Discussing Malicious Website URLs On Twitter

Introduction

I have recently come across an issue where good people wish to convey information about malicious websites to everyone. They’re doing very good work tying to keep us all safe and informed by discussing malicious website URLs (Universal Resource Locators), particularly on Twitter. Unfortunately Twitter creates a link in the text to anything looking like a URL. This means malicious websites that are mentioned by their URLs are given links allowing readers to accidentally go to them. Continue reading “Discussing Malicious Website URLs On Twitter”

Using A Digital Signature With Outlook

Introduction

This article covers some of the issues involved when using a Digital Signature. Each Digital Signature is generated from a Digital Certificate (otherwise known as a Digital ID) issued by a certifying authority.

All examples given are created using Microsoft Outlook 2010 on a PC using Microsoft Windows 10, but the principles apply to other versions of Outlook and other email clients.

This article has been written to compliment my previous article Make Safe Financial Transactions.

Anyone using an Apple Mac can get appropriate certificate information in this article published by TechRepublic entitled: How to configure digitally signed email in Apple Mail.

Continue reading “Using A Digital Signature With Outlook”

Browser Choice In Microsoft Windows Ends

Browser Choice – What’s That About

In December 2009 the European Union obliged Microsoft to offer a choice of browsers to their European customers when they installed new versions of Windows. This browser choice was also delivered in updates to Windows and so the Browser Choice screen was born and has been with us ever since. See my featured image of Microsoft’s browser choice screen offering Google Chrome, Internet Explorer, Safari, Mozilla Firefox and the Opera browsers amongst others.

Browser Choice Ends

It turns out that this requirement by the EU had a time limit of five years which has now expired. Consequently Microsoft have quietly withdrawn the option to choose other browsers and returned to providing Internet Explorer alone. People can of course continue to use other browsers with Windows as they see fit but Internet Explorer is now what comes out of the box. Continue reading “Browser Choice In Microsoft Windows Ends”

Backdoor Trojan Regin Spying Since 2008

A recently discovered Backdoor Trojan Regin is a computer bug found by the software security company Symantec. Its purpose is to spy on the activities taking place on computers. It can collect passwords, capture screen images and even recover deleted files.

The Backdoor Trojan Regin has been made to operate in five stages the last two being encrypted to make it very difficult to discover and understand. If any stage were to be discovered it would say little about the other stages. Two stages are specifically given over to loading each other and the other stages. You can see a block diagram of Regin’s stages of operation at this Symantec site.

Backdoor Trojan Regin appears to have been developed as far back as 2008 and by its sophisticated nature was probably developed by a nation state as opposed to criminals. It appears to have been withdrawn from use by its masters in 2011 and a new version reintroduced in 2013.

Regin infections have been found in the following countries:

  • Afghanistan
  • Austria
  • Belgium
  • India
  • Iran
  • Ireland
  • Mexico
  • Pakistan
  • Russian Federation
  • Saudi Arabia

All Regin infections have been shared by these sectors thus:

  • Airline – 5%
  • Energy – 5%
  • Hospitality – 9%
  • Research – 5%
  • Small Businesses & Private Individuals – 48%
  • Telecoms Backbone – 28%

The Backdoor Trojan Regin has been made extremely stealthy so that it is very hard to determine what it is up to even after discovery. It could go undetected for years. For those interested it uses RC5 encryption which isn’t commonly used.

References

  1. BBC News – Regin, new computer spying bug, discovered by Symantec.
  2. Symantec Security Response – Regin: Top-tier espionage tool enables stealthy surveillance.
  3. Symantec White Paper on Regin.
  4. Wikipedia on Trojan Horse – Computer terminology.
  5. Wikipedia on RC5 encryption.

Norton Safe Web & Search Engine Interaction

Introduction

While updating software on a friend’s Windows 8.1 PC he remarked that he could no longer see the Norton Safe Web (NSW) icons in his search results. He was using Internet Explorer with Google as his home page and search engine. He had Norton Internet Security (NIS) installed and the Norton Toolbar was present in his browser. At the time I couldn’t find a solution to his problem so I came home and conducted tests on my Windows 7 PC which also uses NIS.

The featured image at the top of the page shows how it looks when it works OK and an NSW icon is selected.

Continue reading “Norton Safe Web & Search Engine Interaction”

Targeted Attacks via Internet Explorer Confirmed by Microsoft

There is a vulnerability (flaw) which allows targeted attacks via Internet Explorer versions 6 through 11 to be made on MS Windows PC’s.

The attack seems complex to me and probably not easily made against the masses. The ultimate goal of an attacker would be to encourage a PC user to visit dangerous websites.

Microsoft plan to fix the problem with updates distributed in their normal way, i.e. monthly updates.

ITPRO LogoIf you want to find out more you can visit ITPRO here. Some PC’s will be more vulnerable than others depending on what version of Windows is used and whether Outlook, Outlook Express or Windows Mail are viewing an HTML document.

Or you could visit Microsoft here and read Microsoft Security Advisory 2963983, Published: April 26, 2014.

WordPress Vulnerability Affecting Mobiles

WordPress Vulnerability Affecting Mobiles

I just want to pass on knowledge of this WordPress vulnerability affecting mobiles, detected by AVAST, whereby mobile device users are susceptible to redirection. They can be redirected to a malicious web site from WorbPress blogs where the blogger is using a plugin called OptimizePress. NOTE: I am not using that plugin in this blog.

Read all about it in this AVAST Blog Post published on 17th April 2014.

This is the malicious web site so I have not embedded a link to it — http://149.154.152.129.

Reference: