Security Alerts-Google Malware, On Line Email

There are two security issues that are out on the Internet that you should be aware of…

Google has found that some computers infected with a specific malware (virus) that gives you false Google results and sends you to other infected web sites. The nice people at Google have been able to identify the computers that are infected and send a message that appears at the top of their Google search results notifying the user of the issue. This is not Google that is infected but a users computer that is infected. Google monitors their traffic and figured out how these hackers were doing this. For more information just go here:

http://googleblog.blogspot.com/2011/07/using-data-to-protect-people-from.html

One other note on this, if this is affecting Google searches, Bing, Yahoo and other searches from infected computers are also most likely affected so switching search engines won’t fix it.

Many of you use on line email instead of (or in addition to on occasion) an email program (like Outlook, Outlook Express, Windows Live Mail, Thunderbird). Many people who do use on line email use Yahoo, Hotmail or Gmail services as their primary email address. I have seen several instances recently where an email account has the password “hacked” on line and the account is being used for spam (porn in most cases). This doesn’t mean that your computer sitting in your house has been compromised; it means that using your email address, a hacker has gained access to your email on the internet server and is using it for their own purposes. There are various ways that hackers gain your password to your email address, I am not going to cover that. I will talk about how to figure out if it has happened and what to do about it.

You should log in to your email account by the web site you use for that like hotmail.com, yahoo.com, google.com, etc. Click on your Sent box and see if there are any emails in there that you didn’t send. Look for things like “this really works”, “on line pharmacy”…stuff that you wouldn’t be sending or forwarding. Believe me, it will be obvious. Hopefully, your friends will have called or sent you an email back saying what in the wide world of sports is going on? The good news for this is that a password change will fix this. Just go to the password management area (Microsoft, Yahoo, Gmail, RR all have it) and change your password. And make it a little more difficult to guess this time, 8-10 characters with letters (CAPS and lower case) and numbers at minimum. Then, for those of you who do use programs like Outlook, you will also have to change the password in that program also. For those of you on line users, make sure that the hacker didn’t add any strange addresses to your address book.

For those of you who do use Outlook etc, the detection part may be a little more difficult, but the fix is the same. You may see email returned as undeliverable with an address that you don’t know or don’t have. You may get that wide world of sports email from some of your friends. The fix is the same thing. You will have to change your password on line first (like above) and then change it in your Outlook etc program also.

The disturbing part of this is that it seems this type of email hacking is happening pretty often. Those of you who have AT&T (or any of the SWBell, SBC Global, or any of the other baby Bells) as an internet provider should be aware that you are vulnerable also since AT&T has integrated their on line email system with Yahoo. 

Seems like we never get a break

Seems like we never get a break. There is another virus outbreak going on, this one disguised as a legitimate Windows program. It is a “scareware” or “ransomware” type of bug that does a free analysis of your computer and says that your hard drive and computer has errors. It offers to fix it for a price, all you need is your credit card. It will do two things for you-if you give it your credit card, it steals it…and…it won’t fix anything. I haven’t seen any analysis of it yet, but these typically leave a back door open so who ever controls it can use your computer for other things, like stealing whatever other information you have, forwarding spam or attacking other computers to steal their stuff.

The way it comes up varies, but the window will have some warnings about errors on your hard drive. Here is an example of what one of the variants looks like:

Please note that the real Windows XP Recovery program looks nothing like this, it doesn’t pop up automatically and it certainly wouldn’t ask you for money since it is part of the Windows program to begin with. These viruses are using vulnerabilities in web sites to get in to them and then they use any weaknesses you may have in your computer to infect it.

The hackers that design these things are very good, so if you see this, YOU HAVE A 911 EMERGENCY!!! YOU NEED TO ACT QUICKLY OR YOUR COMPUTER WILL BE BADLY INFECTED!!! If you see this behavior, it is important that you get your computer off line as soon as possible to break the connection and stop the virus from entering your computer. Try closing the pop up windows and shut down your computer normally. If you can’t get any of the windows closed, you should perform a “hard” shut down of your computer. That simply means turn off your computer by pressing AND HOLDING the on/off/power button until the computer actually turns off (about 5 seconds). It is imperative that you get the computer turned off. I know this is not what you have been taught, but it is better to do this than deal with the damage that the virus can cause. Once you have the computer turned off, breathe! Now turn your computer back on. If you don’t get any pop up windows, that is a good sign. Try surfing the Internet. If you don’t get any pop up windows that is a very good sign. Make sure your anti-virus software is up to date and then run a full scan. If your scan is clean and your aren’t see the other bad behaviour, you have dodged a major bullet.

