Monthly Archives: November 2013

Google admits that forcing G+ on YouTube users has increased spam

Google’s recent decision to revamp YouTube’s comment system by integrating Google+ in order to reduce spam has proven to be extremely unpopular with users. Ironically, however, it has proven to be quite a hit with the spammers themselves.

The problem has not gone unnoticed by the YouTube comments team who, on Monday, acknowledged the issue via a blog post:

Since we launched the new comments experience on YouTube two weeks ago, we’ve received a lot of feedback from creators on the increase in comment spam. While the new system dealt with many spam issues that had plagued YouTube comments in the past, it also introduced new opportunities for abuse and shortly after the launch, we saw some users taking advantage of them.

In response to the plague of spam hitting the video-sharing site, YouTube has now implemented some updates which it believes will stem the tide.

The main changes involve better detection of bad links, improved recognition of impersonation attempts, and a change in the length of time that comments are displayed for.

There will also be improved detection of ASCII art – images dropped into comments by constructing a picture from text characters – which should hopefully lead to far less tanks, bananas and penises being seen beneath YouTube videos in the future (though I suspect there will always be a few bananas leaving stupid comments).

YouTube also disclosed that it will be adding further features to the commenting system which it hopes will be of benefit to video creators:

So what’s next? We’re moving forward with more improvements to help you manage comments on your videos better. Bulk moderation has been a long standing creator request and we’ll be releasing tools for that soon. At the same time, we’re also working on improving comment ranking and moderation of old-style comments.

Whether the changes will appease all of YouTube’s user base remains to be seen as many seem to favour a return to the pre-Google+ days.

A petition was recently launched on asking for a return to the old comment system:

Google is forcing us to make google+ accounts and invading our social life to comment on a youtube video and trying to take away our anonymous profile. They are also trying to censor us unless we share the same world view as they do.

Such sentiment seems to be quite widespread, with over 200,000 people adding their digital signatures to the petition in the last two weeks.

Google, however, seems unperturbed in continuing the integration and one could speculate that there are a couple of reasons why it would wish to persevere.

From Google’s point of view, forcing YouTube users onto its social networking site has the potential to lift its profile at a time when it is arguably playing third (or more) fiddle to both Facebook and Twitter.

Secondly, integration of the two sites will provide Google with even more information about the users of both services and, as all Naked Security readers should know by now, that data has value to those who wish to use it in order to deliver targeted advertisements.

How do you feel about Google forcing people to have a Google+ account in order to comment on YouTube? Do you think it’s all a storm in a teacup and great if it means the changes eventually will reduce the amount of spam on the site, or are you just plain annoyed that you need to sign up to Google+ in order to leave a comment in the first place?


Via: nakedsecurity

Ten ways to REALLY free up internal storage space on your Android

If clutter and insufficient internal storage space on your Android are getting you down, then read on: this article won’t just tell you to clean caches, uninstall apps and the like (which we believe are only marginally and temporarily effective), but will get to the heart of the problem with recommendations that make a significant impact.

The thing is: for those of us who have insufficient storage problems, clearing caches and junk files has become a weekly  – if not daily – ritual. But it isn’t supposed to be this way: there are better interventions out there that are a lot more significant, that can really make a dent in freeing up space from your Android’s internal storage. This post compiles TEN interventions in total and ranks them according to the potential impact they can have.

There are three ‘categories’ of interventions that you can perform, as follows:

  • Those that can be done on any Android device.
  • Those that require an external SD card connected to your device.
  • Interventions that you can do if your device is rooted.

Below is a list of useful FREE tools that are mentioned in this post. However, note that this article is NOT about the tools, but rather aims to provide a useful discussion about how best to tackle the problem of clearing up space on your device.

  • Clean Master: one-stop-shop for cleaning functions and batch app uninstalls
  • Diskusage: PC style graphical representations of where all of the space on your Android went.
  • ES File Explorer: our free Android file manager of choice.
  • Framaroot: if you want to take the plunge and unroot your device, this is one of the easiest ways to do it.
  • URSafe Media Redirector: which can move files saved into a certain folder into another one of your choosing.

Here’s the list of recommendations.

My aim was to list those interventions that can have a significant effect first.

