We all have experienced many online threats last year. And as year changes to 2010, the more online threats are changing too. Cybercriminals will be more eager to spread online threats and attack computers to benefit with any valuable information challenging users for security.

Here are some of the predictions that will challenge computer security this year:

1. Spam, Scams on Social Networking and Real-time Sites – A group of security researchers belonging from Websense, Breach Security, IBM Internet Security Systems‘ X-Force, and Symantec agreed that cybercriminals will focus their attacks on social networking sites such as Facebook, MySpace, and LinkedIn, and on real-time social sites like Twitter. When it comes to real-time features, Google, especially Google Wave, as well as Bing will be their target. The attackers enjoy the fact it will take time for others to discover the existence of a malicious link or file. Users may recognize one but still one way or another, there will still be victims.

2. Crime Cloud – Security vendors specifically AVG, M86, and RSA predicted that criminals will be attacking and using use cloud services directly to control attacks. and using them to direct and control attacks. IBM researchers are anticipating to see attackers exploiting more services. Take Amazon AWS for example which already served as a host for a malware command and control server.

3. Malware Hijacking Trusted Sites – Breach Security observes continuous improvements when it comes to compromising trusted sites and infecting them with malware. Numerous incidents of SQL injection has been proven successful in attacking sites. No doubt, it will happen again. Cybercriminals prefer to have a third-party that will distribute their malware.

4. Macs Will Be Compromised – It’s been years now that security companies have been talking about Mac being targeted by attackers for malware. According to Websense, exploitation will happen affecting Safari under Mac OS X which will invite hackers to target the Mac platform. Symantec is worried that Mac users who are not spending money to buy antivirus software yearly will not be protected with such attack. Zscaler still believe that Apple can somehow oblige the company to strengthen its security to surpassed continuous attacks. Many think Macs will be widely affected because of Adobe Flash vulnerability.

5. Search Engine Poisoning and Malvertising – Cybercriminals will exert more efforts on exploiting trusted sites. For them to infect sites, they will make use of search engines and advertisements. They will continue to threaten and weaken search results and enjoy the attention breaking news and events. Google together with Microsoft will assure its users for a safe search and advertising. Of course, they wouldn’t want their users to not trust them.

6. Increasing Number of Bots – Why would cyber criminals waste their time with cloud-hosted malware when botnets can do the same thing? Botnets are better than cybercriminals. It can also be a source of income generating cash for criminals and hijacking other botnets for money. This will cause conflict preventing botnets to grow and attracting security experts and law enforcement. It’s botnets against other botnets. It’s like what happened to Zeus/Zbot being shut down by Bredolab botnet. Symantec claimed that botnets have become the foundation of cybercrime.

7. Piracy Gets Riskier – Microsoft has started making a move to lessen software piracy since last December. They received many complaints from users who buy the pirated version of Windows. IBM researchers are expecting that the continuous use of the pirated software will infection more users will malware.

8. Mobile Security Issue – Smartphones like iPhone and Android-based handsets are like miniature personal computers. They are being used for business purposes. In 2010, Websense predicted that smartphones will be targeted for attacks just like the computers. Nowadays, security vendors either have or are developing a mobile security product service. IBM thinks that mobile attacks will still be limited.

9. Major Insider Theft Scandal Will – It is expected next year that someone who has been in a large organization accessing company data will be caught to be working for or with a cybercrime group. The Identity Theft Resource expected that the number of insider cases will increase because of failure to follow basic workplace security protocols.

10. Clickjacking is Back – According to Zscaler, clickjacking will strike back. Clickjacking is a malicious technique that tricks users to reveal confidential information or take control of their computer while clicking the sites. Jeremiah Grossman of WhiteHat Security and Robert “RSnake” Hansen of SecTheory reveal about the technique in October 2008. Efforts have made to lessen the risk of clickjacking but it is still effective to use especially with a social engineering component.

How Can Techie Now Help?

The above security threats serves as a reminder for computer users to be careful over the web. You’ll never know what security threat you will be into. For now, the best protection is a reliable and updated antivirus software that will keep you and your computer in trouble. When it comes to your computer’s protection, Techie Now is the name you can trust. Techie Now offers PC support services: virus and spyware removal, performance optimization, installation and configuration and general repair.

www.TechieNow.com

The Federal Bureau of Investigation (FBI) advised the people to be alert of fake antivirus software which has victimized a lot losing $150 million.

An intelligence notice was posted by the FBI on the Internet Crime Complaint Center’s website warning the people while browsing the web to be careful of Antivirus programs pretending to be credible but they are not. These programs are considered scareware or rogueware. According to the internet security bloggers/writers, scareware are software products, most usually commercial firewall and registry cleaner software, produce a lot of perky and alarming warning or threat notices serving some desired purpose. It is considered scam software which has a limited or no benefit at all. Rogueware is a form of computer malware that convinces users to pay for the fake removal of malware.

The notice states that these scareware programs are very aggressive and dangerous threats claiming that they clean computer viruses and attracting the users to buy them. Online criminals engage with the process called malvertising or malicious advertising where they even use botnets in posting ads in websites to convince and victimize more users.

