serving up malicious ads, but doing anything less is surely showing a careless disregard for the safety of its players.

 

Until the makers of Farm Town resolve the problem of malicious adverts, my advice to its fans would be to stop playing the game and ensure that their computer is properly defended with up-to-date security software. If you do feel you have to play Farm Town then it might be wise to disable adverts in your browser (for instance, using an add-on such as Adblock Plus on Firefox).

 

By the way, if you are on Facebook and want to keep yourself informed about the latest security news you may want to become a Fan of Sophos on Facebook.

 

 

By Graham Cluley, Sophos

 

 

 

Windows Mobile Terdial Trojan makes expensive phone calls

Some players of a mobile phone game called “3D Anti-terrorist action” are reporting an unexpected feature of the game – expensive international phone calls appearing on their bill.

 

A number of owners of Windows Mobile phones are reporting online that their cellphones have been making pricey calls to numbers to a variety of destinations including the Dominican Republic, Somalia and Sao Tome and Principe, without their permission.

 

What the victims all appear to have in common is that they installed the same game to their Windows Mobile phone.

 

It appears that a Russian-speaking hacker has taken the game “3D Anti-terrorist action”, embedded his Trojan horse inside it, and uploaded it to Windows Mobile download sites on the web. Presumably they are hoping to skim some money from the expensive premium rate phone calls.

 

It’s important to remember that malware for mobile devices is still quite rare, particularly when compared to infections on conventional Windows computers. But what may surprise some is that there is nothing particularly revolutionary about criminals attempting to make money out of mobile malware.

 

For instance, back in 2004 we saw the Mosqit Trojan that could infect Nokia phones running Symbian, forcing affected devices to send text messages to premium rate numbers. Like this latest report, the hackers hid their Trojan inside a cracked version of a mobile phone game.

 

Sophos detects the malware as Troj/Terdial-A, and advises all mobile phone users to exercise caution when downloading and installing new applications.

 

 

By Graham Cluley, Sophos

 

Related Blogs

HouseCall – Free Online Virus Scan NEW v7.1

HouseCall is Trend Micro’s highly popular and capable on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plugins, and other malware.

 

 

HouseCall 7 features an intuitive interface and the ability to perform fast scans that target critical system areas and active malware. It also leverages the Trend Micro Smart Protection Network™ to help ensure that scans catch the latest threats.

 

 

HouseCall 7.1 improves on the recently released HouseCall 7.0 by providing a full system scan option and an option to scan only specific folders. It adds support for 64-bit versions of Windows Vista™ and Windows™ 7.

 

 

HouseCall provides a quick and easy check for threats regardless of the protection status of your existing security solution. For more information about HouseCall, please read the Frequently Asked Questions.

 

Read more

Beware airplane ticket N648365 – it contains malware

The bad guys are up to their old tricks again, spamming out malicious attachments posing as airline tickets.

 

The latest attack, which we’re seeing in many of our spamtraps around the world, poses as an email from Delta Air Lines.

 

Here’s a typical message:

Subject: Online order for airplane ticket N648365
Message body:
Good afternoon,
Thank you for using our new service "Buy airplane ticket Online" on our website.
Your account has been created:

Your login: [removed]
Your password: G6vFjbdp

Your credit card has been charged for $998.63.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%! Attached to this message is the purchase Invoice and the airplane ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
Delta Air Lines

Attached file: eTicket.zip

 

Of course, even if you haven’t booked an airline ticket you may still very well open the attachment – especially if you believe your credit card may have been charged for such a large amount of money!

 

Sophos detects the malicious file attached to the emails as Mal/BredoZp-B and Mal/EncPk-MP. Users of other anti-virus products are advised to ensure that they are up-to-date and capable of detecting this email-borne threat.

 

By Graham Cluley, Sophos

 

 

Related Blogs

The FarmVille ‘Three Spring Eggs’ virus is a hoax

Panic is spreading quickly amongst FarmVille’s many online players following internet reports of a virus connected with sharing three eggs.

 

The Facebook farming simulation game, which is a huge hit on Facebook with over 80 million regular players, is currently being dogged with false reports that a virus is spreading via links which offer gamers the ability to send three eggs at once.

 

A typical warning being spread by concerned FarmVille players reads as follows:

RED ALERT!!! Norton has just informed me that the post for Send the 3 spring Eggs at a time is a virus, Rawand Bradosty is a HACKER from Pakistan, do not click on this post it is not legitimate, please copy and repost immediately.

The truth, however, is that we have not seen any virus being distributed in this manner and Rawand Bradosty appears to be having his name tarnished without justification. In fact, it could be argued that the warning is causing much more disruption and time-wasting than a genuine virus outbreak would ever have done!

