“Get a Personal Trainer for Your Computer!”©

Coach Web Graphic








[See the information in the HOAXES & SCAMS pages of this site.]


Let’s make this simple:  If anything can connect to a network, it can be hacked.

It doesn’t matter whether you’re talking about a computer, cell phone, car, smart toilet (yes, as in the Lixil), home security system, thermostat (Nest), TV, refrigerator, toothbrush (Beam Brush), light bulbs (LIFX), water/electric/nuclear power plant, oil refinery, or wireless camera.  See IoT for more discussion about this.  And that includes the new “wearable computers”.  With enough time, effort and expense, someone with sufficient desire can hack it. Recently, but not surprisingly, it has come to light that your connected car can be hacked through its Wi-Fi, prompting the introduction of The Security and Privacy in Your Car Act  (see LAWS).  Click HERE for more...

AVTEST, an independent IT Security Institute, registers over 390,000 new malicious programs every day!  AVG  and other anti-virus track current viruses and spyware on a daily and weekly basis.   If you have any of these, remove them immediately!

[See the software in the Security Baseline page of this site.]

You may wonder whether some anti-malware programs are better than others.  There are companies which test for this, like AV-Comparitives, AV-Test and Virus Bulletin.  Generally, tests are run every 6 months and are published on the site.  The free software, like Panda and AVG, generally rate quite well, Microsoft Essentialls not so well.  Kaspersky, Avira and Avast do well too.  Click HERE for a sample test result chart for June, 2015. 

Wanna know where your malware originates?  A good shorthand formula is that the Russians will go after your money, while the Chinese want your data!

For BUSINESS security plans and policies, call us.  We can advise you about how to control the many “BYOD” devices (USB drives, music players, even cell phones) that your employees may use to connect through your network, opening it up to possible viruses and intrusions.  Simply banning the devices or sites doesn’t work - you have to establish and enforce policies along with hardware restrictions.

Thinking about free security and utility software?  It may be just as good as paid for most home users.  Also, Windows 7 and 8 include many utilities you used to have to purchase separately elsewhere, and that may be enough for your purposes.  For more information, click HERE.

Your PC has “RINGS.”  Nope, not jewelry.  Your PC operating system has built-in “rings” for your protection.  Depending on the ring that legitimate apps or malware are allowed to access, the amount of damage that can be done to your computer is minimized.  Ring 3 has the fewest privileges, while Ring 0 allows access to virtually all OS resources, granting complete system control.  Luckily, most of the “critical” Microsoft patches have successfully blocked attacks on Ring 0.  But to be protected, you have to load these patches.

These days, it’s absolutely necessary for you to protect your computer with multiple layers of security (see Security Baseline), using programs that backstop each other.  Enable your firewall, use always-on malware apps, anti-virus software, manual malware scans, secure passwords, even encryption if it’s necessary.  And, of course, use common sense.

But always remember that security protection is an EVOLVING PROCESS.  Spammers and hackers are always one step ahead of you.  They have to be.  That’s how they make MONEY!

Not to depress you, but the security suggestions above are still only about 90% effective these days, as hackers adapt their technologies and methodologies to increase their success.  Biometric authentication can be useful, but remember that your fingerprints, eyeballs or face are saved as digital representations, which can be stolen.  (They’re better when combined with two stage authentication);  SSL is useless, even TLS and SSH are being constantly hacked these days; PKI will be broken when more powerful computers, like quantum computers, reach the hands of hackers; IPsec isn’t common because it isn’t supported by all vendors and it slows down your computer; Most firewalls aren’t configured properly and the prevalence of HTTPS will probably eventually make it useless;  Anti-Virus and Anti-Malware programs are effective, but with over 390,000 new malware programs registered every day (see above for link), it’s impossible to stop, much less cure, everything coming at you. And consumers who don’t configure permissions properly and blanket whitelist everything effectively bypass effective security. And anonomyzers won’t protect you (if the NSA can read your e-mail, so can anyone).  Rest assured that, as security technology evolves, hacking technology will ramp up right alongside.

