Jan 30, 2018
Comments Off on Stolen security logos used to falsely endorse PUPs

Stolen security logos used to falsely endorse PUPs

To gain the trust of users, many websites and companies feature the logos of reputable firms who endorse their products. Unfortunately, some unseemly companies do the same, using logos of companies who have not, in fact, endorsed their product in order to trick people into thinking that what they are about to install is legitimate. Potentially Unwanted Programs (PUPs) are masters in this trade of building false trust.

Gold Partner Tuneup

The most popular logos to used by criminals achieve this false trustworthiness are:

  • McAfee SECURE
  • Norton Secured Seal
  • Microsoft Partner Network/Microsoft Technologies

Below is an example of a website that has all three of them, so it must be the safest site imaginable. (Wrong.)

fake online scanner

In fact, it is a fake online scanner that will try to scare you into thinking that your computer is infected with some nasty viruses and that their solution can take care of it. Actually, they will try to sell you a PUP like Master PC Cleaner that will inform you about even more problems with your system. To compound matters, they’ll then offer to help you get rid of them—for a price. Should you need assistance, many of these so-called “system optimizers” are not afraid to get involved in tech support scams either. Their support numbers are displayed prominently in their GUI.

So how do programs that can scam people out of money in three different ways get these badges of authentication on their sites? Likely, they are used without authorization. In fact, it is no harder than copying one of these logos from a Google image search and inserting the image onto the site.

What do these logos actually mean?

First of all, if the logos are used without authorization, they mean nothing. Nada. Niente. Putting a picture on a website does not change the way the site or product it offers behaves.

But even if the logos are real and authorized, they may not mean what you think they mean. To help suss out whether a site is trustworthy or not, it’s not a bad idea to learn what these logos actually stand for.


The McAfee SECURE logo is free for websites with up to 500 visitors per month. If you find the real logo on a site, it will be visible as a small “M” in the bottom right-hand corner. You can expand that logo to read about what it means.

McAfee logo check

In a nutshell, a McAfee SECURE logo indicates the following:

  • There is no malware hosted or linked to on the site.
  • The site has a valid SSL certificate, which means traffic to and from is encrypted.
  • There is no phishing detected.

Which is all well and good. It means the website has been checked for all these points, but it doesn’t mean that the product advertised on the site is endorsed by McAfee. And if you see the logo displayed without an option to see the number of reviews, chances are high that the site owner just pasted that image on their site and didn’t actually earn in. As was the case for our fake online scanner.

Norton Secured Seal

The Norton Secured Seal is included at no cost with all Symantec certificates. If installed on a website not using a Symantec certificate, the seal will not display. Please note that this doesn’t mean it will stop someone from using an unauthorized image on their site. But again, even if the seal is real, it doesn’t mean the product advertised on the site is secure. It just tells us the site has a Symantec SSL certificate.

Microsoft Partner Network

The Microsoft Partner Network (MPN) is designed to help qualified technology companies build, sell, provide, service, and support solutions for their customers with Microsoft technologies. To qualify for the MPN, a technology company must sell or provide more than 75 percent of its IT solutions and services, or derive 75 percent or more of its total revenue through the external monetization of their intellectual property solution(s) to unaffiliated third parties. Nothing in the MPN agreement restricts a company from working with and using non‑Microsoft technologies.

Basically, companies pay a fee for which they get Microsoft tools, training, and software in return—and the right to display a Microsoft partner logo on their product and site. The only “check” that Microsoft performs for the exchange of their tools and logo (that I could find) is to verify that partners derive 75 percent of their business from third parties (non-affiliates). That could be anyone. And it doesn’t guarantee the safety of the products sold on the site.

How can I check the authenticity of the logo?

If you see a McAfee SECURE or Norton Secured Seal on a website, you can check to see if they are real by clicking on the logo. The real logos are clickable and include additional information about their meaning. Fake McAfee and Norton logos will not be clickable or might include incomplete information.

The Microsoft Partner Network is searchable, but unfortunately knowing the name of the product alone is not always enough to find out if that company is a legitimate partner. And the name of the product is not necessarily the same as the name of the company.


