Twitter tried to create more awareness about creating secure passwords and educating the users to not fall for the classical social engineering techniques. But, with over 200 million users, it is close to impossible to educate everybody.

This is why Twitter started a few weeks ago to rollout two-factor authentication.

Unfortunately, at the moment of writing this article, this feature is not yet available in Germany, so I can’t test it myself.

However, here are the easy steps to enable two-factor authentication for Twitter:

- Visit your account settings page.

- Select “Require a verification code when I sign in.”

If your country is not supported, you will not be able to enable that checkbox.
- Click on the link to “add a phone” and follow the prompts that allows you to select your carrier.

For Germany, all major carriers are listed, but unfortunately none of them is supported.

- After you enroll in login verification, you’ll be asked to enter the six-digit code that was sent to your phone via SMS each time you sign in to twitter.com.

Here is a film which explains visually how to enable it.

What is not clear yet is if there is a possibility to mark a computer as trusted so that you don’t have to enter the authentication code every time you login on the same computer. Currently, it seems that it is wanted to enter the authentication code for each login even on the same computer.

Here are some other tips from Twitter about how to protect your account better. Do note that all these tips can be applied to other accounts as well, not only to Twitter.

Check here the entire series for enabling two-factor authentication.

If you want to improve your overall security, check our Improve Your Security series.

Sorin Mustaca

IT Security Expert

Cybercriminals are sending again personalized emails in the German language pretending to come from the well-known website Zalando.de (shoes and women accessories) and from the Deutsche Bahn (German Railways).

Same as before, the text is addressed to the recipient of the email directly and it threatens him so that the user opens the ZIP archive and executes the malicious file.

All payloads are detected by Avira software as TR/Jorik.Androm.pqr and HIDDENEXT/Worm.Gen.

Sorin Mustaca

IT Security Expert

You can download and test the product from here.

Sorin Mustaca

Product Manager

All Avira products detect it as TR/Febipos.B.2.

The malware is a malicious browser extension specifically targeting Chrome and Mozilla Firefox.

This trojan monitors a user to see if they are currently logged-in to Facebook. Once logged in, the malware can do all kind of actions on behalf of the user:

• like a page
• share posts
• invite friends
• chat with friends
• comment on a post

You can find more information about this trojan on this page (Microsoft).

This trojan is another proof that staying logged on social media websites is not always a good idea. Browsers store the user name and password for you, but you should not enable to remain logged in. So, please don’t enable “Keep me logged in”. It would only cost you one click more to login after the browser saved the login details.

Also pay attention to what extension you are installing in your browser. Always make sure that the extension comes from a known publisher and that it has a good reputation.

Sorin Mustaca

IT Security Expert

The new variant of the BKA trojan attempts to blackmail the owners of infected computers with four pornographic pictures of children (last version had only one picture). It pretends to come from the press office of the BKA.

But, if the last version only was mentioning that the user is in possession of pornographic materials with children, the difference this time is that the trojan actually copies pictures on user’s computer. To be even more credible, the trojan has names and birth dates of the children in the pictures (to prove that they are minors).

Same as the other variants known, the malware locks the user’s computer and asks 100€ (135 USD) to be paid via UKash or paysafe. Failing to do this has the consequence that all data on the computer will be destroyed and the user (identified with IP address and user agent string of the browser) will be condemned and punished. The cybercriminals are constantly trying new texts in order to look as convincing as possible.

The malware is distributed via drive by downloads as an executable file with temporary names.

Various media reported that this new version has also a better support for the webcam, so if the computer’s webcam is supported, the user can see himself in the small picture in the screen. Unfortunately, our VLAB could not test this scenario at this time. This social engineering technique creates an acute sense of emergency because it transfers the message that the BKA is “watching” the user.

Starting with the engine version 8.2.10.246 all Avira products detect the malicious files of the trojan with a generic detection as TR/Crypt.ULPM.Gen. Also the pictures that are dropped on user’s computer will be deleted. Please note that the full repair functionality is only available in the Windows products and not in the Rescue System and the command line scanner.

We strongly advise the user to never pay the ransom. Use the Rescue CD to clean up the malware from your computer or ask an expert to help you.

Sorin Mustaca

IT Security Expert

Here are useful tips how to easily protect your account:

1. Protect your social media account with a strong password.

Here are some good tips how to create a good password.

2. Enable two-factor authentication whenever possible.

The two-factor authentication assumes that the user is who he is (authentication via user/password) and in the same time that he has something that only he can have (phone, code, biometric data, etc.)

Here is how you can do this for the most common social media portals and not only.

3. Password protect your mobile device.

Many users access their social media accounts from mobile devices. But, mobile devices, due to their nature are being taken everywhere and sometimes get lost or stolen.

Make sure you password protect your mobile device and even encrypt it if it is possible.

Here are some tips how to do this.

