Category Archives: Computer Security

Virus, malware in general and all evil programs, begone!

New Type of Infection Impersonates Windows Update

Updates in Windows 10 computers are known for installing automatically and now there’s a type of infection that will try to encrypt your files while showing a fake Windows Update screen like this:

Fantom_ConfiguringWindowsUpdate

 

 

 

 

 

 

 

 

 

The percentage counter does work (goes up) but is nonetheless fake.

Even though an effective antivirus solution should detect this type of infection, the best defense against this type of infection is to have a good backup plan, in case your files are indeed encrypted and need to be restored from a backup.

It cannot be overstated how key it is to have a good backup plan in place as the best defense against these types of infections.

 

 

 

FAKE Computer Support Services – Warning

Fake computer support services are not new, but their “infiltration” techniques have been improved, definitely. What do they do?

  1. They somehow attach themselves to legit companies, so you think you’re calling HP support, or some software brand because you’re having trouble, etc., but they are NOT part of that legit company. In the specific case I’m going to cover, they attached themselves to Kaspersky, the antivirus company.
  2. They convince the user to allow them access to the computer having trouble.
  3. They proceed to plant files that will allow them to “prove” the computer is having trouble and needs work.
  4. They try to sell a $250/yr support service using the scare tactic in point #3 above.
  5. They proceed to “handle” what’s wrong with the computer.

In this specific case, a user was having trouble renewing the antivirus protection (Kaspersky) and contacted what he thought was Kaspersky support, only to be met with someone with a thick Indian accent that started following the 5 steps above. One of the things he did, once he gained access to the computer in case, was plant a program that when run, would display the following message on the computer screen:

“Please Enter Your Product Activation Key”,” kaspersky Setup”

Once they key was entered, the fake program would display this message:

“Can not run setup. Windows is Infected. No Internet security Available. System Error Code: 3204. 808 Infected Programs. 1521 Malwares found in Win 32 network. Network Security and the computer with the network is getting compromised by the unknown locations. Try again after removing RunDLL files. ” ,0+16 , “Installation Failed”)

The above message makes no sense and it’s only aimed at getting step #3 above done.  But as you can see IT WAS TAYLOR MADE to prove to the user the specific problem had been found and needed handling.

Fortunately the user in question, while not supper savvy in computer matters, was smart enough to distrust the whole thing and ended up not buying the service and calling his trustworthy computer support guru, who straightened things out.

But this is a warning so that you are aware of this fake support technique and can recognize it if you see it.

Malvertising – What is it, How Does it Affect You

A word made from combining Malicious and Advertising, it basically means using online ads to spread malicious programs (malware) that can infect your computer.

You’ve probably seen the little ads on the sides of many websites you visit, be it Yahoo, Msn, youtube, facebook, and so forth. Those ads are the ones that potentially can be compromised, and made to deliver malware to your computer, even if you don’t click on the ads themselves. It is enough that they are part of the website page you are visiting and that the computer is vulnerable to the particular exploit being used to infect your computer. More about that below.

As a user, what you should know is that ultimately what malvertising like many other type of malware activity uses as the means to infect your computer is normally vulnerabilities in your programs, whether your web browser (Firefox, Chrome, Edge, etc) or one of its plug-ins, such as Flash, and so forth.

Malvertising has been in existence for a while, but the interesting aspect of it is that it has been in the rise as a method of delivering malware through websites and the internet.

What To Do

Because of the above you should:

  1. Make sure your software is kept up to date (since updates exist partially to patch earlier vulnerability holes that have been found in the specific program),
  2. Make sure you uninstall software you don’t use, and of course
  3. Have a well rounded security model in place, such as the one I’ve outlined in the past, which you can find here.

If you need help accomplishing the above, feel free to ask questions.

Fake Support Scams Continue

I’ve covered before the subject of social engineering. It’s important as it relates to you and the subject of computer security, and it’s still very prevalent as a main intrusion method used by the bad guys. They basically fool and make the user help them infect their own computer or allow access to it. That’s all social engineering is.

One of the latest most notorious methods are fake support pages that actually play a recorded message that can be heard through the computer speakers. Nothing to worry about – as long as you don’t follow any of the suggested instructions. Additionally, sometimes these pages that open in your browser are hard to close – they don’t respond to the normal methods to do so. So what do you do?

