Backdoor.Makadoc -- a trojan that has been floating in the wild for a while now, attacking Windows, and has recently been updated to target Windows 8 and Windows Server 2012 -- is a clever piece of malware. What makes this malware clever, you ask? Simply the way it goes about attacking your PC.
Actually, it isn't the attack-vector that is unique -- infections of Backdoor.Makadoc (and its variants) are spread through infected RTF and Word documents. Rather, what is novel about the malware is how it gets your data out of your PC, and how it communicates with malware's command and control servers.
You see any competent firewall will block outgoing connections of a suspicious process. However, most firewalls will not (and do not) block a connection made to Google Docs. As such, Backdoor.Makadocs utilizes Google Docs as the medium of communication between your infected PC and the command and control server. What happens is Makadocs uses the "viewer" functionality in Google Docs to transmit info back adn forth between your PC and the command and control server. Since Google Docs is typically a trusted source by firewalls and Google Docs encrypts all traffic, using this method not only helps the malware go around security measures of a firewall but also to help prevent the detection of the command and control server IP address/URL.
Google, of course, prevents the use of Google Docs for such purposes via its terms and conditions, and provides the ability in every Google Doc file to report abuse:
Using any Google product to conduct this kind of activity is a violation of our product policies. We investigate and take action when we become aware of abuse.
Still, however, there is no real automated way to prevent such attacks via Google Docs because, as TheNextWeb points out, these types of vulnerabilities make use of social engineering and not system exploits. In its official statement on this matter, Microsoft echos this idea of fallibility to social engineering:
Social engineering is an industry-wide issue and we are aware these types of problems occur. We are committed to helping consumers have a safe, secure and positive online experience. Our general guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources and install and regularly update anti-virus software.
As I type this on a Google Doc, I'm hoping Google and Microsoft sort this out as soon as possible. For what it is worth, Backdoor.Makadocs is a known vulnerability (and not a zero-day attack) so any competent anti-virus should protect you against it.
dottech.org
Tuesday, November 20, 2012
Sunday, November 18, 2012
Online Surveys Scams
SCAMwatch is warning people to beware of online scams – surveys, emails and social-media posts – offering fake gift vouchers or other bogus inducements in return for disclosing credit card and other personal information.
While many online surveys are legitimate and may be backed by some reward, the Australian Competition and Consumer Commission and Woolworths have received an increased number of complaints about possible scams misusing the Woolworths name and logo, going under such titles as ‘Customer Satisfaction Survey to get $50’.
Scams such as these often ask people to provide credit card or other personal details, which criminals can use to commit identity theft and other fraud.
Woolworths is advising people that all its official competitions are listed at www.woolworths.com.au on its Promotions and Competitions page.
How these scams work
These scams abuse the brand names and logos of well-known companies and products to make them look legitimate.
As with many legitimate offers and online posts, you might be asked to complete a survey and/ or pass on an offer to others before you can claim a voucher or other inducement or enter a competition. But the scams will take your valuable information and give you only disappointment in return – products will never arrive or vouchers will be fakes that retailers won’t honour.
Recent scams have related to supermarkets, coffee shops, smart phones and tablets, including offers featured on Facebook.
Protect yourself
Be very wary when, for example, filling in surveys linked from social networking sites – being asked to provide such detailed information as Medicare numbers or credit-card security codes should ring alarm bells.
You should check whenever you can whether offers are legitimate, even ones passed on from people you know. If the offers are represented as coming directly from a particular retailer, check they are listed on the retailers’ official websites – or call a business’ official customer-service line. Don’t click on links or call numbers listed in the offers – they can link to fake websites and even fake call centres.
If you think you have provided your account details to a scammer, contact your financial institution immediately and report the scam to The Australian Communications and Media Authority http://www.acma.gov.au/WEB/STANDARD/pc=CONTACT_COMPLAINTS_OVIEW
Thursday, November 1, 2012
Advanced-Tokens-Manager
Normally, you can use Windows 7 serial key during installation on the same machine for activating Windows but online activation have some limits. If you install Windows on your system many times due to reasons like virus threats, system files corruption, etc. then online activation is a great problem. 7Tokens Manager is a freeware tool which will back up the Windows 7 Retail, OEM and MAK licenses (your genuine license) and then restore it.
Features:
Backup’s RETAIL / OEM / MAK licenses
Backup Certificate / Serial / Tokens.dat
Backup license files
Dynamic interface
Very lightweight and fast
Programmed with security features
5 min is estimated time required to restore your activation
http://forums.mydigitallife.info/threads/27341-Advanced-Tokens-Manager-The-Activation-Backup-Solution
Subscribe to:
Posts (Atom)