(1) Save photos and videos to EXTERNAL SD card by default rather than internal storage

Requires: an external SD Card.
Potential impact (high/med/low): high.
















A spree of photo snapshots, a few videos here and there, and your internal storage can be filled so significantly that it makes clearing caches and junk files small fry in comparison. What’s more, this can happen silently, creeping up on you even if you one take a few pictures or videos each day, such that one day suddenly your Android internal storage will be overwhelmed seemingly without explanation.

Of course you can go in and delete your photos and videos and/or move them to your PC (and you should), but the fact is there is really no need to have your small internal storage deal with all these media files while your external SD card has a ton of free space sitting idle, especially if your internal storage already has a lot on it’s plate.

The good news: you can set you camera to save straight to your SD card, so you wouldn’t have to always worry about your media suddenly overwhelming your device or bogging down your Android OS. It’s actually very easy to do this: go to your camera app/settings/storage and select memory card (see screenshot above right), and you’re done.

(2) For all media intensive apps: set the save folder to EXTERNAL SD (e.g. Podcatchers, music sharing apps, wallpaper downloaders etc.)

Requires: an external SD Card.
Potential impact (high/med/low): high.

I use my Android to download and listen to podcasts, and I subscribe to many channels, and (predictably) one day I realized that my downloaded podcasts are eating up most of my internal storage. Worst of all, this happened slowly, one automatically-downloaded podcast at a time, without me ever realizing what was going on, until all the internal storage space was occupied and my device choked.

So ask yourself: what apps do you have that download media consistently?, whether it’s audio podcasts, mp3’s, videos, or images. Consider any of these categories: podcatchers, music sharing or streaming radio apps, video sharing or streaming video apps, voice note apps, camera apps that might store images or video in custom folders aside from the default folder (mentioned in point #1 above), wallpaper downloading apps, etc. The Diskusage app mentioned at the top of this article can help shed light on this by revealing bloated folders.

What to do when you’ve identified a space-hogging app? One of four things

  1. Change the default folder where the app saves data: go into the app, and look in the settings/options. In many cases the default save folder can simply be changed. If so, switch it to external SD card.
  2. Change the frequency of saving data: which is to say, limit how much data is being downloaded. Tell your Podcatcher to only keep a small number of episodes for each podcast you subscribe to, or tell it to stop downloading episodes automatically, etc.
  3. Find a different app that does the same thing but will save to external SD card and/or is more flexible: what I mean, specifically, is that if the application is not adaptable enough to let you save to the external SD card rather than internal storage, or will not let you change the frequency of downloads, or whatever, get rid of it and find one that will. To keep with the ‘Podcatcher’ example, there are many excellent free options out there to choose from, no reason to stick with one that won’t let you customize the save folder.
  4. Get rid of it: do you even use that app? If not, or if you use it rarely, getting rid of it might be the best course of action.

(3) Check to see if there’s a LOGS folder hogging a ton of space on your internal storage (non root)

Requires: nothing.
Potential impact (high/med/low): high.

This can happen with Android: a ‘logs’ folder appears that can grow extremely huge, for reasons that aren’t entirely clear to me (if you have an insight, please share it). Use DiskUsage or ES File Explorer (or any file manager) to check if there’s an sdcard/logs folder. You may not find it, but if you do, check to see how much space it is occupying. In my experience I found that the logs folder had inexplicably grown to 125 megs, and simply deleted it without any adverse effects. Obviously if the folder size is insignificant, you may as well not remove it.

(4) Check to see if there’s a LOGS folder hogging a ton of space on your ROOT folder (root)

Requires: root.
Potential impact (high/med/low): high.

Similar to point #3 above, but requires a rooted device, because you’re looking for a ‘logs’ folder in the root folder (/). I am speaking from experience as I did find such a folder myself (again, without much of an explanation) that had grown to more than 1 GIG in size, deleted it, and as you might imagine my internal storage problems disappeared immediately.

If you are suffering from a nagging ‘low storage available’ error that never seems to go away no matter how much space you clear, this may be the problem. It requires rooting your device to fix this (if you’re up for it and looking for a simple way to root, check out aforementioned Framaroot).

