Attention gamers: You’re targets for crime!

Video games have gone since the late 1970s and early 1980s from being a small offshoot of the “traditional” computing industry to becoming a full-fledged multi-billion dollar industry in themselves. Today, companies like Microsoft, Nintendo and SONY generate billions of dollars from sales of games and gaming consoles.

To get an idea of just how pervasive computer gaming is, let’s look at these successful games and consoles, and match them up with some other real-world numbers:

ITEM
NUMBER
EQUIVALENT TO
The Sims 175 000 000
(copies sold over 15 years)
Combined population of Austria, Belgium, Denmark, Germany, Liechtenstein, Luxembourg, Netherlands, Poland, Slovakia and Switzerland
World of Warcraft 7 600 000
(avg. # players over
last 4 quarters)
Cost of 2014 upgrades (in
USD) to Kensington Palace,
United Kingdom
8th generation console units 18 680 000
(PS4+Wii+XBONE units shipped/sold)
Average number of viewers per
episode of Big Bang Theory
during its 2012-2013 season

Computer gaming is a huge and a wildly successful market, and as in any system that works at scale, there are going to be so-called businessmen or entrepreneurs who “seek to optimize their return on investment through whatever means possible” or, to put it more succinctly, criminals who abuse the ecosystem.  But in virtual worlds, can real crimes occur?

The sale of virtual goods (including virtual currencies) is an important part of in-game economies, but also presents criminals with some unique opportunities as well, such as theft of in-game goods, counterfeiting items and gold farming. But computer criminals don’t just target gamers:  Gaming companies themselves can be targeted as well.  Probably the most well-known example of this is the April 2011 breach of the SONY PlayStation Network gaming and Qriocity music streaming service, which resulted in the compromise of the names, addresses and credit card details of 77 million user accounts. ESET provided extensive coverage of the SONY data breach in our blog, starting from the initial report of the breach in April 2011 all the way up to the proposed settlement of a week ago.

For the most part, computer gaming poses no additional risks beyond any other activities you might perform on the Internet.  You may, however, wish to take a few extra precautions, as outlined in the previous two articles from We Live Security:

This is a shortened version of Aryeh Goretsky’s article on We Live Security. Go here for the full story.

How to hack someone’s account? Ask them for their password!

ESET Ireland has been following a surge of phishing emails redirecting users to faked banking, PayPal and Microsoft account sites for harvesting login details.

Although a surprisingly large number of people still use passwords like “12345” or “password” for their various accounts, cybercriminals have taken an easier route than trying to hack into peoples’ accounts. “Ask and you shall receive” seems to be their motto, so they send out emails that pretend to be coming from legitimate sites, notify the user of some unusual activity, and ask them to confirm or deny that activity by “signing into the service”. Except that the service in question isn’t actually there, but a faked site instead, which diligently logs all usernames and passwords entered and delivers them to the happy scammers.

In the past weeks, ESET Ireland has received several different emails of the same nature, and here are some examples:

1. Bank of Ireland

An email purporting to come from Bank of Ireland, claiming your account requires and update and providing a fake link “Click here to complete update”. The email has some bad spelling errors which give it away.

Fake Bank of Ireland email

Fake Bank of Ireland email

 

2. iTunes

An email pretending to be from iTunes, thanking you for purchasing “World Of Go” for €9.65 , then adding “If you did not authorize this purchase, please visit the iTunes Payment Cancellation Form within the next 12 hours in order to cancel the payment,” which requires you to “log in” to the fake iTunes site.

Nice of them to respect our privacy, eh?

Nice of them to respect our privacy, eh?

 

3. PayPal

An email looking like a detailed payment receipt, mimicking PayPal, with all the usual PayPal visual clues, claiming you paid $208.00 USD to Agoda Company online hotel booking site, adding “If you haven’t authorized this charge, click the link below to dispute transaction and get full refund – Dispute transaction (Encrypted Link).” The link, of course, isn’t encrypted and simply leads to a PayPal lookalike login harvesting site.

paypal1

Fake link in “Encrypted link”

kkk

“expert-italia.it” address instead of “PayPal

 

4. Microsoft

An email abusing Microsoft’s name, with the subject line “Microsoft account unusual sign-in activity” that claims they detected unusual sign-in activity into your account, supposedly from South Africa, which is meant to make people suspicious, then offering a solution “If you’re not sure this was you, a malicious user might have your password. Please Verify Your Account and we’ll help you take corrective action.” Of course the only action they’ll be taking is signing into your account with the login details you just provided.

Legitimate looking email.

Legitimate looking email.

