The Computer Clarity Blog

Fewer than half of small and midsize businesses actively enforce social network security policies, finds Panda Security.

By Mathew J. Schwartz
Information Week

One-third of all small and midsize businesses (SMBs) have been infected by malware or viruses that spread via social networks — most often via Facebook, followed by YouTube and Twitter. As a result, 35% experienced a financial loss.

Those findings come from a survey, conducted by Panda Security, of 315 IT personnel who have responsibility for setting or enforcing network policies at companies with between 15 and 1,000 employees. None of the surveyed organizations used Panda’s products.

According to Sean-Paul Correll, a threat researcher at Panda Security, “social media is now ubiquitous among SMBs because of its many obvious business benefits, yet these tools don’t come without serious risks.”

For example, the survey found that social networks are responsible for a sizeable number of “human error” privacy violations. In fact, 23% of organizations reported losing sensitive data via social networks thanks to their employees. Facebook was the most typical social networking channel for privacy violations, followed by Twitter, YouTube, and LinkedIn.

Still, in this day and age, it’s nearly impossible for a business to not have a social networking presence. Indeed, the study found that 78% of businesses surveyed use social media tools, with businesses having active accounts most often with Facebook (70%), followed by Twitter (44%), YouTube (32%), and LinkedIn (23%). The social networks were most often used for personal use, but even so, roughly half of firms also used them for research, competitive intelligence, customer service, and marketing. About one-third also use them for sales purposes.

Furthermore, from a security standpoint, the news from the survey is far from bleak. “While a relatively high number of SMBs have been infected by malware from social sites, we were pleased to see that the majority of companies already have formal governance and education programs in place,” said Correll.

A majority — 64% — of SMBs have security education programs covering social networks. However, only 57% of SMBs currently have a security policy governing the use of social networking, and 81% of that group employs personnel to actively enforce those policies. This means that only 46% of organizations actively enforce social networking security policies.

Interestingly, 25% of SMBs simply block all social media during working hours through a gateway appliance (65%) and/or through a hosted web security service (45%). But during non-work hours, 69% of SMBs allow employees to use social networking tools on corporate computers.

Computer Clarity

While email attachments are a popular and convenient way to send documents, they are also a common source of viruses. Use caution when opening attachments, even if they appear to have been sent by someone you know.

Why can email attachments be dangerous?

Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:

• Email is easily circulated – Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don’t even require users to forward the email—they scan a users’ computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.
• Email programs try to address all users’ needs – Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send.
• Email programs offer many “user-friendly” features – Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.

What steps can you take to protect yourself and others in your address book?

• Be wary of unsolicited attachments, even from people you know
  • Just because an email message looks like it came from your mom, grandma, or boss doesn’t mean that it did. Many viruses can “spoof” the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it’s legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software in email.
• Keep software up to date
  • Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
• Trust your instincts
  • If an email or email attachment seems suspicious, don’t open it, even if your anti-virus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the anti-virus software might not have the signature. At the very least, contact the person who supposedly sent the message to make sure it’s legitimate before you open the attachment. However, especially in the case of forwards, even messages sent by a legitimate sender might contain a virus. If something about the email or the attachment makes you uncomfortable, there may be a good reason. Don’t let your curiosity put your computer at risk.
• Save and scan any attachments before opening them
  • If you have to open an attachment before you can verify the source, take the following steps:
    • Be sure the signatures in your anti-virus software are up to date.
    • Save the file to your computer or a disk.
    • Manually scan the file using your anti-virus software.
    • If the file is clean and doesn’t seem suspicious, go ahead and open it.
• Turn off the option to automatically download attachments
  • To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it.
• Consider creating separate accounts on your computer
  • Most operating systems give you the option of creating multiple user accounts with different privileges. Consider reading your email on an account with restricted privileges. Some viruses need “administrator” privileges to infect a computer.
• Apply additional security practices
  • You may be able to filter certain types of attachments through your email software or a firewall.

