Tag Archives: Malware

Twitter is asking you to reset your password. Do it.

Every once in a while, we go through this. For one reason or another, Twitter asks to reset your password. Typically, they only send out emails asking you to do this when the situation’s gotten pretty wide-spread, and per TechCrunch, that is exactly the case with Twitter’s last set of emails.

Here is a copy of what the email looks like:

Hi, [name]

Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.

You’ll need to create a new password for your Twitter account. You can select a new password at this link:
https://twitter.com/pw_rst/…

As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password

Please don’t reuse your old password and be sure to choose a strong password (such as one with a combination of letters, numbers, and symbols).

In general, be sure to:

  • Always check that your browser’s address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!
  • Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.
  • Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don’t recognize, click the Revoke Access button.

For more information, visit our help page for hacked or compromised accounts.

The Twitter Team

The first thing that jumps out at me is: why the hell is Twitter sending out emails with links to reset your password? That’s like the phishing-est phish that ever phished a phish.

But what caused this problem in the first place? Well, the servers might have gotten hacked or something like that. But these are probably the least-likely scenarios.

The simplest answer is that some very popular web service that uses Twitter login was compromised. If you use Twitter to log into, say, Huffington Post and they subsequently get hacked, the permission you gave them to your account may be sufficient to allow them to tweet or DM on your behalf.

Another possibility is a wide-spread dupe site, such as those that fool users with “vanity phishing” DMs, may have gotten particularly active.

Regardless of whether this is an internal or external problem for Twitter, it is probably in your best interest to reset your password. Even if you haven’t gotten the email.

AND EVEN IF THIS EMAIL IS LEGITIMATE, NEVER, NEVER, NEVER CLICK LINKS IN EMAIL! Go to Twitter directly and reset your own password. Email links are just way, way too dangerous.

DNS Changer malware: what you need to know

You may have heard about yet another new virus threat that’s making headlines today. As many news outlets have been reporting – with greater and greater urgency – there is a new form of “malware” that’s been loose for some time, but is about to make a much bigger impact on a lot of people’s lives. Basically, if you’ve got it, you’re not going to be able to get on the Internet after July 9th. Because the FBI is shutting things down.

Since a lot of the reporting I’ve seen locally has been… well, terrible.. I thought I’d give you a quick run-down of what exactly is going on. Let’s start with the question on everybody’s mind:

WTF?

The “DNS Changer” pest has been “in the wild,” meaning actively making its way through public networks and computers, for quite a while under various names. Its purpose was basically to redirect users trying to get on the Internet to bogus websites so that its creators could collect click-through ad revenue. The FBI and officials in Estonia arrested the perpetrators a while ago, but realized they had a big problem: if they shut down the servers that the malware was pointing to, everybody with the malware would get cut off from the web. The solution was to leave the servers running, but instead of pointing to the baddies, the FBI redirected traffic right back to where it was supposed to go in the first place.

All well and good, but there’s still a ton of computers – estimates are in the half-million neighborhood – with that virus, and the FBI can’t keep those servers running forever. Well, July 9th is the cut off date, so if you’ve got this little beastie running on your box, you better do something fast.

Malware? Is that like a virus?

Yeah, sorta.

The only real difference between most viruses and most malware – and to be clear, these terms border on slang, so the definitions tend to be somewhat fluid – is that viruses generally pose as some legitimate bit of software or data and infect silently. Malware generally attempts to cover itself with the veneer of legitimacy by talking you into voluntarily installing the software. Many veteran PC users will remember all those “start-up applications” that ran their PCs into the ground years ago. Stupid crap you thought you were being smart by installing. And by the way, its pronounced “male-ware,” not “mall-wear,” damnit. Think “malevolent” or “malignant.”

Regardless of the definition or how you got it, the point is: it sucks.

What is DNS and why did it change?

Ah, DNS, our old friend! Cornerstone to the Internet and so effective, most people don’t ever hear the term. This is especially clear when watching and reading local news on the subject, sadly.

