Skype rumours

Recently an article has been published, that suggests that Skype, the so famous VOIP client, may be collecting some information from the users PC. To be more specific, some details about the BIOS and the motherboard's serial numbe. Read it for full details.

On the ASC, we have been working on some best practices guidelines for the industry, in order to draw a line that separates what should be allowed and what should't. This guidelines talk a lot about proper consent, which means that users should give explicit consent on what information is going to be gathered.

Let's read the section about Consent and Control:
"Users should be in control of their computers at all times. Anti-spyware vendors may evaluate the extent to which the software publisher has asked and received consent from the user before performing activities such as installation or uninstallation, or the collection, use or disclosure of personal information. For potentially unwanted technologies, EULAs alone are usually not enough to offset risk behaviors. Individual consent of risky behaviors may be appropriate."

If we apply this guidelines, and this story about skype is true, should we label this  tool as spyware?.

Back to

Well, I thing we have finally stopped this one, as in the last 12 hours things seem to have gone back to

Here is a full picture of the attack, since the beginning of it on the 31st of January. Let's hope it doesn't

January Spyware List

Today we are going to review our top spyware list.

1: Adware/Gator(=)
2: Adware/Lop (Up from 8th)
3: Application/MyWebSearch (Up from 5th)
4: Application/Winantivirus2006 (Down from 2nd)
5: Adware/Wupd (Down from 4th)

So not many changes this month, but there are some interesting things to comment.

Adware/Lop
This adware creates different executable files on the PC when it is run, in order to avoid detection. Also, It creates some images on the desktop which look like shortcuts, but they are links to external web sites or programs, the usual casino stuff, etc. It uses quite a lot of effort to disguise itself on the pc, changing the executable that it is run each time. It belongs to C2Media LTD.

Adware/VideoActiveXObject
One of the last versions of the fake codecs, which are so active lately. Hiding spyware on fake codecs is getting huge revenues, as users continue to download them confused with the idea of watching an exiting video for free.

Adware/SecurityError (Up from 46th to 12th)
It is usually installed by some versions of fake codecs. Then it sends adware to promote different web pages, that try to show that there is some kind of infection on your PC. You can also run a test that makes a kind of recommendation. This test is useless, answering the same, you get different recommendations. And it doesn't matter which one you chosse they are all rogue antispywares.

So our recommedation is to be careful when running some applications. Fake codecs are quite dangerous, because users make the false assumption that you need to install the codec to watch the video, but the truth is quite different. The video is not encoded, and there is no codec. The web page checks if you have certain application installed, and if you don't have it you cannot access the content. The problem is that the user is not properly informed of what is happening. As a result, users will have tons of adware delivered to their desktop.

Thanks to Vicen.

Nurech.A.worm Alert II ( UPDATE )

We have compiled more information on this alert. Here you have a graph of the continuous arrival of messages to the lab related to this specific variant in the last 90 hours.

[ImageAttachment] 

Today it reached the second place on the ranking of total number of infections registered through our online tool Activescan. Feel free to use it, because it is free.

At the moment we are still getting 20% of incidents related to this, but it seems to be fading.

UPDATE 07/01

Things are still hot, a new wave is arriving, and in the last 12 hours we are being flooded with more than 60% reports related to this variant.

Windows Vista

So finally Vista has arrived, we have started to see ads on the newspapers, and even on TV.

There is one question regarding Vista that is still unanswered. Are you ready for Vista? A couple of days ago I was wondering if I was ready for Vista. So I decided to download and test the new tool delivered by Microsoft which helps users decide which Vista version is good for you. I was a bit dissapointed to realize that I was only going to be able to upgrade to Vista Home. Also, I found some problems regarding drivers support.

So if I need to change my hardware, basically buying a new computer, and if you add the Vista's price, which doesn't come cheap, it might be an expensive upgrade. So I don't think I will be an early adopter.

But let's talk about Vista Features, I want to focus on security. For a full detailed description visit the Vista security Guide.

So the question might be if I am going to be more secure with Vista. Microsoft claims so, and there is a lot of discussion around this. But some claim that there are already exploits on the black market.

I think that we should take into account, that security is as weak as the weakest link. If I rely on the user to allow or deny a certain activity, this is the weakest link. Let's see some examples. Recently it has been published a study regarding users online behaviour.

Online banks are one of the first targets for phishing attacks. This study shows, that users are the weakest link on the security chain. They really don't use the different tools available. But it is not their fault, in fact you have to take into account so many things that it is very easy to get fooled. I once made a web test regarding phishing attacks, and only got 95%. If you consider that I am quite aware of the problem, that made me wonder how easy it is for an unsuspicious user to be tricked.

Internet Explorer 7 has a new feature that changes the color of the url bar if you are navigating on a site with a certain certificate. This is not the solution, as lots of perfectly legal sites don't have the financial resources to afford those certificates. Will you prevent users from accesing them?

Attacks are getting more and more complex, we have fake codecs that fool users, spear phishing including personal information, DNS spoofing, etc. we need heuristic tools that are able to see what is happening behind the scenes, to really protect users from malware.

Finally, I hope that the new security features on Vista are up to what has been claimed, but we need to remember that nowadays users need to decide too many things related to security (ActiveX installations, Certificate validations, https, passwords, tokens, etc.) and as we have said before, it is very difficult to choose the right answer when there are so many elements involved.

So I think that as XP Service Pack 2 was a huge improvement in security so will be Vista, but there are still a lot of thing to be done. User education is a must and we should not forget this.

Nurech.A.worm Alert ( UPDATE )

This weekend we have seen a lot of activity from a new worm. It is called Nurech.A. In the last 48 hours it got more than 60% of all the messages received in PandaLabs. At some points it was massively spammed.

Here is a graph of the evolution in the last 60 hours. We will keep you updated

[Imageattachment]

UPDATE 

Here are some of the subjects it is using to fool users into opening it: 

Tender Whispers With This Ring               
Til the End of Time Heart of Mine            
If I Knew                                    
Touched by Love Most Beautiful Girl Wrapped Up
Evening Romance Doing It for You             
Window of Beauty                             
Together You and I                           
Sending You My Love Magic of Flowers         
Everyone Needs Someone                          
When I'm With You                               
All For You For Better of For Worse To New Spouse
Forever in Love Full Heart                      
Unique Love My Eye on You                       
Our Wedding Day Hey Cutie                       
Against All Odds             

You can find the complete information here.

Spam in PHP forums (II)

One reader has pointed that although requiring a user to register is a good idea, some bots are able to do so, and has sent some "tricks" that administrators should use to prevent bots from registering in the forums.

First you should use security plugins. We have gotten accustomed to see them when applying for a new email account. An obfuscated key is shown to the user. You need to type this key to proceed. This is quite useful.

[Imageattachment]

As an example, there is also a mod called "The Humanizer" which simply adds another question to the registration process. In particular "Are you a human being?" and two possible answers yes or no. Although this may sound quite obvious, it works. A general purpose bot, will not be prepared for these small modifications.

So the lesson is that there is no need for complex solutions, but smart ones. Making small changes once in a while can bring benefits. It is also advisable to spend a couple of hours performing these administrative tasks, instead of wasting time deleting spam messages

Thanks to David San Jose for this information.