(5) Move apps to SD Card

Requires: an external SD Card.
Potential impact (high/med/low): med to high. (depending on how many apps you’ve installed).

Three things: (1) if you have an external SD card you really need to move most or all of your apps over; (2) some apps are not moveable, others will lose widget functionality or other functionality if moved, but Android will let you know before you commit to the move, and (3) you could do this individually/manually for each app from the ‘App info’ screen in the settings, but better to use a program such as ‘Clean Master’ which can automate the process and do it in batch. (It will also display a notification whenever you install an app that can be moved to the external SD card, that will let you move them on the spot as soon as they’re installed).

In the screenshot bottom left: the ‘move’ tab in ‘Clean Master’ lists all apps that can be moved to SD card; check all of the ones you want to move in batch (although for non rooted devices you will have to press the ‘Move App to SD card’ serially for one app after another). The bottom right screenshot demonstrates Clean Master’s automatic prompt to move an app to SD card as soon as it was installed.

(6) Change the default folder where your Android screenshots are saved to one on the EXTERNAL SD card

Requires: an external SD Card.
Potential impact (high/med/low): low to med. (depending on how many screenshots you take, if any).

Do you take screenshots on your Android? If not, skip this as it does not apply to you. However, if you are like me and take frequent screenshots for reviews and tutorials, then you can see how these would silently build up.

But the thing is: unlike the ‘camera’ media folder (point#1 above), there is no way to change the screenshot save folder in most Android devices, unless you using a custom screenshot app that may offer this. Moreover, the screenshot folder itself may be different depending on the device that you have.

But of course I will propose a way to do it, using an app that runs in the background and re-routes files saved into a folder of your choosing into another one, also of your choosing.

  1. Install URSafe Media Redirector and run.
  2. Click ‘manage redirections’ (bottom) then ‘add’. Click ‘path from browse folder’ button and browse to the screenshot folder, then press ‘path to browse folder’ button and specify a location on the SD Card, and finally toggle ‘Activation switch’ on and save.
  3. In the main screen, click the red ‘Media Redirector Started’ button, to turn it green, and make sure that the ‘Auto stat on boot’ checkbox is checked.

Note that (a) the free version of this app allows only ONE active redirection rule, and (b) this can work with just about any app that insists on saving files to a folder on the internal storage, but it will move the files in a one way redirection. (Which is to say if the app comes back looking for them in that location, it will simply not find them).

(7) Clean your ‘junk’ and cache files

Requires: nothing.
Potential impact (high/med/low): low to med. (depending largely on how recently your last cleanup took place, and how many apps you run).

This is something which you need to do periodically. These files include CACHE files for most apps, APKs (i.e. Android app installers) that may still be lingering around on your device, temp files and folders, etc.

Clean Master does a good job with this. You can do the ‘standard’ cleanup pretty much at will, but be careful what you are deleting if you switch to the ‘advanced’ tab. The advanced tab has a nice function whereby it will find and list the biggest files on your device, which can be very useful and impactful, just in case you forgot all about that 700 MB video file that you were watching on the bus six months ago.

(8) Uninstall apps you do not use

Requires: nothing (well, willpower)
Potential impact (high/med/low): low to med. (depending on how many apps you install and whether they are big or small).

If you install a lot of apps you may already suspect, somewhere deep inside, that all of these added apps aren’t really adding to your overall user experience, and that most of them are just occupying space and will rarely, if ever, be used.

So go ahead and remove half of them, or at least a third. You will feel strangely better. Note that ‘Clean Master’ is an excellent batch uninstaller that will let you check all of the apps you want uninstalled and uninstall them all in batch, one after another. It also will rank/sort your app list by date of installation as well as by size (in MB).

(9) Uninstall bundled apps that came with your device that you do not use (ROOT)

Requires: root.
Potential impact (high/med/low): low (but somehow feels really good).

Doors open when/if you root your device; suddenly, many (though not all) of the apps that came pre-installed when you bought your device, that you NEVER ever use. I would advise to back these apps up first, though (Clean Master can do it). This is because in case you want them back you may not be able to go to Google Play and simply reinstall them.

(10) Check to see if your Android suffers from the ‘Bloated Contacts Storage’ bug, and fix it.

Requires: nothing.
Potential impact (high/med/low): low to Med (but really ought to be fixed anyway).

On some devices, the contacts list will grow into a much larger size that it should, eating up space silently and invisibly. This issue may be related to having multiple GMAIL accounts with large numbers of Google+ contacts, but I don’t really know for sure.

I cannot expound too much about this, since I have not experienced it myself on any of my devices, but I thought I would list it here because I like to be as comprehensive as possible (and anyway ‘Ten ways to bla bla’ sounds a lot better than ‘Nine ways’ in a title

In any case the solution seems to involve finding out if you do have the problem, exporting/backing up your contacts and then reimporting them (with some steps in between). For more info on this here’s a Google search that might help.


Via: freewaregenius

PlayStation 4 and Xbox One Survey Scams Spotted

With the recent release of the PlayStation 4 in North America and the upcoming release of the Xbox One, November is fast becoming an exciting month for gamers. However, it appears that they aren’t the only ones looking forward to these launches. We spotted several survey scams that took advantage of the buzz surrounding the two consoles.

Demand for these consoles is sure to be high – the PS4 has already sold one million units within 24 hours of its launch. Unsurprisingly, cybercriminals are already using giveaways  to trick users. We found a Facebook page that advertised a PS4 raffle. Users were supposed to visit the advertised site, as seen below:

Figure 1. Facebook page advertising the giveaway

The site urges users to “like” or “follow” the page, and then share it on social media sites. This could be a way for scammers to gain a wider audience or appear more reputable.

Figure 2. Website with giveaway details

Afterwards, users are required to enter their name and email address. Instead of a raffle, they are led to a survey scam:

Figure 3. Survey scam site

Figure 4. Final survey scam

Scams are also using the Xbox One as bait. However, the site for this scam is currently inaccessible. Since the Xbox One has yet to be released, scammers could be waiting for the official launch before making the site live.

Figure 5. Xbox promo page

The scams were not limited to Facebook. We spotted a site that advertised a Xbox One giveaway. Like the PS4 scam, users are encouraged to promote the giveaway through social media. Once they click the “proceed” button, they are led to a site that contains a text file they need for the raffle. But like other scams, this simply leads to a survey site.

Figure 6. Xbox One giveaway scam site

Figure 7. Survey scam site

Product launches have become a tried-and-tested social engineering bait. Earlier in the year, we saw scams that used Google Glass as a way to trick users. Early last year, the launch of the iPad 3 became the subject of many scams and spam. Users should always be cautious when it comes to online raffles and giveaways, especially from unknown or unfamiliar websites. If the deal seems too good to be true, it probably is. Gaming consoles are just some of the most popular items bought online that can lead to security risks.

Trend Micro protects users from these threats by blocking all sites related to these scams. The Facebook pages referred to in this post are still currently online. We are also still on the lookout for related and similar threats, which will also be blocked as appropriate.

Via: trendmicro

Have you heard of the Happy Hour virus?

We have been alerted to an online service that any security-conscious sysadmins ought to be made aware of.

We think so too, but ended up on the horns of a “disclosurelemma.”

That’s where warning administrators in case their users access the service and thus trivialise computer security might cause users to access the service and thus trivialise computer security.

Created by an advertising agency in Boulder, Colorado, the website, called Happy Hour Virus, lets you deliberately simulate a security problem in order to leave work early.

“We expect this problem to peak on Friday afternoons,” said David Ullard, the CYO of Boulder-based productivity and workplace security action group Boulder Online Regulators of Interactive Network Games. “This is a true cross-platform threat, with modules for Windows, Mac and Linux users, each accessible with just a single click from any major browser.”

Ullard, whose research has revealed that the site uses a command-and-control protocol called HTTP over network port 80, warns that some firewalls already permit this sort of traffic by default.

HTTP over port 80 is used by hundreds, if not thousands, of American business users every year for online activities as diverse as finding recipes, making contact with people they didn’t like at school but suddenly want to be friends with 23 years later, and looking up the latest dollar value of Bitcoins.

The work-avoidance simulations used by Happy Hour Virus are as follows.

