Malware Turns Twenty-Five

It’s been twenty-five  years since the first computer virus (Brain A) hit the net, and what was once an annoyance has become a sophisticated tool for crime and espionage. Computer security expert Mikko Hyppönen tells us how we can stop these new viruses from threatening the internet as we know it. This is a great video on whats going on today with computer security.


Christmas is Cancelled

Best Buy is completely dropping the ball this holiday season. We’re hearing reports that customers who bought items on on Black Friday (yes, nearly a month ago) will not be receiving their orders this year, with some of them even being cancelled right before Christmas.

Best Buy’s official statement on the matter, as relayed to FOX 9 is this:

“Due to overwhelming demand of hot product offerings on during the November and December time period, we have encountered a situation that has affected redemption of some of our customers’ online orders. We are very sorry for the inconvenience this has caused and we have notified the affected customers.” (more…)

Outsmart Internet Scammers

“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”

“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

Have you received email with a similar message? It’s a scam called “phishing” — and it involves Internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims.

Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer. Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website. (more…)

Phishy Emails Abound

Do not ever, click on a link in your email. Unless you know its is from someone you implicitly trust, but even then that could be a problem, as spammers are constantly trying to trick you.

Here is a one of the most recent examples, which I found intriguing as I just paid them a few days ago.


My Scam PC

I’ve seen this ad on TV for a program to speed up your computer off on on when viewing cable. The program that installed was called “Cyber Defender”. It’s listed in many sites on the internet as a possible Virus, Trojan or Rogue.

It would do one and only one operation and that was to scan the registry. Or at least it appeared that’s what it was doing. I was locked out of selecting any other options. Then it reported over 400 errors in my registry, but when I hit the button to Fix the problems, it took me right to there web site, where I was presented with the opportunity to spend money to buy their program. (more…)

PC Phone Scam

Online con artists are targeting PC users worldwide in a brazen scam. It starts with a phone call from a “tech support specialist” who warns that your computer is infected with a virus. To fix things, all you have to do is give the caller remote access to your PC. Here’s what happens next.

An old social-engineering scam appears to have taken on new life lately, targeting PC users worldwide.


Ironically, the scam doesn’t use a computer at all—at least, not initially. Instead, it starts with a phone call from someone who claims to be affiliated with Microsoft or another legitimate company or government agency.

The caller then asks for the primary computer user in the house, who is told: “Your computer has downloaded a virus.” And, of course, the caller is ready and willing to fix the problem. All you have to do is navigate to a web site, click a link to install some remote-control software, and allow the “technician” to get to work.

The perps are using legitimate remote-assistance software, like the Ammyy Admin program from Ammyy Software Development, which posted a warning that included some reports the company has received from scam victims:

“I got call from an India based consultant who said to me that he is calling from a govt. organisation in Melbourne, Australia. He made me to log into my computer to track some files and without advising me he wanted me to download a software application from and get remotely connected to a technician to delete some files…”

“I was recently called by what I thought was my internet service provider technician who used Ammyy to gain remote access to my computer – after I stupidly granted him that permission. It turns out that he was nothing to do with my internet service provider. When I became suspicious and began questioning him he said he would show me who he was and opened a website of a company – the web site triggered my virus software and I then demanded that the remote access be terminated…”

The scam has been around for a few years. Charles Arthur at the Guardian UK wrote about a similar scam last year, noting that it had been “going on quietly since 2008 but has abruptly grown in scale this year.” He wrote about it again in March 2011. This appears to be another wave, judging from the sudden increase in complaints I’ve seen recently.

I’ve heard from Windows users and legitimate support specialists who’ve seen this scam in action in Australia, Canada, and the UK. I also got one reliable report from an extremely trustworthy source: my mother.

A caller with a thick accent tried to run this scam on a user, who peppered the caller with questions. What’s your name? What’s your company’s name again? What’s your phone number?

A user’s Caller ID said the call originated from 999-910-0132; the caller claimed to be from a company that sounded something like Alert Center, and she gave a callback number of 609-531-0750.

If you plug those numbers into a search engine, you’ll find that they lead to a group of companies using identical website templates under different names, including TechResolveItek Assist, and—bingo—AlertSoft. A company with the unimaginative name Custom Design Firm, at the same address in Kolkata, India, also offers custom web-design and search-optimization services at exorbitant prices.

The user eventually hung up on the scammers, but others haven’t been so lucky. If a victim falls for the scam, the next step involves a credit card, naturally, as this victim reported:

Posed as troubleshooter, got into my system, used a “safe code” to get into my computer. Claimed my machine has been hacked into and infected with a virus. Tom and John, heavy Asian accents. Wanted to install “lifelong protection” for $130. I balked. They have my name and number and have been calling incessantly. I’m concerned that they might have planted something in my computer that allows them access.

