Virus informático se propaga por Skype, alertan a usuarios


im a geek

Se ha lanzado una advertencia sobre un nuevo virus de Skype que ataca a las cuentas de usuario, según informes dados a conocer esta semana.

Skype atacado por nuevo malware

A través de mensajes enviando enlaces falsos de Internet, Skype sufre de una nueva amenaza, la cual ya está confirmado y se está trabajando en solucionar el problema.

Cómo puede apreciarse en la foto superior, el ataque de virus informático para Skype se transmite al dar click a un enlace que uno de los contactos envía, en donde se pregunta sobre una foto de perfil; no es la primera vez que una amenaza así ataca a los servicios de mensajería instantánea, pues en el momento que MSN estaba en su apogeo, los ataques de virus y spyware eran comúnmente propagados por este medio. Leer más “Virus informático se propaga por Skype, alertan a usuarios”

Common WordPress Malware Infections – wp.smashingmagazine.com


Smashing Magazine

>By  | wp.smashingmagazine.com

WordPress security is serious business. Exploits of vulnerabilities in WordPress’ architecture have led to mass compromises of servers through cross-site contamination. WordPress’ extensibility increases its vulnerability; plugins and themes house flawed logic, loopholes, Easter eggs, backdoors and a slew of other issues. Firing up your computer to find that you’re supporting a random cause or selling Viagra can be devastating. WordPress Security

In WordPress’ core, all security issues are quickly addressed; the WordPress team is focused on strictly maintaining the integrity of the application. The same, however, cannot be said for all plugins and themes.

The focus of this post is not to add to the overwhelming number of WordPress security or WordPress hardening posts that you see floating around the Web. Rather, we’ll provide more context about the things you need to protect yourself from. What hacks are WordPress users particularly vulnerable to? How do they get in? What do they do to a WordPress website? In this lengthy article, we’ll cover backdoorsdrive-by downloadspharma hack and malicious redirects. Please notice that some anti-virus apps report this article as malware, probably because it contains examples of the code that should be avoided. This article does not contain any malware itself, so the alert must be based on heuristic analysis.

Over the past two years, Web malware has grown around 140%. At the same time, WordPress has exploded in popularity as a blogging platform and CMS, powering close to 17% of websites today. But that popularity comes at a price; it makes WordPress a target for Web-based malware. Why? Simple: its reach provides the opportunity for maximum impact. Sure, popularity is a good thing, but it also makes us WordPress users vulnerable.

(Smashing’s side note: Have you already bought the Smashing Book #3? The book introduces the latest practical techniques and a whole new mindset for progressive Web design. Get your book today!)

A Bit About Our Security Expert: Meet Tony

Lacking the technical knowledge needed to go into great depth, I brought on board a co-author to help me out. Bringing the technical information is Tony Perez, Chief Operations and Financial Officer of Sucuri Security. Sucuri Security provides detection, alerting and remediation services to combat Web-based malware. In other words, it works on websites that have been compromised. This means that Tony has the background, statistics and, most importantly, knowledge to go really in depth on malware issues that affect WordPress users.

I asked Tony how he got into Web security:

Tony

“I think it goes back to 2009. I was managing and architecting large-scale enterprise solutions for Department of Defense (DoD) clients and traveling the world. In the process, there was a little thing called compliance with the Security Technical Implementation Guide (STIG), set forth by the Defense Information Systems Agency (DISA). I know, a mouthful, but it’s how we did things in the DoD; if it didn’t have an acronym, it didn’t belong.

That being said, it wasn’t until I joined Dre and Daniel at Sucuri Security, in early 2011, that I really began to get what I consider to be any resemblance of InfoSec chops.”

Armed with Tony’s technical knowledge, we’ll look at the main issues that affect WordPress users today. But before we get into details, let’s look at some of the reasons why WordPress users might be vulnerable.

What Makes WordPress Vulnerable?

Here’s the simple answer. Old versions of WordPress, along with theme and plugin vulnerabilities, multiplied by the CMS’ popularity, with the end user thrown into the mix, make for a vulnerable website.

