Virus informático se propaga por Skype, alertan a usuarios


im a geek

Se ha lanzado una advertencia sobre un nuevo virus de Skype que ataca a las cuentas de usuario, según informes dados a conocer esta semana.

Skype atacado por nuevo malware

A través de mensajes enviando enlaces falsos de Internet, Skype sufre de una nueva amenaza, la cual ya está confirmado y se está trabajando en solucionar el problema.

Cómo puede apreciarse en la foto superior, el ataque de virus informático para Skype se transmite al dar click a un enlace que uno de los contactos envía, en donde se pregunta sobre una foto de perfil; no es la primera vez que una amenaza así ataca a los servicios de mensajería instantánea, pues en el momento que MSN estaba en su apogeo, los ataques de virus y spyware eran comúnmente propagados por este medio. Leer más “Virus informático se propaga por Skype, alertan a usuarios”

Anuncios

Common WordPress Malware Infections – wp.smashingmagazine.com


Smashing Magazine

>By  | wp.smashingmagazine.com

WordPress security is serious business. Exploits of vulnerabilities in WordPress’ architecture have led to mass compromises of servers through cross-site contamination. WordPress’ extensibility increases its vulnerability; plugins and themes house flawed logic, loopholes, Easter eggs, backdoors and a slew of other issues. Firing up your computer to find that you’re supporting a random cause or selling Viagra can be devastating. WordPress Security

In WordPress’ core, all security issues are quickly addressed; the WordPress team is focused on strictly maintaining the integrity of the application. The same, however, cannot be said for all plugins and themes.

The focus of this post is not to add to the overwhelming number of WordPress security or WordPress hardening posts that you see floating around the Web. Rather, we’ll provide more context about the things you need to protect yourself from. What hacks are WordPress users particularly vulnerable to? How do they get in? What do they do to a WordPress website? In this lengthy article, we’ll cover backdoorsdrive-by downloadspharma hack and malicious redirects. Please notice that some anti-virus apps report this article as malware, probably because it contains examples of the code that should be avoided. This article does not contain any malware itself, so the alert must be based on heuristic analysis.

Over the past two years, Web malware has grown around 140%. At the same time, WordPress has exploded in popularity as a blogging platform and CMS, powering close to 17% of websites today. But that popularity comes at a price; it makes WordPress a target for Web-based malware. Why? Simple: its reach provides the opportunity for maximum impact. Sure, popularity is a good thing, but it also makes us WordPress users vulnerable.

(Smashing’s side note: Have you already bought the Smashing Book #3? The book introduces the latest practical techniques and a whole new mindset for progressive Web design. Get your book today!)

A Bit About Our Security Expert: Meet Tony

Lacking the technical knowledge needed to go into great depth, I brought on board a co-author to help me out. Bringing the technical information is Tony Perez, Chief Operations and Financial Officer of Sucuri Security. Sucuri Security provides detection, alerting and remediation services to combat Web-based malware. In other words, it works on websites that have been compromised. This means that Tony has the background, statistics and, most importantly, knowledge to go really in depth on malware issues that affect WordPress users.

I asked Tony how he got into Web security:

Tony

“I think it goes back to 2009. I was managing and architecting large-scale enterprise solutions for Department of Defense (DoD) clients and traveling the world. In the process, there was a little thing called compliance with the Security Technical Implementation Guide (STIG), set forth by the Defense Information Systems Agency (DISA). I know, a mouthful, but it’s how we did things in the DoD; if it didn’t have an acronym, it didn’t belong.

That being said, it wasn’t until I joined Dre and Daniel at Sucuri Security, in early 2011, that I really began to get what I consider to be any resemblance of InfoSec chops.”

Armed with Tony’s technical knowledge, we’ll look at the main issues that affect WordPress users today. But before we get into details, let’s look at some of the reasons why WordPress users might be vulnerable.

What Makes WordPress Vulnerable?

