Mind the Security Gap

London 2012 banner at The Monument.
London 2012 banner at The Monument. (Photo credit: Wikipedia)

The dangers of the games are not limited to those in attendance. For those watching and following at home, Olympics related spam, phishing, and malware distribution will be in abundance. See one email example reported here by TrendMicro that actually presents itself as a safety advisory about emails promoting sites selling fake Olympics tickets.

Spam or virus email campaigns with special Olympic news or a special deals can include an infected attachment or link as in the example above. These are designed to fool you into installing malware onto your systems. If you don’t recognize the sender address or the email seems out of character (spelling errors, no content other than a link, unsolicited attachments) don’t click it. If you get an email saying you won tickets but you don’t recall entering a contest, you didn’t win. Sorry. If you are interested in buying tickets for the Olympics or just getting information on the Olympics, go to http://www.london2012.com/. When searching for videos or information on the Olympics, many new sites are going to be dedicated to malware distribution. Stick to the official Olympic website or your favorite news site. Don’t venture out into unfamiliar territory.

A great FAQ for Olympic related online safety is offered by TrendMicro here. It explains things well for any reader and talks about scams and threats to expect before, during, and even after the London 2012 Olympics.

Be safe and you’ll enjoy the Games even more.

Enhanced by Zemanta

London 2012 Olympics Threats, Online and in the Queue

A team of over 16,000 outsourced security personnel, military troops and police officers will be on guard at the London 2012 Olympics, but physical security for Olympic fans may not be enough to keep them safe.  The Olympics, like any other large publicly favored event, is a hot target for cyber criminals and a hot topic for luring unsuspecting Internet users.

NEW YORK, NY - JULY 11:  A free Wi-Fi hotspot ...

While at the games you may be on the lookout for pickpockets, but also guard yourself against Wi-Fi thievery. Wi-Fi connections can potentially put you at risk for data theft, particularly your passwords
and private information. One of the best ways to ensure your information isn’t compromised when
using a public Wi-Fi network is not to send any sensitive information over the network, or by securing what is sent as much as possible. The best tip is don’t use public Wi-Fi. If you’re going to anyway, don’t do online banking.

For the insistent on using Wi-Fi while at the games, read PC Magazine’s Ten Tips for Public Wi-Fi Hotspot Security.
Related articles
Enhanced by Zemanta

Time’s Up for DNSChanger Victims

Last November I wrote about DNSChanger, the estimated millions of victims, and the FBI’s involvement with dismantling the botnet. Victims of the malware were forced to use alternate DNS servers run by the botnet operators. Just shutting down the rogue servers would have ended the botnet, but it also would have prevented possibly millions of unaware victims from reaching the Internet as they know it. Rather than bringing down the servers, alternate servers with benign intentions were put in place to allow victims of DNSChanger to continue reaching their favorite websites without interruption. These servers, however, will effectively discontinue service for those same victims as of Monday, July 9th, 2012.

From krebsonsecurity.com
http://krebsonsecurity.com/wp-content/uploads/2012/06/dnscchrono.png

The average user knows little of DNS and how to alter their DNS settings, which is likely why the deployment and maintenance of these replacement servers has been allowed to continue for so long. After nine months or more, including a court ordered extension of service, these DNS servers will be shut down for good. It’s now estimated by some that this may only effect anywhere from 40,000 to 500,000 users. Regardless, many users will be caught off guard Monday with no clue as to what happened. I assume many an angry call will be made to ISPs this same day.

For those doing a last minute check for possible infection, sites listed below will be of great assistance:
For Canadians:
www.dns-ok.ca
Go to the bottom of the page and click “I agree”. If you see green, you’re good. Red, you’ll need to clean up your system.

For Americans:
http://www.dns-ok.us/
No clicking necessary. Green is good.

DNSChanger detection sites hosted in other countries listed here:
http://www.dcwg.org/detect/

Other help and information:
http://www.publicsafety.gc.ca/prg/em/ccirc/2011/in11-002-eng.aspx
http://www.dcwg.org/fix/

-Matt Sully