Wed 1st Jul 2015

Archive for the ‘McAfee Virus Alerts’ Category

Andy Murray Wins ‘Brit Most Dangerous to Search’ Prize

Monday, September 17th, 2012

McAfee have been attentive to the dangers that sports tournaments can pose for internet users. This year there has been Euro2012 and the Olympics, as well as a host of other events such as Wimbledon and the Grand Prix. Searching for sports stars names, McAfee has revealed time and time again over the summer, can lead people into sites that seem innocent but are in fact full of dangerous malware.

Looking at all British athletes – who are extremely popular this year what with Team GB’s success at the London 2012 Olympics – McAfee’s recent list showed ‘the most dangerous British athletes to search for on the web’. This followed on from McAfee Most Dangerous Celebrities study, which looked at how other famous people aside from sports stars can make surfing the web dangerous.

The tennis player Andy Murray came out on top as the most dangerous British athlete to search for. After a near miss at Wimbledon 2012, a gold medal at the Olympics, and being a popular sports personality, means that searching for things such as ‘Andy Murray videos, ‘Andy Murray downloads’ or ‘Andy Murray screensavers’ puts you at higher risk of stumbling on to malicious malware.

The other most dangerous athletes included Olympic personalities such as Louis Smith and Tom Daley. The cycling Mark Cavendish came in fifth, and Ryan Gigs represented dangerous footballer searches at number 2. Venus Williams topped the list. Others who came high up include Usain Bolt and Novak Djokovic

It comes as no surprise that after a summer of glorious sport, cybercriminals look to current trends and personalities who they can use to lure in internet users. People may think searching for these terms is innocent, and although they can be it is which sites you eventually choose to click through to that are the problem. They can download malware onto your computer, steal personal information, or perform any other piece of cyber crime perhaps without even the user realising. This is why McAfee and other antivirus security software companies urge people to be safe when searching for their favourite sports stars, keeping in mind that whoever is popular is likely to bring up more dangerous websites.

Guest Article by Sophie Camp

McAfee Issue Warning for Olympic Security

Tuesday, July 31st, 2012

During the Euro2012 football tournament, McAfee issued a report listing the ‘most dangerous football team’, i.e. a collection of football players whose names, when searched on the internet, gave the highest possibility of accidentally downloading malware.
Now the Olympics is here, the potential for similar dangerous web searches coming up again is a very real threat. With the Olympics being markedly bigger than Euro 2012, McAfee have urged internet users to be very careful with their PCs, laptops and mobile phones. During big tournaments such as these, cyber criminals like to use an exciting event to try to compromise the safety of more computers.
McAfee have expressed particular concern for mobile phones. Apps are a particularly popular way of targeting those people looking for ways to connect with big events. Anyone can put up apps and encourage people to download, so many cyber criminals find this an easy way to target users.
Other cyber criminals might lure users in by saying that they can buy cheap or free tickets to Olympic events, but instead the link that they send directs the user to a website where malware is downloaded onto their computer. During an event like the Olympics, with thousands of people wanting tickets, there are many chances for cyber criminals to play on people’s desires to see the Games.
McAfee and other security firms urge users to make sure their antivirus software updates are downloaded, and that they are wary of links sent to them or found in searches that promise things that seem too good to be true. This is true any time of the year, but will be particularly pertinent when Olympic fever grips the world.

Guest Article by Sophie Camp

McAfee Warn of Huge Cyber Fraud in Process

Friday, June 29th, 2012

McAfee has written a cyber fraud report with the banking security firm Guardian Analytics, claiming that a number of evolved versions of the dangerous Zeus and SpyEye malware has been used to target high-balance bank accounts.

McAfee discovered the attack was heavily automated, which no manual (human) was needed to control it. This meant that not only was the attack fast and effective, it was becoming increasingly dangerous. Many security firms are now warning of the dangers of automated attacks, used by cyber criminals who want to make even more money.