As we have learned, it is easy to abuse logos of trust on websites, who use them to fake the appearance of an endorsement of a product or site. It’s also easy to confuse those logos, even when used legitimately, for a blanket statement on the security of the product or site. And since most fraudulent companies change names and sites almost as often as their socks, they don’t care if someone finds out.

That means the best thing you can do to guarantee a safe online purchase or surfing experience is to never assume that a logo automatically makes a site legitimate. Put on your cynical caps, take a closer look, and remember that if it seems too good to be true, it probably is.

Be careful out there!

The post Stolen security logos used to falsely endorse PUPs appeared first on Malwarebytes Labs.

Powered by WPeMatico

Jan 29, 2018
Comments Off on A week in security (January 22 – January 28)

A week in security (January 22 – January 28)

Last week on Labs, we analyzed a rogue app outbreak on Twitter, took a look at how Singapore’s government is faring with network defense, and rolled out our 2017 State of Malware report. We also became visionaries in Gartner’s Magic Quadrant report and explored a VR data mishap.

Other news

Finally, a tip of the hat and a shout out to the very awesome Hasherezade, who’s been included on a Forbes Europe list of 30 under 30—a fantastic achievement!

Stay safe, everyone!

The post A week in security (January 22 – January 28) appeared first on Malwarebytes Labs.

Powered by WPeMatico

Jan 29, 2018
Comments Off on How to remove adware from your PC

How to remove adware from your PC

“Close. Close. Close. Close,” my mother mumbles as she aggressively clicks her mouse over and over.

“What’s wrong, Ma?” I’m home for the holidays, and cozy, cold evenings are often spent in front of the fireplace. This night, however, my mom is stuck at her computer.

“This stupid thing won’t stop showing me ads.”

“Looks like a job for Malwarebytes!” I joke, but come over to examine. Her screen is loaded with advertisements. Upon closing one, another pops up.

how to remove adware

So many pop-ups, so little time.

Looks like mom’s got adware.

What is adware?

Adware is short for advertising-supported software. It’s well-known for being a major Mac nuisance and has made itself ubiquitous on Android OSes, finding its way into the Google Play Store as Trojanized apps.

But adware is a PC problem, too. It delivers ads and other browser-cluttering junk most often in the form of pop-ups, tabs, and toolbars. Beyond simply bombarding you with ads, adware can hijack your browser, redirecting you to sites you weren’t planning on visiting (and showing you ads there) or delivering random, back-alley search engines results. It can slow down your computer and is often frustratingly difficult to remove.


Have some toolbars, courtesy of Mindspark adware.

Why would anyone knowingly install a program that behaves this way? The answer is: They wouldn’t. When legitimate software applications use online advertising, the ads are typically bundled within the program and designed and displayed in ways that the developer specified—and a good developer knows not to piss off customers with overbearing ads. Adware, in contrast, is specifically designed to be a nuisance, sneaking its way onto people’s systems by bundling up with legit programs or disguising itself as something else.

Whether you download adware without full knowledge of what you’re getting or whether it hides in the EULA of another software program like a stowaway, it’s behaving in a way that neither you nor the software it latches onto wants. This is what makes adware a type of potentially unwanted program, or PUP.

How is adware different from PUPs?

Adware is, essentially, a type of potentially unwanted program. PUPs also include other borderline malicious programs, such as spyware, browser lockers, dialers, and junkware. Security companies flag these programs as “potentially” unwanted, but the reality is, any sane person would not want this crap on their computer. Unfortunately, since most people aren’t paying close attention to what they download, they essentially agree to install the programs without realizing it.

Even more unfortunately, any attempts by security companies to fully block these programs as malware can get legally hairy. Thankfully, the cybersecurity industry is making strides in courtroom battles and in public opinion against software providers whose programs cross the line from slight bother to major asspain.

How do you get adware?

The most common ways for adware to infect PCs today are through toolbars/browser extensions, bundled software, and downloads offered by pop-ups.

A Trojan containing adware may pretend to be something you want, such as a plug-in or video player, but what you really end up downloading is an adware installer. Adware may also hide inside a legitimate download from an unethical site. Often, it shows up in downloaded files from torrents or piracy sites. It’s even making its way into the Google Play Store—with more frequency these days—and blessing Android devices with its garbage content.

