One of the biggest threats to Mac computer users today is the belief that Apple’s operating system is immune to malware and viruse attacks. The Flashback Trojan attack  (April 2012) was a strong reminder to Mac users that third-party software is a vehicle that can and will infect both Windows and Mac computers alike.

[Krebs on Security]: A year ago today, Apple released a software update to halt the spread of the Flashback worm, a malware strain that infected more than 650,000 Mac OS X systems using a vulnerability in Apple’s version of Java.

10 Ways To Protect Your Mac

1-Back-up-Sunday was World Backup Day - when was the last time you backed up your Mac?

 With Apple’s Time Machine software (OS X 10.5 and above) you can perform full-system and incremental back-ups.

2-Use strong passwords: Check your password at Microsoft, is it strong?

A weak password such as 123456, password, abc123, or using your first name or pet’s name as your password is the Achilles heel of online security. Passwords are your first line of defense against cybercriminals. Create complex passwords for each site (do not share the same password at multiple sites), change them frequently and create accounts at sites that use good encryption.

3-Use a firewall & secure your Airport

A firewall is a barrier that can keep destructive forces (hackers, malicious software) from the Internet away from your computer.It can also stop your computer from sending malicious programs to other computers.

To set up the Mac OS X 10.6X and above Firewall:

Click the Apple menu > select System Preferences > select the Security Icon > Click the Firewall Tab > click the *Start Button > Advanced> select your desired Firewall configuration > click OK > close the security pane to save your selections.

* Note: If the Start button is gray, click the lock icon (bottom of window) and enter your administrative password at the prompt.

To secure your Airport:

Change your wireless router password to a strong password and use encryption.

4-Use Anti-virus software and keep it up-to-date.

New viruses and malware is created everyday, so it is important that you keep your antivirus software updated. Sophos Mac Home Addition (free for home users), is simple to install while updating and downloading virus definitions on an hourly basis.

 5-Update OS X and Apps on a regular basis.

-Open software update from the Apple Menu to install updates.

-Open the App Store and download available updates.

6-Disable Automatic File Opening in Safari After Download.

For added security, disable this feature when using Safari > Open Safari Preferences > Click the General Tab > uncheck open safe files after downloading.

Note: If you use Cocoon, all files downloaded from the Internet require user approval.

7-Enable FileVault Encryption.

From the Apple Menu: Open System Preferences > Click on Security & Privacy > Click the FireVault Tab

 8-Enable Anti-Malware Definitions

This should be enabled by default. Double-check your preferences to make sure that it is turned on:

From the Apple Menu: Open System Preferences > Click on Security & Privacy > General Tab > check Automatically update safe downloads list

9-Be responsible with social networking sites.

Social networking sites are rife with rogue apps and Internet scammers that often prey on user’s to spread their wares via permissions granted by the user. With a little education anyone can stay on top of the bad stuff and have a better Internet experience overall.

Subscribing to the Sophos Security Blog and FaceCrooks will keep you aware of the seedy and unsavory side of social media, along with providing great tips on how to stay safe online.

10-Use a layered approach when surfing the web.

 When you browse the web it is easy to land on an unsavory site or get hit by a drive-by-download. Today, the virtual threat landscape needs more protection than an antivirus suite. Many exploits utilize 3rd party browser plugins (Flash, Adobe Reader) and if your operating system or browser has a vulnerability – it can easily become an open door that invites hackers in. Surfing with Cocoon on the web can add an extra layer of protection to secure your browsing experience.

By following the above 10 tips, you will be able to minimize the impact that hackers and malicious software can have on your Mac.

Do you have more Mac Internet safety tips to offer? Please leave a comment at our blog or let us know on Twitter, Facebook, Google+, or Pinterest.

The majority of Internet security risk factors can be controlled with the right tools, the right attitude (a willingness to learn and apply the necessary strategies), and the desire to become proactive versus reactive. Keeping your computer free from badware, malware, botnets, viruses, adware, and a host of other nasties plays an important role in extending some decent net etiquette. 

