February 14, 2013

Protect your computer from the Adobe Reader vulnerability

There are several brands of free PDF readers available, however many of us who started with Adobe prefer its quirks over some of the others' quirks. But the Adobe PDF reader is so prevalent that the malware writers searched for and found a vulnerability.

Get a detailed explanation of the latest vulnerability at Naked Security and Ghacks.net, among other places.

From what I can tell, the malware doesn't just attach itself to a PDF file floating through the email system but actually has to be built into a program disguised as a PDF file. The bad guys send out spam with the disguised PDF file attached, and some unsuspecting email recipients download the disguised PDF files, then when they open it with the Adobe Reader an executable program goes to work.

However, there's a way to avoid it which is explained at the aforementioned Naked Security site. But it only works on Adobe Reader XI, not on earlier versions. Download Adobe Reader XI (11.0.01) (46.74 MB) at that link.

In Adobe Reader XI click "Edit," "Preferences," then "Security (Enhanced)." The resulting screen shows a new feature called "Sandbox Protections." The default has the "Protected View" turned off which, according to the experts, won't protect the user. So turn it on by clicking the "All files" button. See the screen shots of both Adobe X and Adobe XI readers, below to see the difference.

Security preference Adobe Xa Security preference Adobe XIa
Let's all hope this works until Adobe can figure out a permanent fix. By the way, the fix pertains to computers using the Windows operating system and not Macs.

Posted by on February 14, 2013 at 03:48 PM in Malware, Web/Tech | | Comments (1) | TrackBack (0)

| | | |

Protect your computer from the Adobe Reader vulnerability

There are several brands of free PDF readers available, however many of us who started with Adobe prefer its quirks over some of the others' quirks. But the Adobe PDF reader is so prevalent that the malware writers searched for and found a vulnerability.

Get a detailed explanation of the latest vulnerability at Naked Security and Ghacks.net, among other places.

From what I can tell, the malware doesn't just attach itself to a PDF file floating through the email system but actually has to be built into a program disguised as a PDF file. The bad guys send out spam with the disguised PDF file attached, and some unsuspecting email recipients download the disguised PDF files, then when they open it with the Adobe Reader an executable program goes to work.

However, there's a way to avoid it which is explained at the aforementioned Naked Security site. But it only works on Adobe Reader XI, not on earlier versions. Download Adobe Reader XI (11.0.01) (46.74 MB) at that link.

In Adobe Reader XI click "Edit," "Preferences," then "Security (Enhanced)." The resulting screen shows a new feature called "Sandbox Protections." The default has the "Protected View" turned off which, according to the experts, won't protect the user. So turn it on by clicking the "All files" button. See the screen shots of both Adobe X and Adobe XI readers, below to see the difference.

Security preference Adobe Xa Security preference Adobe XIa
Let's all hope this works until Adobe can figure out a permanent fix. By the way, the fix pertains to computers using the Windows operating system and not Macs.

Posted by on February 14, 2013 at 03:48 PM in Malware, Web/Tech | | Comments (0) | TrackBack (0)

| | | |

January 31, 2013

Hackers got New York Times passwords - China suspected

This comes to us by way of Graham Cluley at Naked Security:

The New York Times has reported that for the last four months Chinese hackers have been infiltrating its networks, broken into the email accounts of senior staff, stolen the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees. ...

Malware was planted on users' computers which opened backdoors for the hackers to gain remote access to connected systems - including a domain controller that contained usernames and hashed passwords for all of the New York Times' employees. ...

In all, 45 custom-written malware samples are said to have been found on the network.

The hacking appeared to have begun after reporters started snooping into the wealth accumulations of Chinese government officials. But they can't prove who actually did it at this time.

Surely the New York Time had top-of-the-line security in place. So their vulnerability in spite of that suggests that everyone with access to the internet is vulnerable. I've often wondered if we all have some form of virus on our computers that's invisible to the off-the-shelf antivirus programs but which just sits there like a sleeper cell waiting for instructions.