Let’s break that down.

The first issue is outdated versions of WordPress. Whenever a new WordPress version is released, users get a nagging message, but plenty of users have gotten pretty good at ignoring the nag. Core vulnerabilities in themselves are rarely an issue. They do exist; proof can be found in the most recent 3.3.3 and 3.4.1 releases. WordPress’ core team has gotten pretty good at rolling out security patches quickly and efficiently, so the risk of exploitation is minimal, provided that WordPress users update their installation. This, unfortunately, is the crux of the problem:WordPress users ignore the message. And it’s not just inexperienced and casual WordPress users who aren’t updating. A recent high-profile hack was of the Reuters website, which was running version 3.1.1 instead of the current 3.4.1.

Vulnerabilities in plugins and themes is another issue. The WordPress repository has 20,000 plugins and is growing. The plugins are of varying quality; some of them inevitably have security loopholes, while others are outdated. On top of that, consider all of the themes and plugins outside of the repository, including commercial products that are distributed for free on Warez websites and come packed with malware. Google is our favorite search engine, but it’s not so hot for finding quality WordPress themes.

Then, there’s popularity. WordPress is popular, without a doubt. Around 700 million websites were recorded as using WordPress in May of this year. This popularity means that if a hacker can find a way into one WordPress website, they have potentially millions of websites for a playground. They don’t need to hack websites that use the current version of WordPress; they can scan for websites that use old insecure versions and hack those.

Finally and most significantly, the biggest obstacle facing WordPress users is themselves. Tony in his own words:

“For whatever reason, there is this perception among WordPress users that the hardest part of the job was paying someone to build the website and that once its built, that’s it, it’s done, no further action required. Maybe that was the case seven years ago, but not today.

WordPress’ ease of use is awesome, but I think it provides a false sense of assurances to end users and developers alike. I think, though, this perception is starting to change.”

Leer más “Common WordPress Malware Infections – wp.smashingmagazine.com”

How to avoid a bad QR code


QR Code Press | http://bit.ly/JvPCqa
QR Code Security

Not all forms of quick response code are friendly, so you need to learn smartphone security.

Though they may be fun to use, scanning a quick response code could put your device at risk, so make sure that you learn a few important tips in smartphone security to help to keep malicious software away.

QR code security is just a matter of a little common sense and well applied paranoia.

Knowing how to avoid a bad QR code can save your device and your privacy, regardless of what operating system it uses, from Android to iOS. The malicious software that is currently out there is designed to attack most of the major devices available.

The problem with QR code security is that it’s impossible to tell where scanning it will lead. Leer más “How to avoid a bad QR code”

¿Por qué los cibercriminales adoran a Android?

Boom malware móvil

Los cibercriminales están cada vez más interesados en el mundo de la telefonía inteligente como destino de sus ataques: el número de amenazas contra dispositivos móviles se multiplicó en 2011 en 6,4 veces. El malware móvil está viviendo un auténtico boom. Para muestra un botón: en diciembre de 2011, Kaspersky identificó y fichó a más programas maliciosos móviles que el total de los indexados en sus bases de datos entre 2004 y 2010.El negocio del software malicioso para móviles es bastante rentable. ¿Cuánto puede ganar un cibercriminal que se dedique a este mercado? La apuesta por esta segmentación le sale a entre 1.500 a 4.000 euros al día, que es la horquilla en la que se mueven los ingresos de los cibercacos móviles según estimaciones de Kaspesrky. Si tenemos en cuenta que la media de día laborables de un mes es de 22 jornadas, una rápida multiplicación nos puede descubrir a cuánto sale dedicarse a la industria del mal: entre 33.000 y 88.000 euros al mes podrían sacarse los cibercriminales que optasen por descansar cada fin de semana.


Raquel C. Pico | http://www.ticbeat.com
Los cibercriminales adoran a Android: las cifras al menos así lo demuestran.

