As I’ve mentioned before, rogue security/maintenance programs are programs that pretend to perform a valuable function, while in fact being malicious in nature. These kind of programs have been in the rise lately, so I wanted to give you a list of the latest names different rogue programs have been showing under. This is not a complete list but includes the main ones seen in the wild:

• Windows AntiHazard Helper
• Windows AntiHazard Center
• Windows Process Director
• Windows Guardian Angel
• Windows Software Keeper
• Windows Problems Stopper
• Windows Health Keeper
• Windows No-Risk Center
• Windows Antihazard Solution
• Windows Risk Minimizer
• Windows Managing System
• Windows Safety Tweaker
• Windows Tools Patch
• Best Virus Protection

The most common infection method is by visiting a malicious website or a non-malicious website that has been subverted to infect its visitors.

Removal procedure for these infection vary from one to the other, but generally speaking, if you see one of the above programs, 1) Know that whatever alert it might prompt you with is false and should be ignored, and 2) If you don’t know how to remove it yourself, contact an expert who can help you. Some of these are tricky and have a specific sequence of steps in order to remove them successfully without damaging your computer.

Microsoft will release this coming Tuesday the 13th, on its usual schedule (second Tuesday of every month), the monthly updates for its different software products. The batch will contain 6 updates, one of which has the highest severity rating – critical – belonging to the Windows operating system.

Last week Adobe released an update for Adobe Flash player. This latest version, 11.1.102.62, patches vulnerabilities that, if exploited, could allow an attacker to take control of the affected system.

Last week as well Google released Chrome 17.0.963.65, to address multiple vulnerabilities in the web browser. Notice that Flash in Chrome is embedded in the browser, so to bring Flash to its latest version all you have to do is update Chrome to the latest version.

Computers with their software up to date are the least likely to be affected by malicious attacks.

I always wanted to write a headline newspaper style. Seriously though, I’ve seen some news agencies and other doomsday style people write headings like this for this subject. Several people have asked me about this, so here are the facts:

1. There was an FBI operation called Operation Ghost Click that, back in November, took control of certain servers that were being used by a gang of cyber-criminals as Control and Command servers. This means malware was created that made the infected computers look for these servers when looking for the address of certain websites, and re-directing them to malicious ones. If your computer was infected, it was subject to this re-direction problem.

2. Those malicious servers, now in control of the FBI, have been kept running these last 3 months to avoid the infected computers, or computers affected by the infection, from being unable to access websites. But the servers are scheduled to be shut down on March 8.

3. if your computer is infected with the malicious software that makes it a slave of those servers, or if the settings changed by the malicious software are not corrected, the affected computers will lose internet connectivity when those servers are shut down.

That’s the basic story.

What to Do

Any good antivirus scan should detect the presence of the malicious software, called DNSChanger and labeled a Trojan (DNS: Domain Name System. See this article from last year if you’re interested in knowing what that is).

Even if the Trojan is removed, certain settings in your computer might still be crooked. Avira offers a repair tool for it. Click on this link to download it: Avira DNS Repair-Tool. Download it and run it to correct changed settings or simply to verify that your computer’s DNS settings have not been messed with.

If you need help with this, contact a computer professional.

This past Tuesday, as it’s done every second Tuesday of the month, Microsoft released its monthly updates, 9 of them. You can go to www.windowsupdate.com to download and install the latest updates, if your computer is not set to download and install updates automatically.

Adobe just released a patch for the latest known zero-day exploit: http://www.adobe.com/go/getflashplayer

Google Chrome version 17.0.963.56 was just released. Clicking on the wrench icon on the upper right of a browser window and selecting “About Google Chrome” will confirm you have the latest version or download and install it.

The Mozilla corporation released Firefox 10.0.1 to fix a security vulnerability: http://www.mozilla.org/products/download.html?product=firefox-10.0.1&os=win&lang=en-US

It is always recommended to keep computers up to date in their software patches, to avoid security risks that might end up in infected computers.

In my last article, a few days ago, I covered Symantec’s network being hacked back in 2006. One of Symantec’s products, pcAnywhere, was included in the list of programs which had its source code stolen.

In the most recent development of this story, now Symantec has released a technical white paper on the subject where it states “At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks”.

If  you have pcAnywhere installed in your computer, I recommend you disable or uninstall it altogether to avoid the possibility of it being used as an attack vector to your computer(s). Contact me if you need help with that.

The security software giant acknowledged last week that hackers had broken into its network when they stole source code of some of the company’s software.

At first, two weeks ago, Symantec spokesman Cris Paden stated a hacker made off with source code of Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, back in 2006. Cris otherwise downplayed the seriousness of the theft.

A few days later, however, Paden issued a revised statement, saying source code of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere, had been stolen.

Having stolen the source code for these products means hackers, malware creators and other scum of society can create malware that exploits vulnerabilities in Symantec’s software, thus making it easier to render the antivirus useless during a malware infection, or in the case of pcAnywhere (a remote access suite that Symantec sells), opening the door for unauthorized remote access to computers with pcAnywhere installed on it.

In the specific case of pcAnywhere, the hacker who is believed to be responsible for the source code steal announced a few days ago the code was being released to the “blackhat” community for free-for-all exploiting.

I personally don’t recommend Symantec products, and haven’t for a long time. But with these developments I’d really suggest to stay away or move away from Symantec products.

On the second Tuesday of the month, as usual, monthly Windows updates are being published. So that’s this coming Tuesday the 10th, at approximately 1 pm EST.

For being the first updates of the year, this batch is relatively bulky. Worth mentioning among the 7 security updates being released on Tuesday that patch 8 security bugs, is one labeled “security feature bypass”, a label never used before by Microsoft.

If you have automatic updates turned on, the only user intervention needed is a possible computer restart after the updates have been installed.

If you don’t have automatic updates turned on, it behooves you to get any and all outstanding Windows updates installed, including the ones being released this coming Tuesday. Software updates comprise an essential element in any sound computer security strategy.