If you continue to get these pop ups, your computer is now infected. Do not leave the computer on, do not try to surf, do not pass go. Call your favorite computer guy (hopefully me!!!) and get them over to fix your problem. And it is a serious problem. I have repaired several this past week. It hides all of your icons, all of your programs, all of your documents and makes your computer essentially unusable. They aren’t gone, just hidden. It disables your anti-virus, but it looks like it is still working. It disables all of the usual utilities you might try to fix your computer. And it keeps asking for money. Some of the popular anti malware programs can fix part of the initial infection, but this bug places about 100+ additional hidden files in your computer that keep inviting more bad bugs to join them. It also modifies the Windows programming in such a way that you are more vulnerable to attacks. The other bad news is, that with all of the software tools assembled and ready to go, it takes about 3 ½ hours to remove this bug, repair the damage it causes and run the scans to confirm it’s gone.

One more time with feeling…So how do you protect yourself from this? When you are surfing the Internet you should pay attention to how your computer is acting-Does it suddenly slow down and stay slow? Does Internet Explorer (or whatever browser you use to surf) lock up/crash often? Do web pages you normally surf load slowly or not at all? Next, make sure all of your programs (anti-virus, operating system (Windows), browser (Internet Explorer), media players (Flash, Windows, Quicktime, iTunes), Adobe Reader, etc, etc, etc) are updated and that they are set to update automatically. This means you should not ignore the little yellow shield, the red shield with the big “X” or any other new or unusual icon that shows up in the lower right corner of your screen. Hackers look for ways to get into your computer 24/7/365+! When they find a weakness, they will exploit it. When software companies find out about these weaknesses they send updates to fix them. That is what those little yellow shields and other icons are all about. Do not ignore them!

The computers I have seen that have been infected during this outbreak have had McAfee, AVG free, Avast free and AVG (paid) anti virus installed on them. I did not have any reports of computers with Norton, Panda or Microsoft Security Essentials infected. That doesn’t mean that there weren’t any, I just didn’t see or hear about any. With the AVG (both paid and free) and Avast anti virus, I don’t think it is coincidence, I have seen more frequent infections in these with other viruses so I have discontinued using them with my clients. I’ve never been a fan of McAfee, but in these cases, it just completely missed the infection or said that it had fixed it. I personally use and recommend to my clients who are willing to pay for anti virus Norton Internet Security. It doesn’t bog your system down and their support community is extensive. More than likely your problem has already been solved and it is easy to find the solution. It has always worked well for me and my clients who use it. For people who feel comfortable with something free, (so far) Microsoft Security Essentials seems to work well. I have used MSE on one of my computers for 6 months with no infections. I will say this; your computer is a reflection of you, what anti virus you use is your choice.

Everyone is going to get a computer virus from time to time. If the anti virus you are using works for you and isn’t letting the bugs in too often, dance with the one that brung ya. If you get more than 2 bugs per year, we may need to discuss some other options. Of course, surfing habits and the sites visited affect this. I thought I was going to have to scold some little old ladies once until I found out they were all going to the same quilting site that was infected! Sure, go ahead guys, use the “it was a quilting site” excuse see how that goes...But remember, you cannot lie to the computer guy. 

Red Alert, More Adobe Trouble!!!

We’ve got double trouble this time. Both involve Adobe so at least there is only one place you have to go to get your updates.

First of all, a new vulnerability in Adobe Flash Player has been discovered and is actively being exploited on the Internet. In simple terms, someone has figured out how to get into your computer using a program (Flash) which works with your Internet browser (Internet Explorer, Fire Fox, Google Chrome, etc). Since these are programming issues, your anti virus will not protect you at the moment. It is too soon to tell what the infections are trying to do or look for, but Adobe is so worried about it that they have published an update. This update will probably be installed automatically on your computer within the next week, depending on how updates are scheduled for your computer. I don’t know about you, but I don’t think I want to wait up to 7 days for my computer to be updated for something going on now. I recommend that you go ahead and update now manually. Here is what you do…go to www.adobe.com and look over to the middle right side of the page you will see links for downloads. Click on the one for Adobe Flash. 

This will take you to the download page. Before you click the “Download Now” button, make sure you aren’t downloading some sort of freeware that Adobe likes to have tag along. It’s not going to damage your computer, but it’s annoying just the same. Most of the time, it’s Google tool bar or McAfee Security Scan. You don’t need either of those. Just uncheck the box for those. Then click the download and allow it to install.

