Check Your Browser’s Security Level

Wide spread use of social networks and web based services has made web browsers one among the of the most used software, which also made them the weapon of choice for spammers,phishers and hackers. Even people who insists to keep their system up to date, forget to update some of the  browser components( browser add-ons/ plug-ins etc.) as these may not have an auto update feature.

Qualsys has released a free service that will allow you to check you web browser security. It supports all the main stream browsers ( Firefox,Chrome,Opera,IE and Safari) on a variety of platforms like Windows ( XP,Vista etc..), Mac and Linux. Though the service is in beta stage in some platforms and browsers, its still worth to check them out. Detailed list of supported platforms and plugins are available here.

Browsercheck will ask you to install a plugin to continue scanning (I was not asked to install plugin in Ubuntu with Chrome as well as FF4, guess the beta versions is not full fledged yet ), the plugin is signed by Qualsys. Install it to continue (read the FAQ to know the need for installing plugin and to know their privacy policy).
Once installed you are good to go to check your browser’s patch level.Click the scan now button.

Browser check will scan your browser, plugins and addons against known vulnerabilities and give you a report with installed plugin/addon details along with its patch status. Detailed status report descriptions are available in FAQ, but as a rule of thumb “Green” means fully patched and “Red” means vulnerable. 
Clicking the button will give you more details regarding the problem and possible remedy. Mostly it will be a link to download the latest version.
After fixing all the security holes in your browser, I strongly recomment to scan it once again to ensure the security, as some times plugins/addons comes with additional software( for eg google toolbar) that may ruin the security of your browser.
On a final note  as with any security solution, browsercheck is not a single self sufficient solution for online security, the ultimate security comes with awareness.
Happy browsing with a secure browser 🙂

Posted in Security | Tagged , , , , , | 2 Comments

World’s First PC Virus “Brain” Turned 25

Image Courtesy www.techlahore.com

Worlds First PC Virus Brain turned 25 in this January. Researchers from F-Secure managed to get an interview with Brain’s creators Basit and Amjad Farooq Alvi from Lahore Pakistan. The short but interesting interview is available here.

From Wikipedia 

©Brain affects the IBM PC computer by replacing the boot sector of a floppy disk with a copy of the virus. The real boot sector is moved to another sector and marked as bad. Infected disks usually have five kilobytes of bad sectors. The disk label is changed to ©Brain, and the following text can be seen in infected boot sectors:

Welcome to the Dungeon © 1986 Brain & Amjads (pvt) Ltd VIRUS_SHOE RECORD V9.0 Dedicated to the dynamic memories of millions of viruses who are no longer with us today - Thanks GOODNESS!! BEWARE OF THE er..VIRUS : this program is catching program follows after these messages....$#@%[email protected]!!

The virus came complete with the brothers’ address and three phone numbers, and a message that told the user that their machine was infected and for inoculation the user should call them:

Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination...

The reason for this message was the program was originally used to track a heart monitoring program for the IBM PC, and pirates were distributing bad copies of the disks. This tracking program was supposed to stop and track illegal copies of the disk. Another programmer copied the technique for DOS and it became the (c) Brain virus. Unfortunately the program also sometimes used the last 5k on an apple floppy, making additional saves to the disk by other programs impossible. The company was sued for damages and was quickly dissolved.

 Few interesting points from the interview,

  • Unlike present day viruses, Brain was not intended to cause any damage to the users, it is merely meant to be a “friendly virus”
  • It is a boot sector virus, which is named after the company Brain Telecommunications Ltd owned by the brothers
  • It left the address and phone number of its creators in the boot sector of affected floppies 

For more information about Brain and its writers please read the  Techlahore article.

Posted in Security, Uncategorized | Tagged | Leave a comment

Secure Your Facebook Account With SSL and Login Alerts

Recently Facebook has rolled out few new features that will enable the users to user their Facebook account with better sense of security. The newly introduced Secure Browsing feature allows users to always  use secure connection(https) for Facebooking. While facebook were already using secure connection for their login sessions, regular user activity was not protected.

Enabling Secure Browsing ensures that your data can’t be seen by ISPs,your company Admins or other users. This is especially important in cases,where you are using Facebook from public computers or while surfing on an unencrypted wireless network.

To enable Secure Browsing functionality in your account go to Account -> Account Settings -> Account Security.
Check the option Browse Facebook on a secure connection (https) whenever possible”. From now onwards all your facebook conversations will be over https(you can verify this from the https:// prefix in the address bar).