Mac users can pretend their Mac has shut down unexpectedly, though we suspect many administrators will see through this ruse, because Macs don’t get viruses and thus cannot actually crash at all:

Linux users get to simulate what happens when they accidentally mix the experimental open source kernel drivers for their oddball graphics card with the proprietary window manager support modules provided by the card vendor:

And Windows users get what actually turns out to be an anachronism – an old-school Blue Screen of Death in the wrong font:

With nearly 102.6% of IT administrators already having moved their entire business away from Windows XP onto Windows 8, months before Microsoft’s offical deadline, we’re surprised that the Happy Hour Virus didn’t go for a more modern look:

Administrators who want to have something to do while everyone else has ducked out early thanks to the Happy Hour virus may want to ask their Change Control Committee (those who aren’t already in the pub, at any rate) for a ruling on the following:

  • Blocking outbound access to any port with an “8” in it.
  • Removing all web browsers except Lynx to prevent bogus graphics from appearing.
  • Sending out an email to all staff saying, “Do NOT UNDER ANY CIRCUMSTANCES visit the website called”

Have a good holiday!

Via: sophos

Holiday Season Spam And Phishing

For many, the holiday season is a season for shopping and spending. But cybercriminals see it in a different light—they see it as a prime opportunity to steal.

Take, for example, online shopping. Malicious websites to try and trick online shoppers into giving them their money instead of the legitimate shopping websites. These sites are often made to look exactly like the website they’re mimicking, and feature a login screen that asks the user to enter their personal information. They are interested in any and all kinds of login information – for example, we recently saw phishing sites that stole the Apple IDs of users.

Trendmicro has kept track of the number phishing sites created since 2008. We pay particular attention to those that target Christmas shoppers and/or have holiday themes. There are plenty of these, and they persist all year. Unsurprisingly, they rise towards the end of the year, as seen in the graph below:

Figure 1. Christmas-related / Holiday-themed Phishing Sites

These sites also peak during big shopping dates, such as Black Friday and Cyber Monday. Online shoppers tend to search for huge discounts on these dates.

Cybercriminals target specific items that users might be looking for in particular when shopping online, such as gadgets (tablets, smartphones and DSLR cameras) toys, video games/consoles, software, and so on. We examined the most popular items sold and wished for on online shopping sites and compared them with the phishing sites we saw. We found that these were the most targeted items:

Figure 2. Top 10 Most Targeted Shopping Items

Spam campaigns also take advantage of the season. Recently it was found that a spam campaign which targeted British users. This campaign promoted cheap flights to destinations in the Canary Islands—popular tourist destinations for Britons. The name of a well-known provider of travel packages was also used.

Figure 3. Sample Holiday Spam

The email contains a .ZIP file that claims to contain more available holiday destinations. Opening the archive yields a .PDF file that is actually a malicious executable file. (trendmicro detect this file as TROJ_DLOAD.NOM.) Its final payload is  a ZBOT variant, which can steal critical personal information of users from their systems.

Figure 4. Malicious File In Archive


Users can avoid these threats by following these tips:

  • Don’t use search engines to find good deals. Web threats lurk in search engine results, and they’re often pushed up to the top of the first page because of Blackhat SEO. Instead, bookmark popular and well-established shopping websites and do your searching from there.
  • If it’s a deal too good to be true, it probably is. Half-off promos and amazing discounts certainly exist (more so during the holidays) but if it’s from an unfamiliar website or simply just beyond any reasonable sense of scale, then chances are it’ll lead to a web threat.
  • Use online shopping apps instead of using your mobile browser. If you’re a huge online shopper and you use your mobile device to do all your buying, check if your favorite site has an app and use that instead. This allows for a more secure transaction between you, the customer, and the website itself—removing the chance for web threats.
  • Install a security solution. A security solution can easily remove the risk of you accidentally stumbling onto opportunistic web threats when you’re shopping online by blocking malicious websites before you can even get to them. It also detects and removes any suspicious files or malware that may end up in your devices.



Via: trendmicro

Twitter increases protection from government snooping

Twitter has announced it is using a spin-off of the Diffie-Hellman method, first developed by GCHQ in the 1970s, to protect users’ data from snooping by government intelligence agencies.

Perfect forward secrecy” (PFS) is now live across all platforms, Twitter said, which makes it “effectively impossible” to collect data on users without the company’s permission, according to experts.

