Hacking

Your Best Hacker Defense ... Revealed

Infosec Institute
February 3, 2015 by
Infosec Institute

I have a secret for avoiding malware infection on my phone, on my desktops, and on my laptops. It's an extra special secret! It works on all operating systems -- Windows, Mac OS X, Android, iOS, GNU/Linux distros, BSD/Unix distros... you name it!

Make sure you're sitting down as you read this, because what you're about to read will shock you. Once you know the truth behind my secret, your life will never be the same!

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

We all depend on our phones, tablets, PCs, and servers to do work and have fun. Although we can run software on those devices for certain purposes that don't require the Internet, what would we do without it? How can you possibly share selfies on Instagram, watch cat videos on YouTube, watch porn on RedTube, tweet celebrities on Twitter, email your boss with Gmail, install apps from Google Play, fight trolls on Reddit, check up on Grandma with Facebook, buy stuff you don't need from Amazon, pirate movies with BitTorrent, and kick ass on Xbox Live without the Internet? You couldn't! I guarantee it!

Viruses, trojans, spyware, and other types of malware can infect your phone or PC and ruin your life! We've all had to deal with malware at some point or another. What a headache!

Did you know that most malware comes from the Internet? Yep, it's a scientific fact. The viruses that can turn your computer into an expensive paperweight come from the same place as webpages, email, and P2P filesharing do. They come through your computer's TCP/IP stack! Did you know that your phones and tablets are computers too? They are!

Blackhats love the Internet as much as you do. It gives them a way to access your computers and do really bad stuff, whether they know you or not!

Blackhats do a lot of their bad stuff by making malware and using the Internet to put it on your favorite computerized devices. Antivirus software should be on all of your computers, from smartwatches, to smartphones, to notebooks, to supercomputers. Frequently updated antivirus software will prevent a lot of malware infections... but not all of them!

I know the secret to avoiding many malware infections that antivirus software may or may not prevent.

I'm just an ordinary woman from Toronto, Canada. What I'm about to say will shock you. Hackers hate me! Be careful who you share my 1 weird tip with, because what I know is top secret!

Scroll down for more... Shhhhh!

My secret is... Healthy Skepticism™.

Healthy Skepticism™ is a powerful antivirus tool... Can you handle it?!

If you don't already have it, I'll sell it to you for thirteen easy payments of only $6.66!

So, how does it work?

Healthy Skepticism Can Protect You From Trojans

In the information security world, a trojan is malware that fools you into thinking that you want it. You let it get into your device because you enable it, by lacking Healthy Skepticism™. If you're reading this, chances are that you're a computing professional and you already know that. But do your friends know that? Does your family? Do your non-IT department coworkers know?

If you share my 1 weird tip with them, they can prevent trojan infections themselves! Then, hackers will hate them too. Shhhhhh!

Trojans can take many different forms. They're crafty like that. They can manifest as a banner ad on a webpage, an email attachment, fun free games and screensavers for your PC, a torrent for the hottest new Hollywood movie or pornographic flick, a pop-up window, or apps in the iOS App Store and the Google Play Store. As trojans and social engineering techniques grow and evolve, the trojan possibilities are only limited by blackhats' imaginations. So, expect trojans to appear in many new ways in the future.

Did you click on a real 1 weird tip ad? Oops!

Blackhats can be very sneaky. Malware can be filebinded to pretty much any file type. Hyperlinks can direct malware to your computer by leading you to websites or applications that are designed to wreak havoc on your computer. Seemingly innocent things you see on your PC or phone can look so tempting, but be so deceptive.

Trojans require some action from a user, usually by clicking on something, or agreeing to download or install something. So they use social engineering to fool you. Does something sound too good to be true? It probably is!

As I tell you about my top secret Healthy Skepticism™ with you, I'll share a few incidents of mobile app trojans. Then, I'll share a few incidents of banner ad trojans. Keep in mind that those are just two of many different types of trojans.

What you're about to read will shock you!

Mobile App Trojans

Google and Apple do their best to prevent trojans from entering their Google Play Store and App Store. But often, they might not know that an app is trojan malware until thousands of people have installed it already. Healthy Skepticism™ works great for preventing infection from these trojans, like all other types of trojans. Here are some examples of terrible incidents that Healthy Skepticism™ could have prevented from happening to you.

Sexy Girls

One particular mobile app trojan was discovered on January 22nd by Malwarebytes' Nathan Collier. Titled Sexy Girls Wallpaper Gallery, it was available in Android's Google Play Store since May 16th, 2014, if not earlier. It has since been removed by Google.