The common theme among these delivery methods is deception. Adware makers trick users into willfully downloading programs they won’t like by pre-populating check boxes, greying out or minimizing options to skip, or plastering “recommended” next to a preferred option one-too-many times. Half the battle in avoiding adware intrusion on your device is reading install wizards and EULAs with hawk-eyed precision.

adware EULA

A pre-checked box and a tiny EULA screen spells adware

But let’s be real. No one does that.

That means you need a way out when you rush through an install agreement to download the free version of Bejeweled only to be dazzled by a flurry of ads all but ruining your screentime.

How to remove adware

Your way out is relatively simple. If you think you’ve got an adware problem on your PC, you can manually remove it in a few easy steps.

Back up your files. Always a good first precaution when you’re faced with a potential infection. Grab an external hard drive or save your most important data to the cloud.

Download or update necessary tools. To get your computer sparkly clean, you’ll need to download or run updates to a scanner that specializes in removing adware and PUPs (such as Adwcleaner or the free version of Malwarebytes). If you suspect your computer is heavily infected and you don’t have these tools, you’ll want to install them on a friend’s machine and transfer them to yours via CD or USB.

Uninstall unnecessary programs. Before scanning with a security product, check to see if the adware program has an uninstaller. To do this, go to the Add/Remove Programs list in the Windows Control Panel. If the unwanted program is there, highlight it and select the Remove button. After removing the adware, reboot the computer, even if you’re not prompted to do so.

Run a scan with an adware and PUPs removal program. Once the program has scanned and found adware, it will likely quarantine the stuff so you can take a look and decide whether or not to delete it. Our recommendation is delete, delete, delete. This will get rid of adware and any other residual files that could bring the adware back.

Read: How to remove adware from Macs

How to avoid adware infection

While the above steps can rid PCs of most adware, there are a few belligerent forms that are difficult to remove—and these more aggressive adware programs are popping up more and more (pun intended). The makers of adware today have adapted their techniques in order to skirt around more comprehensive ad-blocking tools introduced by major browser developers, including Google, Mozilla, and Microsoft. Their formerly grey tactics have turned to black.

The bad guys bundle their adware and PUPs programs with tools that act as protection against their removal by blocking security software from running or even being installed, or by stopping users from taking measures to remove the adware themselves. The only known way to protect against these attacks right now is to prevent them from happening in the first place. Thankfully, you can do just that with an adware- and malware-blocking security solution like Malwarebytes.

The post How to remove adware from your PC appeared first on Malwarebytes Labs.

Powered by WPeMatico

Jan 27, 2018
Comments Off on IMPORTANT: Web Blocking / RAM Usage

IMPORTANT: Web Blocking / RAM Usage

Earlier this morning, we published a protection update that caused connection issues for many of our customers. As a side effect of the web protection blocks, the product also spiked memory usage and possibly caused a crash.

We have triaged this issue and pushed a protection update that resolves it.

For our consumer solutions

Please follow the steps below on how to update to the latest database:

1. Open Malwarebytes
2. Turn OFF web protection by Clicking on “settings”, click to turn web protection OFF
3. Under Scan Status (right side), click next to “Updates” to have Malwarebytes download the latest database
4. Restart PC
(Note it may take up to 2 restarts after the update to stabilize the system)

To confirm that you are on the latest database please follow the steps below:

1. Open Malwarebytes
2. Click on Settings
3. Click on the About tab
4. Next to “Update package version” if you see version 1.0.3803 or higher you are on the latest database which addresses the issue.

If the above doesn’t resolve the issue, please reach out to support at support@malwarebytes.com.

For our business solutions

Please follow the appropriate steps below to update to the latest database:

Malwarebytes Endpoint Security (On-premises)

First step to get the update is to disable the real-time protection. To do this in the Management console:

1. Open up the policy the clients are on and go to the protection tab.
2. From here, disable the ‘enable protection module’ option.
3. Once this is done click OK. When your clients check in they will get this new policy update.
4. Once real-time is protection is disabled and your clients can communicate, highlight the endpoints on the client screen and click the update database button at the top.
5. After the update is applied, a reboot of the machine may be required.

Note: If your client cannot resolve internal addressing, then re-installing the agent manually on the machine will need to be done. The client will not be able to reach out to the server for a policy update and will never be able to turn off the real-time protection.

Malwarebytes Endpoint Protection (Cloud)

1. From the Malwarebytes Cloud console, go to the endpoints pane and select all the endpoints.
2. In the action drop-down, choose the ‘check for protection updates’ option to force an update on all endpoints to database update 1.0.3803.

This should fix the problem for the vast majority of Endpoint Protection endpoints.

If endpoints are still affected after applying this, please reboot the machine.

If the remote agent is unable to reach out and get this update, then we must disable the web protection:

1. In the Malwarebytes Cloud console, Go to the settings> policies> and open up the policy the clients are on.
2. From here, go to the endpoint protection policy and turn off the “Web Protection” portion of the policy. Then:

a. If the machine is unresponsive, reboot the machine and log in.

b. Once in, right click on the tray icon and start a scan. This will force a database update and fix the issue.

c. Once updated, cancel the scan and reboot the machine.

3. When the computers are all online and updated, please turn back on the web protection again in the Endpoint Policy.

If the above doesn’t resolve the issue, please reach out to support at corporate-support@malwarebytes.com

The root cause of the issue was a malformed protection update that the client couldn’t process correctly. We have pushed upwards of 20,000 of these protection updates routinely. We test every single one before it goes out. We pride ourselves on the safety and accuracy of our detection engines and will work to ensure that this does not happen again.

Getting your computer or business back up and running is our utmost priority, as is rebuilding your trust.



The post IMPORTANT: Web Blocking / RAM Usage appeared first on Malwarebytes Labs.

Powered by WPeMatico

Jan 26, 2018
Comments Off on Plugging a virtual leak: insecure VR app exposes customer data

Plugging a virtual leak: insecure VR app exposes customer data

I’ve been giving talks on the possible problems raised by virtual/augmented/mixed reality for a while now, and sure enough, we have what may be one of the first potentially major security issues thrown up by an in-the-wild application. Until a recent fix was applied, users of the pornography app SinVR could have found their subscriber information up for grabs.

Researchers over at Digital Interruption discovered names, email addresses, and device names for anyone with an account alongside those paying for content using PayPal. This information would be great for social engineering, fake SinVR emails, or just plain old blackmail/embarrassment antics should any attacker be so inclined.

They figured this out because while reversing the app, they realised they could make unauthenticated calls to endpoints, thanks to a function which looked as though it allowed SinVR to download a list of all users. Though they would have had to modify the binary to do this via the app, their web API meant it wasn’t necessary thanks to the previously mentioned endpoints.

If we cast our minds back to around the time of the SONY hack, games companies became popular targets, with company hacks, compromised databases, tampered game servers, and all sorts of other shenanigans. At the time, it was clear that many organisations weren’t doing as much as they could for security stakes; although now you don’t see quite as many game developers being compromised in such fashion these days.

VR, however, is a brave new world, and there are many new companies who may be in a similar place more traditional games firms were in a few years ago. While my primary interest in VR is seeing how in-game features can be affected, especially with the slow rise of VR ad networks, it’s clear that customer data—or just reversing the apps themselves—is also going to be a big deal.

The barrier to entry for VR development is lowering all the time, with reasonably priced “DIY” kits available online which allow anyone to start coding games. How many of those bedroom coders, who will no doubt release many of these projects with a price tag attached, will understand the complexities of securing both their games and their databases?

This is sadly likely to be the first of many such accidental VR data reveals. The only good news for the developer is that responsible individuals were the first to catch wind of this particular error, rather than someone up to no good. Of course, we’re only hoping they were the first. Realistically, we have no way of knowing if someone with mischief in mind has already figured it out.

Talk about a virtual catastrophe.

The post Plugging a virtual leak: insecure VR app exposes customer data appeared first on Malwarebytes Labs.

Powered by WPeMatico

Jan 26, 2018
Comments Off on Gartner recognizes Malwarebytes as a “Visionary” in the Magic Quadrant

Gartner recognizes Malwarebytes as a “Visionary” in the Magic Quadrant

I’m proud to announce that Gartner has recognized Malwarebytes as a “visionary” in the 2018 Gartner Magic Quadrant for Endpoint Protection Platforms. Malwarebytes was selected for its completeness of vision and ability to execute.

Our goal is to give every user a malware-free experience and empower them to navigate safely across devices at work and at home now and well into the future. With threats increasing in both size and scale, it’s clear that traditional solutions have been insufficient at protecting the endpoint. Enterprises are realizing the need to re-evaluate their approach to defending the endpoint and have come to Malwarebytes because of our demonstrated understanding of the threat landscape and execution toward a vision of a unified solution to manage the entire threat life cycle: protection, detection, and response.

The Gartner EPP MQ report notes that Malwarebytes offers strong protection capabilities at an attractive price point. As proof, organizations are deploying the full portfolio of Malwarebytes endpoint protection and remediation security software widely across their operations. During the past 12 months, Malwarebytes experienced a seven-fold increase of large enterprise customers.

10 years delivering best-in-class protection

Malwarebytes recently celebrated its 10-year anniversary. For over a decade, we’ve built exceptional trust with our customers, from consumer to enterprise. We’ve been asked to solve the toughest problems—to bail out infected endpoints—when all else had failed. And with that visibility and insight over the years, we’ve honed our craft and developed the most comprehensive protection for the endpoint. We call it Multi-Vector Protection (MVP).

The road to MVP began when we realized that no single approach could be effective against the plethora of techniques the attackers would be leveraging. Some would deliver payloads by exploiting vulnerabilities, others would conduct targeted spying campaigns in order to drop the most effective malware. Some got around all security barriers with the click of a malicious email attachment. We had to provide comprehensive protection by defending against those and a variety of other attack vectors. That’s why MVP features seven layers of threat detecting, blocking, and removing technology.

It’s this approach that enabled us to protect our customers against threats, such as the high-profile ransomware attacks that made headlines throughout 2017.

What’s next

Great technology and advanced features are for naught if they aren’t deployed or used properly. So a big focus here at Malwarebytes is to ensure that while we’re developing best-of-breed technologies, we’re also making them easy to use. Part of that includes keeping our customers aware of the latest developments in malware and in our products’ ability to protect against it. So while this is in an exciting moment for us here at Malwarebytes, there’s no resting on our laurels.

Stay tuned to learn more about our latest developments in the fight against cybercrime.

The post Gartner recognizes Malwarebytes as a “Visionary” in the Magic Quadrant appeared first on Malwarebytes Labs.

Powered by WPeMatico

Jan 25, 2018
Comments Off on Presenting: Malwarebytes Labs 2017 State of Malware Report

Presenting: Malwarebytes Labs 2017 State of Malware Report

2017 was a tumultuous year in politics, media, gender, race—and cybersecurity didn’t beat the rap. Last year was full of twists and turns in the cybercrime world, with major outbreaks, new infection methods, and the evolution of the cryptocurrency crime industry.

In aiming to make sense of the madness, we gathered information from our data science, research, and intel teams throughout the year, checking in on trends, the rise and fall of malware families, distribution methods, and more. What we came up with was a more complete picture of the 2017 threat landscape that showed us just how much can change in a year.

In our 2017 State of Malware report, we examined attack methods, malware developments, and distribution techniques used by cybercriminals over the last 12 months. We dove into the exponential increases of malware volume and severity year-over-year, as well as trends in high-impact threats, such as ransomware and cryptomining. Some of our key takeaways include:

Ransomware volume was up in 2017, but trending downward.

Ransomware detections were up 90 and 93 percent for businesses and consumers respectively in 2017, with several splashy outbreaks accounting for the majority of the increase in rates. However, development of new families and tactics for delivery slowed way down, especially in the last quarter of the year.

What they can’t hold for ransom, criminals will steal instead.

With ransomware slowly going out of favor, criminals pivoted to banking Trojans, spyware, and hijackers in 2017 to attack companies instead. We saw an increase of 40 percent in hijackers and 30 percent in spyware detections in 2017. The second half of the year also marked an average of 102 percent increase in banking Trojan detections.

Cryptomining is out of control.