If you think of  surfing the web as an Interstate and the computers that frequent the web as vehicles – driving a stable vehicle on the Interstate is integral to highway safety. Would you feel safer driving next to a car that is well maintained with a current safety inspection sticker intact, or would you feel safer driving next to that dilapidated hunk-of-junk with four bald tires and no safety inspection sticker?

10 Ways To Protect Your PC

 1-Back-up: How and why you should back up your personal computer.

Though this is one of the most neglected areas of computer maintenance,  it is essential to have a clean back-up source if your system has a hard disk failure (crashes) or your data and system files become compromised by a virus.

2-Use strong passwords: Check your password at Microsoft, is it strong?

A weak password such as 123456, password, abc123, or using your first name or pet’s name as your password is the Achilles heel of online security. Passwords are your first line of defense against cybercriminals. Create complex passwords for each site (do not share the same password at multiple sites), change them frequently and create accounts at sites that use good encryption.

3-Use a firewall: What is a firewall?

A firewall is a barrier that can keep destructive forces (hackers, malicious software) from the Internet away from your computer.It can also stop your computer from sending malicious programs to other computers.

4-Use Anti-virus software and keep it up-to-date.  

New viruses and malware is created everyday, so it is important that you keep your definitions updated.

5-Use a reputable malware scanner. Malwarebytes is highly recommended.

6-Don’t use an administrative account to browse the web

Create a new user account with limited rights to surf the web. Since malware requires administrative rights to run on the system – using a nonadministrative account will not enable malicious software to install on your system.

7-Keep your PC operating systems and programs updated.  Secunia PSI is an excellent [Free] option that keeps third-party software updated.

Windows Vista and Windows 7

To turn on Automatic Updates yourself, follow these steps:

1. Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
2. In the left pane, click Change settings.
3. Select the option that you want.
4. Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK. –Microsoft Support

8-Never download pirated software 

According to The Dangerous world of Counterfeit and Pirated Software, pirated and counterfeit software (i.e. unlicensed software and bogus software pretending to be genuine) has become one of the most reliable fast-tracks to the risk of malware infection. –NetworkWorld

9-Be responsible with social networking sites.

Social networking sites are rife with rogue apps and Internet scammers that often prey on user’s to spread their wares via permissions granted by the user. With a little education anyone can stay on top of the bad stuff and have a better Internet experience overall.

Subscribing to the Sophos Security Blog and FaceCrooks will keep you aware of the seedy and unsavory side of social media, along with providing great tips on how to stay safe online.

10-Use a layered approach when surfing the web.

As an example of using a layered approach: You would use a Internet Security Suite to take care of your antivirus needs, an anti-malware product installed such as Malwarebytes, Secunia PSI to check for vulnerabilities, a link scanner like McAfee SiteAdvisor and use Cocoon to anonymize and protect your web browsing sessions.

 “Layered security is about multiple types of security measures, each protecting against a different vector for attack.” — Chad Perrin, TechRepublic

When you browse the web it is easy to land on an unsavory site or get hit by a drive-by-download. Today, the virtual threat landscape needs more protection than an antivirus suite or antimalware application. Many exploits utilize 3rd party browser plugins (Flash, Adobe Reader) and if your operating system or browser has a vulnerability – it can easily become an open door that invites hackers in.

By following the above 10 tips, you will be able to minimize the impact that hackers and malicious software can have on your PC.

Do you have more PC Internet safety tips to offer? Please leave a comment at our blog or let us know on Twitter, Facebook, Google+, or Pinterest.

57 Flaws! All versions of  Microsoft’s Internet Explorer browser are vulnerable to a malware attack.

ZDNet recommends that all users temporarily switch to another browser until Microsoft releases the updates next Tuesday. (Microsoft never releases full details of vulnerabilities until the updates are released).

February’s Patch Tuesday release will feature two bulletins both addressing critical IE vulnerabilities. All versions of IE from 6 to 10, including the ARM port running on Windows RT on the Surface tablet, will need patching. –The Register

According to the Sophos blog, next Tuesday’s release will be a monster-sized security patch:

“Patch Tuesday is approaching, and for users of Microsoft’s software it’s going to be a monster. In all, 57 separate security flaws are waiting to be fixed.Perhaps the biggest concern will be related to the security holes in Internet Explorer.”