El malware para ese sistema operativo móvil no ha parado de crecer (y a un ritmo de vértigo) mientras que su archienemigo, iOS, se mantiene fuera del centro de interés de los cacos de la red. Lacreciente popularidad del SO móvil y la mayor sencillez para colar aplicaciones maliciosas son algunas de las androidvirusrazones por las que los ciberdelincuentes se han centrado en el sistema operativo de Google.Durante 2011, los ciberataques que tuvieron como objetivo Android crecieron un 200%, según estimaciones de Kaspersky, que acaba de publicar su Informe de Virología Móvil para 2011 y sus previsiones de hacia donde irá el mercado del mal en 2012.

No sólo crecieron los ataques contra Android sino también su peso como SO más atacado: el 75% de los virus para smartphones registrados durante 2011 tenían como objetivo el SO de Google. El resto se lo repartían Symbian y Windows Phone, con apenas incidencias de seguridad en el caso de iOS.

La presencia de una aplicación en el Android Market – ahora rebautizado como Google Play -no supone además una garantía de seguridad, como si sucede en otras stores de aplicaciones. Como recuerdan desde Kaspersky, el primer caso de software malicioso en la tienda de aplicaciones de Android se registró en marzo de 2011 y desde entonces no han parado.Desde esa primera app maliciosa que llegó y triunfó desde dentro, otras han seguido su estela. Según Kaspersky, el malware no se propaga en horas, sino que su vida activa en la tienda de aplicaciones puede durar semanas y hasta meses.

Boom malware móvil (Infografía) Leer más “¿Por qué los cibercriminales adoran a Android?”

Warning: Fake LinkedIn Spam Can Steal Your Bank Passwords

Bogus LinkedIn emails can infect your computer with ZeuS, a password-stealing Trojan. I know, because it just happened to me.

By Dan Tynan, ITworld

Warning: Fake LinkedIn Spam Can Steal Your Bank PasswordsI feel like a complete idiot. I just got taken by a LinkedIn spam that may have just stolen my banking password.

This is not the first time I’ve been an idiot or clicked on something I shouldn’t. But this one could be really bad for me.

Today, spammers using fake Linked-In invitations attacked the Net in a massive way. How massive? According to Cisco Security, at one point today nearly 1 in 4 spam messages was a Fake LinkedIn invite.

Linked-In spam is nothing new — I wrote about it just last month– but this attack was particularly nasty, because it can embed password-stealing malware into your browser without you realizing it.

[ See also: Yes, Mr. Zuckerberg, we do care about privacy ]

My story: I saw several LinkedIn invites in my Gmail spam folder, and stupidly opened one of them inside Google Chrome. I even saw that the links inside the email were not to LinkedIn but to some oddly named third-party site. But curious about what would happen (and stupidly confident that my Kaspersky anti-malware software would protect me), I clicked it. My browser started to launch a new site, then quickly redirected to my home page.

Weird, I thought. I tried it again. Same thing happened. I figured that whatever site it was driving me toward had already been taken down by one of the anti-malware orgs like StopBadware.com, and thought nothing more about it.

A couple of hours later I logged into my banking site to check on my account. No big deal.

An hour after that I received the following email from Cisco Security:


Bogus LinkedIn emails can infect your computer with ZeuS, a password-stealing Trojan. I know, because it just happened to me.

By Dan Tynan, ITworld

Warning: Fake LinkedIn Spam Can Steal Your Bank PasswordsI feel like a complete idiot. I just got taken by a LinkedIn spam that may have just stolen my banking password.

This is not the first time I’ve been an idiot or clicked on something I shouldn’t. But this one could be really bad for me.

Today, spammers using fake Linked-In invitations attacked the Net in a massive way. How massive? According to Cisco Security, at one point today nearly 1 in 4 spam messages was a Fake LinkedIn invite.

Linked-In spam is nothing new — I wrote about it just last month— but this attack was particularly nasty, because it can embed password-stealing malware into your browser without you realizing it.

