Facebook “Un Named App” scare leads to malware

Excellent write up by Trendmicro on the ‘un named app’ discussion that is spreading on Facebook. If you search Google for this, you may be tricked into downloading Malware to your machine and get compromised.

Here is the article.

[…] Nothing to worry about here as far as your Facebook is concerned, this does not appear to be a genuine malicious app. In fact a thread on Yahoo answers appears to demonstrate in a reproducible fashion that “Un named App” is nothing more than your “Boxes” tab on your Facebook profile page.

Beware though, there is still real risk attached to this Chinese whisper. Criminals have picked up on the concern among Facebook users (or possibly they were responsible for starting the rumour?) and they have already started to poison Google search results.

Google search result:

Google search result

I queried Google for “facebook unnamed app” and the third result on the first page pointed to a malicious website set up for the purposes of distributing fake anti-virus software, this time called “Security Tool”. If you are unwary enough to click the link you will be presented with a dialogue box informing you that you have a huge number of infected files on your machine and prompting you to use Security Tool to clean them up. The software of course is no real security solution and is designed to fool the victim into parting with hard-earned cash.

Be careful what you surf for.

Child Safety on the Internet – Some Tips

Excellent article on Microsoft.com:

Age-based guidelines for kids’ Internet use

If your children use the Internet at home, you already know how important it is to help protect them from inappropriate content and contact.

Windows Live Family Safety and the parental controls included in Windows 7 and Windows Vista can help you create a safer online environment for your children.

The American Academy of Pediatricians (AAP) helped Microsoft develop age-based guidance for Internet use with the family safety settings in both of these products. It’s important to remember that these are guidelines only. You know your child best.

Up to age 10

Supervise your children until they are age 10. You can use Internet safety tools to limit access to content, Web sites, and activities, and be actively involved in your child’s Internet use, but Microsoft recommends that you sit with your child when they use the Internet, until the age of 10.

Here are some safety tips to consider when you go online with your 2-10 year old:

  1. It’s never too early to foster open and positive communication with children. It’s a good idea to talk with them about computers and to stay open to their questions and curiosity.
  2. Always sit with your kids at this age when they’re online.
  3. Set clear rules for Internet use.
  4. Insist that your children not share personal information such as their real name, address, phone number, or passwords with people they meet online.
  5. If a site encourages kids to submit their names to personalize the Web content, help your kids create online nicknames that don’t give away personal information.
  6. Use family safety tools to create appropriate profiles for each family member and to help filter the Internet.
    For more information, see Windows Live Family Safety, Windows 7 Parental Controls, or Windows Vista Parental Controls.
    Help protect your children from offensive pop-up windows by using the pop-up blocker that’s built in to Internet Explorer.
  7. All family members should act as role models for young children who are just starting to use the Internet.

Ages 11 to 14

Children this age are savvier about their Internet experience, but it’s still a good idea to supervise and monitor their Internet use to help ensure they are not exposed to inappropriate materials. You can use Internet safety tools to limit access to content and Web sites and provide a report of Internet activities. Make sure children this age understand what personal information they should not give over the Internet.

When your kids are this age it might not be practical to physically supervise their Internet use at all times. You can use tools such as Windows Live Family Safety, Windows 7 Parental Controls, or Windows Vista Parental Controls.

Here are some safety tips to consider when you go online with your 11-14 year old:

  1. It’s a good idea to foster open and positive communication with your children. Talk with them about computers and stay open to their questions and curiosity.
  2. Set clear rules for Internet use.
  3. Insist that your children not share personal information such as their real name, address, phone number, or passwords with people they meet online.
  4. If a site encourages kids to submit their names to personalize the Web content, help your kids create online nicknames that give away no personal information.
  5. Use family safety tools to create appropriate profiles for each family member and to help filter the Internet.
    For more information, see Windows Live Family Safety, Windows 7 Parental Controls, or Windows Vista Parental Controls.
  6. Set family safety tools on the medium security setting, which should have some limitations on content, Web sites, and activities.
  7. Keep Internet-connected computers in an open area where you can easily supervise your kids’ activities.
  8. Help protect your children from offensive pop-up windows by using the pop-up blocker that’s built in to Internet Explorer.
  9. Encourage your children to tell you if something or someone online makes them feel uncomfortable or threatened. Stay calm and remind your kids they are not in trouble for bringing something to your attention. Praise their behavior and encourage them to come to you again if the same thing happens.

Ages 15 to 18

Teens should have almost limitless access to content, Web sites, or activities. They are savvy about the Internet but they still need parents to remind them of appropriate safety guidelines. Parents should be available to help their teens understand inappropriate messages and avoid unsafe situations. It’s a good idea for parents to remind teens what personal information should not be given over the Internet.

