Internet

Malware and Virus attacks get more “life-like”

I spent a few hours pulling a serious malware infection, actually a set of 8 different ones, off a client’s main system yesterday. He contracted the mess at 5:40 PM last Monday.

My contention os these attacks are getting more “life-like” is based on the manner in which he identified the moment of problems: He has a major customer and he ships mountains of product to them via UPS. On Monday afternoon (consider what else was going on in the Post-Christmas days and UPS), he received and email indicating an updated delivery status for his UPS shipment. His comment was it appeared to look very much like others he had received via the major customer, so he clicked on it. He said it didn’t have fancy graphics, but it certainly was a detailed looking email, not a one liner with a link.

It also reminds me of the 1-3 emails I get a day into one of my other blogging emails that obviously some scraper picked up off that site. They tend to be advertisements, but they are mixed in with emails that are my accounts at (fill in the banking institution) suspended, blocked, etc. Some of them actually are all dressed up with HTML graphics layouts, too. I stay away, but then I deal with this daily. For others, like my client, when one comes that makes sense to their work flow/life/personal business/social networking, there is a likelihood they will allow the malware in, and their firewalls may not stop it.

For the user: You have to be wary of things that look kinda true , but something still tells you it’s not kosher and look closer before clicking.

Be careful out there and practice safe computing!

For you techs, looking how to get rid of this:

Anyhow, it really embedded itself within his system, flagged as a Win32 password stealer by Microsoft Security Essentials. The good news, in early Tuesday, I convinced him to take the rest of the year off and reward himself for a great year, and I’d be over Thursday morning (since the malware would allow a network connection for a few moments, then cut it off, so a remote session was out of the question.

I used MalwareBytes, Microsoft Security Essentials, Kaspersky TDSS Root Killer and old school digging through the entire registry, after seeing the names in the user appdata roaming and local files under nonsense random lettering named .exe files and folders.

I called this one a “repeater,” as MSE would identify it, clean it, then it would fire itself back up about 30 seconds later. I would see 8 different start up program listings named BitNefender 2016, turn them off, and they would be back, activated in the next reboot. Interestingly enough, searching for that name in the registry never found anything, even after several tries.

It was the searching for the keys and values in the registry and manually deleting them) that, in combination of the MSE and MalWareBytes scans that finally got things working normally, including restoring a constant network connection.

Friday Freebies: Comodo IceDragon

For a while now, I bave been using the FireFox based Comodo IceDragon for my browswer. I have long since left Internet Explorer behind, only using it when it was the only option for some things such as updates from Microsoft, and have long been a fan of FireFox from the folks at Mozilla.

Long before the added functionality of plugins arrived in the IE world, I had many, many useful plugins operating in FireFox.

Then I came across IceDragon about a year ago on the Comodo site Free Products page. I had been using their Dragon browser for a bit, which is based on Google Chome, and had built it up for some replacement functionality in the plugin world, but I wanted a FireFox version and they read my mind. So here I am.

Advantages of the IceDragon browser of “straight stick” Firefox:

1 – On the right end of the website address bar, where is a stylized blue “W.” That button is a tool the, when clicked, scans the currently selected webpage for infections. Think of it like a virus scanner, not for your comp[uter, but the site are looking at.


Click images for larger version

Why is this important these days? Beacuse the bad guys are hacking into and infecting legitmate websites. The result is you get intrusions into your computer, not by clicking the obviously hacking into freinds Yahoo email account sending out spam viruses, but without your inattention to detail for a mere moment.

2 – The browser has beefed up security checks, and will stop and ask you if you really want to go to a webpage that has indications of being a malicious site, or, in the case a site’s shopping cart that had their security layer (the SSL function, that ensures your credit card info is encrypted before it leaves your end of the transaction to purchase on the net) expire, which then makes passing your info a risky thing.

I have seen it also ask me if I wanted to continue, because the web address had more than some acceptable numbe or dedirect command (meaning the webiste keeps forwarding you to anothe domain/server for the content, but in this case, the redirects continued to bounce my request to other places). IN this case, it is a site I go to regulalry, and is a big name, but obvioulsy the bad guys use mulitlpe redirects to cover thier tracks in an effort to hide what they are up to, and IceDragon saw a similar pattern and asked me. I tried it in the current version of FireFox, out of curiousity, and it took me right to the sight. Good real time comaparison.

But, they you have your Friday Freebie courtesy of The Computer Whisperer!

Do you have a strong password? Do you use it a lot?

Here’s the reality of our digital lives: We have lots of online accounts and they need passwords. Many people use ones that are easy for them to remember, and tend to use sometimes only one.

How does that affect you? Well, think about this: Once “they” get the one, then you’re life can be laid wide open to those interested in digging further. Since it’s not uncommon for sign ins to be your email address….someone (or a programmed crawling robot) could just travel the known email universe and common places like FaceBook and give it a whirl with your email and a common, made once, used always password of yours.

