Microsoft recently posted a warning on its Malware Protection Center about Malicious Proxy Auto-Config redirection. The entire post can be read here.
Your Internet banking credentials are a desired target for cybercriminals. In most cases these Internet banking credentials are be targeted with man-in-the-middle attacks or through password stealing trojans such as Fareit, Zbot or Banker.
A lesser known, yet commonly found in South America and to a lesser extent in Russia, method to gain unauthorized access to a user’s banking credentials is through malicious Proxy Auto-Config (PAC) files. Normally, PAC files offer similar functionality to the hosts file, allowing IP/website redirection, but only for the browser. Unfortunately, they can also be used for nefarious purposes.
When a user is infected with a malicious PAC and visits an internet banking website, the browser is usually redirected to a fake website that mimics the intended banking website. This may result in credentials being stolen – or worse, online account hijacking.
Any PAC file installation (legit or otherwise) can be manually checked in Internet Explorer by opening the Tools menu, then selecting Internet Options, clicking the Connection tab, and selecting LAN Settings. If you see something similar to the following picture and you didn’t install a PAC file, then you might be infected. Microsoft advises to delete the file entry in “Use automatic configuration script” (or disabling it) plus the local file referenced. This can help mitigate an attack.
Phrozensoft Auto Config Risk Protector 1.0 will remedy this problem for you.
No, it is not possible that the FBI can magically turn on your web cam without triggering the light of your web cam. There’s a simple reason for that: most of web cam lights (if not all today) are triggered these days on a hardware level. When you activate the web cam of your computer, electricity will first pass through the LED of the web cam, which means it automatically turns on the light. It is a basic sense of security to know when your web cam is capturing some data at any given moment.
The only exception I know of is the old Logitech web cam which has an option to disable its light via Windows registry.
resume from http://security.stackexchange.com/a/6855 :
Anyway internal laptop web cam lights are mounted in series with the camera sensor so it can never be hacked.
So, I think you don’t need to be afraid when your hear of read news such as was published and I think it might even be a bad hoax (or bad reporting by a journalist). But FBI probably does have agreements with large companies to put some backdoors natively on systems to gather some information. However, I doubt they would put backdoors that act like a Remote Access Trojan (RAT), because these would be spotted really quickly by your antivirus.
But if such behaviour is proven beyond any doubt one day, companies like Microsoft might lose a huge amount of users, myself included. Because you know what they say: Trust Leaves On Horseback And Returns On Foot .
In conclusion, live your life on Internet as you have always done and do not always believe what the media write. Install a good antivirus program and keep it up-to-date. Set up a firewall and, finally, do not download or execute programs that you do not trust. You should be safe if you follow these simple rules.
Just a few days after its initial release, we already have a new version of Phrozen VirusTotal Uploader ready. Overnight, it has become our flagship product that is gaining more popularity (and users) every day.
We finally implemented the file upload limitation that was requested by one of our users. The program now displays a a message-box when the size of the file that is uploaded is bigger than VirusTotal’s API limitation (like requested by GHacks excelent review).
- Some minor bugs fixed.
- Better file queue management.
- Display a message box if the size of the file to scan is greater than VirusTotal’s API guide limitation (note that this will not concern you if you are using a custom API without size limitation) – This message box can be disabled.
- Possibility to limit number of uploads at the same time to avoid consuming to much network.
Feel free to give a feedback. We the advice and suggestions of our users very seriously and often add their ideas to our programs.
Image: Screen of the new Settings Menu.
Older Article Download
A new version of our Phrozen VirusTotal Uploader is finally out with several fixes and improvements. Because it is one of our most complete and most downloaded product, it now has merited its own official website. You can visit its brand new website at the following address: http://phrozenvtuploader.com/
There are two major updates in this version:
- Even when it is recommended to have administrative privileges while using the program, it now isn’t mandatory anymore. You can now install and use the uploader using the regular user account. Note that using the regular account will curb the program — some processes/startup ups/services/network application will not be shown if you try to scan a file managed by admin account. You won’t be able to upload and scan the file.
- Download and Scan module had been fully recoded. Because we always try to listen to the questions, wishes and recommendations of our users, we decided to add the support of multi url “download and scan” and “import url’s from file”. You may also profit from a new unique and user-friendly design to download multiple file at the same time. You can now also decide what the maximum number of asynchronous downloads should be to avoid using to much of your bandwidth.
Full changelog :
- User interface optimization finalized using the last Phrozen Software graphic.
- Desktop widget design is now optimized.
- The design of the notifications is now optimized.
- The Download and Scan now supports multi-file download.
- The Download and Scan now supports import URL from file (New line separator).
- The Download and Scan functions have been entirely recoded.
- New Settings panel added for Download and Scan (see picture below for the list of supported Settings).
- Now the program doesn’t require administrative privilege to work. You can elevate at any time to have a better scope of your system.
- Startup list now supports Userinit startup method listing.
- Startup list now supports disabled entries which still exist in the system.