As soon as you download the fake Antivirus software, a pop-up will appear. Closing this pop-up is not as easy as you think as hitting the X button or clicking the Close button. If the user agreed to press the Yes button to buy the Antivirus program, a form will prompt asking for payment information for the fake item. This fake software can install viruses, Trojans, and/or password intercepting keylogging programs in your computer.

Anti-Phishing Working Group stated that the total number of scareware programs from January to June last year has surpassed 2008 as a whole. Security analysts noticed that different AV programs are created so that it will be difficult for real antivirus software detect the threats. FBI recommended the users to always update their security software and operating systems. If ever you encounter a rogue Antivirus pop-up, quickly shutdown PC or close browser. Perform a complete secured Antivirus scan as soon as you turn on your computer again.

How Can Techie Now Help?

Scareware or rogueware can keep you and your computer in trouble. So like what FBI advises the computer users to do, you should be careful with those fake Antivirus programs that you see while browsing the web. Don’t let those scareware or rogueware fool you. For now, update your security software and operating system. If you need help, contact Techie Now. We offer PC support services like virus and spyware removal, performance optimization, installation and configuration and general repair.

www.TechieNow.com

Security researchers stated that there was a huge spam campaign that happened early this December with a message coming from the Centers for Disease Control (CDC) asking the people to register for H1N1 vaccinations.

The e-mail messages redirect the innocent victims to a fake CDC site convincing them to create their profile. In this way, they will receive a swine flu vaccination. The fake site advises the users to download a vaccination profile archive which includes the link for that download. Of course, H1N1 known for its aggressive spread and lack of vaccine, people grab the mistaken opportunity and download the link which is a new variant of the Zbot Trojan horse. Security companies called it “Zeus”. It is a bot malware that hijacks your Windows PC for sending more spam and other nefarious activities.

Enormous number messages hit the users’ filter during the day when the bogus CDC messages started arriving to inboxes with the subject lines like “State Vaccination H1N1 Program, “Governmental registration program on the H1N1 vaccination” and “Create your personal Vaccination Profile.”
According to AppRiver, an email and web security solutions to businesses from Florida, the spam campaign’s average was about 18,000 messages per minute, or about 1.1 million per hour. It considered as the biggest when it comes to malware-oriented run currently reaching its customers and virus/phishing campaign right now. Because of its high volume, AppRiver has to block an approximate of 13 million messages during that time. 37 of 41 anti-virus detection engines of AppRiver has not detected the said Zbot Trojan but later recognized by its 21 detection engines.

The malware author is wise enough to make a backup attack plan for those people who are too cautious to clink the link. The fake CDC site has an iframe, an invisible element on the page which contains attack code exploiting Adobe Software vulnerabilities like Adobe Reader and Flash player. Attackers are too frustrated for being incapable to exploit Windows that they target Adobe’s applications. In the most recent Adobe Reader update, there are patched 29 vulnerabilities in the PDF viewer. The update made last October plugged a hole already being used by hackers.

Zbot, also called a “botnet” in security parlance, is the main active collection of compromised computers. When it comes to malicious activity, Zbot has been in the top for months. It was used by a British couple who then get arrested for stealing online banking account usernames and passwords. McAfee, AppRiver’s rival security company, the host servers of the fake CDC is can be located in Argentina, Chile, Colombia, Brazil, India and Malaysia.

How Can Techie Now Help?

Even H1N1 vaccinations are being used by the attackers to victimize innocent people whose only concern is to protect themselves from the disease. This really questions our computer security. If you feel that your PC is not protected from any online attacks, contact Techie Now for your PC support services such as virus and spyware removal, performance optimization, installation and configuration, and general repair. Techie Now is what you need for your PC needs.

www.TechieNow.com

An SQL-injection assault infected 132,000 websites  after installing malicious software from 318x.com last December 10, 2009. Afterwards, the said attack planted a backdoor Trojan Buzbuz which featured a rootkit. Buzbuz steals financial data like credit cards in particular.

According to ScanSafe, the first attack that they discovered was last November 21, 2009. They reported about the attack this December after they found out that 125,000 websites hosted at different geographical locations with different sizes had been already infected. It was proven when the iFrame started to appear on Google search. Some of the infected sites include: knowledgespeak.com, parisattitude.com, and yementimes.com.

Anyone who visited the infected web-pages get a hidden link that downloads code from the websites connected to 318x.com. This code exploits the un-patched versions of Internet Explorer, Adobe Flash or other Microsoft program of the host computer so that the malware, Backdoor.Win3.Buzus.croo, will be installed.

Landesman stated that a new malware gang is behind the particular SQL-injection assaults. The said gang is said to be not that familiar to the method of attack. Although it might be an experienced attackers gang, this huge assault is their primary attempt. Security researchers considered this a sophisticated mass website attack.

How Can Techie Now Help?

