Avoid Internet Doomsday: Check for DNSChanger Malware Now

Some background:
The DNS system is a network of servers that translates a web address — such as http://www.google.com — into the numerical addresses that computers use to locate actual websites, computers and servers. It is known as the Internet’s phone book, which translates URLs to the IP address for the server hosting the Web site. This is not only true for Web sites, but also for any other Internet-based service being used, including servers for e-mail, backups, synchronization, chat programs, and calendars AND antivirus programs to update themselves.

Back in November, law enforcement authorities working with the Federal Bureau of Investigation arrested six of the seven individuals in Estonia responsible for infecting millions of Windows and Mac machines worldwide with the DNSChanger Trojan. As part of the “Operation Ghost Click” raid, FBI agents also seized over 100 servers at data centers throughout the United States masquerading as legitimate DNS servers.

If the FBI were to simply shut down the DNS network, then the millions of computers that had been affected by the malware would instantly no longer be able to access the Internet, and given the scope of this malware infection, would suddenly cut off many and very likely have a notable negative impact globally. Being infected with the malware, these systems would not benefit from users checking for and changing their DNS settings, since the malware would continually revert it and thereby continually disrupt communications.

To prevent this, the FBI instead chose to keep the rogue DNS servers active and convert it to a legitimate DNS system for infected computers. Since November 2011, there has been a campaign by the government, security agencies and MANY high profile internet service providers (ISPs) to notify users of the DNSChanger malware and offer services to help users identify systems that are infected.

Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

To quickly and easily see if this may affect you and what you can do about it visit this site

Click on the link in the middle of the page and you will be notified if you are currently infected.

If you are infected/compromised you can visit this page for resolution tips and instructions.

Remember this trojan/virus will affect PC’s AND Macs. Better safe than sorry. Or you could always call me for a hou$e call when your system won’t connect to the internet.

You can read the FBI’s page here.

Google has one here

Facebook also has one here.

Another Flashback Variant – 2nd in two days!

Hey Mac users who still haven’t taken the hint and update your systems’ security there’s yet another version of the Flashback Trojan for you to enjoy.

It infects unprotected Macs in the same way Flashback.K did, through a Java applet exploit, and installs itself without the need of your password.
And, just as its predecessor, Flashback.K erases its footprints by deleting the Java cache and ensures its propagation by installing into the Java Update folder. You can read more here.

Apple released a Java patch in early April, as well as a Flashback removal tool, but clearly not all Mac users patched.

But many Mac users don’t even qualify for the patch—it was only available to systems running OS X 10.6 (from 2009) and later. Mac users running OS X v.10.5 and earlier were advised to disable Java altogether. WTF!! However, it’s quite possible that many users of these older systems just didn’t get the memo and are still running insecure software.

Here is F-Secure’s site that has the checker and removal tool. Check that out too. And please update your systems folks.

Windows AND Mac System Security News 04-12-2012

For OSX users:
Apple just released Java for OS X 2012-003, an update to the Java implementation in OS X. The update removes “the most common variants of the Flashback malware.” Check that out here. You should definitely update your Java NOW!

For Windows users.
It’s even scarier again. Trend Micro has found some scary ass Ransomware.

You can and SHOULD read the scary details here.

From TrendMicro’s blog, here is some of the details.

“We have encountered a ransomware unlike other variants that we have seen previously. A typical ransomware encrypts files or restricts user access to the infected system. However, we found that this particular variant infects the Master Boot Record (MBR), preventing the operating system from loading. Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code. Right after performing this routine, it automatically restarts the system for the infection take effect. When the system restarts, the ransomware displays the following message:

This message prompt informs affected users that the PC is now blocked and that they should pay 920 hryvnia (UAH) via QIWI to a purse number (12 digits) – 380682699268. Once paid,they will receive a code that will unlock the system. This code will supposedly resume operating system to load and remove the infection. This particular variant has the “unlock code” in its body. When the unlock code is used, the MBR routine is removed.

Bottom line PLEASE keep your security software, Operating Systems and Browsers (including and especially browser plug-ins like Java, Flash etc.) up to date and patched.

Peace.

Mac Fanboys and Girls let the terror start

UPDATE:

There is now a simple tool you can use to check to see if you are infected by this Trojan. So far they are finding more and more people with it!

The tool is called, appropriately enough, the FlashbackChecker tool. You can get that here. Download and run it and see if you are in the clear.

