Changes to the Webroot ThreatBlog


oldtonew

Over the next few days, you will begin to see some changes to the Webroot ThreatBlog.  As the company has grown, so has the need for our threat research to be delivered in a clearer, more concise manner.  We have worked long and hard on the new blog, including adding new content like the ThreatVlog, as well as highlighting the individuals behind all the great threat research done here at Webroot.

So with all that, we want to welcome you to the brand new Webroot ThreatVlog.  It is more than a URL update, but a whole new look to help you better stay updated on the digital threats out there, and just how to stay protected.

To better help you, here are a few updated links to help you.

New web URL: http://www.webroot.com/blog/
RSS feed update: http://www.webroot.com/blog/feed/

[Video] ThreatVlog, Episode 2: Keyloggers and your privacy


Commercial and black hat keyloggers can infect any device, from your PC at home to the phone in your hand.  What exactly are these programs trying to steal?  How can this data be used harmfully against you?  And what can you do to protect all your data and devices from this malicious data gathering?  In this episode of Webroot ThreatVlog, Grayson Milbourne talks about security, your data, and protecting yourself.

Did you miss the first episode?  Be sure to check it out here:  http://blog.webroot.com/2013/08/20/tor-and-apple-exploits-revealed/

[Video] ThreatVlog, Episode 1: Tor and Apple exploits revealed


What is Tor? Is it really secure? What about the Apple App Store approval process? Are all these applications really looked at?

In today’s episode, Grayson Milbourne covers the exploitation of the Tor network through Firefox and a proof of concept showing just how insecure Apple app testing can be. Continue reading

Infographic: Malicious Mobile Apps


malicious-mobile-apps-top

The workplace technology landscape has changed dramatically over the past five years, and the security threats have changes along with it.  Here are the growing factors that IT professionals can’t afford to ignore, all in a beautiful infographic. Continue reading

How not to install Adobe Flash Player


By Dan Para

It seems simple enough, I want to install Adobe Flash Player so I search for “flash player download and click on the first result, right?

search1a

Ignoring the second link which doesn’t have a five star rating and 37 reviews, I’m brought to a page called downloadinfo.com.

downloadinfo

I click the download button, click through the download dialog box and run dialog box, come to the Optimum Download screen for my Free Flash Player. Click.

optimum downloaderLet’s see what this installs. First up is RealPlayer. Click.

realplayerNext up is some program called Solid Savings. Click.

Solid Savings

Then something called Unit Layers. Click.

Unit Layers

That seems like a lot of software to install in order to get my Adobe Flash Player, but we’re not done yet, here’s something called Optimizer Pro. Click.

Optimizer Pro

Okay, now we’re finally installing…

Installing

Now RealPlayer, which was bundled with Flash Player wants to install the Google Toolbar? A bundle within a bundle? Okay… Click.

Google Toolbar

I should have my Flash Player any moment now… Wait a minute. VLC media player? Where’s the Adobe Flash Player I started out downloading?

VLC Player - what

Okay, VLC media player will play flash files, but I really expected to be getting Adobe Flash Player (Seriously, while I was doing this I was hoping this was one of the “download managers” that actually downloads and installs the actual Adobe Flash Player along with all of this other software. I was surprised and disappointed to get VLC media player instead.) The link I had clicked on initially displayed it’s URL as adobe-flash-player.downloadinfo.co/ and included the text “Install AdobeFlash Player Now” so you would think that link would get you Adobe Flash Player, but no, it was just a misleading ad that appeared as the top result on the search page that led to a “download manager” which bundled a bunch of additional software along with VLC media player, which can be downloaded for free. The downloadinfo.com website even had fine print stating that “This software may be available free elsewhere” which was hyperlinked to the download page for VLC media player!

optional software included

So how should you install Adobe Flash Player? Or any other software for that matter? In this case I could have clicked on the second link which would have brought me directly to the download page for Adobe Flash Player (and unchecked the box to opt-out of installing McAfee Security Scan Plus of course.) In general we recommend downloading software directly from the software company’s website whenever possible, otherwise you could end up installing all sorts of additional, potentially unwanted software along with the free software that you wanted to download – or even a completely different program like I just did.

Recent spike in FBI Ransomware striking worldwide


By Israel Chavarria

Recently we have seen a spike of this ransomware in the wild and it appears as though its creators are not easily giving up. This infection takes your computer hostage and makes it look as though the authorities are after you, when in reality this is all just an elaborate attempt to make you pay to unblock your computer. Continue reading

Recap from RSA2013: Android Malware Exposed


2-28-2013 11-38-16 AM

On Wednesday, February 27th, Webroot’s Security Intelligence Director (Grayson Milbourne) and  Senior Mobile Analyst (Armando Orozco) presented at the RSA Conference in San Francisco.  Their topic, Android Malware Exposed – An In-depth Look at its Evolution, is an expansion on their previous year’s presentation, highlighting the severity of Android malware growth.  Focusing on the history of operating system releases and the diversity across the market, as well at the threat vectors and behaviors in the evolution of Android malware, the team has established strong predictions for 2013. Continue reading