The next issue is an email that seems to be making it past spam filters. It is an email entitled “Action Required-Download new Adobe Acrobat Reader…” or similar title. The copy that came to me looks like this (I made the text of the email red):

INTRODUCING UPGRADED ADOBE ACROBAT READER

Dear Customers,

Adobe is pleased to announce new version upgrades for Adobe Acrobat Reader.

Download Now To Try Us Out

Advanced features include:

- Collaborate across borders

- Create rich, polished PDF files from any application that prints

- Ensure visual fidelity

- Encrypt and share PDF files more securely

- Use the standard for document archival and exchange

To upgrade and enhance your work productivity today, go to:

Adobe Acrobat Reader Upgrade Center

Start downloading the update right now and let us know what you think about it.

We're working on making Adobe Acrobat Reader better all the time!

Copyright 2011 Adobe Systems Incorporated. All rights reserved.

Adobe Systems Incorporated

343 Preston Street

Ottawa, ON K1S 1N4

Canada  

“Download Now To Try Us Out” and “Adobe Acrobat Reader Upgrade Center” are links to bogus web sites based in former East Germany (I disabled the links so they won’t work) that will try to infect your computer by installing a fake version of Acrobat or some other software. DO NOT DO IT! Your computer will most likely become infected if you do. This type of email relies on “human engineering” to get people to just blindly believe and click on links without considering the consequences from an unsolicited email. There is, in reality, a new version of Acrobat Reader available, just go to the same www.adobe.com web site and download it there if you want to.

Almost all software is set to update automatically now. All of the major software makers rely on auto update so they don’t have to send out emails like this one. There are exceptions, but you should always be suspicious of emails like this that want you to download the next latest greatest version of some software you already have.

Just a reminder

Adobe has put out updates for Adobe Reader, Flash, and Shockwave that you should make sure are installed on your computers. They are security updates. If your computer does not do ask you to install these updates in the next day or so, go to www.adobe.com and install them directly from the web site.

Simple Solutions

Because we have computers and all of their complexities, we all tend to think that when there is a problem, it must be complex and difficult to solve. That is where I come in. I like to solve those kinds of problems. But we shouldn’t always look to those complex issues first when something happens. These three incidents happened in the past week prove that. I am going to change the names to protect the innocent. Here we go…

Episode 1

Mr. Royal has purchased a new Farmer computer with an extended warranty and a fancy support package. He got a great deal and no interest financing so I can’t blame for not buying it from me. Mr. Royal called Farmer’s support when his computer told him that his hard drive had failed. After a couple of hours talking to India, the very happy tech support told Mr. Royal that his computer had experienced a software problem that was not covered by their warranty and would he like to pay for their tech support to fix it. Mr. Royal prefers that his dollars be spent locally so he thanked them, hung up, and called me.

Mr. Royal’s computer is a very high end computer and has a special feature called “mirroring”. It just means that the computer has two hard drives that are exact copies of each other. The only problem was that his computer was telling him that both of the drives had failed. Like most people, I am sure the Farmer’s tech representative assumed that the problem was complex and set about trying to fix it.

I arrived, started the computer, and had it working in 5 minutes. It is very very very very (yes very!) rare that mirrored drives fail at the same time. There is one bad drive that will now be replaced under warranty by Farmers. What the tech should have done is use the simple diagnostic utility (it comes with the computer!!!) to confirm that both drives were bad. He had to know that the utility was in the computer, they built the thing!!! I pressed 4 keys (CTRL, i, y, ENTER!!!) when the computer started and it was back running again. Mr. Royal told me that they never went in to that utility, he wondered why, but they are tech support, they should know…

Episodes 2 and 3

These are similar so I will lump them together.

Ms. Joint called me and said her front desk computer turned itself off abruptly and won’t turn back on. They’ve tried plugging it in to another outlet, but it still doesn’t turn on. It is an older computer so it could be anything from a blown up mother board to a bad power supply. I looked at the computer and checked that big black power cord that plugs into the back of the computer. It felt very loose, like it wasn’t making contact with 3 prong thingies (technical term) on the power supply. I jiggled it, nothing. I have a power meter so I checked the power cord (don’t do this unless you know how, 110 volts of electricity is still there and you could get electrocuted). Hmm. Nothing. Go out to the car, get a $2 power cord and plug it in. Problem solved. No blown mother board, no bad hard drive, no bad power supply.