Note that FlashbackChecker can’t actually remove the Trojan, it can only detect it. So, if you or a family member does find it on their machine, you’ll have to go back and run those original terminal commands (from F-Secure’s site) to determine exactly what you need to remove.

—-

Mac Trojan is infecting LOADS of people!! OK now the terror starts for you fanboys (and girls). My last article told you of this Mac Trojan. Now it’s apparently infected at least 600,000 users so far (read here) and it’s terrifying everyone! It’s written in an unknown language, doesn’t even need your password to compromise you! Please read and take precautions.

It’s written in an unknown language, and doesn’t even need your password to compromise you, and.

For instructions on how to check for and how to remove it you can AND SHOULD go here. This is F-Secure’s site.

NO system that is connected to a network is EVER safe. It can only be made more secure. Don’t ever think you Operating System is your security; it’s not – YOU ARE!

Be safe out there people!

[side note: I wonder how many calls I’ll get about this and how to repair the damage? The compromised system I can fix – your emptied bank account I cannot. Just saying.]

New Flashback Trojan Infecting Macs NOW

A new Mac Trojan that can now infect your computer from little more than a visit to a website AND requires NO PASSWORD TO INSTALL is making it’s rounds and promises some scary things!

The exploit was patched in February for MS Windows systems, however Apple has yet to release one for OSX.
Read more about it here.

F-Secure has a method for checking for and removing the infection here.

So once again folks please do not be naive and think you are immune to attack simply because your Operating System is not MS Windows.

Be safe out there.

Cleanup or Refresh an iDevice and Properly Restore it.

I’ve recently had a few people who had some problems with their iPhones and asked for some help. They were all of a sudden unable to receive calls and texts reliably or at all and or were notified they were running out of space. All were instructed by Apple and/or their carrier (in all three cases it was AT&T but could easily have been others) that they needed to reset their phone to factory settings. Problem is that without properly backing up the device(s), settings, applications and files everything is wiped!

Fortunately it’s pretty easy to back up iDevices and reset them to factory settings then restore the user files and settings such as contacts, call logs and messages. However as I’ve mentioned before Media such as images/videos and other media can sometimes be wiped and lost.

iPhones also have this problem of ‘filling up’ with pictures and videos. The only way to get them off is to manually delete them individually from the phone – a real pain in the anus.

So back to my favorite iDevice backup tool – DiskAid. It has it’s own backup tool that can ‘override’ iTunes backup and works real well. I use it often but some people would rather just use DiskAid to ‘remove’ data from their phone and do their backups in iTunes. So I’ll show that here to show the steps I took.

Get DiskAid and install it on your PC or Mac. And please read my previous post in iDevice backups.

First I used DiskAid to copy all photos and data – Diskaid has the ability to actually ‘SEE’ your data and remove pictures, movies and other items taking up space on your phone.

clip_image002

clip_image004

This copied off the images and movies to the PC.

Then I deleted a whole bunch of images and movies that were still on the phone to free up loads of space.

clip_image006

clip_image008

Cleared up to

clip_image010

The ran the iTunes Backup too.

1. Connect your iOS device to a computer with the latest version of iTunes installed

2. Select your iOS device in iTunes under Devices

3. Right-click (or Control-click) the device and select Back Up

The full iTunes backup can take a while be patient!

clip_image012

Also make sure you ‘Transfer you purchased items to iTunes:

right-click (Windows or Mac) or Control-click (Mac only) your device in the iTunes Source list, then choose Transfer Purchases from the shortcut menu that appears.

clip_image014

Then right-click after that is finished and run the ‘Sync “iPhone” one last time for good measure.

Now to ‘clear and restore’ the device.

Click on the ‘Restore’ radio button and choose the last backup you just created. You will be prompted:

clip_image016

If you have completely backed up, transferred files and synced all should be OK.

clip_image018

clip_image020

clip_image022

clip_image024

clip_image026

When the restore process has completed, the device restarts and displays the Apple logo while starting up:
clip_image028

After a restore, the iOS device displays the “Connect to iTunes” screen. Keep your device connected until the “Connect to iTunes” screen goes away or you see “iPhone is activated.”
clip_image030clip_image032

Then to restore information from a backup connect your iOS device to the computer with which you normally sync then in iTunes:

Right-click (or Control-click) the device and choose Restore from Backup

Remember some of these steps can take some time – be patient!!

