Category Archives: Computer Security

Virus, malware in general and all evil programs, begone!

Who Profits from Malware Attacks?

Computer Security

Every now and then I’ve heard the conspiracy theory that Antivirus vendors are the ones behind the creation of malware, for they are the obvious ones to profit from its existence.  That theory misses the mark – by far.

Not necessarily known to everybody believing or supporting that theory, is a whole sub-culture connected to the creation of viruses, worms, and other types of malware. Cyber-crime, cyber-gangs, cyber-mafia! terms coined in recent years to describe said sub-culture. What are they? who are they? where are they? what do they do?

Very simply put, cyber-crime refers to crimes perpetrated through the use of a computer. There is people who dedicate themselves to discover exploits that allow unauthorized access to a computer or its data for criminal purposes, there is people who sell kits that allow cyber-criminals to create malware for the same purpose. There is people who sell the information so unlawfully obtained, or the ability to target a computer network or a website and render it useless (cyber-mafia). And the grouping of said people  in an organized crime fashion is a cyber-gang.

Where are they? based on general consensus from security companies such as Trend Micro, Panda Security, Symantec and others, there is a big portion of it in Eastern Europe and China. Based on an analysis of the geographical source of most of the attempts to write spam type comments in my blog or hijack attempts towards it, I’m going to have to agree with that assessment.

The purpose of this article is not to alarm anybody, but more to raise awareness on the nature of the bad hats behind your potential computer infection. This is a trend in the rise, and one that is not likely to fade away any time soon.

My advice? have a good antivirus solution installed, develop good internet surfing and emailing habits, and always stay alert at signs and symptoms of an infected computer. And of course if everything else fails, ask an expert for help.

Good Surfing and Emailing Habits

Computer Security, Technical Tips

Consist of:

  • Never disclose personal information in response to an email request or an online pop-up message. Banks and other companies never request sensitive, personal information such as account details and Social Security numbers over the Internet. They are also unlikely to request you call a phone number provided in an email to verify information. Instead refer to phone numbers on your financial statements or on the back of your credit card and only share credit card details with reputable online retailers and auction sites. These organizations typically provide secure internal message centers or transaction histories to check for important correspondence and transactions. Avoid using public or shared computers when accessing financial accounts or conducting online transactions and exercise caution when using a PC in a wireless hotspot.
  • Avoid solicitations for donations. Limit online charitable donations to organizations you know and trust. Common donation scams  include foreign lotteries, the Nigerian email scam, cure-all products, debt relief, and anything promising an unbelievable return on investment.
  • Patch Windows and keep all applications up to date. Cybercriminals target vulnerabilities in the most popular applications and operating systems. For this reason, apply security updates not only on operating systems but to all often-used programs. Also, apply security updates to third party software, which can act as an attack vector for malware even when your operating system is fully patched. Enable automatic updates whenever possible.
  • Click only on links and email attachments from known and trusted sources. If an email seems suspicious, consider that a friend’s email account may have been compromised or spoofed. With cybercriminals targeting many popular social networking sites, you cannot always ensure that your friends are truly sending an email. Run a virus scan on a suspicious attachment and check the URL with a web reputation service. Or consider calling the sender by phone if you are unsure.
  • Avoid clicking on any link displayed as a numeric IP number, rather than a domain name.
  • Disable browser scripting and avoid downloadable widgets wherever possible. Many web-based attacks use various scripting languages to run infectious programs in a browser or use downloadable widgets to execute infections locally.
  • Download software from trusted web sites only. Free games and file-sharing software may come bundled with malware. Be cautious when downloading applications on social networking sites. The applications may be harmless but may be easily compromised.
  • Monitor where external devices are used and update all security software to combat potential threats. Digital picture frames, iPods and other MP3 players, PDAs, USB sticks, flash drives, digital cameras”all these devices can harbor malware that can cripple a home network.
  • Lock your mobile phone to prevent data theft or the installation of spyware or other unscrupulous applications. Also, delete text messages from unknown senders and download ring tones and games only from legal, official web sites. If an application appears to be infected, delete it immediately. Change Bluetooth settings to non-discoverable or hide to avoid attempts to pair or connect with a mobile phone or device propagating a virus. Also, when using Bluetooth, be careful when accepting files to avoid possible infections or viruses. If a mobile phone becomes infected, turn off all Bluetooth functions so malware on the phone cannot locate new targets and reflash your device to return it to factory settings.

Signs and Symptoms of an Infected Computer

Computer Security, Technical Tips,

With nowadays’ new trend of stealthiness in computer attacks, it behooves the common user to be aware of the subtle indications that tell his/her computer might be infected. That is the purpose of this article.

These are all signs of a possible infection:

1. Your computer slows down without any apparent reason.

2. When you try to go to a particular website in your web browser, it re-directs you to a different one.

3. Random pop-up windows while surfing the internet.

4. Your installed antivirus solution is not working properly or cannot update.

5. Your web browser’s homepage has changed “by itself”.

6. The default search engine in your web browser has changed “by itself”.

7. Web pages are unexpectedly added to your Favorites folder.

8. Your web browser cannot access any websites, yet the computer is connected to the Internet.

9. The computer cannot access certain websites (especially if they’re computer security companies’ websites or the Windows Update website).