That’s bad enough, if you are in this category, but even if not, there is now an article that brings to light the technology that allows gamers to get really life like graphics, and for scientists to explore climatology, cancer, and signal from space, is also being exploited by hackers.

I invite you to take this introduction, and read as much of the ARS Technica “Why passwords have never been weaker—and crackers have never been stronger” and read it until you are sufficiently convinced you need to take action to protect yourself by putting some effort into your password selections.

Yes, this will take some mental energy, and changes to your daily digital operations, but….I’m sure you wouldn’t want to wake up to a screen full of mail, indicating your email has been exploited and your bank accounts have been emptied, etc, etc, etc.

Please help protect yourself!

Understanding Your Digital Landscape Seminar 11/16/2010

From the flyer, regarding the Seminar I’ll be conducting to help business owners, who are not technically enabled, to better understand what makes their business function:

Understanding the Digital Landscape

What is it?
How do you find it?
How do you use it effectively?

Computers save us time in everything from information storage and retrieval, calculation, graphic design, and report preparation. E-commerce allows our websites to keep our businesses running 24/7.

A failure at any point, from our office records to our online presence, can quickly snowball into a technological disaster, especially for a small business that doesn’t have an IT (information technology) staff in-house.

Seminar leader Curt Middlebrook, The Computer Whisperer, provides insights into the equipment, computer programs, and office and internet support services out there, and the people who provide them. You’ll learn how to maximize your online efficiency, and how to track the success of your online marketing.
This is a Lunch & Learn program, part of the Pinellas Park/Gateway Chamber of Commerce Success in Business Series. Your registration includes detailed information for evaluating every aspect of your company’s digital landscape, as well as a light lunch.

When : Tuesday, November 16; 11:30 am to 1:30 pm
Where : Park Station, 5851 Park Blvd., Pinellas Park, Room 202

Cost : $19.95 Pinellas Park/Gateway Chamber Members
$24.95 Non-members

Call Chamber Manager Larry Steinlauf at 544-4777 to register.
You must be registered to attend.

Soldier’s Angels VALOur-IT Fund Drive 2010

Technology moves ahead in unpredictable ways, sometimes.

History lesson below, for the interested. For those who are ready and need to donate and move on: Click here.

If you’re looking to help an old Sailor out, then “push” the button for Navy. Know this: It all goes into the same pot, but, the need to poke at our fellow military members doesn’t go away easily, so…resist the urge to help any service team other than Navy…..

Now to some background:

Barely 5 years ago, a “MilBlogger,” and Army Captain Chuck Ziegenfuss, ended up on the wrong end of an IED when on patrol in Iraq and subsequently in Walter Reed Medical Center. Having been a fairly active poster, when a Soldier’s Angels representative asked if he needed anything, he asked for a laptop so he could blog from the hospital, since he’d be there a while. They bought one off of eBay.

He had injuries to both arms, leaving him with one in a cast, and the other in a halo. Typing, as you may surmise, was pretty tough. He posted indicating he sure could use some help…maybe so he could talk to his computer.

Some people helped him out getting Dragon Naturally Speaking. As a result, Chuck’s Blog came back to life.

As a result of that, the idea that this mashup of existing tech would be able to help others. The conception of the idea came from one of Chuck’s reader’s, Beth (FuzzyBear Lioness in the comments section), who thought if it worked for Chuck, who else might it help?

So, the first use of the Project’s Name happened 8/18/2005.

Now we are but 5 years and a few months later, over $600K collected, about 50 bloggers on the teams, and begging for air time on the big websites (and getting some!), with close to 6000 laptops delivered. They are new. They are good ones, and they are provided at the Major military medical facilities, and, they can be requested, if someone has slipped by the system unnoticed.

I believe it was last year, they added the purchasing and providing of Nintendo Wiis, which has helped with physcial therapy for the injured warriors. GPS units are now also provided to those who are getting out and about, to compensate for the short term memory loss issues as a result of TBI and severe PTSD injuries.

The “gateway” to the many pages of information and the project blog is here.

One particularly descriptive post titled “Laptops Save Lives?!” has the words of the real “end users” of the charity of the donors of this work. It may be from 2007, but the truth is right there. This is a great project, which really “gives back” to those who entered the services and gave much of themselves.

Besides just the close to the problem connection, from a problem solving standpoint, I see this as a job training program for the majority of these wounded troops, as they will be medically retired/discharged. If they have used a computer to get and stay in contact with their families, friends and “Battle Buddies,” they sure will be able to draft up a business letter, surf the net to do research and learn to crunch numbers with Excel for the employer who wants a person who looks forward into life and works to achieve their potential.

