At some length… I’ll probably come back to the topic of virus hoaxes. They haven’t disappeared, but tended to migrate from email to social media. Meanwhile, here’s my article for ITSecurity UK.
It suddenly occurs to me that while I usually flag my articles on support scams to readers of this blog, I hadn’t mentioned an article I recently published on the ESET WeLiveSecurity site.
I returned in this case to the theme of what to do if a scammer actually gets a foothold on your system, because I still see a number of blog comments from people worried about the implications of such an intrusion and wondering what action they need to take.
These days, I don’t even try most of the time to keep track of spam/scam/phish emails, but here are a couple of notable recent examples from my colleagues at ESET Ireland:
I think it’s safe to assume that there will be similar mails seen in other regions.
Here are a couple of articles on Facebook scams I thought it was worth flagging:
[Reblogged from the AVIEN blog]
A slightly opaque story about TalkTalk and arrests at the Indian call centre it’s been using to lighten its support load.
Adding to AVIEN’s Support Scam Resource Page, though it’s not clear exactly what the scam was from TalkTalk’s statements.
Already posted to Mac Virus, because of the particularly severe effect on Safari. However, the warning about shortened URLs is true of any system.
“On some iPhones and iPads, the glitch may cause your iOS device to reboot.”
Stay Smart Online observes that:
View original post 62 more words
For Graham Cluley’s blog, David Bisson summarizes the story of how Symantec ended its agreement with one of its partners after Jérôme Segura reported for Malwarebytes on how the partner was using tech support scam techniques to trick customers into buying Norton Antivirus and a year’s support at prices well in excess of the pricepoint set by Symantec.
I commented (again) at some length on the AVIEN blog: Support Scams and the Security Industry.
It’s traditional at this time of year for security researchers to risk their credibility by offering their predictions as to what will happen in information security in the next 12 months. Usually in multiples of ten. Or at least the unhidden one-tenth of the researcher iceberg spending enough time in the public eye to attract the attention of journalists and their own PR departments.
Apparently there’s a perception that the public loves a list, even if it’s a list of sort of glamour-free topic that preoccupies the security industry.
Happily, my own accelerating slide into old age, grumpiness, and the obscurity that tends to accompany (semi-)retirement has allowed me to avoid the worst excesses of this tradition in recent years. Though I don’t say that it’s totally without interest. As I said elsewhere some years ago:
Security prognostication isn’t science: it’s more like science fiction, and classic science fiction isn’t about the future, but the present. A view of the future refracted through today’s trends may be through a glass darkly, but it’s not valueless.
And while I don’t intend to make any predictions about developments in malware/anti-malware technology, perhaps I will mention some issues that I think will be discussed over the coming months.
OK, it’s not a top ten. But it’s providing me with more than enough issues to worry about at the moment. Nevertheless, while I was working on the above list, I was persuaded to contribute to a ‘brief, occasionally tongue-in-cheek view from a number of ESET researchers on what they expect 2016 will bring.’
So these were my additional thoughts:
If you’d like to see what my colleagues at ESET North America thought (and their suggestions are certainly worth reading), you can read them here: ESET predictions and trends for cybercrime in 2016.
But what was that about Hello Barbie? Well, I described here how Barbie is in trouble again, though at least she isn’t spreading viruses this time. It could certainly be said that she’s still failing as a role model, though. At any rate, the Campaign for a Commercial-Free Childhood is worried enough by Hello Barbie, a Wi-Fi enabled version of the doll with an embedded microphone intended to transmit what the child who owns it says to cloud-hosted voice recognition software.
The CCFC article articulates concerns that analysis of the child’s conversations will be used to elicit information about the child’s interests and family, and that play will be driven by Mattel rather than the child. Mattel’s policy on the data it collects, including audio data, is stated here and much is made of its limited nature. According to an article in The Register dating back to the announcement of the Pink Fink, Big Blue are moving in a similar direction with a Green Dinosaur. (This is starting to look like a Rainbow Coalition with overtones of Zippy and Bungle.)
It may not have escaped your notice that this is the (probably inevitable) next step from furry devices like Teddy Ruxpin and Furby, which only played back pre-recorded material and had no recording capability. It’s a big step, though. I have no grounds (apart from nearly seven decades of scepticism and downright cynicism) for disbelieving Mattel’s assurances that children will not be bombarded with advertising, but the acceptance of this level of ‘eavesdropping’ with the potential for conversational data to be transmitted far beyond the walls of home and reviewed by outsiders has ‘interesting’ and disconcerting implications, despite Mattel’s own safeguards. Other parties may be less scrupulous.
There’s no word yet on whether NSA staff will be banned from bringing their Barbies to the office.
A happy and prosperous new year to you. Don’t let the bugs byte.🙂
Small Blue-Green World
ESET Senior Research Fellow
Commentary for AVIEN on the State of Washington’s legal action against iYogi, accusing the company of a range of activities suggesting tech support scamming: iYogi tech support – sued by State of Washington.
Also added to the AVIEN Tech Support Scam Resources page.
It’s not unusual to see dubious memes spreading on Facebook (and elsewhere) but I’ve seen so many today I feel obliged to comment on some of them.
Unfortunately, Facebook has taken on the role of dissemination of uncritically accepted hoaxes and half-truths that used to make managing corporate email such a pain. It’s really worth checking the validity of these claims, even if the person who shares them with you is your best friend. You know what Abraham Lincoln said…