Of course, you should always be careful about clicking on unsolicited links as they could lead you to page containing malicious content or a site designed to phish credentials from you. And you should ensure that you have up-to-date security on your computer, checking every link that you click on. But in this case, the scare has got out of hand and is proving to be a hoax that is hard to stamp out.

 

Do your bit – don’t forward virus alerts to your friends and family until you have confirmed that the alert is real with a reputable security company. Otherwise, you could be just helping to keep a hoax alive.

 

Don’t forget, if you’re on Facebook you may want to become a Fan of Sophos on Facebook to help stay up-to-date with the latest security news.

 

By Graham Cluley, Sophos

 

 

Free Zemana AntiLogger for EVERYONE By Softpedia.com (Today Only)

“Zero-Day” (aka “0-day”) is fast becoming the most feared buzzword in the computing world, and detection delays while suspected malicious files are analyzed and “fingerprints” are generated mean that new threats which can attack and compromise your computer even if you have the latest up-to-date anti-malware software installed might be running around the Internet undetected for hours, or even days.

 

 

Zemana AntiLogger is designed to protect your computer against such attacks. No matter which anti-malware program you’re currently using, you need the added protection of Zemana AntiLogger!

 

AntiLogger is dramatically different from traditional products that rely heavily on “fingerprints” created by lab analysts and researchers to detect malware. It doesn’t need “signature updates”. It understands how malware attacks your computer, and its unique technology detects malicious programs when they try to run on your PC and shuts them down BEFORE they can steal your identity or your confidential information.

 

• Bank online and perform other financial transactions safely and securely.
• Defeat malware programs that seek to capture your sensitive data before it’s encrypted.
• Actively monitor and shut down keyloggers, SSL banker trojans, spyware, and other malware.
• Defend against programs that other antivirus protection apps let through.
• Does not slow down your PC Windows Vista/ XP/ 7 compatible.

 

Giveaway Offer In Collaboration With Softpedia.com

Type: Free Giveaway Offer ($34.00 To Buy)
File Size: 6.00 MB (About 30 seconds on broadband connection)
Requirements: Windows XP/Vista/Windows 7 (32-Bit)
Version: 1.9.2.185

The Offer still running

 

Check your password — is it strong?

Your online accounts, computer files, and personal information are more secure when you use strong passwords to help protect them.

 

Test the strength of your passwords: Click Here

 

Powered by Microsoft

Baidu, China’s largest search engine, defaced by Iranian Cyber Army

Hot on the heels of last month’s attack on Twitter, the so-called “Iranian Cyber Army” appears to have defaced another high profile website.

 

Baidu, formed in 2000, is China’s number one search engine, dominating the home market for online searches – partly because it had a six year head start over Google. As a result of its huge popularity, it’s no wonder that from time to time hackers might try and take advantage of the site, just as top websites can be in the frame for attack in the West.

 

Earlier today, visitors to Baidu.com’s home page were met with a message – “This site has been hacked by Iranian Cyber Army” – alongside what I presume to be Farsi, and a picture of the national flag of Iran:

It’s not presently clear whether Baidu’s site itself was compromised or, as in the case with the Twitter attack, its DNS records. If the website’s DNS records were breached then the hackers would have been able to redirect users who typed www.baidu.com into their browser to a webserver under their control.

 

Within two hours the Baidu website appeared to be returning to normal operation, and as far as we can tell the motive for the attack was political rather than financial. However, imagine how easy it might have been for the hackers to have created a cloned version of the main Baidu webpage complete with a silent invisible-to-the-naked-eye link to a software exploit or piece of malware.

 

Attacks like this are a reminder to everyone that you always need to have security scanning every webpage you visit, even if it’s an established legitimate website.

by Graham Cluley, Sophos

 

New Free SUPERAntiSpyware Online Scanner/Remover!

 

Follow the instructions below to initiate the SUPERAntiSpyware Online Scan. The scanner will detect AND remove over 1,000,000 spyware/malware infections. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled.

 

The SUPERAntiSpyware Online Safe Scan is free for personal use.

 

How To Use :

 

1. Start the Scan

Click on the button to start the scanner download process.

 

2. Download the Scanner

Click the RUN button when prompted. If you are using a browser other than Internet Explorer then prompt may be different.

 

3. Wait for the Scanner to Download

The scanner will download in just a few seconds.

 

 

4. Run the Scanner

Click the RUN button when prompted. This will start the scanner.

 

 

5. Do the scanner and removal

Click the “Click here to Start” button and then “Check for Updates” to update the  Definition then click on “Scan your Computer” button to start the scanning process.

 

 

President Obama Wants You to Protect Your Computer (Video)

President Obama explains how the growth of digital networks has increased the need to invest in online security, as well as steps individuals can take to protect themselves from online threats. October 14, 2009. (Public Domain)

 

« Previous Page — Next Page »