The fact that this particular tack has been targeting bank high-earning individuals as well as well off companies has been particularly worrying. The ‘big banks’ are not the only targets, however; even some smaller regional banks that are usually not considered as targets for these fraudsters are being attacked. Some frauds have gone into the hundreds of thousands, and the use of more developed Zeus and SpyEye malware is worrying security firms who are looking at how to stop these attacks in the future.

This particular cyber fraud appears to be focused on Europe, although the net is expanding wider so that cyber criminals can make more money (for example, the US and Colombia). This highly sophisticated money-making scheme will only grow, the report issued by McAfee and Guardian Analytics warns.

Despite the doom and gloom of this wide reaching fraud, security firms like McAfee remain optimistic that companies like themselves can combat such an attack. The tools that they need exist, and they are working on the problem now.  

However, as with all frauds and online attacks, McAfee and other security companies warn users that a lot of the responsibility lies with the user. Although complex and highly sophisticated frauds are sometimes impossible to protect oneself from, it is believed that with the right vigilance and attention paid, consumers and business users can protect themselves against these sorts of attacks. Or, if they are targeted successfully, they can get help to quickly solve the problem.  

Guest Article by Sophie Camp

McAfee Reports Malware Spike

Monday, May 28th, 2012

McAfee has reported that PC malware is enjoying its “busiest quarter in recent history”, worrying many technology users that the battle against malware is becoming increasingly difficult.

McAfee’s regular reports into the numbers of malware often reveal patterns and trends in the threats our computers face. This one shows the biggest increase in malware in four years, with software that have fake security signatures, and Trojans that steal passwords rising.

The biggest and one of the most worrying rises was in password stealing Trojans. Once these are in your computer – typically because the user believes they are a legitimate piece of software – they can move with stealth throughout the computer and root out passwords and important information about the user, opening them up to more malware and other potential dangers.

The trend of scam software is also increasing, with scammers capitalizing on the trust users have in downloading software that comes with a well known vendor name. Just because a piece of anti-virus or anti-malware software has this name, though, does not necessarily mean it comes from that vendor.

Mobile phone malware was also shown as increasing in McAfee’s recent report. This will worry heavy smartphone users – particularly Android users, who appear to be more frequently targeted – who until now have been (or felt) relatively safe using their phones. Botnets also saw growth, particularly in countries such as Spain, Colombia and Poland.

There was some good news though; global spam levels saw a decline, to just over 1 trillion monthly spam messages.

McAfee – like the rest of the security industry – urges technology users (whether that be on a laptop, PC, or smart phone) to ensure that they are covered against malware threats. Simply buying the cheapest antivirus software that a user finds is also discouraged, and those wanting to buy protection are encouraged to check the validity and reputation of the vendor.

Guest Article by Sophie Camp

McAfee Scopes Out Pinterest

Friday, May 18th, 2012

Pinterest is one of the biggest growing new social-networking sites, allowing users to ‘pin’ to virtual pin boards anything of their interest, from wedding invitation ideas to favourite books. McAfee has assessed the safety of this new social network for users and concluded that there are a number of worrying security problems with money-making scams.  

McAfee are known for their antivirus software, but that is not the only sort of protection they provide. They are also concerned with the high numbers of scammers and spammers that currently stalk the web, particularly social media sites. Money-making scams are often created by software tool kits, which create quite effective scams in just a few minutes. These easy-to-use kits mean that programmers don’t have to have any programming skills to scam people.  

The most common scams include money for the scammers for referring users to buying sites. Others include targeting mobile users, by showing them pornographic images that if they click begin phone calls that are extremely costly. There are other scams less dangerous to the user, but they still fill Pinterest with bogus accounts and mass commenting, which all plays into scammers' hands.  

McAfee’s assessment of Pinterest is important, as these new social networking sites often grow extremely big extremely fast – almost overnight – and stringent security controls are often slow to develop as the audience numbers do.  

Pinterest reacted to McAfee’s report by saying they are doing their utmost to develop their security systems and the curbing of scammers and spammers are a priority to them. McAfee suggests that users of Pinterest be careful about requests to pin or repin content, and to try to view it before they do so.

