Archive for Exploits

Steps to help prevent infection on your computer

Here are some tips for PC and Mac users alike — and smartphone users, too. Though there are “few” Mac viruses in the wild, there are plenty of unscrupulous programmers and con-men spreading free fraudulent software and malware.

Take the following steps to help prevent infection on your computer:
  • Enable a firewall on your computer.
  • Get the latest computer updates for all your installed software.
  • Use up-to-date antivirus software.
  • Limit user privileges on the computer.
  • Use caution when opening attachments and accepting file transfers.
  • Use caution when clicking on links to webpages.
  • Avoid downloading pirated software.
  • Protect yourself against social engineering attacks.
  • Use strong passwords.
Let me elaborate on a few points:
Get the latest computer updates

Updates help protect your computer from viruses, worms, and other threats as they are discovered. It is important to install updates for all the software that is installed in your computer. These are usually available from the providing company’s website. The following are programs I recommend updating straight from the source:

  • Adobe (www.adobe.com):
    • Flash
    • Acrobat Reader
    • Air
    • Shockwave
  • Java (www.java.com): Check this one monthly.
Use up-to-date antivirus software

Most antivirus software can detect and prevent infection by known malicious software. To help protect you from infection, you should always run antivirus software. If you have a “subscription” for update service, make sure you renew annually. Antivirus, contrary to popular belief, is not free-for-life.

Use caution when opening attachments and accepting file transfers

Exercise caution with email and attachments received from unknown sources, or received unexpectedly from known sources. Use extreme caution when accepting file transfers from known or unknown sources. When in doubt, reply to the sender, assuming it is someone you know, and confirm that they meant to send you the attachment. It’s possible their computer is infected and sent you the file without their knowledge. I’ve seen this happen several timers in the course of a year.

Use caution when clicking on links to webpages

As above: Exercise caution with links to webpages that you receive from unknown sources, especially if the links are to a webpage that you are not familiar with, unsure of the destination of, or suspicious of. Malicious software may be installed in your computer simply by visiting a webpage with harmful content.

Avoid downloading pirated software

Threats may also be bundled with software and files that are available for download on various torrent sites. Downloading “cracked” or “pirated” software from these sites carries not only the risk of being infected with malware, but is also illegal. For more information, see ‘The risks of obtaining and using pirated software‘.

Protect yourself from social engineering attacks

While attackers may attempt to exploit vulnerabilities in hardware or software to compromise a computer, they also attempt to exploit vulnerabilities in human behavior to do the same. When an attacker attempts to take advantage of human behavior to persuade the affected user to perform an action of the attacker’s choice, it is known as ‘social engineering’. Essentially, social engineering is an attack against the human interface of the targeted computer. For more information, see ‘What is social engineering?‘.

Use strong passwords

Attackers may try to gain access to your Windows account by guessing your password. It is therefore important that you use a strong password – one that cannot be easily guessed by an attacker. A strong password is one that has at least eight characters, and combines letters, numbers, and symbols. For more information, see http://www.microsoft.com/protect/yourself/password/create.mspx.

Google’s Malware Alert


Many news media outlets have been making it sound like Google was accidentally spreading malware. Even the Wall Street Journal said “One Million Google Users Hit with Malware”.

Actually, Google was just notifying people that it had detected malware on their computer. Google’s system wasn’t actually searching your system — which would be an invasion of privacy — but it was detecting a specific malware program that is known to redirect traffic to Google’s systems.

In other words, Google was detecting software, other than the users browser, which was communicating with Google’s servers.

I have yet to learn what the purpose of this malware was, but I have some thoughts on it. It may have been trying to burden Google’s servers with additional traffic. Or it may have been targeting Google’s ad network.

I suspect if they were targeting the ad network they might be trying to make fraudulent clicks on the pay-per-click Adsense and Adwords network. If you’ve seen “Ads from Google” on a web site, such as the ones you see on this blog, then you should know that Google pays the site owner every time someone clicks on an ad. This is usually just a few cents, but they can add up. The fraudulent clicks take money from the advertiser and Google.