The move is thought to be part of a bid to make it more difficult to collect data on users without going through legal channels, according to the Telegraph.

Introduction of PFS ensures protection of encrypted data even if another party obtains decryption keys, as US and UK intelligence agencies have done in the past according to whistleblower Edward Snowden.

An internal team of security engineers has spent several months implementing PFS, which adds an extra layer of security to the widely used HTTPS encryption.

Google, Facebook, Dropbox and Tumblr have all implemented PFS, and LinkedIn is understood to be introducing it in 2014, according to the Guardian.

Technology companies and online service providers are attempting to restore user trust in the wake of the Snowden revelations of the US Prism internet surveillance programme.

The introduction of PFS means greater protection of direct private messages, protected tweets and data on what users say, who they comment on and who else they read.

PFS creates a new, disposable key for each exchange of information, so the key for every individual session would have to be decrypted to access the data.

In Elliptic Curve Diffie-Hellman (ECDHE), which supports PFS, the server’s private key is used only to sign the key exchange, preventing man-in-the-middle attacks, according to Twitter.

Ironically, the ECDHE method was first developed by GCHQ and remained classified until it was patented by US cryptographers Whitfield Diffie and Martin Hellman, who made the discovery independently.

In a blog post announcing the implementation, Twitter said PFS is what should be the “new normal” for web service owners to protect users from all predators on the internet.

“If you are a webmaster, we encourage you to implement HTTPS for your site and make it the default. If you already offer HTTPS, ensure your implementation is hardened with HTTP Strict Transport Security, secure cookies, certificate pinning, and Forward Secrecy,” the post reads.

Twitter also calls on website users to demand that the sites they use implement HTTPS to help protect privacy and to use an up-to-date web browser with the latest security improvements.

“HTTPS is surprisingly important for any web service that lets you login up front and then stay logged in indefinitely,” said Paul Ducklin, security technologist at security firm Sophos.

“That’s because your logged-in status is usually dealt with by a session cookie that is used by the server to recognize a user and transmitted in the HTTP traffic,” he wrote in a blog post.

According to Ducklin, without HTTPS to encrypt the cookie between the browser and the server, an attacker could sniff the traffic, extract the cookie and use it to masquerade as a legitimate users.

Plain HTTPS only requires the server to send a user a public key to which it has a matching private key, allowing the server to use the same public-private keypair over and over again.

HTTPS with forward secrecy, however, requires the server to send you a public key that is unique to a session, so the corresponding private key can be destroyed after use, said Ducklin.

“That’s how the forward secrecy is achieved: once the decryption keys from your session are destroyed, any copies of the encrypted data are effectively ‘nailed down’ into an eternally-encrypted state, like a padlock to which you’ve lost the key,” he said.


Via: computerweekly

Spam from an anti-virus company claiming to be a security patch? It’s Zbot/Zeus malware.

SophosLabs alerted us earlier today to a spam campaign that seemed to originate from a whole raft of different security and anti-virus companies.

The messages have a variety of subject lines, such as:

Windows Defender: Important System Update –

requires immediate action


AVG Anti-Virus Free Edition: Important System Update –

requires immediate action


AVG Internet Security 2012: Important System Update –

requires immediate action


Kaspersky Anti-Virus: Important System Update –

requires immediate action


Microsoft Security Essentials: Important System Update –

requires immediate action

The emails are all very similar, claiming to include an important security update to deal with “the new malware circulating over the net”.

The parts shown in pink above vary from email to email, but the bulk of the content stays the same:

Important System Update – requires immediate action

It’s highly important to install this security update due to the new malware circulating over the net. To complete the action please double click on the system patch KB923029 in the attachment. The installation will run in the silent mode. Please pay attention to this matter and inform us in case there is a problem.

The email doesn’t explicitly mention the CryptoLocker ransomware that locks your files and tries to sell them back you.

But there is little doubt that many recipients, having heard of the ongoing saga of CryptoLocker, will be more inclined than usual to read on.

It’s all a pack of lies, of course.

There is no “system patch KB923029,” and even if there were, neither Microsoft nor any other reputable company would send out security updates as email attachments.

