Nov
24
Filed Under (Editorial) by dw on 24-11-2009

Fake PillsCybercriminals are capitalizing on H1N1-flu fears by selling fake Tamiflu, so you probably shouldn’t be ordering this online.

Networks of fraudsters use spam and malware to direct Web traffic to phony pharmaceutical sites.

Although unwitting buyers do often receive some kind of drug as result of the transactional exchange, at best the drug doesn’t work and at worse it can pose serious health risks. These Internet criminals are putting their customers’ health, personal information and credit card details at risk, with these counterfeit versions of Tamiflu.

Many of these fraudulent pharmaceutical sites originate in Russia . One network called GlavMed, for example, has more than 120,000 online pharmacy sites selling generic drugs under the name of Canadian Pharmacy. Each GlavMed spammer uses e-commerce software to create new domains or direct traffic to colleagues’ domains, and charge a 40% commission on each sale.

A log file of purchases made on Canadian Pharmacy showed about 200 drug purchases per day per site, meaning a domain owner can earn up to an estimated $16,000 in a day . The top five countries that have been purchasing Tamiflu and other drugs from so-called Canadian Pharmacy sites are the United States, Germany, the United Kingdom, Canada and France.

The Federal Trade Commission said earlier this week that it issued warnings to 10 Web sites making questionable claims that their products could be used to treat swine flu. The FTC said that these remedies, which included homeopathic remedies and air-filtration systems, were violating federal law unless they can back up their claims with scientific proof.

The agency conducted a sweep in late September targeting Web operators who take advantage of natural disasters or financial crises. As consumers grow increasingly anxious about obtaining the H1N1 vaccine for their children and other vulnerable family members, scam artists take advantage by selling them bogus remedies online.

[source: Knujon Reports, ©knujon.com 2009]

by Erik Larkin

whoownsl You’ve cleared away most of the web of myth. You know that today’s evil viruses and other malware exist to make money, that antivirus alone is no guarantee of safety, and that neither is your own good sense (as important as that is). And you know that some of the best protection comes from keeping your software and your operating system up-to-date.

Now it’s time to make sure you don’t fall for the final and potentially worst myth: That the crooks own the Internet, and that the only good option is to use it as little as possible. Denying yourself the cornucopia of benefits the Internet can bring out of fear of its dark side.

Yes, you can get nailed. But that shouldn’t stop you from venturing online, any more than the potential for getting the flu should prevent you from ever leaving your house. If you know the risks and prepare for them adequately, you can weight the odds heavily in your favor and confidently enjoy what the Web has to offer.

You can’t ever eliminate all risk, no more than you can guarantee complete safety in the real world. But with these simple steps you can give yourself very good odds.

  1. Know the score. Know that the crooks are out for money, and that they can make money stealing anything from files to credit card numbers to Webmail passwords.
  2. To combat drive-by-downloads and other attacks that take advantage of hidden software flaws, keep your software up-to-date. Use Automatic updates wherever possible, and for finding and patching the rest I’m a big fan of the free Secunia PSI.
  3. To guard against con jobs (aka social engineering), double-check any e-mail attachment or download you’re not 100 percent sure about. Heck, even double-check those. Virustotal.com offers a terrific free service that will scan any file you send (up to 10MB in size) with 37 different antivirus engines. There’s still the potential for a very carefully crafted targeted attack to slip by all those engines, but the odds on that – and on your being the target of such a labor-intensive attack – are pretty slim.
  4. Protect your passwords. If you have to type one on a risky PC – especially at an Internet cafe or other public PC – change it as soon as you get home. That goes for Webmail, online games, and pretty much anything else – crooks can and will abuse any of them for profit.
  5. Use a good antivirus product. Their ability to detect and block malware varies greatly, so make sure yours is in the top tier for detection results. Check reviews from PC World and other sites and publications to make sure you’re well covered.

You don’t have to be a tech guru to cover any of these steps, and none of them will take much time either. But following them will go a long way towards denying the crooks without denying yourself.

by Erik Larkin

pjlighthouse-security-tip-trick-vulnerability-seo It’s a beloved phrase, used by the wise and the lazy alike in response to everything from potential construction to technical work: “If it ain’t broke, don’t fix it.”

I hear it plenty from people who’ve been bitten in the past after applying a recommended patch for a piece of software, only to see that software break or suddenly conflict with something else on the PC. After that kind of a hair-tearing experience, it’s a natural reaction to not want to mess with a setup that’s working and seemingly stable.

But there’s just one problem. These days, a recommended patch is often, even usually, meant to close a security hole. Going without it can mean leaving the door open to a drive-by-download (see Myth #3) – and a system vulnerable to a drive-by is very, very broken.

You can take care of many risks by enabling built-in automatic update features for things like Firefox and Windows (I prefer to have Windows download updates, but not install them until I say so, on the off chance that an update does something odd). But some of the biggest risks come from things like old ActiveX controls that don’t update, and often don’t give any indication that they’re sitting there putting a big bulls-eye on your PC.

To catch those little buggers, I always recommend a great free tool from Secunia. The company’s free Personal Software Inspector can scan your system, notify you about insecure old software, and usually offer a patch download link or other fix right within the program. You can nab it from the PCWorld download site.

Secunia PSI will run all the time by default and keep track of your software installs and removals, but if you’re a gamer or anyone else eager to conserve every drop of system resources you can allow it to run at system startup, let it run a scan, and close it after resolving any issues it finds. That’s my usual approach to using the software.

Myth #4: dead and buried, and good riddance to it. On to the fifth, and final, dangerous fable.