Any software that can compromise Google’s Ad network would affect Google’s reliability and reputation. Since ads are Google’s big earner they can’t allow that to happen.

So while the Wall Street Journal reporters in the video above think Google could be come a first line of defense against malware, Google was just watching out for themselves and their advertisers.

Updated Posts: AntiVirus for Mac; Sneak Peek Sale

Back in Dec. 2008 I wrote a post titled Apple Encourages AntiVirus Use for Macs?! I updated the article today to include links to the latest AntiVirus and AntiSpyware applications for the Mac. If you still believe that Macs are invulnerable to viruses and spyware, then you may be interested in knowing that Apple has added anti-malware features to their latest Mac Snow Leopard operating system. See Dan Moren’s report at PCWorld on the Hidden Malware Features of Snow Leopard. I mentioned some risks to Mac users in recent weeks.

I also updated the links in my Jan. 2009 post about sale items on Buy.com. I’ve crossed out the items that are not available. I’ve updated the links and proces on the items that are available. It’s a useful link because many of the items have become very affordable.

Avoid Trickery on Facebook and Twitter (pt. 1)

The popularity of social networking sites like Facebook and Twitter has created a malicious hacker wonderland. A fantastic place for them to exploit the users of those sites. Their goals? To infect computers with malware, trojans, and viruses. There are a variety of exploitative programs out there. Some obtain personal information, sometimes voluntarily, sometimes through nefarious means, while others transform a computer into remote-controlled “zombie” machine.

Why do people fall prey to these schemes? Because they lack (1) anti-virus and (2) malware protection programs on their computers; amd they lack the skills necessary to spot and avoid the potential risks. Free service and the ease and seeming anonymity of point-and-click make increase the chances they will lower their guard.

Malicious Hackers Top Tricks

Hijacking Twitter’s Trending Topics. This technique has become popular in the last three months. Basically, hackers create new Twitter accounts and then post messages related to whatever the trending or “hot” topic of the day may be.  As a result, the post gets included in Twitter search results. The hackers message includes a link or web address that they hope unsuspecting users will click and explore. The link, unfortunately, leads the user to an infected website.

Hijacking Legitimate Accounts. This works on Facebook, Twitter, and any communications website such as Yahoo! mail, Hotmail, and Gmail, to name a few. Here the hacker breaks into legitimate accounts. Once in, they start sending out messages on that account. The messages, as above, include links to malicious and/or fraudulent websites. Since the tweets, posts, or emails come from a legitimate and trusted account the established base of friends and followers is more likely to respond. On Twitter, this makes it more likely that others will spread the seemingly legitimate message from a known and trusted source. This increases the range or “reach” of the threat.

ReputationDefender.comDangerous Email. Another method of encouraging social networking users to click malicious links is the timeworn technique of sending “spoofed” email. In this instance, the hackers create messages that appear to come from a social networking site like Facebook or Twitter, and even MySpace. The messages asks that you to “update your account” or open an attachment.

Tomorrow: 8 Safety Tips for Social Networking

Avoid Trickery on Facebook and Twitter (pt. 2)

Last week I discussed some of the recent tricks being exploited by hackers on Facebook and Twitter. These tricks can be harmful to your:

  • personal identity
  • your personal finance
  • and your online reputation

These risks come from: 

  • malicious links in tweets and posts
  • account hi-jacking
  • and email spoofing

How To Stay Safe

To better avoid the risks and dangers of social media sites you should employ these best practices as much as possible. You may already be following many of these, but it is best to review them and keep them fresh. Iften we follow the safest road, and when no dangers seem apparent, we can get lulled into a false sense of security and let down our guard. Or in this case, our computer guards.