Alongside a sudden cryptocurrency craze, bad actors have started utilizing cryptomining tools for their own profit, using victim system resources in the process. This includes compromised websites serving drive-by mining code, a significant increase of miners through malicious spam and exploit kit drops, and adware bundlers pushing miners instead of toolbars. By the end of 2017, basically anyone doing any kind of cybercrime was also likely dabbling in cryptomining.

In addition to looking back at 2017, we looked forward to 2018, analyzing current trends and pontificating on what they point to. We realize making predictions about cybercrime is a bit more art than science, but when we look back over years of patterns and data and experience, we can make some educated guesses about where we think this is all going. With that in mind, some of our 2018 predictions include:

A “slow” year for Internet of Things threats means more attacks in 2018.

Attackers spent a lot of time in 2017 developing new tools to take advantage of IoT with spam-spreading botnets and, likely, more DDoS attacks. It’s not farfetched to think we may see DDoS attacks against large organizations, like airline companies and power utilities, demanding a ransom to call off an army of botnet-infected IoT devices. But rather than encrypt files, the attacks will disrupt businesses and their operations until payment has been made.

Cryptocurrency mining fever will give birth to dangerous new threats.

Drive-by mining and skyrocketing values are driving interest in cryptomining from both users and criminals alike—to the point where retailers are now screening potential graphics card customers for miners. Faced with continued volatility, we are likely going to see an evolution of drive-by mining tools, new mining platforms (such as Android and IoT devices), and new forms of malware designed to mine and/or steal cryptocurrency.

To see our complete analysis of key developments in malware, the most interesting attack vectors of the year, predictions for 2018, and more, read:

the 2017 State of Malware report

The post Presenting: Malwarebytes Labs 2017 State of Malware Report appeared first on Malwarebytes Labs.

Powered by WPeMatico

Jan 23, 2018
Comments Off on Singapore government gets into the network defense game

Singapore government gets into the network defense game

There is a common assumption in the infosec community that enormous breaches like those at Equifax, Anthem, and Target are the new norm. That the next mega breach is simply a matter of time. This is because large companies loathe spending money on things that are not directly profitable like secure infrastructure or quality training for employees. Further, there isn’t really any external pressure on corporations to do better—so they won’t.

Some countries have recognized that these sorts of negative externalities cause significant public harm, and have sought to get ahead of the threat curve with cybersecurity legislation. Singapore currently has a comprehensive cybersecurity bill under consideration that is trying very hard to bring a bit of order to the wild west of technology threats. The bill is exhaustive in covering management of cyberthreats, so let’s look at what it does well and what it does not do well.

The good

  • Appoints a national CISO. US cyberdefenses frequently suffer from an unclear chain of command, as well as competing for agency priorities. The buck needs to stop somewhere to mount an effective defense.
  • Designates critical infrastructure. You cannot prioritize defenses for systems you aren’t looking at.
  • Duty to report. This is a big one. Often fearful of liability, stock impact, or impact to reputation, corporations will often sit on cyberattack disclosure for months—sometimes until an executive can sell his company’s stock. Removing any ambiguity on when and how to report breaches gets everyone on the same page.
  • Designates best standards and obliges companies to follow them. There’s currently no consistent, agreed-upon best cybersecurity practices for companies to follow.
  • Power to investigate and force remediation. In contrast to US defense contractors who handle critical infrastructure, were not obligated to report breaches until 2015, and to date have not lost any contracts due to loss of classified data, Singapore’s draft bill grants the authority for a cybersecurity officer to both investigate a critical infrastructure breach, and compel remediation along industry best practices.
  • Licenses infosec corps. While this could be a little iffy in the implementation, holding companies that audit critical infrastructure to an agreed-upon standard benefits everyone. Infrastructure owners know precisely what services they are paying for, cybersecurity officials can judge the impact of standardized services more accurately, and no one has to deal with a Norse Corp.