STILL #1 - BEWARE FAKE ANTIVIRUS SOFTWARE! 2010-2016 studies by Google found 11000 domains hosting fake anti-virus software, accounting for 50% of all malware delivered via internet advertising. It’s very tricky, because its developers have made it so that you cannot go to any websites that would provide help in removing it.  For example, while you might be able to go to eBay or Yahoo, you cannot go to Symantec or, or start from Safe Mode, or run any .exe commands from anti-virus or anti-malware programs. SEE THE EXAMPLES BELOW:

7/20/16:  Hard to believe, but a Twitter, Vine, Snapchat and Instagram rapper named Jack Johnson tweeted his nearly 4 million followers to send him their passwords and within an hour tens of thousands complied.  Not sure what he’s going to do with all of them, and why teens don’t realize that the whole point of a password is for security against others getting into their accounts. Seems like another case of teens posting everything on their social media, oblivious to the real world consequences.  The kids think it’s cute and love to receive personalized messages from their crushes.


Here are a few tips to help you identify the real apps from the fake ones:

>Check to see who published the app. Be careful, though, scammers will use similar names; such was the case for (real) and Overstock Inc (fake).

>Check the reviews in Apple's App Store and Google's Play store. A real app will likely have thousands of (hopefully positive) reviews, while a fake one will likely have zero.

>Look at the publish date. A fake app will have a recent publish date, while the a real one will have an "updated on" date. For example, that fake Overstock app was only published on October 26 of this year.

>Check for spelling mistakes in the title or description. Many of these apps come out of China. Take extra caution if it looks like English isn't the developers' first language.

>Beware of apps that promise shopping discounts. Sound too good to be true? It probably is.

>When in doubt, visit a store's website in your browser and look for an icon or button that reads "Get our app." This will take you to the App Store or Google Play store where you 

   Once again, the security of home routers is vulnerableInfoSec has warned about the Moon self-replicating worm malware, which exploits a vulnerability in some 36 brands of routers, including 23 models of Linksys routers, also some Asus routers and (according to Tripwire) about 80% of the best-selling home routers sold on Amazon.  That’s a lot.  The worm takes control of the router through the Remote Management Feature (turned on by default) routerand then uses it to scan ports 80 and 8080 for other vulnerable systems.  While no real damage has been done by the intrusion, in Poland, it has been reported that one gang has successfully adjusted router settings to steal log-in names and passwords in order to steal cash through on-line bank accounts.  Linksys and the other router manufacturers have posted information on their websites telling you how to turn off the remote management feature and upgrade your firmware to prevent such intrusions.  And, of course, always change the default user name and password.  See also IoT and FAQ#67.

  If you receive an e-mail containing a link promising to upgrade Microsoft Outlook or Outlook Express, you should simply delete the message to avoid downloading a nasty Trojan Horse virus.  It’s a scam.  Of course, you should know this by now, since Microsoft never sends e-mails with download links embedded in them.  Nor does Microsoft make unsolicited telephone calls to computer users, or collect any personally identifiable information.  Never!  If you receive a call from someone who purports to be from Microsoft (or an independent working for Microsoft) telling you that they’re monitoring of your computer shows that it is infected, hang up!  Sometimes, they’ll tell you that the “.inf” files on your computer mean that they’re “infections”!  Ridiculous!  They’re “information” files that contain plain text information that Windows uses when installing a software driver, like your printer!

  If you’ve got a Yahoo mail account, it may have been hacked.  Yahoo’s servers weren’t attacked, but a “third party” list of IDs and passwords is being used to break into the mail accounts.  A second attempt was made days later.  And in 2016.  Yahoo has reset the passwords on all known compromised accounts, but I recommend that you simply set your Yahoo e-mail account password no matter what, just to protect yourself.  It can’t hurt and could save aggravation.

 cryptolocker screen shot And we thought the FBI virus (below) was bad.  Now there’s even one worse:  The CryptoLocker ransomware virus, also the CryptoWall, Locky and SamSam variants.  It has a red screen with a shield telling you that “Your Personal Files Are Encrypted!”  You are warned that unless you pay $100 - $300 or to to the infector, you will not obtain the passkey to release the documents (at least they’re true to their word about this, so far they’ve released them).  It usually affects business computers, often masquerading as an e-mail from a shipping company or FedEx, or a requested download of a Java file or codec update, or something about a problem clearing a “cheque”.  It’s already affected over 400,000 computers, many in the U.S., Britain and Australia.