Also, if you are a native speaker of English, you should spot a number of niggling errors of usage and grammar in the text of the email.

→ The fact that an email is grammatically flawless, in English or any other language, is not an indicator of legitimacy. But language blunders in English, in an email purporting to come from the New York office of a legitimate software company, are a strong indicator of bogosity. If the crooks can’t even be both to trying rite and spel decent, you may as well use their linguistic sloppiness against them.

The ZIP file contains an EXE (a program file); that program file is one of the many variants of the Zbot malware, also known as Zeus, that we see on a regular basis.

You’re expected to open the ZIP and run the program inside, which has a name like this:

HOTFIX_patch_KB_00000…many digits…56925.exe

There’s nothing wrong with having an EXE inside a ZIP file.

But a ZIP that contains only an EXE, and that was delivered by email, is just as suspicious as a plain EXE that arrives as an attachment.

If you do run it, the EXE installs itself into:

C:\Documents and Settings\%USER%\Application Data\

with a random filename, and adds itself to the registry key:



so that it gets launched every time you reboot or logon.

We shouldn’t need to remind you, but we’ll do so in case you want to remind someone else:

  • Don’t open email attachments you weren’t expecting.
  • Don’t believe emails that claim to be sending you a security patch – by email.
  • Don’t ignore clues such as poor grammar or spelling in emails that claim to be official.
  • Don’t neglect to keep your software patches up to date – but never by email.

Via: sophos

Advanced SystemCare 7 – Free

What does Advanced SystemCare 7 Free do? – For FREE!

Advanced SystemCare Free is a comprehensive PC care utility that takes one-click approach to help protect, repair and optimize your computer. Scanning and finding what other utilities might miss, it can keep your PC error-free and smoother than ever. This fantastic program is available free of charge.

Advanced SystemCare brings you the new Real-time Protector – A light yet powerful feature to protect your PC against Malware in the background and in real time.

Have you ever encountered PC crashes and not know why? After months or years of using your PC, there might be plenty of system changes that can add burdens to your PC. Advanced SystemCare Free can clean the left over stuffs and remove the craps to tidy up your PC.

Registry Repairing and Cleaning – Advanced SystemCare Free cleans the unnecessary records from your registry that might cause trouble and slow downs.

What’s new in this version?

  • Metro UI – Added Brand-new Metro UI and Improved Other UIs for Easier and Smoother Use.
  • Windows 8/8.1 – Fully Support Windows 8, Windows 8.1, and IE 11.
  • New Uninstaller 3 – Enhanced the Powerful Scan for Both Applications and Browser Plug-ins to Bring You a Clean and Fast Computer and Browser.
  • New Driver Booster – Help You Update Outdated Drivers Safely and Rapidly.
  • New Program Deactivator – Retrieve More Available System Resource by Automatically Enabling and Disabling Background Services.
  • New Real-time Protector – A Light yet Powerful Feature to Protect Your PC Against Malware in Real Time in the Background.
  • New Homepage Protection – Protect Your Browser’s Homepage and Search Engine from Malicious Modification in Real Time for Better Browser Security.
  • New ManageMyMobile – Help You Manage, Clean, Optimize, and Back up Your Android Device Easily
  • New Surfing Protection Technology – Support Real-time Database Update and Parent Control for Safer Surfing for Both Parents and Kids.
  • New Start Menu 8 – Bring Back the Windows 8 Start Menu for Windows 8 users.
  • New Skip-UAC Function – Faster and Easier Loading of the Program.
  • Improved Junk File Clean – Fully Support the Clean of Windows 8 Metro App Cache to Release More Free System Space and thus Boost the System Performance.
  • Improved Privacy Sweep – Support IE 11, Opera 16, Chrome 30, Sony Vegas Pro 12.0, CDBurnerXP, UltraEdit20, Photodex ProShow Producer5.0, SketchUp Make 2013, HandBrake, CuteFTP 9, Directory Opus 10, DivX Player10, Internet Explorer 11, Adobe Photoshop Lightroom5.2, Express Scribe, Gom Player, Skype Metro App, Twitter Metro, and Adobe Reader Touch.
  • Expanded Malware Removal Database – Better Protection Against Latest Malware Threats.
  • Fully upgraded Cloned Files Scanner – Support Removing Duplicates in Just One Click.
  • Enhanced Registry Fix and Vulnerability Fix – Higher Scanning Speed and More Stable Performance

Download it here:

Via: iobit

IBM acquires Fiberlink as mobile-security strategy keystone

Goal is unified mobile-security framework to protect transactions.

