Virus And Spyware Removal

Adobe

A new phishing scam is trying to fool people into thinking it comes from Adobe, announcing a new version of PDF Reader/Writer. The message is making its way into e-mail boxes now, and the real Adobe urged any recipients to simply delete it.

The phishing scam has a subject line “download and upgrade Adobe PDF Reader – Writer for Windows,” includes a fake version of Adobe’s logo and provides links that would lead to malicious code or other trouble if a victim clicked on them. The e-mail appears to come from Adobe newsletter@pdf-adobe.org, which is part of the scam.

“It has come to Adobe’s attention that e-mail messages purporting to offer a download of the Adobe Reader have been sent by entities claiming to be Adobe,” the company said in a statement warning about it. “Many of these e-mails are signed as ‘Adobe PDF’ (or similar), and in some instances require recipients to register and/or provide personal information. Please be aware that these e-mails are phishing scams and have not been sent by Adobe or on Adobe’s behalf.”

The real Adobe Reader download page is on the Adobe Web site at http://get.adobe.com/reader/.

Apple iPad

Security companies are warning consumers and Web site operators to be wary of iPad related search scams.

“This is just the kind of opportunity fraudsters like to exploit by poisoning search terms,” said Symantec’s Candid Wueest. Wueest also warned about “iPad-related spam and phishing attacks hitting consumers hard over the coming weeks.”

In an interview, Don Debolt, CA’s director of threat research, warned about “black hat search optimization”–a scam whereby hackers take advantage of security flaws in blogs and other sites that use PHP to imbed popular search terms like iPad to trick search engines into directing people to compromised legitimate sites that may have nothing to with the subject matter at hand. If someone clicks on the link to a page on that infected site they are then redirected to a malicious site which can implant malware on their machine or tempt them to install a rogue security product.

It has nothing to do with the iPad itself. Similar techniques have exploited other popular searches such as the Haitian earthquake and the death of Michael Jackson. Google has a trends page that shows hot topics and hot searches. On Thursday afternoon the iPad was represented four times on the top-10 list. “Obama State of the Union” led the list.

The entire process is automated, said Debolt. “We found that it’s a very systematic and programmatic process right now,” Debolt said. The attackers, he said, are using software to query search engines to find out the popular search topics and then “feeding that information into compromised web sites so that those compromised sites and the content they put on those sites get indexed by the search engine bots.” To the end user it looks as if those sites have relevant content but when you click on those pages, you are immediately taken to another site that has the malware.

Debolt warns people to be careful if a search engine points to a site where “the root domain of the URL doesn’t have any type of affiliation of the topic or is not an information portal you’re familiar with.” He warns site operators, especially those with a content management system that uses PHP, including Joomla, WordPress and Droopa, to be sure they are using the latest version of their web software.

I have a bit of experience with injected code. I operate a number of WordPress blogs including SafeKids.com which, a few years ago started serving up Google ads for Viagra and other male enhancement products. These were far from appropriate context-sensitive ads for an Internet safety site and when I took a look at my site’s code, I discovered that there were hundreds of links and terms that had been injected to my site as a result of a security flaw in my WordPress template. I replaced the template and updated the WordPress software and the problem went away. Now I’m careful to make sure I’m always running the latest version of WordPress.

As usual, people are cautioned to make sure they are using up-to-date security software and that both their operating system and browser are up-to-date.

Bank of America was investigating an outage on Friday that affected an unknown number of customers but had ruled out a cyberattack, a representative said.

“Our online-banking service is available,” spokeswoman Anne Pace said in a telephone interview on Friday afternoon. “We ruled out a cyberattack, but are working with partners to determine the root cause.”

Checks by CNET found the site down during the morning and afternoon, as late as 2:50 p.m. PST. Several readers reported the outage to CNET, and Business Insider reported that the site was down most of the morning. Several CNET readers reported that they were able to get through to the site, although at least one said it was sluggish.

Bank of America’s Twitter account was reporting that “Our Web site is available. However, some customers are having intermittent issues with access. We are working to determine the root cause.”

One CNET reader reported that he discovered a work-around: “I tried going to the site via my mobile device, and it works! So then I typed the URL that my mobile device uses into my desktop browser, and I can get in. So it doesn’t seem that the Web site, per se, is down, only the ‘normal’ entry portal?”

Are you getting in? Let us know.

Researchers from ESET and BitDefender have intercepted two destructive malware variants (Win32/Zimuse.A, Win32/Zimuse.B/zipsetup.exe), posing as an IQ test, and currently spreading in the wild.

Upon execution, the malware will attempt to spread through removable media using a time-based logic bomb, and overwrite the MBR (Master Boot Record) of all available drives after 40 days for variant A, and 20 days for variant B, making the host’s data inaccessible.

Moreover, once executed, the malware will also issue the following, typical for scareware/fake security software error message, in what appears to be an attempt by the malware authors to make the infected users contact the hosting provider of a particular site stating that it infected them with malware

BitDefender points out that due to the digitally signed drivers in 64-bit versions of Windows Vista and Windows 7, the worm would fail to install. A video demonstrating the infection has been released, as well as a Zimuse removal tool, available for free download.

iPad search results may contain poisoned links that lead to rogue antivirus software, as fraudsters unleash a favorite malware-pushing tactic.

Antivirus makers Trend Micro and Panda Security, along with the threat-tracking Internet Storm Center, have posts warning about malicious results for search terms such as “apple tablet announcement.” Crooks have for years used such SEO poisoning to snare unwary surfers.

According to Trend, clicking one of the malicious links leads to rogue antivirus software, another online scam that uses fake but professional-looking software to warn of nonexistent infections. Victims are exhorted to purchase a license for the worthless software to clean up the supposedly discovered malware.

While Trend includes a screen shot of a malicious result that it says appeared on the first page of search results, I don’t see that particular link returned when I run a current search. Let’s hope that means Google and the other search engines are already filtering out the scams.

And in the meantime, if you’re after real iPad news, PC World has an abundance of articles for you, including a video and hands-on picture tour.