ComputerSecure Blog

photo credit: Zesmerelda

…are Very Nasty Trojan Horses.

What are these Trojans?

First, from Wikipedia:
‘Torpig, also known as Sinowal and Mebroot, is a type of Trojan horse which can affect computers using Microsoft Windows as their operating system. Torpig turns off anti-virus applications, allows others to access the computer, modifies data on the computer, steals confidential information (such as user passwords) and installs more malware on the victim’s computer. As of November 2008 it has been responsible for stealing the details of about 500,000 online bank accounts and credit and debit cards and is described as “one of the most advanced pieces of crimeware ever created”.’

That’s all from there. Just scratching the surface really.
The quote, by the way, “one of the most advanced pieces of crimeware ever created”, seems to come from a spokesperson at security company RSA, UK.

How nasty are they? Very. See this article at the BBC.

I mentioned these trojans in a previous post.

Then I began to think about readers here: they will want to know whether their PC is infected, and if so, what to do about it.

Are you infected with Torpig, Sinowal or Mebroot?

Firstly: if you DO have one of these trojans your PC is NOT SECURE. Do not do any banking, shopping or anything that involves using your passwords or private information.

This malware puts you at risk of identity theft. Here is some advice about what to do if you think you might have become a victim of identity theft.

How to Detect Torpig, Sinowal or Mebroot

The following programs seem to be able to reliably detect the presence of these trojans.

1. SpyBotS&D

Judging from various reports, I believe SpyBot, the free spyware tool, will tell you if you are infected.
That’s SpyBot-Search and Destroy aka ‘SpyBotS&D’.

SpyBot is free: you can download it from the link on our page.

2. Free online virus scan fom Kaspersky.

Also, Kaspersky Lab’s free online scan should detect these trojans.
This a thorough scan, performed via your internet connection, and will probably take some time.

3. A free trial of Kaspersky Anti-Virus.

Also, you could download the free trial of Kaspersky Anti-Virus.

In some countries outside the USA links to free trials may not operate as expected: if so, download the free trial of Kaspersky Anti-Virus 2009 from us here.

4. The free version of avast! antivirus.

See the link on our main anti-virus page.

5. Malwarebytes’ Anti-Malware

This is free to download and use. No payment is required unless you want to activate extra features later.
I don’t know to what extent Malwarebytes’ Anti-Malware can always detect Torpig, Sinowal and Mebroot. However, as you can see on this CastleCops thread about Mebroot help, the expert there definitely wanted to see what the Malwarebytes Anti-Malware scans reported about trojans and malware on the user’s system.

Remember, the worst trojans are often ‘combined threat’ malware: there is every chance that, once they have made their nest in your system, they will try to download more virus and spyware programs onto your PC. That alone is enough of a reason to have a quality tool like this that can check for malware on your PC.

You can download Malwarebytes Anti-Malware here. (The blue ‘Download’ button is the free version.)

Some important points to note about these trojans.

• These trojans like to hide: not every security program will find them.

• These trojans may attempt to turn off security software you have installed.

• These trojans have a reputation for coming back even after you have taken steps to remove them. (That’s what a rootkit can do to you.)

There might be variations an the exact names of the trojans, e.g. one is “Backdoor.Win32.Sinowal.ce”.

Now I hope to goodness you are not infected with any of these trojans.

But what if you are infected?

Firstly, remember that a main role of anti-virus and security software is to prevent this kind of thing from ever getting onto your PC. It is a lot easier to keep these things out than it is to repair a compromised system.

(more…)

photo credit: problemboard

I saw it, out of the corner my eye, on the TV news.
Then I saw it in the Washington Post. (Links are below.)
A web hosting company has been cut off. A company that (allegedly - nothing proved in court yet) has been helping to send millions of spam emails.
You will see, if you read the article, that some spam ‘watchdogs’ estimated that about 75% of all the current spam was connected to this company.
“Researchers have found that on any given day, about half of all spam sent through the top botnets are ads for male enhancement products and other knockoff designer drugs…”
Ah yes, I know the ones. I get those spams.
Flavour of the year for 2008 has been the suggestion that I might do better in “the bed games” or get help with my “men’s libido”.
Personally, I don’t like to filter spam emails. I prefer to get them all and read them all. That way I get an impression about how many there are, what they are trying to do and how they mean to do it.