Guest Article by Sophie Camp

Virus Threat Activity

Wednesday, November 4th, 2009

McAfee maintain a list and profile of nearly all the viruses out in the computer world, and also grade their current risk status. Computer users who want to keep themselves abreast of each new virus threat, would do well to consult this list occasionally.

It’s an illuminating line-up, bringing home to computer users the high levels of risk and danger that they face in their everyday dealings with computers.

Let’s take one day in particular, when McAfee drew our attention to three new Trojan viruses. On the 26th October, 2006, McAfee added to their list of viruses to look out for the following three names:

  • Generic Dropper!bei!1938a8cf8776;
  • Generic.dx!gcq!4894f6dd2862;
  • Generic PWS.y!bce!eac18f0df91a.

All are trojans and before we take a quick look at the first one in the list, the Generic Dropper!bei!1938a8cf8776, lets remind ourselves what a trojan is.

Named for very apt reasons after the Trojan Horse in Greek mythology, a trojan is malware which appears to have a desirable, or necessary function, but in reality allows unauthorised access to a user’s computer. In other words, just like the Trojan Horse which was presented as a gift, only to conceal soldiers that gained unwanted access.

What distinguishes them from viruses and worms, is that they are not self-replicating. What’s more, to fulfil their evil deeds, they require a degree of interaction from the hacker, or cybercriminal. And trojans need not be faithful to their creators; hackers can, by using a port scanner to scan network computers, be on the hunt for an available trojan which will give them access to a vulnerable machine.

Because they don’t self-replicate, they have to be spread manually by unwitting computer users, or hackers. They are most commonly activated executing programmes distributed by e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Infection symptoms of the detection are the files, registry and network communication detailed in the McAfee virus characterisation section. Here McAfee provides bares the Generic Dropper!bei!1938a8cf8776 to the public, including file name (in this case virus.exe), its length (81,920 bytes) and its CRC (2581E782).

It’s known by other computer security companies as:

  • Avast – Win32:Malware-gen;
  • Avira – TR/Drop.Agent.AP;
  • Dr.Web – BackDoor.IRC.Sdbot.4889;
  • Eset – a variant of Win32/Injector.AEH;
  • FortiNet – W32/VB.AD!tr;
  • Kaspersky – Trojan-Dropper.Win32.VB.mwb;
  • Sophos – Mal/VB-AD;
  • Symantec – W32.SillyFDC.

Guest Article by Neil Camp

Popular Viruses and McAfee Removal Tools

Monday, November 2nd, 2009

The world is plagued with a number of recurring viruses and if you are unfortunate enough to get one of the monsters below, then you can use a free tool from McAfee to not only remove it from your computer, but also help repair any damage that might have been done in the attack.

Take a look at the list below and if your PC is infected with one of these, then McAfee can help:

  • Sasser (virus name) – McAfee Avert Stinger (removal tool);
  • Bagle – McAfee Avert Stinger;
  • Zafi – McAfee Avert Stinger;
  • Mydoom – McAfee Avert Stinger;
  • Lovsan/Blaster – McAfee Avert Stinger;
  • Klez – Klez Removal Tool;
  • Bugbear – Bugbear Removal Tool.

Let’s take a look at one of the best known of the suspects above: Sasser. This can be removed using the McAfee Avert Stinger tool. With the Sasser, the indication that you have been infected comes with the prescence of the file avserve3.exe and registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "avserve3.exe" = C:\WINDOWS\avserve3.exe.

The Sasser, which is known in the trade as a worm, spreads by exploiting a Microsoft software vulnerability and it spreads from machine to machine with no user intervention needed.

It employs a propagation mechanism which has been used many times before. Basically, Sasser spends its time scanning random IP addresses in the hope that it will spot an exploitable system. When it comes across such a system, the worm exploits it by overflowing a buffer in LSASS.EXE. And it creates a remote shell on TCP, port 9996.