  1. Don’t assume a link sent or posted by a friend is “safe”: Your friend may have lowered their defenses, or not exercised caution with their online activity. As noted earlier, your friend’s account could have been infected, hacked, or hi-jacked. You may want to contact your friend first and check with them if the link is genuine. Many times I have found that they received the link from someone else, and just forwarded it assuming it was safe. They didn’t know that the friend be fore them hadn’t investigated the link either.
  2. Don’t assume a message from a friend is “safe”: Does the message sound like something your friend would actually say? Have they spoke on the subject before? Perhaps their accound has been hi-jacked. One of my own email accounts got hijacked this past summer, and the hacker sent messages from my account saying I was in need of money. One of my friends, believing I was in danger, sent $600 cash.  If you’re unsure, try to contact them through another channel. In my situation, many of my other friends sent me texts and made phone calls to me to check it out.
  3. Don’t assume Twitter links are safe just because Twitter scans for malware: In August 2010, Twitter partnered with Google to use Google’s Safe Browsing API. This technology checks URLs or web links against Google’s blacklisted sites. This prevents spammers from posting malicious URLs to Twitter, but it does NOT prevent them from using shortened address services such as bit.ly or tinyurl.com.  Hence….
  4. Don’t Assume Bit.ly and TinyURL Links are Safe: These legitmate address shortening service make it easy to convert long web addresses into short addresses. Bit.ly, in particular, is Twitter’s address or URL shortening service partner. Bit.ly, too, uses Google’s Safe Browsing API and two other blacklists to identify malicious links. BUT although the service doesn’t prevent users from posting these links, it will warn you when you click that the site being linked to is infected. BUT they’ve been known to miss a few according to various anti-virus services such as Kaspersky. As we’re learning, nothing online is ever completely safe, but then again, is anything ever?
  5. Use an up-to-date web browser: There are dozens or more browsers to choose from. There’s Microsoft Internet Explorer, Mozilla Firefox, Apple’s Safari, AOL’s online software, Opera, Google’s Chrome, and many more. They are periodically updated and “patched” by their respective companies. Hackers will find flaws in these programs that can be exploited. That means Internet Explorer users, the most frequently attacked, should be on IE8. Firefox is number two on the hitlist, but it alerts you when an update is available (if you have the most recent version that is). The same goes for Google’s Chrome browser.
  6. Keep Windows and Mac O/S up-to-date: As always, Windows users should make sure their systems are current with the latest patches from Microsoft. Automatic updates should be turned on. Mac issues updates periodically, too, though not as often as Microsoft.
  7. Keep Adobe Reader and Adobe Flash up-to-date: Since Microsoft, Apple, Google, and Firefox have been so diligent with updates, patches, and security; hackers have set their sights on these programs. A lot of malware exploits known vulnerabilities in Adobe’s software packages. One common attack from hackers directs victims to malware-infected sites that request you update your Flash or the Adobe Reader in order to view content on the site. DON”T DO IT using their links!  Instead, go directly to Adobe’s site (www.adobe.com) on your own and download the latest version. Why not do that right now? Go ahead, I’ll wait here.
  8. Don’t assume you’re safe because you use a Mac: Didn’t I hint at this on number 5 and 6? It’s true, Mac users are less “targeted” than Windows users, but they’re not immune. The truth is there are fewer Macs out there, so they present a smaller target, so hackers are less likely to attack them. But as they grow in popularity then get targeted more and more. Popular public opinion has it that Macs are invulnerable to viruses. This isn’t true. As a matter of fact, Apple has started to include some malware protection in their latest operating system, but it only protects users from two attack forms. There are currently several hundred attacks out there that specifically target Apple computers. The true number may be larger, but since so few Mac users use anti-maleware protection software, it’s hard to tell what the actual figure is.
  9. Beware of email messages from social networks: Email addresses can be “spoofed” by hackers, so you can’t assume a message from Facebook or Twitter is really from those sites. Don’t open attachments you’re not expecting, and be wary of clicking on links that request you “update your account.” And if you do click, and you arrive at a page that asks you to log in, DON’T.  You could be delivering your personal account info into the hasnds of a hacker. Instead, always access your favorite sites directly by “typing” the URL or web address into your browser or clicking in with your Bookmarks or Favorites.

