While some online users may think that choosing an unsecured WiFi network at a coffee shop or friend’s apartment is a harmless endeavor, there are, in fact, many dangers linked to this kind of risky behavior. An unsecured WiFi network provides an all-too-easy-to-access gateway for cybercriminal activity – from illegal file downloading to spreading malware. In response to such cyberattacks, one country is cracking down on the source of the problem.

Continue reading

Posted in Privacy | Tagged , , , | Leave a comment

Author: Alan  Lee – PC Tools malware research team

Antivirus 2010 Security Centre is a rogue security application which uses fake detections to entice infected users to pay for the application which does not function or remove malware as intended.

Moreover, victims who had already paid for the application run the risk of their credit card details being stolen or misused by unscrupulous creators of the rogue security application.

Manual removal of Antivirus 2010 Security Centre

To manually remove Antivirus 2010 Security Centre, remove the following registry entries:

  • HKEY_CLASSES_ROOT\Interface\{ba60ca52-633e-ddc9-e301-3646ea01eeda}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{????????-????-????-???????????? } “DisplayIcon”

Type: REG_SZ

Data: \\.\globalroot\systemroot\system32\us?rinit.exe

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\userinit
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\userinit

Please note:

{????????-????-????-???????????? } are random alphanumeric characters

All registry keys referenced to \\.\globalroot\systemroot\system32\us?rinit.exe

Also remove the following files:

  • c:\Documents and Settings\All Users\Application Data\.wtav
  • c:\Documents and Settings\<username>\Local Settings\Temp\{E9C1E0AC-C9B1-4c85-94DE-9C1518918D02}.tlb
  • c:\WINDOWS\system32\ms??????.dll [note: ?????? are random alphabets]
  • c:\WINDOWS\system32\us?rinit.exe [note: user may need to use external tool e.g. pctools file&registry tool to delete this file, please do not delete userinit.exe instead, to get the tool and guidance, post a thread in our forums.]
  • c:\WINDOWS\Temp\{E9C1E0AC-C9B1-4c85-94DE-9C1518918D01}.tlb

WARNING: Editing the registry incorrectly can cause serious problems that may require you to reinstall Windows. PC Tools cannot guarantee that problems resulting from the incorrect editing of the registry can be solved. Edit the registry at your own risk or refer to our malware removal forum for guidance .

Posted in Malware Alerts | Tagged , , , , , , | Leave a comment

Imagine you received the following email:

Subject: Here you have


This is The Document I told you about, you can find it Here.
(malicious link)

Please check it and reply as soon as possible.


If you received the “Here you have” email from someone in your list of contacts, would you click on the link? If you said yes, you’d be the latest victim of a recent email virus (there’s also an alternate version of the email that offers free porn—don’t fall for this scam either!). And don’t worry—you wouldn’t be alone. This email virus has affected thousands of people, spreading like wildfire in September and even accounting for up to 14 percent of the world’s spam during a few hours on Thursday, September 9th.

The fast-spreading email virus, or worm, to be more precise (a “worm” is just a computer virus that self-replicates), mostly affected US corporate email networks. Among its many victims were prominent organizations like Disney, Proctor and Gamble, Wells Fargo, and NASA.

This simple yet effective piece of malware is known as the “Here you have” worm—after the subject line used frequently in the infected emails (some of the emails have been found to use a different subject line, like “Just for you”). For a more technical overview of the so-called “Here you have” worm, including advice on how to remove it, click here.

How are email viruses and worms like “Here you have” so successful? You would think people would be better by now at recognizing suspicious emails, especially given the amount of experience we’ve had with email viruses in the past. They’ve been tormenting us ever since the first email virus was created in 1982.

Since then, we’ve dealt with other email viruses responsible for massive disruption, such as “Melissa” or “ILOVEYOU,” which used an attachment, “LOVE-LETTER-FOR-YOU.TXT.vbs,” to propagate. More recently, the Conficker worm, first identified in 2008, spread so effectively that it’s now credited with producing one of the largest worm infections ever.

Email viruses of the past took advantage of people’s naïveté when it came to email, and the recent “Here you have” worm proves that we still haven’t fully learned from our mistakes. Sometimes, it’s hard to believe just how much damage an intriguing subject line can cause.

Posted in Virus News | Tagged , , , , | Leave a comment

Email-Worm.Imsolk is a worm that propagates via email, removable drives and network shares. It sends emails containing a malicious download link to email addresses harvested from the infected machine.

The worm targets recipients from contacts found in the Outlook Address Book and from the instant messaging software Yahoo Messenger.

The malicious email messages we have seen being sent out by this worm are the following:

Subject: Here you have or Just for you

This is The Document I told you about, you can find it Here.
(malicious link)
Please check it and reply as soon as possible.



This is The Free Dowload Sex Movies, you can find it Here.
(malicious link)
Enjoy Your Time.


Again, we can see that the bad guys are using social engineering by sending the malicious emails under the infected machine’s email address. Another trick used in the attack is the way the malware hides the actual download URL. The links above take an unsuspecting user to PDF files. Upon execution, the worm drops the following copies of itself:


In addition to the above files, the following files are also created on the affected machine:


Continue reading

Posted in Malware Alerts | Tagged , , , , , , | Leave a comment

Bots, or robots, serve a command computer by carrying out automated functions at their master’s bidding. Sounds ominous, don’t you think? In fact, common uses of bots include crimes, such as denial-of-service, extortion, identity theft, spam, and fraud. Multiple infected computers together form a botnet, with each individual computer termed a zombie, implying a lack of control over its own functions. Although bots are essential tools to the modern cybercriminal, not all bots have a malicious intent, as we can see most clearly when analyzing certain cases from Twitter.

A 2009 report discovered that one-quarter of all tweets come from bots—the percentage now is surely much higher. While a number of these bots were created for spamming purposes, others are from popular sites like IMDB or Digg. Still others were personae invented out of, one assumes, a desire to explore the capabilities of the medium.

In one instance recorded early last year, a Japanese blogger was shocked to uncover the truth about two “really close” friends on Twitter that were in fact bots—bots designed as part of a contest for realistic Twitter bots, but bots nonetheless. In a subsequent post, the blogger describes his initial dismay, but ultimately reflects, “…I hardly have any real contact with most twitter users. They’re all people I talk to exclusively through this intermediary, twitter. In the end, apart from real acquaintances, the majority of these people are not humans, but just ‘twitter accounts.’ It really has nothing to do with whether they’re bots or not.”

