Monthly Archives: March 2013

Beware the Spy in Spam

Pope Francis had barely donned his new white robes before cybercriminals were targeting his flock with spam emails and social media posts in a bid to suck money out of their bank accounts. But it’s not just the spammers who make use of these tricks and tools. Increasingly, intelligence agencies are preying on the gullibility of activists.

Emails purporting to be from CNN with enticing headlines linking the new Pontiff to child sex abuse rapidly drew a lot of concerned Catholics and others to spoof websites compromised by Blackhole Exploit Kits. Unwittingly, many then fell victim to remote access Trojans, backdoors, infostealers and rootkits.

The new Pope is in good company. In the past, cybercriminals have lured the unsuspecting with lurid tales of Justin Bieber’s sex life and the death of Jackie Chan.

The term for this type of scam is “social engineering,” broadly defined as the act of tricking people into giving out confidential information or unwisely opening themselves to infection. Cyber criminals make the most of news events and consumer trends by enticing users to infected websites or by planting malware in their system via email.

When activists in Bahrain recently began receiving emails with suspicious attachments, they passed them on to journalists at Bloomberg who then had them analysed. Hidden inside they found FinSpy, a nasty piece of malware designed to take control of phones and computers from afar.Image

“FinSpy can be sent to people in spoof emails to secretly monitor their computers – intercepting Skype calls, turning on web cameras and recording every keystroke,” Bloomberg told its readers.

The U.K.-based Gamma Group markets FinSpy directly to law enforcement and intelligence agencies but denies selling to Bahrain, saying someone else must have duplicated the program and sold it to the repressive Gulf state.

Meanwhile, FinSpy has been discovered running on servers in 25 countries, according to researchers at the University of Toronto’s Munk School of Global Affairs’ Citizen Lab.

For the alarm to have been raised in the first place, the Bahrain activists may have been alerted by a simple anti-virus program that warned they were being diverted to a malicious website.

To guard against these attacks, a safe option is to use a combination of standalone security software with one firewall, one or two anti-virus programs, and one or two anti-spyware programs, plus dedicated anti-Trojan software. Avoid running them all in ‘real-time’ to avoid software conflicts and, instead, regularly scan the computer and update manually.

To avoid infection via email, disable HTML in the email program via the Settings tab. Look for and untick Display attachments inline or tick View message body as plain text. Never open attachments or click on links if you are unsure of their origin. Equally, be aware of social media posts with enticing links.

Among the most dangerous forms of malware are Key Stroke Logging programs and, in extreme cases, tiny hardware versions that can be hidden inside the computer. These work by logging every keystroke and mouse movement. KeyScrambler offer several solutions, including a free option, to scramble keystrokes and defeat surveillance.

As a rule, free, open-source software is preferable to the paid-for variety because developers and others can have a good look inside for backdoors and other things that should not be there.

Comodo Personal Firewall, free and paid-for versions of combined anti-virus and firewall programs. It protects against viruses, Trojans, worms, hacker attacks and other threats.

Lavasoft’s Ad-Aware, free and paid-for versions. Provides core protection against Internet threats. Featuring real-time anti-malware protection, advanced Genocode detection technology, rootkit protection and scheduler.

Spybot Search and Destroy, free, fully functioning privacy and anti-malware software.

AVG Anti Rootkit, removes Rootkits, a malicious program somewhere between a virus and Trojan horse which open computers to external attack.

Avast Free Antivirus, full-featured software with the same antivirus and anti-spyware scanning engine used in Avast’s premium products.

AVG Anti-Virus Free Edition, probably best of the bunch when it comes to free anti-virus software.

Conrad Jaeger is the author of the inter-active e-books ‘Deep Web for Journalists – Safeguarding Reporters in the Digital World’, ‘Enter the Dark Net’ and ‘Deep Web Secrecy and Security’ published by Deep Web Guides. Follow him @ConradJaeger

%d bloggers like this: