Pure Binary

You might have heard about the Kaspersky Lab, a leading antivirus developer, detected Koobface worms earlier this year. Now it has appeared again tiptoeing around the security filters and supposedly using Google’s websites for attack. When earlier this malicious program appeared it targeted the Facebook and MySpace users. It had two variants Net-Worm.Win32.Koobface.a. and Net-Worm.Win32.Koobface.b as detected by the Kaspersky Lab. Their method of infecting the computers was a classic one. They used to send images looking like lucrative YouTube video and when a user clicked on it, it redirected the page to some other site which asks the user to download the flash player or codec required to view the video which was actually the worm. Once it was downloaded it uses the PC as zombie computer to form botnets.

Now the similar worm is said to be back with a bang detected by the researchers at unified threat management vendor Fortinet. According to them this is the similar program to the Koobface worm and uses Google Reader and Picasa Web sites to spread. The worm works in same way as earlier i.e. attracting users to click on the fake video and pictures which downloads the Trojan programs. Earlier its spread was checked by MySpace and Facebook by blocking the attack websites. So this time they have hosted files that appear to be YouTube videos on Picasa and Google Reader. Once user gets to these pages they are asked to download the codec and other stuffs. Facebook is just used as a medium to send YouTube and Picasa links to the victims.

Since Facebook is the most popular social networking website and hence such worms can be devastating due to its reach to such huge number of computers. Facebook is currently working with Google to curb this spread and they are positive about the results so far. This attack can in fact happen to any social networking website. Hence if you are Facebook or MySpace or any such website user then please don’t click blindly to all the links you come across.

Tags: Security Issues, Tech News by Deepak
No Comments »

Clickjacking is the most recent kind of threat being experienced by the internet world. Not only the flaws of internet browsers but also the website flaws are responsible for the problem of Clickjacking. It would be easy to understand Clickjacking if you know about the phishing. Phishing is the technique used by malicious web programmers to trick web users to reveal their secret information such as passwords and credit card information on a fake and forged website. Clickjacking has made it worst because now you never know whether the website has some malicious script running in the background without your consent. Moreover, what would you do if there is a link to any malicious and forged website is invisible to you and your data is being leaked. usually there is no way to know for users that whether the Submit Button they clicked on performs the same function which you expect. Specifically  for unverified or unauthorized websites there is no good solution available. Though you should take care that you do not reveal your confidential information on any un-verified website. For instance, if you are going to do transaction using PayPal, then first you should confirm that there is an authorization icon of VeriSign Inc. in the browser’s URL bar. If it is not there then you are being trapped in phishing.

These flaws were recently discussed in recen OWASP conference, however looking to the seriousness of the matter nothing was disclosed. However, it was decided to inform vendors of web browsers to rectify the flwas. There is much more tough task ahead as it would take lots of time to correct the vulnerabilities in website platforms and the web browsers. But till then surf carefully and avoid clicking or visiting unknown websites which asks for your personal informations. You can install good web-antivirus such as McAfee and modern browsers like Firefox 3.x which warns you about malicious websites.

Tags: Security Issues by Deepak
No Comments »