Scam spam

Of late, our corporate email has been bombarded with emails from purported individual wanting to give us some money. 

Another creative spam scam came in form of religious connotations. there seems to be a 'list of trustworthy people' email address list somewhere in the Internet that I am not aware of?

When Apple launched the Ipad in Malaysia, a floodgate of spam came in offering individuals Ipads at unbelievable prices

Let us be realistic. Who would offer you USD5Million and have it sent to undisclosed recepients? If it was sent to 5 million email addresses, would it mean you would only be entittled to USD1? 
As for the Ipads, if you can't wait to get one, you have 2 options
1) queue up at the launch site
2) Fly down to our neighbouring country, Singapore  to get one


And no real/authentic Ipads or Iphones that i am aware of are being sold at USD149.

Neither ESET NOD32 Antivirus nor the premium ESET Smart Security software protects users against such foolishness. But we will filter the emails and put into the junk folder for you.
 
So don't get fooled during this holiday season. We wish everyone a Merry Christmas and Happy New Year.

This blog is maintained by Basic Gateway as the distributor of ESET products in Malaysia since 2005.

ESET expands Cyber Threat Analysis Center

ESET announced today that it is expanding its Cyber Threat Analysis Center with ex-Castle Cops founder, Paul Laudinski joining the team. Building on the success of ESET’s existing global research resources, CTAC is committed to working to further protect ESET’s business and home use customers by collaborating with universities, law enforcement, internet service providers and other agencies that combat cybercrime on the current cyber threat landscape.

“ESET has a proven track record and dedication to helping computer and internet users understand and protect themselves against today’s ever-changing cyber threats by conducting quantitative and behavioral research,” said Laudanski. “With education being a critical component to staying safe online, I look forward to being a part of the CTAC team and continuing to reinforce the importance of approaching cybersecurity from a holistic viewpoint and cultivating threat data that allows us to help educate consumers.”

Prior to joining ESET, Laudanski was senior manager of investigations, Digital Crimes Unit for Microsoft. In his role, he managed criminal and civil enforcement investigations pertaining to phishing, spam, online advertising fraud, child pornography, lottery and advanced fee fraud scams, botnet-driven fraud, other email scams and online abuse. He also led the development of Internet Fraud Alert, an industry clearinghouse of exposed consumer credentials. Before Microsoft, Laudanski founded and ran CastleCops®, alongside Robin Laudanski, a volunteer security community focused on making the internet a safer place. All services to the public were free, including malware and rootkit cleanup of infected computers, malware and phish investigations and terminations.

With the enhancement to the CTAC, some of the research will be turned into technology which both ESET NOD32 Antivirus and ESET Smart Security will benefit from.

This blog is maintained by Basic Gateway as the distributor of ESET products in Malaysia since 2005.

Maybank phishing emails

Of late, me and numerous others have been receiving emails purportedly from Maybank telling us about the status of our account.

For those who use webmails to read your emails and if the webmail does not throw this mail to the junk mail, check with your administrator about this.
For those who believe that the email above was genuine, I hope you have not click on the link and entered your information as requested.  If you have, make a report to the bank immediately.

Take note that banks do not

1. Do not provide you a little extra help by suspending your account access.
2. Email to you to ask you to validate your information. In any situation you will need either need to present yourself at the bank counter or go through telephone banking after validation.
3. Banks do not email from AOL accounts. 

4. If you note closely, the link goes to  a dubious website.

5. Not all actions need a Transaction Authorization Code (TAC) especially at login. It is only used to conduct important transaction such as paying someone, transferring money to someone or changing your online account password.
6. Finally, if you are unsure, do not hesitate to contact Maybank directly and ask about this email authenticity. You may contact Maybank at 1-300-88-6688 

Both ESET Smart Security and ESET NOD32 Antivirus offers phishing link protection against these sort of targeted threats. ESET Smart Security with its anti-spam control will ensure that you will not be needing to read this fake email as it gets moved to your junk mail. 

This blog is maintained by Basic Gateway as the distributor of ESET products in Malaysia since 2005.

The sky is falling....

I was drawn to David Harley's post on ESET blog site about Sky News reporting on Stuxnet. It would seem even to me that accurate reporting has gone out the window with this latest piece of news from the folks at Sky News minced with Hollywood scenarios.

For those who want to have the real picture, please check out F-Secure's updated FAQ compilation about the Stuxnet.

I think that is enough of Stuxnet news for now...  


This blog is maintained by Basic Gateway as the distributor of ESET products in Malaysia since 2005.

The case of ' I told you so'

The Register has reported that security firm Sophos has released a report on malware prevalence in Macs. As confirmed, most Mac users are carriers of malware. While they themselves do not suffer from the malware, they seem to be passing it round when they share data.

Now, don't you think it would be wise to start putting an Antivirus in that Mac machine as soon as you possibly can.

ESET has now released the protection for your Macs via ESET Cybersecurity for Mac. Read about it here.

Ready to purchase? write to us at ask-us@basicgateway.com

This blog is maintained by Basic Gateway as the distributor of ESET products in Malaysia since 2005.

Launch of ESET for Mac platform

Do you think that Macs does not need an antivirus?

Here is the scenario:

You are happily using your Mac and a friend requested a powerpoint presentation which you have created. Now since it is about 20MB in size and is cumbersome to be sent via email, you conveniently pops his USB pendrive and copies it over. Now, he plugs it into his PC and he gets infected by a virus. Can he blame you?

tagline: When using a Mac, it comes with great responsibility....

What is the responsibility? To not infect others by being a host to the tens of thousands of different malware which does not operate in Macs but is out to infect and recruit new Windows bot machines.

Do you seriously think that Macs are immune to malwares? Check again!

Here is a link to David Harley's blog on Mac malware. Read about it.

ESET has just launched its protection for Mac protecting any Mac OSX machine running version 10.5 and above. Based on the proven NOD32 Antivirus engine for Windows platform, it has been ported to the Mac platform offering real time protection against Mac based malware and Windows too. Some of the key features including removable drive management is included to increase security. 

Simply to say, if you have used NOD32 Antivirus on a Windows platform, the Mac version feels right at home.

There are 2 licensing types. 

• For Business who are purchasing any of ESET's Business Edition licenses will  be able to enjoy the additional protection at no extra charge. 
• For home users, ESET Cybersecurity for Mac will be available for purchase from the retail shops or from our online store by 20th of November 2010. 

Some plus point worth considering.

1. If you run bootcamp which features both Mac OSX as the base OS with Microsoft Windows running on emulation, You only pay for 1 license. 
2. Upgrading to a newer version of the same product is free is free as usual so as long as you have a valid license.
3. You may opt to port the license to a Windows Operating System should you for some reason dis-own your Mac.
4. For users of the Business Edition license, the inclusion is free and users using the Mac version will be able to report to the ESET Remote Administrator console and be manged by the console.

For more product information, please see this Want to give it a try? Click here Ready to purchase? write to us at ask-us@basicgateway.com

This blog is maintained by Basic Gateway as the distributor of ESET products in Malaysia since 2005.

Rootkits and idiotic comments

Going through an F-secure web blog post, i found this of interest to talk about.

It has been 5 years since the security industry was first introduced to rootkits which was discovered by the folks at F-secure. Many people who read tech articles may remember that it was Sony who first introduced rootkits as a method to prevent people from copying the contents. In simple terms, they wanted to weed out piracy but gave the world a new malware form which is widely used today.

Rootkits are designed to hide the programs from being viewable by the user. Its intelligent method even evaded most antivirus scanners back then as the files were not visible to the antivirus program.

When the case was made public in 2005, Sony's management team was quoted the following "Most people don't even know what a rootkit is. why should they care about it."

Of course, the whole saga went off on a bad footing and The U.S. Department of Homeland Security (DHS) criticized Sony BMG for releasing products that undermined antivirus software and exposed both government-owned and privately owned computers to hackers. Stewart Baker, DHS assistant secretary for policy, chastised media companies for its zealousness in protecting their intellectual property. "It's very important to remember that it's your intellectual property, [but] it's not your computer," Baker said.

