Microsoft takes Antivirus/Protection to a new level

I no longer use any ‘always on’ third party Antivirus software on any of my Operating systems, and I haven’t for some time. I rely heavily on my expertise, current systems, and applications setups and experience to keep my self as protected as possible.

I realize that most users do not have the extensive training and skills that I do. So I recommend most Windows users use Microsoft’s built-in Windows Defender AV – it is surprisingly good. AND doesn’t jack up as many systems as do nearly all paid solutions.

Microsoft is now REALLY stepping up the game in system protection.

The HowToGeek has a superb article on this. Check it out.

More Scareware going around–Fake disk errors and hidden files.

More security news. There is another round of Scareware/Trojans going around that trick users into infecting their machines http://bit.ly/zqaBJK and then ransoming a fix for money.

This new threat, named "Trojan.HiddenFilesFraud.A" by Bitdefender’s researchers, hides all files and folders on your machine and disables some standard keyboard shortcuts so you can’t un-hide them. To further inflame your mania it displays error messages as-if from Windows reporting such worries as "damaged hard disk clusters." Disk scareware hides files.Just when your frenzy is at its peak, the fake disk repair tool goes to work. It busily spins and flashes and eventually reports a plethora of errors. Want the problem fixed? All you have to do is register… for $80. The worst of it is, even when you do register it doesn’t unhide your files. Pay $80 for the repair utility that will do absolutely nothing once purchased. The scam is done, the money is gone. And there is a good chance your credit card will be used for more fraudulent activity in the very near future!

It displays a fake ‘error’ and ‘fix window’ that if clicked on (EVEN TO CLOSE!!) actually infects the machine! The the user is supposed to be scared enough and convinced to reach for his pocket and 

Please keep your Anti-virus/Spyware application, Systems and especially your Browsers up to date! I have posted previously on how to ‘get out’ of this bogus application look here http://bit.ly/pUhosM and throughout my blog for MANY articles regarding security please check them out. Or you could just pay me to fix what you mess up for not following my advise. Smile

Be safe folks! Peace.

Latest Mac Malware news 06-04-2011

The Mac Trojan/Malware ‘MacDefender’ now calls itself ‘Mac Shield’.

The malware keeps changing names and looks but still is relatively the same as before. However it is still infecting loads of machines and is, in my opinion very dangerous; it lures users into providing sensitive financial information to thieves.

Sophos for Mac will remove it. (free) Get it here.

So will Virus Barrier Express from the Apple App Store; here. also free.

Here is my previous article too.

More Rogue Antivirus/Spyware infecting many!

Users are being ‘Tricked’ into infecting themselves with trojans/virus’
This has been used on probably 1.5 million websites!
And it is increasing! UPDATE! Here is even more evidence that this is HUGE!

I have written about this type of attack before and how to avoid it and stop the ‘infection’.
Please Read Here on that process.

The hack seeks to trick Web users into believing that their computer has been compromised by viruses and prompts them to download fake security software that itself causes further problems. [called a social engineering hack] Among the sites serving up the links to the fake software sites are some belonging to Apple and used on its iTunes store, though Apple is said to have cleaned up the affected code on its site.

For more information please read this too!!
Here is an excellent video showing how and what happens.

Mac OS X Trojan catches Sophos’ eye

Two very recent article point out what most security people know and the rest should knowNO technology, especially computers connected to any network, are completely secure!

An article here points this out:

"It appears there is a new backdoor Trojan in town and it targets users of Mac OS X. As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple’s increasing market share."

And from another one here:

"More than half of Americans believe that PCs are "very" or "extremely" vulnerable to cybercrime attacks, while only 20 percent say the same about Macs, according to this ESET survey.
(Credit: ESET)"

ESET released the results of a survey in November related to awareness of cybercrime in the U.S. The survey of more than 1,000 people found that while both PC and Mac users perceive the Mac as being safer, Mac users are victims of cybercrime just as frequently as PC users.

Meanwhile, Mac users are just as vulnerable to Web-based attacks like phishing as PC users are, and Mac users who fall prey to phishing tend to lose more money on average than PC users do, the survey found. "Viruses are a diminishing percentage of what we’re seeing," said Randy Adams, director of technical education at ESET. "A lot of attacks have to do with social engineering and that kind of attack is platform agnostic."

Please folks, practice safe computing practices. I’ve written extensively on that so I won’t go into that here, just search my blog(s) for security items.

For those of you that are interested in an antivirus product for Mac Eset makes a fantastic one. You can check it out here.

By the way Eset’s products are top notch! If I were to buy a security solution it would be theirs.

Keep safe folks.

More Maleware in the wild ‘E-Card’

Hi folks just thought I’d pass this on.
The folks at Shadow Server have found this propagating.
There are loads of new security threats – many using tried and true vectors.
This one uses the ‘E-Card’ email route.
One that STILL somehow get people! Please NEVER, EVER, EVER open up these type of links!
They often look like this.

botspam

Microsoft also has information on this latest threat here:

http://blogs.technet.com/b/mmpc/archive/2010/12/31/unhappy-new-year.aspx

Please folks be careful and exercise caution when opening email or ‘clicking’ on links. and  keep your systems up to date.

CheckPoint/Zone Alarm Lose with fake threat

I’ve written about this tactic before – using ‘rogue/fake’ threat or infection warnings to distribute REAL malware. This is one very effective way to get unsuspecting or untrained people to accidentally actually ‘infect’ themselves.