Adobe Flash is also under attack. Cocoon recommends that you apply the emergency patch IMMEDIATELY.

Adobe issued an emergency update to its Flash Player to fix two zero-day threats, the company announced yesterday. The updates affect all versions of Flash on Windows, Mac, Linux, and Android.–CNET

To see what version of Adobe Flash you are running, check here: http://www.adobe.com/software/flash/about/ and you can update Adobe Flash here: http://get.adobe.com/flashplayer/

Be sure to stay safe online and we hope you have a great weekend!

The Cocoon Team

There appears to be plenty of confusion concerning the latest Java zero-day flaw. Some people  think that disabling Java will destroy their ability to peruse the web. Others tend to think that the security experts have it right. Sophos appears to have honed in on the confusion with their explanation that Java is not JavaScript!

Since JavaScript is a browser built-in feature and Java (Oracle) is not – suffice it to say that the two are an entirely different species! Though both are programming languages: JavaScript is a web scripting language and Java is compiled. Only Java 7 that is run in web browsers is affected by this vulnerability.

Q: What is the difference between Java and Javascript?
A: The same as the difference between Mandarin Chinese and American English.

What is all the hoopla about?

According to Roger Grimes at InfoWorld, the sad Java security tale goes like this:

Installed on over 1.1 billion desktops and 3 billion mobile phones, Java is the world’s biggest target for hackers. It has been the top exploit vector for Web browsers for many years. Ask anyone involved with detecting and eradicating malware in the enterprise; Java, they will say, is responsible for most of it.

Homeland Security also posted Vulnerability Note VU#625617: Java 7 fails to restrict access to privileged code, advocating that Java should be disabled in all web browsers.

On that same day, Emil Protalinski must have been BBQing Kobe Beef when he posted this to TNW:

It appears this flaw was first stumbled upon by a French researcher who goes by the name Kafeine. In a post on his Malware Don’t Need Coffee website, the researcher claimed that the latest version, Java 7 Update 10, was being exploited on a site that receives “hundreds of thousands of hits daily” and concluded that “this could be mayhem.”

More importantly, Kafeine noted the two most popular Web threat tools used by hackers to distribute malware, the BlackHole Exploit Kit and the Cool Exploit Kit, already have this latest Java exploit. BitDefender confirmed the alleged addition of the exploit into Cool while security expert Brian Krebs confirmed the BlackHole part, as well as noted its addition into Nuclear Pack.

 A few days later Oracle released Java 7 Update 11  to which Paul Ducklin retorted at the NakedSecurity blog:

 Note that the vulnerabilities Oracle just patched don’t apply to standalone Java applications or server-side Java installs. They apply only to applets, which run inside your browser.

Your browser routinely and unavoidably puts you in harm’s way, since it inevitably downloads and attempts to parse, process and display, untrusted content.

So, even after updating, I recommend that you turn Java off inside your browser unless you know you need it.

It gets worse…

Shortly after Oracle released a Java 7 security update to address two critical zero-day vulnerabilities,  Brian Krebs also reported a new Java zero-day was being sold on the black market for $5000 each.

The Department of Homeland Security (DHS) also stuck to their guns - recommending that users continue to disable Java in their Web browsers (due to attack vulnerabilities that could result in identity theft and other cyber crime). Be sure that you are disabling Java, and not JavaScript!

We recommend that you disable Java:

Chrome: Copy “Chrome://Plugins” (without quotes) to the address bar and click DISABLE next to Java plug-ins.

Firefox Main Menu: Select TOOLS > ADD-ONS > Click the DISABLE button next to Java plug-ins.

Internet Explorer: Follow the instructions at Java.com

Safari: Click Safari in the main menu bar > PREFERENCES > click the SECURITY TAB and uncheck ENABLE JAVA.

–The Cocoon Team!

You can also visit us  on Twitter, Facebook, Google+, or Pinterest!

