A New Phishing method to steal Google account details

Security experts at Bitdefender discovered a new ingenious phishing scheme that is being used by hackers to steal Google Account credentials.

Security experts at Bitdefender have discovered a news phishing scheme adopted by hackers to steal Google Account passwords.

The new phishing attack is hard to catch with traditional heuristic detection, it mainly affects Google Chrome and Mozilla Firefox internet browsers.

The hackers send an email that pretends to be from Google, it warns victim that his account will be locked in the next 24 hours because the associated InBox has reached the maximum capability.

“With access to users’ Google accounts, hackers can buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents,”“The scam starts with an email allegedly sent by Google, with “Mail Notice” or “New Lockout Notice” as a subject.” reports Catalin Cosoi, chief security strategist at Bitdefender in the official blog post.

To avoid that the Google account will be “locked in 24 hours” the user is invited to go to the “INSTANT INCREASE” link, but the link redirects victims to a bogus Google web log-page. Using this artifice, hackers can steal Google account credentials within the browser.

Cosoi explained that it is very difficult for users to note the attack because the fake Google web log-page goes undetected by Google’s Chrome uniform resource identifiers (URIs). The attackers exploit the way Google Chrome displays “data:” URIs.

Users will display “data:” in the address bar of their browser, which indicates the use of a data Uniform Resource Identifier scheme, the URI scheme allows attackers to include data in-line in web pages as if they were external resources.

“The scheme uses Base64 encoding to represent file contents, in this case supplying the content of the fake web page in an encoded string within the data URI. As Google Chrome doesn’t show the whole string, regular users have a hard time figuring out they are targeted in a phishing attack and may give their data to cyber-criminals.” states the post.

Bitdefender says that the scammers are able to avoid detection, by using a data URI scheme, which includes data in-line web pages as if they are external sources. The content from the fake webpage is encoded in the string with the data URI scheme, the attackers used Base64 coding to represent the file contents.

According Bitdefender the more than a thousand users were deceived by the phishing scheme.

“So far, more than a thousand users clicked on a single shortened URL used in the cyber-campaign. The numbers are without doubt a lot higher, as scammers create more than a single URL when crafting a phishing wave,” added Cosoi.

Phishing is becoming one of the most popular fraudulent activities in the cyber criminal ecosystem, hackers are exploiting new platforms like mobile and social media according the report of principal security firms.

Cyber criminals are trying to make phishing attacks harder to detect optimizing their email targeting, attackers are demonstrating to be able to find new methods of bypassing checks implemented by email providers and security firms.

Usually a targeted attack exploits the “human factor“, phishing offensives rely on social engineering techniques that is why is important to inform users of the tactics adopted by cyber criminals.

Organisations must train their personnel to reduce their human attack surface and avoid to be victims of such attacks.
So, Be careful while using Google accounts.

JAR file malware a threat on Facebook

Cyber Criminals are back with another way to get there victim via the popular social network Facebook. Recently many of the facebook users have got a message from there trusted friends or from unknown person which includes a ZIP file with the "LOL" text.

If you have also got the same message in your inbox and that also from your trusted friend then you might download without any hesitation. Actually this ZIP file contains a malicious JAR file. The file contains the Trojan horse virus circulating via Facebook messenger.

This Malware campaign was spotted by Malwarebytes in early March. They explain that the Trojan spreads itself through the Facebook’s Messenger service (inbox) by messaging a victim pretending to be one of their friends saying "LOL" with a zip file attached, which appears to be a photo, named "IMG_XXX.zip"

How It Works ?
User gets a Facebook instant message from a friend, which includes the words ‘LOL’ and a file waiting to be downloaded.
The user downloads the file because they can assume it can be trusted. The filename matches the usual filename of a photo: ‘IMG_xxxx’.zip.
Once downloaded, the user unzips the file and clicks on what they assume is an image file, still called IMG_xxxx.jar
The JAR file executes, downloads malware and infects the system.
The infected users Facebook account is compromised and then used to send more malware to the users Facebook friends.

How To Protect yourself?

As in the Malware bytes explanation where they have analyzed the malicious file, they found that its a Trojan Virus, and with the online virus scan, it is giving 27/50 virus detection ratio. If you are getting it from one of your trusted friend, then ask them about the message and file containing with it. If they denies for sending then simply DO NOT DOWNLOAD it.

If you have downloaded the file, then you might have infected with the Trojan horse virus. So if you think you are affected to it, then scan your computer with the trusted and reputed antivirus program.

We recommend our users to keep up-to-date your antivirus program always and use trusted programs. Don't download any file from net without the prior information. Always download the stuff from the trusted sites only.

Best free antivirus software 2014

Anyone who has been following the news about the Heartbleed Bug a vulnerability in OpenSSL that enables hackers to gain access to the memory of web servers understands just how dangerous the web can be. In addition to security flaws like Heartbleed, viruses, spyware and phishing sites make it possible for hackers to expose crucial data. To ensure better protection, every PC owner needs effective, reliable antivirus software. Unfortunately, this can be expensive, especially given the cost of annual updates.
However, there are plenty of free antivirus software solutions on the market, We've picked out nine of the best free internet security tools to deliver great security at no cost.

1. Avast Free Antivirus
The program is simple to install; a straightforward interface makes it easy to use; a quick first scan should identify any potential threats on your PC, and this all has minimal impact on your system performance.
These aren't just subjective opinions, either. Independent testing by AV-Test has found the program to be a good all-rounder, and it was one of AV-Comparative's "Products of 2012."
Avast Free has some useful extras, too. A Software Updater alerts you to program updates you've missed, for instance, while its Browser Cleanup tool provides a simple way to remove unwanted add-ons from your browsers.
Avast recently added a "Grime Fighter," which the company says supports 12 additional languages and offers an advanced console for more user control.

