Monthly Archives: December 2010

Fake Defragmenters

Computer Security, Glossary

A relatively new addition to the family of fake malware, fake defragmenters pretend to handle file fragmentation in your hard disk drive, while actually just infecting your computer. Because of their Modus Operandi, they could loosely be classified as ransomware. But what’s new about these is the fact that they don’t pretend to clean your computer from viruses like the fake antivirus programs. Instead, they pretend to optimize system performance.

Depending on the specific type that might have infected your computer, if might exhibit ransomware-like behavior because it might pretend, at the end of the “optimization” that the only way to handle the errors found is to purchase the full version of the program, and will not allow access to your data until you do so.

If it doesn’t behave like ransomware, it at least behaves like scareware, i.e. it will keep popping up messages to the effect that problems found will not be resolved until full version of the program is paid for, and it will tell you your computer is at risk, but it doesn’t particularly hold the data in your computer ransom. It just gets in the way of the normal operation of the computer, and in many cases, it might disable your installed antivirus program, to prevent eradication.

The preferred method of infection used by these fake defragmenters is through malicious websites that will attempt to infect your computer as soon as you access them.

A good, up-to-date antivirus should be able to detect and prevent infection from the relatively recent ones. It’s the really recent ones that might get your computer, which will always be the case with the most recent pieces of malware: antivirus programs that depend on signature files (virus definition files) will always be at risk to miss the most recent infections. This is why, once again, a good security system contains several layers, as explained here.

Be aware of which legit programs are installed in your computer, so you can easily identify a rogue/fake program that is trying to fool you into helping it further infect your computer. And ask an expert if in doubt.

Problems With Outlook After installing Windows Update

Technical Tips, ,

I was minding my own business on my computer today when I noticed two emails in my Outlook 2007 outbox, seemingly stuck and going nowhere. I checked to see what the problem was and got this error: “None of the Authentication Methods Supported By This Client Are Supported By Your Server”. Thanks Microsoft, very informative. What the hell does that even mean and why is it happening all of a sudden?

I was thinking about what had changed recently and then I remember earlier today I had installed the latest batch of Windows Updates. Went through the list and sure enough, an update for Outlook 2007 had been installed (KB2412171). Now to the task of finding out what that update had changed and revert it or if I couldn’t revert the change, uninstalling the update. As it turns out, there was one setting that the update apparently changed. For many email accounts one is supposed to check the “My outgoing mail server requires authentication” meaning Outlook must provide username and password for the mail server to accept and relay outgoing emails. I knew the error was in the general area of authentication so I unchecked that option and the emails left, no problem.

Good, I thought, problem solved… only to receive two emails shortly after, where I was informed that my ongoing emails had been rejected at the recipients’ servers because they were not authenticated (a security measure to avoid somebody from just spoofing the sender’s email address and be able to send emails in your name without having to provide a password). OK so that brings me back to square one. What else could have changed? Turns out there is a setting in Outlook that uses a certain protocol when providing credentials to the web mail server to be allowed to send emails, called Secure Password Authentication (SPA). That was checked, but I could have sworn I didn’t set it that way. So I unchecked it, while leaving checked the earlier setting (“My outgoing mail server requires authentication”) and that did it.

Thought I pass it on to you in case the same happens to your computer.

Also, many Outlook  users have reported problems after installing this update, namely loosing the ability to archive old emails, and an extreme slowness when switching between folders. If you’re experiencing these problems, uninstall the particular update that is causing the issue:

  • Win7/Vista: Start > Control Panel > Uninstall a Program > View Installed Updates… find KB2412171 and remove it.
  • WinXP: Start > Control Panel > Add/Remove Programs.  Make sure “Show updates” (at the bottom) is checked.  Find KB2412171 and remove it.

Hope this helps.

Another Record Number of Windows Updates

Computer Security, Technical Tips

Monster-patch Tuesday this coming one is. On Tuesday the 14th, Microsoft is releasing a record 17 security updates to patch 40 ongoing vulnerabilities in Windows.

Two of the 17 updates were tagged with Microsoft’s “critical” label, the highest threat ranking in its four-step scoring system. Another 14 were marked “important,” the second-highest rating, while the remaining update was labeled “moderate.”

Worthy of mention is that some of the patches are intended for resolving the 4 vulnerabilities that a notorious piece of malware –  Stuxnet – exploited in the recent past.