With the web picking up traction in the distribution of malware – cybercriminals continue to focus their efforts on exploiting the weakest link. From irreversible malware to premium attack exploit toolkits – the threat landscape of 2013 will continue to amp up the security battleground…

1- More browser-infecting malware

With so much sensitive and personal data passing through web browsers, WatchGuard predicts that Man-in-the-Browser (MitB) attacks can anticipate a steep rise in 2013.

Now, a new type of malware has emerged. Sometimes called a Man-in-the-Browser (MitB) or browser zombie, it arrives as a malicious browser extension, plugin, helper object, or piece of JavaScript. It doesn’t infect the whole system; instead it takes complete control of a browser and runs whenever the victim surfs the web.

2- More Android mobile madware

Researchers at Georgia Tech Information Security Center (GTISC), state that malware writers have moved from taking a casual interest in mobile platforms to trying to create a viable business model, especially focusing on devices based on the Android operating system.

 -Malicious and privacy-undermining applications for Android will continue to grow quickly, as cybercriminals use toll fraud and other mechanisms to turn compromised devices into cash sources.

-Mobile wallets will face further scrutiny and slow adoption until their security is proven.

 3- More IPv6-based attacks

WatchGuard also predicts an increase in IPV6-based attacks and IPV6 attack tools. Because the IT industry is slow in adopting IPV6 technology, many of the new devices are already IPV6-aware and have the ability to create IPV6 networks on their own. When these devices create their own networks and have not been locked down with security controls – this leaves the door wide open for cybercriminals to exploit unprotected weaknesses.

4- More madware (mobile apps)

Expectation is high that madware, otherwise known as mobile adware will continue to rise. In a recent FTC staff report: Mobile Apps for Kids: Disclosures still not making the Grade, nearly 60% of the child apps surveyed was transmitting information from the child’s device back to the app developer, advertising network, analytics company, or other third party.

What is becoming apparent with some madware is that it pushes consumer tolerance to the limit by gaining permission to make phones calls or send text messages. Five of the most annoying habits of madware include sending alerts to the notification bar, adding icons to your device, to change browser settings, gather personal information and even change the ringtone. What makes madware such a nuisance development, is that in many cases consumers have no idea what these ad networks are doing, and they can be left with astronomical phone bills or become a victim of identity theft if these activities go unchecked. –Symantec

5- More ransomware  

According to the Internet Crime Complaint Center (IC3) the latest version of ransomware uses the name of IC3 to frighten victims into sending money to the perpetrators. This version of the Citadel malware platform also claims that the user’s computer activity is being recorded using audio, video, and other devices. This is a very clever social engineering trick – designed to instill fear of potential criminal prosecution if the victim fails to comply with the perpetrator’s ransom demands.

Next, the victim is lured to a drive-by-download website that installs ransomware on the user’s computer. Once installed, the computer freezes and a warning screen is displayed warning the user that they have violated U.S. federal law. Then the perpetrator goes even further (instilling more fear in the victim), by stating that IC3 has discovered that the victim’s IP address has accessed child pornography or other illegal content. To unlock the computer, the victim is instructed to pay an IC3 fine by purchasing a prepaid money card.

You can expect much more sophisticated versions of ransomware in 2013.

6- More use of legal surveillance tools

With the revelation that the U.K.- based Gamma Group offered ‘Finfisher/Finspy’ monitoring software to the previous Egyptian government and reports that the Indian government asked firms (including Apple, Nokia and RIM) for secret access to mobile devices – surveillance tools will be a hot security topic in 2013. –Securelist

7- More targeted spear-phishing attacks

Websense Security Labs is predicting that malicious email will make a comeback in 2013 with “timed and targeted spear-phishing email attacks, along with an increase in malicious email attachments, are providing new opportunities for cybercrime. Domain generation algorithms will also bypass current security to increase the effectiveness of targeted attacks.”

8- More social networking scams

Social networking sites such as Facebook and Twitter are optimal grazing grounds for cybercriminals to easily target large pools of victims. With the free flow of personal information cybercriminals easily digest all this social data and devise targeted attacks that prey on consumers using social engineering tactics and sensationalism.