Indeed, that’s a legitimate concern. Once a victim has granted an intruder remote access, it’s impossible to tell exactly what sort of damage they’ve done. If you know someone who has fallen for this scam, you should assume their computer has been compromised and respond appropriately.

Most readers of this blog are sophisticated computer users who would laugh out loud at an attempt like this. But you probably have friends, family members, or clients who could use a heads-up on this one. If you get a call from someone claiming to have detected a virus on your PC, just hang up.

Online banking security

A judge in Maine has ruled that a bank that allowed hackers to steal more than $300,000 from a customer’s online account isn’t responsible for the lost money, saying the customer should have done more to protect the account credentials.

Magistrate Judge John Rich sided with Ocean Bank in recommending that the U.S. District Court in Maine grant the bank’s motions for a summary dismissal of a complaint filed by Patco Construction Company. The ruling was reported earlier this month.

The case raises questions about how much security banks and other financial institutions may be reasonably required to provide commercial customers. It could set a precedent for liability in circumstances where customer systems are hacked and banking credentials are stolen. Small and medium-sized businesses around the United States have lost hundreds of millions of dollars in recent years to such activity, known as fraudulent ACH (Automated Clearing House) transfers. (more…)

Windows security wanes, while Malware waxes on four million websites

For Windows users there is a another problem that has been circulating around the web of late. Yea what else is new. I find these reports rather comical, as being a Linux user they do not apply to me period. Out of the three big browsers out on the block, Google Chrome, Firefox and Internet Exploiter. Google Chrome should be the safest one to use these days on the web.

If you are however a strict user of Firefox already, then I highly recommend the use of Firefox and the NoScript addon and your problem will be fixed. You’ll never even see the attack page in the first place. It’ll just be blank. Note to first-time users of NoScript: It is a WHITELIST, not a blacklist. Some sites are programmed into it, but 90% of them are not. You will have to approve various sites yourself. Yes this may seem like a pain, but 5-seconds of pain beats a being infected.

You can also disable proxies in the connections tab of your browser under advanced settings. LizaMoon uses a proxy server to redirect your browser. Disabling the proxy eliminates the popups and allow you to download a scanning tool like ESET’s online scanner tool or HitManPro’s scanner.

A new bit of malware has been making headway across the Internet, but is it really that big of a deal? You’ve probably seen the news that “Lizamoon,” an SQL injection attack designed to point your browser to a piece of fake security malware, had infected hundreds of thousands of pages across the Internet. And this includes links found within Apple’s iTunes itself… to a degree.

But here’s the deal: In order for the script to have any noticeable effect on your computer, you have to agree to allow it to work its unhealthy magic on your system, according to WebSense (video below).

LizaMoon example video and explanation

Simply visiting a site with injected code only redirects your browser to another site, and the social engineering takes over from there.

The simple solution: Don’t install unknown files! The more complex solution: Know what antivirus programs already exist on your system, and know what they look like when they scan for and find files. If something says you have malware on your system, and this something looks nothing like applications you already have on your system, be suspicious!

In this case, a successful Lizamoon redirect takes you to a dummy pages that looks as if a large antivirus/anti-malware scan is taking place on your computer. Go figure, the scan finishes quite quickly, and a user is alerted that his or her machine might be compromised by various Trojan horse attacks and other cleverly titled malware. If a user is still playing ball, he or she can click on the simulated option to “remove” these malware apps, which then pulls up a simple download window for a “malware-removing” executable.

Still with us? Here’s the deal: If you push some common sense into the mix, you’ll notice that this entire process seems a bit fishy to begin with. Step one: A virus scan for Windows Explorer appears in your browser window. Step two: It finishes in lightning speed. Step three: You have to download a file–apparently via Windows Explorer, but using your browser’s standard download file prompt–to finish the deal.

In short, Lizamoon can’t do a thing to your system unless you let it. So if you see sort of popup like the one’s I am showing here, do not click on anything! Just turn off your computer and reboot. If your already running a ESET NOD32 and or OpenDNS then you shouldn’t be able to visit any site that is compromised.

The SQL injection attack on the initial site you were visiting, which itself prompts the redirect to the bogus scanning site, only works on this first web site. Lizamoon doesn’t hang out in your browser, or continually redirect you to fake sites, or install itself on your computer in a manner that doesn’t first require you to perform the action yourself.

So what has Lizamoon taught consumers? Don’t let your browser con you into thinking that some kind of action is magically happening on your system, don’t trust this magical action if it takes less than 30 seconds to do or looks otherwise unknown to you, and run an up-to-date virus-scanner in the background of your system. Ta-da: Lizamoon defeated.