“yazarlarparlamentosu.org” instead of “Microsoft Corporation”

“yazarlarparlamentosu.org” instead of “Microsoft Corporation”

hhh

Actual Microsoft account log in

 

What should you do?

First of all, stay informed. The scams you know about are less likely to catch you off guard. We regularly keep you updated on our blog here or on ESET’s We Live Security.

Read such mails carefully, checking for clues. If the email had spelling errors or used poor language it is likely faked. A lot of the scammers come from countries where English is not their first language and they give themselves away. Also goes for similar scams as Gaeilge, where they likely used Google translate to try to fool native Irish speakers.

Do not click on links in emails. Even if you do have a Microsoft account and are alarmed by such an email, open your browser and go to Microsoft site directly. Also make sure the website’s address looks correct. In the case of the faked Microsoft one above, the website address read “yazarlarparlamentosu.org”, which is clearly not “Microsoft”

If you suspect you may have fallen for one of these tricks, change your passwords. To be sure, change them in regular intervals anyway.

If the email you received looks like it’s coming from your bank, pick up the phone and ring them instead of just clicking. They’re accustomed to scams like these and will advise you appropriately.

Think before you click and enjoy safer technology!

 

by Urban Schrott, ESET Ireland

5 Tips for protecting Windows XP machines after April 8, 2014

Microsoft will cease providing security updates for this operating system on April 8, 2014. Microsoft will release its final security updates for Windows XP, and stop providing support and fixes for it. The operating system will still function the same way it has, and all old updates and fixes will still be available, but regular system updates are used to repair exploits and patch existing security vulnerabilities.

If you cannot get away from Windows XP just yet, there are still a few things you can do to defend your XP machines:

  1. The first thing is to make sure that you back up your computer’s files regularly, and periodically test your backup strategy by restoring backups, preferably on a different computer, a few times a year. This helps ensure that in the event of a catastrophe, you will still have access to the information on your computer. The time to worry about your backups is not when faced with a virus, fire, earthquake or other calamity.
  1. The next thing to do is to make sure that your copy of Windows XP is up-to-date. Although Microsoft will stop making new updates for Windows XP after April 8, 2014, all of the old updates from before then will still be available, and should be applied! This also applies to the device driver software (a device driver is a computer program that allows the operating system to communicate with a particular kind of hardware), which may be available from your computer manufacturer or Microsoft’s Windows Update web site.
  1. In addition to the operating system and drivers, you should also make sure you have the latest versions of your application software on the computer, and that those are fully-patched and updated. Programs like Adobe Flash, Adobe Reader and Oracle Corp.’s Java are frequently targeted by the criminal gangs that develop and use malware, so keeping these up-to-date is just as important as looking after the operating system. Other software that you use, such as Microsoft Office, web browsers and so forth, should be on the latest version and have the latest patches applied as well.
  1. If the computer does not have to be connected to the Internet, disconnect or disable the connection so that the PC can only connect to other machines on the same non-Internet network. This will ensure that Internet-borne threats cannot directly attack your XP PC, and will make it harder for an attacker to steal data off the computer.
  1. Make sure your security software is up-to-date, as well. There are lots of security programs available for Windows XP, and most of their authors have committed to supporting Windows XP for years to come. Some are free, while others are sold as a subscription. A discussion of the features needed to protect Windows XP is outside the scope of this article, but at the very least, I would recommend looking for a security program that combines signature-based and heuristic detection, includes a firewall, and has some kind of host intrusion protection system. Vulnerability shielding and exploit blocking will be useful as well, as Windows XP will no longer be updated by Microsoft to protect against these types of attacks.

While these tips will help, your main goal should be figuring out how to move away from Windows XP. If it is simply a matter of replacing a critical application, work out the cost and build that into your operating budget, likewise for computer upgrades or even replacement computers. That may be a capital expense, and an unwanted one in this economy, however, it is still better than going out of business because outdated computers failed or critical data was stolen.

Having to replace working computers every few years is not fun, but, like other mechanical equipment, computers do wear out and need to be replaced. Software, too, gets updated periodically, not just with security patches, but new features and functionality as well, that can improve your bottom line.

For readers who are using ESET for their anti-malware protection, ESET is committed to supporting the Microsoft Windows XP operating system for 32-bit and 64-bit versions of ESET products at least until the end of April, 2017.

by Aryeh Goretsky

ESET will not end Windows XP products support

windows-xp-54321-623x420

After 8th April 2014, Microsoft will no longer provide system updates for Windows XP.
ESET will support the Microsoft Windows XP versions of ESET products at least until the end of April 2017.