Here’s the simple answer. Old versions of WordPress, along with theme and plugin vulnerabilities, multiplied by the CMS’ popularity, with the end user thrown into the mix, make for a vulnerable website.

Let’s break that down.

The first issue is outdated versions of WordPress. Whenever a new WordPress version is released, users get a nagging message, but plenty of users have gotten pretty good at ignoring the nag. Core vulnerabilities in themselves are rarely an issue. They do exist; proof can be found in the most recent 3.3.3 and 3.4.1 releases. WordPress’ core team has gotten pretty good at rolling out security patches quickly and efficiently, so the risk of exploitation is minimal, provided that WordPress users update their installation. This, unfortunately, is the crux of the problem:WordPress users ignore the message. And it’s not just inexperienced and casual WordPress users who aren’t updating. A recent high-profile hack was of the Reuters website, which was running version 3.1.1 instead of the current 3.4.1.

Vulnerabilities in plugins and themes is another issue. The WordPress repository has 20,000 plugins and is growing. The plugins are of varying quality; some of them inevitably have security loopholes, while others are outdated. On top of that, consider all of the themes and plugins outside of the repository, including commercial products that are distributed for free on Warez websites and come packed with malware. Google is our favorite search engine, but it’s not so hot for finding quality WordPress themes.

Then, there’s popularity. WordPress is popular, without a doubt. Around 700 million websites were recorded as using WordPress in May of this year. This popularity means that if a hacker can find a way into one WordPress website, they have potentially millions of websites for a playground. They don’t need to hack websites that use the current version of WordPress; they can scan for websites that use old insecure versions and hack those.

Finally and most significantly, the biggest obstacle facing WordPress users is themselves. Tony in his own words:

“For whatever reason, there is this perception among WordPress users that the hardest part of the job was paying someone to build the website and that once its built, that’s it, it’s done, no further action required. Maybe that was the case seven years ago, but not today.

WordPress’ ease of use is awesome, but I think it provides a false sense of assurances to end users and developers alike. I think, though, this perception is starting to change.”

Leer más “Common WordPress Malware Infections – wp.smashingmagazine.com”

How to avoid a bad QR code


QR Code Press | http://bit.ly/JvPCqa
QR Code Security

Not all forms of quick response code are friendly, so you need to learn smartphone security.

Though they may be fun to use, scanning a quick response code could put your device at risk, so make sure that you learn a few important tips in smartphone security to help to keep malicious software away.

QR code security is just a matter of a little common sense and well applied paranoia.

Knowing how to avoid a bad QR code can save your device and your privacy, regardless of what operating system it uses, from Android to iOS. The malicious software that is currently out there is designed to attack most of the major devices available.

The problem with QR code security is that it’s impossible to tell where scanning it will lead. Leer más “How to avoid a bad QR code”

¿Por qué los cibercriminales adoran a Android?

Boom malware móvil

Los cibercriminales están cada vez más interesados en el mundo de la telefonía inteligente como destino de sus ataques: el número de amenazas contra dispositivos móviles se multiplicó en 2011 en 6,4 veces. El malware móvil está viviendo un auténtico boom. Para muestra un botón: en diciembre de 2011, Kaspersky identificó y fichó a más programas maliciosos móviles que el total de los indexados en sus bases de datos entre 2004 y 2010.El negocio del software malicioso para móviles es bastante rentable. ¿Cuánto puede ganar un cibercriminal que se dedique a este mercado? La apuesta por esta segmentación le sale a entre 1.500 a 4.000 euros al día, que es la horquilla en la que se mueven los ingresos de los cibercacos móviles según estimaciones de Kaspesrky. Si tenemos en cuenta que la media de día laborables de un mes es de 22 jornadas, una rápida multiplicación nos puede descubrir a cuánto sale dedicarse a la industria del mal: entre 33.000 y 88.000 euros al mes podrían sacarse los cibercriminales que optasen por descansar cada fin de semana.


Raquel C. Pico | http://www.ticbeat.com
Los cibercriminales adoran a Android: las cifras al menos así lo demuestran.

