But the fact is that full version of the rogue is simply incapable of providing any sort of security to your system and your money has gone down the drain, besides leaking your private information like credit cards to the untrustworthy hands.

These rogue antivirus try all sorts of tactics to remain invisible to the already installed legitimate software in your computer. The malware like Conficker often turn-off the security software silently to hide their presence of themselves. This class of malware is termed as retro-antivirus.

And reports indicate that retro-antiviruses are getting more and more aggressive in their approach and they have now started to use the social engineering tactics to trick users into uninstalling their genuine and legitimate security software like Symantec, Microsoft, AVG, Spyware Doctor, and Zone Labs, before installing AnVi Antivirus.

Symantec, the noted security vendor in a related article, has stated that they display warning messages, which suggests that the security software is downgrading the performance of their computer and they need to turn it off and reduce its potency. If they user gets trapped in the fake warning message, these malware installers use the uninstaller applications of these security software to uninstall them and thus, exposing the user to the cruel malware installation.

Be safe, be warned and be alert. Remember, no security software, howsoever smart and howsoever costly, can provide you absolute security in this world where security vendors are increasingly losing the ground to malware developers and distributors. Exercise caution while surfing the web and this will ensure your privacy and PC Security is never compromised.

[Symantec Report]

Here is the mechanism through which Zeus 3 attacked the victims and stolen their credentials.

The hackers in this case were highly sophisticated. They used a number of techniques to spread the malware, including the publishing of malicious ads on legitimate websites, or simply infecting such sites.

By using the Eleonore Exploit Kit, the cyber criminals were also able to determine what country an infected user was based in and in this case they targeted UK bankers.

As soon as victims logged into their internet banking service, the Trojan sent the login ID, date of birth and a security number back to the command and control (C&C) server, which was located somewhere in Eastern Europe. Zeus v3 would then be sent JavaScript code to replace the original bank JavaScript, used for the transaction form.

Data placed into the form was then sent to the C&C system rather than the bank and the information was analysed to determine how much money was in the targeted account. Once the Trojan had been told which money mule was to be used and the illicit transaction was completed, Zeus v3 continued to listen to the bank response and report back to the C&C system.

[Via]

It is disguised in the form of a popular media player. The installation of the trojan onto the smartphone requires some user intervention. First the user has to allow it in its user settings and then it has to be allowed to be able to send the SMS on its own – which is a good sign of danger for an alert user.

Once installed on the phone, the Trojan uses the system to begin sending SMSs to premium rate numbers without the owner’s knowledge or consent, resulting in money passing from a user’s account to that of the cybercriminals.

“The IT market research and analysis organization IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers. As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform,” says Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab. “Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011.”

See the News Items here.

Zeus2 – The Version 2 of Zeus

Recently, Trusteer, the noted provider of secured browsing services, has uncovered that Zeus2, the version 2 of the same botnet, has been spreading fast its wings and has already taken more than 100,000 machines under its control. The command and control is operated from some part in Easter Europe.

It has been reported that the criminals have been harvesting all manner of potentially lucrative and revenue-producing credentials – including online account IDs plus login information to banks, credit and debit card numbers, account types plus balances, bank statements, browser cookies, client side certificates, login information for email accounts and social networks and even FTP passwords.

And the worst part of the story is that it is understood that Zeus2 is all the way more difficult to detect and avoid the infections from this botnet by using regular security software and applications.

“Zeus has become one of the most prevalent botnet trojans in the history of online fraud. Fighting financial malware requires banks to have accurate intelligence and strong fraud detection and mitigation capabilities, and work with their customers. Internet users need to follow their bank’s instructions and when asked download online banking security software which is specifically tuned to detect and resist specific threats that the bank identifies such as Zeus. Banks need to continue implementing multiple layers to detect, resist, and de-activate malware attacks and tightly integrate these layers together.”

Read the complete story here.

Today’s malware and viruses are not created for fun and destruction. They are sophisticated and targeted attacks with a carefully chosen mechanism for extracting money from the target victims. Hackers and scammers are working overtime to devise newer ways to target innocent Internet users to crack their privacy and personal information for their own financial gains.

Microsoft, the leading software vendor, has recently joined hands with National Cyber-Forensics & Training Alliance (NCFTA), to present a unique initiative in the for of Internet Fraud Alert.

What is Internet Fraud Alert

Internet Fraud Alert creates a trusted and effective mechanism for participating researchers to report stolen account credentials discovered online – such as username and password log-in information for online services or compromised credit card numbers – to the appropriate institution responsible for that account. Through a centralized alerting system powered by Microsoft technology developed specifically for this program, Internet Fraud Alert will quickly inform companies about compromised credentials, allowing them to take the appropriate action to protect their customers.

Here is a nice video on the basic functionality of this promising tool to stop Internet money scams and frauds.

And with this exponential growth in the smartphone marketplace, the interest of malware developers and distributors is just next thing to happen. And now it is evident by data also. Report from the noted smaprtphone virus removal service Lookout, show that within six months the attacks against Smartphones have more than doubled.

Across our installed base, we’ve gone from seeing 4 pieces of malware and spyware per 100 phones per year in December 2009 to 9 per 100 phones per year in May 2010. That’s more than double the prevalence of malware and spyware on smartphones in less than 6 months.

Here is a nice pictorial representation of some of the interesting facts about the growth of smartphone malware in recent past.