A TechCrunch article explored the fictional persona of Jason Thorton, a bot developed in three hours as a side project. The real human behind Jason observes, “When the free flow of information becomes open, the amount of disinformation increases. There’s a real need for someone to come in and vet the people we ‘meet’ on social sites — it will be interesting to see how this market grows in the next year.”

These two examples raise some interesting points about the nature of online interaction. Bots will surely remain difficult to police, and as more stories like the aforementioned crop up, will people question the depth of the relationships they form through sites like Twitter, where communication is truncated to its briefest incarnation? Or, will simulated responses become par for the course, and appreciated in their own right as contributions to online dialogue?

Posted in Hackers | Tagged , , | Leave a comment

In a previous post, the concept of spear-phishing was introduced. Its more common relative, phishing, is one of the most notorious online security threats. Phishing refers to an attempt by a hacker to obtain confidential information about a user through fraudulent means – specifically, by pretending to be a legitimate communication from a credible source. In a typical phishing scheme, a spam email will direct a reader to an external website, often with a masked URL. When the user inputs his or her information, it falls into the hands of the cybercriminal. Usernames, passwords, credit card information and the like are then up for grabs (the perpetrators themselves can steal someone’s online identity or they might instead choose to sell the details to a well-paying source).

Even the most diligent of us might someday be fooled as the fake email notifications and websites look increasingly authentic. Lucky for us, popular browsers are just as concerned about protecting our online safety.

A number of browsers have built-in protection like anti-phishing features; these include Mozilla Firefox 2 or later, Microsoft Internet Explorer 7 or later, and Safari 3.2 or later. An alert will warn users of suspicious circumstances, hopefully preventing would-be victims from falling prey to (usually) financial scams. (There is some debate over how effective these warnings are, but a browser can only do so much for a determined human.)

Another useful feature is domain name highlighting (available on IE8 and Google Chrome, also as an extension for Firefox), which helpfully points users to the actual domain name of a site. On a fraudulent website, the domain name might appear to be that of a legitimate bank, but that bank’s name is followed by other spam-like letters and numbers—the real domain name.

To guarantee that you are always best protected online, make sure that you have the latest version of your browser. This information is easily accessed through the “About” section of your chosen browser, or “Help” then “About.” It is also wise to stay informed of patches and upgrades, but only from trusted sources!

(For PayPal’s Safer Browsers FAQ, click here.)

Posted in Privacy | Tagged , , , , , | 2 Comments

The Council of the European Union is contemplating the creation of a cybercrime unit that would foster international cooperation on issues arising from technology-related matters. The centralized agency would bring together law enforcement agencies and other organizations dedicated to fighting cybercrime. This possible measure was proposed during the general affairs meeting of the council, held in Luxembourg on April 26.

Continue reading

Posted in Hackers | Tagged , , , | Leave a comment

According to a report released by Symantec early this year, 75% of businesses were cyber-attacked in 2009. Although the report covered general trends (see some statistics below), an article from the San Francisco Chronicle shed some light on how this might be happening; the answer is spear-phishing.

While the term “phishing” is probably a familiar one, spear-phishing may be new to most readers. As the name suggests, “spear-phishing” defines a more specialized phishing scheme (an attempt by a hacker to obtain confidential information about a user through fraudulent means). Spear-phishing targets a specific employee in order to gain access to a company’s information. As 2010 continues to question and define our notions of internet security, this is surely a technique about which we will increasingly hear.

With a multiplicity of social networks available to fill every niche, it’s conceivable that a cybercriminal (or anyone with a computer, really) could compose an entire snapshot of someone’s life: friends from Facebook, colleagues from LinkedIn, whereabouts from FourSquare, etc. As such, it’s not a huge leap to then have the ability to personalize a phishing scheme. Spear-phishing involves a lot more research than simply spamming hundreds of thousands of people, but the ends justify the means, as the tactic is far more effective. Targeted attacks yield results between 25 and 60% of the time, compared to less than 1% from traditional spam. Even worse, that one victim can put an entire corporation, university, or small business at risk.

Fortunately, spear-phishing attacks are scarce by the very nature of the scam—if they were commonplace, they wouldn’t be nearly as effective. The preventative measures remain the same as when dealing with any scam (keep your antivirus software up-to-date, double-check URLs before clicking, beware of unexpected or suspicious attachments), but stay extra cautious—remember, it’s not just your own internet security at risk.

Select statistics from the January 2010 survey of 2,100 CIOs and IT managers from 27 countries (reported in the London Times):

• Last year, 75% of businesses worldwide were exposed to a cyberattack
• 42% of businesses consider cybercrime their greatest threat
• A cyberattack costs a company $2 million

Posted in Online Fraud | Tagged , , , | Leave a comment

Second part of the article from the Crime Scene Investigation:Internet series has now been published by c’t magazine.

This time the Action Script’s p-code deobfuscation technique is illustrated.

You can read this article in German or in English.

Posted in Hackers | Tagged , | Leave a comment

In an event not unlike Toyota’s spectacular fall from consumer grace with the recent accelerator pedal recalls, faulty computer components recently compounded Dell’s ongoing public relations and financial woes. Documents unsealed in a federal lawsuit suggest that Dell knowingly covered up a tendency for the capacitors in their mainstream OptiPlex line of computers to “pop” and “leak.” Capacitors play a crucial role in directing the flow of current across computer motherboards. They are not supposed to pop or leak.

Dell appears to have been the worst victim of the industry-wide capacitor plague. Due to a formula mix-up, an Asian PC component supplier distributed capacitors that were inclined to burst and spew brown liquid. Though many companies, such as Apple and HP, also received these carbuncular capacitors, they did not distribute as many affected computers as did Dell.

Doesn’t sound too terrible, right? Well, here’s the kicker – Dell employees appear to have gone out of their way to hide these problems.  So when customers called Dell hoping for help with their computers, customer service agents allegedly sidestepped the issue and allowed people to rely upon their faulty machines.

Attorneys maintain Dell’s innocence, saying that plaintiff Advanced Internet Technologies “cherry-picked” documents to create an illusion of impropriety. Choice snippets from these documents report:

We need to avoid all language indicating the boards were bad or had ‘issues’ per our discussion this morning.”