I can't find any point to disagree with Mr. Baker on this matter. And as we now know, rootkits are used by malware to hide their operating files so that stealth and secrecy can be maintained. Such technology serves as a double edge knife and will cut both ways. The good intentions and the evil ones. The computer security industry do not like such ideas either and thus it is reflected upon their ethics .This also reflect why they don't simply give out malware samples to anyone(creditable or not) who wants it. It is simply a double edge knife....

Just so you know, both ESET NOD32 Antivirus and ESET Smart Security provides protection against rootkits.

 

You can read more about the whole issue via boycott-riaa.com here 

F-Secure's blogpost on this can be found here

This blog is maintained by Basic Gateway as the distributor of ESET products in Malaysia since 2005.

Bredolab bot server shutdown

The Bredolab botnet was effectively shutdown when servers hosting the malware was shutdown and operators were nabbed by the Dutch national Crime Police as announced.

Bredolab was considered a complicated malware spread via infected mail and had about 30million bots under its control. The dutch authorities announced that they have shutdown 143 servers hosting and spreading this malware.

Interestingly, the authorities will be using the same bot network to redirect the infected PC to a service help page providing them the reason they have arrive to the webpage and how they can remove the malware from their PC.

Our colleagues at ESET are debating if this act of selflessness constitutes a privacy breach. The commentary here. Other security operators are pondering over the same issue. It is indeed becoming a grey matter and the lines differentiating black and white will become tougher.

BTW, Both ESET NOD32 Antivirus and ESET Smart Security protect users against this threat.

Michael Jackson's song playing in the background.....(it's Black or white....Ooh, Ooh, Yea, Yea)

This blog is maintained by Basic Gateway as the distributor of ESET products since 2005.

Facebook and Firesheep....

I read over several technical blogs about a plugin called Firesheep which plugs into Firefox browser enabling the user to actually scan any unencrypted network such as public WIFI for cookies to websites such as Facebook and Twitter and be able to use that cookie to access the Facebook and Twitter account.

How you may ask? Cookies stores information about the session. This enables you to navigate away from Facebook and return without needing to login. Handy and useful but this is where Firesheep exploits that same feature.



We begin to wonder if session encryption using HTTPS protocol should be a primary consideration given that Facebook have such a large pool of users and have been subject to several security problems in the past . My friends at ESET seem to think so. Read their blog on this here

Of course there is the issue of unencrypted wireless transmission. Does anyone still leave their wireless open without some form of encryption? Most recent wireless routers are capable of doing WPA without performance impact. Aryeh Goretsky has some thoughts about this issue in light of the discovery of Firesheep. read more on that here

SO be careful about accessing Facebook via public WIFI connections  while awaiting for this to be fixed. Those deploying wireless routers, take a look at your wireless configuration and ensure you use at least WPA encryption. Even if your wireless router does not support WPA based encryption, WEP will do and this helps prevent noobs (someone with very little or no knowledge) from sniffing your cookies...

This blog is maintained by Basic Gateway as the distributor of ESET products since 2005.

Making basic computer handling ethics and basic online personal security course as the new drivers license to using your computer? Part 2

In the previous blog, I asked if there is a need to a mandatory program acting as the basic driver's license to using your computer online.

Look at the content at securing our e-city(link). It contains basic security advise and scenario of how internet is becoming the haven for cybercrimes. 

Still unclear how this could relates to you?

Scenario 1

Internet based sex predator posing as children troll internet chatrooms and forum and even facebook in search of new victims. Victims who are oblivious tend to divulge personal information such as what school do they attend, how old they are, their current whereabouts, their routine and even contact numbers. 

Scenario 2

Cyber bullying is a new phenomenon where oppressive messages are sent via chat programs often intimidating victims. 

Scenario 3

Digital pictures of one self, if taken improperly can used as a object for cyber extortion if it lands in wrong hands(happens often enough). How about ransomware? Some malware are known to maliciously encrypt your data(without your knowledge) and unless you pay for the ransom/fee, you will not be able to get the data back.