[ See also: Yes, Mr. Zuckerberg, we do care about privacy ]

My story: I saw several LinkedIn invites in my Gmail spam folder, and stupidly opened one of them inside Google Chrome. I even saw that the links inside the email were not to LinkedIn but to some oddly named third-party site. But curious about what would happen (and stupidly confident that my Kaspersky anti-malware software would protect me), I clicked it. My browser started to launch a new site, then quickly redirected to my home page.

Weird, I thought. I tried it again. Same thing happened. I figured that whatever site it was driving me toward had already been taken down by one of the anti-malware orgs like StopBadware.com, and thought nothing more about it.

A couple of hours later I logged into my banking site to check on my account. No big deal.

An hour after that I received the following email from Cisco Security: Leer más “Warning: Fake LinkedIn Spam Can Steal Your Bank Passwords”

Security 360 Free, programa AV gratuito

Nuevamente te presentamos otra opción de software gratis, se trata del Security 360 Free. Tal como su nombre lo indica, ofrece seguridad en todo aspecto de nuestro ordenador, y gratis.

Security 360 Free es una utilidad antivirus gratis

Esta utilidad nos ofrece protección en contra de todo tipo de malware y spyware. Troyanos, virus, keyloggers, gusanos, bots, hijackers, adware y muchos más, todo en tiempo real. Además ofrece una poderosa y sencilla herramienta de eliminación.

Es ligero, no sólo el instalador (9.57 MB), sino también en ejecución. No es intrusivo, como algunos que lanzan ventanas o tooltips en la barra de inicio rápido a cada rato, o algunos otros que informan de actualizaciones exitosas con voz. Su interfaz es bastante amigable, la mayoría de las utilidades no están a más de un click de distancia, como las actualizaciones, escaneo y cuarentena.


Autor: Misael Aguilar

Nuevamente te presentamos otra opción de software gratis, se trata del Security 360 Free. Tal como su nombre lo indica, ofrece seguridad en todo aspecto de nuestro ordenador, y gratis.

Security 360 Free es una utilidad antivirus gratis

Esta utilidad nos ofrece protección en contra de todo tipo de malware y spyware. Troyanos, virus, keyloggers, gusanos, bots, hijackers, adware y muchos más, todo en tiempo real. Además ofrece una poderosa y sencilla herramienta de eliminación.

Es ligero, no sólo el instalador (9.57 MB), sino también en ejecución. No es intrusivo, como algunos que lanzan ventanas o tooltips en la barra de inicio rápido a cada rato, o algunos otros que informan de actualizaciones exitosas con voz. Su interfaz es bastante amigable, la mayoría de las utilidades no están a más de un click de distancia, como las actualizaciones, escaneo y cuarentena. Leer más “Security 360 Free, programa AV gratuito”

Malware Infection Hits Russian Android Phones

Lookout, a security company specializing in mobile antivirus software, said in a blog post that the malicious program was the first Trojan horse developed exclusively for the Android platform. But it said the program would not affect Android phone users outside of Russian cell networks.

Security experts also noted that the infected application was not available in the Android Marketplace, the store used to download applications for the Android platform. Phone owners must explicitly change a setting on their phone to permit the installation of non-Marketplace applications.

Jay Nancarrow, a Google spokesman, said Android applications must get permission from the user before doing things like sending text messages or making phone calls.

“We consistently advise users to only install apps they trust,” Mr. Nancarrow said in a statement. “In particular, users should exercise caution when installing applications outside of Android Market.”


By NICK BILTON

Kim White/Bloomberg

Google Android Platform

The adage “Be careful what you wish for” has a modern-day counterpart: “Be careful what you download.” Especially on your mobile phone.

On Tuesday several mobile security companies were analyzing a Trojan horse that appeared on phones running Google’s Android software in Russia. Leer más “Malware Infection Hits Russian Android Phones”

MS preps emergency patch for Windows shortcut peril

Warning of an uptick in attacks, Microsoft plans to issue an emergency update to patch a critical Windows vulnerability that hackers are exploiting to seize control of PCs.