Other documents indicate that Dell salespeople were instructed:

Don’t bring this to customer’s attention proactively” and “Emphasize uncertainty” when addressing the OptiPlex systems.

Doesn’t sound very “cherry,” does it?

Though Dell extended its warranty on the affected systems and replaced them when customers requested, they did not recall the computers. As such, many of Dell’s OptiPlex customers may be unaware that they have defective computers.*

Perhaps the alleged cover-up should not be surprising considering that Dell sold millions of OptiPlex systems between 2003 and 2005, including a large number to some of its biggest customers – Wal-Mart, Wells Fargo and the Mayo Clinic, among others. In an interesting development, Dell even balked at replacing computers at the law firm defending them from the lawsuit.

Whether the case settles or goes to trial, if the capacitors caused data loss, Dell may face a whole new wave of customer complaints and lawsuits.

* From May 2003 to July 2005, Dell shipped around 12 million potentially faulty OptiPlex desktop computers – the company’s mainstream product for business and government customers. Two of the primary models affected are the OptiPlex GX270 and OptiPlex GX280.

Posted in The Law | Tagged , , , , , , | Leave a comment

Antivirus protection is a necessity for anyone who is digitally active. Cybercriminals, ever the opportunists, understand this need and have come up with yet another way to steal your cash – using malware that poses as antivirus software. This type of malicious software, known as “scareware,” often appears on a legitimate site as a pop-up ad claiming that your computer has been infected with a virus. The victim, scared (hence the name) of the potential damage, purchases and installs the “recommended” software. Consequently, the victim’s computer is infected with malware and/or his credit card information is in the hands of a cybercrook.

Even if you only visit legitimate sites, you can’t completely avoid scareware. Google and The New York Times’ website are just two examples of sites that have been exposed to fake security software. Adding to the difficulty of detecting this type of malware is the fact that scareware (also known as “rogueware” or “rogue security software”) will often appear as a message from the user’s own computer. Thanks to these aggressive tactics, thousands of people fall for these scams every day, allowing cybercriminals to steal hundreds of thousands of dollars.

To avoid falling for scareware scams, purchase top-notch antivirus software, such as PC Tools’ Spyware Doctor with Antivirus, and never click on any message with a different name. Also, install all updates to your operating system and make sure that all security patches are updated for your internet browser. If you think you’ve clicked on a scareware ad, run an antivirus scan immediately. Finally, if you’ve purchased rogue security software, call your credit card company to dispute the charge and, for your computer, take immediate steps to remove the fake product.

(Watch out! Currently, there are several rogues out to ambush computer users, so be sure to avoid Security Suite and Antivir Solution Pro–these are fake anti-spyware tools. If you’ve fallen victim to scareware, tell us in the comments.)

Posted in Online Fraud | Tagged , , , , , | Leave a comment

It took some time, some patience and some extra samples analysed to see how the original blog post on a Flash exploit has eventually evolved into an article for a German computer magazine c’t (magazin für computertechnik).

Original article in German is available at this link. Its translation into English is available here.

Thanks to Frank Boldewin and Jürgen Schmidt for making it happen.

Posted in Hackers | Tagged | Leave a comment

Spammers have found a way to circumvent spam filters – by replicating Gmail address templates. As a result, Gmail.com has become the most abused domain name. According to an article on NetworkWorld, only one percent of Gmail spam emails are from legitimate accounts. Additionally, this minute percentage likely reflects a mix of spammers and accounts that have been compromised.

Currently, fake Gmail emails account for approximately five to ten percent of all spam by volume. While this type of spam is certainly on the rise, it isn’t the only platform being abused by spammers. Other popular messaging formats, such as Facebook and PayPal, are exploited by cybercriminals to conduct a plethora of illegal activity, from spam emails to phishing scams.

Fortunately, email clients, such as Gmail, have become more sophisticated at filtering spam. Therefore, the average user doesn’t have to deal with it on a regular basis. Yet, this hasn’t diminished the amount of spam out there; in fact, the total volume of spam has increased. Replicating common email templates like Gmail and Facebook is the latest way that spammers hope to dupe recipients into falling for their schemes.

In response to increased spam and other cybercrime abuses, Gmail now warns users about suspicious account activity. When it appears that a particular account has been hijacked, Google sends an alert to the user.  Using factors such as the IP addresses of successful log-ons, Google can determine whether to send a warning to the user. To report spam abuse on Gmail, click here.

Posted in Spam | Tagged , , | 2 Comments


Combine the illicit thrill of an exotic dancer with the manipulative genius of a hacker and you have one of the worst computer viruses of all time. Melissa was created by David L. Smith, named for his favorite Friday Night Gal, and released into the world on March 26th, 1999. Posing as an email attachment, the self-replicating virus activated when the malicious attachment was opened, then sent itself to the top 50 people in the email client contact list. The damage was so great that some companies had to shut down email programs until the virus was contained. Smith was convicted, fined $5,000 and spent 20 months in jail. Before Melissa, public knowledge of the detriment of malware was previously unknown.

ILOVEYOU/Love Letter

Ironically named, this love letter was sent from the Philippines in May of 2000 and wreaked havoc on computers around the world. Beginning as an email that claimed the attachment contained honey-filled words from a secret admirer, the subsequent worm that was unleashed worked in multiple ways. After copying itself into several different files and adding new registry keys to the victim’s computer, ILOVEYOU would then download a password stealing application that would email personal data to the hacker’s account. ILOVEYOU then used email and chat clients to send itself to other sources, further perpetuating the cycle. Some sources claim the ILOVEYOU computer virus caused over $10 billion in damages.

Code Red

Taking advantage of a vulnerability in Windows 2000 and Windows NT operating systems, the Code Red and Code Red II computer worms began to gain traction shortly after their 2001 release. Creating a large botnet by installing backdoors on infected machines, Code Red initiated a DDos (distributed denial-of-service) attack on the White House by commanding all computers within its extensive network to contact its web servers at one time. This act overloaded the servers, rendering them unable to perform their needed actions.

