The Intern’s Security Practices Part 2: Links and Software

 As Defence Inteligence’s intern, I decided to survey my class at Algonquin College to find out how they protect themselves from digital threats. Here is the next section of the survey results on links and software.

To start, I asked if my classmates open links on various social media sites and in emails. Here is what they said:

Some of these results could be off because they may not have an account on LinkedIn or Twitter. Since all students have an e-mail address and the majority have a Facebook account as well, it’s not surprising that they have the highest percentage. I will open links on any of those platforms if I recognize the sender and it’s something they normally do. This is how I fall into the 67 per cent that open links from known sources.

With that said, I don’t open every link received from someone that I know. I read the text around the link and check Google for any warnings. This habit saved me from a virus spread through Twitter where you received a message from a friend saying they found a picture of you. When you clicked the link it gave you the virus. With 80 per cent of the students saying they don’t open messages that are just a link, it looks like when it comes to links they have an idea of how to act securely.

It surprised me to find that only 65 per cent of the students admitted to downloading music or movies through sharing and torrents. I’m definitely guilty of this from time to time, especially when it comes to movies.

Moving on to software, we wanted to know when students decide to update their software.

It’s interesting to note that one student wrote on the survey that that they check to see how important the update is.

The most surprising results for the survey was that 82 per cent of students said that they don’t have antivirus software on their phones. I would be curious to see how many are iPhone or Andriod users. As an iPhone user I’m not sure I have any antivirus software.

“People fail to realize that their phone is a computer and should be treated as such,” said Keith Murphy Defence Intelligence CEO.

Similarly 35 per cent of students don’t have antivirus software on their computer or laptop, and 22 per cent don’t know if they have any. This was a shock to both Murphy and myself.

“If they don’t know whether they have AV, it’s safe to assume that they don’t,” said Murphy.

With this news, it’s no surprise that 22 per cent admit to discovering a virus on their computer. Of the 43 per cent of the students that have antivirus software on their computer or laptop, 17.5 per cent use McAfee, 12.5 per cent use Symantec/Norton, two per cent use Windows Essentials, seven per cent use Avast, and five per cent use a different type of software.

Stay tuned for our last post concerning the security attitudes of the students.

By Sarah Raphael

90 Minutes to Privacy

In light of this being National Data Privacy Day for the U.S. and Canada, here are eight tips to create safe, online personal security habits. 
Previously we covered best practices when working with passwords,
ensuring your software is up to date, and that you’re working with a decent
anti-virus solution, get ready to start the timer and do what you’ve been
meaning to do for years.
Image representing Google as depicted in Crunc...
Image via CrunchBase
Reconnoiter – 15 Minutes
The first step in securing your privacy is to
find out just what is out there for the world to see.  If you’ve never Googled yourself, now is the
time.  Google searche to check on:
your name
your name + your city
your name + your employer  
your phone number
your address
your email addresses
screen names
gamer tags 
search anything that you’ve ever used to identify yourself.  Don’t forget
to do an image search while you’re at it.
You might be surprised to find that your dating
profile, gaming history, forum posts, site memberships, comments, pics from the
office party, etc. are easily uncovered.
Now find out what Google knows about you here
Turn off your Google search history here.  
Get your credit report.  You should know what’s on there, and it’s
easy and free to request it.  Look for
anything suspicious or incorrect and contact the agency immediately if anything
is amiss.

You don’t need to pay for the upgraded service, there is no charge to receive your credit report.

