Better Safe Than Sorry

Phishing Targets Tweeter

The popular mobile service Tweeter has been hit with phishing messages. Nothing new about this. It is a good time to remind folks about the devious nature of these evil doers. Any method will be used to induce the unwary or stupid to visit sites that will attempt to upload all kinds of malware, spyware, trojans, etc. to your PC, smartphone or other device. The vector for this specific attack is the very popular 'TinyURL' online application that turns large, unwieldy URLs such as “http://www.somewhere.orf/really/long/directory/” into something such as “http://tinyurl.com/4d4a2” which can be remembered long enough to key into a browser. The problem is that the TinyURL could lead one to evil sites. Very bad. TinyURL's solution, which folks either don't know about or don't use or understand is to use the Preview TinyURL. In our previous example one should append the TinyURL with preview: “http://preview.tinyurl.com/4d4a2”. This will allow for the best practice of safely viewing a rendering of the intended target before actually visiting it.

AOL AIM IM BUST

Clear as mud, eh? Internet Service Provider AOL has been informed that its IM client has a flaw that makes it possible for evil attackers to remotely execute malicious code on users computers. Those using Internet Explorer are especially vulnerable. Best practices? Try an alternative such as Pidgin (formerly GAIM).

Yahoo Messenger Critical Upgrade

Yahoo Messenger has released an upgrade to fix a known security hole that would allow attackers to execute code on your PC. Please upgrade to version 8.1.0.401 from here: http://messenger.yahoo.com/download.php

Pidgin 2.0.0 Released

Are you an Instant Messaging freak job? If so, you should be using Pidgin (formerly GAIM) Instant Messaging client. The advantage is that Pidgin can connect with other IM clients such as Yahoo, ICQ, MS Messsenger or AOL AIM so even if your friends all use different IM clients you only have to use one.

Yahoo IM client flaw is patched

If you use Yahoo! Messenger IM client you should immediately upgrade to fix a highly critical breach that opened up. Visit Secunia at: http://secunia.com/advisories/23401/. Yahoo! has the information here.

MSN Messenger Worm Spreads

A new worm that seems to be based on an old design (BlackAngel.B / W32/BlackAngel.B.worm) is slowly spreading over the MSN. If you use MSN for chatting only accept files from people and/or sources you trust - even then take all the usual precautions. Best practise is to use a safer IM client such as GAIM for chatting and ONLY chatting - file transfers are best accomplished other ways if you must.

IM Worm Targets Yahoo Users

A worm dubbed yhoo32.explr is spreading across Yahoo's IM network. It forwards itself using the contact lists of people whose computers have already been infected. If installed it hijacks the browser home page steering the users to an evil site that attempts to load spyware.

Kaspersky AV Mobile (BETA)

Kaspersky Labs is offering a BETA version of its Anti-Virus for cell phones using the Symbian OS. Sign up and offer feedback to help improve this application and you may receive a free version of the commercial version.

Java Trojan RedBrowser-A Targets Cell Phones

Evildoers have created a Trojan that targets cell phones running Java. Found by Kaspersky Lab this puppy infects any device capable of running Java applications. The text is only in Russian so far so the chance of running into this outside of that country is small. The threat is that someone may reverse engineer it for other countries so keep on your toes. This Trojan pretends to be a WAP browser offering free browsing via SMS messages. Since many companies the world over offer cheap or free SMS the victim is tricked into believing they are able to browse the Web for free. In reality the trojan sends SMS messages to one specific number that will charge back a premium amount on the victims cell phone bill. Best Practices circa 1878: If it sounds to good to be true it probably is. Best Practices circa 2006: If it sounds to good to be true Google it.

First Mac OS X Virus

The first virus for Mac OS X has been encountered today. Called OSX/Leap.A. by F-Secure the Malware was posted via a link to MacRumors forum. Supposedly a screenshot for Mac OS X v10.5 Leopard the virus spreads through iChat.

It appears the victim must be running in Admin. mode to be infected. As with any OS you should generally not be swaning around while in Admin. mode because of the risk of compromising your PC at the "root level" where all the important processes live. If these processes are taken over by rogue software you can lose complete control without even knowing it.

Do yourself a favour and make a new user on your Windows box with less than Admin. privileges before you go wandering off into the Interweb.

There is no "MSN Messenger 8 Working BETA" !

So don't be clicking those links to download a copy even if the Instant Message comes from a friend. Especially if that friend is not as security aware as you. All you MSN Messenger users read this: http://www.infoworld.com/article/05/12/27/HNmicrosoftvirkelvirus_1.html and this: http://www.f-secure.com/weblog/archives/archive-122005.html#00000751.

IM Trojan on the Loose

Various reports, including this one: http://news.zdnet.com/2100-1009_22-6002790.html, have a new Instant Messaging trojan being sent to AOL, MSN and Yahoo users. The link, to some lame Santa whats-it, also installs a Rootkit on users Windows PC. The links arrive from people on users "buddy lists" so folks are not as suspicious as they might otherwise be. Remember to never click, download, accept attachments, etc. unless you have been informed before the fact that they are on the way.

IM Worm 'Chats' to Victims

CNET is reporting a new worm that tricks users on America Online's Instant Messenger to download a .pif file containing a trojan that does the usual evil things. The worm, IM.Myspace04.AIM, appears to respond to keywords. Dubious people asking about possible viruses are assured, "lol no its not its a virus". If this trend continues (oh, it will) make sure you only chat with known users and DO NOT download files unless you have an up to date anti-virus, etc. on your Windows machine. You might also want to try using GAIM IM client.

New worm poses as iTunes

A new worm, WORM_OPANKI.Y, is spread though AOL IM by using the name iTunes to trick users into running it on their machines. The fact that this is an *.exe file should warn people that it could be dangerous but it appears the clueless still click on and on and on . . .