Finally, I was working for the Queen Elizabeth association on an unrelated matter when I heard a scream coming from the next room. One of the royal subjects had been working on a project and her computer had gone dead. It is a new computer so it is unlikely that it just died then and there. After I suggested they wiggle the power cord in the back of the computer, it came back to life. All of her work was recovered, the birds sang, it was a good day.

So what have we learned today, boys and girls? In the big scheme of things, when your computer has a problem, look at the simple stuff first. And check those power cords!!!

Busy Patch Tuesday

As I have told you previously, the second Tuesday of each month is when Microsoft releases security patches for all of their software. Tomorrow (02-08-11) is no different except that they are releasing several critical patches that are already being used to take control of computers world wide. Make sure you allow your computer to install these patches. Your computer will automatically reboot if you leave it unattended overnight after installing the patches so make sure you save your work before leaving your computer for the day/evening.

As a coincidence, Adobe is releasing a security update for its Acrobat Reader tomorrow. Most of the time, Adobe asks you for permission to install and does not do any installation unless you approve. So, when you see the little Adobe icon in the lower right corner of your screen next to the time display, go ahead and click on it and allow the installation to proceed.

And finally, those of you that use Firefox to browse the Internet will probably see an update within a week or so. The next version will be Firefox 3.6.14. Firefox is generally pretty good at telling you clearly that it wants to update. You should install this update also as it has several security fixes in it.

As always, please feel free to contact me with any problems or questions. Please feel free to forward this email to anyone who you feel may benefit from it.

New (old) Facebook Scam

There is another Facebook scam out there that uses the old “how many people have viewed your Facebook page” ploy. It asks you to take a short survey and give it access to your information. It will then steal your information (and probably sell it to spammers) and will open you up (until you change your password) to all sorts of “friends”. Read about it here:

http://www.huffingtonpost.com/2011/01/21/my-total-facebook-views-scam_n_812410.html

There are no apps that can offer you this kind of information about who views your profile, don’t fall for it!!!

Patriot Act/FDIC Phishing Scan

Another phishing scam…this time supposedly coming from the FDIC telling you your bank account has been suspended (or some other action) that violates the Patriot Act. It then directs you to a web site that probably will either download malware/viruses to your computer or will steal your personal data. Don’t fall for these scams, just trash the emails. The two links below describe the scam.

http://www.pcworld.com/article/216644/patriot_act_phishing_emails_resurface_fdic_warns.html?tk=rss_news

http://www.fdic.gov/news/news/SpecialAlert/2011/sa11010.html

Facebook Picture Chat Virus

There is a new virus out that can infect your computer from the chat function in your Facebook photo album. The virus uses a link in the photo chat function that downloads malicious software. The best advice is that if you come across an embedded link/picture/website that you can click in a picture, DON’T GO THERE! This is one of the latest in tricks that hackers are using social networks like Facebook to attack and get control of computers.

Here is more information:

http://isc.sans.edu/diary.html?storyid=10246

http://www.theregister.co.uk/2011/01/10/facebook_worm_photo_chat_scam/

Remember, almost all hacking done today is all about money-stealing yours or somebody elses. The way they do that is to keep your computer working and connected to the Internet. There are very few viruses today that damage your computer and make it unusable. Also, most viruses now come from the Internet and not from email. Social networking sites like Facebook, Twitter and Myspace are also especially vulnerable to having attacks planted in them. And any web site can be infected (Yes, Google, Yahoo, Bing, anyone!), not just the “questionable” ones. When you are surfing the Internet you should pay attention to how your computer is acting-Does it suddenly slow down and stay slow? Does Internet Explorer (or whatever browser you use to surf) lock up/crash often? Do web pages you normally surf load slowly or not at all?

The best thing to do to protect yourself is to make sure all of your programs (anti-virus, operating system (Windows), browser (Internet Explorer), media players (Flash, Windows, Quicktime, iTunes), Adobe Reader, etc, etc, etc) are updated and that they are set to update automatically. This means you should not ignore the little yellow shield, the red shield with the big “X” or any other new or unusual icon that shows up in the lower right corner of your screen. Hackers look for ways to get into your computer 24/7/365+! When they find a weakness, they will exploit it. When software companies find out about these weaknesses they send updates to fix them. That is what those little yellow shields and other icons are all about. Do not ignore them!

I am not agaist using Facebook, Twitter, etc-they are fun and great new ways to communicate and express ourselves. Be wary if you see something new that isn’t announced or wasn’t there before.