Hello to all you Apple users!

As many of you have probably already heard, Apple had a post on their website saying that users should use some sort of anti virus software for their Mac computers. Macs are still affected by viruses but they are not as wide spread as Windows as Windows boasts nearly 90% of the market share for home computers. However, Mac advertising is getting better, and therefore they are gaining a higher market share and malware authors are starting to lean more towards creating malware for Macs.

According to the Swiss Federal Institute of Technology, Apple has been known to be slow at patching their zero day vulnerabilities (when a security problem is publicly disclosed without a patch). Thus, the well known antivirus companies (Symantec, Mcafee, Kaspersky, etc) have been working on anti virus programs Macs. A free one similar to SpyBot for PC is ClamXav. There is also a free download from Apples website.

One of the key vulnerabilities released recently is a trojan downloader called OSX_JAHLAV.A. A trojan is essentially a program that looks real but isn’t. A downloader essentially downloads files onto your computer.

This file in particular is loaded through a spam message. It links to a video that doesn’t play. The error that comes up says you need to download a video codec to play the file. The file that downloads is called ‘install.pkg’.

This package opens to code-live7000.dmg, an install file for the malware. Don’t be fooled by thinking there is only one possibility for the name. It is easy for the file to be changed to any other name to cause confusion.

The install looks incredibly real as seen by the screenshots courtesy Trend Micro.

Anyways, to sum it all up, nothing beats a users intuition. If it looks too good to be true, don’t click it. If it’s not from a trusted source, don’t open it! A good anti virus scan every couple of weeks is a good idea. I wouldn’t use the common programs that are available on the market, as those are generally the ones malware authors try to get around first.

Hope that helps!

malware antivirus, Apple, Mac, malware, spyware, Trend Micro, virus

Hey Everyone,

Just a quick note here.  The Websense Security Labs Threat Seeker has released information on fake coupons that are coming in e-mails.  The email address is spoofed to make it seem like it’s coming from somewhere legitimate. The coupons are coming in the form ‘file.zip’.  Notice that the files are a .zip file meaning an archive that when opened installs a virus on your system. The file in the archive is either promotion.exe or coupon.exe. Again notice that it is a .exe extension, which means an executable file. Coupons are usually in a .jpg which is an image file.  Either that or a link to the company’s website with the coupon image is there.  Just keep an eye out!

The full story with pictures is available here I strongly suggest you take a look at the images so you know what to look out for.  Keep in mind, spammers like to use various companies to trick you into paying them, so be careful!

General

Hello again readers,

I apologize for not having anything posted sooner.  For those who are going to be shopping this holiday season, watch out for things that look too good to be true.  TrendMicro just released their top ten things to watch out for this holiday season. The full article can be found here but here’s a shortened version of it as well as some other details.

10. Bargain Hunter Scams – If the price seems way too low, check to see if the store is an authorized retailer, they may not be selling you the real product.

9. Fake Charity Sites – From hurricanes to terrorist sieges, everyone is wanting money for something.  Ensure charities you are donating to are authorized non profit charities, and not some random website. (Some site still look good so be careful as explained later in this article, I still prefer to give cash or pay in person)

8. Fake Greeting Cards – Ensure the messages from e-cards look real and don’t contain gibberish, sometimes they may come a friend or relative but contain malicious code that could be harmful to your computer.

7. Malicious Advertisements – Those annoying pop ups may start looking appealing when holiday shopping, but careful not be lured to sites that look real but are actually not.

6. Malicious Search Results – When typing something like “holiday shopping” into a search engine, one might come up with some website that can be harmful to your system.  Use something like McAfee Site Advisor to give you a better idea as to what is good and what isn’t (though results are not always 100% accurate, it’s still better than nothing).

5. Compromised High Traffic Websites – Attackers during the holiday season try to focus their attacks on sites that shoppers go to and insert malicious code that can download things to your system.  Keep your Antivirus program up to date!

4. Mining Personal Data – Bogus Gift Card Promos – Surveys that say they are going to give some awesome prizes can look legitimate but can get you to put in your credit card numbers saying they’ll give you money when they’re actually doing the opposite.

3. e-Commerce Phishing – eBay is the most phished website as it is was listed the most visited in 2007.  Amazon is also among the top.

2. Bogus Courier Receipts Delivering Trojan Viruses – Emails that say you have an undelivered package and requesting money when you don’t recall buying anything is a good sign showing that it’s a fake.  Use your best judgment!

1. Shopping Invoices for Ghost Transactions – Ensure e-mails saying you have a receipt in the attachment to a purchase you made are from the site you purchased it from.  Don’t open the attachment, most retailers as far as I know make the receipts available once you log in securely to their websites.  They don’t send them in attachments.

Well now you know the top ten.  Some common e-mails people mistake for being legitimate look something like this. Then they ask for personal information like this.

Some of the common e-mails are spoofed from McDonalds, Walmart, and, a personal favourite, some random old lady that passed away left you her fortune and you have to pay money to get it. What an idea!

Well I hope after reading this you will practice safe shopping, remember a good antivirus program helps, but nothing beats your common sense!

Phishing danger, internet, Phishing, scam, shopping

I just received a phone call from a random company that supposedly does soliciting on behalf of RBC.  The girl on the phone horribly pronounced my name (wasn’t even close!) when asking for me.  I just agreed that it was me and let her spill her sales chip.  After saying she was going to sign me up for two years at $69 for myself and my family she said so you live at such and such address.  It was at that point I had enough, I said wow you did no verification of who I am at all and you just gave away my address.  Who’s to say that I wasn’t some stalker or scammer that claimed to be me just to see what the caller wanted?
Anyways, I then talked to a supervisor and he took me off the solicitation list.  I asked him if he was aware of RBC’s security policies and what his company’s security policies are.  He had no idea what was going on, just took me off the list and hung up.

I then called RBC Visa security department to let them know what was going on.  They were more than helpful in going through my recent transactions to make sure nothing was going on.  She immediately cancelled my card and issued me a new one.  I also asked her to ensure others are aware of what’s going on and contact the appropriate people.  She agreed but I doubt much is going to get done on their part, but at least subscribers to the blog will have a better idea of what not to do.
So to recap companies that call you to ask you to pay for a service that the bank already provides (one call to cancel your debit and credit cards) for free is usually some sort of scam.  It’s a good idea to get them to take you off their solicitation lists, contact your bank to issue you new cards, as well as sign up for the national do not call list.

Hope this was helpful!

Phishing

Hello Readers,

This is my first blog entry for IrfWorks.  In this entry will be a rough introduction to myself and things I’ll be talking about. So here goes:
As you may or may not know my name is Irfahn Khimji.  I currently run IrfWorks and am co-founder and Vice President of Sec-C, a security club founded at Seneca College.

This blog will be an informal, yet professional way of me talking about the latest security threats, common misconceptions I come across, as well as things I see user’s doing on a daily that may need some adjustments to protect them from virtual harm.

That’s about all there really is.  Look forward to hearing more about various events around town.

Irf

General