Q: What exactly happens on April 8, 2014? Will Windows XP stop working?
A: On April 8, 2014, Microsoft will release its final security updates for Windows XP, and stop providing support and fixes for it. The operating system will still function the same way it has, and all old updates and fixes will still be available. Regular system updates are used to repair exploits and patch existing security vulnerabilities.

Q: Will ESET products and virus definitions on Windows XP still be updated?

A: Yes. At least until the end of April, 2017 ESET will maintain support for customers with ESET products installed on the Windows XP operating system and will continue to offer the following services during that period:

  • Regular virus signature updates for the latest threats
  • Consistent updates to other parts of the antivirus engine
  • ESET Customer Care support requests

Currently, ESET still supports and provides updates for endpoint products that work with Windows NT 4.0 and Windows 2000, both of which reached end of life (EOL) status in 2004 and 2010, respectively.

Q: Will all versions of Windows XP cease being supported by Microsoft after April 8, 2014?
A: No, not all. Windows XP Professional for Embedded Systems, a special version of Windows XP used in devices such as cash registers, ATMs and ticket machines, etc., will be supported until December 31, 2016. However, that date is fast approaching and if you have devices running XP Embedded you will eventually need to replace or update them.

Q: Are other Microsoft programs going to cease being supported?
A: Microsoft Office 2003 will no longer be supported after April 8, 2014. The next major end of life date is July 14, 2015, which is for Windows Server 2003. If your office has any servers left running Windows server 2003, you should be planning on updating or replacing them as well.

Q: I have to run Windows XP and cannot upgrade or replace my PC. Is there anything I can do to protect myself?
A: Make sure that your copy of Windows XP is fully patched and all your applications are on the latest versions with the latest patches as well. Please note that while your service from ESET will not change, your system could become more vulnerable to threats because it will no longer receive regular system updates from Microsoft.

We recommend that you use the latest version of your ESET product to maintain the highest degree of protection possible with the non-updated Windows XP operating system.

To maintain the highest level of security, we recommend that you upgrade your operating system or move your important data onto a computer with a more current operating system.

by Urban Schrott and Aryeh Goretsky

Time to Move On From Windows XP

The world today is a much different place than it was in 2001 when Microsoft released Windows XP. With Windows XP Microsoft combined features to handle games and multimedia for consumers, and to provide stability and reliability for businesses. This strategy made for a wildly popular operating system. Now, thirteen years later, Windows XP comes to an end of sorts on April 8, 2014. After this, Microsoft will cease providing security updates or support for this venerable operating system.

Consider how your own use of technology has changed, in the last 13 years: In 2001, my home PC had an Intel Pentium 4 processor that ran at 1.8GHz and a gigabyte of RAM. Today, my home PC has an Intel Core i7 processor that runs at 3.7GHz and 32 gigabytes of RAM. While the processor in today’s PC appears to be only twice as fast as my computer from 2001, such comparisons are misleading. The actual difference in performance between the two is closer to 60-fold, and even faster for some operations. And my Internet connection? That went from just under a megabit-per-second to 20 megabits, a twenty-fold increase in speed.

Technology evolves, and just as our computers have changed, so has the software they run. Microsoft Windows is no exception to the rule, especially when it comes to security.

Numerous updates to Windows XP were released over the years, including three giant Service Packs in 2002, 2004 and 2008 that not only fixed numerous vulnerabilities that had left Windows XP open to attack, but added new features. In 2007, Microsoft’s struggle to release the successor to Windows XP ended with the release of Windows Vista. Microsoft then resumed releasing operating systems on a two-year cycle. Windows 7 arrived in 2009 and Windows 8 in 2012, just a little behind schedule.

Each new version of Windows has not only brought new features, but greatly strengthened security. The six-year gap between Windows XP and Windows Vista and the lackluster response to Windows Vista meant that a lot computers remained on Windows XP. Those computers remained vulnerable to attacks that, if they were not blocked completely by newer versions of Windows, were at least much more difficult for attackers to exploit successfully.

What you can do

If your home or business PC is still running Windows XP, it is not too late to upgrade.

I do not recommend going to Windows Vista, simply because support for it will be ending in 2017. Microsoft will stop supporting Windows 7 in 2020, and Windows 8.1 in 2023. From a security perspective, Windows 8.1 is a great improvement, but the interface is very touch-focused. Unless you are using a touchscreen, you might be better off upgrading to Windows 7 or using a program that makes the Windows 8.1 interface more like an earlier version of Windows. Computers running Windows 7 are still available from stores and computer manufacturers online.