Once that’s been achieved, it creates an FTP script which is named cmd.ftp on the remote host and executes it. Then the FTP.EXE application, via the FTP script, is used to retrieve the worm back to the remote host, from the infected machine. After that particular process, the worm is then executed. What happens then is that the FTP script instructs the victim computer to download and execute the worm from the infected host.

Sasser come sunder many guises, including Sasser.G, W32. Sasser and Worm.Win32Sasser.g. (this often depends on which anti-virus programme has labelled a particular virus).

The McAfee Avert Stinger is a stand-alone tool which is used when a particular virus needs to be detected and then removed. McAfee make it clear that it is not to be used instead of anti-virus protection software, but as a specific tool when dealing with a particular type of virus attack.

Guest Article by Neil Camp

Top Spam

Saturday, October 31st, 2009

When it comes to top spam, McAfee is its ardent enemy and will hunt it down at every opportunity.

And it also makes a note of the top ten subject lines that spammers use and the current most popular span categories.

Top ten spam subject lines first. But don’t just remember these and hope you’ve got a way out of the problem. There are literally millions of variations that can be used and the top spam lines are usually quickly picked up by the spam filters, so many not stay around for long. Here’s the list:

  1. You've received a greeting ecard
  2. Virtualization Webinar
  3. Masters degree with no efforts.
  4. Career Advancement Opportunities – July of 2009
  5. Webinar: Think Big: Create Efficiencies With an Enterprise-Wide
  6. Non-profit job from home
  7. Administrative Certification: Increase Productivity with Superior Organizational Skills
  8. Administrative Certification: Gain Credibility by Maximizing Your Productivity
  9. you can wear tag heuer watch now
  10. you can wear cartier watch now.

From the above, its easier to spot the most cunning of spam subject lines. The first, “…you’ve received a greeting ecard…” is pretty low, but you can see why its used so frequently. Most people’s innate reaction would be to open it up and see which kind person has sent them an ecard. But if you do, felicitations from a friend, or loved one could be the last thing you get.

The thinking behind “…virtualization webinar…” is a little harder to figure out, but maybe that’s the point. The third should deceive no-one; a masters Degree usually requires a lot of effort and there’s no such thing as a free lunch, or say they say. And so they can; their invidious aim is simple, to trap people into paying them attention and potentially giving away the family silver. Always be alert for such attacks.

And when it comes to current spam categories, McAfee has revealed that the recently received spam falls into the following areas:

  • Russian spam (42%)
  • products and services (26%)
  • adverts (20%)
  • IT related (4%0
  • stock (4%)
  • financial (2%)
  • news (1%)
  • adult services (1%).

Guest Article by Neil Camp

Avoiding Spam Top Tips

Friday, October 30th, 2009

McAfee, like all computer security companies, see spam as one of the main enemies in the computer age.

Spam is a waste of everyone’s time, clogs up the ether with its pointlessness and is it a major carrier of computer viruses. It serves no purpose whatsoever and if the world were rid of it, then 80% of the email traffic would drop overnight.

So what can you do to avoid spam? Here’s some top tips.

Top tip is do not spread your email around. Never post your e-mail address in an unobfuscated form on the Internet. But if you have to post your internet address, make sure you obfuscate it in such a way that it cannot be harvested. Better still, create a small graphic image that contains your email address, as the harvesters cannot read this. Bear in mind that spammers play the numbers game. They trawl for millions of addresses out there and guess others with specially created computer programmes. Don’t make their life easy.

Another top tip is checking to see how visible your email address is. Type it into a search engine and see if it has been posted into in any newsgroups, or discussions forum, and see if you can remove it, as this might be a good way to cut spam down.

Also consider using a number of email addresses, say one for friends and family, and one for business. This way you can greatly reduce your chances of spam. You could easily create an address that you only use for newsgroups and such places, and then, if it become burdened with spam, drop it altogether. Don’t be afraid of changing your email address as a way of avoiding spam.