Malware can really infect a website or more websites like what happened in this SQL-injection assault. It can happen to anyone, any computer, anytime and anywhere. With the everyday use of your computer and Internet, it’s easy to be infected with a malware. Protect your PC now and enjoy your computer experience, contact Techie Now. Be it virus and spyware removal, performance optimization, installation and configuration and general repair – Techie Now can provide PC support services that you need. We give better services at better prices and better protection for your computer.

www.TechieNow.com

E-mail is being used for communication by businesses and individuals, and by cybercriminals for online attacks affecting everyone when not used carefully. Proofpoint, a security firm, has enumerated its 2009’s top 10 terrifying e-mail blunders:

• Trojan Horse Steals Bank Accounts – URLZone, a banking Trojan horse, was reported in September. It steals money while users are logged in their accounts displaying a fake balance. Computers get infected when you click a malicious link in an e-mail or visit a website with hidden malware. It also keeps your bank account login credentials, take screenshots, and sneak on your other web accounts like Facebook, Gmail, Paypal and more.

• FBI Forgery- FBI Director Robert Mueller’s wife prohibited him from doing online banking transactions after he had given his personal information to a phishing website. He received an email from what he thought was his bank verifying his information. He even filled out some information but realized in the end that it was not a good idea. So he changed his passwords and told the incident to his wife. That incident did not stop Mr. Mueller’s  from doing his online activities.

• White House Spam – It took place in August when the White House sent thousands of e-mail messages to Americans explaining its stand on the controversial health reform issue. It was spread through an e-mail account to create and dispel rumors. Nevertheless, the White House admitted that it was an unsolicited e-mail and blamed third-party groups for the mass e-mail.

• Hotmail Phishing – In October, thousands of Hotmail accounts were compromised where passwords were posted on some websites where developers normally share programming code. News site Neowin was able to see the list which had been removed and reported to Microsoft about the issue. In this particular phishing scam, the hackers sent out the list of the e-mail accounts with the letterhead of banks, eBay and other institutions, to convince the consumers that they have to reset their online passwords to their websites for security purposes. As soon as Microsoft discovered the scam, they blocked thousands of Hotmail accounts believing the accounts have all been hacked.

• Start-up Suicide – RockYou, a social media advertising and application start-up, sent out a mass e-mail to their customers and associates announcing their new site redesign last September. Instead of using BCC: in sending the e-mails, RockYou displayed the entire mailing list of over 200 e-mail addresses in the CC: field and those e-mail addresses ended up on a spammer’s list. After two months, RockYou sent another mass e-mail using a mailing list asking contractors to provide information for their W9 tax forms. Unfortunately, some people unintentionally send personal information to the entire mailing list.

• Gmail Account Deactivated – Last August, Rocky Mountain Bank in Wyoming sent names, addresses, social security numbers and loan information of more than 1,300 customers to a Gmail address by mistake. Realizing what they did, the bank e-mailed the same address asking the recipient to contact them and destroy the sent file without opening it but they didn’t receive a respond. The bank contacted Google asking for the account holder’s information. So, Google received an order from U. S. District Court Judge James Ware of the northern district of California deactivating the e-mail account and disclosing the identity and contact information of the Gmail account holder. The said Gmail user has not done any wrongdoing. From then on, anyone from the bank is advised to be watchful when sending e-mails and typing in the TO: field an e-mail.

• Payroll Panic – PayChoice, a payroll processor, was the victim of a website breach in September. The customers received targeted e-mails claiming to be from the company. The said e-mail is used to trick people into downloading malware or visit a website that will allow them to access the Onlineemployer.com PayChoice portal. The site was shut down and clients were notified within hours. The e-mails were spread through a Yahoo account with the links hosted from servers in Poland.

• UK Tax Error – HM Revenue & Customs, Britain’s tax authority, warned the people about scam e-mails using fake government e-mail address to convince recipients into revealing their personal information to receive a tax refund in return. Those e-mail messages are claiming that recipients were entitled to receive a tax refund, so they have to give their bank or credit card details so that their refund could be paid out. HRMC stated that they would never inform tax rebate through e-mail like most of the legitimate business and government organizations do or invite the people to complete an online form just to receive a tax rebate.

• Death, Taxes and Phish – In September, a fake e-mail notice was widely spread attacking against businesses and individuals and was claimed to come from the Internal Revenue Service. According to US-Cert, the attack was hidden in a fake e-mail with a subject line of “Notice of Underreported Income” which contains a link or attachment infected with a Zbot/Zeus Trojan virus. It is a program which steals credentials for banking login information.

• UCSD Message of Acceptance by Mistake – University of California San Diego mistakenly sent the same message of acceptance to all 46,000 students who took the college entrance where there are only 18,000 students who passed and accepted in the said university.

How Techie Now Can Help?

E-mails are being used to communicate for personal and business purposes. Cybercriminals also use them to steal one’s identity and money. So computers’ users must be careful when opening attachments or links in their e-mails because it might infect their PCs or steal their information especially if the computer is not protected. To protect your computer from any online attacks, contact Techie Now: virus and spyware removal, performance optimization, installation and configuration, and general repair. Techie Now assists your PC needs better than what others do.

www.TechieNow.com