The numbers show that ransomware is seriously on the rise: The Infoblox DNS Threat Index found that the number of domains serving up ransomware increased 35-fold in the first quarter of 2016, and the FBI says that the purveyors are ramping up from targeting small businesses and consumers to industrial scale big money attacks on larger commercial entities.  Beware.

What can you do to avoid it:   First, disconnect any infected computers from your network.  Including the cloud or any other connected backups, they’re not safe either, as the malware goes after all network mapped drives as well. Windows “shadow copies” aren’t exempt either.  These guys have thought of everything.   If you get this virus, other than paying the extortion, you can’t get it off through any known software or registry edit (despite the usual claims from those Google advertising suspects). The only way other than paying the fine is to restore the data files from a backup after deleting the two registry values (if it’s only a file or two, you may be able to restore from a shadow copy if your O/S has this feature enabled).  But ongoing experience has shown that, because the attacker that steals the data, wipes the database and then leaves behind the ransom note isn’t always the attacker that compromised the database in the first place, paying the ransom may not be useful because the victim doesn’t really know who actually has their database, if anyone.  Besides, the malware doesn’t usually save the encryption key either locally or on any remote server, so it may never be recoverable.  And don’t leave your backup on a connected USB drive, or even on the network, they’ve got to be removed or they’ll be similarly infected.  Same for the cloud, it can be reached by the virus.  [In an enterprise environment, there are some additional things you can do, like making the computer appear as a virtual machine,  also using a USB SSD as the malware looks for environments with more than 1.5Gb of RAM, which makes it “look” way to large (say 256Gb when it’s really only 8Gb) to bother infecting useless files; and, since the Locky ransomware seeks to neutralize shadow copies of files, hiding those files in the .sys” folders instead of the default location, which may prevent or at least delay the infection if it’s caught early.  Better make a backup now - you should have been doing this all along anyway.  And it’s a another reason that the Windows default is for you to store all of your document backup files in the same place and not scattered throughout various programs. 

Second, make sure you’re up-to-date with your security updates, they will also help avoid these attacks.

Third, if you do pay, make sure you do it from a prepaid card, or you run the chance that your bank card may be hacked, too, adding identity fraud to your troubles. You’ll probably have to learn how to use Bitcoins to pay, too.  Finally, if you have a corporate network, you should reset the software management tools and group policy objects to restrict access that might allow the malware to begin the encryption process (click HERE for more).

UPDATE:  6/2/14 - The U.S. DoJ announced the successful takedown of the Gameover Zeus Botnet, part of which was the CryptoLocker virus, through Operation Tovar.  However, the takedown only stopped the virus’ botnet delivery system.  The virus still lives on and, if criminals can use a different set of servers, it will start all over again.  Moreover, now that they’re out of business, those 400,000 infected users don’t have the choice of paying the ransom in order to get their files unlocked, since they can’t communicate with the seized servers!  Already, copycats like CryptoWall, CryptoDefense, BitCrypt, CBT Locker and CryptorBit are filling the void.  Most of these botnets are operating out of Thailand or the Ukraine, where there is effectively no government protection against them.  12/2016 Update:  Cisco’s Talos security group discovered a variant of Zeus, Floki bot, which is based on the Zeus source code, but features new capabilities such as making the dropper mechanism more difficult to detect and aloowing use on the Tor network

So users should still take precautions:  The backup, update and anti-virus steps outlined above are imperative for your safety.  There will always be a next time. If you’re concerned, try CryptoPrevent software which claims to keep all types of ransomware and cryptoware  off your computer.  UPDATE:   Although only 1.3% of people hit with the malware paid the ransom (still, $3 million to the bad guys), for those without a backup, Fox-IT and FireEye, companies which aided the effort to shut down the Gameover Zeus group, have created a portal called “Decrypt Cryptolocker” through which any of the 500,000 stranded victims can obtain a key (at no cost) which may unlock their data.  Just send them the file, and they’ll get you a key.  Nice work.