The not so good

  • Criminal sanctions for offenses. While seemingly a no-brainer, breaches are rarely due to a single individual’s malfeasance, and much more often the end result of a sick corporate process. A more effective deterrent would be fines leveled at the corporate level, and large enough to hurt. While an ineffective company can lose a handful of employees quite easily, they would feel the loss of a profit percentage much more acutely.
  • Secrecy. Many sections within the bill contain provisions for non-disclosure and corresponding fines and imprisonment for anyone speaking out about a breach in a non-approved way. From a governance perspective, this makes sense. Singapore is deriving their authority to monitor critical infrastructure by classifying breaches as a security threat, and a classic belief of governments is that one does not speak publicly of security threats. Network threats are different. Configurations and applications used by a shipping company can have significant overlap with those used at non-critical corporations. Transparency and information sharing not only pressure a breached company to demonstrate an adequate remediation but also offer lessons learned that can keep hundreds of less critical organizations safe. Sunlight and sharing are proven methods for defenders to propagate best solutions to everyone.

What does it mean?

Traditionally, information security has been viewed as the responsibility of individual companies, and not a particularly important one at that. Efforts of countries like Singapore to centralize cyberthreat defense and vulnerability remediation are an attempt to acknowledge the reality that breached infrastructure affects everyone. A hack might stay within an offshore drilling company, but the knock-on effects to shipping, trade, and the environment can create an impact on millions of citizens.

While the law has not traditionally been responsive to technology needs, that is gradually changing. With input from industry leaders and privacy advocates, technology law has the potential to change for our benefit.

Check out the full text of the bill here.

The post Singapore government gets into the network defense game appeared first on Malwarebytes Labs.

Powered by WPeMatico

Jan 23, 2018
Comments Off on “Who visits your Twitter profile” spam app brings week of chaos

“Who visits your Twitter profile” spam app brings week of chaos

Twitter spam has been around forever, and rogue apps asking for installs in return for a cool feature (to be more accurate, spamming your contacts) is a constant thorn in our Twittery sides. Over the weekend, we observed a new Twitter app doing the rounds and causing a lot of congestion on people’s timelines.

What is it?

We first noticed this when a number of my contacts using the #FBPE (follow back, pro Europe) hashtag to form networks and make new friends started spamming Tweets similar to the below:

hijacked contact Click to enlarge

The spam reads as follows:

Goooo!! Click for more information:

Who visits your Twitter profile

100% safe, 100% working

Click here, available for iOS and Android

Here’s another one:

another hijacked contact

Click to enlarge

Sign in and download this fantastic app – only available today

Regardless of the spam message used, all the tweets directed people to visit a website located at


How does it spread?

People click the link and are presented with the below website:

who visits?

Click to enlarge

There’s not a lot to do besides hitting the large “Connect with Twitter” button, and sure enough, doing just that will direct eager clickers to the app install page.

authorize recent visits?

Click to enlarge

It says:

Authorize Recent Visits 24H to use your account?

This application will be able to:

Read tweets from your timeline

See who you follow and follow new people

Update your profile

Find Tweets for you

Will not be able to:

Access your Direct Messages

See your email address

See your Twitter password

In other words, a fairly standard Twitter app permission list.

Tracking the spread

This could have been a bit of a disaster for those on the FBPE hashtag mentioned, which itself is being used to grow follower count and connect with like-minded individuals. Any app claiming to provide information about “profile views” in this situation could have resulted in an accelerated spread, though we doubt they were specifically targeted—it was spreading just fine elsewhere, as we’ll see.

Either way, those on the hashtag quickly figured out it was a scam and took steps to purge it:

app removed

One of the other primary drivers of these spam messages was the below message:

Touch the screen and enter the web – You can know who has visited your profile

This was still actually doing the rounds as of yesterday, with a little over 900 results in a simple browser search before it refused to load any more entries:

lots of spam

Click to enlarge

spam search

What damage can it do?

As with all things, that depends on the ultimate aim of the scammer. Some just want to spam their website; others will pop an advert or 12, and the worst of the bunch may try to have you download and run some malware. At the time of testing, all this seemed to do was promote the app across timelines and encourage more installs, so the main aggravation here is the knowledge that you installed something useless, and then started beaming said uselessness to all of your contacts. Not a great look, however you stack it.

How do I remove it?

