Tag Archive for scareware

Windows 8: The hackers are already in it…

This news is a few days old, but is telling: Windows 8 already has it’s own phishing and fake anti-virus malware attacks…

Hackers Already Blasting Windows 8 With Phishing, Fake AV Scams as reported in CRN.

In both cases, for those who keep asking me “why do these hacker do this?”, it’s about getting you to give them your credit card info…then they can go shopping on line for you and begin to try to steal your identity…simple, they have a business model of “crime does pay, if the gullible just hand me their bank information!”

Safe computing, you need it!

My User is being directed into another users folder named TEMP

Malware, BadWare, ScareWare, RansomWare, just make you MadWare. I couldn’t get back far enough to find the cause, but the brief version began with a call well before business hours from a client…

I didn’t get to see all the problems, as he tired to fix it first, before deciding this was something different. The story goes like this: “I had a message on the screen to upgrade [not update] Avast.” He did as directed, and it said it had to reboot. When he came back to the login screen, all three users were presented and he clicked on his own icon. In he went, to a balck desktop, missing all but the public icons. When he started Outlook 2007, it took him to the new install, set up a new account wizard.

He ran a restore point, yet the results were the same. He left me a message.

I go there and began to look for the associated “hide all your icons” malware, but the user documents folder was empty…not even any hidden files, just like a new Windows 7 user would be. Found the Outlook .pst, and it was very small, but there with a new date. His desktop folder had none of his files/icons, so this left me wondering what was up. I pulled up the cmd line and what caught my eye was the initial directory was “C:\Users\TEMP>,” not one named for his user, as he signed in under.

From here, I wondered what was up, so I went to regedit and did a serach for “\users\temp.” I got the result I was looking for (in HKey_Users), but it was the surrounding registry entries that clued me to the fix required: The malware had taken the normal -1000 (first user) and had renamed in with a “.bak” extension, and then in the now existing -1000 user settings, it had used his login in name, but pointed his settings to the “\user\temp” folders, which now explained the absence of any of his files.

I went back to Windows Explorer and confirmed all his files were actually in the user folder bearing his name, and then, being a bit smarter on the problem, noted the temp user folders were, of course, like a brand new user.

The repair was simple at this point: Rename the offending -1000 user with a “.bad” extension on the entry, then removed the “.bak” from his real -1000 user entry. Of course, I first backed up the registry as it was, just in case I would find out this wasn’t the case, and then, with the changes in place, restarted the system and all was now back to normal.

Still can’t tell you the exact cause, but the symptoms were a solid black desktop, and empty files for My Documents/Pictures/etc, and Outlook wanted to create a new install for a new user. All it turned out to be was the infection had copied and renamed the proper user registry entry, and put iteslf in is the user, and, while using the the correct user name, it was sending the coputer to the new “TEMP user name, now new and empty folders.

The reboot after correcting the registry entries worked fine, and that was two weeks ago.

LimeWire is Dead…

Thankfully. I know a lot of people liked it, as they could avoid, not only paying retail for music and movies, but not pay anything at all….until some of them had to call me, because their computers were so zapped by malware/spyware/scareware/ransomware from embedded “payloads.”

In one case it wasn’t pretty at all, with me spending three evening trying to save their family photos.

The “bad guys” figured out how to insert viruses and Trojans in the “free” files, on that peer-to-peer sharing network. Not all of them, but it certainly was a crap shoot when you tried to pick a torrent to pull down for your entertainment.

Anyhow, the full report from TechCrunch is here.

We Infect Our Computers Ourselves

Didn’t bookmark it, but a few weeks back, I saw an article that said greater than 50% of computer infections were no user imposed.

What does that mean exactly? It means the people who write and manage software are doing a pretty good job of staying ahead of the hacker crowd, but,we the users, are become our own worst enemies. Not that we purposely let spyware, malware and viruses in, but we are more easily fooled into doing just that.

The “bad guys” are becoming very good at replicating things that are legitmate, both in look and in a social context, that make us want to click it.

Next hing you know, you’ve got a “ScareWare” problem, which, if you don’t pay the ransom, it begins to dig about your files and, over time, render your PC useless.

What got me to post this? An article in a security news feed I track saying there are a crop of “Browser Updates” showing up on people’s screen, and, we do what we are told “KEEP YOUR COMPUTER UP TO DATE!”

That makes it increasingly difficult to sort the fake updates from the real ones.

Let’s be careful out there and, according to Symantec researcher Parveen Vashishtha know this:

Malware authors are employing innovative social engineering tricks to fool users — it’s as simple as that…”

Random Bits From the Digital Trenches

Technology is creeping ahead…quickly. iPads are making it off the shelves in massive numbers, and…yes, there is a security issue. Interesting, isn’t it: The more connected we become, the more we are “exposing” our information. And, as the old saying goes, you can make mistakes with computers so much faster and many more times!

