PC Tools issues warning about looking for love online

Digitally transmitted diseases (DTD's) to infect the digitally active this Valentine's Day

San Francisco, February 11, 2009: Leading security software vendor, PC Tools today issued a warning to the digitally active^[1], that just like the real world, virtual venues for dating, social networking, and adult entertainment all carry an increased risk of infection and like any other international holiday or event, Valentine’s Day is not immune.
 
 “The rise of virtual networking has radically changed the way individuals use the internet to interact and search for love. Just as time-poor individuals are increasingly seeking alternative ways and new technologies to find love, cybercriminals recognise this trend and apply more advanced and sophisticated techniques to target the digitally active consumer” said Michael Greene, Vice President Product Strategy, PC Tools.

PC Tools are urging the digitally active consumer, to use comprehensive behavior based security protection against love-themed Web 2.0 threats this Valentines’ Day.

“Using adult and dating websites or social networking applications is risky business. Cybercriminals can easily access personal details such as your date of birth on your social networking profile for fraudulent purposes such as identity theft or financial fraud” said Greene.

“In addition, cybercriminals attempt to trick consumers into clicking on hyperlinks that can either direct them to infected websites or download infected files. There are other techniques that can coerce consumers into purchasing rogue^[2] security software. This is why advanced behavior-based security is so important – it provides protection against new and unknown threats” said Greene.

According to a recent study from Web of Trust of 19 million web sites^[3], adult websites pose the single most significant security threat for Internet users.  In fact, out of all the websites Web of Trust deemed dangerous, 31% of them specialized in adult content.  The study found that consumers who visited these sites were at increased risk from threats like spyware, viruses, browser exploits such as drive by downloads and phishing attacks, with the intent of stealing an individual’s identity or depleting their bank accounts.

On Valentine’s Day, cybercriminals most commonly target the love-struck  and single, using a range of phishing^[4] and socially engineered techniques that deliver Valentine’s and love-themed infected files or emails and messages with affectionate invitations to visit websites which attempt to gain access to a consumer’s PC. Often, infected systems are used as a tool in identity theft or financial loss – many victims wake up the “morning after” to find their identity stolen and bank accounts drained.

The new breed of digitally active online consumers also face the risk of being infected through Digitally Transmitted Diseases (DTD’s) such as the new worm PC Tools first reported on January 23, 2009.  With Valentine’s themed titles such as “meandyou.exe,” and “onlyyou.exe”, Waledac worm (pictured below) victims can be infected through links distributed in email or instant messages that redirect consumers to exploited websites that allow cybercriminals to gain control over the user’s computer.  Like all infections, a DTD has the potential to spread to everyone the victim knows via unauthorized access to address books within their email client, social networking or instant messaging applications.

PC Tools researchers this week identified that Waledac makers are distributing links to new malicious websites. Clicking on an image on one of these pages results in a download of various names: loveprogramm.exe, ecard.exe, postcard.exe, lovekit.exe, mylove.exe, runme.exe, loveexe.exe. While the files themselves are obfuscated to conceal their malicious intentions, Waledac makers are coercing users to download a file by offering of a kit to create a Valentine’s Day flash e-card.

Recent examples of DTD outbreaks illustrate the variety of sophisticated methods cybercriminals have used to attack at Valentine’s Day.  In 2008 PC Tools, through its ThreatFire community, identified the Valentine’s Storm, a threat delivering “withlove.exe” and other Valentine’s Day themed executable names as attachments within email messages containing subjects such as “I would dream” and “Memories of you.”  In 2007 PC Tools also discovered Cyber-Lover, a software bot that flirted online on social networking sites while phishing for victim’s personal information and personal banking accounts.

PC Tools recommends online consumers take a DTD test to determine their exposure to risk.

PC TOOLS DTD TEST FOR THE DIGITALLY ACTIVE

1. Do you visit adult, dating, or social networking websites at least once a week?

2. Do you ever use your credit card to purchase items when you visit these websites?

3. Do you have your birth date, street address, or any other personal information listed on your personal profile on any of these websites?