Another good way of foxing the spammers is having a complicated email address made up of numbers, as well as letters, and a part of it made up of random sequences. This works against dictionary attackers.

When it come to completing web forms, always have a look at the website’s privacy policy, as avoid giving your email address, or indeed, any other personal details, to a site which admits that they sell them on to third parties. If you can, check the box which opts you out of third party mailings.

A very important rule this – never respond to spam, ever. Because a spammer lives for a reply and even if you innocently send a request saying you’d like to be removed from the list, this confirms to them that the address is valid, you have seen the email and indeed, you have replied. This means that your email address is basically in-play. Your name could then be added to a list of working email addresses which could be very valuable to the spammer and sold between them.

Along the same lines as the last point, never, ever buy anything from a spammer, or goods which have been brought to your attention via spams. Once sending spam become unprofitable, then it will die.

Get into the habit of as soon as you see the spam message, delete it. Do not open it. By using graphics within the spam email, spammers are able to track who received it and who opened. This is why many email providers give you the option of opening the graphic image within the email – resist that temptation. Simply bin it.

Do not use links within emails (always go to a site via your web browser, or your own bookmarks), and never reply to emails, purporting to be from a site you know, asking for financial information, or personal details. Guard such data vigorously.

Above all else, ensure that your anti-virus software is up to date and that your firewall (designed to stop people not only breaking in, but taking goods out), is also doing its job.

Guest Article by Neil Camp

Virus Detection and Prevention Top Tips

Thursday, October 29th, 2009

When it comes to detecting viruses and preventing attacks, the McAfee has some good advice for computer users.

Top of the tip list is beware of what you open. In other words, do not open any files that are attached to email, instant messages, or offered as downloads, unless you are completely confident about their origin.

Even if a file is from a friend, or from someone you know, still be careful as people can have their mailbox hijacked and emails sent from their computer without their knowledge. This means that an email might find yourself in your inbox from what you think is a trustworthy source, only for you to find out that it is far from trusty. Best thing to do is just check that your contact has indeed sent you an email with a file.

Keep an eye open for suspicious subject lines in emails. This is usually a dead giveaway that something is wrong. If it looks odd, it usually foretells trouble and its best to delete it without opening it at all.

Chain emails might seem charming to some, but they effectively are spam and go towards clogging up the ether whilst serving no real purpose. Delete and avoid expanding the chain. Bear in mind that over 80% of emails sent around the world are spam.

When it comes to downloading files off the internet, be very careful indeed. There are many free things on the internet and not all of these are good. Many screensavers, games, or seemingly useful bits of code can harbour nasty viruses that end up attacking your computer. So ensure you know where that file is coming from. Also watch out for innocent looking media playing devices which a site might say is necessary when downloading and watching film clips. These are often bits of code which do a lot more than let you watch some film. They often contain viruses that open up your computer for the cybercriminals to march around unhindered.

Okay, and this might seem obvious, but to many it’s not: get anti-virus software on your computer. Do not send, or receive emails, and do not surf the internet without very good protection from a credible anti-virus software programme. And be wary of any box that suddenly flashes up and warns you that it has detected a virus and you must download a programme to remove it immediately. These are usually tricks to get you to download malware – code that sits on your computer and opens you up to attack from cybercriminals.

McAfee anti-virus programmes, like all such good applications, continuously updates from the internet, meaning that you are protected from new viruses and sudden attacks.

Back-up your files on at least a weekly basis, if not a daily basis. Regular and proper back-up means that should you be unfortunate to catch a major virus, then you won’t lose all your files and work, as well as have an effectively useless computer.

Also, check with the developer of your operating system for any updates, or patches as they are commonly known. These are sent out to close holes – known as bugs – in software code which cybercriminals use to find a way into a system. Most updates or patches are automatic, but do ensure your system is completely up-to-date.

Above all, if you think it doesn’t smell right, then always err on the side of caution. Be suspicious and it might just save you a lot of time and money.

Guest Article by Neil Camp

© BUYability