Posted by on January 31, 2013 at 10:44 AM in Crimes, Malware, Web/Tech | | Comments (0) | TrackBack (0)

| | | |

July 10, 2012

Bank robberies -- then and now

Could there be anything more exiting than a good bank heist movie? Well, yes. It's the FBI statistics about bank robberies. Around the middle of each year the FBI issues its annual report of the bank robberies for the previous year. And the 2011 stats are now available. (We looked at the 2010 stats here.)

Once again, a Friday robbery at a branch bank in a commercial center was the most popular day and place. The time of day was spread fairly evenly between 9:00am and 6:00pm with the slot between 9:00 - 11:00 getting a slight edge.

As for the take, here's a little table comparing the last three years:

  2009 2010 2011
total
robberies		 5,943 5,546 5,014
loot taken $45,978,048.97 $43,016,099.07 $38,343,501.96
loot recovered $8,015,546.46 $8,193,065.41 $8,070,886.97
recovery percent 17.4% 19.0% 21.0%

Robberies include commercial banks, mutual savings banks, S&Ls, credit unions and armored cars. (Armored cars not reported in 2009.) Loot includes cash, face value of securities, checks, food stamps and other property.

These days an old fashioned bank robbery with a typical small take and about one in five chances of losing the money is a losing proposition. A few months ago someone robbed a local Bank Of America branch and was on the loose for only a few hours before being nabbed by police. The surveillance cameras banks use these days have undergone a significant upgrade from a few years ago when the best they could produce were grainy images of shadowy characters. In the BOA case an image from the surveillance video led directly to the perp's identification. (See Short spree for this bank robber.)

If/when those new gigapixel cameras become common place outside banks they could track the robber all the way to his hideout.

The bank robbers who are after the big bucks these days are online using malware. Here's the FBI warning about one called Gameover:

Typically, you receive an unsolicited e-mail from NACHA, the Federal Reserve, or the FDIC telling you that there’s a problem with your bank account or a recent ACH transaction. (ACH stands for Automated Clearing House, a network for a wide variety of financial transactions in the U.S.) The sender has included a link in the e-mail for you that will supposedly help you resolve whatever the issue is. Unfortunately, the link goes to a phony website, and once you’re there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information.

An armed robber taking cash over a bank counter is one thing. But the game changes when the money comes out of an individual's account due to malware. Whose loss it is? The bank is certain to contend it's the customer's fault, and a court will get to decide. In at least one case, noted at NakedSecurity, a federal appeals court found for the customer due to shoddy security at the bank.

In any event, bank customers need to try to avoid letting it happen in the first place. Watch out for those suspicious emails with those oh so tempting links.

Posted by on July 10, 2012 at 04:28 PM in Crimes, Malware | | Comments (0) | TrackBack (0)

| | | |

February 24, 2012

Beware of spam bearing malware

Oh those cybercriminals are so tricky. They send a legitimate looking email with an attachment, and the Windows user caught off guard decides to download the attachment to see just what it is. As Dorothy Parker said, there's no cure for curiosity.

Sophos' blog Naked Security alerted readers to two such scams this week. One claims to contain an HP Officejet scan. See samples here.

Attached document was scanned and sent
to you using a Hewlett-Packard HP OfficeJet 81998A.
Sent by: BETTYANN
Images: 0
Attachment Type: .HTML [Internet Explorer]
HP Officejet Location: -

The names and numbers vary, and the attachment looks something like this:

HP_Document_02-22_OFCJET84014.htm

Again, the numbers will vary. But the attachment is an HTM document which contains a malicious script which will send the browser to another site which may contain more malware.

A similar malware scam is in the form of an email claiming to be about a Changelog. That one contains an HTM document, too.

Safest bet, don't download attachments with HTM suffixes.

Posted by on February 24, 2012 at 04:04 PM in Malware, Web/Tech | | Comments (1) | TrackBack (0)

| | | |