DNS means Domain Name Service, and essentially, it’s the phone book of the Internet. Every domain name, such as dragonflyeye.net and bangin-midgets.org, refers to a computer or a network out there on the Internet. But which one? Well, your computer doesn’t know the answer to that, so it relies on DNS servers to provide that information.

When you tell your computer to go to google.com, it actually asks one of these servers where google.com is, the server responds with the correct address, and away you go. Typically, your computer would use DNS servers provided by your Internet Service Provider (Time Warner, Frontier, etc), but it doesn’t have to: you can manually set a different set of DNS servers to contact if you wanted to for some reason.

What the DNS Changer did was exactly this: it changed the server that your computer points to from a legitimate one to an illegitimate one. Those illegitimate DNS servers pointed you – not to the Google you know and love, but to bogus servers that look just like Google. You know all those ads on Google’s search pages? People pay money for you to click on them. But with the DNS Changer servers pointing you to bogus sites, all the money that would normally be collected by Google was instead collected by the owners of those servers. With half a million computers still infected, even after anti-virus software has been removing it for months, they must have made a lot of money.

And you can clearly see the long-term problem facing the FBI: if your computer is referring to the wrong “phone book” and that phone book goes away, where do you find all your beloved websites? You don’t. The solution was to just make the DNS servers report correct data, instead of the bogus stuff while people had an opportunity to fix their systems. And again: the FBI will be turning these servers off completely on July 9th.

Awesome. Now what?

Now you need to find out if you’ve got the DNS kruft and if so, get rid of it. If you’re not on a Windows computer, you’re probably safe. If you are:

  1. Run your antivirus software! I trust you have some, yes? Make sure it has been recently updated as well.
  2. Failing that, there is a website, http://dns-ok.us , that will run a quick, software-free scan for you.
  3. DCWG.org has a resource page that will give you more information.
  4. Finally, many ISP’s including Time Warner are providing their own support. As a last resort, you might try calling them.

Boilerplate preaching

I know you’ve heard this all before. But if you’ve got this little nasty, that is because you didn’t heed the advice. And hey: we all screw up from time to time. So… once more, this time with feeling:

Never install software unless you were planning on it. If something on the Internet tells you to install software in order to view content or improve your PC, that’s a red flag. Before installing anything from the Internet, you might first want to Google search the name of the application. If it even smells slightly off, there’s a blog post, a forum thread, or something else to wave you off. Most legitimate software that drives content on the Internet is going to be either pre-installed or easily-recognizable: Flash, Acrobat, maybe QuickTime.

And for the love of god, people, use your anti-virus! Keep it up to date, make sure you run scans once in a while – most anti-virus software actually allows you to schedule all this to run without you. But that doesn’t mean you shouldn’t check in from time to time.

Seven busted in elaborate Internet click-hijacking scam

The FBI announced in a statement today that they have arrested six suspects and are seeking another in Russia over what they allege is a sophisticated scam involving redirecting computers infected with a virus to sites where the suspects would be paid for clicks. The FBI says some 4 million computers world-wide including 500k in the US were infected with the group’s virus, generating an estimated $14 million in click cash.

The scheme involved using “rogue” DNS servers, which are servers whose role on the Internet is to tell requesting computers where to find the correct web servers. The arrest is being called the biggest take-down in Internet history.

The basics of the alleged scheme work like this: an infected computer is used to search for something and is sent to the search engine like normal. However, when the user clicked on any search result, they were routed instead to a site that was paying the scammers per click. This involved not only fraudulent rerouting of the user, but also loss of revenue for the search engines in question, because the affected links sometimes included the paid advertisement links at the top of Google and other search engines. The scammers also were able to swap out advertisements on websites such as the Wall Street Journal with their own paid links.

For full details of the investigation, read the FBI press release below:

FBI — Manhattan U.S. Attorney Charges Seven Individuals for Engineering Sophisticated Internet Fraud Scheme That Infected Millions of Computers Worldwide and Manipulated Internet Advertising Business.