Guard Privacy & Online Security News & Information

Guard Privacy & Online Security Home : Guard Privacy Blog Home : November 2007

November 2, 2007 20:08 - Online Game Players At Risk Of Identity Theft, Malware and More

Stealing online gaming accounts can be more profitable than stealing bank accounts. Popular online games - known as massively multi-player online games (MMOGs) - have attracted millions of participants who are being targeted by one of the most prevalent types of malicious Internet threats... Trojans.

According to the Computer Associates' (CA) 2007 Mid-Year Threat Outlook Report, the second most common Trojan seen this year is designed to steal gaming passwords.

The popularity of MMOGs, such as World of Warcraft and Second Life, has set off an underground economy for participants who are competing with each other. Game currency and in-game possessions like characters and other game items are virtual commodities that can be purchased and sold for cash at Real-Money Trading groups (RMTs) - websites specialising in this virtual economy.

Game accounts have attracted the attention of cyber criminals because, with stolen account information, virtual assets can be transferred and sold for cash or auctioned off on popular websites like eBay.

The most common Trojan used for stealing game passwords takes advantage of web browser vulnerabilities, which allow secret downloads of spyware. Spyware programs can capture a gamers’ account information - like username and password - and transmit it to a remote computer. The thief can use this information to change the account owner’s information, including the password. The thief has now gained full control of the gamers’ account and can sell off the virtual assets for cash.

Gamers need to protect themselves from Internet threats by being careful about visiting unknown websites suggested by other gamers, using security software solutions and ensuring this protection and browser is kept updated.

A comprehensive anti-virus, anti-spyware, personal firewall and identity theft protection solution will help to protect your computer against hackers and malware. In my opinion, the best security suite on the market is ZoneAlarm Security Suite

To reference this entry please copy the url in this link: (Permalink)

November 6, 2007 21:12 - Mac Security Compromised By Porn Trojan

Reports have surfaced of a malicious new Trojan Horse that has the potential to let cyber thieves take control of infected Mac computers. This new malware has been specifically designed to exploit Apple's OS X, according to Mac security software firm Intego.

Trojans are known for their ability to appear to be legitimate and necessary pieces of software that turn malicious once installed. In this case, the Trojan is a fake codec that pretends to be a free video codec -- often posted on pornography sites -- to fool victims into downloading it.

It's not a video codec at all, however. Rather, it's a piece of malware intended to compromise the victim's machine. Although there are many Microsoft Windows-based fake-codec Trojans posted on porn Web sites today, Intego's find is thought to be the first Macintosh-based fake codec.

Although the new Mac Trojan is easy to avoid because it is mostly limited to porn sites, computer security experts say this piece of malware has the hallmark of being written by professional cyber criminals and is likely to be a sign of more bad things to come for Apple fans.

To reference this entry please copy the url in this link: (Permalink)

November 8, 2007 22:48 - E-Mail Privacy At Risk?

The United States Court of Appeals for the Sixth Circuit in Cincinnati has granted the government's request for a full-panel hearing on the right of privacy for stored electronic communications. At issue is whether the government can subpoena stored copies of your e-mail.

The position that the United States government is taking on the entire issue of electronic privacy may mean that the government can read anybody's e-mail at any time without a warrant.

In an earlier case, the US Supreme Court, over the strenuous objections of the US government, upheld the right of the user of a payphone to claim the right to privacy of the contents of their communications. The Court held that the Fourth Amendment right to be secure in your "persons, house, places and effects" against unreasonable searches and seizures protected people and not just places.

To determine whether you had a right against unreasonable seizure, the court adopted a two-pronged test... did you think what you were doing was private and is society willing to accept your belief as objectively reasonable?

The most distressing argument the government makes is that the government need not follow the Fourth Amendment in reading e-mails sent by or through most commercial ISPs. The terms of service (TOS) of many ISPs permit those ISPs to monitor user activities to prevent fraud, enforce the TOS, or protect the ISP or others, or to comply with legal process. If you use an ISP and the ISP may monitor what you do, then you have waived any and all constitutional privacy rights in any communications or other use of the ISP.

In essence, the government is arguing that the contents of your e-mails have been voluntarily conveyed to your ISP and that you therefore have no privacy rights to it anymore.

The government is seeking to eliminate any Constitutional privacy interest in e-mail. Under this standard, if the FBI walked into your employer or ISP, and simply took your e-mail (no warrant, no court order, no probable cause, no nothing), you would have no constitutional argument about the seizure, because you had abandoned your expectation of privacy.
Read the article

To reference this entry please copy the url in this link: (Permalink)

November 15, 2007 22:32 - Security Pro Confeses To Running Botnet

A former security researcher admitted to hijacking a quarter of a million PCs, using spyware to steal bank and PayPal account information. He made additional money by installing adware on his massive botnet.