SQL Slammer/Sapphire

The SQL Slammer, also known as Sapphire, was a computer virus that infected the most heavily used web servers across the US at an alarming rate. In January of 2003, the SQL Slammer caused a number of issues including outages in 911 service in Seattle, crashed the Bank of America’s ATM service, and left Continental Airlines with so many electronic issues that they were forced to cancel flights. Over the course of the computer virus’ extensive life, it caused over $1 billion in damages before antivirus and antispyware software was able to patch the problem.

MS Blast

MS Blast, also known as Blaster or Lovesan, was a computer virus born in 2003 that exploited a known vulnerability in Windows operating systems. The virus quickly spread to hundreds of thousands of PCs and included a personalized message to Bill Gates stating, “Billy Gates why do you make this possible? Stop making money and fix your software!!” Some sources estimate that MS Blast caused between $2 and $10 billion in damage over its tenure.


A relatively new exploit, Sasser, began to infect computers around the world on April 30th, 2004 by taking advantage of non-updated Windows 2000 and Windows XP operating systems. Once a PC was infected with Sasser, the malware would scan the PC for other unprotected computers in its network and replicate onto them. Aside from causing massive damage to the computer, Sasser also made shutting down any computer difficult without cutting off the power source. The same group of black hat hackers that created Sasser also took credit for Netsky, a virus that propagated through an email attachment, causing massive DDoS attacks. At their height, the two viruses were said to have cost tens of millions of dollars in damage, including forcing flight cancellations and delays for Delta Airlines and shutting down satellite communications a few French news agencies.


MyDoom makes the list for its ability to bring prominent search engines to their knees. In February of 2004, the creators of MyDoom released the first phrase of this virus into the world. The worm installed backdoors on computers and initiated a DoS attack. The worm was commanded to stop distributing just short of two weeks after it began. Later that year, MyDoom was released again with greater voracity. Like other viruses of its lot, MyDoom searched email contacts as a method of proliferating. Unlike other viruses, MyDoom also submitted these contacts as a query to search engines like Google in an unprecedented denial of service attack. With millions of search requests from corrupted computers coming in, search engines were significantly slowed and some even crashed.


Known as a computer virus that broke ground, Klez goes down in infamy as one of the most malicious viruses of all time. In late 2001, Klez began infecting computers through email messages that would install, replicate and then send themselves to every contact in the infected computer’s address book. Klez also used a tactic called “spoofing” – putting the names of people from the contact list in the “From” line and sending away – giving the impression that the email messages were coming from someone else. The malicious incarnation carried harmful programs that could function like a normal virus, disable antivirus software, or appear as a trojan. The worst forms of the virus rendered infected computers completely inoperable.


The Nimda worm is well known in the internet security world for being one of the fastest spreading viruses for its time. Nimda spread through the internet with a fierceness that had never been seen, its main target being internet servers. According to some sources, Nimda hit the top of reported internet security attacks only twenty two minutes after being released into the wild. Although personal computers were greatly affected by this worm, its main purpose was to bring the internet to a crawl, targeting some of the world’s most used servers.


The Storm Worm, which has many aliases, debuted in late 2006. This trojan horse spread through emails containing catchy subject matter such as “230 dead as storm batters Europe.” The program installed holes in PCs, although the Storm Worm itself was not the payload. Some versions of the payload turned computers into bots that were remotely controlled for nefarious purposes. Mostly, the Storm Worm was used for spreading spam through the botnet.

Posted in Virus News | Tagged , | 1 Comment

Most computer users don’t think twice about opening their chosen web browser and searching, exploring and clicking their way to a wealth of information. But how often do you think about how safe the communication portal is? Browsers of all kinds are known to contain flaws that can be exploited by hackers. Malware, spyware and various computer viruses can infiltrate your PC by simply popping open Internet Explorer, Firefox or Safari.

Because web browsers are generally installed on computers before they reach the consumer, most people don’t think twice about using the program to its fullest capability. The problem is that most browsers aren’t configured with absolute safety in mind. This means that simply visiting an infected site may cause the unbeknownst installation of a computer virus or a drive-by download. Most users fail to check links before clicking them or don’t fully check the URL for security. This lack of personal configuration coupled with casual human tendencies can lead to a disastrous combination.

Fortunately, it’s fairly easy to safely configure a web browser to optimize security. To begin with, users need to be aware of the components of most browsers, including ActiveX and Scripting, which are notoriously riddled with vulnerabilities. These features can be disabled overall and utilized only when necessary. Most web browsers can be configured with more rigorous safety settings under either the Tools or Preferences tab, depending on the browser.

Sometimes, having to manually enable certain browser features can be a bit of a hassle when it comes to optimizing the user experience – the main reason most browsers are installed with more relaxed settings. One option is to have multiple browsers on your computer and have one configured to the highest possible safety settings to be used for more sensitive sites (such as online banking). Aside from configuring your browser, it’s equally important to have quality, up-to-date antivirus and antispyware software installed to quash potential threats, like award-winning PC Tools Spyware Doctor with AntiVirus.

Posted in Privacy | Tagged , , | Leave a comment

Surfing the web without any kind of protection is akin to diving into bloody, great white shark-infested waters without a cage. Yes, the internet is a fantastic world of instant satisfaction that most of us can’t live without, but if you contract a nasty virus or get your identity stolen, you will have to do just that. Luckily, there are plenty of little steps that average users can take to make it harder for unwanted individuals to access all that precious information we keep stored on our computers.

First, take the time to correctly install, configure, and maintain decent antivirus and antispyware software (may we recommend award-winning PC Tools Spyware Doctor with AntiVirus?). Next, make sure you have a firewall, and that you are using it. For those of you who may not know, firewalls are configured (in hardware, software, or both) with specific criteria to block or prevent unauthorized access to a network. Most operating systems come with some form of firewall; turn it on and keep it up to date (Microsoft users: be sure to mark Patch Tuesday, the second Tuesday of each month, on your calendar).

Stay away from downloading or opening just anything and everything that comes your way. Be picky about software that you install on your PC; make sure you know what you’re getting. Downloading software at random can open the door to malware, including spyware and adware. The same goes for email. If you don’t recognize the email address, don’t open it. Stifle your curiosity and delete it. More than likely, IT IS SPAM. And definitely don’t click the link. Even if you get an email from someone you know that includes a shortened URL (such as bit.ly or tinyurl.com), it’s best to see the full link before committing to the click (there are external sites that can expand the URL for you to view).