It now appears that a legitimate (using that word lightly now) company – CheckPoint, makers of ZoneAlarm is using the same tactic to ‘up sell’ their products to unsuspecting consumers. I hope others do not follow.

Please take the time to read this very short article.

At one time I used and recommended their products and most were quite good. In fact ZoneAlarm was one of the first ‘software firewalls’ I every used consistantly – over a decade ago.
However………

With this move CheckPoint has assured itself that it will be uninstalled and/or blocked on ALL of the machines (hundreds) I manage or have any influence upon.
I am passing this information to EVERYONE in my sphere of influence and I hope they do the same. Maybe even demand a refund pro-rata on any products they have installed.

Real D*%k move CheckPoint. See you later.

McAfee fix for killed XP machines

I am not a fan of McAfee security and AV products and haven’t been for years. Their software has become a huge drain on system resources and worse, seems to get more false positives than actually stoping malicious software. I highly recommend Microsoft Security Essentials. But if you are one of those that have had this issue I hope this helps.

McAfee recently put out an update that literally killed many machines.

If you are one of those people here is a possible solution.

1. If your computer is forcing you to shutdown (you are getting an error with a countdown), go to Start – Run and type cmd. At the command prompt type ‘shutdown -a’ without the quotes. [This will abort the Windows shutdown.]

2. Open up the McAfee console (Start -> Programs -> McAfee)

3. Disable Access Protection and On-Access Scanner

4. Double click your Quarantine Manager in that window, and restore the files there (right click on it and select restore).

5. Go to your services console (right click on My Computer, select ‘Manage’, and click on the services in the left pane). Make sure both RPC (Remote Proceedure Call) services are running.

6. Start (or restart if already running) the McAfee Framework service.

7. Back in the McAfee console, select Tools -> Rollback DATs.

8. Reboot and you should be all set.

Here is McAfee’s own solution:

http://vil.nai.com/vil/5958_false.htm

Security Threat News

I have mentioned many times before of the need to update your computer Operating Systems, Anti-Virus and Anti-Spyware applications.

But I also must mention again to please update your applications as well – ESPECIALLY ADOBE PRODUCTS.

A 2009 Global Threat Report from ScanSafe, a Cisco company, shows that in the 4th quarter of 2009 80% of all web-based exploits were malicious PDFs! It’s not surprising that the PDF number is large, but this number is so large it’s hard to believe, especially in as much as Flash exploits were 18%!
Those are some frightening numbers!

PDFs and Flash are ground zero for malware on the web these days. Just by keeping up to date on your client software you can protect yourself against almost all of it.
Here is the advisory from Adobe.

Users should update to versions 9.3.1 or 8.2.1, the links to which are in the advisory. Alternatively, you can “Check for Updates” in the Help menu.

Here we go again – Spyware and bogus Antivirus

Folks,
I can’t stress enough the importance of keeping your Operating system patched, up to date and running the latest versions of available applications – especially web browsers!
Several new threats are emerging that are taking advantage of the fact the people are running outdated and un-patched software. Some of the latest hacks have involved un-patched Adobe Acrobat and old un-patched web browsers – IE 6 and Safari. There is no reason to NOT have the latest web browsers and have them patched. I run Firefox primarily myself, as I have mentioned, but always keep all of my browsers (IE, Firefox, Chrome and Opera up to date)

As I have said before never, never and never..
Download supposed toolbars or video player or helpers…that a site says are ‘required’ to…whatever..
These are nearly always ‘trojanware’.
If you need to ‘install’ a special toolbar to ‘play games’ or ‘view a file’ or what ever you can be assured that someone is using that download to ‘view/own’ your system.
Are those ‘smileys’ worth having your entire system compromised or corrupted? I don’t think so.
If you use P2P software Limewire, Gnutella, KaZaA, Napster, BearShare, MySpace, torrents or even some Facebook ‘Apps’ you can expect, repeat EXPECT, to get infected by malicious software! There is no such thing as free ‘premium’ software. If software that normally cost from a vendor somewhere else is ‘found’ for free, you can expect you’ll get what you pay for. We don’t get it in the ‘real’ world why do people continue to believe that it will occur in the cyber world?
Here is an article on some people tricked by the old ‘social engineering’ scam to do just that.
Here is a good article on ‘Scareware’ – essentially it is a ‘social engineering’ tick to get you to install actual spyware/trojanware!
People are hit with this from many sites all the time, and end up screwing themselves to the stoneage.
Please take the time to read this information and how to protect yourself.

The one thing this article doesn’t really explain is how to ‘get out’ of the pop-up hell.
It is simple.
1st.

DO NOT CLICK ON ANY POPUP

WARNING WINDOW TRYING TO

CLOSE/EXIT!!!.
This will infect you!

Press the Ctrl+Shift+Esc keys at the same time (all on the left hand side of the keyboard).
This will bring up the ‘Windows Task Manager’ see attached screen capture.

From here click on the Microsoft Internet Explorer or Mozilla Firefox running ‘Task(s)’ and then click on ‘End Task’. It is wise to End Task ALL of them.

This kind of ploy gets MANY users!
I just the week have had three – count them 3 different people get caught by these methods!!
After closing the pop ups via the task manager run CCleaner BEFORE you open any browser again. If you have followed my previous advice you already have this installed and run it everytime you close your browser.
Please re-read these posts for more information on protecting yourself from malicious software.

Here

And Here