Computer Clarity

Trojan Horse Email

Trojan horse email offers the promise of something you might be interested in—an attachment containing a joke, a photograph, or a patch for software vulnerability. When opened, however, the attachment may do any or all of the following:

• create a security vulnerability on your computer
• open a secret “backdoor” to allow an attacker future illicit access to your computer
• install software that logs your keystrokes and sends the logs to an attacker, allowing the attacker to ferret out your passwords and other important information
• install software that monitors your online transactions and activities
• provide an attacker access to your files
• turn your computer into a “bot” an attacker can use to send spam, launch denial-of-service attacks, or spread the virus to other computers

What to Look For

Trojan horse emails have come in a variety of packages over the years. One of the most notorious was the “Love Bug” virus, attached to an email with the subject line “I Love You” and which asked the recipient to view the attached “love letter.” Other Trojan horse emails have included the following:

• email posing as virtual postcard
• email masquerading as security bulletin from a software vendor requesting the recipient apply an attached “patch”
• email with the subject line “funny” encouraging the recipient to view the attached “joke”
• email claiming to be from an antivirus vendor encouraging the recipient to install the attached “virus sweeper” free of charge

Computer Clarity

As has become tradition, PandaLabs, the anti-malware laboratory of Panda Security -The Cloud Security Company- has published its 2009 Virus Yearbook, reviewing the malicious codes that have appeared over the last 12 months and examining those that have stood out for one reason or another.
Rather than a ranking of the most widespread viruses, or those that have caused most infections, PandaLabs has selected those which, either for their use of social engineering or their visible effects on computers, stood out most last year. For this reason, some of the more well-known malicious codes (such as the Koobface virus) are absent from the list.

So here are the viruses we believe deserve a mention:

- The biggest headache. There can be no doubt that Conficker.C has been the most obnoxious virus over the last 12 months. It first appeared on December 31, 2008, and has spent the last year causing serious infections to companies and home users alike. The insidious and tenacious nature of this malicious code has earned it first place in our ranking.

- The Harry Potter of viruses. Although there is no reference to the world’s most popular fictional wizard, the on-screen messages Samal.A displays are all about magic. When it infects a computer, users will see the message “Ah ah you didn’t say the magic word” (see photo on Flickr), and the cursor then flickers waiting for users to enter a word. The truth is, it doesn’t matter what is entered, because after three attempts, the phrase “Samael has come. This the end” (see photo here), will be displayed and the computer is restarted.

- V for Vendetta. We still don’t know who is the real target of this vendetta, but DirDel.A wreaks vengeance on infected users, progressively replacing folders in different directories with copies of itself. The worm is carried in a file called Vendetta.exe with a typical Windows folder icon (see photo on Flickr).

- Plane nuisance. The Sinowal.VZR Trojan has infected thousands of computers under the guise of plane tickets supposedly purchased by the user (see photo on Flickr).

- The all-action virus. We are talking about Whizz.A. Once infected, computers will start emitting a series of beeps, the mouse pointer moves uncontrollably around the screen, the CD/DVD tray opens and closes, while the screen is ‘decorated’ with a row of bars like those in the image.

- The snooper. Waledac.AX ensnares its victims by claiming to offer a free application for reading SMS messages on anyone’s cell phone. Ideal for those that want to check up on their partners. Perhaps that’s why so many users fell victim to this intelligent virus.

- The most affectionate. BckPatcher.C tops this category, as it changes the desktop wallpaper to an image reading “virus kiss 2009” (see photo on Flickr. What a charmer!

- A touch of the sniffles. We couldn’t fail to mention here a couple of the viruses,WinVNC.A and Sinowal.WRN that used the widespread alarm surrounding swine flu to trick users and infect their systems.

- And the award for incompetent newcomer goes to… Ransom.K. This Trojan encrypts documents on infected computers, and then asks for a $100 ransom to release them. However its reator, probably lacking in experience, included a programming error which allows users to release the files with a simple key combination.

- The most deceitful. This year, the winner in this category is FakeWindows.A, which infects users by passing itself off as a license activation process for Windows XP.

- The party animal. Banbra.GMH arrives in an email promising photos of Brazilian parties (with dancing girls included)… Who could resist?

Computer Clarity

How Our Technicians Secure Your Computer with our Clarity Shield Services
In this video, I will demonstrate how our technicians protect your computers security
with our Clarity Shield Services.

