If you get an email message from Adobe with the below text, it is real and not a hoax: 

More data and exact instructions on what to do you can find here: 

http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.html

So here I was, minding my own little business this morning, when I checked my email for the first time. As I went through the unread emails, I found one from “eFax Corporate [message@inbound.efax.com]”. I checked the detailed information about that email and it actually seemed legit. Kaspersky had labeled the email as probable spam, but that was it. Nothing else out of the ordinary. And of course, the email had an attachment, compressed. So I decided to look into it.

I raised all my defense mechanisms to the highest, and proceeded to decompress the file that came attached to that email. It turned out to be a program, not a document. I scanned it with Kaspersky. Came out clean. Next, and this is the kicker, I submitted the file to a website that scans it against FORTY SIX different antivirus engines. All the brands you might have heard about and then some. How many of these antivirus engines identified the file it as malicious? ZERO! NONE! Unbelievable. I’m not kidding. Look:

I started to think, maybe the file wasn’t malicious after all; Then I laughed at myself for thinking that. Since I felt a little lazy, rather than firing up my test computer to analyze the program behavior when opened in real time, I submitted the file to a service that does that for me online, and then emails me the complete analysis results. I got an email back and…

I’ll spare you the technical details but that little file reminded me of that scene in the movie Transformers where a cell phone is radiated with the special beam of energy that animates it and the cell phone transforms into this destroying little machine inside a secure container; It goes berserk. That program did all kinds of things, from creating files, to deleting the original program, establishing network connections, modifying  the registry, on and on. Definitely malicious.

This was the first time I’ve seen a program that is obviously malicious get a 0% rate of detection when scanned with those 46 antivirus engines. I had seen 6/46 or even 4/46, but never 0/46! Must have caught a really fresh one that no one has had the time to label as malicious and incorporate to the antivirus black lists so it gets detected.

But my point and the moral of the story is that, unfortunately, and as I’ve said in several occasions, traditional antivirus detection methods are just not enough to catch all malware anymore. It takes the full 4-prong security model laid out in my pivotal article, written a while back, to ensure the best chance at remaining immune to most attacks.

This infection can happen if you visit a malicious website, whether malicious because the creator intended it to be that way, or a legit website that has been compromised. In any case, you’ll see a big warning across your browser window that reads:

Warning! Critical Update!

And then underneath a button that reads “Install Update”.

Two things to be aware of. First, even if you don’t click on the “Install Update” button, you might see a download happening. Needless to say, don’t open that download. Second, if you try to just close the browser window, a pop-up will warn you that you cannot navigate away from the page until you install the update. This is done in such a way that it’s hard to actually close the window. If you are somewhat savvy, use the Windows Task Manager to kill the process that runs the browser window. If you don’t know what I’m talking about, either log off or restart your computer. That will force the window to close.

Hopefully you did not make the gargantuan mistake of opening the downloaded file to “update” your browser, because if you did, and you’re not properly protected, a program will be running in the background that is silently waiting to steal your passwords and send them over to the bad guys.

If you have proper protection in place, such as the model I laid out 4 years ago, you will be safe against this attack. I specifically tested this on a computer that had Kaspersky antivirus, Malwarebytes Anti-malware Pro, and AppGuard installed in it, and each one independently blocked or quarantined or deleted the malicious downloaded file.

And of course if all fails you can always contact me.

Kaspersky Internet Security, the antivirus security suite, includes as part of its features the possibility to create a “rescue disk”, which you can use to boot your computer with. in order to handle highly infected computer systems. In trying to use it, I ran into a snag in a computer. The rescue disk did not load successfully.

I searched for an answer to the problem and found this article: http://support.kaspersky.com/4124. It lays out what to do to gather information about the computer one is having trouble with, so the Tech Support staff can help resolve the situation. At the end of the article it says “Create a request to Kaspersky Lab Technical Support via the My Kaspersky Account service. Attach the created file to the request.” And so I did.

The response I got?

 1. An automated response.

2. An automated response based on the type of problem I chose during the creation of the request.

3. The following email: 

“Hello ,

Thanks for communicate with us and I apologize for the inconvenience. In your case read the instruction to check the options for this process and if you went thru and still having the issue I will recommend you to look for a tech service.

Thank you.”

4. When I replied stating I was still having the issue, and after A WEEK, I got this reply:

“Hello ,

Thanks for the response. I’m sorry but will be better for yu to take the computer to a computer technician.

Thank you.”

 I’m letting Eugene Kaspersky, the CEO of the company, know my thoughts about his company’s Tech Support division.

Unless you live under a rock, you no doubt have heard or read about the recent scandal involving the US Government in connection with a questionable surveillance program that has been going on for quite some time now. This scandal has prompted some people to ask me if there is a way to circumvent the current measures in place that allow for government agencies to tap into the content of your emails, etc.

The answer is NO.

Disheartening as this might sound, it’s the bitter truth. The purpose of this article, however, is to adjust the viewpoint of the public at large. You have to be aware that a plain email sent over the internet is potentially readable by a) The provider (Google, Yahoo, Microsoft, etc., and they at least normally search the contents of your emails for marketing purposes) and b) Uncle Sam (at least). So I would never write something in an email I wouldn’t mind other people than the recipient knowing about. 

Some savvy users might say, but what about encryption? If I send encrypted emails, only the recipient should be able to decipher them. While this is true to some degree, it would not stop Uncle Sammy from decrypting it, if he REALLY wants to know the contents of them.

At this point the battle could only be won at the legislative level. That’s the only way the game would change.

Back in 2009, when I wrote my pivotal article on which antivirus program is best (which still holds very true by the way), I mentioned the then current figures on new malware samples per month found by AV-test.org. Back then  it was a little over 1 million unique samples per month. The current figures? a bar graph is worth a thousand words (click on it for a bigger version): 

That’s about 5 million new samples per month!!

For data on what to do to stay safe and malware-free despite this rampant escalating numbers, see the article I refer to at the beginning of this one.

This is an old trick, but recently a new wave of attempts have surfaced on this. You’re visiting a website, and either a browser window pop-up message or a window embedded in the page you’re visiting tells you to update to the latest version of Flash Player. The fake windows are also getting better in quality and harder to tell from the legit ones.

If you don’t have Flash set up to update automatically, I encourage you to go straight to the source for updates: http://get2.adobe.com/flashplayer/. Do not act on any pop-up windows luring you to update your Flash Player.

Stay safe.

Several friends and associates have asked me about the “New Intel based PC’s are PERMANENTLY hackable” article available here: http://www.jimstonefreelance.com/corevpro.html (Note: you’re likely to get a little confused if you’re not familar with some of the terms in the article, so make sure you have a dictionary handy).

First of all, as noted in the title of that article, not all Intel CPUs are vPro enabled.

Secondly, for vPro to work it requires not only a compatible CPU, but also a compatible motherboard.

Third, there is a deployment/activation phase required for all this to work (although some computers might come enabled from the factory).

Fourth, the statement in the above article that “Core vPro processors work in conjunction with Intel’s new Anti Theft 3.0, which put 3g connectivity into every Intel CPU after the Sandy Bridge version of the I3/5/7 processors. Users do not get to know about that 3g connection, but it IS there.” is inaccurate. Intel’s Anti Theft technology can take advantage of 3G connectivity (3G: Abbreviation for third generation, it refers to the third generation of mobile telecommunications technology, like the technology that allows your cell phone to send and receive emails or access a website) only if the laptop has a compatible 3G connectivity card installed.

So what do all the above mean? Basically that the contents of the article are alarmist by not giving enough specifics, so it becomes a generality. The vPro technology, if enabled and in the wrong hands, sure, can be a security/privacy concern. But that’s hardly the conclusion one would reach if it only read the above mentioned article.

But just in case I’m off to polish my tin foil hat. 🙂

For a list of vPro ready computers (That could be subverted given the right set of circumstances) visit https://msp.intel.com/find-a-vpro-system

Unfortunate as it is, it’s a fact that email scams pick up over the holidays, so here’s a reminder to keep you safe.

These scams and malware campaigns may include but are not limited to the following:

• Electronic greeting cards that may contain malware
• Requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
• Screensavers or other forms of media that may contain malware
• Credit card applications that may be phishing scams or identity theft attempts
• Online shopping advertisements that may be phishing scams or identity theft attempts from bogus retailers

Use extra caution when dealing with these types of emails. Refer to this article on basic good practice points on accessing websites and handling emails. Make sure you have an up-to-date antivirus program. Keep your computer and all its different programs up-to-date for minimum vulnerability to attacks.

Happy Holidays from the Remote Help Expert.

This coming Tuesday the 13th – second Tuesday of the month as usual – Microsoft is releasing 6 updates affecting the different operating system plus Microsoft Office. Two of the six updates don’t affect Windows XP, but only Windows Vista and 7, and the other four affect all supported operating systems.

Four of the six updates are classified as “critical”, Microsoft’s top severity rating. One is classified as “important”, the next severity down, and one as “moderate”. Three of the updates will require a restart of the computer to finish the updates, the other three may require a restart.

On related news, Adobe, the makers of software such as PDF reader, Flash, and others, has announced that it will, from now on, match their update schedule to Microsoft’s. So from next month on, expect Adobe updates at the same time as Microsoft’s – on the second Tuesday of every month.

Finally, Google has released Google Chrome 23.0.1271.64 for Windows, Macintosh, Linux, and Chrome Frame (a plug-in for Internet Explorer)  to address multiple vulnerabilities.