El malware para ese sistema operativo móvil no ha parado de crecer (y a un ritmo de vértigo) mientras que su archienemigo, iOS, se mantiene fuera del centro de interés de los cacos de la red. Lacreciente popularidad del SO móvil y la mayor sencillez para colar aplicaciones maliciosas son algunas de las androidvirusrazones por las que los ciberdelincuentes se han centrado en el sistema operativo de Google.Durante 2011, los ciberataques que tuvieron como objetivo Android crecieron un 200%, según estimaciones de Kaspersky, que acaba de publicar su Informe de Virología Móvil para 2011 y sus previsiones de hacia donde irá el mercado del mal en 2012.

No sólo crecieron los ataques contra Android sino también su peso como SO más atacado: el 75% de los virus para smartphones registrados durante 2011 tenían como objetivo el SO de Google. El resto se lo repartían Symbian y Windows Phone, con apenas incidencias de seguridad en el caso de iOS.

La presencia de una aplicación en el Android Market – ahora rebautizado como Google Play -no supone además una garantía de seguridad, como si sucede en otras stores de aplicaciones. Como recuerdan desde Kaspersky, el primer caso de software malicioso en la tienda de aplicaciones de Android se registró en marzo de 2011 y desde entonces no han parado.Desde esa primera app maliciosa que llegó y triunfó desde dentro, otras han seguido su estela. Según Kaspersky, el malware no se propaga en horas, sino que su vida activa en la tienda de aplicaciones puede durar semanas y hasta meses.

Boom malware móvil (Infografía) Leer más “¿Por qué los cibercriminales adoran a Android?”

Warning: Fake LinkedIn Spam Can Steal Your Bank Passwords

Bogus LinkedIn emails can infect your computer with ZeuS, a password-stealing Trojan. I know, because it just happened to me.

By Dan Tynan, ITworld

Warning: Fake LinkedIn Spam Can Steal Your Bank PasswordsI feel like a complete idiot. I just got taken by a LinkedIn spam that may have just stolen my banking password.

This is not the first time I’ve been an idiot or clicked on something I shouldn’t. But this one could be really bad for me.

Today, spammers using fake Linked-In invitations attacked the Net in a massive way. How massive? According to Cisco Security, at one point today nearly 1 in 4 spam messages was a Fake LinkedIn invite.

Linked-In spam is nothing new — I wrote about it just last month– but this attack was particularly nasty, because it can embed password-stealing malware into your browser without you realizing it.

[ See also: Yes, Mr. Zuckerberg, we do care about privacy ]

My story: I saw several LinkedIn invites in my Gmail spam folder, and stupidly opened one of them inside Google Chrome. I even saw that the links inside the email were not to LinkedIn but to some oddly named third-party site. But curious about what would happen (and stupidly confident that my Kaspersky anti-malware software would protect me), I clicked it. My browser started to launch a new site, then quickly redirected to my home page.

Weird, I thought. I tried it again. Same thing happened. I figured that whatever site it was driving me toward had already been taken down by one of the anti-malware orgs like StopBadware.com, and thought nothing more about it.

A couple of hours later I logged into my banking site to check on my account. No big deal.

An hour after that I received the following email from Cisco Security:


Bogus LinkedIn emails can infect your computer with ZeuS, a password-stealing Trojan. I know, because it just happened to me.

By Dan Tynan, ITworld

Warning: Fake LinkedIn Spam Can Steal Your Bank PasswordsI feel like a complete idiot. I just got taken by a LinkedIn spam that may have just stolen my banking password.

This is not the first time I’ve been an idiot or clicked on something I shouldn’t. But this one could be really bad for me.

Today, spammers using fake Linked-In invitations attacked the Net in a massive way. How massive? According to Cisco Security, at one point today nearly 1 in 4 spam messages was a Fake LinkedIn invite.