Computer Clarity

Facebook is a favorite hunting ground for hackers. The vast pool of users offered by this popular social network and the ease with which accounts can be hacked make it a highly attractive channel for spreading malware. Such is the case with the latest variant of a well-known worm: Koobface.GK. The bait consists of a Christmas greetings video hosted on a YouTube page. On playing the video, or clicking a link on the page, users will download and install the worm. Image available here

When the virus is installed on a computer, the following image appears and if users fail to enter the corresponding ‘captcha’ (Completely Automated Public Turing test to tell Computers and Humans Apart), it threatens to reboot the computer within three minutes. When the three minutes are up, nothing happens, but the computer is rendered unusable. Every time the captcha text is entered, the worm registers a new domain where the video will be hosted in order to continue being distributed.

According to Luis Corrons, Technical Director of PandaLabs, “social networks have become one of the methods most frequently used by hackers to spread their creations, due to the false sense of security many users have regarding the content published on these networks. Users generally trust the messages and content they receive, and consequently hackers get a high level of response through these channels”.

Christmas: hackers’ favorite time of year

Internet users often send Christmas greetings to their family and friends over the Web. Infection figures are always high at this time of the year, as new viruses emerge that take advantage of this increased user activity.

Every Christmas we see new malware designed specifically for the festive season:

- MerryX.A appeared in 2005. It reached users’ computers in a Christmas greetings email with an attachment. It was really a Trojan designed to capture keystrokes and steal information. It managed to infect over 50,000 Internet users in only a week. More information

- Zafi.D. Although this worm appeared in 2002, it is still distributed through emails that use Christmas greetings as bait. It opens a port on the infected computer without users’ knowledge and downloads another Trojan.

- The Navidad (Christmas in Spanish) malware family has numerous variants. These astute worms appeared in 2007. They are difficult to detect because they reach computers as a reply to an email which has previously been sent to another (infected) recipient. The message includes the Navidad.exe file which infects computers when run.

Here are a few security tips from PandaLabs when using social networks:

1) Don’t click suspicious links from non-trusted sources. This should apply to messages received through Facebook, and through other social networks and even via email.

2) If you click on the links, check the target page. If you don’t recognize it, close your browser.

3) Even if you don’t see anything strange in the target page, but you are asked to download something, don’t accept.

4) If you do download or install an executable file and the PC starts to launch messages, there is probably malware on your computer.

5) As a general rule, make sure your computer is well protected, to ensure that you are not exposed to the risk of infection from any malicious code.

Computer Clarity

Computer malware is to the personal computer as AIDS is to the human immune system. Both conditions progressively reduce the effectiveness of each immune system while leaving the subject susceptible to subsequent opportunist infections. The computer’s immune system is its security software. The antivirus and firewall are the two most important components of your computers security, or immune system. Upon a successful infection, most of the common forms of malware today will immediately attack and disable the security software rendering your computer defenseless against the current infection and against other viruses that find your computer. Many viruses will even go out on the internet and invite other viruses to come into the computer too. This is part of the reason the computer slows down tremendously after a virus has found its way into your computer. One virus gets in, disables security, invites its buddies, and they all have a party in your hard drive with your processor and your information.

So, how does that first virus get in? If this antivirus is the immune system, why ain’t my computer immune? It is a very fair question. However, there are several answers.

First, many malicious programs are designed to look like something else. Some try to look like Windows Warming messages. Others try to look like an antivirus program. These two examples are like a fake police or security officer seeking entry into your house. They look official and if you let them in, that is when they will do their damage. Another example of a virus th at looks like something else comes to us in the form of “FREE” downloads: free music, videos, games, and software. Not all that is free is bad; but much of it is. But a simple search on Google will tell you what has happened to others who have downloaded it. If it legitimate, you will see websites telling you who makes it, what it does, and why it’s free. If it is bad, you will see ten thousand websites, blogs and tech forums all talking about how bad it is. In a heartbeat, you can know if it is ok to use or if you should run like you were being chased by a bunch of birds and swine with the flu. In all of these cases, the virus got in because the user invited it in. Like with a vampire, your invitation renders all of your defenses powerless.

The other way these viruses get into a computer is when the security system has failed. If the antivirus or firewall looses functionality or fails to update, the immune system is down and the computer is defenseless. Just as with AIDS (Acute Immune Deficiency Syndrome) if the computer’s immune system is deficient, it will get sick and, without serious attention, it will die.

Computer Clarity