[Via]

The distinguishing characteristic of these p0rn visitors is that they generally use poorly guarded software, often vulnerable to online security attacks capable of compromising the PC Security.

And this is the goldmine for the malware developers.

A group of people hungry for content, browsing Internet through poorly guarded browsers and security software, and eager to install everything that come their way so as to satisfy their viewing pleasure, is a goldmine. Malware developers understand this fact for ages, and that is why, p*rn visitors are often culprit behind most of the malware spread.

Is Internet for P*rn?

In a recent study, a group of researchers have conducted exhausted study of the tricks used by adult-oriented websites engaged in shady practices. They have gone to the extent of establishing their own Adult websites and running them to intrude deep into this business model.

Lots of interesting facts have been found in the study, in which they have spent about $160 to buy about 49,000 visitors to their site. And they had discovered that our of them more than 20,000 visitors were browsing Internet with outdated version of the most common plugins like Adobe Flash, PDF and Microsoft Office.

This is to be remembered that outdated version of these three are known to cause extensive vulnerabilities and malware developers have been exploiting them to infect the user computers.

Visitors running with these outdated versions can be victimized with the drive-by-download attacks, which often pay handsomely to the attacking websites.

The entire report is an interesting read about the online porn industry financial dynamics from a webmaster perspective.

[Read the Report (pdf)]

Security Essentials is one of the few Free products from software giant Microsoft, which is really worth its salt. It provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.

Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times.

Great, But I wanna Know which is the Best Free PC Security Tool

Yes, we know that the post is about that. So here we take the opportunity to present the results of the rigorous testing performed by the independent research team at AV Comparatives.

The test was performed on about 20 popular PC Security suites, which were updated with their signature database available upto 10th February 2010. Then they were exposed to the malware and online threats, which were detected after that. The purpose was to test, whether they are able to detect an online threat based on their heuristic and other analytical powers even if the signatures are not present in their database. This forms the basis of their power and efficacy to detect the new threats.

The Results – Which is the Best Free PC Security

The test result show that TrustPost 2010 was rated highest for detecting the new malware. However, when we talk about the Free software, Microsoft Security Essentials was the leader.

See the test results in the screenshot below.

You can read the complete report on the site http://www.av-comparatives.org (pdf). Some interesting observations are available there to read.

Off course the warnings are fake and meant to deceive users into the purchase. The other type of ransomeware, cripple your computer or encrypt vital parts of your hard disk data and demand money to restore it.

Dennis Fisher, a security blogger at Kaspersky Labs, has reported the detection of yet another variant of these ransomeware, which demand money through SMS. They ask the victim to SMS a definite code to a particular premium phone line. The victim is typically charged for the SMS a sum of about $10. Once the SMS is received and the victim charged for the SMS, the hostage is released and the computer is allowed to operate normally.

These malware viruses are termed as SMS Blockers. They typically encrupt critical parts of the victim hard disk or display some pornographic image on the screen, which is virtually impossible to be removed. Whatever be the way, they ensure to make the computer unusable and release it from their clutches only after getting the money.

The threat is found spreading widely in Eastern Europe, Russia and parts of India. Be watchful. Please ensure to upgrade your security software with the latest virus definitions and update all the software to their latest release.

Exercise restraint in your online behavior and remember to Pause-Before-a-Click so as to ensure your PC Security and online Privacy.

This essentially mean that you can access GMail both with http://gmail.com as well as https://gmail.com. Notice the additional “s” in case of latter URL, which allowed the encryption.

But in a recent announcement on Google Blog, Google opened the gates on its flagship product for the encrypted version.

The Use of Encrypted Search in Avoiding Malware Links in Google Search

The obvious advantage of using encrypted version of Google Search is that no intruder will be able to know what you are searching on Google, even if he is able to intercept the data transacted on your computer with the Internet.

However, Neil Rubenking, a security researcher writing at PCMag Blog, has confirmed that Google Encrypted Search also protects you from becoming victim of Malware Links hidden in Google Search Results, a threat popularly known as Link Poisoning or SEO Poisoning.

If you are not sure, let me elaborate that it is a malicious activity by Malware developers, which allows them to get the malware URLs in the Google Search Engine pages. It is done through an active dose of SEO, often balckhat, to quickly climb the attacking websites’ URL in the Search Engine ranking pages.

When an innocent user clicks the URL and reaches the website, a drive-by-download attack is performed on his browser and malicious codes are activated. The malware developers are smart enough to detect that a user has visited the website through a search query. If, however, the visitor is not coming through a search query, the websites suspects that the visitor might be somebody, which knows the details about the website and may be a security researcher. In such a case, the website changes its codes and presents himself a clean website. The same is repeated with the Search Engine spiders to avoid detection of the malware code by the Search Engines.

See the example below.

How Encrypted Search Protects Innocent Users from Mlware Links in Google Search

Sine the data transacted is encrypted in nature, the attacking website is not able to understand whether the visitor is coming through a search query or not. This protect him from getting infected.

The Google Encrypted Search Query is presently in BETA mode and lots of things are yet be made public. But if the experiment is true, then it might have wider implications.

Most of the Analytics programs used by websites, depend upon the data provided the the visitor. In the absense of such data, lots of changes might be on cards for these analytics solutions.

Watch out this space for the updates.