  Beware the Reveton FBI Moneypak ransomware scam.  This is actually aFBI RANSOMWARE SCAM computer trojan virus (see Spyware) that is installed when a user visits a compromised website that causes the computer to lock up and display a warning that the FBI or Department of Justice has identified the computer as being involved in  criminal activity, then demanding that the user pay a “fine” by using a prepaid money card which will then (Ha!) unlock the computer, otherwise you will be threatened with criminal prosecution.  It’s very convincing:  The FBI seal, if not viewed carefully, looks quite real.  If you have an active webcam, the screen may even show a photo of you at your computer, as if you were caught in the act!   Unfortunately, this virus has morphed into least six versions (FBI Moneypak, FBI Green Dot Moneypak, FBI Virus Blackscreen, FBI Online Agent and FBI Cybercrime Division), each of which has become more difficult to remove.  Not every anti-malware program will work, even if you can run it.  You may not be able to remove the virus without professional help, but you can always try if you can actually initiate anti-virus software. 

  May, 2012:  As if you don’t have enough to worry about, if you’re a social networker, you now have ”Likejacking”.  Click on a Like button or a photo and you can be hijacked or get malware.  According to Mark Risher of Imperium, spammers may create as much as 40% of accounts on social media sites.  Why?  Follow the money - Facebook sued Adscend Media, claiming that over 280,214 users were tricked into interacting with spam, accounting for 80% of the company’s monthly revenue of 1.2 million.  Same for Twitter, who sued spam software makers Skootle and JL4 Web Solutions.  What to do:  Don’t click on spam like ”You will be SHOCKED when you see this video.  Simply “Like” this page to see the video”.  And, if you click a legitimate link, report the redirection to your account provider (Facebook or the like).


If you’ve been reading the posts on this page, you’ll see a commonality among them:  Spammers that purvey malware use current events, curiosity and greed to get you to open infected links, e-mails and advertisements.  We used to post many of these scams, but there got to be so many that we now only post the largest or more pervasive threats.  But, for example, here’s a list of the more current ones:

Superbowl:  Knock-off team jerseys, counterfeit memorabilia, and fake YouTube videos, to name a few.

FaceBook:  E-mails about how to make millions off the upcoming IPO.

Diet Scams: Diets used by the stars and the HCG diet.

Presidential Race: Downloads of videos of candidates, e-mails for support, etc.

MORE:  Tax refunds; Traffic cam tickets; Olympic Games tickets and memorabilia, and more.

Lesson:  If it’s news, it’s current, or it involves money, it’ll be exploited by hackers for profit!  Don’t fall for it!

If you want to keep up with these scams on a daily basis, go to and sign up for the Naked Security newsletter.

  August, 2011:  It’s amazing how many ways spammers can find to attack your computer with malware.  Here’s the latest:  E-mails, supposedly from the NY State Dept of Motor Vehicles (it has a address), posing as a “Uniform Traffic Ticket” informing you that you are charged with speeding at 7:25am on 5 July 2011.  They tell you to print out the attached ticket and send it to the court and -- oops -- here’s where you download the malicious code onto your computer and compromise your security.  Don’t do it - check out any tickets directly through NY, not by clicking on an e-mail!  Also:  There’s a similar scam claiming it’s a notification from the FDIC, to the same effect.

  It should go without saying...but don’t fall for e-mails like this (real) one:

FROM: []

Dear Valued Chase Customer,

Due to a recent security check on Chase online banking on 12th We require you to confirm your details and Re-activate your account

Failure to do this within 24hrs will lead to access suspension Sorry for the inconvienence

Regards Chase Online Banking
Issued for USA use only | Chase Bank plc 2012
No virus found in this message.
Checked by AVG -
Version: 2013.0.2740 / Virus Database: 2601/5831 - Release Date: 10/14/12

First, notice that the link (“http://info...”) doesn’t even go to Chase.  Even if this was a legitimate email, you should either call or go to directly to verify the request.  Nice touch using the address, but anyone can get one of those.  Also, the gibberish (“CHSHBDNUJLZ...”) and the dubious grammar should alert you to the spam nature of the e-mail.  Finally, the e-mail isn’t the virus or malware.  The payload is in the link you click on, so the “no virus found in this message...” isn’t a guarantee that the e-mail won’t cause a problem.