John Schiefer of Los Angles pleaded guilty to four felony counts, including accessing protected computers, disclosing illegally intercepted electronic communications, wire fraud and bank fraud. He could face a total of 60 years in prison and fines of $1.75 million for his part in building and then using the botnet.

Schiefer and his co-schemers infected PCs with malware -- probably Trojan horses -- that added the compromised systems to a botnet and then stole usernames and passwords stored by the Internet Explorer browser. Schiefer mined the data retrieved from the botnet to access multiple PayPal accounts as well as other financial accounts and then stole from them.

So, how do you protect your PC being recruited into a botnet? To find out, take a read of Why Many Home Users Need A Zombie PC Fix - But Don't Know It!

To reference this entry please copy the url in this link: (Permalink)

November 23, 2007 18:08 - The Steps To Take For Identity Theft Protection

In the week that the British Government has misplaced two CDs containing the personal data - names, addresses, birthdates, bank account information - of some 25 million Britons, the general public is wondering what to do should they become a victim of identity theft or fraud.

The missing CDs cover everything anyone would ever want to know about anyone involved in the government's Child Benefit service, a program that provides payments to families with children.

This massive security incident is going to worry many of us who take care of our privacy... but what can we do when a third party breaches their duty of care? Below, we'll discuss how to tell if we're a victim of identity fraud and what we can do about it...

How To Tell If You're A Victim

  • Are bills or other mail not being delivered? A missing bill could mean an identity thief has taken over our account.
  • Another sign is getting calls or letters from debt collectors or businesses about merchandise or services we didn't buy.
  • Similarly, being denied credit or being offered less favorable credit terms for no apparent reason needs to be questioned.
  • By checking our credit report we can find whether there are any signs of unusual activity, which could confirm our suspicions from the previous points. We should look for inquiries from companies we haven't contacted, accounts we haven't opened and debts on our accounts that shouldn't be there. Also check that personal information is correct.
In the US, Experian, Equifax and TransUnion are the three major credit reporting agencies. A new federal law entitles citizens to a FREE credit report once a year. In the UK, the credit reference agencies are... 1. Call Credit 2. Equifax 3. Experian Credit reports can be ordered online.

Personal Information Lost Or Stolen?

If we've lost personal information or identification, or if it has been stolen from us, taking certain steps quickly can minimize the potential for id theft...

  • Report all stolen cheques or credit cards to the issuers and request new ones. Follow up telephone calls with written notification. Obtain new cards and account numbers with new passwords and Personal Identification Numbers (PINs).
  • With government issued identification, reporting identity theft, such as for a stolen driving license or passport, is via the agency that issued the license or other identification document. Ask for the procedures to cancel the document and to obtain a replacement.

    In the UK, lost or stolen passports should be reported to the Passport Office and driving licences to the DVLA.
  • Report the incident to the police, especially if it involves stolen identification documents... and ask for a crime reference number, or documentation to record the incident.

    Nothing may result, but you may be required to produce this information if you later have to prove you are a victim of identity theft.

See the article, "Protection From Identity Theft Is All About Diligence"

To reference this entry please copy the url in this link: (Permalink)

November 27, 2007 20:41 - Snoops Listen In To Tor Anonymizer

Researchers have uncovered more evidence that the TOR anonymiser network is being misused by hackers and, probably, government intelligence agencies.

TOR (The Onion Router) is a network of proxy nodes set up to provide some privacy and anonymity to its users. However, the presence of rogue nodes on the network was recently highlighted by security researcher Dan Egerstad. He posted details of login credentials of about 1,000 email addresses, including at least 100 accounts belonging to foreign embassies, obtained by listening to traffic passing through five exit nodes under his control.

In addition, Egerstad was able to read correspondence belonging to the Indian ambassador to China, various politicians in Hong Kong, workers in the Dalai Lama's liaison office and several human-rights groups in Hong Kong.

Abuse of the system is far from isolated, other research suggests. For instance, the Teamfurry community discovered TOR exit-nodes that only forwards traffic association with ports used for unencrypted versions of protocols including IMAP and POP email (TCP ports 143 and 110), and IM traffic. Other nodes only relay traffic associated with MySpace or Google searches. The malign purposes behind such a system are fairly easy to guess, while their legitimate use is far trickier to imagine.

"Even though just a suspicious configuration isn’t enough to tag an exit-node evil, I wouldn’t touch these with a ten-foot long toothpick," Teamfurry warns.
Read the article

To reference this entry please copy the url in this link: (Permalink)

October 2007 « 


RSS Feed For This News

Guard Privacy Blog Home | Archives | Guard Privacy... Hot New Topics | Internet Privacy & Security Risks... News! | Spyware & Spyware Blockers... News! | | Guard Privacy From Spyware | Guard privacy With Anonymizers