Guard your personal information like you guard your wallet on the bus. Don’t use the same password for every account you have (and don’t use an easily predictable password, either). When shopping online, make sure the site into which you enter your card information begins with https://. Certain sites are known for harboring malware more than others, including porn sites, gambling sites, unfamiliar gaming sites, and any site that generally seems too good to be true. Stay away from these if you can help it, and your PC and personal identity will be much safer.

Posted in Online Fraud | Tagged , , , , | Leave a comment

Cybercriminals these days are not merely hackers looking to tap into your email account; they have evolved into sophisticated crooks who take advantage of any opportunity to set their traps. Not surprisingly, major global events, such as the Olympics or the World Cup, offer ideal opportunities for illegal activity, as they provide criminals with an immense audience of millions of potential victims. Even the most tech-savvy consumer should be aware of common online dangers (like search engine poisoning) during high profile happenings.

A prominent example of cybercriminals capitalizing on one such event occurred during the 2008 Beijing Olympics. Hundreds of fans from across the globe were duped by a fraudulent site called BeijingTickets.com. The fake site claimed to offer tickets for events, such as the Opening Ceremonies, charging as much as $2,150 per ticket. Only after booking, when the tickets were not delivered as promised, did the victims realize the site was a scam. Since the site had a professional layout, detailed logistical information, a complicated booking process, and included the Olympic logo, many victims didn’t think twice about providing their payment information.

Other popular cons during the 2008 Beijing Olympics included spam emails linked to malware. Spammers used alluring titles like “Are Chinese gymnasts too young for Olympics?”, a controversial issue at the time, to prompt greater open rates. Additionally, one source estimated that phishing scams, used to capture victims’ personal information, rose by a staggering 66 percent during the 2008 Games. Since the FIFA World Cup is currently taking place in South Africa, fans should be aware of these types of online scams in order to avoid becoming victims of cybercrime.

Major sporting events are not the only events that lead to an increase in criminal activity. Cybercriminals also use prominent international news stories, such as the January 2010 earthquake in Haiti, to implement their schemes. According to the Symantec Spam and Phishing Report, cybercrooks began capitalizing on the Haiti disaster within 24 hours of the event by tricking people into donating funds to phony charities.

The bottom line is that cybercriminals will use any means necessary to earn a buck. However, by staying alert and educating yourself about common internet threats, you can avoid becoming a victim of cybercrime yourself.

Posted in Online Fraud | Tagged , , , , , | Leave a comment

In this growing age of iPhones accompanying silverware at the dinner table and Blackberrys being a table ornament at most business meetings, the question arises of the security of such devices. The rapidly growing demographic of Smartphone and PDA users is increasingly at risk of contracting malware, being targeted by spam, and falling victim to identity theft. The nature of this technology, including the size, portability and wireless interfaces upon which the gadgets function, makes them ideal candidates for these internet security breaches. As we as a culture rely more on our handheld devices to maintain a connection to our peers, our families and our jobs, it is important to remember that, just like your computer, these devices need to be safeguarded against the risk of infection.

Generally, mobile malware is developed for phones that have software development kits (SDKs) where external programmers can develop applications for the devices (think the iPhone App Store). Computer viruses and worms can also be transmitted when a device is being synchronized with a computer, through internet downloads on Smartphone and PDA browsers, via emails received on your phone, or when your device is connected to a wireless interface such as WiFi or Bluetooth. Aside from traditional email spam, spammers are beginning to use text messaging and voice messaging as another means to send unwanted advertisements. Users may even be charged by their carriers for such messages. GPS tracking is also becoming a more prominent feature on most phones, making locating individuals simple if geolocation software is left on. This is another avenue for hackers to engage in identity theft.

There are plenty of steps you can take to safeguard your phone so that, if you end up experiencing the life-altering instance where your phone is lost or stolen, your information, and more importantly, your identity are not. First of all, learn about and use the built-in security features that come with every phone. This includes password protection, pin number usage on applications, and user verification. Although these measures may seem tedious at first, each one is a small safeguard against potential threats. If your phone is taken, these security measures may not prevent total access, but they may buy enough time to fully deactivate the device and prevent any information from being stolen.

Another key security measure is to keep all wireless interfaces turned off unless they are in use (this will also prolong battery life). Lastly, make sure your PC has up-to-date antivirus and antispyware software such as PC Tools AntiVirus Free. This will prevent any malware from spreading between your phone and computer during synchronization. Although each of these is a small measure to be taken, they will collectively go a long way in ensuring your internet safety.

(Read more here, from The Register.)

Posted in Privacy | Tagged , , | Leave a comment

The main difference between free antivirus products and purchased antivirus products lies in level of protection. Free antivirus products only protect against previously known threats – a good starting point, but one that might be trouble if you are a constant internet user. An even bigger problem arises when you incorporate higher risk sites, such as music sharing sites, adult websites, and online gambling sites. The most poisoned search terms are ones that include the words “free” or “lyrics.”

Paid antivirus software, like PC Tools Spyware Doctor with AntiVirus or PC Tools Internet Security, both protect against known threats and unknown threats. Such software takes a heuristic approach to internet security by providing advanced methods of detection and protective measures like firewalls. Although free antivirus software is far better than nothing, you need to appreciate the fact that the information in most free antivirus products comes from a database of information that isn’t top a priority to update.

PC Tools AntiVirus Free, a good basic option for protection, is equipped to warn you about potential threats and malicious websites with enhanced features like Browser Defender. However, warning about future threats and stopping them are two different things. Although PC Tools AntiVirus Free offers more features than most free antivirus products, for full coverage and safety, upgrade to award-winning PC Tools Spyware Doctor with AntiVirus or PC Tools Internet Security for superior web protection.

Posted in Virus News | Tagged , , | Leave a comment

    In today’s internet era it seems that whenever the latest hot topic appears, there’s always corresponding malware or a rogue antivirus threat lurking behind it. Cybercriminals are quick to grab every opportunity they can find to infect their next victim. Previously, visiting porn sites was the main way that your computer might commonly get infected. These days malware creators don’t limit themselves to porn sites, they’re also using other techniques to connect these threats to wherever internet users search for interesting news on the latest natural disaster, sports events or other hot topic.

