Since we have been talking about malware on some of the recent posts, here were some articles that seemed to do a great job of putting things into context.
What a fake antivirus attack on a trusted website looks like - Ars Technica - This is exactly what almost got my Dad into trouble a few weeks ago.
Ad2Store redirections: the latest annoyance for mobile users - Malwarebytes Unpacked. I can’t count how many times I’ve visited the home-page of a regional newspaper on my iPhone, then instantly “BAMO” I get redirected and instead of Chrome for iOS that I was looking at, I am now staring at my AppStore application offering me a stupid “free” game to download. This has annoyed and bothered me to no end. I knew the general mechanism on why this occurred from time to time, however this Malwarebytes blog post does an excellent job sorting it out in a way that can be explained for less technical users (family/friends) who encounter it. Well worth the read.
The best part for me was the following recommendation:
“…it would make more sense for Apple (in the name of ‘user experience’) to block all non user initiated requests to launch the App Store (or at least prompt the user before) and the same goes for Google with its Play Store.”
Yep. Got my vote.
Download Wrappers and Unwanted Software are pure evil - Scott Hanselman. Trying to counsel family and friends to download software from a third-party site is fraught with dangers. I always try to get them to the main software developer’s site rather than one of the many that also offer download links. There are a handful (maybe two such as filehippo or Major Geeks) that I trust but that’s about it. Even some software companies are not hosting their free product downloads on third-party download hosting sites. As Scott points out and illustrates, it is very easy to get sucked down a rabbit-hole of Alice in Wonderland craziness trying to download a simple application if you are not very, very, very careful and vigilant. Downloaders beware!Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website | FireEye Blog
Localized malvertising affects some OpenDNS users - Malwarebytes Unpacked. Great. Even your DNS provider isn’t immune from making things worse for you.
CryptoLocker ransomware is flourishing - BetaNews. Yep. And I am still running and recommending the free CryptoPrevent utility from Foolish IT LLC. For more info see GSD post link #1 and GSD post link #2
Internet Explorer 10 has a zero-day vulnerability. It’s so serious, security folks are recommending users of IE 10 or IE 9 either:
- Upgrade to IE 11 (if supported on your OS),
- Switch over to an alternative browser such as Chrome or Firefox, or
- Install Microsoft’s Enhanced Mitigation Toolkit (EMET).
IE 11 users are OK and safe.
- New IE Zero-Day Found in Watering Hole Attack -FireEye Blog
- Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website -FireEye Blog
- New zero-day bug in IE 10 exploited in active malware attack, MS warns (updated) - Ars Technica
- New Internet Explorer 10 zero-day used in targeted attacks - Malwarebytes Unpacked
- IE 10 zero-day attack targets US military’ - ZDNet
- FireEye reports IE 10 zero-day being used in watering hole attack - SANS InfoSec Handlers Diary blog
And certain Linksys router models also have their own malware/infection issue to be dealt with.
- Bizarre attack infects Linksys routers with self-replicating malware - Ars Technica
- Linksys Worm "TheMoon" Summary: What we know so far - SANS InfoSec Handlers Diary blog