Friday, June 18, 2010

Facebook, clickjacking and lifejacking

Users of Facebook are falling victim to a new type of attack called “clickjacking” or “lifejacking”. Facebook users see links that their friends appear to have liked, some of those currently in circulation include “World Cup 2010” and “This man takes a picture of himself every day for 8 years”. When a Facebook user clicks on one of these links they are taken to another page which asks them to carry out a simple action such as clicking a button to confirm that they are over 18, when they do this the link is added to their Facebook profile saying that they “like” the site.

There currently appears to be no malcious intent behind these attacks but it is not difficult to see how they could be used to install malware on a user’s computer or perpetrate a phishing attack.

The attack works by using iFrames, essentially invisible buttons, which in this case cover the entire page. When the user clicks they end up clicking the invisible button. In the attacks seen so far the invisible button is a Facebook “like” button.

Once again, this is going to bring into question, the use of social media sites like Facebook within businesses as quite sophisticated security solutions will be required to prevent attacks of this sort.

Thursday, July 2, 2009

Security 101 : Understanding Antivirus Software

What does antivirus software do?

The purpose of anti-virus software is to try and identify and block viruses, Trojans and other malicious software (often referred to as malware) before it can infect your computer and to remove any infections that may be present at the point that anti-virus software is installed.

Different Antivirus packages take slightly different approaches to detecting an infection but generally speaking they usually scan the computer for patterns or "signatures" associated with known viruses. Some anti-virus packages also offer "heuristic" scanning which attempts to recognise the characteristics of malware even if the package does not have a specific signature for the virus, the functionality is included as there is often a short time lag between a virus appearing and antivirus vendors releasing new signatures for their products. Most modern packages will scan the computer's memory and files held of the computer's hard drive or removable storage; typically files will be scanned either a part of a scheduled scan, a manual scan or when they are accessed by the user.

What happens when antivirus software detects a virus?

The response to an infection varies from package to package but typically the software will attempt to clean the file (remove the virus); if it is unable to clean the file it will offer you an option to quarantine the file (move it to a special directory for infected files) or delete the file. Depending on the package and configuration you may be prompted to confirm some or all of these actions; you should ensure that you are familiar with how your antivirus software responds to particular situations.

Best Practice for Using Antivirus Software

Once you have installed antivirus software you need to ensure that the virus signatures are kept up to date. Most modern antivirus packages include some kind of automatic update function that will retrieve updates from the company providing the software. The detail of how this is achieved will vary from package to package but the end result is the same. It should be noted that most antivirus software companies charge an annual subscription for these updates, so it is important to keep your subscription in good standing so that you continue to receive the updates; most antivirus software will warn you if your subscription expires. If your antivirus software requires manual updates make sure that you update the virus signatures on a regular basis (at least once a week).

Immediately after installing your antivirus software you should run a complete system scan. This will enable you to detect any infections that may have been present prior to the installation of the antivirus software. Most packages prompt the user to perform a complete system scan after installation but, in the event that your package does not, make sure that you take this step.

Ensure that you enable file access scanning (it is usually enabled by default), this will cause your antivirus package to scan files as they are accessed and report on any infections.

Configure a scheduled scan of your PC for once a week; depending on the performance of you PC your computer may become unusable during the scan and you may want to schedule the scan for a time when you are not using the computer.

For removable media such as CD-Roms, DVDs, USB memory sticks etc., consider disabling auto-run behaviour (where you computer will attempt to automatically run software on the removable media) and manually scan the removable media before you open any files.

When opening email attachments or downloading files from web sites, save them to you PC before opening them to ensure that your antivirus software has an opportunity to scan the file.

Tuesday, June 30, 2009

Mozilla Foundation releases Firefox 3.5

Mozilla Foundation has released Firefox 3.5 containing multiple security enhancements including improved anti-phishing support, anti-malware and privacy protection. Users are encouraged to upgrade to the new version to take advantage of the new security features.

Monday, June 29, 2009

Adobe Shockwave - New Version Addresses Security Vulnerability

Adobe has released version 11.5.0.600 of Shockwave Player. This version fixes a critical security vulnerability which, according Adobe could beused by an attacker to take control of a user's computer. In order for the attack to be successful the user first had to open a compromised Shockwave file.

All previous versions of Shockwave are affected by the vulnerability and Adobe recommend that all users update to the latest release.

Finjan Provides Free Browser Plug-In for Secure Browsing

Anti-virus and security appliance manufacturer Finjan has announced an extension for Microsoft Internet Explorer and Firefox that alerts users of potentially dangerous links. The add-on, called SecureBrosing, grades sites using three different colours; green indicates that a site should be safe, yellow indicates that the page is not available for scanning and red indicates that the site is exhibiting "potential spyware behaviour".

The Finjan add-on, unlike other similar applications, actually scans the linked site for potentially dangerous content, rather than relying on details of a site's reputation. This has the potential to be both good and bad in that it does not rely on external services or databases that need to be kept up to date but it also has the potential to generate either false positives or negatives. My initial testing to date suggests that it tends to miss some of the more obvious sites that should be flagged as potentially dangerous; but I am going to continue to trial it and see what it achieves in the longer term.

If you want to give it a try Finjan SecureBrowsing can be downloaded here.

Friday, June 26, 2009

Increase in spam, phishing and malware attacks linked to the deaths of Michael Jackson and Farah Fawcett

There have been reports of an increased number of spam campaigns, phishing attacks and malicious code targeting the recent deaths of Michael Jackson and Farah Fawcett. These email messages generally attempt to obtain user information, either by classic phishing techniques or by recording email addresses if the user replies to the message. Some emails have contained malicious code or links to apparently legitimate websites that contain malicious code.

It is worth remembering the best practice guidelines for dealing with unsolicited mail as follows:

- Do not follow web links received in unsolicited email messages
- Make sure that your anti-virus software is up to date

Security 101 - Using Wireless Hotspots - New White Paper

Wireless hotspots are becoming ubiquitous and are being increasingly used by individuals and business alike. But are there any risks associated with using wireless hotspots? And, if there are, what are they?

Firstly, let’s define what we mean by a wireless hotspot. A wireless hotspot is a wireless service in a public area such as a hotel, restaurant or coffee shop which is either provided by an external service provider or by the establishment itself. Wireless hotspots are available either as a “paid for” service or in some cases are provided free by the establishment.

Using a wireless hotspot can be risky in certain circumstances, but what are the risks and how can you mitigate them.

View the white paper here