If you’re somewhat familiar with Task Manager in Windows computers, you can use it to end the application (in this case the web browser: Internet Explorer or Firefox or Chrome or Edge, etc.), although this method might make cause all tabs in the opened web browser to close as well. Nonetheless you might have to resort to that.

A more extreme method of handling this webpages that resist arrest is simply to shut down or restart your computer.

A malware check, just in case, might be in order after that.

Old Attack Method Revived to Steal Information

About 4 years ago, an attack method to reveal encrypted data that could be used, for example, to decrypt chat messages in Gmail or Facebook and many other “secure” connections on the internet, was uncovered. It was labeled CRIME (an acronym for Compression Ratio info-leak Made Easy). An offshoot of it was revealed in 2013, called BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext).

Those 2 attack methods have since been mitigated with subsequent updates on how encrypted traffic is handled by your browser, and a percentage of websites. But recently the BREACH attack method was revived. This was made possible because certain popular websites, like Facebook, have not really closed the door on the vulnerabilities that make the attack possible.

So careful with what you say in a Facebook or Google chat.

A chat application that doesn’t suffer from the above shortcomings? Wickr.

Review: VIPRE Antivirus

Back when Sunbelt Software (the company that created VIPRE) was still around, I used to use VIPRE antivirus for my computers and recommend it to others. At some point in 2012 I migrated off of it because the newer versions, under a different brand now (a company called GFI) had in my opinion become bloated and buggy. Back then I stopped recommending it, and over the last 3 years, I’ve run into several instances where VIPRE was behind a number of computers being slowed down by it.

After running more and more into this, and finally recently deciding to survey a number of readers and clients, I’m ready to recommend against using it at all. be it the 2014, 2015 or 2016 version.

Get something lighter and more effective. I personally use Kaspersky and have been using it since I phased out of VIPRE 3 years ago, and have not had any problems with it. Other users with different computer configurations might want to choose otherwise, but I definitely recommend against using VIPRE.

Ask me if you have VIPRE and want to try something else – I’ll recommend something tailored to your needs if you tell me about your computer system.

Holiday Online Shopping, Dos and Dont’s

It is a known fact that online shopping has been in the increase over the years. It is also a known fact that the Holiday season, starting very shortly, is the busiest shopping time of the year. Put those two facts together and it becomes obvious that the online shopping volume is about to experience a very high level.

This fact has not gone unnoticed by the bad guys. They are preparing too. Here’s a few tips to avoid this online shopping season spike a disaster for buyers:

  1. Careful when looking for deals through a search engine (like Google, Bing, etc). To the untrained eye, some of top search results might seem innocuous. But through what’s called Black Hat SEO techniques (SEO = Search Engine Optimization), scam websites can be brought up artificially in the search ranks,  which means they show first in your search results, and when the user clicks on that result, he can inadvertently land his computer on a malicious website that will attempt to infect it. So instead, try searching  by going directly to a known trusted store’s website and searching from within.
  2. Most users are familiar with pop-up ads. Be extra careful with pop-up ads announcing holiday season deals, and try to avoid the temptation of clicking on any. It’s another known method of attempting to make you land on a malicious website that will attempt through various methods to infect your computer or steal your information.
  3. Be alert for suspicious emails announcing deals with file attachments. The probabilities that those are malicious are mighty high. Discard them.
  4. Social media websites like Facebook, Twitter, and so on, will also experience their share of scams. The usual method is using compromised accounts to announce unusually tempting deals with links to take advantage of such. Stay alert and be aware of these.
  5. If you  know how to “turn up” your computer security setup, do so while doing online shopping. it might be the difference between successful online shopping and being the victim of online scams. Ask an expert if you need help upping your security level while doing online shopping.

Hope this tips help you have an uneventful holiday season online shopping experience.

 

Windows Updates, a Change in Perspective

This article is aimed mainly at users with computers running on Windows 7 (still by far the most used Windows Operating System currently). Users with computers running on Windows 8 can also somewhat benefit, and for those who have computers running on Windows 10, well, sorry but not much hope as far as this subject is concerned – I’ll circle back to that last statement in a bit.