Your device should run much more smoothly after this.

Well hope this helps some. Peace out.

CCleaner for OSX out of Beta

I written previously about a great tool I regularly use for Windows PCs now being available to OSX called CCleaner here. The application is now out of beta and adds a full set of features! Yay!

With the full version CCleaner adds cleaning capabilities for Safari, Google Chrome, Opera  and Firefox. This final release for Mac offers cookie management – you can always keep all or some cookies for persistent logins where by default cleaning tool clears all cookies. It also features and improvements include: Repair permissions, Wipe free space,  stability fixes on 0.5  and 10.7.2, cleaning of Chrome’s omnibox and other minor  fixes. You can get it here or from the link in my previous post.

Another OS X tool updated for Lion

The folks at Titanium’S Software have a new version of a great tool out for the latest version of OS X – Lion. The tool is called ‘Deeper’. It gives you quick access to a number of Mac OS system options and tools that are normally buried in different utilities and menus. You can find the Lion version and versions that work on older OS X systems here along with Onyx for all versions of OS X.

As I have written about before, Titanium makes some great software. I put Onyx, a multifunction utility for Mac OS X, on every Mac I work on or own.  [Read more here]

The guys at Addictive tips have a super run down on how to use Deeper. You can read and should read about that here.

Also, all their software is FREEWARE!

Mac Maintenance and HDD updates/upgrade

[Updated 06-26-2011]

I just spent a few days doing lots of maintenance on a few Mac’s.
Cleaning up, optimizing and replacing one HDD for a new larger one.
So I thought I’d share what I do with my Mac’s to keep them running happy and having my data safe should there be problems to those of you ‘Mac-ites’ out there.
1st. Let’s clean up.
I install and use Onyx on all my Macs and those I maintain. It makes maintenance a BREEZE.
With Onyx you can do just about everything you need to do on a regular basis to keep clutter down and errors away.
Get it here.

Check out the AppCleaner application to completely remove applications – often installs put files into many other directories than just the applications folder! A great tool for removing leftover ‘gunk’.

I was going to go into some of the other steps I do such as removing unnecessary start-up items and removing unused apps but it looks like the folks at LifeHacker.com have put together a very good article on just that.
So to save the time of me just re-stating what Gina Trapani, founder of LifeHacker, has already said just go here.
The folks at Tested.com also have a good in depth article on how to manually do nearly everything you can do in Onyx. But I find Onyx to be fantastic.
As always make sure you have a good backup before you start messing with system settings!

2nd. Let’s clone/copy.

For backups most know I believe in Images(Clones), alone with periodic ‘file backups’. That way I’m protected against full drive failures/loses AND stupidity – accidentally erasing or overwriting files. 🙂
Imaging or cloning is the procedure by which you create a backup that is identical to a bootable system either to another internal or external drive. This is the ultimate backup! Should your drive fail you can just ‘pop in’ your cloned drive or ‘restore’ that clone to a new drive and your are up and running.
Good description here

Now to backing up and/or updating of a hard drive. By cloning the drive to a new (or back up one) you are creating an exact bootable copy of the original.

This is actually a very simple process that can be done without any 3rd party software on OSX!
I’ll explain how to do that in a moment, but there are some 3rd party tools that make it a little easier for the novice

Whether you are installing a brand new larger hard rive like I just did or making a clone to and external drive the directions are the same. [except of course if it is just a back up clone you won’t be ‘changing the start up disk’]

For the two Easiest ways to Clone (and also backup – remember images rule!):
Use SuperDuper Mac Drive Cloner. Get it here,
The application is freeware/shareware. Meaning to use the clone function it’s free but to use the advance scheduling features you will have to purchase a license. The call is yours.
I have always found it very worthwhile to own and support great utility software.

Or use Carbon Copy Cloner. Get that here. Read about it here. The latest version is fantastic. It’s now my go to OS X disk tool.

Now the no 3rd party software route.
You can do as I have done many times use OS X’s own clone/restore utility!

You insert the MacOS X 10.x install disk, boot from it, select Disk Utility from the Start menu, and choose the volume of the new Mac.
Then use the Restore tab, drag and drop the old drive as the source, and the new one as the target, and press the button.
Et voila!
After copying, just make sure that your new hdd (the clone) is set to be the start up disk.

You can then boot the new Mac with an exact clone of the old one.