As I mentioned before. many of these practices are the same ones you should already be following from earlier risks. Hackers tend to elaborate on pre-existing schemes and attack forms, and so you should elaborate on pre-exisiting safe practices.

So always keep your computer and browser up-to-date, and don’t open attachments. PLUS don’t assume your friend has been playing it safe either.  How often do we talk with friends about updating somputers and anti-virus programs? Not often, right?

But we should because malware hackers are getting trickier, and know they are seeking to use the trusted identities of our friends on Facebook and Twitter, to lull us into a false sense of safety. So use caution when friends send or provide links. Specially if it is out of the ordinary for them. After all, the risks aren’t on Facebook and Twitter, but in the sites they link to.

Watch the connections.

Conficker Virus Begins To Attack PCs

I was reading about the Conficker virus on Shawn’s Technology Blog. He says that a report from Reuters says the Conficker virus — which was supposed to activate on April 1st — has slowly started activating on computers by installing spyware and turning them into spam servers.

Conficker is also known as Downadup and Kido, and it also installs a second virus called Waledac.

Reuters mentions how the computer worm began spreading late last year, and how it was designed to respond to commands from a remote server. This army of slave computers infected with the worm controlled by a remote server is called a botnet.

Furthermore, Vincent Weafer, a vice president with Symantec Security Response, makers of Norton Antivirus, has reported that recently the unknown controllers of this remote server have begun using a small percentage of the computers they control to upload ‘malware’ and ‘spyware’. One such piece of malware is the Waledac virus which installs itself on the infected computer, and then uses the computer to send out spam email messages promoting a fake anti-spyware program.

Meanwhile, Shawn’s technology Blog is very wisely recommending that computer owners keep your Windows software up to date by visiting the Windows Update web site. He also recommends you install anti-spyware software such as PC Tools Spyware Doctor. I strongly agree with his recommendations, and have done so frequently in this blog. I also recommend you install an antivirus program such as Alwil’s free Avast! antivirus program. Yes, you read that correctly, Avast antivirus is free. I have been using it on all my computers for several years now.

http://www.pctools.com/free-antivirus/

There is a free version of Spyware Doctor available from Google which does a good job of removing spyware, but for real time protection against spyware you should purchase Spyware Doctor. If you don’t have an antivirus program, you might also consider downloading Spyware Doctor with AntiVirus.

Have a question about spyware or viruses? Then why not post a Comment or Question with the link below.

Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with Skylarking’s email form.

Woops! 11,000 free pizzas from Domino’s

dominosHere’s a little news story I caught during my lunch break. Too bad today’s Friday, and not Monday.

It seems that, back in December, D0mino’s was considering an online coupon offer for ordering pizzas through their web site. The idea was that you’d be able to enter the coupon code — “Bailout” — at checkout, and get yourself a free medium pizza if you drove over to your local Domino’s to pick it up.

Nice deal for the consumer, but here’s the problem for Domino’s.

It seems they were only considering the “Bailout” coupon campaign, AND decided NOT to go ahead with the campaign, BUT someone at Domino’s had programmed the coupon code into the system already, and forgot to, or didn’t, remove it. So the code was in the system, BUT there was no ad campaign anywhere promoting the coupon code.

So Domino’s Pizza had an unapproved coupon code lurking in their system. A coupon code that should have been removed from the system because the campaign had never been approved. Free pizzas were just waiting in the computer.

Then just a few days ago someone in the Cincinnati area, we don’t know who, was on the Domino’s Pizza web site buying a pizza and they just decided to try entering “Bailout” in the coupon code space. Probably as a goof. It was just a random thing. They had no knowledge of the code, supposedly, they just thought they’d try entering the word “Bailout” in the coupon code box on the web site and see if anything happened.

And something happened. They found out they could get a free medium pizza, if they went to their local Domino’s Pizza to pick it up.