     As the release date of the third installment of the popular Twilight saga draws near, it is becoming increasingly interesting to malware writers. Last June 18th, the PC Tools Malware Research Centre found a variant of Rogue AV exploiting topics such as the release date, ticket release dates and soundtrack of this movie. As with the previous installment, the upcoming Twilight Eclipse movie is no exception to the latest technique of SEO-poisoning.

Sample Search results

     Internet users searching for news about the new Twilight movie may stumble upon search results like these – and clicking one of the highlighted results will redirect you to a fake antivirus site.

Sample Redirection

     Once users click on the malicious search result, they are redirected to a rogue antivirus site where a fake alert will pop up. This incorrectly informs the victim that their computer has been infected with malware and in what appears to look like a genuine Windows security alert, offers next steps for the user. The following are examples of how these appear:

     When the user decides to proceed by accepting the ‘protection’ which is on offer, the download, installation and execution of the rogue antivirus comes next.

     Internet users are encouraged to be vigilant when visiting sites that appear in internet searches for popular news topics, even when they come from a known source.

     PC Tools Spyware Doctor with AntiVirus coupled with PC Tools Browser Defender technology detects and blocks this malware and alerts users to websites hosting web threats that are using the technique mentioned above. It is recommended that users make sure their software is up-to-date by using Smart Updates, and that Behavior Guard is enabled to help ensure they are fully-protected against both current and new or unknown web threats.

Posted in Malware Alerts | Leave a comment

In this world of immediate gratification, most of us computer owners head straight to a search engine without a second thought when we need the answer to a question. It’s as easy as typing in a query and clicking on the first link generated, maybe trying a couple more if the answer isn’t immediately visible. No hassle, right? Wrong. Using search engines without having up-to-date antivirus software can be a dangerous endeavor. These days, hackers and spammers are becoming increasingly sneaky with their computer viruses, Trojans, and computer worms. A method known as “search engine poisoning” exploits the use of search engines to spread malware and viruses. This practice is becoming more prominent as a means of stealing credit card information. As the average time spent on the web increases (over 68 hours a month as of September 2009), the threat of nefarious software becomes more and more apparent.

Generally, hackers will employ black hat SEO methods to gain higher search rankings for particular terms. Common tactics include spamdexing, cloaking and placing hidden text on web pages. Black hat SEO is frowned upon by search engines, but is often utilized for search engine poisoning. By clicking on poisoned links, users will often get notifications that their computer is infected with a virus that can be fixed by purchasing rogue antivirus software. Users will be prompted to enter their credit card information, which is then stolen by the cybercriminal.

The most commonly poisoned search terms often reflect popular or current events, such as “economic crisis,” “stimulus check,” or “credit crisis.” Terms related to pop culture events are often used, along with the names of actors or high profile individuals. When search terms spike in popularity, they are often targeted by hackers to spread malware. Anything with the word “free” in the search is a high risk term, especially “free music” and “free ringtones.” Aside from keeping your antivirus software up to date and running properly, it’s also important to have a good firewall, which will prevent the web pages from loading and releasing the malware into your system.

Posted in Online Fraud | Tagged , , , | Leave a comment

Fanáticos del futból han viajado de todas partes del mundo para reunirse en Sur Africa este verano a ver la Copa Mundial de Futból. La emocion del Mundial ha sido tremenda, pero los aficionados tienen que tener mucho cuidado—criminales cibernéticos también están emocionadisímos durante este evento memorable por la posibilidad de aprovecharse de los hinchas del futból.

Criminales cibernéticos hacen lo que sea para robarse los datos personales de cualquiera, y eventos mundiales, como la Copa del Mundo, les presentan un público enorme de posibles victimas. Estudios demuestran que el índice de crimen cibernético aumenta drásticamente durante eventos globales de deportes. Symantec, una compañia líder de software de seguridad, afirma que los atáques cibernéticos aumentaron en un 40% durante el Mundial del 2006 y en un 66% durante las Olimpiadas del 2008 en Beijing. Y ahora, con el Mundial del 2010 que se está jugando en Sur Africa, existe otro evento global que ha llamado la atención de criminales cibernéticos.

Expertos de la seguridad cibernética ya han identificado millones de correos electrónicos que están relacionados con el Mundial y que usan la táctica fraudulenta de “phishing.” Además, han descubierto centenares de sitios web fraudulentes que también tienen que ver con el Mundial. Estas estafas prometen dar premios como entradas a partidos, pasajes de vuelo, y alojamiento de hotel. Criminales cibernéticos usan estos engaños para obtener datos personales como datos de banco, claves, y numeros de tarjetas de credito. También pueden infectar computadores con software malicioso.

Un ejemplo de fraude que se ha visto bastante durante el Mundial 2010 es un correo electrónico que dice que el destinario ha ganado la Loteria del Mundial 2010 (no existe ninguna loteria de esta clase). Otra estafa ofrece la opción de ver partidos del Mundial en vivo a través del Internet.

Para protegerse de las estafas actuales del Mundial, tome estas medidas sugeridas por el ICPEN (International Consumer Protection and Enforcement Network):

• Averigue con un organizador oficial del evento para saber dónde y cómo se pueden conseguir boletas. El sitio web de FIFA tiene procedimientos espefícos para distribuir y validar boletas del Mundial 2010.
• Tenga en cuenta que el logo oficial del evento puede ser falsificado para dar la apariencia que un sitio web o una boleta es oficial.
• Lea lo que dicen otros del vendedor. Revise el Internet para enterarse de las experiencias de otras personas.
• Sea precavido de otros sitios web que dicen que “garantizan” boletas. Algunas compañias ofrecen paquetes sin tener las boletas en mano. Aunque el vendedor tenga la intención de entregarle la boleta en el futuro, es muy posible que no lo podrá hacer.
• Siempre imprima una copia de su pedido y guardelo por si acaso.

Otro consejo—informese siempre sobre las amenazas cibernéticas durante eventos importantes y protejase con un software antivirus excelente, como el software de PC Tools, Spyware Doctor con Antivirus.

Fuentes: Scambusters.org, Enterprise Innovation, Times Online.