When you get hit by the infected website and are referred two things happen, you get hit with a popup box, and you lose control of both your browser and ctrl+alt+del functions. As with all browser windows you have the option to hit the red X to close everything down, but not this baby, touch anything on this baby and you spark up what is now a computer hijackers website. For those few moments the only solution is a log off or reboot. Blocking the hijacker with your firewall is a waste of time. The infection is designed to refer you to several thousand backup addresses that refers you to thousands of ever changing country specific domains like .ms, or .uk. The worst part is the address in the browser address bar is not the address of the web page you are looking at, the web page isn’t in .uk or .us but in Russia. The penultimate hop to the hijacker is a secure firewall server in the USA. The only way of shutting these hijackers out of your computer is by blocking the CIDR address of with your firewall.

Don’t know which bothers me the most; the problem or people trying to turn a profit from it. If you run Windows simply hit the power button; after shut down, restart in safe mode and run restore. The malware is gone.

Those who want a secure operating system are better off just leaving Microsoft altogether, not to mention cost savings and other commonly-stated advantages as you do NOT have to purchase additional software to make Windows function safely. Windows does not seem to impress people all that much.

Linux is becoming dominant not just in phones but on desktops too. One adoption curve drives the other and people who own an Apple or Google phone sooner or later rethink their desktop operating system (a personal observation).

Mac OSX attempting to catch-up with Linux, Windows left behind

Summary: Catch-up at Apple done the wrong way (with antifeatures or lack of features); Windows, the platform no one uses anymore

The company of seemingly-infinite hype is failing to impress and it also fails to innovate, except when it sues rivals, including those which use Linux. Apple is actually the one copying from GNU/Linux, not the other way around. Joe Brockmeier, a former employee of Novell who left after about a year there, published a post which contains what lots of people in said in recent days (but in brevity):

But the buzz over the Apple Mac App Store? Meh. Look at the features that Apple touts:

* Install any app with ease
* Keep your apps up to date
* The app you need. When you need it
* Buy, download, and even redownload

Linux folks, sound familiar? We’ve had all of this, modulo “buy”, for a decade at least. The Advanced Package Tool, a.k.a. “APT” for Debian-based systems (that includes Ubuntu), has made all of this possible for years and years. Granted, this has primarily focused on free and open source software, but paid apps are possible too. The Ubuntu folks have had a paid software store since Ubuntu 10.10. (It is, I admit, sparsely populated when it comes to proprietary/paid software.)

But the installation, updating, and such? All very possible with APT — or Yum or Zipper, if you happen to be using an RPM-based distro. (Or APT for RPM, if that’s still being maintained.)

Life Hacker has published “Why the Mac App Store Sucks”:

Apple launched the Mac App Store today, allowing you to browse, search, read reviews, and buy Mac software of all kinds in one streamlined location. And it’s terrible.

As written about earlier last year:

A system similar to the app store has been around in the Linux world for the past 10 years in the form of software repositories from which thousands of software packages can be downloaded and installed in a one step process straight from the desktop. In my opinion, that has been one of the major advantages for Linux over Windows and Mac OS. I believe that this has led to a larger number of smaller apps that are very specialized, sometimes feeling more like functions in the system rather than applications.

Below is an example the software repository for Ubuntu:

The big difference is of course that the Mac app store charges money for the applications, and it will be very interesting to see what this will do to the price point of Mac software. I’m pretty sure prices will drop drastically, not least because the applications are likely to be broken up into small parts with very specific functionality. You may look up what it is and than see thats its an AppStore, but not called “store” because everything is for free. Just look into the Ubuntu Software center. Search, find, click install, click uninstall. Thats it.

Apple is just copying GNU/Linux repositories and Windows is last to implement it (in vapourware), trying to catch up, as usual.

Compatibility issues that are the fault of the ISVs rather than GNU/Linux are probably the only remaining inertia factor which keeps Windows relevant. People dislike Windows for problems like viruses that characterise the platform, whereas applications that run on Windows lure/force people in. Disgruntled Windows users should be aware that there are alternatives other than Apple’s. There are more than 2 games in town.

The core difference is that a linux repository is controlled (tpyically) by a more open group, and you can effect influence. The Mac Store is controlled by Steve.

– Veritas Lux Mea, Caveat emptor

Best Buy also ripping off customers

This was just mentioned to me.

We bought a laptop for my wife from Best Buy less than a year ago. Normally, I would never buy from them, but this laptop was on sale, and the best bargain we found. It came with a year long subscription to the horrible, horrible Webroot anti-virus program. Less than a year later, we saw a mysterious charge for $49.95 on the credit card we had used to purchase the laptop. Turns out Best Buy had thoughtfully resubscribed us, and only charged us a small fee for the service. Of course, I had uninstalled Webroot the moment we got the laptop home.

We called the credit card company, and as soon as we said the words “best buy” they said “we’ll reverse the charges, this happens ALL THE TIME.”

When making purchases for computers and such, I always goto Newegg or Amazon for great deals on hardware. Unless, I am searching for Linux specific computers built and supported like System76 and ZaReason does for it’s products, or embedded devices.