 

There are a few things you should keep in mind before deciding to enable HTTPS. Encrypted pages take longer to load, so you may notice that Facebook is slower using HTTPS. In addition, some Facebook features, including many third-party applications, are not currently supported in HTTPS. We’ll be working hard to resolve these remaining issues. We are rolling this out slowly over the next few weeks, but you will be able to turn this feature on in your Account Settings soon. We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future.

Two more useful features are also available now, Login alerts and Activity viewer.
Login alerts will send you login notifications to your email or phone(if you have added a mobile device to your account) when a login occurs from an unknown computer.This will act as a early warning  in case somebody tries to access you account.
Activity monitor will let you check the recent activities happened in you account, how many logins happened in the recent past,how many sessions are still open.If you finds that there is any unauthorised activity in you account, there is an option to end that particular session also.

You can read the facebook blog post about new features here

Posted in Security | Tagged , , , , , , , | 4 Comments

Bom Sabado! Orkut Worm!!

Today I have been getting many scraps from friends (in Orkut!!!) with just the text “Bom Sabado!”. Google translator tells me that it means “Good Saturday!”, well seems like its going to be not so good Saturday for many!!.As time passes by more and more people seems to sends this scraps, indicating clearly that this is  some kind of a worm.
So I thought of digging into it a bit deeper, I created a dummy account so that my normal account will not be affected.Then added myself as friend in the dummy account, so that I can monitor it.Then I opened the scrap I got from the dummy account.While inspecting the source code, I found that the suspicion is true, it in needs is the work of a worm!!.I found following iframe  code injected along with the message into scrap.
This injected iframe loads “worm.js”  script from tptoolsorg which apparently causes all the problems.

Downloading the worm.js from the source and decoding it gives me following observations.

  1.  It uses standard JS Objects and XMLHttpRequest to all sorts trouble.
  2.  Code is obfuscated by using octal representation for objects and weird names  (eg: _0x7c2bx4) for variables. 
  3. It does the following if you opens a scrap page.  
  • Makes you join 5 communities.
  • Sends Scraps to all your friends.

Following shows the part of the code that is responsible for the problems.

The main sign of infection is that, your browser will be hanged for a while if you open such a page.if you find it happens to you, close the browser immediately. It will prevent the worm from spreading.


Recovery Methods

  1. Clean all the cookies and private data stored in the browser. 
  2. Install Firefox and NoScript addon, it will block all the scripts. Allow only those you wanted. But be careful not to allow scripts from tptoolsorg.
  3. Remove all those “Bom Sabado!” scraps from your Scrapbook.
  4. Be careful not to visit any of the infected pages until Google fix this injection vulnerability.


Posted in Security | Tagged , , , , , | Leave a comment

FACEBOOK “Like” SCAMS

If you are a regular user of FB, there is a high chance that you must have seen something like this in your Newsfeed.

 The title will create such a curiosity in one’s mind that, you will be forced to click on it. On clicking the link, you will be taken into a website with a “Like” button and with with texts asking you to click on the like button to proceed.

If you click on the Like button, it will be added to your likes and interests [ As per FB documentation, a page you Like will have capability to publish content to your News Feed whenever it pleases to, till you manually remove it ] Once you Liked the page, it will again ask you to share it with your friends as Step2 to view the “Amazing Content”.

If you click the Share button, a popup window will come up asking you to Share the content with your friends.If you try to Skip it, an alert window will come saying unless you share this, you won’t be able to see the content.

Driven by curiosity and unaware of the consequences, many people will actually share it!!, leading to further propagation of the scam. The result of all these so called “Steps” is that you will be presented with page asking you to perform “Human Verification” by completing a survey!!.Each time someone does a survey, the Scammer get money!! and free publicity, what an amazing marketing strategy!!.

How it is done?

By checking the source code of the page, it can be seen that Scammers are exploiting FB’s own social plugin APIs!!.

They have added few Javascript of their own to detect using pressing ‘Like’ button, also to create an alert if the person refuses to Publish it to friends .

In this particular case, FB’s own APIs are being used, and no password stealing code/malware download code has been found.But since ‘liked’ page has the capability to push content into the user, its very much possible to do worm/Trojan spreading using similar tactics.
Digging deep into the code, the final destination to which user will taken after Liking and Publishing is found.

If you visit this page directly, you will be treated with a page asking to complete the survey.If you act fast enough to hit the ‘Escape’ key as soon the page is getting loaded to stop the advertisement from getting loaded, you will be able to see the “Actual Amazing Content”.

This just one of the hundreds if not thousands SCAMS that being propagated over FB, most of them uses the same tactics.If you have already fallen for one, go to Likes and Interests in your profile and remove the particular page.If you haven’t , be careful not be a victim.Happy Facebooking!! 🙂

Posted in Security | Tagged , , , | Leave a comment