4. Do you often open links and attachments sent through Instant Messaging (IM), email or posted on your online profile/s?

5. Do you access the internet without protection (i.e. security software, browser and firewall protection)?

“Answering ‘yes’ to any of the above increases a user’s risk to DTD’s,” said Greene.  “That’s why PC Tools has developed a list of common sense tips so the digitally active can play safe while online.”

PC TOOLS TIPS FOR PLAYING SAFE FOR THE DIGITALLY ACTIVE

1. PRACTICE SAFE EX-CHANGES - Be careful with e- cards
While many people trade e- cards on Valentine’s Day, birthdays and special occasions, be careful about opening e-cards and the associated links—even during an IM or social networking chat.  Check the address of the link carefully before clicking on it, particularly those “in the name of love”.  If the email or IM is from an address you are unfamiliar with or the link is to a website you are unfamiliar with, don’t open it—you could be exposing yourself to a DTD. Likewise, confirm with your friend that they have sent you a file or link to confirm its legitimacy.

2. LOOK FOR LOVE IN ALL THE RIGHT PLACES – Looks can be deceiving...
Just as our virtual networking techniques become increasingly sophisticated so too are the techniques applied by cybercriminals. It is increasingly difficult to tell the difference between legitimate websites and hacker-created websites. Both adult and dating websites are known to have a high incidence of malicious code that could steal your identity and finances.  It is also important to note that legitimate and reputable sites have also been a target for cybercriminals.  Be warned, looks can be deceiving! To avoid this, firstly be on the alert and aware, only visit and download from websites that are recommended by well-known and reputable sources and never visit any website without protection.

3. DON’T BECOME DATE BAIT OR OVERLY PROMISCUOUS - Don’t give out too many personal details
Social networking, IM accounts, adult websites and online dating sites should only require your basic contact details (for example, name, billing address and contact number) to register for services.  Consumers should demonstrate caution if a website requests too much information.  Contact them by phone to find out why they need so much information, how they plan to use it and if they have a privacy and security policy to protect you and use your commonsense when updating an online profile. Also, don’t be complacent and use the auto-complete feature in your browser to save your passwords, logins or other personal information – its prime real estate for the cybercriminal.

4. KISS AND TELL - Keep records of all online transactions
 If a website requires payment for any reason, check out its refund policies, privacy policy and legal notices. These documents should be readily available on the company’s websites and are a good indication that a site is reputable.  Consumers should always print and save records of any online transactions, including the product or service description, price and the receipt of payment.  If the site turns out to be fraudulent, you’ll need this information to advise the relevant authorities in order to try to get your money back. If you are going to transact online, then have a separate credit card for online purchases only that has a low credit limit and is not linked to any other accounts.

5. PRACTICE CONSENSUAL UPDATING – Ensure your computer is up to date
Software companies continually issue updates to fix new security flaws, so ensure you update your operating system, browser and security software regularly. Also use a web browser that is known to be relatively safe from internet threats and vulnerabilities to ensure your that your personal and financial details as well as your browsing habits cannot be accessed by cybercriminals. 

6. ALWAYS USE PROTECTION - Install comprehensive security protection
Finally, when being active, both online and offline, always use protection! There are tools consumers can use to protect themselves from DTD’s like spyware, viruses, Trojans, rootkits, and other malware.  Leading independent publications recommend installing comprehensive behavior-based security software such as PC Tools Spyware Doctor® with AntiVirus or PC Tools Internet Security™.

Make sure your security product of choice has real-time protection, proactive behavioral protection, which helps protect against new and unknown threats, an advanced firewall to block unauthorized parties trying to access your computer via the internet and browser protection which warns you about potentially malicious sites and identifies browser exploits.

^[1] Tech-savvy, internet content junkies who are highly connected and highly mobile

^[2] Illegitimate, fake or fraudulent software

^[3] Web of Trust Survey: http://www.mywot.com/en/press/wot-study-internets-red-light-district , June 18, 2008

^[4] Attempts to acquire sensitive information such as usernames,passwords and credit card details and is typically carried out by e-mail or instant messaging