(Fake) anti-virus applications!

Funnily enough, at the same time I was thinking about a topic for my next (last) blog post something popped up on my laptop screen. It looked like a very sophisticated and reliable anti-virus application that says that particular programs on my computer were infected with worms. Before I could even react to the message, dozens of error messages started to pop-up continuously, stopping me from doing anything else. I tried to end the program using Task Manager but was unsuccessful in doing so. I, then, used another computer to research about it.

“Security Tool” is in fact a FAKE anti-virus application that keeps your computer hostage until you pay them an amount of money. It keeps throwing you messages to prevent you from doing anything to remove it. It also disables Task Manager. And the worst is that it blocks you from running malware removal tools.

SecurityToolI was really worried that my computer was infected just before exams and immediately looked out for help on forums. Almost all of them advice you to download and run SUPERAntiSpyware and Malwarebytes scan after making the virus sleep for a while suing different techniques. However, none of them worked for me. Every time I restarted my computer, Security Tool gets created automatically.

Following my friend’s advice I did a much simpleer task to get rid of it – I just deleted the Security Tool executable file and it seems to have done the job, at least for now. Malwares such as Security Tool is another way cyber criminals use to collect money from victims.

Therefore, before trusting any such applications (they might look sophisticated, trustworthy) please carefully research about them first.

Cloud Computing and Cyber Crime

The previous article highlighted the threats that social networking websites are exposed to in this Web2.0 era. In fact, another such Web2.0 area is Cloud Computing. It is widely defined as a style of computing that uses Internet technology to offer scalable and elastic IT-enabled capabilities as a service to customers. This ranges from routine tasks of communicating over the internet (e.g. Gmail), to sophisticated work such as Customer Relationship Management (CRM) that are operated and maintained in the “cloud” by providers.

Cloud computing benefits companies and individuals by saving time, money and resources compared to traditional on-premises computing. However, with the burgeoning amount of benefits in cloud computing comes several critical issues that have been viewed as drawbacks to this emerging technology and growing popularity of virtualization among companies could lead them to being the next possible target of cyber criminals.

One of the utmost concerns with cloud computing has always been the issue of data privacy and security. When a client decides to employ the use of cloud computing, the data no longer belongs to the client alone. The vendor, or the service provider, stores the user’s data on its own virtualized server and as such, vendors gain full access to the information available, confidential or not. Further, the servers are moved outside the traditional security perimeter making it easy for the reach of cyber criminals. This is a growing concern particularly when cloud computing stores sensitive data about customers.
Also, Cloud computing is often referred to as virtual, dynamic and borderless. These features of the cloud build a new layer of risk on the uncertainty over where sensitive data resides. The risk includes the wide distribution of information across different jurisdictions, each having different legal frameworks regarding data security and privacy. This makes it even more difficult to govern and regulate the information.

According to sources, cyber criminals can either manipulate the connection to the cloud or attack the data centre and cloud itself. However, there are no global standards or laws that regulate cloud computing against cyber criminals, yet. Governments and regulatory organizations need to recognize the potentials in cloud computing and take initiatives to create cloud specific laws and standards in order to make the cloud a safe and secure place for transactions.

Koobface? Facebook?

I have recently been surfing about “The Social Network” (by the way, watch it if you haven’t yet, great movie) and Facebook when I came across the term “Koobface”, an anagram of “Facebook”. Like many of us, the term was unfamiliar to me and so I decided to write a blog post about it.

Internet and Web 2.0 have contributed a lot to the way we do things; be it how we socialize (social network websites), communicate (e-mail), do business (online shopping) or gather information (Wikipedia) and so on. But this is not always for the general good. With the emergence of Web 2.0, new threats break through as well. One such threat is Koobface.

It is no surprise that cyber-criminals have now chosen social networking websites as their new mean to propagate malware. Koobface is one of the first malwares that has successfully and continuously spread around using social network as its medium of propagation.

Usually, a Koobface attack is initiated with a spam sent through social networking websites such as Facebook, Twitter or MySpace. The spam has a catchy message with a video link. It can also send messages to the inbox of the user’s friend from the same social network. Once the user clicks on the link, he is redirected to a look-alike Youtube website which requires the user to install an executable (.EXE) file in order to watch the video. The downloaded file is malicious and infects the computer.

Koobface makes clever use of the link-sharing behaviour that is often seen among social-networking site users. Moreover, Koobface is very modular and, thus, a simple addition of propagation component can make it target other social networks. A real threat indeed since the propagation of the malware to other social networks is very easy and quick to implement.

It has been about one year since its “launch” and Koobface is still successfully extending its reach across networks. It is looked upon as a role model for a new generation of malware.

Let’s fight against the “Silent digital epidemic” !

The post “Cybercrime today” ends by stating that the “first step to fight cyber attacks is to set up solid international rules and regulations […]”. On second thought, fighting against cybercrime starts at a lower level. It is not simply the duty of governments, Interpol or network administrators but the concern of all Internet users.

But do we actually act responsibly? Most of us have already been cybercrime victims in one way or another, but how many of us have reported them to relevant authorities and how many just ignored them?

A recent study revealed that 80 percent of the surveyed people (over 7,000 worldwide Internet users) do not believe in reporting cybercrime cases and think the criminals will never be brought to justice. And less than half of them don’t even bother to report the crime.

How about Singaporeans who are often described as responsible citizens? Well, a very recent Chanel News Asia article states that “70 per cent of Internet users in Singapore have fallen victim to cyber-crimes including computer viruses, online credit card fraud and identity theft. And, 71 per cent do not expect cyber-criminals to be brought to justice.”

Despite the increasing number of cybercrimes, most of the victims stay silent about it. This behaviour is considered as the “Silent Digital Epidemic” by some. Why?

Some say it takes time and costs money to report and follow a cybercrime case. Others say cybercrime evidences are difficult to collect making it almost impossible to bring the case to the court. In my opinion all these are just secondary reasons and the real reason is our tendency to ignore crimes that affect us less. The loss we suffer from a cybercrime is often considered negligible because most often we don’t even feel the loss. So what is the use of spending (in terms of time and money) more than what you have lost to report it? Also, victims or their peers do not see cybercrime the way they perceive real life crimes. Most of us are passive and unconcerned about virtual crimes compared to real life, often ignoring the fact that we can lose as much from cybercrimes as we do from real crimes.

This mind-set and behaviour increase the number of unreported cybercrime cases and make us uncooperative with authorities in fighting against cybercrimes. On a consequentialism perspective, decreasing cybercrimes will only benefit a large amount of people, therefore every action we take in fighting against cybercrimes is an ethical act. Governments have made it easier for us to report cybercrimes just like they did for real life crimes. Cybercrimes can be reported to local police or to related organizations and many other ways. For instance, in NUS, Computer Centre is doing a fine job in creating awareness about cybercrimes as well as taking actions on reported cases.

The famous philosopher Socrates once said he was “citizen of the world” and that is very suitable for today’s digital era where territorial boundaries have been removed making us citizens of the world and at the same time making crimes easier across the borders. Each Internet users should take personal responsibility for their as well as their society’s cyber wellness and security.