The business-focused editions of Windows 7 (Professional, Ultimate and Enterprise) can run Windows XP Mode, which embeds the older version of Windows inside the new one.  This might let you run a last remaining application requiring Windows XP, at least until it is replaced. Keep in mind Windows XP Mode suffers identical issues to Windows XP and is a bridge to replacement of Windows XP, not a means of prolonging XP’s life. Windows XP Mode is not available for Windows 8.1.

XP Questions and Answers

Q: What exactly happens on April 8, 2014? Will Windows XP stop working?
A: On April 8, 2014, Microsoft will release its final security updates for Windows XP, and stop providing support and fixes for it. The operating system will still function the same way it has, and all old updates and fixes will still be available.

Q: Will all versions of Windows XP cease being supported by Microsoft after April 8, 2014?
A: No, not all. Windows XP Professional for Embedded Systems, a special version of Windows XP used in devices such as cash registers, ATMs and ticket machines, as well as various industrial and scientific equipment, will be supported until December 31, 2016. However, that date is fast approaching and if you have devices running XP Embedded you will eventually need to replace or update them.

Q: Are other Microsoft programs going to cease being supported?
A: Microsoft Office 2003 will no longer be supported after April 8, 2014. The next major end of life date is July 14, 2015, which is for Windows Server 2003. If your office has any servers left running Windows server 2003, you should be planning on updating or replacing them as well.

Q: I have to run Windows XP and cannot upgrade or replace my PC. Is there anything I can do to protect myself?
A: Make sure that your copy of Windows XP is fully patched; all your applications are on the latest versions with the latest patches as well; your PC is not just regularly backed-up, but you are testing those backups by periodically restoring them; your PC is running up-to-date security software; and you should also be figuring out how you can move away from Windows XP to a newer version of Windows.

Resources: Windows XP-specific

General Advice: How to secure a PC

Resources: Windows 8-specific

We will have more to say about XP’s retirement on We Live Security. Let us know your concerns and we will endeavor to address them

Author Aryeh Goretsky, ESET

CyberThreats Daily: Win7 machines harder hit by infection as VXers change tactics

Win7 infection rates rose during the second half of 2010 even as malware hit rates on XP machines declined, according to official statistics from Microsoft.

The latest edition of Microsoft’s Security Intelligence Report shows an infection rate of four Win7 PCs per 1,000 in the second half of 2010, up from three Win7 PCs per 1,000 during the first half of 2010. The rise of more than 30 per cent contrasts with a drop of the infection rate, albeit from a much higher starting point, for older and less secure machines running Windows XP. Read more on The Register.

Getting a grip on Flash cookies: Adobe publishes Flash 10.3

Adobe has published version 10.3 of its Flash Player for all platforms. This version finally gives users control of their Flash cookies, but only if one of the currently supported web browsers is used: Firefox 4, Chrome 11, Internet Explorer 8 (or higher) and, soon, Safari. Full article on The H Security.

Magic Lantern: Shining a light on the AV numbers game?

“You don’t hear anything about the FBI’s Magic Lantern spyware – sorry, policeware – for years, and then suddenly it’s all over the place. Media-wise, at any rate: I don’t have any exciting news of an epidemic of electronic surveillance, but there seems to be a lot of interest in Computer and Internet Protocol Address Verifier (CIPAV) again… “ writes David Harley, ESET senior research fellow

CyberThreats Daily: FBI closes in on zombie PC gang

US crime-fighters closed in on a gang behind a huge botnet after taking control of the criminals’ servers. The authorities issued their own commands, effectively ordering the malware to shut down. They also logged the IP addresses of compromised machines.

BBC news wrote about it, as ESET’s David Harley in the article Coreflood Reduced to a Backwater.

Latest PowerPoint security patch has problems

On its recent patch day, Microsoft released security updates to fix vulnerabilities in multiple versions of its Office products. The patch for PowerPoint 2003 can, however, have negative consequences – after installation existing presentations may be unable to be opened or may cause an error message stating that the file is corrupted and cannot be fully displayed. See full article on H Security.

KB2506014 kills TDL4 on x64

Not so long ago, Microsoft released a security patch addressing the way Windows x64 operating systems check integrity of the loaded modules. In our recent report (The Evolution of TDL4: Conquering x64) we described a method used by the TDL4 bootkit to load its malicious unsigned driver on 64-bit systems, even though those systems have an enforced kernel-mode code signing policy. The new security update is intended to fix the “feature” (vulnerability) in x64 OS’s (Windows Vista and later) exploited by TDL4. More in ESET Blog.

Follow

Get every new post delivered to your Inbox.

Join 75 other followers