The “bad guys” are hard at work. About 6 months ago, people called me with “scareware” viruses and I could eradicate them in under an hour. Since then, a new wave has appeared, and they not only have a propensity to fake where they are installed, they also now find the more common anti-spyware database files on your systems and remove the identification data, so you can scan your system and they are not recognized. Net result: The “infection” hangs on longer and takes more effort to find and eradicate them. Are you practicing “safe computing?” If you don’t have anti-virus and anti-spyware and a firewall besides the one that comes with Windows, shame on you! By having those installed, you have a much better chance of not having to call me in to get you back to work, and writing me a check.

Smartphones. Geez….the iPhone 4 is very, very cool. That, along with the many others hitting the market, both in the Android and Windows based ones, cell phone band width will become an issue. We consumers will be amazed that “unlimited” plans really aren’t. In defense of the carriers, it takes money and technical expertise and time to keep the “backbones” upgraded for us to use. Think of it as road construction, and it’s going to be a massive rush hour. Just as we see our digitally connected worlds expanding exponentially, there will be the just one more customer that sends your connection speed down the tubes. It’s a problem of aggregation, not that one users.

Next issue: Apple really upped the ante with the “retina” display technology. Think you have a nice screen now? Think again. We have been living on display surfaces, both in the cathode ray tube and now the LCD/LED era, at resolutions of no greater than 75 dots per inch (dpi), at best…usually 72 dpi.

drool over this: 326 dpi! Math: 326/75 = 4.3X improvement in picture clarity. It used to be, I “thinned” out pictures for web use to 100 dpi, because above that, you couldn’t tell the difference, and it also less data to transfer, so the pictures on a web page loaded much faster. Now 400 dpi wil have to be the default standard for high quality on the net. That also means more data flying about, clogging the pipes. In actuality, it will be a while before we really have to worry about this, as only the really big corporations, and “bleeding edge” early adopters will have such displays, but maybe 5-8 years down the road, this resolution will become an accepted common standard. My prediction, not connected to anything I’ve read…yet.

WordPress is no longer just blogging software. It’s now a true “Content Management System” (CMS). I’ll be revamping the site one day, to take advantage of this functionality, but It will be a planned, staged retooling, as I see potential for dropping all the blog posts into thin air, if the right steps aren’t taken. I have a “sandbox” out there in the net, just so I can see what steps to take, in what order. Part of my self-educating process, so I can do it for clients.

Windows 7 is still doing well. I like it more and more. I still haven’t migrated my trusty workhorse, the laptop, but that is another staged, well planned event, so as not to come up saying “Hey! Where did ________________ file go?” Sort of like the locker room scene in “Top Gun,” where the “best of the best” discussed their first day of practice air combat maneuvers (ACM). That part of the locker room scene isn’t on YouTube…

There are a few notes from my world, to give you some insight into yours!

Tuesday Tech Tips

It’s not a good idea to go out “unprotected computing” these days. Like just about everything else mankind has invented, there are good uses (nuclear power – Lighting up a city) and bad uses (nuclear power again – Blowing up a city). The bad uses aren’t even to the users behind the keyboard of the computers these days, but those who infect your computer with many bits of code that are there to make your system work for someone else (mentioned a few Tuesdays ago regarding slow computers) or to steal your info.

One type of software out there that sucks people in is what I have termed “ScareWare.” Bad stuff at several levels…

Here’s what it looks like to you: you’re minding your own business, or reading everyone else’s on Twitter tweets, and all of a sudden, a windows appears in the middle of the screen with some ominous warning like: “YOUR COMPUTER IS INFECTED WITH SPYWARE/MALWARE/VIRUSES! – Click here to scan your computer.” You, being the concerned user you are, do that. Next, there are the normal downloading and installing software indications. You keep clicking the “Next” buttons until the process is complete.

A system scan begins, the “progress bars” show, the number of files checked the viruses (or what ever found) clicks up. Finally, the scan is done, and sure enough, there are things to be removed. You click to get rid of the problems and….yes, you get the dreaded “You must purchase this product to remove the _____________ click here to enter your credit card number.”

You’ve been had. At the top level, the software has most likely found some legitimate things on your system that do not need to be there, some of them rather benign, and you want them off. At another level, you now have a program that is installed and pretty much got into your system by false representations. Just about all of them I have run across do you no good.

In one case, the anti-virus software imbedded itself, didn’t appear on the list of programs installed, so you could remove it the normal way, and…the bonus “gotcha!” was you couldn’t log onto any of the sites to get the free software, or even the big name legitimate software to remove this alien being on your hear drive.

My advice, if you get the ScareWare installed and it begins to nag you, very heavily, make sure you save any and all data off your computer you wish to save for the future, because, I saw a case where the machine would just reboot every 5 minutes and all I could do was to completely reformat the hard drive and begin all over installing Windows.

Note: you must save it to a CD/DVD/USB drive, a back up/external hard drive to make sure you have it. Family pictures, work documents, resumes, address lists…etc. Gte them off, then try to root out the offending software.

Your first step: See if you can get on to www.symantec.com, or < ahref=”http://www.mcafee.com”>www.mcafee.com or www.lavasoft.com. If you can’t get them to come up without errors, then you have it bad and you should mentally prepare yourself for completely restoring your hard drive.

Next week more on how to do the best you can coming back from a close encounter with “ScareWare.”