One of the biggest crowd enticers on Facebook is for the cybercriminal to produce an unbelievable video, rogue app or viral link that can be shared with a large number of users. The idea is to perpetuate a continuous bombardment of shared content that can spam the wall or messaging system of the original victim, their friends and even friends of friends.

This content is generally socially engineered to convince the victim to download a fake video viewer (in order to view that fabulous video), take a scam survey via a rogue app in order to win an iPad 3 or share a link that is infested with several redirects until it arrives at a malicious website. Expect more of this in 2013.

9- More search history poisoning

In early November, Researchers at Georgia Tech Information Security Center (GTISC) released their 2013 computer security threat forecast. It was interesting to note that the researchers mentioned tampering with a user’s search history as a new attack vector.

“If you compromise a computer, the victim can always switch to a clean machine and your attack is over,” said Professor Wenke Lee. “If you compromise a user’s search history and hence his online profile, the victim gets the malicious search results no matter where he logs in from.”

The benefit to the attacker is that such manipulations, when stored as part of an online profile indexed by a cookie, can survive many defensive measures. Such attacks can significantly change input to a search engine’s filtering algorithm, changing which sites a person sees.

 10 -More sophisticated Cybercriminal Attack “Premium” Toolkits

Sophos recently reported in their Security Threat Report 2013 that malware authors have become highly sophisticated in authoring the Blackhole Exploit Kit. The exploit kit combines both technical dexterity with a business model that could have come straight from a Harvard Business School MBA case study.

“In the coming year we will likely see a continued evolution in the maturation of these kits replete with premium features that appear to make access to high quality malicious code even simpler and comprehensive,” warns Lyne. –Infosecurity

Wikipedia describes ransomware as a class of malware which restricts access to the computer system that it infects, and demands a ransom be paid to the creator of the malware in order for the restriction to be removed.

Essentially online extortion, ransomware involves infecting a user’s computer with a virus that locks it. The attackers demand money before the computer will be unlocked, but once the money is paid, they rarely unlock it. –NYT

While your computer is locked, the cybercriminals can steal your private data; launch online banking and credit card fraud; and take full control of your computer and online life. Symantec Security Response director, Kevin Haley recently predicted that 2013 will see ransomware become the next big online scam.

How it works

According to the Internet Crime Complaint Center (IC3)  the latest version of ransomware uses the name of IC3 to frighten victims into sending money to the perpetrators. This version of the Citadel malware platform also claims that the user’s computer activity is being recorded using audio, video, and other devices. This is a very clever social engineering trick – designed to instill fear of potential criminal prosecution if the victim fails to comply with the perpetrator’s ransom demands.

Next, the victim is lured to a drive-by-download website that installs ransomware on the user’s computer. Once installed, the computer freezes and a warning screen is displayed warning the user that they have violated U.S. federal law. Then the perpetrator goes even further (instilling more fear in the victim), by stating that IC3 has discovered that the victim’s IP address has accessed child pornography or other illegal content. To unlock the computer, the victim is instructed to pay an IC3 fine by purchasing a prepaid money card.

How can you avoid ransomware?

Cocoon offers a better way to view the web and skips interactions with your hard drive, (Ransomware can encrypt your computer hard drive). Any fear of drive-by-downloads, malvertising or ransomware messing with your hard drive becomes obsolete. Cocoon works by securely connecting over any network to Cocoon’s servers, providing enterprise-grade virus protection and encrypting all interactions to prevent drive-by-download attacks.

The majority of Internet security risk factors for the back-to-school-gang can be controlled with the right online tools, the right attitude (a willingness to learn and apply the necessary strategies) and the desire to become proactive versus reactive.

1. Weak Passwords
2. Privacy 
3. Malware
4. Mobile App Risks
5. Unsecured Wi-Fi

The web is often the perfect playground for cybercriminals’ to snare victims. Social media houses the glitter with connections, apps, games and traps. Major search engines feed the curious, but can also circumvent legitimate searches and replace them with offensive content.

1. Weak Passwords

Using the same weak password across multiple sites gives a hacker an entrance to highjack all your online accounts; has the potential to steal bank login information and potentially wipe your bank account out.

A weak password such as 123456, password,  abc123, or using your first name or pet’s name as your password is the Achilles heel of online security.

Passwords are your first line of defense against cybercriminals. Create complex passwords for each site (do not share the same password at multiple sites), change them frequently and create accounts at sites that use good encryption.

The weakest link on social media sites is the use of weak (123456)  or common passwords (password). If you use passwords that can be traced directly back to you (Example: getcocoon) or use the name of your family pet (Example: cocoonpuppy) – these type of passwords can easily be figured out with a bit of social engineering and access to your Facebook page. Never use passwords that are associated with something that can be traced directly back to you.

How long would an online attacker using a password cracker at 1,000 guesses per second take to figure your password out? Let’s take a look at how effective your password is at GRC:

If your password is 5 characters long and uses:

*Just numbers, the time to “crack” = 1.85 minutes (Example: 12345).

*The full alphabet but doesn’t mix upper and lowercase, the time to “crack” = 3.43 hours (Example: alpha).

*The full alphabet and numbers 0 through 9 but doesn’t mix upper and lowercase, the time to “crack” = 17.28 hours (Example: alp12).

*The full alphabet and numbers with mixed case, time to “crack” = 1.54 weeks (Example: Alp12).

Use a combination of uppercase, lowercase, numbers and symbols

*If we combine the alphabet, numbers, mixed case and use 6 characters instead of 5, the time to “crack”  jumps to 1.84 years (Example: Alph12).

*If we go to 8 characters and throw in symbols like # % & *, the time to “crack” jumps to 2.13 thousand centuries (Example: Alph12*!).

 2. Privacy : Online Tracking

There are a number of companies that track your movements on the web and sell the information to the highest bidder in real time bidding…

“Already, the web sites you visit reshape themselves before you like a carnivorous school of fish, and this is only the beginning. Right now, a huge chunk of what you’ve ever looked at on the Internet is sitting in databases all across the world. The line separating all that it might say about you, good or bad, is as thin as the letters of your name. If and when that wall breaks down, the numbers may overwhelm the name.” –The Atlantic

Acxiom has a reputation of collecting data better than anyone else. They collect everything including websites, loyalty programs, retail point-of-sale data, self-reported sources, public records,  employment drug testing data, background checks, criminal histories, birth records, education data, vehicle identification numbers, driver’s licenses, marriage  licenses, and you can bet that they know what you feed your dog too.

Internet users should be informed that there are tools available, such as Cocoon, which give Internet users control of their private information and places a roadblock against online tracking.

3. Malware

Malware, otherwise known as malicious software is created by cybercriminals for the sole purpose of bringing some type of harm to your computer or mobile device. Whether it is used for spying on you, stealing your passwords or personal data, holding your computer or device for ransom, conducting financial theft, or targeting you for membership in a botnet - the final outcome is never intended to be in your favor.

Malware is a blanket term that can include viruses, Trojans, spyware, root kits, adware, worms, key loggers, web hijackers and other malicious scripts. It can be hostile, intrusive, insidious, annoying; or lay dormant for a time.

Malware is no longer a threat that is exclusive to desktop operating systems. The RSA 2012 CYBERCRIME TRENDS REPORT white paper stated that 2011 marked the year of new advanced threats on a global basis. In 2012, cybercriminals are finding new and innovative ways to monetize non-financial data, while hacktivism is on the rise. They predict that “InfoStealers” for the mobile platform will emerge with Trojans that are designed to “keylog touch-screen input and monitor data traffic through the mobile device.”

4. Mobile App Risks

From unregulated practices in mobile advertising to cell tower dumps, our mobile privacy is under constant attack. We’ve come a long way since Martin Cooper’s Dyna-Tac 2.5 lb brick (1973); but in 2012 mobile users are still shaking at the short end of the mobile privacy stick.

Cyber-crooks develop rogue apps to steal private data such as passwords, credit card information and piece together personal information in order to commit identity theft.