If you were one of the unfortunate Healthy Skepticism™ lacking people who installed it on your phone or tablet, you would indeed enjoy wallpapers of "sexy girls." But those lovely ladies hid a special surprise!

By exploiting Android's GET_ACCOUNTS permission and subsequent getAccountsByType() function, Sexy Girls emails your sensitive Facebook, Twitter, and Google account credentials to a remote server. The blackhats behind that remote server could use those credentials to log into your accounts without your knowledge.

About 50,000 to 100,000 people installed the trojan on their Android devices. Chances are that a lot of people were badly hurt by that exploit. The blackats could pretend to be their victims. They could even possibly use your Google account to access your Google Wallet. Ouch!

A little bit of computer literacy and Healthy Skepticism™ would've had users look at all the unnecessary permissions a seemingly simple wallpaper app was asking for before deciding to install it. Why would an app need access to your identity just to display pretty women on your phone? Healthy Skepticism™ could have also urged you to read user reviews of the app before deciding to install it.

Reading Google Play Store app user reviews is easy! While you're in Google Play Store, just scroll down to read those reviews before you decide to scroll up and tap on "Install." If any of those reviews say something to the effect of "a spammer started using my Twitter account after I downloaded this stupid thing," don't tap on "Install."

If the user reviews don't trigger your Healthy Skepticism™, you still have another chance to prevent trojan infection. After you tap on "Install," the Play Store will show you which permissions the app wants. Do they seem suspicious based on what the app is supposed to do? You have to accept app permissions before Google Play will download and install an app to your phone, so use Healthy Skepticism™, and read them carefully!

Trojan-SMS.AndroidOS.Opfake.a

Although many trojans have come from the Google Play Store, you're even more likely to get a trojan Android app from outside of the Play Store.

In May 2014, Kaspersky Lab discovered an Android trojan that many victims got through SMS, which Kaspersky calls Trojan-SMS.AndroidOS.Opfake.a.

That particular trojan really tests Healthy Skepticism™, because a victim would get a text message from the device of someone they trust and actually exchange text messages with. But the victim's friend, loved one, or colleague didn't actually send the text from their device; the trojan their phone was infected with did. That text would put the same trojan on the recipient's device, which would then send the same trojan texts to their other SMS contacts. How very meta!

Trojan-SMS.AndroidOS.Opfake.a also did other nasty things, like replace web browser bookmarks with links to malicious websites and spam text expensive toll numbers to run up a huge financial expense for the victim. That money probably went to the blackhats... ah ha! There's the motive!

Many excellent mobile antivirus apps such as Lookout screen SMS messages for malware, and warn you about texts that may be malicious. But antivirus software can't prevent zero-day attacks most of the time, because they usually depend on signatures.

You know what might prevent a zero-day? You guessed it! Healthy Skepticism™! Would your brother send you a text that says "Here's a fun game, click here!" Probably not. If you don't "click here," you'll probably prevent an infection.

Simply Find It

Do you think that mobile app trojans only affect Android users? If you do, you really do need Healthy Skepticism™.

In 2013, there was an app in the iOS App Store called Simply Find It. Insultingly, you'd have to spend $2.00 to install it on your iPhone.

Bitdefender determined that the game contains what they identify as Trojan.JS.iframe.BKD. Simply Find It contained Payload/SpotDiffHD.app/day.mp3. The day.mp3 file contains iframe src="http://x.asom.cn" in its code.

There's absolutely no reason for a music file to contain a web hyperlink. Lots of cyberattacks come from URLs with the .cn Chinese top-level domain. Music files that contain hyperlinks trigger my Healthy Skepticism™.

When Bitdefender discovered the trojan, other iOS antivirus apps didn't catch it.

Web Trojans

Hackers will hate me even more when I share my top secret knowledge of a couple of many web-based trojans. Are you ready?

The DoubleClick Trojan

DoubleClick is a banner ad network that was purchased by Google in 2008. You've probably come across countless DoubleClick banner ads over the years.

Back in 2004, some of DoubleClick's banner ads, unbeknownst to DoubleClick, were discovered to be malicious. They installed Browser Helper Objects (BHOs) which exploited Internet Explorer vulnerabilites that existed back then.

The banner's code triggered a series of exploit scripts that made IE install spyware. But like all trojans, they needed user interaction -- the user would have to click on the ad to get infected.