Then this person, or someone they knew, started telling people, probably friends, about this coupon code, how to use it, and what they’d get for it; and the word spread like wildfire.

One franchise owner, John Glass, who owns 14 Domino’s Pizza stores in the Cincinnati area, says that by late Monday evening his stores had given away 600 free pizzas. That’s a lot of dough. (Domino’s says they will reimburse Mr. Glass for his losses).

Overall, the report has it that around 11,000 free pizzas were given away before the coupon code was deactivated on Tuesday morning.

You can read the original news report I found at MSNBC, and you can also read one web page that was promoting the secret code at Rick Broida’s “the cheapskate” column over at CNET.com.




Got a story to share? Have a question? Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with Skylarking’s email form.

Truth About Email Petitions

I received the following question just last night:

I received an email telling me that email petitions and chain letters use tracking software and cookies to collect email addresses from anyone who receives that email message. I was also told that email petitions aren’t acceptable by congress like a signed petition would be. Are both these items true?

Well, the first is false, and the second is true.

Tracking Emails and Tracking Software

The only way an email can be tracked is from one sender to the first recipient. If I send an email message to a friend, it is possible for me to be notified when they open the message. If my friend forwards the message to someone else, there is no way for me to tell that has happened; nor is there any way for me to receive the email address of that second recipient, or any recipient after that. So, no, there are no tracking programs of this sort.

BUT, Remember the concept “Six Degrees of Separation”? Erase email addresses before forwarding a message

The idea of “Six Degrees of Separation” says that everyone is 6 steps away from any other person on the planet. Which in my way of thinking means that we are all six steps or less away from a spammer. The problem here being that when people forward an email message they usually leave any previous email addresses in the message, too, plus most people add new addresses of their own when they forward the message. The best practice here is after you click FORWARD and before you click SEND make sure you erase/delete any email addresses that appear within the email message. That is, just before you click SEND, read through the message and erase any email addresses you find in the message. If you don’t, you never know who in the chain knows or is a spammer.

BCC: Blind Carbon Copy Hiding Email Addresses

When you are sending an email message to multiple recipients, use the BCC or Blind Carbon Copy feature to address your message. That is, use BCC instead of TO. An, if your email software says, “At least one recipient is required in the TO field”, then put your email address in the TO field, and everyone else in the BCC field. The BCC field hides the email addresses from the recipients. When the sender uses the BCC field to address an email message, the recipients of that message will see “undisclosed recipients” in the TO field or elsewhere in the message. If you can’t find the BCC feature in your email software, contact your email service provider and have them tell you how to access it. Or you can contact Skylarking and I will help you find the feature.

Email Petitions Don’t Work

That much is true. A genuine petition requires signatures and street addresses. Anyone can type a list of names and email addresses into a petition, but there is no way for the recipient to prove or disprove that those people participated in or knew about the petition. It is best that each individual person email or contact their representative directly, and not as part of some long list of names in an email message. Additionally, you wouldn’t want to include your street address in such a petition, since you never know if that message might eventually end up in the hands of a spammer or an identity thief. After all, most acts of identity theft are performed by the victims friends, co-workers, and family members.




Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

Emergency IE Patch Released Today


Microsoft typically releases its updates on Tuesday evenings, but today they will be issuing a special patch specifically for Internet Explorer. The patch will be released at 1:00 PM EST. Windows XP users can get the patch downloaded and installed by going to http://windowsupdate.microsoft.com/. Windows Vista users can get the patch by either by going to http://windowsupdate.microsoft.com/ or by clicking “Windows Update” on their Start menu.

What’s the patch for?

The patch fixes a flaw which allows thieves to remotely take over a computer and steal passwords and — potentially — financial information.  The scam works by secretly planting malicious code on hacked Web sites.  The code causes Explorer to crash briefly, then allows thieves to take over the infected computer. Microsoft said one in every 500 computers that use Internet Explorer — up to 2 million computers worldwide — may be infected.