2. Panda Cloud Antivirus Free
Small and simple, Panda Cloud Antivirus is a lightweight tool which provides free real-time antivirus protection, and can be used alongside many other security tools without problems.
It's the free version of a commercial product, and so has a few missing features. The Pro edition helps to protect you at public wifi networks, for instance, while its "USB Vaccine" function reduces the risk of malware infecting a USB drive.
The core antivirus protection remains the same, though. And while that doesn't deliver the top detection rates, independent testing shows it's very capable, with the program winning certification in AV-Test's latest report.

3. ZoneAlarm Free Antivirus + Firewall
We have one or two concerns about ZoneAlarm Free Antivirus + Firewall, notably that its antivirus database is only updated daily (hourly updates are reserved for the commercial version), which leaves you more exposed to the very latest threats,
The program does provide plenty of functionality, though, with a capable, AV-Test-certified antivirus engine, an easy-to-use firewall and some browsing protection.
It does its best to keep things simple. Open the Preferences dialog, say, and you'll find only 10 buttons and settings (and most of those you'll never need to use).
The database update means it wouldn't be our first choice, but if you're a fan of ZoneAlarm, or just want a firewall and antivirus tool from the same company, this could be a good choice.

4. Avira Free Antivirus
Avira Free Antivirus provides two main areas of protection.
A strong antivirus engine (rated highly by independent labs for its file detection rates) constantly monitors your PC, looking for and eliminating threats.
If you choose to install the Avira toolbar then you also get some web tools (an antiphishing tool, ad blocker, social networking protection), although this also replaces your default search engine with an Avira page.
Problems? The interface can seem a little complex, just at first. And the program has more impact on your PC's performance than some other tools. Still, on balance Avira Free Antivirus remains a capable and effective security package.
Avira recently made available the Avira Protection Cloud (APC), which will be used to detect and thwart zero-day attacks, according to the company. The technology will be available to all users of the free software by the end of May.

5. Bitdefender Antivirus Free Edition
Bitdefender's antivirus engine is one of the best around, and a favourite of the independent testing labs, so getting a free version sounds very appealing indeed.
The program is ultra-compact, downloading and installing in less than a minute on our test PC (although it does demand removal of any incompatible products first). A very basic interface then provides effective on-demand and automatic scanning, real-time antivirus and antiphishing protection.
There are very few manual controls here: no settings, no options, no scan types, no scheduling, nothing at all, perhaps an issue if you like to fine tune your security. But if you prefer simplicity then Bitdefender Antivirus Free Edition is an excellent choice.

6. AVG Free Antivirus
AVG Free Antivirus is a solid package with a good range of features: an antivirus engine, email scanner, identity theft protection, and LinkScanner Surf-Shield to keep you safe online.
At first glance this makes the program seem more complex, as there are lots of tiles, buttons and menu entries. Smart interface design means you can carry out most common actions in a click or two, though, so you'll soon feel at home.
AVG Free Antivirus gets mixed reviews on its effectiveness: AV-Comparatives rate it as average, AV-Test say it's better than some commercial suites. Our view: it's a capable, feature-packed tool, and one of the stronger free antivirus packages.
To boost its offering, AVG recently released the AVG Zen tool, which the company claims is designed to help provide added protection across desktops and mobile devices.
Why isn't Microsoft Security Essentials in the list? It's small, simple, and won't slow your system down - but it's also just not reliable enough to justify inclusion in our best free antivirus software round-up.
When Security Essentials was last included in an AV Comparatives File Detection test, the program managed a file detection rate of 94.9%, placing it 13th out of 15. AV-Test's opinion was even lower. In its analysis of 2012 products for Home Users, Microsoft Security Essentials delivered the lowest "average protection score" of all, putting it bottom in a list of 20.

7. Emsisoft Emergency Kit
No antivirus program comes with a guaranteed 100% detection rate, and malware might occasionally slip through your defences. You should always have a second tool available, then, just in case - and Emsisoft Emergency Kit (EEK) is a great choice.
The program runs without requiring installation, reducing the chance of any conflicts with your existing antivirus package.
Its straightforward system scanner uses a dual-scan-engine, rated highly by Virus Bulletin (and which did actually achieve a 100% detection rate in a recent AV-Comparatives test).
And experienced users will appreciate tools like HiJackFree and BlitzBlank, which can help you manually detect and clean up malware.

8. FortiNet FortiClient
While they're best known in the corporate world of network security appliances, FortiNet also produce a capable antivirus tool, FortiClient, which is free for home users.
The program can be installed in two modes. The standard option provides a good range of tools: an antivirus engine, simple parental controls, an application firewall, vulnerability scanning and more. But you can also run FortiClient without its real-time protection, perfect if you need to run it alongside an existing antivirus tool without conflicts.
Our tests suggest it's not the best antivirus engine around, but is still worth having. AV-Test and AV-Comparatives confirm that it's a good mid-range contender, and FortiClient could be particularly helpful if you want a second-line tool to run alongside an existing antivirus engine.

9. 360 Internet Security 2013
Qihoo is a Chinese software company which has had enormous success in its home market (it claims 450 million users), but now it's branching out with its first international release, 360 Internet Security 2013.
Despite its name, this isn't a full internet security suite - there's no spam filter, firewall or parental controls - but installing the program does get you no less than three antivirus engines: BitDefender, its own QVM II, and Cloud 360.
These delivered accurate results for us, and the independent testing labs have also reported positive results for Qihoo products in the past year (AV Comparatives has certified it as "Windows 8 approved", for instance).
360 Internet Security does a reasonable job of blocking access to malicious websites, too, and on balance it's an effective entry to the free antivirus world.