Some of those ads led to malware that stole sensitive banking information, and others installed software keyloggers, which are a form of spyware.

I'll safely assume that some of those ads said things like "Congratulations! You're the 1 Millionth visitor to this website! Click here to receive your prize!"

DoubleClick did their best to remove the trojans from blackhat advertisers. Now that they're owned by Google, they probably do a better job of preventing malware transmission. But the risk is always there... So users need Healthy Skepticism™!

The Right Media Trojan

Yahoo owns a banner ad network equivalent to Google's DoubleClick, Right Media.

In 2007, security firm ScanSafe discovered that some of Right Media's ads may have run on user's machines several million times.

They used Adobe Flash, and unlike DoubleClick's trojan, victims didn't even need to click on the ads to get infected. All they needed to do was visit the webpages that contained the embedded Flash applets.

In response, Right Media said, "We became aware of a Trojan ad introduced into the Right Media Exchange by a member network. The ad has been identified as a high risk creative and banned from the exchange. However, we cannot control what happens elsewhere on the net. We continue to enhance our protective tools and are committed to finding ways of keeping this type of activity away from consumers and publishers."

The identified trojan exploited IE vulnerabilites, once again.

Microsoft Silverlight Netflix Trojan

If you don't think that web-based trojans are a major threat anymore, you need Healthy Skepticism™.

Silverlight is Microsoft's equivalent to Adobe's Flash for embedding dynamic content and apps into webpages.

Millions of Netflix customers enjoy their service through their web browsers.

Last May, Cisco discovered that blackhats were exploiting Netflix's web app, which requires Silverlight for all web browsers in both Windows and Mac OS X. The blackhats infiltrated AppNexus' advertising network to insert malicious ads between shows.

Clicking on one of those ads would launch a malicious webpage that'd trigger a drive-by download of the Angler exploit kit, which targeted vulnerabilites in all major web browsers. Then, your computer would be under the blackhat's wicked spell!

You can suppress the urge to click on malicious ads with the help of Healthy Skepticism™.

Trojans come in many, many, different forms, not just those like the app and web trojan examples I cited. Trojans are all malicious software and code that uses social engineering to fool users into triggering them.

Healthy Skepticism™ not only prevents trojan infection, but all other forms of social engineering attacks as well.

If you already have Healthy Skepticism™, you may need to share this article with people in your life who may require this super powerful antivirus tool.

But please don't, because hackers will hate you!

* Healthy Skepticism™ isn't a real trademark, to the best of my knowledge.

** Please don't send me thirteen easy payments of only $6.66 for Healthy Skepticism™.

*** You don't need to ask your doctor before using Healthy Skepticism™.

**** Healthy Skepticism™ comes with Satire Identification™ for no extra charge!

***** I'm pretty sure Satire Identification™ isn't a real trademark, either.

****** No BS Detectors™ were harmed in the creation of this article.

******* Therefore, BS Detectors™, I'm almost absolutely sure, isn't a registered trademark, either.

References

'Sexy Girls' wallpaper app in Google Play Store accessed account info- Adam Greenberg, SC Magazine

http://www.scmagazine.com/sexy-girls-wallpaper-app-in-google-play-store-accessed-account-info/article/394512/

Account Stealing Wallpaper App Found In Google Play Store- Nathan Collier, Malwarebytes Unpacked

https://blog.malwarebytes.org/mobile-2/2015/01/account-stealing-wallpaper-app-found-in-google-play-store/

Mobile Threat Monday: Android Trojan Turns Your Phone Into A Nasty Spam Factory- Max Eddy, PCMag

http://securitywatch.pcmag.com/mobile-security/323941-mobile-threat-monday-android-trojan-turns-your-phone-into-a-nasty-spam-factory

iOS app contains potential malware- Lex Friedman, MacWorld

http://www.macworld.com/article/2037099/ios-app-contains-potential-malware.html

Phishing Attacks Using Banner Ads to Spread Malware- Rich Miller, Netcraft

http://news.netcraft.com/archives/2004/08/06/phishing_attacks_using_banner_ads_to_spread_malware.html

Yahoo's Right Media had Trojans in banner ads- Elinor Mills, C|Net

http://www.cnet.com/news/yahoos-right-media-had-trojans-in-banner-ads/

Criminals Target Netflix Users Via Microsoft Flaws- Jill Scharr, Tom's Guide

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

http://www.tomsguide.com/us/cybercriminals-netflix-microsoft-silverlight,news-18807.html

Infosec Institute
Infosec Institute

Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training.