The patch, which fixes the way Windows parses shortcut icons, will be released on Monday at around 10 a.m. California time. It comes two weeks after reports surfaced that unknown hackers were exploiting the flaw in an attempt to install malware on systems that control the operations of power plants and other critical infrastructure. At least two customer of SCADA, or supervisory control and data acquisition, software offered by Siemens have been hit by a computer worm that exploits the bug.

“We are releasing the bulletin as we’ve completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers,” Christopher Budd, Microsoft’s senior security response communications manager,” wrote. “Additionally, we’re able to confirm that, in the past few days, we’ve seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out of band is the best thing to do to help protect our customers.”


Windows 7, the latest client version in the Mi...
Image via Wikipedia

By Dan Goodin in Las VegasGet more from this author

Warning of an uptick in attacks, Microsoft plans to issue an emergency update to patch a critical Windows vulnerability that hackers are exploiting to seize control of PCs.

The patch, which fixes the way Windows parses shortcut icons, will be released on Monday at around 10 a.m. California time. It comes two weeks after reports surfaced that unknown hackers were exploiting the flaw in an attempt to install malware on systems that control the operations of power plants and other critical infrastructure. At least two customer of SCADA, or supervisory control and data acquisition, software offered by Siemens have been hit by a computer worm that exploits the bug.

“We are releasing the bulletin as we’ve completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers,” Christopher Budd, Microsoft’s senior security response communications manager,” wrote. “Additionally, we’re able to confirm that, in the past few days, we’ve seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out of band is the best thing to do to help protect our customers.” Leer más “MS preps emergency patch for Windows shortcut peril”

Microsoft sets emergency Windows patch for Monday

As exploits of the shortcut bug climb, company commits to ‘out-of-band’ update
By Gregg Keizer

Computerworld – Microsoft today said it will issue an emergency patch for the critical Windows shortcut bug on Monday, Aug. 2.

The company said that it is satisfied with the quality of the “out-of-band” update — Microsoft’s term for a patch that falls outside the usual monthly delivery schedule — but also acknowledged that it has tracked an upswing in attacks.

“In the past few days, we’ve seen an increase in attempts to exploit the vulnerability,” Christopher Budd, a spokesman for the Microsoft Security Response Center, said in a entry on the team’s blog. “We firmly believe that releasing the update out of band is the best thing to do to help protect our customers.”

Budd said that Microsoft would release the patch on Monday at approximately 1 p.m. Eastern.

Two weeks ago, Microsoft confirmed a flaw in how Windows parses shortcut files, the small files displayed by icons on the desktop, on the toolbar and in the Start menu that launch applications and documents when clicked. By crafting malicious shortcuts, hackers could automatically execute malware whenever a user viewed the shortcut or the contents of a folder containing the malevolent shortcut.

The bug was first described in mid-June by VirusBlokAda, a little-known security firm based in Belarus, but attracted widespread attention only after security blogger Brian Krebs reported on it July 15. A day later, Microsoft admitted that attackers were already exploiting the flaw using the “Stuxnet” worm, which targets Windows PCs that manage large-scale industrial-control systems in manufacturing and utility firms.

Exploit code has been widely distributed on the Internet, and Microsoft and others have spotted several attack campaigns based on the bug.

One of those campaigns apparently tipped the scales toward an early patch.

The Microsoft group responsible for crafting malware signatures to defend customers using the company’s antivirus products, including the free Security Essentials software, said that an especially nasty malware family had added exploits of the unpatched shortcut flaw to its arsenal.

“Sality is a highly virulent strain … known to infect other files, making full removal after infection challenging, copy itself to removable media, disable security, and then download other malware,” wrote Holly Stewart of the Microsoft Malware Protection Center, on the group’s blog Friday. “It is also a very large family — one of the most prevalent families this year. ”

Sality’s inclusion of the shortcut exploit quickly drove up the number of PCs that have faced attack. “After the inclusion of the [shortcut] vector, the numbers of machines seeing attack attempts combining malicious [shortcuts] and Sality.AT soon surpassed the numbers we saw with Stuxnet,” said Stewart.

“We know that it is only a matter of time before more families pick up the technique,” she added.

Other security researchers had spotted Sality exploiting the shortcut bug earlier this week. On Tuesday, Trend Micro reported that the shortcut vector was being used not only by Sality, but also by other malware clans, such as the Zeus botnet-building Trojan.


As exploits of the shortcut bug climb, company commits to ‘out-of-band’ update

By Gregg Keizer

Computerworld – Microsoft today said it will issue an emergency patch for the critical Windows shortcut bug on Monday, Aug. 2.

The company said that it is satisfied with the quality of the “out-of-band” update — Microsoft’s term for a patch that falls outside the usual monthly delivery schedule — but also acknowledged that it has tracked an upswing in attacks.

“In the past few days, we’ve seen an increase in attempts to exploit the vulnerability,” Christopher Budd, a spokesman for the Microsoft Security Response Center, said in a entry on the team’s blog. “We firmly believe that releasing the update out of band is the best thing to do to help protect our customers.”

Budd said that Microsoft would release the patch on Monday at approximately 1 p.m. Eastern.

Two weeks ago, Microsoft confirmed a flaw in how Windows parses shortcut files, the small files displayed by icons on the desktop, on the toolbar and in the Start menu that launch applications and documents when clicked. By crafting malicious shortcuts, hackers could automatically execute malware whenever a user viewed the shortcut or the contents of a folder containing the malevolent shortcut.

The bug was first described in mid-June by VirusBlokAda, a little-known security firm based in Belarus, but attracted widespread attention only after security blogger Brian Krebs reported on it July 15. A day later, Microsoft admitted that attackers were already exploiting the flaw using the “Stuxnet” worm, which targets Windows PCs that manage large-scale industrial-control systems in manufacturing and utility firms.

Exploit code has been widely distributed on the Internet, and Microsoft and others have spotted several attack campaigns based on the bug.

One of those campaigns apparently tipped the scales toward an early patch.

The Microsoft group responsible for crafting malware signatures to defend customers using the company’s antivirus products, including the free Security Essentials software, said that an especially nasty malware family had added exploits of the unpatched shortcut flaw to its arsenal.

“Sality is a highly virulent strain … known to infect other files, making full removal after infection challenging, copy itself to removable media, disable security, and then download other malware,” wrote Holly Stewart of the Microsoft Malware Protection Center, on the group’s blog Friday. “It is also a very large family — one of the most prevalent families this year. ”

Sality’s inclusion of the shortcut exploit quickly drove up the number of PCs that have faced attack. “After the inclusion of the [shortcut] vector, the numbers of machines seeing attack attempts combining malicious [shortcuts] and Sality.AT soon surpassed the numbers we saw with Stuxnet,” said Stewart.

“We know that it is only a matter of time before more families pick up the technique,” she added.

Other security researchers had spotted Sality exploiting the shortcut bug earlier this week. On Tuesday, Trend Micro reported that the shortcut vector was being used not only by Sality, but also by other malware clans, such as the Zeus botnet-building Trojan. Leer más “Microsoft sets emergency Windows patch for Monday”

9 Essential Tips To Speed Up Windows 7

The Microsoft Windows 7 operating system has been designed for delivering better speeds than its predecessors. However, as time passes by, the laptop/PC might tend to get slower. This is not exactly the fault of the OS. As the matter of fact, it is a common problem faced by many operating systems.
The major reasons for this are accumulation of junk in the system or a highly stuffed hard drive or running of too many unnecessary services and programs. Here we shared a few essential tips that can help speed up Windows 7 performance on laptops or computers. Hope it helps!


By Trinity Nick

The Microsoft Windows 7 operating system has been designed for delivering better speeds than its predecessors. However, as time passes by, the laptop/PC might tend to get slower. This is not exactly the fault of the OS. As the matter of fact, it is a common problem faced by many operating systems.

windows 7 performances tips

The major reasons for this are accumulation of junk in the system or a highly stuffed hard drive or running of too many unnecessary services and programs. Here we shared a few essential tips that can help speed up Windows 7 performance on laptops or computers. Hope it helps! Leer más “9 Essential Tips To Speed Up Windows 7”