More Scareware going around–Fake disk errors and hidden files.

More security news. There is another round of Scareware/Trojans going around that trick users into infecting their machines http://bit.ly/zqaBJK and then ransoming a fix for money.

This new threat, named "Trojan.HiddenFilesFraud.A" by Bitdefender’s researchers, hides all files and folders on your machine and disables some standard keyboard shortcuts so you can’t un-hide them. To further inflame your mania it displays error messages as-if from Windows reporting such worries as "damaged hard disk clusters." Disk scareware hides files.Just when your frenzy is at its peak, the fake disk repair tool goes to work. It busily spins and flashes and eventually reports a plethora of errors. Want the problem fixed? All you have to do is register… for $80. The worst of it is, even when you do register it doesn’t unhide your files. Pay $80 for the repair utility that will do absolutely nothing once purchased. The scam is done, the money is gone. And there is a good chance your credit card will be used for more fraudulent activity in the very near future!

It displays a fake ‘error’ and ‘fix window’ that if clicked on (EVEN TO CLOSE!!) actually infects the machine! The the user is supposed to be scared enough and convinced to reach for his pocket and 

Please keep your Anti-virus/Spyware application, Systems and especially your Browsers up to date! I have posted previously on how to ‘get out’ of this bogus application look here http://bit.ly/pUhosM and throughout my blog for MANY articles regarding security please check them out. Or you could just pay me to fix what you mess up for not following my advise. Smile

Be safe folks! Peace.

More Rogue Antivirus/Spyware infecting many!

Users are being ‘Tricked’ into infecting themselves with trojans/virus’
This has been used on probably 1.5 million websites!
And it is increasing! UPDATE! Here is even more evidence that this is HUGE!

I have written about this type of attack before and how to avoid it and stop the ‘infection’.
Please Read Here on that process.

The hack seeks to trick Web users into believing that their computer has been compromised by viruses and prompts them to download fake security software that itself causes further problems. [called a social engineering hack] Among the sites serving up the links to the fake software sites are some belonging to Apple and used on its iTunes store, though Apple is said to have cleaned up the affected code on its site.

For more information please read this too!!
Here is an excellent video showing how and what happens.

Mac OS X Trojan catches Sophos’ eye

Two very recent article point out what most security people know and the rest should knowNO technology, especially computers connected to any network, are completely secure!

An article here points this out:

"It appears there is a new backdoor Trojan in town and it targets users of Mac OS X. As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple’s increasing market share."

And from another one here:

"More than half of Americans believe that PCs are "very" or "extremely" vulnerable to cybercrime attacks, while only 20 percent say the same about Macs, according to this ESET survey.
(Credit: ESET)"

ESET released the results of a survey in November related to awareness of cybercrime in the U.S. The survey of more than 1,000 people found that while both PC and Mac users perceive the Mac as being safer, Mac users are victims of cybercrime just as frequently as PC users.

Meanwhile, Mac users are just as vulnerable to Web-based attacks like phishing as PC users are, and Mac users who fall prey to phishing tend to lose more money on average than PC users do, the survey found. "Viruses are a diminishing percentage of what we’re seeing," said Randy Adams, director of technical education at ESET. "A lot of attacks have to do with social engineering and that kind of attack is platform agnostic."

Please folks, practice safe computing practices. I’ve written extensively on that so I won’t go into that here, just search my blog(s) for security items.

For those of you that are interested in an antivirus product for Mac Eset makes a fantastic one. You can check it out here.

By the way Eset’s products are top notch! If I were to buy a security solution it would be theirs.

Keep safe folks.

CheckPoint/Zone Alarm Lose with fake threat

I’ve written about this tactic before – using ‘rogue/fake’ threat or infection warnings to distribute REAL malware. This is one very effective way to get unsuspecting or untrained people to accidentally actually ‘infect’ themselves.

It now appears that a legitimate (using that word lightly now) company – CheckPoint, makers of ZoneAlarm is using the same tactic to ‘up sell’ their products to unsuspecting consumers. I hope others do not follow.

Please take the time to read this very short article.

At one time I used and recommended their products and most were quite good. In fact ZoneAlarm was one of the first ‘software firewalls’ I every used consistantly – over a decade ago.
However………

With this move CheckPoint has assured itself that it will be uninstalled and/or blocked on ALL of the machines (hundreds) I manage or have any influence upon.
I am passing this information to EVERYONE in my sphere of influence and I hope they do the same. Maybe even demand a refund pro-rata on any products they have installed.

Real D*%k move CheckPoint. See you later.

Security Threat News

I have mentioned many times before of the need to update your computer Operating Systems, Anti-Virus and Anti-Spyware applications.

But I also must mention again to please update your applications as well – ESPECIALLY ADOBE PRODUCTS.

A 2009 Global Threat Report from ScanSafe, a Cisco company, shows that in the 4th quarter of 2009 80% of all web-based exploits were malicious PDFs! It’s not surprising that the PDF number is large, but this number is so large it’s hard to believe, especially in as much as Flash exploits were 18%!
Those are some frightening numbers!