10. Your computer screen displays a skull and two bones flashing with a red background and a window that says “You’re infected!” (joke)

There are some others, but the above covers the main ones.

What to do? of course, if you can, run a scan with your current installed antivirus solution. Sometimes doing a System Restore to an earlier point to the perceived date of the infection might do the trick.

Beyond that, look for specialized help. You can always contact me for help in asserting whether or not your computer is infected, and in removing any existing infections.

How Much Security is Enough Security?

Computer Security, Technical Tips

A contact of mine asked me what did I think about RoboForm, a password manager and web form filler solution. My answer was:

It definitely beats having your browser save your passwords in an unencrypted fashion.

Cyberspace security measures are similar to those of the real world. You can put a 4 ft. fence around your house. But some people can jump that. You can raise it to 8 ft. Still some people can jump it, but this time is less people. You can add barbwire to the top of it. Less likely people will jump it. You can electrify it, put trip mines and crocodiles around it… you get the idea. The security measures will however always be breakable. The question is, how much of a profitable target are you? the higher the value, the higher your defense system needs to be. Again, this mirrors real world situations. In the cyber-security world, there are ways to hack into your computer without even knowing the access passwords. Those are however advanced techniques and the ordinary home user is unlikely to become a target of those who can do that, simply because there is not much profit in it compared to other potential targets.

My point is the answer to your question is, RoboForm is the 8 ft fence, more or less. Better than most people have – 4 ft fences, or no fences at all! You just have to have higher security than the average user, and the probabilities of being the target of an attack will decrease simply because there are all those other people with much lower security standards. It’s like if you and a friend are running away from a bear. You don’t have to be faster than the bear – you just have to be faster than your friend 😉

That was a fun rootkit

Computer Security, Technical Tips,

 A young friend of mine asked me recently for help with his computer as it was behaving strangely, with Google search results coming out weird, unable to access certain websites, antivirus wouldn’t update, and so on. I immediately assumed the system was compromised, and guessed it was a rootkit.

Set out to uncover it, I used one of Mark Russinovich’s (that sellout that works for Microsoft now – just kidding! hope you can set Windows 7 right from the beginning!) wonderful tools, and in a few minutes the evidence of the existence of a rootkit popped up in plain view. Having identified the enemy, now it was just a matter of coosing the right tool to destroy it. Had to use two of them actually – this rootkit was very resilient, trying to get around its removal with various clever techniques.

But in the end I was able to remove it and voila! antivirus was able to update itself, no more denied website access, Google searches coming out the way they should.

Since the current day trend defining characteristic of malware is stealthness, rootkits are becoming more and more popular. More computers are infected than their unsuspecting users think.

is your computer infected? contact me and find out.

Conficker/downadup/kido worm – detection and removal tools

Computer Security, Technical Tips, , , , , , ,

Being as it is that one of this worm’s characteristics is to block access to security websites, this post is to help circumvent this problem. If your computer is infected or you suspect is infected, here’s a number of free detection and removal tools that deal with this infection. Click on the appropriate link to download to your computer. Double click on the file and follow the instructions:

BitDefender Single PC Removal Tool: Removes Downadup from a single PC

McAfee Detection Tool: It can detect if any of your computers is infected in a network

Symantec Removal Tool: Symantec’s W32.Downadup/conficker removal tool

Sophos’ Network Removal Tool: Sophos’ Conficker clean-up tool to remove Conficker from an infected network

Sophos’ Standalone Removal Tool: Sophos’ Conficker clean-up tool to remove Conficker from one or more single computers

Contact me if you need help using any of these utilities.

Conficker virus – Are you infected?

Computer Security, Technical Tips, , , ,

How to interpret:

If you see this above: It probably means this:
All images displayed = Normal/Not Infected by Conficker (or using proxy)
Security/AV logos not displayed = Possibly Infected by Conficker (C variant or greater)
Some security/AV logos not displayed = Possibly Infected by Conficker A/B variant
No images displayed = Image loading turned off in browser?
Any other combination = Poor Internet connection?

Explanation:

Conficker (aka Downadup, Kido) is known to block access to over 100 anti-virus and security websites.

If you are blocked from loading the remote images in the first row of the top table above (AV/security sites) but not blocked from loading the remote images in the second row (websites of alternative operating systems) then your Windows PC may be infected by Conficker (or some other malicious software).

If you can see all six images in both rows of the top table, you are either not infected by Conficker, or you may be using a proxy server, in which case you will not be able to use this test to make an accurate determination, since Conficker will be unable to block you from viewing the AV/security sites.

If you are indeed infected, follow this link for some detection/removal tools:

http://remotehelpexpert.com/blog/?p=98

Let me know if you need help with this.