BlogPress SEO is Malware

As with most scamming attempts, it all started with an email—which I ignored when I received it on Wednesday. It made claims of terrific SEO improvements using backlinks—yeah right. I do not use SEO enhancement plugins (other than Google XML sitemaps), and never plan on doing so. Anyways, the sender’s name as Saurabh, and his message was as follows:

Hello, My name is Saurabh, and I am here to offer you a unique wordpress plugin which will get you 100’s of backlinks like crazy. The plugin is 100% free and I can also offer installation help. Why backlinks are important for getting traffic. This is how the plugin works Thanks

Continue reading

TCF Bank Account Phishing Redux

Last Tuesday, October 19th, another mass email went out to University of Minnesota students attempting to trick gullible students into giving up their TCF bank online login credentials. This is the second of such I have received in the past two months. This time the message was about the same, pointing to a different compromised site. As before, I am posting the message for the world to see.

Dear TCF Bank Customer,

We have noticed unusual activity in some of our customers accounts and 3rd-party access to Online Banking. Because our customers security is our main priority, we request you to verify your account and confirm you are the owner. Validating your account will require about 3 minutes of your time.

To access the activation form click on the following link:

Click here to access your account

Once you have verified and confirmed your account, you can continue using our services as usual.

Elizabeth G. Hayes,
Security Executive,
TCF Bank.

Do people actually fall for this? While it is not verbatim of the previous attempt, it is very similar (to the point anti spam filters should have blocked it). By the time I actually read the email, the compromised site was already cleaned up. There has been an improvement since the last mass phishing attempt, the “U” now provides spam assassin for the central email accounts, you just have to enable it.

And, just a side thought here, why do we still allow BCC to exist in its current form? If we automatically trashed all BCCs from an external network (or not from our address book/contacts list, or from a pre approved sender list), spam like this would have one less avenue to reach our inboxes.

-John Havlik

[end of transmission, stay tuned]

Time for Flash to Die

Today some stupid advertisement delivery agency decided to ship a Flash based add that automatically infects your computer with a fake security suite (named “AV Security Suite”). This affects the latest Flash player, regardless of web browser.

Neat, right? Oh, it gets better. AV Security Suite is ransomware, which does not allow you to open any applications that it knows could close it. Great, isn’t it? The seemingly good thing is you can get rid of it using System Restore. Do this by:

  1. Pulling the powerplug to your PC (don’t do a “proper” shutdown or restart).
  2. Boot into safemode. Usually, you need to press and hold the F8 key while booting, and select safemode from the menu. However, if you did not shutdown properly this menu should automatically come up.
  3. Finally, in safemode use System Restore to go back to before the infection happened. Note that Windows 7 users can go strait to restoring using the “Restore Computer” menu item rather than safemode boot.

Going forward, remove Adobe Flash player from your computer. Since Adobe can’t seem to fix this issue, Flash player is not to be trusted (add Adobe Acrobat reader to your untrusted list as well). If you must have Flash player (for any reason) and use Firefox install Flashblock, it could save you time in the future.

-John Havlik

[end of transmission, stay tuned]

Notes on Trustworthy Computing

How much is security worth to you? What about freedom? Currently, the Internet is akin to the Western United States in the 1800s. It is mostly a lawless land, unorganized, untaxed, and full of roaming bad guys. The commercial sector is exploiting it more and more. And in turn, is being harassed by the bad guys (crackers). Some foolish individuals, and organizations, wish to expel all of the bad guys from the Internet, and fund it with a tax on all Internet connections. Not only is this an ineffective waste of everyone’s money, it will make things worse.

Microsoft’s Scott Charney wishes to frame the issue of computer viruses in the same manner as their biological counterparts. He boasts, “I actually think that the health care model, particularly related to the World Health Organization and the Center for Disease Control …might be an interesting way to think about the problem.” While the idea itself is not new, the implications tend to draw heated debate. And, after the H1N1 and Avian Flu scares that did not materialize during the last decade, following too closely in the footsteps of the WHO and CDC would be foolish. However, having a procedure for containing and cleaning up virus outbreak is beneficial.

Charney continues, “Why don’t we think about access providers who are doing inspection and quarantine, and cleaning machines prior to access to the Internet?” With the bandwidth shaping technologies out today, a third party real time traffic scanner for malicious activity is possible. However, the first hurdle to this is the issue of privacy. With the real time scanner, the carrier could look at data that was once forbidden. Looking at packet destination won’t work as botnets become more sophisticated and operate in a more peer to peer fashion. Thus, content analysis will become necessary. This will drive both the botnets and legitimate users to encrypt all network traffic. Which is the second issue, real time scanners will become ineffective in the arms race against the bad guys.

Creating a WHO of computer viruses will cost money. Charney suggests a compulsory internet tax for all connected individuals. He even goes as far as suggesting that “…it’s a public safety issue…” Since when has the Internet been vital for public safety? If we, as a global community, are so dependent on the Internet for day to day life, maybe the roll of the Internet needs to be rethought. Twenty years ago, most people had never heard of the Internet. Today, most use the Internet just for logging into Facebook and playing Farmville or some other worthless time sink. Contrary to what Hollywood would have you believe, infrastructure–such as nuclear power plants–does not have vital components exposed to the Internet (e.g. the plot in Live Free or Die Hard could not happen). Why should one, who is responsible and maintains good security practices, pay to clean up the computer of some idiot who still believes that a Nigerian prince is going to give him (or her) a large sum of money. Recent viruses have not been self propagating, and the idea that the actions of one idiot will cause everyone else to get infected is invalid. The last major auto infecting worm was Blaster, and that was back in 2003 (Sasser does not count as a patch was available before it went public).

If a WHO of computer viruses is necessary, maybe it should be funded the same way that the quit smoking organizations are, charging the software venders. Microsoft, in particular should pay. It is their insecure OS (Windows XP), and their ignorant user base that has caused the problem. They need to educate their users as to why UAC is good, and should not be disabled or ignored. Mr Charney, that is your organization, do not push your burden onto us.

Read Stott Charney’s RSA 2010 Keynote.

-John Havlik

[end of transmission, stay tuned]