PDFs and Flash are ground zero for malware on the web these days. Just by keeping up to date on your client software you can protect yourself against almost all of it.
Here is the advisory from Adobe.

Users should update to versions 9.3.1 or 8.2.1, the links to which are in the advisory. Alternatively, you can “Check for Updates” in the Help menu.

Here we go again – Spyware and bogus Antivirus

Folks,
I can’t stress enough the importance of keeping your Operating system patched, up to date and running the latest versions of available applications – especially web browsers!
Several new threats are emerging that are taking advantage of the fact the people are running outdated and un-patched software. Some of the latest hacks have involved un-patched Adobe Acrobat and old un-patched web browsers – IE 6 and Safari. There is no reason to NOT have the latest web browsers and have them patched. I run Firefox primarily myself, as I have mentioned, but always keep all of my browsers (IE, Firefox, Chrome and Opera up to date)

As I have said before never, never and never..
Download supposed toolbars or video player or helpers…that a site says are ‘required’ to…whatever..
These are nearly always ‘trojanware’.
If you need to ‘install’ a special toolbar to ‘play games’ or ‘view a file’ or what ever you can be assured that someone is using that download to ‘view/own’ your system.
Are those ‘smileys’ worth having your entire system compromised or corrupted? I don’t think so.
If you use P2P software Limewire, Gnutella, KaZaA, Napster, BearShare, MySpace, torrents or even some Facebook ‘Apps’ you can expect, repeat EXPECT, to get infected by malicious software! There is no such thing as free ‘premium’ software. If software that normally cost from a vendor somewhere else is ‘found’ for free, you can expect you’ll get what you pay for. We don’t get it in the ‘real’ world why do people continue to believe that it will occur in the cyber world?
Here is an article on some people tricked by the old ‘social engineering’ scam to do just that.
Here is a good article on ‘Scareware’ – essentially it is a ‘social engineering’ tick to get you to install actual spyware/trojanware!
People are hit with this from many sites all the time, and end up screwing themselves to the stoneage.
Please take the time to read this information and how to protect yourself.

The one thing this article doesn’t really explain is how to ‘get out’ of the pop-up hell.
It is simple.
1st.

DO NOT CLICK ON ANY POPUP

WARNING WINDOW TRYING TO

CLOSE/EXIT!!!.
This will infect you!

Press the Ctrl+Shift+Esc keys at the same time (all on the left hand side of the keyboard).
This will bring up the ‘Windows Task Manager’ see attached screen capture.

From here click on the Microsoft Internet Explorer or Mozilla Firefox running ‘Task(s)’ and then click on ‘End Task’. It is wise to End Task ALL of them.

This kind of ploy gets MANY users!
I just the week have had three – count them 3 different people get caught by these methods!!
After closing the pop ups via the task manager run CCleaner BEFORE you open any browser again. If you have followed my previous advice you already have this installed and run it everytime you close your browser.
Please re-read these posts for more information on protecting yourself from malicious software.

Here

And Here

 

Anti Virus/Anti Spyware Suite Shootout Results

Here are the results of a very well done study on the effectiveness of current anti-virus/anti-spyware suites.
Review of the review here.
The top of the current list is Nortons latest suite.
They did not test Microsoft’s new/updated foray into this arena – their Freeware solution;
Microsof Security Essentials.
As I have mentioned previously I have been a fan of Norton for a while. They have done a good job of reducing the memory and process footprint compared to previous editions.
I am however very impressed with Microsoft’s Security Essentials application.
I recently had a collegue who’s systems was infected and Norton AND Trend Micro could not effect a solution.
But Security Essentials DID!
I think it is a good free solution and worth checking out.
Keep safe out there.

More on Antivirus software

I’m really impressed with Microsoft Security Essentials. It’s very minimalist but it gets the job done. It’s very fast to scan your computer and it isn’t constantly bugging you to ‘renew your subcription’.
Microsoft Security Essentials is the newest addition to Microsoft’s computer protection software. It replaces the Windows Live OneCare subscription service and Windows Defender by providing more comprehensive coverage than either of the two originally provided. Microsoft Security Essentials is free for all Windows users and provides protection against a variety of threats including viruses, malware, adware, and spyware.

Although I still use Symantec Corporate (and other Anti-Spyware solutions – me paranoid) on most of my machines I have been using this on Windows 7 and think it is a GREAT free alternitive to the expensive ‘bloatware’ AV solutions out there now. The only ‘caveat’, if you can call it that, is your system must pass ‘Microsoft Genuine Validation’. I hope all your machines do already, they should. But there is always that chance your operating system was not properly licensed by your OEM or you license key was mistakenly blacklisted.

You can get it here:
http://www.microsoft.com/Security_Essentials/default.aspx

Be safe out here.

Bogus and Malicious emails

Here is a reminder.

Let’s all keep ourselve and our data and systems safe.
I have just recently seen numerous emails comming in supposedly from UPS containing trojan/infected files!!
If you are not expecting and ‘EXPLICIT’ file in an email from a TRUSTED person.