Linked-In spam is nothing new — I wrote about it just last month— but this attack was particularly nasty, because it can embed password-stealing malware into your browser without you realizing it.

[ See also: Yes, Mr. Zuckerberg, we do care about privacy ]

My story: I saw several LinkedIn invites in my Gmail spam folder, and stupidly opened one of them inside Google Chrome. I even saw that the links inside the email were not to LinkedIn but to some oddly named third-party site. But curious about what would happen (and stupidly confident that my Kaspersky anti-malware software would protect me), I clicked it. My browser started to launch a new site, then quickly redirected to my home page.

Weird, I thought. I tried it again. Same thing happened. I figured that whatever site it was driving me toward had already been taken down by one of the anti-malware orgs like StopBadware.com, and thought nothing more about it.

A couple of hours later I logged into my banking site to check on my account. No big deal.

An hour after that I received the following email from Cisco Security: Leer más “Warning: Fake LinkedIn Spam Can Steal Your Bank Passwords”

Security 360 Free, programa AV gratuito

Nuevamente te presentamos otra opción de software gratis, se trata del Security 360 Free. Tal como su nombre lo indica, ofrece seguridad en todo aspecto de nuestro ordenador, y gratis.

Security 360 Free es una utilidad antivirus gratis

Esta utilidad nos ofrece protección en contra de todo tipo de malware y spyware. Troyanos, virus, keyloggers, gusanos, bots, hijackers, adware y muchos más, todo en tiempo real. Además ofrece una poderosa y sencilla herramienta de eliminación.

Es ligero, no sólo el instalador (9.57 MB), sino también en ejecución. No es intrusivo, como algunos que lanzan ventanas o tooltips en la barra de inicio rápido a cada rato, o algunos otros que informan de actualizaciones exitosas con voz. Su interfaz es bastante amigable, la mayoría de las utilidades no están a más de un click de distancia, como las actualizaciones, escaneo y cuarentena.


Autor: Misael Aguilar

Nuevamente te presentamos otra opción de software gratis, se trata del Security 360 Free. Tal como su nombre lo indica, ofrece seguridad en todo aspecto de nuestro ordenador, y gratis.

Security 360 Free es una utilidad antivirus gratis

Esta utilidad nos ofrece protección en contra de todo tipo de malware y spyware. Troyanos, virus, keyloggers, gusanos, bots, hijackers, adware y muchos más, todo en tiempo real. Además ofrece una poderosa y sencilla herramienta de eliminación.

Es ligero, no sólo el instalador (9.57 MB), sino también en ejecución. No es intrusivo, como algunos que lanzan ventanas o tooltips en la barra de inicio rápido a cada rato, o algunos otros que informan de actualizaciones exitosas con voz. Su interfaz es bastante amigable, la mayoría de las utilidades no están a más de un click de distancia, como las actualizaciones, escaneo y cuarentena. Leer más “Security 360 Free, programa AV gratuito”

Malware Infection Hits Russian Android Phones

Lookout, a security company specializing in mobile antivirus software, said in a blog post that the malicious program was the first Trojan horse developed exclusively for the Android platform. But it said the program would not affect Android phone users outside of Russian cell networks.

Security experts also noted that the infected application was not available in the Android Marketplace, the store used to download applications for the Android platform. Phone owners must explicitly change a setting on their phone to permit the installation of non-Marketplace applications.

Jay Nancarrow, a Google spokesman, said Android applications must get permission from the user before doing things like sending text messages or making phone calls.

“We consistently advise users to only install apps they trust,” Mr. Nancarrow said in a statement. “In particular, users should exercise caution when installing applications outside of Android Market.”


By NICK BILTON

Kim White/Bloomberg

Google Android Platform

The adage “Be careful what you wish for” has a modern-day counterpart: “Be careful what you download.” Especially on your mobile phone.

On Tuesday several mobile security companies were analyzing a Trojan horse that appeared on phones running Google’s Android software in Russia. Leer más “Malware Infection Hits Russian Android Phones”