4. Don’t use the same account for all activity you make.

Try to create a computer account for each user and if you work with sensitive data, even for each activity. Don’t forget that browsers and not only save confidential infos in cookies and databases. These infos are specific for each user. By creating an account for each user, you make sure that these data doesn’t reach the wrong user.

Here are some tips how to do this.

5. Keep your computer clean.

Make sure that your computer is not infected with a keylogger when you work with social media. A keylogger will copy all your input and send it to cybercriminals.

Always Use an antivirus software.

6. Protect your computer so that only authorized users can access it.

Even if the computer is not infected, there might be others who have access to it. All websites allow the users to save their login information so that they can access the site faster next time. This has as consequence that if someone opens the browser and types the address of the social media website, they will land in your account.

Here are tips how to protect your computer easily.

7. Change your password often

No matter how secure your password is, it is necessary to change it regularly. Many portals get hacked and attackers might get their hands on your password, even if it is a good one.

8. Don’t use the same password on multiple accounts.

If one account gets hacked, then it is a matter of time until the attackers obtain, based on your email address, your other accounts.

9. Use a different email address and user name for each social media account.

By doing this you make sure that an attacker has a hard time to obtain your other social media accounts.

10. Restrict user permissions

On Facebook for example, you can have normal users and administrators for a page.

By allowing too many administrators, you have many attack targets. Also, it is harder to control and protect so many accounts.

Sorin Mustaca

IT Security Expert

After the Free Antivirus certification, we are happy to inform you that Avira Antivirus Premium is the next Avira product which is Windows 8 certified.

The certification of the other products will follow in the next weeks.

But don’t worry, all other products for Home and Business work on Windows 8 very well, they are just not yet certified by Microsoft.

Sorin Mustaca

Product Manager

Also noteworthy is that the activists also explain which means they will use to attack the USA infrastructure:

We will now wipe you off the cyber map. Do not take this as a warning. You can not stop the internet hate machine from doxes, DNS attacks, defaces, redirects, ddos attacks, database leaks, and admin take overs.

I also find extremely interesting their advice to the American people:

And to the American people we suggest switching your bank accounts from a big bank to a local union.

Can it be that these guys don’t understand that we live in an interconnected world and that if they bring down the headquarter of a big bank, then the entire system collapses?

The author of the article has also written which tools they will be using to attack the USA cyber infrastructure.

The group has posted also a list of targets which will be hit by this attack. In the list are a lot of .gov and .mil websites and also well-known names of financial institutions.

No matter what this group will do or try to do, we do not think that the impact on the infrastructure will be so massive as they say. Maybe some websites will be defaced, the entire network segment in USA will be slowed down for a while, but it is very unlikely that someone will be actually harmed.

Nevertheless, we advise all readers to be aware of the fact that there will probably be a lot of opportunist criminals that will raise phishing websites which probably will respond faster than the original websites.

Update 17:40 CET+1:

Top 10 websites mentioned here are alive and running smoothly. Can it be that the cyber-criminals are waiting for the start of the USA business day? Or is it that they are just not successful?

Sorin Mustaca

IT Security Expert

You probably don’t live on this planet if you haven’t seen at least the trailers from these two movies. And, from curiosity, there is only one step to social engineering for the masses.

Iron Man 3 and Star Trek – Into Darkness are the titles that make the news these days.

It didn’t take long until various criminal groups started to exploit the news and published so called “online” versions of the movies. This means nothing else that online streaming.

We leave aside the legal implications which streaming a movie for free has, as it is not the topic of this article.

If you run a search on Google for “watch iron man 3 online”, you find about 380 mil (yes, million) results. Many of these pages will drive you to a website that most of the time offers the movie  some but only through some special codecs or versions of known codecs.

There is nothing for free. Even if you don’t pay money, you pay by other means.

Once you download and install these programs, codecs, updates or whatever the pages require, you open the virtual door of your computer to malware. The so called player will download various malware on your computer thus transforming it in a bot.

We advise all users to not fall for these cheap tricks.

Sorin Mustaca

IT Security Expert

The so called invoice is in a ZIP archive containing a … SCR file. SCR is the classical extension for screen saver programs in Windows. The file in the archive is called “Rechnung.scr” and it is currently detected by our products as TR/Rogue.957311 and TR/Kazy.169263.1.

So, what is that makes this spam campaign so special?

There are a couple of items which are not seen usually in such spam campaigns:

- They address the recipient using the full name.

- The archive attached is called “<First Name> <Last name> Dritte Mahnung store.apple.com/de <registration number>.zip” or “Kaufvertrag <First Name> <Last name> Plus.zip”

- Makes use of social engineering which addresses the German speaking countries directly. “Dritte Mahnung” is in German and it means the third demand to pay letter. Usually, after the third demand the companies send the unpaid invoices to a lawyer. This is public knowledge in the German speaking countries.

We can only make some wild guesses from where did the cyber criminals get the email addresses with full name. It can be that they got them from the companies that got hacked previously (Linkedin, Last.fm, Evernote, etc.)

Sorin Mustaca

IT Security Expert