Windows updates, as most users know, have been generally aimed at improving Windows in one of three aspects: Security, stability, or performance. The subject of this article is the user’s control over what updates are installed and when, and what the best practice on this is at this point. I’m going to sort of start backwards by first stating the conclusion: Turn Windows updates off. Or at least, set them to “Check for updates but let me choose whether to download and install them”.

Why

It seems Microsoft has recently engaged in a covert effort to gently coax Windows 7 and 8 users to upgrade to Windows 10, whether the users desire it or not.  The way this has been done is by introducing certain Windows updates that will “prepare” your system for the upgrade, download the necessary files to execute such upgrade, whether you want to upgrade or not.

As covered in earlier articles,  upgrading to Windows 10 might not be the best idea right now, so this becomes a problem.

Circling back to what I said in the first paragraph of this article, Windows 10 users are, for the most part, unable to turn updates off. Not a choice anymore. This, along with privacy concerns, a more aggressive cloud based approach, and the normal bugs that accompany a newly released operating system, are factors that have turned off a good percentage of potential users about the idea to embrace the new operating system.

I’ve been an advocate of installing ALL operating system updates to keep your computer in top shape. However in my opinion Microsoft has abused this line by introducing covert elements in updates to migrate users to a newer operating system independent of the users wish, thus this change of perspective.

What to do

As stated above, I’d recommend on an immediate basis to turn Windows Updates off. If you are an intermediate user you can set Windows updates to “check for updates but let me choose whether to download and install them” and then hand pick only the Security updates (those updates designed to patch security flaws in Windows), and pass for now on any others. But even that might not be enough since the updates that might have been already recently installed are already working in the background trying to make you upgrade to Windows 10.

If you need help reverting the effect of recent Windows updates in regards to upgrading to Windows 10, or have any questions on the subject, feel free to ask.

Beware of Online Scams, Fall Edition

It is Fall, but, well, don’t fall for it. These scams are still very much active:

If somebody contacts you by phone and states that he/she works with Microsoft or (any similar variation of it) and it’s been detected your computer is infected, needs handling, its firewall has been breached, etc., etc., IT’S A SCAM. Hang up.

If you are using your computer and browsing through websites and a pop-up window or a full window or the page you were trying to access turns into a window that says your computer is infected, and a number to call for help is given, or a link to download the tool you need to handle the infection, or something of the sort, IT’S A SCAM. Close that window at the very least. You might need to get your computer checked for any actual infections that produced that fake window in the first place.

Do not allow strangers access to your computer,  to your credit card information, or anything like it. Scams like the above abound these days. Don’t become a statistic.

If you have any doubts, you can always ask me.

What Is The Registry and If I’m Not Getting Married, Do I Need One? :)

Registry: In Windows computers, an organized collection of data, or database, where programs’ configurations and options are stored. Since first introduced with Windows 3.1 in the early 1990s, it has considerably grown in complexity and amount of data it stores.

The question in the title is obviously a joke, but now that we’ve disambiguated the term,  a more pertinent question is, does the normal user need to do anything about it, preventive or corrective maintenance wise? A big number of users may have heard or read about “Registry Cleaners”, which are programs with the stated purpose of keeping the registry in good operating shape.

The short answer to the above question is: it is arguable. A conservative version of the answer would be that at best, the top “Registry Cleaners” have a limited impact in the computer performance, and more often than not, they’re considered “snake oil”, in that the promoted benefits of such cleaners might be inaccurately high in modern Windows based computers.

To complicate matters, a number of fake programs claim to be registry cleaners while being actually malicious,  and utilize a combination of scare tactics and social engineering to confuse the uninitiated into allowing it to run or paying for the “premium” version to correct all the “errors” found in a scam, err, scan.

Make no mistake: The registry is a KEY element in a Windows based computer, and severe corruption of it can cause the computer to not work at all, and it’s one of the items backed up by mechanisms like System Restore, protected by some high end security suites to avoid changes that can affect the computer adversely, and, in some cases, careful and guided cleanup operations can be beneficial for the optimum running of the system. But it is doubtful that the average Registry Cleaner will have a significant positive impact in the registry and therefore the computer.