I could go on for many pages, having personally met Chuck and Beth, and Patti, the Founder of Soldier’s Angels via these campaigns over the 5 years. The stories are real, the ideas amazing, and the unselfish acts to take an idea from one person to many is a lesson in building relationships.

Once more: Donate here to Team Navy!

learn more

Isn’t it Ironic? Mac OS X Virus arrives

A sesimic shift in the PC word has just happened: A Mac OS X virus is here, coming in the form of a Java script off of social media.

The irony? as I was removing a virus off a “real” PC this morning, my client indicated they might buy a Mac, so they wouldn’t viruses. I began with a little business analogy: One day, it will happen. When? When the Macs in the market reach some magical %, the “bad guys” will then take the time to study the Mac OS in detail, to try and exploit it. I also went on to discuss how a business decision, when done right, always looks for the most impact, for the least expenditure of resources. And, as of that moment, it must haven’t arrived (little did I know)…yet. I potulated, that when it did, it would be like a very big tidal wave, particulalry accentuated by the fact that it’s “well known” Macs are invulnerable from attack. Yeah, right.

So any how, for you MacoPhiles…gird your loins, the attainment of 20% of the PC market by Macs announced by Steve Jobs a few days ago, has had an impact on your bulletproofness. Be on your toes, and hope the good guys have anti-virus software ready for you, really, really soon.

Here’s the warning from the articles at ARSTechnica:

A new trojan horse has cropped up that affects Mac OS X (and Windows as well), primarily disguised as a video flitting around social networking sites. When users click an infected link, a Java applet is launched that downloads multiple files, including an installer that runs automatically without users’ knowledge.

While between other appointments this after noon, I saw the article (linked above) and I knew the time has come.

Note, too, you Windows based PC users, you’re a casualty of this new attack, too.

Be on the look out for any video on the social media sites….all of you computer users.

I’ll bring this history, too, because there have been Mac based viruses before. In early 1988, I contracted the “Scores” virus on my Mac II from a download off of GEnie.

That was bad news. The good news is the PC market exploded on cheap Intel based PCs and the bad guys went after them. That has left the Mac world as the untouchables for all these years…until now.

LimeWire is Dead…

Thankfully. I know a lot of people liked it, as they could avoid, not only paying retail for music and movies, but not pay anything at all….until some of them had to call me, because their computers were so zapped by malware/spyware/scareware/ransomware from embedded “payloads.”

In one case it wasn’t pretty at all, with me spending three evening trying to save their family photos.

The “bad guys” figured out how to insert viruses and Trojans in the “free” files, on that peer-to-peer sharing network. Not all of them, but it certainly was a crap shoot when you tried to pick a torrent to pull down for your entertainment.

Anyhow, the full report from TechCrunch is here.

We Infect Our Computers Ourselves

Didn’t bookmark it, but a few weeks back, I saw an article that said greater than 50% of computer infections were no user imposed.

What does that mean exactly? It means the people who write and manage software are doing a pretty good job of staying ahead of the hacker crowd, but,we the users, are become our own worst enemies. Not that we purposely let spyware, malware and viruses in, but we are more easily fooled into doing just that.

The “bad guys” are becoming very good at replicating things that are legitmate, both in look and in a social context, that make us want to click it.

Next hing you know, you’ve got a “ScareWare” problem, which, if you don’t pay the ransom, it begins to dig about your files and, over time, render your PC useless.

What got me to post this? An article in a security news feed I track saying there are a crop of “Browser Updates” showing up on people’s screen, and, we do what we are told “KEEP YOUR COMPUTER UP TO DATE!”

That makes it increasingly difficult to sort the fake updates from the real ones.

Let’s be careful out there and, according to Symantec researcher Parveen Vashishtha know this:

Malware authors are employing innovative social engineering tricks to fool users — it’s as simple as that…”

I’m a sucker for Beta versions…this time: Internet Explorer 9!

Today Internet Explorer 9, in beta test format, hit the web for download.

You can get it here.

Support for the next version of HyperText Markup Language 5 (HTML5).

After the install, you have to reboot. I went into freak out mode when the reboot began the Windows 7 recovery mode, butthat not being bad enough, it told me my moterhboard was not the type it actually is. Two boots did the same thing.

I powered it down, then restarted, using the BIOS pull down menu to point at my RAID0 (2 x 750GB Seagates!) and crossed my fingers. It worked. Up and running in IE9 to post this (I normally use FireFox for about everything, but hey! It’s the BETA!

I will be cloning my RAID Array to the third installed drive tonight (1.5TB)…just in case….

Oh: I pulled down the FireFox 4 beat a few weeks back. I installed it and most of my plugins (and I rely on several) were “broken,” so I limped back to FF 3.6.X for the time being.

More if I have to.