As usual if you have Automatic Updates turned on, there is no action required by the user except perhaps a restart once the updates are installed. If your computer is not set to download and install updates automatically, user intervention will be needed.

Ransomware

Computer Security

Ransomware. Such funny coined word for such fun times we live in. A type of malware, ransomware  holds either a computer or its data hostage, and asks the user for a ransom in order to “release” the hostage. This type of malware (malicious software) has existed for some time but its newest variant is proving to be a bit of a challenge in terms of recovering the lost information and it’s been detected as circulating in the wild since late November.

Its name is Trojan-Ransom.Win32.GpCode.ax.

How can you recognize it? Users who become victims of this new variant will often see a pop-up window in their screen, or have their desktop background replaced by this message: “ATTENTION!!!!!! YOUR PERSONAL FILES WERE ENCRYPTED WITH A STRONG ALGORYTHM RSA-1024 AND YOU CAN’T GET AN ACCESS TO THEM WITHOUT MAKING OF WHAT WE NEED!” The ransom message ends with, “REMEMBER: DON’T TRY TO TELL SOMEONE ABOUT THIS MESSAGE IF YOU WANT TO GET YOUR FILES BACK! JUST DO ALL WE TOLD.”

What does it do? It encrypts the files in your computer’s hard disk drive, making it impossible to access or recover them. Past threats about the encryption strength have been bogus in some cases. Not this one. So as of this writing, there is no known way to decrypt the data to recover it.

What can you do about it? There are three actions to take. First is the usual preventive one. Have a good security setup so you don’t get infected in the first place, and have a frequently updated data backup to be ready for the worst. The second action is under the category of damage control. If you see any message on your desktop like the one above, turn off your computer as fast as you can. And I don’t mean go through the usual shutdown procedure. I mean press and hold the power button of your computer until it turns off (usually takes about 5 seconds of holding the power button to force a sudden shutdown) or just yank the power cable (If your computer is a laptop obviously yanking the power cable is not an option 🙂 ). The reason for this second action is, if you act fast enough, you might be able to abort the encryption process that is destroying your information. Don’t turn the computer back on. The third action is a corrective one. Contact an expert so the necessary steps can be taken to remove the threat before it can resume its destructive work.

For Firefox Users – HTTPS Everywhere

Computer Security, Technical Tips

Computer security is as strong as its weakest link. Nowadays, the weakest link is, frequently, the user himself. That’s partially why I write these articles, in an effort to do my part to improve the general knowledge level of the average computer user. What is HTTPS? It’s a secure method of HTTP. And what the … is HTTP? an acronym that means Hyper Text Transfer Protocol. Simply put, the method your computer uses to display websites. OK so back to HTTPS now. HTTPS is therefore a secure method of displaying websites. How does that affect you?

Well, with the Internet becoming more and more interactive, the communication from your computer is not just from the internet to it (like what happens when you make your computer’s web  browser go to a website) but also from your computer to the Internet. So it’s becoming more and more a two-way street. That takes us to a recent problem. Recently somebody created Firesheep, a plug-in that allows any user using the Firefox web browser to “steal” login information from other users logging in to sites like Facebook, as long as the victim is using a public wireless connection and is nearby. You might have read about it, it made the news recently. As a result, the attacker can impersonate the legitimate user at which point he/she will have total control over your account and can do anything the legit user can do.

Ok so that’s the bad news. What’s the good news? Actually, I didn’t say there were any. But in this case you got lucky, because there are. At least if you use Firefox as your web browser. There is a counter-measure plug-in called HTTPS Everywhere. This one forces the use of HTTPS in several well-known and frequently use websites, resulting in being invulnerable to the Firesheep plug-in attack. Again, you can only install this plug-in in Firefox. You can find HTTPS Everywhere here.

Note: Using the plug-in might have adverse effects in some minor functions in certain websites. For example it breaks the functionality of Facebook chat. The bug is not in the plug-in, but in Facebook’s website, so it’s something Facebook would have to fix.

Some of the popular websites HTTPS Everywhere works in include:

  • Google Search
  • Wikipedia
  • Twitter
  • Facebook
  • bit.ly
  • GMX
  • WordPress.com blogs
  • The New York Times
  • The Washington Post
  • PayPal
  • EFF
  • Tor
  • Ixquick

Wishing you a safe surf.