Why worry about spam?

So we get some spam emails. That shouldn’t worry us too much. Should it?
What we should worry about is all the other associated nastiness, like botnets and Trojans.
Why? See our easy glossary of computer security terms - referring to botnets and zombies.
What is a Botnet?
What is a Zombie Computer?
In a nutshell, the spammers seem to find that it is a simple matter to invade and control the computers of other people such as users of the web, users of email, chat, social sites etc.
How do they DO that? With Trojans of course.
What’s a Trojan? See our page about viruses, worms and trojan horses.
The Washington Post article says: “…cyber criminals… push out new versions of the “Torpig,” or “Sinowal” Trojan horse program, which is widely considered one of the stealthiest and most sophisticated families of malicious software in existence today.”
And “…a single cyber crime group has used the Torpig Trojan to steal more than a half million bank, credit and debit card accounts from infected PCs over the past two-and-a-half years.”

(more…)

Well how about that: There is A Month for computer security.

StaySafeOnline.org has declared October to be the month of cyber security.
I am happy to send some link-love to people who fill up web sites with helpful information about keeping safe online.

Also they produced this handy article that sums up the basics for staying safe on the internet.
Here it is: I have added links to relevant pages on computersecure.net.

Top Ten Ways to Stay Safe Online

The Internet is supposed to make our lives better, and for most of us, that’s exactly what it does. But the Internet has a dark side, and unless we take the proper precautions, this wonderful tool can end up causing us more harm than good.

October is National Cyber Security Awareness Month, and it’s a good time to take a hard look how our online behaviors may be putting us in harm’s way.

You don’t have to be a computer genius to protect yourself online and you don’t have to spend a lot of money. By following a few common sense tips, you can make the most out of your Internet experience, while protecting you and your family from online threats.

1) Protect your computer:

The best thing you can do to keep the bad guys out of your computer is to use three inexpensive technologies: anti-virus software, anti-spyware software and a firewall. Some security companies provide all three in one easy-to-use package.

2) Protect your identity:

On the Internet, your personal data (social security number, birth date, etc.) is extremely valuable and can be used against you. Keep it protected.

See information on this site about identity theft.

(more…)

photo credit: The Jamoker

by Jim DeSantis

Identity theft is one of the fastest growing crimes in America. Every day thousands of people suffer immediate financial hardship and long-term difficulty because their personal information has been compromised. But there are free steps you can take to protect yourself.

For the seventh straight year, the Federal Trade Commission says identity theft is the largest consumer complaint and the fastest growing crime in America. In 2007, the FBI reported that identity theft affected 9.91 million Americans. There are probably many more cases that went unreported. It accounted for $52,600,000,000 (billion) in losses in 2007.

In a way we can thank the U.S. Congress for the increase in identity theft. Congressionally-mandated use of the Social Security number as an identifier facilitates the horrendous crime of identity theft. Thanks to Congress, an unscrupulous person may simply obtain someone’s Social Security number in order to access that person’s bank accounts, credit cards, and other financial assets. Many Americans have lost their life savings and had their credit destroyed as a result of identity theft. Yet the federal government continues to encourage such crimes by mandating use of the Social Security number as a uniform ID!

(more…)

photo credit: gruntzooki

by Paul McIndoe

More Details at: http://www.barclays.co.uk/online-saving.html

April 2008 saw the arrival of the Infosec Show in London, where top IT security companies came together to discuss the hot topics in the information security industry. One of the hottest of the hot topics discussed at the 2008 show was the increase in phishing (or Internet fraud) and related fraud attacks over the previous year. Mark Bowerman, spokesperson for card payment agency Apacs, said that the Internet provided an extra area for fraud scams and warned that if people weren’t careful, they could potentially become victims of credit card and other types of fraud and identity theft.

Bowerman also reflected, however, that despite warnings over the security risks inherent in Internet shopping and Internet banking in particular, the number of people banking online was increasing - proving that, for many people, the benefits of managing your finances through the Internet were clearly outweighing the risks.
(more…)