A recent study on Mobile Privacy Policies from the Future of Privacy Forum, stated that out of the free apps surveyed, 66 percent had privacy policies, while only 33 percent of the paid apps had privacy policies.

Many mobile apps need advertising in order to continue offering “free” apps. Some ads are invasive and take too much data from a user’s phone or they may install software in the background without user knowledge. Many mobile apps also routinely send data to marketing companies and use the collected data to compile dossiers on mobile phone users.

*Only download apps from well-known and trusted sources.

*Avoid downloading apps that have only been downloaded a few times, have few or no ratings, and no privacy policy.

*If a free app that you like has an upgrade and a no-advertising version is available – purchase it!

Mobile malvertising is another vector for attack. The ads look genuine, but when the user clicks on a malvertised ad they end up at a malicious site that downloads malware to their device.

Aggressive ad networks are much more prevalent than malicious applications. It is the most prevalent mobile privacy issue that exists,” Kevin Mahaffey, Lookout’s technology chief and co-founder, told Reuters in an interview.

5. Unsecured Wi-Fi

Airports, restaurants, coffee shops, businesses, dentists, libraries and even public parks offer public access to Wi-Fi for free. Surfing unsecured hotspots can open your data pipeline to some very unsavory characters.  Whether you use it for convenience or because there is no other Internet connection available — the bad guys still have all kinds of tools to gather and steal information from you.

Conclusion

Browsing the Internet with Cocoon will route all of your traffic through our encrypted servers, so prying eyes cannot see it. This is especially valuable on a public WiFi network where man in the middle attacks commonly occur.

The use of Cocoon while surfing Facebook, banking, or shopping on a public network will keep lurking predators from hijacking your private session.

Cocoon’s encrypted tunnel will ensure that viruses and malware never reach your computer. This highly decreases your chances of becoming part of a botnet, having your personal data stolen, or worse. Don’t give cyber criminals the advantage, stay safe and be vigilant.

Fortunately, Gauss left a calling card: Infected computers received a custom font called “Palida Narrow,” so testing for infection is as simple as finding the font. –Jared Newman, PCWorld

Both Kaspersky and CrySyS offer free Gauss online detection tools for windows users. Gauss is cyber surveillance malware that is designed to collect information about infected systems, as well as steal login credentials from banks, email, instant message accounts, and social networking sites.

The Kaspersky Lab Global Research & Analysis Team (GReAT) white paper state that Gauss was designed for 32-bit Windows operating systems, though some modules do not work under Windows 7, SP1. There is also a separate spy module operational for USB drives that are capable of collecting information from 64-bit Windows operating systems.

The new malware, dubbed Gauss for an in-code reference to a German mathematician, is designed to “steal and monitor data from clients of several Lebanese banks,” among other nefarious abilities. The code also includes some kind of “special warhead” that is so well encrypted that Kaspersky has been unable to identify it. –Lee Ferran | ABC News

Gauss is designed to collect information and send the data collected to its command-and-control servers. Information is collected using various modules, each of which has its own unique functionality:

1- Injecting its own modules into different browsers in order to intercept user sessions and steal passwords, cookies and browser history.

2- Collecting information about the computer’s network connections.

3- Collecting information about processes and folders.

4- Collecting information about BIOS, CMOS RAM.

5- Collecting information about local, network and removable drives.

6- Infecting USB drives with a spy module in order to steal information from other computers.

7- Installing the custom Palida Narrow font (purpose unknown).

8- Ensuring the entire toolkit’s loading and operation.

9- Interacting with the command and control server, sending the information collected to it, downloading additional modules.

It is currently unclear to security researchers what the motive behind Gauss is, but it is definitely focused on the financial industry for both information and potential profit. It is most likely that a nation-state is behind the initial creation of Gauss and it will most likely lead to toolkit commercialization in underground markets.

This type of malware will get repurposed, so don’t expect  the Palida Narrow font to remain as an indication of potential infection for long.

Source: SecureList:Gauss: Abnormal Distribution.

Mobile device malware threats

is getting ugly…

Storified by Get Cocoon · Tue, Aug 07 2012 11:25:44