The “bad guys” on the Internet have long had a habit of finding the biggest security holes with the greatest potential impact. That’s one reason why the Apple computer line has remained effectively virus free (I caught at least one in the early Mac days (Scores), so don’t tell me there never has been any Mac viruses).

Over the years, operating systems have been “hardened”, so the bad guys have become creative and looked towards other avenues, to the point that Mike Cox in an article “Social media attacks dominate first half of 2010 malware trends” on eChannelLive tells us what is now going as as the biggest impact by the bad guys:

“Cyber criminals are putting increasing emphasis on using social media platforms like Facebook and Twitter as effective ‘spread mechanisms’ for malicious software,” said Arvid Gomez, Norman vice president, OEM and Technology. “In the past, they put nearly all of their efforts into compromising PC operating systems. As social media use becomes part of the fabric of our daily life, Internet users need to make certain they are taking the necessary steps to protect their privacy and security.”

He then goes on the discuss the koobface malware that has come through FaceBook since 2007. I encountered this at a client’s site about 4 months ago.

Another method to not only frustrate you, but also get some money, or your credit card number for use in, in the least case fraud, and the worst case, identity theft, are the “scareware” or “rasomware” programs that take over your system and basically demand that you buy their removal tools, which…are pretty much garbage anyhow. Mike has this comment:

Norman security experts also note that fake antivirus programs continued to plague many home PC and business users. Rogue antimalware programs have been around for a long time. In recent years however, they have become increasingly widespread, and represent a major problem. These programs can be difficult to eradicate, as they often consist of many different malicious elements.

I spent a better part of Wednesday ripping one of these attacks out of a laptop of a client’s office machine. I’ll say this: About 6 months ago, I could find these and get around them and eliminate them in about an hour. That was thanks to having seen several in a short time frame. They all had different file names, and loaded themselves from different places on the drive, but they all used the same methods. The one I ran into Wednesday had grown far smarter. I found it pretty quickly, but it had done many things to mask itself, and had placed some more hooks in the registry than I was used to deleting. Additional, I found a browser web director trojan in there, too. It may have arrived as a package deal, but it took 6 hours to find it, delete the offending things, much of the time was spent running scans, which found more things with each delete/reboot/scan cycle. It’s gone now and they are back to work, without having to just wipe the drive and begin all over, but it was a long day, when some elements have become smart enough to even force a load, regardless of some settings you applied to keep them from coming in a boot up.

I know many people don’t want to learn about the specifics of keeping your computers free of malware and other bad things, but your choice, as I see it, is to commit to some training by your local computer support person/people/staff/support company, or you can call us up and pay by the hour to undo what was maybe a 5 second decision on what to do about the question: “XXX is requesting to run. Do you want to block or allow it?” from your firewall protection. Because of the bad guys, you must get some education in how to keep from your system from becoming unavailable for a few hours (at best) to days (worst case).

Good rule of thumb: You can unblock accidentally prohibited functions. You will lose time and money if you let something in out of “I don’t have time to deal with this, I just want to get back to work!” frustration.

Read Mike’s article and practice intelligent computing!

Back in November, I talked about “zombie computers,” those which had been infected to do the bidding of a master computer, usually to SPAM others. The discussion was about how that type of infection was a usual suspect in a “slow computer.”

Some good news was found in my reading this morning: A Spanish man, who controlled a huge zombie network, has been busted. From the UK Register:

As previously reported, the Mariposa botnet was principally geared towards stealing online login credentials for banks, email services and the like from compromised Windows PCs. The malware infected an estimated 12.7 million computers in more than 190 countries.

The botnet was shut down on 23 December 2009 following months of collaboration between security firms Panda Security and Defence Intelligence in co-operation with the FBI and Spain‘s Guardia Civil.

One down, more to go, but good news to know many organizations are working hard in the background to make the net safer and free of such threats.

I have not had to fix two systems, where somehting crawled in via the internet connection and took over the computer.

Case 1) Total Security 2009. You could not get to the Internet, the screen was resized down to 640×480 (making it difficult to redo things like screen size settings, as the buttons were now below the bottom of the page and you couldn’t pull them up any higher), Task Manager was corrupted (so you couldn’t shut down the offending program), and any anitvirus/antispyware/antimalware program would not run. Top it off with the program put up a whole screen message about every 5 seconds showing a list of all the spyware it found on your system.

The way around this? My first effort was to just start over the customer’s installation on a new dick drive, then come back and move the data over. Once things were under control, I found the easy answer, but it wasn’t apparent while you kept getting a screen up every 5 seconds, the program had put a shortcut to itself on the desktop. Using that marker of its presence, I found where the program had installed itself, and it was not in the Program Files directory. It had put itself in My Documents/Application Data (a hidden file to the normal user) and it didn’t use it’s name for the program, it was numbers only on the folder that held the program. I verified this by changing the folder’s name and rebooting. The program didn’t start up this time, but the Task Manager was still damaged to the point it did not work. I also then scanned the disk using CyberDefender and it found Total Security and labeled it as a Rogue MalWare program. running CyberDefender while the malware was running resulting in saying there were no problems.

Solution? Pay attention to what your firewall is asking you to allow. Oh, better yet: Make sure you have a good firewall installed and that you use it. I use the PCTools firewall. Free and effective.

Case 2) No Internet, and you can’t run any program. Now, it’s difficult to discern exactly what this is right now, but the user said it had been like this for about 3 months. He had another computer sitting off to the side, actually a better one, and I spent last night moving the data off the hard drive of the first drive (while attached as an external drive, not the boot drive). I haven’t had the time to run the actually problem to ground, but I’m leaving to deliver the other computer, with all the work files moved over, so they can get back to work.