Scenario 4

People continue to click on phishing links and divulge most sensitive information with regards to their banking account. We see fake Maybank and CIMB links on a daily basis. Persuasive emails such as friend stuck in London asking for monetary help or even a Mrs Mandela wanting to pass you several millions of dollars could make you lose some money.

It was mentioned during the conference that cybercrime is fast overtaking drugs as the most lucrative business for criminals. The punishment meted out is puny in contrast with making and distribution of illicit drugs. In some countries, cyberlaws are non-enforceable. 

So in the end, I ask the same question again.....and for some reason I keep nodding my head and thinking aloud STOP, THINK, CONNECT.

This blog is maintained by Basic Gateway as the distributor of ESET products since 2005.

Making basic computer handling ethics and basic online personal security course as the new drivers license to using your computer?

We attended and exhibited in the recently concluded CyberSecurity Malaysia Awards, Conference and Exhibition 2010 held at the Kuala Lumpur Convention Centre. The theme focus was on securing our digital city.

ESET is part of the pioneering team in creating such a collaboration program via securing our ecity program(link) which was introduced in 2009 in San Diego, USA. ESET collaborated with private and governmental organizations in creating awareness and education program which was freely available to all business and institutions and private citizens within the San Diego area.

CyberSecurity Malaysia is interested and we can presume that they are drawing execution plans in doing this. Now the question that beckons our consideration, should we start a program in basic fundamentals in using computer and going online in a ethical and safe manner and make this a curriculum in schools. The same can be applied as a KPI measurement goal for employees in both government and corporate sectors. This would be equating to a driver's license to start using your computer online.

Driving programs incorporate basics of handling of the vehicle as well as safety precaution and law and rules on driving to avoid accidents. Should we do the same given that using computers and going online requires us to understand basic safety to avoid being a victim of cybercrime, online scams or even Internet predators.
 
While we know of some corporate organizations in Malaysia which carries out such programs, these programs are internally drawn and revolves on aspect related to the corporate ethics guideline on behavior and use of computer. Should we create a national level program which can be use on all levels.

More on this issue to come in our next blog.

This blog is maintained by Basic Gateway as the distributor of ESET products since 2005.

Looking for ESET products with the right after sales support?

The Antivirus industry has gone through a whole lot of changes of late. A good number of reputable vendors are beginning to move at very aggressive pace to secure customers including offering prices that are very attractive in order to grow or even maintain market share. Thus we now see that consumers are looking at price offering as an attractive if not the primary decision making on choosing an Antivirus brand. 

While we at Basic Gateway and ESET are not exempted from this trend, we would like to stress that after sales support is equally important. At Basic Gateway, we have made significant investments into ensuring that customers purchasing ESET products receive sufficient support using the products we sold.

Home Versions of ESET software purchased via Basic Gateway are eligible to receive basic support  at no extra charge. These support including via telephone and email during office hours only. Our technical team may request for remote access to your computer in event the problems are not resolvable or you may not be experienced enough to make the changes as per our technical team's advise. In case of virus infection, our technical is able to escalate and revert to you with an update for ESET signature typically within a 6-8 hour turnaround time. This turnaround time is subject to complexity of the malware sample submitted as well as other factors.
  
Business Version of our software purchased via Basic Gateway are eligible to receive multi level support based on the contract agreed during purchase. These support contract include support via telephone and email and onsite and remote assist. In event that you have signed a 24x7 contract, our support engineer with named technical person will be available to assist you round the clock. Our technical team may request for remote access to your computer in event the problems are not resolvable as deemed necessary by our team. In case of virus infection, our technical is able to escalate and revert to you with an update for ESET signature typically within a 4 hour turnaround time. This turnaround time is subject to complexity of the malware sample submitted as well as your contract provisions. A contractual support tieback with ESET may become necessary for large organization which may have global/regional operations.