  Multi-Function Printers (“MFPs”) can pose network security risks.  Particularly offices.  The newer e-printers which rely on wireless technology to connect computers and iPads to the MFP can be hacked.  So be sure to protect yourself from this vulnerability by enabling WPA2 encryption on the network, combined with a secure password.  Also, turn off other Wi-Fi  and Bluetooth devices if they’re not being used, as hackers will always pick the weakest link on the network. 

  It’s not even safe to play on your Xbox any more without fear of being hacked.  Ask Hunter Gelinas of Florida, who found the SWAT team at his house in June, 2011 after a Canadian hacker sent out a hoax call to police that hostages were being held at his home.  Any time you get on the Internet, even for gaming, you run the risk of being hacked. December, 2013 Update:  As if that’s not enough, it’s been revealed that American and British spies have also infiltrated online fantasy games, fearing that militants could use them to take money or plot attacks.  You’re not even safe from government snooping in your games.


If you are a business, you are aware of your vulnerability from the inside of your organization.  Most often, we discover that intrusions that attack corporate data are from those recently terminated, and we start looking there.  Here are some things to keep in mind to protect your business organization:

- Figure out your most important data (formulas, designs, client list, etc.) then protect it.  Use access rights, encryption, user logs, etc.

- Watch for those behavioral warning signs among your personnel.  Hanging around where they aren’t authorized, friending those who are can be a tell about what may be on their mind.  Also, watch out for recruiters or people who pose as them, they tend to ask for information they aren’t entitled to when courting employees.

- Conduct exit interviews and immediately change passcodes and authorizations for those personnel who resign or are terminated.

- Watch your business partners and anyone else (like important vendors) which may have even temporary access to your proprietary data. 

- Set up technological as well as physical security and check them frequently.  If you’ve had past attacks, monitor your data for similar  “copycat” instances.  Technology should monitor everything (logging in, e-mails, texts, external devices, etc.) and should be coordinated with all other security programs (physical surveillance, cameras, log reviews, personnel reviews and exit interviews and the like).  Technology alone is insufficient to protect your corporate assets; it should be a concerted effort by all levels of your organization.

 Cloud computing can be a double-edged sword:  While it makes it easier to archive and retrieve data from anywhere at a very reasonable cost, it also makes it easier for hackers to propagate viruses and malware inexpensively and anonymously.  Because of the nature of the cloud, they can’t be found like they could if they were using their home computer, and powerful cloud computers make their job faster and easier.  Click HERE for more information on cloud computing.

 It’s an excellent prediction that the next big area for viruses and malware will not be over computers but smartphones.  Companies such as McAfee (which just purchased ten-Cube, before itself being purchased by Intel) and Symantec (which just updated its antivirus software for iPhone, Android and SMobile Systems) are all developing protection for smartphones. Lookout, a San Francisco startup, has compiled a database of more than 1 million smartphone apps which it uses to detect new threats and block potentially malicious applications, as well as to provide data backup and the ability to remotely wipe data in the event the phone is stolen.  Apple vets applications before allowing its users to download them to their iPhones, making them somewhat safer than the Android applications, which aren’t checked by Google before posting to the Internet for download.  So you can end up with such things as the (Droid) tip calculator which, when downloaded, also forwarded the phone user’s text messages to hackers, giving them the potential to learn potentially sensitive information, such as on-line banking information.  Or other apps that automatically call expensive, premium-rate phone numbers without the user’s knowledge, racking up potentially huge bills. And don’t forget that tablets aren’t laptops, so they don’t get as many security updates and can’t be “locked down” as easily.

 Talking about cell phones, many of their browsers make use of shortened URLs (addresses).  From a security point of view, using these shortened URLs (such as TinyURL, & present security risks, since the full URL is hidden.  It’s a good idea to go to the full URL website if at all possible.  Unfortunately, it’s different for almost every shortened URL and every browser.  For example, to view the full address for, add a “+” sign and past it into your browser.  For tiny.url, prepend the word “preview.” before the address, then copy into your browser.  Several sites such as Longurl, and also offer these services.  Moreover, both Firefox and Chrome have add-ons that can be installed to preview the full URL.  Joshua Long, a/k/a “The Joshmeister,” has compiled an excellent article about how to preview all types of shortened URLs.  You can reach it by clicking HERE.

 Cloud computing is great, but there is a still a general security issue:  If you store everything in the cloud and your computer is hacked or your laptop stolen, it’s a simple matter for someone to get all of your data, something that might not happen if you store your data on external devices such as tapes, disks or flash drives.

 You can receive infected e-mail from “safe” senders.  That’s because the safe sender could have had his or her computer infected with a virus that “spoofs” their address book, sending out infected e-mails to everyone in it.  Most cases, the sender doesn’t even know that this has been done, at least until someone tells them that they’ve received an infected e-mail.

 Never open an e-mail attachment that has a .exe file extension (unless, of course, you’re expecting it). It doesn’t matter what the sender says it is.  It’s probably a virus.  Advanced users who send execute files usually know to rename the file and tell you how to rename it upon receipt.

TIP:  IF IT’S NOT BROKEN, DON’T FIX IT!  You’ll notice a commonality in the Hoaxes, Security and News pages of this site.  It involves the pressure to upgrade software (such as drivers or video software) or to install new software (for example, in order to view certain types of video or graphics on a web page).  Think twice before doing so:  If everything is working fine on your computer, leave it alone!  You don’t need to upgrade, no matter what you’re told.  If you’re told to download and install software to view or play a webpage or a file, think twice - - There’s a very strong chance that your download may include malware.  Unless it’s from a major player such as Adobe, Macromedia or the like (you can verify this by going directly to their Home page, then “downloads”) you should be aware of the risk.  And, if you do upgrade or install, don’t click the boxes for “free offers” or “updates” since you’re giving them permission to e-mail you whenever they want.  Think about how badly you really want to view that web page!

2010 and later EXCEPTION:  Since most viruses and malware now load themselves through web page add-ons, be sure to run any Adobe or Java updates to block these malicious attacks!

 Unfortunately, merely viewing a page with your browser, without any user interaction at all, can allow certain “maladvertisements” using Flash to allow remote control of your computer.  Such maladvertisements infected on 4/10/08 and have infected other sites, using cross-site scripting (“XSS”), and are becoming more common, impersonating such legitimate advertising as Weight Watchers.  Makers of Flash-building tools and anti-virus providers are attempting to patch the holes created in these .swf files, but there is as yet no long term workable fix.  Meanwhile, what can you do?  At a minimum, download and install the latest Adobe Flash Player from the website, then remove all older versions on your computer.  The maximum precaution would be to uninstall Flash entirely (also using the LINK at the web site).  In between, you can install various software that will allow you to limit the use of Flash on a case-by-case basis, such as TurnFlash or Flashblock. If you use Firefox, the donationware NoScript add-on also blocks iFrames.

 Don’t always trust caller ID:  It’s sad, but you can’t always assume that your caller ID is really who it says it is.  “Spoofing,” which is cloaking the caller ID to make it look like someone else is calling, is on the rise and can be illegal.  (Not always - it’s o.k., say, if doctors or domestic violence shelters want to spoof their actual identity to maintain confidentiality and privacy.)  It’s so bad that the FCC has adopted rules that set significant fines for phone spoofing - $10,000 per incident and up to $1 million for ongoing violations.  Click HERE for the FCC info.

To explain once again why P2P networks are such a great security threat:  These file-sharing networks (KaZaa, Napster, Morpheus, FrostWire, Limewire, Gnutella and even BitTorrent), when used by the uninitiated (or uncaring) can easily result in the sharing of confidential information, sometimes illegally.   Most often this occurs because users (or their progeny) have installed a P2P program to download music or a TV show, then routinely clicked “O.K.” to all questions during the install process.  One of those questions was undoubtedly which folder to share files from, and often the default is the Windows My Documents folder.  The result is that everything, whether business, personal or confidential in the default My Documents folder can be shared, literally with the world.  Even in large businesses, one simple P2P music download can result in the sharing of thousands of confidential or proprietary documents.  If you run a business, you should periodically search the internet to determine whether you have had any security breaches.  You might be surprised by the results.





MURPHY’S LAWS OF COMPUTING #21:  If at first you don’t succeed, blame Microsoft.

© Computer Coach.  All written materials are the sole property of Computer Coach (unless otherwise attributed) and no part of this website may be used in any format without the express written permission of Computer Coach.