Posted in Online Fraud | Tagged , , , , , | Leave a comment

Open up the wireless network manager on your laptop and chances are you’ll come across a string of available networks, most secured, but a couple not. In a pinch—you just need to check your email really quickly—you might select one of the unsecured networks, poaching wireless internet from an unsuspecting neighbor. On the other hand, perhaps you ventured quite knowingly to a chosen café, hoping to squeeze in a few hours’ worth of work with your latte. Risks abound in either scenario; care to learn more?

Why are unsecured networks unsafe?

Unsecured networks offer no protection to their users, enabling attackers to “poison” a browser’s cache (a storage area for data). By taking control of a file, a cybercriminal could replace the sites you frequent with URLs directing you to fake sites that then install malware on your computer, or steal private login details.

What steps can I take to protect my laptop?

One step is to frequently clear your cache, that repository of data on your computer. Browser settings vary, so be sure to look up appropriate instructions. WikiHow provides a useful guide for popular browsers.

Also pay close attention to the actual URL of your intended site. Some browsers or browser extensions offer domain name highlighting, which directs you to the actual domain name. On a fraudulent website, the domain name might appear to be that of a legitimate bank, but that bank’s name is followed by other spam-like letters and numbers—the real domain name.

Another precaution you might take is to enable private browsing. Once you turn on private browsing, your browser will no longer retain a history of visited sites, records of downloads, or any information that might normally be auto-completed (username or password, for instance). You can choose to always browse privately, or you can tailor each browsing session to your preference.

For a more detailed explanation of how the attack works, click here.

Posted in Privacy | Tagged , , | Leave a comment

Soccer fans from across the globe will convene in South Africa this summer to attend the 2010 FIFA World Cup. Excitement for the event is gearing up, but fans should be warned that they aren’t the only ones looking forward to this historic occasion – cybercriminals are also thrilled by the possibility of taking advantage of the World Cup’s millions of enthusiastic supporters.

Cybercriminals will do anything to steal your personal information, and major global events provide them with an immense audience of potential victims. Research shows that rates of cybercrime skyrocket in the months preceding worldwide sporting events. Symantec, a leading internet security software company, discovered that cyberattacks increased by 40 percent during the 2006 World Cup and by 66 percent during the 2008 Olympics in Beijing. The 2010 World Cup in South Africa, which kicks off June 11, is the next major happening that has grabbed the attention of cybercrooks.

Internet security experts have already identified millions of phishing emails and hundreds of fake websites associated with the World Cup. These scams promise a variety of goods and services – from game tickets to flights and hotel accommodations. Cybercriminals use these methods in order to trick victims into providing their personal data, including bank account information, passwords, and credit card numbers. Clicking on this type of scam can also cause you to download malicious software onto your PC.

One current scam is a fake email claiming that the recipient has won the 2010 World Cup Lottery (no such lottery exists), while another ruse offers fans the ability to watch games live online. Symantec has also discovered a botnet, a network of infected computers, built exclusively for the event.

To protect yourself from World Cup scams, follow these steps provided by the International Consumer Protection and Enforcement Network (ICPEN):

  • Check with the event organizer, promoter, or venue where the event will be held to learn how and when tickets are being sold. FIFA’s website has specific procedures for distributing and validating tickets to the 2010 World Cup.
  • Be aware that the official logo and trademarks (or lookalikes) of the event can be imitated to try to convince you that a bogus website, or ticket, is official.
  • Read what others say about the seller. Search the internet to learn about other people’s experiences.
  • Be skeptical of sites that say that they “guarantee” tickets. Some companies sell package deals without having the tickets in hand. Even if the seller intends to get the tickets later, they may not be able to do so.
  • Always print a copy of your order for your files.

One more piece of advice – always educate yourself about common threats during major events and arm yourself with premium antivirus software, such as PC Tools’ Spyware Doctor with AntiVirus.

Additional sources: Scambusters.org, Enterprise Innovation, Times Online.

Posted in Online Fraud | Tagged , , , | Leave a comment

The ease of online shopping makes it an alluring option for any consumer. Why fight the crowds and lines of busy stores when you can purchase your desired product with just a few simple clicks? Yet, sending your sensitive payment data into cyberspace is always a bit nerve racking. Through nefarious methods such as keyloggers and phishing schemes, cybercrooks are continuously finding ways to steal data from online shoppers. To ensure that your online transactions are secure, follow these preventative measures for a safe shopping experience:

-       Use credit cards for online transactions. Credit cards are the least risky form of online payment because they guarantee fraud protection. Due to The Truth in Lending act, a consumer’s maximum liability for unauthorized credit card use is $50 (and the liability drops to zero for online use). If you report the fraud immediately, there is typically little resistance in reversing the charges. Other payment options, including debit cards and payment services like PayPal, carry greater risks, depending on the amount of time that lapses after a fraudulent transaction occurs. If you’re interested in learning more, this New York Times article presents a detailed overview of every type of online payment.

-       Use the latest internet browser when shopping online. The latest browsers, such as Safari or Internet Explorer, have built-in encryption technology that will protect your data during online transactions. This technology involves a Secure Sockets Layer (SSL) certificate, an Internet security protocol used to transmit sensitive data. To ensure that you are using an SSL during online transactions, make sure that the “http” at the beginning of the URL has changed to “https” because that signals that the transmission is being encrypted. Additionally, there should be a small lock icon at the bottom of the browser window in the status bar.

-       Check for digital certificates. Digital certificates from security companies like VeriSign are used to authenticate websites, so make sure that the site you’re shopping on has one. For additional protection, click on the logo to verify that the certificate is legitimate.

-       Read the privacy policy. Carefully read the privacy policy on the site you’re using to check that the company won’t sell your information for any purpose.

-       Check your email and credit card statements. Check for a confirmation email after completing any online transaction to verify the purchase. Also, check your credit card and bank statements to check for any fraudulent charges. If you notice anything out of the ordinary, be sure to report it right away.

-       Never give out sensitive data! Finally, (and possibly most importantly) never give out your passwords or user ID information to any unknown source. Only enter your information into a secure website after verifying its authenticity using the steps listed above. 

For a comprehensive overview of identity theft, check out HowStuffWorks, and read related posts here by clicking on the term “identity theft” in the Tag Cloud.