Users may contact us at 1-300-22-3738 for support or email to us at nod32support@nod32.com.my or 365support@eset.my. All emails are logged as case files and you can view the case progress at http://support.basicgateway.com/

Interested to work with us? Call us at 03-78772284  or log on to our website at www.basicgateway.com and talk to our channel managers today. 

This blog is maintained by Basic Gateway as the distributor of ESET products since 2005.

Stuxnet...Again?

The Register, an online news portal on the IT industry has reported that a local Antivirus company, Rising has has confirmed that China is now being hit by the Stuxnet worm. Rising Antivirus reported that over 6 million computers have been identified as being infected although industry experts are raising doubts of the estimate.

Although it was not stated but it is believed that the same variant of Stuxnet reported earlier is the same ones infiltrating China which means that the infection wave is still moving across the globe. 

I wonder if the reported attacks are due to to the high piracy rate in China of the Microsoft Operating System causing users using pirated products to turn off Windows updating and thus becoming an easy target.

It should be cautioned that the Antivirus program is not and should not be used as a protection substitute to Windows Update. They are complimentary of each other and that is why a number of Antivirus providers including ESET is now embedding Windows update notification as part of its core program.

ESET's blog on this matter ESET blog

Source link The Register

This blog is maintained by Basic Gateway as the distributor of ESET products since 2005.

Fake branded handbags.... fake Smart Security

ESET via its blog yesterday announce that a rogue malware has been using the Smart Security name to dupe customers to thinking that they have an infection that only Smart Security can clean and you will need to pay for the software which will clean the infection.

This sort of scam has been going around for quite a while and has various names such as XP Defender, Antimalware Guard and Antispyware  Protector. Sounds genuine?It is not unfortunately. 

This how the real ESET Smart Security interface looks like and ESET's 30 day trial policy allows you to install, scan and remove malware without forcing you to buy the software first.

Stay safe everyone. 

This blog is maintained by Basic Gateway as the distributor of ESET products since 2005.
 

More on Stuxnet

As I was reading on the Internet, I stumbled across a a post on F-secure blog on the issue with stuxnet that corroborates with the story ESET and every other security company has on the origins and target of this malware. Read about this blog post here

Interestingly, further down the post, a youtube video link by F-Secure showing a demo by Symantec reseacher, Liam O'Murchu during the recent Virus Bulletin Conference (VB2010)in Vancouver about how Stuxnet can affect systems linked to an infected SCADA system.

Now, someone can start on a blockbuster Hollywood movie script...

This blog is maintained by Basic Gateway as the distributor of ESET products since 2005.

Stuxnet, the big question....

The issue with Stuxnet has been making new over last few weeks. While ESET has been regularly blogging on thier official blog at blog.eset.com about this issue, the big question remains. Was Stuxnet developed by a nation state sponsored to attack/infiltrate Iran? Iran has reported that their nuclear facility was infected by this malware and further reports that they have clean up the problem. Some news portal are going as far as linking it to specific countries.

We don't have the exact answers (but we are certain that ESET users are continuously protected against the stuxnet threat). A whitepaper written by ESET's research team attempts to clarify some of the characteristics of the virus, but the question remains to be answered. The more technically adept readers can read this research paper here

What is your opinion?

ESET products are distributed in Malaysia by Basic Gateway Sdn Bhd since 2005.

Twitter vulnerability expose users to harm

Twitter's newly updated web interface has exposed twitter users to potential source of attack. This new vulnerability using the mouseover function contained within the twitter interface enables users to embed a mouseover command in a tweet and if you simply put your mouse over the tweet it could launch a pop up, create a tweet, or even redirect you to another website. 

This has caused users to experience unwanted behavior and even tweets which is not consented by the owner. Apparently even the twitter flaw has even affected the twitter page of Sarah Brown, wife of the former British Prime Minister which had her twitter page redirect to a Japanese porn site(source). The reported hacker which discovered the flaw was identified as a17 year old from Australia before it became viral (source).

It is now safe to twit again as twitter has reported fixed the issue after it was shutdown for 5 hours. So happy twitting again and stay safe.