There are those who will spend their days figuring out how to attack your computer across the net, and make your life frustration, and maybe even stop your business for at least a day, while someone like me gets you back to operating mode.

Unfortunately, you just have to come to grips with the fact these people are out there and you need to make sure you compute safely!

One type of software out there that sucks people in is what I have termed “ScareWare.” Bad stuff at several levels…

Here’s what it looks like to you: you’re minding your own business, or reading everyone else’s on Twitter tweets, and all of a sudden, a windows appears in the middle of the screen with some ominous warning like: “YOUR COMPUTER IS INFECTED WITH SPYWARE/MALWARE/VIRUSES! – Click here to scan your computer.” You, being the concerned user you are, do that. Next, there are the normal downloading and installing software indications. You keep clicking the “Next” buttons until the process is complete.

A system scan begins, the “progress bars” show, the number of files checked the viruses (or what ever found) clicks up. Finally, the scan is done, and sure enough, there are things to be removed. You click to get rid of the problems and….yes, you get the dreaded “You must purchase this product to remove the _____________ click here to enter your credit card number.”

You’ve been had. At the top level, the software has most likely found some legitimate things on your system that do not need to be there, some of them rather benign, and you want them off. At another level, you now have a program that is installed and pretty much got into your system by false representations. Just about all of them I have run across do you no good.

In one case, the anti-virus software imbedded itself, didn’t appear on the list of programs installed, so you could remove it the normal way, and…the bonus “gotcha!” was you couldn’t log onto any of the sites to get the free software, or even the big name legitimate software to remove this alien being on your hear drive.

My advice, if you get the ScareWare installed and it begins to nag you, very heavily, make sure you save any and all data off your computer you wish to save for the future, because, I saw a case where the machine would just reboot every 5 minutes and all I could do was to completely reformat the hard drive and begin all over installing Windows.

Note: you must save it to a CD/DVD/USB drive, a back up/external hard drive to make sure you have it. Family pictures, work documents, resumes, address lists…etc. Gte them off, then try to root out the offending software.

Your first step: See if you can get on to www.symantec.com, or < ahref=”http://www.mcafee.com”>www.mcafee.com or www.lavasoft.com. If you can’t get them to come up without errors, then you have it bad and you should mentally prepare yourself for completely restoring your hard drive.

Next week more on how to do the best you can coming back from a close encounter with “ScareWare.”

Slow computer?  Not uncommon these days.  There are many causes, some just because the software you are using is overcoming the capabilites of the computer you have, but more often than not, unless you just decided to become a big time video edting geek on your 10 year old ex-corporate office hand me down Pentium III Compaq computer running Windows 2000, it’s an issue of the things that creep onto your hard drive, and load themselves each time you start/re-start your computer.

There are many names for these things, but the ones most responsible for significant slowing of your computer are most likely because your system has become a “zombie” in a massive network of infected computers around the world, cranking out spam emails.  Ther is big money in this, and there are people who have master control over the infected systems, and are paid well for using “cloud computing” before cloud computing was a viable term, to deliver those spam emails to your inboxes, based on what some marketer wants to get you to consider.

Recently I read the good news is the email traffic on the Internet comprises only 97% of the volume.  Good news?  Yes…because we’re down from 98% in 2008.  So, if you know how many jokes and inspirational emails you forward without comment, how could it be possible that so much more traffic could be spam?

Infected computers.  The best well know term for this might be “MalWare” (malicious software), but the software isn’t loaded to hurt your own system, it’s just there to use your processor to churn out emails on mortgages, debt reduction, free cruises, weight loss, etc, etc, etc.  That’s the slowdown factor.  It doesn’t care that you need to make a powerpoint show up for this coming meeting, becuase you let it in, so it’s like univited guests that come and decide if they can find it in the refrigerator, or the pantry, it’s theirs.  Don’t leave your car keys out, either.

The malware programs get in, scan your email contact list, randomly pick a contact’s email and go to work.  This, as a side note, is also why sometimes you get an email from someone telling you, via the forwarded mail, that you were sending spam.  You look at the text and have no clue why, or when you would have done that.  It wasn’t you, it was your email address from someone elses address book on someone else’s infected computer.

If you’re system, after it’s booted up, is dragging, when it wasn’t and you haven’t installed some new software to put yourself on the cutting edge of somoe capability, you just may have that uninvited guest using your processor.   Time to complete a few simple steps to correct the problem.

First, run your anti-spyware software.  Spyware?  Yes, that’s how it’s found, along with software that may be sitting around, waiting for you to type your creditcard number, but you’re still going after the malware zombie making code.

Spybot is a free utility.  AdAware is also free, but has paid for versions to automate more of the scan process, if you choose.  Install and run one of those of you have nothing.  Make sure you allow the installer to get the latest updates, at it is a leapfroggging game of the bad guys writing new wyas to do this, and the good guys blocking it, and sending you the updates.  You may have an old zombie/malware/spyware in your system, but you may have a brand new one, too.

After the scan is completed, then ensure the spyware prgram deletes the identified problem code, adn, the next most important step is to re-start you computer.  Why?  The virus like software is stored on your hard drive, and told to load at startup into memory, where it runs.  The scanners check the hard drive for the program, but cannot look into the active memory of the computer to see if a program is running.  So, what you “found” is the code on the hard drive, and even if you delete it, the program itself can still be in memory, cranking out debt relief emails.  By shutting down/restarting, you clear all running programs out of the “RAM” (random access memory) and when the computer begins it’s next run, the bad code is off the hard drive and not loaded, so your “uninvited guest(s)” are no longer hanging around, driving your card, eating you food and using the washing machine in front of your own load of clothes.

There you have it.

Compute smarter, not harder!