Here are some safety tips to consider as you guide your teens online:

  1. Continue to keep family communication as open and positive about computers as you can. Keep talking about online lives, friends, and activities, just as you would about other friends and activities.
    Encourage your teens to tell you if something or someone online makes them feel uncomfortable or threatened. If you’re a teen and something or someone online doesn’t seem quite right, then speak up.
  2. Create a list of Internet house rules as a family. Include the kinds of sites that are off limits, Internet hours, what information should not be shared online, and guidelines for communicating with others online, including social networking.
  3. Keep Internet-connected computers in an open area and not in a teen’s bedroom.
  4. Investigate Internet-filtering tools (such as Windows Vista Parental Controls, Windows 7 Parental Controls, or Windows Live Family Safety ) as a complement to parental supervision.
  5. Help protect your children from offensive pop-up windows by using the pop-up blocker that’s built in to Internet Explorer.
  6. Know which Web sites your teens visit, and whom they talk to. Encourage them to use monitored chat rooms, and insist they stay in public chat room areas.
  7. Insist that they never agree to meet an online friend.
  8. Teach your kids not to download programs, music, or files without your permission. File-sharing and taking text, images, or artwork from the Web may infringe on copyright laws and can be illegal.
  9. Talk to your teenagers about online adult content and pornography, and direct them to positive sites about health and sexuality.
  10. Help protect them from spam. Tell your teens not to give out their e-mail address online, not to respond to junk mail, and to use e-mail filters.
  11. Be aware of the Web sites that your teens frequent. Make sure your kids are not visiting sites with offensive content, or posting personal information. Be aware of the photos that teens post of themselves and their friends.
  12. Teach your kids responsible, ethical, online behavior. They should not be using the Internet to spread gossip, bully, or threaten others.
  13. Make sure your teens check with you before making financial transactions online, including ordering, buying, or selling items.
  • Discuss online gambling and its potential risks with your teens. Remind them that it is illegal for them to gamble online.
  • I would like to add that the most safety is offered through you, the parents. Make sure you communicate with your children. Educate yourself about the Internet.

    Social Security Numbers Deduced From Public Data (available on e.g. Facebook)

    Interesting article on Wired. Researchers are able to predict correct Social Security Numbers based on minimal information, like date of birth and birth town they mined from social network sites.

    Excerpt:

    After developing an algorithm […], the researchers tested their results using information on birthday and hometown taken from a social networking site […] . Again, they were able to predict Social Security numbers with a high degree of accuracy.

    Again, this confirms my recommendation to NEVER use personal information on public social network sites like Facebook etc. Don’t put your real birth date, birth town etc. on there, it is bound to be used for things much less harmless than birthday reminders.

    Full Wired article at:

    http://www.wired.com/wiredscience/2009/07/predictingssn/

    Facebook worm steals account passwords

    Apparently there is a new (old, but resurfaced) worm out there that spreads through Facebook.

    From Computerworld,

    […] the newest Koobface tries to dupe users into clicking on a link that’s included in a message from a friend. Clicking on the link displays a fake error message claiming that Adobe System Inc.’s Flash is out of date, and prompts the user to download an update.

    The update is nothing of the sort, but is instead an executable file that installs the Koobface worm.

    […] rifles through a compromised PC, sniffs out browser cookies associated with 10 different social networking sites, uses the usernames and passwords within those cookies to log on to each service, searches for the infected user’s friends and then sends those people messages that include a link to the worm.

    It looks for cookies connected to bebo.com, Facebook, Friendster, fubar.com, hi5.com, LiveJournal, MySpace, myYearbook, Netlog and Tagged.

    I fully agree with the last statement:

    Users need to be very, very careful about what they install when they’re on these [social networking] services,” […] “And they should be careful about how they use social networks and what information they put on them. The criminals are gleaning all the information they can and using it against you.”

    Over 330 institutions affected by Heartland Security Breach, number growing

    In reference to the breach of the payment processor Heartland Payment Systems, as I mentioned a couple of weeks ago, more and more institutions are admitting that they are affected by this issue, which means that their customers’ credit card transactions may have been compromised.

    The list of instititutions that are affected so far can be viewed here. It does include major banks, so you may want to skim over it, see if your bank in your state is listed and then contact them for more information.

    Staff Finds White House in the Technological Dark Ages – Security Challenges

    In this Washington Post article, new staffers describe the state of the IT infrastructure at the White House.

    Excerpts:

    Two years after launching the most technologically savvy presidential campaign in history, Obama officials ran smack into the constraints of the federal bureaucracy yesterday, encountering a jumble of disconnected phone lines, old computer software, and security regulations forbidding outside e-mail accounts.

    What does that mean in 21st-century terms? No Facebook to communicate with supporters. No outside e-mail log-ins. No instant messaging. Hard adjustments for a staff that helped sweep Obama to power through, among other things, relentless online social networking.

    […]

    One member of the White House new-media team came to work on Tuesday, right after the swearing-in ceremony, only to discover that it was impossible to know which programs could be updated, or even which computers could be used for which purposes. The team members, accustomed to working on Macintoshes, found computers outfitted with six-year-old versions of Microsoft software. Laptops were scarce, assigned to only a few people in the West Wing. The team was left struggling to put closed captions on online videos.

    […]

    Another White House official whose transition cellphone was disconnected left a message temporarily referring callers to his wife’s phone.

    Several people tried to route their e-mails through personal accounts.

    […]

    And officials in the press office were prepared: In addition to having their own cellphones, they set up Gmail accounts, with approval from the White House counsel, so they could send information in more than one way.

    This should be interesting for any security/process-oriented folks in the White House administration. Having hundreds of rampart Gmail/IM accounts active will definitely pose a challenge for the system. Since all official administration communication needs to be logged for legal purposes, I am curious as to how they will catch up with all the emails that will be sent through Gmail in the upcoming months. They will have a hard time quitting using their Gmail accounts once the official White House accounts are established. Also, what kind of information will be sent via their Gmail accounts? I definitely hope that they will not be able to use instant messaging, unless all that communication will be logged.

    It is a brave new world that is out there, it has never been more challenging for security-minded folks.