Here’s how to use Disk Utility to clone and backup your hard drive in a little more detail using an install disk:
* Fire the Mac OS X disk that came along with your Mac.
To do this, insert the CD or DVD into your Mac, and hold down the C key while your Mac restarts.

[if that doesn’t work try these options:
# Restart your computer and immediately press the Option key. Icons for all available startup volumes will appear. Click the one you want to boot from, and then click the right arrow button to complete the startup process.
# Restart your computer and immediately press Cmd-Option-Shift-Delete. You must press all the keys at once. The computer will start to boot from the CD or DVD drive. If there isn’t a bootable disc inside the drive when you begin the reboot, the computer will attempt to boot from another partition or drive. ]

* Go ahead select your language. Don’t worry: You’re not installing Mac OS X again – this is just what you have to do to get to Disk Utility. When the menu bar appears, select Disk Utility from the Utilities menu.
* When Disk Utility opens, you’ll want to select your source. This is the hard drive you want to clone and/or backup. After you have a source, select the Destination. This is the hard drive you want to save the backup image to. * Click Restore and you’ll end up with a perfect copy of your hard drive.


Restart your computer and you’re good to go!

That’s it……

For backups there is also the included Time Machine application that ships with the latest versions of OS X. It is much improved from previous versions. It allows the user to restore the whole system, multiple files, or a single file. It works within iWork, iLife, and several other compatible programs, making it possible to restore individual objects (e.g.: photos, contacts, calendar events) without leaving the application. Time Machine is a backup utility, not an archival utility, it is not intended as offline storage. Time Machine captures the most recent state of your data on your disk. As snapshots age, they are prioritized progressively lower compared to your more recent ones.

Carbon Copy Cloner, SuperDuper and Time Machine are complimentary. Think of SuperDuper or CCC as your backup against catastrophe (drive-failure or theft) while your TM volume is a hedge against stupidity (deleting/overwriting important files, contacts, etc.).

One last utility that I’d like to mention is AppleJack.

AppleJack is a user friendly troubleshooting assistant for Mac OS X. With AppleJack you can troubleshoot a computer even if you can’t load the GUI, or don’t have a startup CD handy. AppleJack runs in Single User Mode and is menu-based for ease of use. Their main page is here.

The AppleJack download is here.

Peace and happy computing…..

Firefox 5 news

Today Mozilla released the Final version of Firefox 5 ahead of its scheduled date. It has been slated for official release next Tuesday June 21. If you’d like, you can get it now here:
Windows

Mac

Linux

Before installing I HIGHLY recommend backing up your complete profile. For that I use MozBackup on Windows. You can get the Windows install here

For other OS’s you can use FEBE
To install FEBE download the .zip file then rename it with a .xpi extension and open it with Firefox.

I would also recommend that you install the "Firefox Add-on Compatibility Reporter" to Firefox 1st too. Get that here.  This will keep unsupported or updated plugins/add-ins from crashing the browser and may let some of them work even if they are ‘not supported’.

So what’s new in Firefox 5?

  • Added support for CSS animations
  • The Do-Not-Track header preference has been moved to increase discoverability
  • Improved canvas, JavaScript, memory, and networking performance
  • Improved standards support for HTML5, XHR, MathML, SMIL, and canvas
  • Improved spell checking for some locales
  • Improved desktop environment integration for Linux users
  • WebGL content can no longer load cross-domain textures
  • Background tabs have setTimeout and setInterval clamped to 1000ms to improve performance
  • The Firefox development channel switcher introduced in previous Firefox Beta updates has been removed.

As with any new software be aware that some items may have changed locations and some Extensions/Add-ons may not function correctly or at all. So once again let me re-iterate – MAKE A BACK UP OF YOUR SETTINGS/PROFILE before installing!! You may also with to download the version prior to version 5 incase you have to uninstall version 5 and re-install your old version.
Windows:
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/latest-4.0/win32/en-US/Firefox%20Setup%204.0.1.exe
Mac:
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/latest-4.0/mac/en-US/Firefox%204.0.1.dmg
Linux:
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/latest-4.0/linux-x86_64/en-US/firefox-4.0.1.tar.bz2
For other versions and languages go here:
http://releases.mozilla.org/pub/mozilla.org/firefox/releases/latest-4.0/

Here’s to hoping that it proves to be a worthwhile upgrade!