“When criminals are able to get your password from one site that they’ve hacked into, they then take it and try to use it on other common services to see if they can get more access to your personal information,” said Chester Wisniewski, a security expert at security firm Sophos Ltd. “So they’ll go to Facebook and use the same password you used on [the site they hacked into] and they’ll go to your Gmail account.”
If it sounds too good to be true, it probably is. “We see all these survey scams on the Internet all the time where you’re asked to fill in all this personal and private information and enter to win an iPad,” Wisniewski said.
The problem is most of them are frauds and scams. “No one is getting an iPad,” Wisniewski said.
Instead of entering a sweepstakes, what you’re really doing is handing your information over to criminals who might sell it off to someone else or use it to commit identity theft.
Be cautious about sharing information, even if it seems harmless. Don’t give out information such as your birth date on social media or other sites that ask for it.
“Unfortunately, the way we work in the real world, these things may be used to identify you,” Wisniewski said.
Instead of giving away your identity, make another one up.
Keep your anti-virus software up to date. Anti-virus software comes pre-installed on most computers. But after the initial free trial period is over, either shell out for a subscription or install free anti-virus software. You’ll need it.
“It’s not a bulletproof answer because things still get by anti-virus software,” Wisniewski said. “But keeping it up to date improves your safety dramatically. And there are great free solutions out there — namely Linux.
Keep all regular software up to date to ensure it’s secure. If you do, you’ll lessen the chances of experiencing a security breach.
Trojan horses, viruses and other forms of malware evolve every day. When a bug or hole that could harm your computer or let in the bad guys is found in a piece of software, the software company will usually release an update. It’s very important that you run these updates to minimize the opportunities for criminals to steal or misuse your information.
“For example, if you get that little balloon in the tray in Windows, that says ‘Hey, there’s an Adobe update available,’ click ‘yes,’” Wisniewski said.
Keep your browser up to date. If you’re using an outdated browser, you’re also running the risk of being scammed or having your identity stolen. Up-to-date browsers have much better protection against cyberattacks than older versions.
Enable a firewall and configure it properly. A firewall is a system designed to prevent unauthorized access to your computer. Most current operating systems, such as updated versions of Windows XP, Vista and 7, as well as Mac OS X 10.4 and later, have one built in. Otherwise, you can get a inexpensive software firewall from your local computer store, software vendors or your Internet service provider.
“Turning the firewall on makes a big difference,” Wisniewski said, “because if something were to escape your anti-virus [software] and try to communicate with the Internet to send all your banking information, your firewall will stop that if it’s enabled and configured properly.”
The new Trojan known as OSX/Miner-D, nicknamed “DevilRobber” by antivirus vendors, is being distributed together with several software applications via BitTorrent sites.
“This malware is complex, and performs many operations,” security researchers from Mac antivirus vendor Intego warned. “It is a combination of several types of malware: It is a Trojan horse, since it is hidden inside other applications; it is a backdoor, as it opens ports and can accept commands from command and control servers; it is a stealer, as it steals data and Bitcoin virtual money; and it is a spyware, as it sends personal data to remote servers,” they explained. The software is being distributed through torrent sites. It installs a Java-based application called “DiabloMiner” that uses your Mac’s graphics processing unit (GPU) to generate Bitcoins.
The Bitcoin mining program that DevilRobber installs on infected computers is called DiabloMiner and is a legitimate Java-based application used in the virtual currency’s production. As this application is Java based, it will run on Windows, Solaris and Linux computers.
The first sign of infection is if your Mac suddenly becomes sluggish, Graham Cluley of Sophos wrote in a blog post.
“It’s becoming clearer every week that Mac users need to take malware protection more seriously by running anti-virus software,” he wrote.
The DevilRobber trojan steals processing power, which can lead to slow computer performance, as well as actual Bitcoins, which are kept in virtual wallets on the victim’s machine.
“OSX/Miner-D [DevilRobber] also spies on you by taking screen captures and stealing your usernames and passwords,” warned Graham Cluley, a senior technology consultant at antivirus vendor Sophos.
“In addition, it runs a script that copies information to a file called dump.txt regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history and .bash_history,” he added.
So far, the Trojan has been detected in a BitTorrent download for GraphicConverter version 7.4, an image editing application for Mac OS X. However, this doesn’t mean that there aren’t similarly Trojanized torrents out there.
“Clearly, Mac users — like their Windows cousins — should practice safe computing and only download software from official websites and legitimate download services,” Cluley said. He also stressed that Mac users should install an antivirus program, which is not hard to do and costs nothing.
There are several providers of free antivirus solutions for Mac and all of their solutions are more capable than Mac OS X’s default anti-malware defense mechanism, which some Trojans already bypass or even disable.
The latest patch from Microsoft Security Essentials and other Mac AV providers will detect this DevilRobber. I suggest you go one step further and use ESET NOD32.
Bitcoin is a form of virtual cash that can be exchanged by users without the need for an intermediary bank or payment service. Bitcoins are actually cryptographic hashes that get generated piece by piece using specialized programs like DiabloMiner, according to a public algorithm.
Bitcoin is a decentralized, highly controversial virtual currency that was formed by programmers in 2009. The currency is generated by programming computers to calculate highly complex math problems; the more computing power you have, the faster you can create Bitcoins. This is why Bitcoin rigs often look like massive sculptures of connected servers.
Ideally, Bitcoin resolves issues inherent in traditional currencies, like double-spending, inflation, corruption, and inept monetary authorities. But in reality, the effort is being undermined by security issues like exchange breaches, account theft, and pure FUD.
In the past we’ve also heard of Twitter-based Bitcoin bots and months ago, Symantec predicted the spawn of botnets used to mine Bitcoins.
One Bitcoin is currently valued at around US$3.20, and it is a good source of profit for both Bitcoin miners, who legitimately use their computer resources to generate them, and cybercriminals who steal them.