Posted in Online Fraud | Tagged , , , | Leave a comment

Malware Warning

What is Clickjacking?  The newest Facebook threat tricks users into “liking” a page within Facebook, then suggests that page to your friends.  The “liked” page may contain malicious links to non-secure sites outside of Facebook.  It also damages the security of your reputation by posting to your profile that you “liked” this page, when in reality you never did.  The victims of last weekend’s clickjacking worm number in the hundreds of thousands.  How did the worm manage to spread so quickly?  Unfortunately, social networks are the perfect medium for such viral content.

The four “liked” links of which users need to be aware are:

"LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE."

"This man takes a picture of himself EVERYDAY for 8 YEARS!!"

"The Prom Dress That Got This Girl Suspended From School."

"This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"

Intriguing, right? These are exactly the sorts of messages that would spread quickly, because we are constantly emailed or IM’d similar text or photos from friends—and they usually are funny and harmless.  Cybercriminals, though, can and do prey on the lax standards we keep for links from friends.  If you fell victim to the clickjacking worm, then an alert would appear on your profile that you “liked” the page.  Any friend viewing your profile would think that because you “liked” it, and because they trust you, that the link must then be safe.  They click, the scheme is perpetuated, and in this instance, so is a trojan.

If you’ve been clickjacked, immediately take the following steps:

  • Delete all mentions of the page from your Facebook profile (in both your “Likes and Interests,” and on your profile page).
  • If you post a message warning your friends that you’ve been infected, DO NOT link to the offending page.
  • Run a virus scan on your computer to detect, block, and remove threats with complete antivirus and antispyware software.
  • If you don’t have security software on your computer, get some! PC Tools Internet Security features ThreatFire™ Behavioral Intelligence and multi-layered browsing protection that will warn you of potentially malicious links before you click them.

Stay safe, and follow twitter.com/PCTools for the latest threat links, updates, and news!

Posted in Virus News | Tagged , , , , | Leave a comment

These days, bank robbers are no longer cloaked in the guise of Bonnie & Clyde, traipsing through bank vaults with machine guns. Bank robbers are faceless, stealthy criminals spread around the world accessing bank accounts through the web and siphoning funds into offshore accounts. The amount of cybercrime that goes unreported is astonishing; some reports place the number of reported crimes at less than 50%. Overall, cybercriminals make exponentially more than traditional bank robbers and there are a few theories as to why.

One idea claims that the personal risk involved is diminished, causing criminals to be much more brazen with their targets. Other theories site the arrest rates for cybercriminals being far below normal street crime rates. Another contributing factor has to do with a large number of cyber attacks coming from countries where the US has no jurisdiction, meaning even if the criminals were tracked down, they could not be prosecuted. There is also an element of anonymity that comes with cybercrime. The victims are nameless and the crimes are far from violent overthrows that may endanger innocent bystanders.

Of the bank robberies in the US in 2009, more than twice as much money was taken via cybercrime by unknown criminals. Although the FBI is taking great pains to combat cybercrime and President Obama has publicly declared the need for more reinforcements on the cyber battlefield, one in five online consumers have been victims of cybercrime according to the annual “State of the Net” survey published in 2009. This amounts to upwards of $8 billion that has been lost due to computer viruses, phishing, and identity theft. The question is: how aware is the average consumer? Most large scale cybercrimes aren’t reported with the same gusto (when reported on at all) that violent crimes and crimes with a physical component are. Should there be a difference between drilling through a vault door (which would most certainly make the local news) and hacking into a secure database and stealing bank account numbers and passwords?

As the internet grows and further infiltrates our daily life, are we doing everything we can to protect our information? Individually, there is only so much that can be done. When hackers gain access to private records and begin selling off information, how much responsibility falls on the victim?

Posted in Hackers | Tagged , , | Leave a comment

Online users are more concerned about their personal security than the internet security of their companies, according to a recent survey. The study, featuring 1600 workers in the United States, United Kingdom, Germany and Japan, illustrated how employees across the globe are often careless about protecting company data; approximately 50 percent of those surveyed admitted to sending sensitive corporate data over an unsecured webmail account.

Participants of the study consistently ranked personal online security above company safety. For instance, while 36 percent of U.S. participants considered the loss of personal data a top risk regarding computer viruses, only 29 percent were concerned about losing company information due to the same threat. One out of three U.S. workers also admitted that they were more likely to open a suspicious link at work since the equipment was not theirs. Additionally, the survey respondents’ top concerns regarding online threats, such as phishing scams and malware, included personal privacy breeches, identity theft, and loss of individual data – added indications that the fear of individual losses outweighed concerns about corporate ones.

Aside from concerns about careless behavior, businesses also have to worry about the measures workers will take in order to exert their online independence. Even though most companies have policies in place to protect corporate data, some employees choose to actively circumvent such systems. Approximately one out of ten survey participants admitted to overriding their company’s security system in order to access restricted websites.

David Perry, global director of education for Trend Micro, the company that conducted the survey, offered some advice for companies striving to maintain online security in the face of employee-related obstacles: “The key thing to remember is that there is still potential for redress through the right security technology designed specifically for your company’s needs, as well as supportive, consistent employee education that drives awareness.”

Unfortunately, in addition to a growing number of cyberattacks aimed at businesses, companies have one more thing to worry about – the damage that can be done from within their own networks by their own employees.

For tips on defending PCs, servers, and networks, click here.

Posted in Online Fraud | Tagged , , , , , | Leave a comment

The effort to reduce our carbon footprint – the measurement of the amount of harmful greenhouse gases released by a person or corporation – is an issue that is becoming all the more important as global energy consumption levels continue to reach new heights. While eco-friendly practices like recycling or turning off lights can reduce energy use, there are other ways to help the planet that one might not immediately consider. Surprisingly, using spam filters on your email is one such way to stay green.

Anyone with an email account is familiar with spam mail. This nuisance can lead to all types of malware, so it’s best to use spam blockers to filter these unwanted messages. However, harmful viruses are not the only consequence for not having proper internet security. According to a BBC article, a 2009 report links spam to tremendous energy waste. In fact, eliminating spam for one day would be equivalent to removing 2.2 million cars from the road.

This report also states that a staggering 62 trillion spam messages are sent globally each year, creating 17 million tons of CO2. This energy waste stems primarily from people taking the time to sort through spam messages in order to find legitimate emails. Therefore, using a spam filter is not only a tech savvy practice but also an eco-friendly one.

Posted in Spam | Tagged , | Leave a comment