- Column size of list views are saved for next program startup.
- Some minor bugs fixed. Stability increased.
Read more »
Phrozen Safe USB v2.0 one of our your favorite applications was finally updated to version 2.0 and incorporates the following changes:
- User interface is now more user friendly: only one click is necessary to change USB mode.
- User interface is now having our new Phrozen Software graphic.
- Option to minimize to tray added in settings window.
- Disable USB Auto Play Dialog added to settings window.
- Protect application with password added to settings window.
- Start application with Windows now supports UAC (it requires administration privileges).
- Application is now portable.
Note: The password protection feature is only useful for administrators who share the computer with others. Since they cannot access to registry editor and Phrozen Safe USB is run by default as Admin, this could let normal users changing USB settings without your authorization which could constitute a risk. It was a feature that was often requested by our users and, as we always listen to our users, we added this function.
Read more »
In a previous article we talked about how to secure your mail conversation in a generic way using the well-known and universally trusted Thunderbird mail client configured to work with PGP.
Today we will describe a way to protect your Google Talk/Hangout conversation using a strong asymmetric encryption which will make your conversation impossible to read by Google or whoever may have access to your accounts.
Since Google uses the XMPP protocol for chatting, it is easy to use your google account with any Chat Client which supports the XMPP protocol.
In our case we have decided to use Pidgin, a tiny, open source and cross-platform Instant Messaging Client that is very trusted by community and which has of tons of useful plug-ins to enhance your chat experience and anonymity.
When downloaded, run the setup and install using its default options.
Before running and configuring Pidgin you will need to download and install the plug-in for chat encryption called OTR (Off the Record). Like Pidgin, this plug-in is very well-known and open source.
Note: OTR exists for Linux, Mac OSX and Windows.
Read more »
Phrozen Windows File Monitor is a standalone program designed to capture any kind of modification inside the file system of Microsoft Windows. It could be very useful to detect potential unwanted activity in your system. For example, when you execute for the first time a potentially suspicious software, Phrozen Windows File Monitor will detect any suspicious activity in your file system. Phrozen Windows File Monitor has a very user friendly interface and it also incorporates many filters to help you to focus in specific files and paths to detect suspicious files.
In addition of PhrozenSoft VirusTotal Uploader (A new version will be released soon), Phrozen Windows File Monitor is the perfect tool to analyse what is truly happening in your system.
Read more »
Phrozen Skype REC is our most successful program. We have received a myriad of requests from faithful users asking us to add extra functions to the program, create a more user-friendly GUI that also should tie in perfectly with the recently added application graphic chart and our auto updater system.
Today we’re proud to announce that Phrozen Skype REC has been updated to version 2.0
This application has been designed to automatically detect when a Skype Voice Call is being commenced. When the call is finished the program will auto-generate an audio file that – depending on your personal settings – can be compressed or not.
This feature is potentially very useful when you use Skype to have business calls, when you share YouTube clips with friends, when you want to listen to the sweet words your lover said to you, or even to monitor what your children are talking about. Remember that an actual audio recording is also admissible as evidence in every court of law.
Everything about the Phrozen Skype REC is easy to understand and is extremely transparent. During setup you do not need to click once to install the program correctly. Settings are pre-set and that results in a program that is ready-to-go: Skype calls are automatically captured, recorded and – when finished – listed in the main screen. From this easy to understand screen you will be able to listed to previous conversations, capture, export, filter, etc.
Important Notice : This software requires API privilege from the Skype application. You must then grand the program access via the Skype main screen. Also, the program must be executed at the same privilege level as the Skype application. Generally you must not execute the program as administrator (Windows Vista / windows 7 / Windows 8).
Read more »
Disclaimer :We at Phrozen Software™ cannot be held responsible of possible unwanted or unauthorized usage of this Proof of Concept (PoC). We wrote this PoC to increase the awareness of Dropbox users about (the lack of) privacy of their files.
Dropbox is a well-known company specializing in cloud solutions. The company boasts having hundreds of millions of users, with petabytes of data stored. Today many use Dropbox to share anything between family or friends. That usage seems fully sensible if shared data is not sensitive but Dropbox is nowadays also extensively used by companies and sometimes the service replaces shared disks or USB key to share files between colleagues to save some disk space and time.
We questioned colleagues, friends and others about how they use Dropbox in their company and the results were alarming: to save time and management tasks, confidential data was shared via Dropbox (zipped source codes, projects, templates files, documents, passwords, etc.). This wouldn’t be a problem if everyone would use the Private folder but because everyone seems to be in a hurry and wants to share the files via mail, social networks or instant messaging service. They feel forced to put those files in the Public Dropbox folder. Which is a very bad idea when those files contain sensitive information.
Normally one would say, “How could others guess the URL of a Dropbox file? — This service is secured!”. Well yes, this service is indeed secured but Public means that anybody could read files from this folder. Probably one cannot not list the whole Public content easily but they could use Hack tools to achieve this goal. This is the topic of this Proof of Concept.
Read more »