Initially the problem was though to be unique to the current IE7 browser, but it has since been discovered to exist in versions as old as IE5, and even in the upcoming IE8 browser.

Is this a virus?

No, this isn’t a virus. This is an “exploit”.  There is a flaw in the programming of a specific area of the Internet Explorer’s code. It is connected with a HTML web site programming tag called “span”.   The flawed code mishandles the span code, and there are programmers out there exploiting this flaw. The patch fixes the flawed code.

Also, Symantec, the makers of Norton Internet Security and Norton AntiVirus released antivirus signature “Bloodhound.Exploit.219” and “IPS signature 23241 – HTTP MSIE Malformed XML BO” to protect users against this exploit. These updates were released on Decmber 10, 2008. Yet another reason to keep your anti-virus software and subscription up-to-date.

How Do I Update My AntiVirus?

Norton updates can be found here.
McAfee users can use the Virtual Technician here.

Be aware, if you renew your antivirus subscriptions every year, then your computer is likely to be protected already. Modern antivirus programs update automatically at least 4 times per day so long as your computer is connected to the Internet.

My AntiVirus Is Fine, Do I Need The Patch?

I strongly encourage you to download the patch. Multiple layers of protection work better that single layers.


Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

Spam Dropped Last Week. Are You A Victim?

You may or may not have heard the news last week, but spam traffic dropped by 50 to 70 percent last week after two Internet Service Providers (ISPs) cut off Internet access for hosting company McColo in California last week.

If you’re not familiar with these terms, a hosting company provides computer service and equipment for other companies and individuals. A hosting company typically offers storage service for email and web sites. An ISP provides companies and individuals with access to the Internet.

Spyware Doctor Free Scan

In last week’s case, McColo, a hosting company with locations in Delaware and California, was providing hosting services to several companies and individuals who used the McColo’s computers to distribute viruses and spyware via spam and harmful web sites. Many of the sites and messages dealt in pharmaceutical drug sales and child pornography. These companies were paying McColo for the use of their computers, and despite the illegal activity McColo ignored it.

McColo’s host computer center in San Jose, CA was connected to the Internet via several Internet Service Providers.  Two of the providers took it upon themselves to deprive McColo of Internet access and shutdown the Internet connection. Within seconds the level of spam traffic worldwide dropped by 50% to 75% according to several spam watchdog services such as Spamhaus.

Consumer Risks: “XP AntiVirus Protection” and “AntiVirus 2009”

If you downloaded either of these two programs then you can probably count yourself among the victims of this incident. “XP AntiVirus Protection” and “AntiVirus 2009”were fraudulent programs distributed by several companies and individuals who were provided hosting services by McColo.

Update Jan. 2010: As a computer service professional I receive two calls for help per week to remove spyware and fraudulent anti-spyware programs. Best Buy’s Geek Squad wants $200 — $300 to remove spyware and viruses. My recommendation, purchase Spyware Doctor(at right) for only $39.95 and protect up to 3 computers. It’s the real deal. It’s downloadable, and not available in stores. Only have one PC? Then ask a friend and/or relative if they’d like to split the cost with you.

Below are sample images of the two most common fraudlent (anti-)spyware programs circulating the web. The call them “spyware protectors” some times. Sadly what these  scammers are saying is they “protect the spyware” and not your computer.

AntiVirus 2009

AntiVirus 2009

XP AntiVirus

XP AntiVirus

Help Yourself, Help Your Computer

If you downloaded either of these fraudulent programs you should remove them immediately. To do so:

  1. Click Start > Conrol Panel
  2. Click or double-click “Add/Remove Programs” (In Vista and Windows 7 its called “Programs and Features”)
  3. Locate and click each of these programs on the list and click “Remove” or “Uninstall” for each one found.

After removing these programs, go purchase Spyware Doctorto remove any traces of these programs and the harmful software they may have added to your computer. I recommend Spyware Doctor from PC Tools—hands down—over any other antispyware software you’ll find.



Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.