Canada – Equifax [PDF]
              – Transunion

USA – Equifax/Transunion/Experian

Call your doctor and get a copy of your medical
history.  Most people have details about
every oil change they’ve ever paid for but have no clue about their own health
Depending on where you live, you’ve got the
right to access different information that is on file about you.  Insurance companies, payroll companies,
social services, etc. should all supply you with what they know about you.
your footprint – 20 minutes
Haven’t used a Groupon in 6 months but still
getting spammed daily?  Sign up for 5
different streaming radio services but only use Songza? Find your true love but
still have profiles on dating sites? Now is the time to delete any accounts
that you no longer use.  It’s a pain, but
it only takes a minute.  If your myspace
page is still sparkling and blaring music out there, just put it out of its
misery.  As an added bonus, your inbox
will thank you.
Can’t remember all the crap you’ve signed up
Look through your spam folder.
Check your purse or wallet for points cards,
rewards cards, coupons, etc.
Location services – Maybe you love Google’s
location aware search results, but there is no need for most apps to know where
you are.  Similarly, nobody needs the GPS
coordinates of the party you were at last night.  If the app doesn’t need to know where you are
to work, then turn it off.
Delete –
10 minutes
Take ten minutes to go through the files and
folders on your computer.  Delete
anything and everything you can.  Be
your social media belt – 10 minutes
Adjust your privacy settings.  Facebook is the big transgressor here, but be
sure to check your LinkedIn, Twitter, Foursquare, Pinterest, etc. as well.  Even if you don’t care, your contacts might.
Your privacy settings on sites like Facebook and
LinkedIn don’t only affect you.  Take the
time to make sure that you’re not sharing any data about your friends with
people that you don’t have today.  Why
let strangers creep all of your contacts on LinkedIn and share friend’s data
with third party developers on Facebook?
Go on a
friend diet – 10 minutes
Prune your lists of friends:  Facebook, LinkedIn, Google+, Skype, MSN, ICQ,
AIM, IRC, etc.  If you haven’t talked to
them in the last year, you probably never will. 
If you need to look them up, you can always do so. 
Go on an
app diet – 10 minutes
Look through the apps on your phone.  If you haven’t used it in a month, uninstall
it.  No matter how many times you tell
yourself otherwise, you are never going to use Google Sky.  Bored with Fruit Ninja? Downloaded Layar just
to show off your phone?  Get rid of
them.  You can always install them again
later, even the ones you’ve paid for. 
The same goes for any facebook apps you may be annoying
your friends with.  Ditch them.  Nobody cares about your farm or what you just
played in Words With Friends.
 Create an
alias – 10 minutes
Not just a username, make a whole person.  First name, last name, email address,
birthday, pet.  When you need to sign up
for something non-critical, use your alias. 
If they don’t need your real name, don’t give it to them.  With the birthday/email/pet, you should even
be able to recover your password if you forget it.  Now is your chance to have the supercool name
that you always wanted.  Hello, Mr. Mike
– 5 minutes
Make sure you use lockscreens on your phone,
tablet, computer, etc. Set them to lock after 2 minutes.  No exceptions. 
Install Prey or similar tool on your devices
just in case.
Sign out of everything you log into, whether
it’s a site, a program or a computer.
Tell us how you did with the 90 Minute to Privacy Plan. Did it take more or less than 90 minutes? 

Enhanced by Zemanta

Cyber Security Made Easy – Part 1

English: A candidate icon for Portal:Computer ...
English: A candidate icon for Portal:Computer security (Photo credit: Wikipedia)

is national cyber security month and offers an ideal opportunity for online
security professionals to reach out to help educate their community.  This is the month when security-wise people
help their friends, family and colleagues in taking proper steps to be safe online.
are more receptive to learn how to be cyber safe after incidents such as Wired
seditor, Matt Honan, had his online life hacked. Honan said his life was ‘digitally destroyed’. He lost a year’s worth of
photos, as well as documents and email that he hadn’t stored anywhere else.

A recent LinkedIn article by Daniel Solove talks about the
real weak link in security: people.

“According to a stat
in SC Magazine, 90% of malware requires a human interaction
to infect.  One of the biggest data security threats isn’t technical –
it’s the human factor.  People click when they shouldn’t click, put data
on portable devices when they shouldn’t, email sensitive information, and
engage in a host of risky behaviors.  A lot of hacking doesn’t involve
technical wizardry but is essentially con artistry.  I’m a fan of the
ex-hacker Kevin Mitnick’s books where he relates some of his clever
tricks.  He didn’t need to hack in order to get access to a computer
system – he could trick people into readily telling him their passwords.”

help with mitigating the human error through security education, we’ve created a blog series that
will offer best practices on how to be cyber safe.

we look at best practices for email and twitter links.
real life examples include links sent through Twitter as direct messages
containing a fake Facebook update that infected the user’s device. The direct message suggested that someone
had posted or tagged the receiver in a Facebook video. Those who clicked on the
link had their computer infected with malware.” 

recently in the news was an email that contained ‘here you have’ in the subject
line. The body of the email would typically read
as “This is The Document I told you about, you can find it Here” or “This is
The Free Download Sex Movies, you can find it Here.” Those who clicked on the link in the email message found they had downloaded and launched
a program that spams the same Trojan Horse out to everyone in their address book,
flooding and crippling e-mail servers.

you click on that link in your email or Twitter direct message?
 Answer “yes” or “no” to each of the following.
If there’s even one question where you answer “no”, then don’t click on the link. As the
saying goes, ‘When in doubt don’t click.’