Thankfully, this is an easy one to pull off. Head over to your Applications tab in Twitter via Settings and Privacy, and give your apps list a Spring clean:

app control

Click to enlarge

Some of the apps you may find there could be outdated or no longer updated; if that’s the case, remove them. You don’t want to end up in a situation such as this. Once you’re happy with the end result, simply save and go back to your homepage safe in the knowledge that you won’t be posting any more bad tweets (at least, not automated ones).


A similar number of campaigns were tracked and mapped out by Erin Gallagher, one of which was making use of the URL ultimasvisitass(dot)tk, with some amazing graphs mapped out across three days using Gephi, the open source visualization program. At the time of writing, some of the URLs in play don’t load and checkvisitss redirects to lasttvisitss(dot)tk which is fully functional and offering up an app install. All of the sites involved seem to be registered through a number of anonymous registration services so there’s no real way to figure out who’s behind this batch of app installs.

No matter how you come across these sites, we’d advise you not to bother giving these apps permission. The “See who visited you” routine has been around for years on Twitter and Tumblr, and going even further back to Myspace. In all cases, none of these things ever seem to work and only serve to annoy, spam ads, or offer surveys.

While it’s useful to find out who’s been on your page, it’s really not worth the effort involved in installing a spam app and alienating all of your visitors from wanting to interact with you.

Profile viewer apps offer much, but deliver little. Move your hand away from the Install button and go about your day. Your social media profile’s reputation will thank you for it.

The post “Who visits your Twitter profile” spam app brings week of chaos appeared first on Malwarebytes Labs.

Powered by WPeMatico

Jan 22, 2018
Comments Off on A week in security (January 15 – January 21)

A week in security (January 15 – January 21)

Last week on Labs, we gave you some background information about cookies, specifically which ones to worry about and why. We also warned you about scams surrounding the Mega Millions winner, who promised to donate his money to good causes.

We analyzed a cryptocurrency miner using a very old technique called Heaven’s Gate to make injections into 64-bit processes from 32-bit loaders. On top of that, we pointed out that there are Chrome and Firefox extensions using “forced installs” that hide from users and hijack browsers. And last but not least, we enticed you to think about some practical New Year’s resolutions related to cybersecurity and privacy.

Other news

  • Google acknowledged a known issue where a bug in the Cast software may incorrectly send a large amount of network traffic, which can slow down or temporarily impact Wi-Fi networks. (Source: Google Support)
  • Soon after, Google announced an update Android phones so an interaction with Chromecast video-streaming devices and Google Home smart speakers won’t whack your Wi-Fi. (Source: CNet)
  • A version of the Satori malware exploits one or more weaknesses in the Claymore Miner,  replacing the owner’s wallet address with an address controlled by the attacker. (Source: ArsTechnica)
  • BlackWallet, another site in the booming cryptocurrency wallet sector, lost their users’ cryptocurrency after what looks like a DNS hijacking attack. (Source: Naked Security)
  • Dark Caracal, a surveillance toolkit-for-hire, has been used to suck huge amounts of data from Androids and Windows desktop PCs around the world. (Source: The Register)
  • A British 15-year-old gained access to intelligence operations in Afghanistan and Iran by pretending to be the head of the CIA. (Source: The Telegraph UK)
  • OnePlus announced that up to 40,000 customers were affected by the security breach that caused the company to shut down credit card payments for its online store earlier this week. (Source: The Verge)]
  • The SamSam ransomware group seems to have gotten off to a “great” start in 2018, hitting several high-profile targets such as hospitals, a city council, and an ICS firm. (Source: Bleeping Computer)
  • GhostTeam adware can steal Facebook accounts and surreptitiously push ads. It was found on 53 apps on Google Play. (Source: Trendlabs)
  • A confusing drop-down menu was the cause of the false missile warning that scared Hawaii. (Source: The Washington Post)
  • Researchers have identified a powerful new Android malware strain called Skygofree capable of eavesdropping on WhatsApp messages and much more. (Source: Threatpost)
  • Lack of authentication was the culprit behind leaks of customer details in an adult VR application called SinVR. (Source: Digital Interruption)

Stay safe, everyone!

The post A week in security (January 15 – January 21) appeared first on Malwarebytes Labs.

Powered by WPeMatico


Location and hours

Txt/Email or CALL NOW to discuss your recovery plan.
Computer repair association logo