DO NOT OPEN/RUN OR DOWNLOAD IT!!
Info on some here.

Legitimate vendors – eBay, ups, fed-ex amazon etc. will send you notice that you have invoices, receipts, shipping info etc. ready for you viewing.

BUT do not click on links provided in emails requesting personal information – they can contain links to bogus/phishishing sites! [sites that mask as legitimate but instead ‘steal/get you to give them your personal information]

If the email is from a true valid vendor you should be able to go to the appropriate vendor site by typing in the web address into your web browser and logging into your account and checking ‘messages/status etc.

I have spent a lot of time recently cleaning up systems that people inadvertently infected with spy ware/malware. And by trying to ‘fix’ the problem by themselves many of these folks have only infected/wrecked their machines more dramatically.

There are LOADS of malicious emails out there claiming to be ‘security updates/upgrades’ or Outlook system updates etc. that are cleverly (dastardly actually) masked (spoofed) as comming from within your organization, or some other trusted entity (often Microsoft).

Here is a good article on what some of these look like. Here is another. And still another.
You get the idea I hope.
They vary but the result is the same – you infect your system and your entire network with a ‘backdoor’ trojan.
These types of emails are very dangerous ‘phishin’ attacks designed to place a trojan silently onto your machine.

Once again please NEVER click on a link with in an email! From anyone.

The safest thing to do is call the person suposedly sending the email and verify it’s validity, or simply type the address directly into your browser.

As always I hope that any of you who read this have current Antivirus and Anti spyware software installed and most importantly keep them updated daily. And have them currently running.
While there may be advertisements listed on my site for anti-spyware and anti-virus protection, I can’t always control who or what they are for. I can however, recommend the links below.
My recomendations are as follows:

For a very, very good Antivirus and spyware solution (and free at that):

http://free-antivirus.eeye.com/

Their solution – Blink is fantastic.

You may also have Symantec/Norton, McAfee or AVG installed – Great!! but is it updated daily?

http://www.symantec.com/business/security_response/definitions.jsp

http://us.mcafee.com/virusInfo/default.asp?cid=45702

http://www.grisoft.com/us.download-update

Another super free and great anti-spyware is Spybot Search and Destroy (Spybot S&D;).

I have used this to successfully fix/repair dozens of machines.

Beware though there are many ‘bogus/extortion’ appliations that are trying to trade off the ‘Spybot’ name.

The home to the one and only freeware SpyBot Search & Destroy is:
http://www.safer-networking.org/en/spybotsd/index.html

And a very highly rated anti-spyware package by PCWeek is Spyware Doctor. Not free but worth the price:
http://www.pctools.com/spyware-doctor-antivirus/

Portable tools for Procuctivity and System Recovery

I have a few custom bootable USB recovery sticks containing Hiren’s Boot CD, UBCD4Win and ERD that have recovery consoles along with a WinPE (Mini XP) environment that I use to recover and repair all sorts of Windows issues.
On my USB drive I have loaded hundreds of applications; some for use in the WinPE/Recovery mode (AV/Antispyware system and Troubleshooting apps) and many, many more for use in ‘tweaking/setting up’ a proper secure system.
I also use both of these two tools listed below; sometimes in the PE environment and also in Windows.

Even if you don’t have (need or want) a bootable USB recovery stick, these two utilities – Liberkey and NirLauncher – are fantastic tools to have on a USB drive.

Both give you tons of ‘portable applications’ you can bring with you to any Windows machine. Just plug in your USB drive and you can access loads of portable applications.
Liberkey:
http://www.liberkey.com/en/les-atouts-majeurs-de-la-liberkey.html
Download:
http://www.liberkey.com/en/download/6-liberkey-ultimate/
Nirsoft Download and integration information:
http://blog.nirsoft.net/2009/10/04/beta-version-of-nirlauncher-package-is-available-to-download/

Hiren’s:
http://www.hirensbootcd.net/
To creat a bootable USB drive with Hirens:
http://www.hirensbootcd.net/usb-booting.html
UBCD4Win:
http://www.ubcd4win.com/
UBCD4Win to USB:
http://techacs.blogspot.com/2008/10/putting-ultimate-boot-cd-for-windows-on.html
http://www.youtube.com/watch?v=jdIKHdcMA0Y

http://ubcd4win.com/forum/index.php?s=11a797e9a1ce62fe41be3e3f6b14237a&showtopic;=10411

Please note if you are going to create and use Hiren’s or UBCD4Win and create a bootable USB drive you must read and follow the directions from Hiren’s and/or UBCD4 Win’s sites.
The have listed the how to’s now in great detail. And there is plenty more info available by just checking their forums and of couse Google.
If you don’t understand all of what is required or just ‘can’t do it’ – do not even attempt it.
You may end up doing something real silly like formating your hard drive or worse some one else’s!!
Also beware if you are not sure what you are doing or are not COMPLETELY versed in all of the the recovery and system tweaking applications listed you may also kill your macine or someone else’s.
If you do hose something DO NOT CRY TO ME!
YOU ARE WARNED!