IBM announced an agreement to acquire Fiberlink Communications, saying the purchase is a key part of a broader mobile-security strategy to provide assurance in transactions conducted via devices such as iPhones and Android smartphones.

Fiberlink provides mobile-device management (MDM) through its MaaS360 cloud-based offering, counting about 3,500 customers in industries that include financial services, healthcare and manufacturing. IBM’s director of application data and mobile security Caleb Barlow says the acquisition, expected to be concluded shortly, puts IBM on a path to compete with MDM vendors such as Symantec, AirWatch, MobileIron and Good Technology.

But Barlow also points out that Fiberlink should be considered part of IBM’s broader strategy for mobile-device security, which includes IBM’s recent acquisition of Trusteer, the security firm specializing in an anti-fraud, anti-malware approach that has been used in the banking industry in particular on the Web.

Through Fiberlink and Trusteer combined, “which is the key part of this,”  he says, IBM intends to provide a type of trust assurance in transactions done on mobile devices in business-to-business or business-to-consumer communications. With the Fiberlink acquisition, IBM is also solidifying its approach to supporting “Bring Your Own Device” environments.

Another recent IBM acquisition in the mobile management area is Worklight, which makes development tools for mobile applications, and it’s also a building block in IBM’s mobile security strategy overall, Barlow adds.

IBM’s intention is to develop a unified mobile-security framework through cloud- and agent-based means that provides not just management of devices but security checks against malware or device hijacking, for example, especially during any sensitive transaction process.

In addition, the goal would be to enable transmission of relevant mobile-device security-event information to IBM’s security information and event management tool, QRadar.

Barlow acknowledges there is “some overlap” in what Fiberlink can provide in application management and IBM’s managed mobile security service started two years ago. “But it’s fairly minimal,” he says. IBM’s main focus going forward is Apple iOS, and Android, “but we’re also looking at Windows Mobile.”


Via: networkworld

Yahoo to encrypt user data

Yahoo is to encrypt all user data that moves between its datacentres by April 2014 in a bid to regain trust after allegations that the US government secretly accessed users’ data.

The internet firm previously announced it plans to encrypt all email communications from January 2014 after allegations of US government agencies accessing email traffic.

Yahoo is among several large technology companies trying to distance themselves from the Prism internet surveillance programme revealed by whistleblower Edward Snowden in June 2013.

Specifically, Yahoo is working to repair the damage done by allegations that the US National Security Agency (NSA) broke into main communication links that connect Yahoo’s datacentres.

Similar allegations were made about Google, which already encrypts its email service and has been speeding up the implementation of encryption between datacentres since June 2013, according to the BBC.

In a statement, Yahoo chief executive Marissa Mayer said she wanted to reiterate that Yahoo has never given the NSA or any other government agency access to its datacentres.

Yahoo users will be offered full encryption

In addition to encrypting data flows between datacentres, Yahoo plans to offer users an option to encrypt all data to and from Yahoo.

Mayer said the company will work closely with its international mail partners to ensure that Yahoo co-branded mail accounts are https-enabled.

“We will continue to evaluate how we can protect our users’ privacy and their data. We appreciate, and certainly do not take for granted, the trust our users place in us,” she said.

Although security experts believe encryption is a step in the right direction, Mark Manulis, associate professor of applied cryptography and network security at the University of Surrey, doubts it is enough.

“It makes it harder for the average hacker, but it still could be possible for government agencies [to access], depending on what encryption is used,” he told the BBC.

Government requests for data

Yahoo has also joined Google and Microsoft in publishing transparency reports on the overall number of government requests for data, as well as pushing for the right to publish more details on such requests.

The companies are fighting to change US legislation that prevents them from providing a breakdown of numbers to show how many requests are made by the controversial Foreign Intelligence Surveillance Act (Fisa) and National Security Letters (NSLs).

Via: computerweekly