  1. Do
    you recognize the email address of who sent the email?
  2. Is
    the subject line and content of the message written in the same style that your
    friend, family, acquaintance or the corporation usually communicates?
  3. Does
    the email contain a link with no text introducing the link?
  4. Is
    the spelling correct?
  5. Is
    the email sent at the usual time that is typical of the sender?

If you are still curious about an email or link you can search text from the
suspicious email or link to see if it comes up as a malware. But as said if you
have any hesitations don’t click on link – it’s just not worth the risk.

Our next blog will look at tips for searching safely on
engine searches.

Enhanced by Zemanta

Malware Spread Optimization

Mt. San Miguel is on fire.  San Diego County w...Image by slworking2 via FlickrWhen I heard of Corey Haim‘s death, shortly after fond recollections of License to Drive and The Lost Boys cinema moments, I wondered how soon the unfortunate news would be used in the spread of malware. Well it didn’t take long. Hours after the announcement of Haim’s death, search results for his name came up with domains used to spread rogue antivirus software.

Using search engine optimization (SEO), online criminals force their malware hosting sites into higher billing slots within search engine results. Often a series of redirection sites are traveled through by the user before the final malicious domain is contacted. This creates a level of separation from the actual malware and allows a variety of domains to be constantly created, altered, and moved around, evading detection and termination. Using timely and highly popular topics of interest. domains referring to these topics stay in the leading search engine results. Recent topics covered in SEO campaigns include the Haiti disaster, the Olympics, the Oscars, and unnamed Facebook applications.

So why do these attacks work so well? Amazingly there is still a level of trust by users for top resulting sites of search engine queries. It is common for people to see familiar sites time and again on the first page of search results, and popular sites deemed primarily benign usually take dominant billing. Perhaps this is why folks rarely question clicking on the initial links provided by their favorite search engines. They hadn’t been burned in the past when trusting the top resulting URLs, so why should they now question the validity and intention of every suggested link? Malware is why.

I don’t always keep up with the latest events, but with a little social interaction and casual reading I hear about most events I find interesting and usually several others I don’t, all within a reasonable amount of time. When I want to receive my news from a specific source I usually go to one location online or watch Robin Meade on HLN in the mornings. (There’s no such thing as bad news when Robin reads it.) I use search engines like everyone else to gather information on various inquiries but I don’t do grab bag research, blindly clicking on any keyword matching domains. I’ve never used the “I’m feeling Lucky” button because I never felt that lucky about randomly visiting unknown domains across the internet, and I certainly don’t want to be a punk. (nod to Dirty Harry in case that was missed)

Choosing a default news site to read about all things newsworthy would seem to be an obvious point to suggest here, just as a safety precaution. However, the simple facts behind these breaking stories are not commonly what people are after. There is usually a promise of a sex tape or footage of a celebrity’s death, which can’t be found on CNN. What they can’t find on news sites is what sends users searching, which is ironic because most people only go searching for this bonus material after reading about its availability outside of regular news sites. Maybe news site restriction or loyalty would keep more users safe from attack. But then there’s always Facebook and Twitter and forums/comment/email spam to shield your eyes from as well.

When I want to know what people are searching for I go to Google Trends: I assume this is what criminals intent on spreading their malware also do. Topics that are “On Fire” and “Volcanic” are being queried the most and make for prime targets. If you want to try a little safer searching, wait for topics to cool down a little before clicking around. Even better, find a news site you trust and go there for your news. Anything outside of seeking the facts may just land you in some fire of your own.

Matt Sully
Threat Research & Analysis

Reblog this post [with Zemanta]

Buzz Words

Neil Armstrong & Buzz AldrinImage by cliff1066™ via FlickrGoogle Buzz is definitely the buzz word of the week and, in this industry, has been quickly put under the microscope. As a result, a cross-site scripting vulnerability was already discovered and fixed in the mobile version of the buzz utility. I’m sure close examination will continue to reveal additional security or operational flaws in Buzz, but security minded folks were not the only active critics of the social networking tool from Google.

Initial users were upset by Buzz’s default “all inclusive” settings. These automatic features included adding yourself as a follower of those you most contact through email or chat, (allowing them to automatically follow you as well), displaying all users involved in the follow-fest on your Google Profile, and instant sharing of activity on your other Google sites like Picasa and Reader. Providing easy display of a lot of information to potentially a lot of people, all of these features raised a lot of concern over privacy issues. In addition, new Buzzers were disappointed with the difficulty in finding settings options regarding these features, most while trying desperately to disable them.

While some may not be all that concerned, instant exposure of this information to user contacts without giving expressed permission has been more than disappointing. Some social circles are meant to be separated. Facebook users have been forced to explore this friends and family cross communication fiasco due to multi-generational interest in the social networking world. For many users this is uncomfortable at best.

Complete testing before release may have prevented the scramble for alterations that Google is now the middle of, but the feasible protection of online privacy is the real issue here. In our efforts to connect with the world, can we expect to keep secrets or achieve selective and exclusive information sharing? When we type something into our network connected devices, can we blame anyone but ourselves when that information spreads beyond the originally intended parties?

Anonymity while on the internet is becoming progressively harder to maintain. With photo tagging and friends who gossip across Facebook, even people who never participate in social networking sites have an online profile, in a sense. While reluctant or non users are losing control over just how much the online world can find out about them, self surveillance is now commonplace. We’ve become comfortable with sharing information about ourselves and living and working online, making us vulnerable to attack over the internet and in the physical world. If the Buzzing is getting a little too close you could be in danger of getting stung.

For those interested in de-Buzzing, the links below can guide you through the process:

For those sticking with it:

Matt Sully
Threat Research & Analysis

Reblog this post [with Zemanta]

Rumor has it.

Facebook users are being targeted again, but in a more roundabout manner. Rumors are spreading, as rumors do, that an “unnamed app” is integrated into user accounts which is responsible for slowing down facebook and is being used to spy on user activity. (These rumors have not been proven true.)

Users are then advised in the form of ALERTS to delete this unnamed app. The interesting part is that user suspicion of these messages is what gives them their malicious power. A Facebook user would then Google the alert or the keywords “unnamed app” and be directed through several sites to ones serving rogue AV. Using SEO techniques many of the top sites listed are the key redirection sites in this process.

One such site, at the number three spot in our google search:

The domain is found at

Using javascript redirection, we are taken to:

It looks like the referrer might be necessary for the redirection: “Referer:” Otherwise a page comes up with the multiple facebook and SEO terms planted throughout, including some of the original instigating Facebook alert phrases:

“Has your facebook been slow today? Check your application settings, go into ” added to profile”. If you see one in there called “unnamed app” delete it.”

“There is a ” Unnamed App ” spybot on facebook and it may be slowing down Facebook applications or it may be work as a Spyware.”

The page then uses another javascript to direct us to

Looking up comes back with the location of: “”

and “hitin.php?land=20&affid=94801”
is said to be at the location:

This is where we finally download the beginnings of the Rogue AV. A pop up window tells us that “Your computer contaigns various signs of viruses and malware programs presence….” Our browser window has also seemingly disappeared but if you move the warning slightly you can see it resized to hide behind the pop up.

Agreeing to the scan displays the fake scan of our system, going back to for the necessary visual items.

A few more agreements to clean up our system advises us to download “install.exe”, currently only detected by 7 of 41 AV groups.

Other researchers have indicated different redirection paths being taken and different end result fake security tools.

As for the unnamed app it is said to just be the “boxes” tab on your Facebook profile.
“The Boxes tab contains application profile boxes. A user or Page will have a Boxes tab added to their new profile by default if they currently have application boxes that do not support integration with the main profile/Page left column or if they have more profile boxes than can fit into the main profile/Page left column (more than 5).” (

Removing it seems to be both nondestructive and reversible. According to
“to put back your boxes tab:

1. go back to the page where you removed the Unnamed App from.
2. select “edit settings” for an app under the “added profile boxes” section
3. click remove, then click add when it appears.”

Matt Sully
Threat Research & Analysis

Reblog this post [with Zemanta]


We’re opening the office doors:

Defintel’s on Twitter. Check it out, drop us a line.

Facebook too. Join the Defintel group for botnet building videos, photos, and a chance to ask us questions about computers, security, videos games, comics, and just about anything else.

From the whole Definel team: