It Said I Was Infected

There is an epidemic of fake anti-malware software on the Internet– which is collectively called “rogue anti-malware“

Marketed under hundreds of different names, such as VirusRemover 2008 and Antivirus XP 2009, this type of rogue software scares people by giving false alarms, and then tries to deceive them into paying for removal of non-existing malware.

This video (produced by the good folks at WOT*) shows what happens when a legitimate site gets infected and redirected to one of these bogus anti-malware scams.
Yes, folks, legitimate websites.

The people behind this scourge use many different ways to try to entice you to click– realistic pop-up windows appear, offers of “free trials” arrive in e-mail, and “free scan” buttons on legit-looking ‘fight malware’ websites, etc..

As this video shows, the user is tricked into (scared into, really) providing their credit card # (oops.. might want to cancel that card..) to clean infections that weren’t there before they clicked.
* The ‘false positives’ are not “cleaned” BUT, more adware and spyware is installed.
* A good percentage of my calls at Aplus Computer Aid are folks needing help with getting rid of these rogues. Because they use the latest techniques to combat removal, and it can be quite tough.. if not impossible.. to remove them without formatting your hard-drive.
* Is that anti-spyware program really spyware?
* A Website dedicated to combating this epidemic is Spyware Warrior. It has a pretty good list of known rogues, and much more detailed information.

Today’s free download:  WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky Website. It’s easy and it’s free.

• Ratings for over 20 million websites
• Downloaded 1 million times
• The WOT browser addon is light and updates automatically
• WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.
• Settings can be customized to better protect your family
• WOT Security Scorecard shows rating details and user comments

Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix

Share this post :

September 30, 2008 Posted by techpaul | Firefox, Internet scam, PC, advice, anti-spyware, antivirus, computers, cyber crime, hackers, how to, phraud, ransomware, security, software, spam and junk mail, tech | pop ups, browser, install, video, how to, remove, rogue, software, websites, poisoned, scam, pop-up warning, wot, antimalware, antivirusxp, virusremover, spy shredder, false positive | 2 Comments

PayPal — Your account has been violated !!!

New, scary e-mail subject line.. Same bogus scam. (This one can slip past filters)

Clicking the link will take you to a realistic-looking but completely fake PayPal login page.

September 29, 2008 Posted by techpaul | Internet scam, Phishing, advice, cyber crime, e-mail, hackers, phraud, security, spam and junk mail | | No Comments Yet

I’m Really Looking For New Friends

There is a *new* phishing method being employed on chat clients such as Skype. The cyber-criminals really, really, really want you to click on the links they send, so…

They spam messages posing as young men and women who are “really just looking for new friends”.
It is similar to a “make a new Buddy” request, so don’t be fooled.

This is really just a ’sex’ twist on the ‘fear’-based social engineering ploy I warned you about here, Skype- “Windows Requires Immediate Attention!”

I am too tired of this game to backtrack this hyperlink, so I can’t tell you if responding to this chat will try to install spyware on your machine, try to sell you a “rogue anti-malware program”, or both..
I will simply say — once again — never click the link.

I got six of these this weekend.. Wow! I’m popular, all of a sudden.

[addenda: Peter Parkes (Skype Blogger) wrote and asked me to remind my readers to, quote, "Please report users who send these messages to abuse@skype.net - that will help us to block them where appropriate."]

Today’s free link: You are probably familiar with anonymous e-mail addresses, used when filling out forms on Websites (so you can gain access) to protect your privacy and cut down on junk mail. It is becoming more and more common for your ISP to provide you with some [I always just use nunnof@your.biz].
Internet Security blogger Bill Mullins posted a nice article this same type of service, except it is ‘temporary’ private telephone numbers (and he reviews two of them) here, Free Anonymous Phone Numbers for Online Safety

Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix

Share this post :

September 29, 2008 Posted by techpaul | IM, Internet, Internet scam, News, Phishing, VoIP, advice, anti-spyware, computers, cyber crime, e-mail, hackers, how to, kids and the Internet, phraud, security, spam and junk mail, tech | alert, chat, IM, Internet, Internet dangers, Phishing, phraud, Skype | 3 Comments

Block IFRAME For Added Protection

If you are interested in Tech, and visit Websites such as this one, it will not be very long before you read about Firefox. (In fact just this week I posted an article.) And, it won’t be long before you see NoScript mentioned. Odds are, you already have.

NoScript is a small program you download and add ‘into’ Firefox to enhance its functionality (these small programs are known variously as “add-ons”, “plug-ins”, and “extensions”– different words for the same concept.)

NoScript gets mentioned in the Tech media a lot because it is a security tool that automatically “blocks” (prevents from running) certain web page ‘elements’ (scripts) — Java, Flash, JavaScript, and XSS– from running unless you click the Option button and select “Allow”, or “Temporarily allow”.

Which puts you in control, and goes a long ways toward preventing “drive-by downloads“, and other malicious Internet attacks and activity from occurring should you happen to visit a Website which has been “poisoned” by a hacker.
(I don’t mean to depress you, but the current state of the Internet is so insecure that this can be, literally, any Website.)

By default, NoScript is a powerful tool (to read the NoScript “About” page, click here) and for many people is the primary reason they have made the switch to Firefox.
(I’ll let you in on a little secret; it is one way to measure a user’s “savvy”.. look for a Firefox icon.)

Tip of the day: Enhance your NoScript protection by turning on the IFRAME blocker feature.
IFRAMES are another dynamic Web element that cyber-criminals are now using as an “attack vector” (aka “method”) with great success. Like the scripts mentioned above, IFrame attacks can happen invisibly and automatically. Oh, the joys of Web 2.0!

1) In Firefox, click on “Tools”, then “Add-ons”
 
2) Scroll ’till you find NoScript, and click the “Options” button. (If you have not yet installed NoScript, click the “Get Add-ons” icon in the upper-left.)

3) Click on the Plugins tab. Place a check in the “Forbid <IFRAME>” checkbox.

That’s it. You’re done. Now when you visit a site that uses IFrames, you will have to approve them (aka “whitelist”) before they’ll appear.

[Note: the scripts and tools (Web 2.0 "features") mentioned in this article are NOT in themselves bad or dangerous, and it is thanks to them that the Web is such a rich and interactive environment.. but, in the wrong hands they can -- and are -- being used with criminal intent.]

Today’s free link: One of the more disturbing (outright alarming, if you ask me) hacker uses of IFrame attacks is the alteration of Search Engine results (Yes, you can’t truly trust Google, Yahoo!, or MSN anymore) and Internet Security blogger Bill Mullins has posted an excellent article on this subject, Fake/Redirected Search Results – Consequences for You

* Firefox users: Update 3.0.3 available today.

Copyright © 2007-8 Tech Paul. All rights reserved. post to jaanix

Share this post :

September 27, 2008 Posted by techpaul | Firefox, Internet, PC, Web 2.0, advice, anti-spyware, browsers, computers, cyber crime, hackers, how to, security, software, tech | add-on, attack, block, browsers, Firefox, iframe, iframes, Internet security, noscript, prevent, secure, vector | 8 Comments

Fraud Prevention Tips

Follow these tips to help protect yourself from fraud.

• Carry only necessary information with you. Leave your social security card and unused credits cards at home in a safe and secure location.
• Make photocopies of vital information you carry regularly and store them in a secure place, such as a safety deposit box.
• Do not provide your Social Security number unless absolutely necessary.
• Replace paper invoices, statements and checks with electronic versions, if offered by your employer, bank, utility provider or merchant.
• Shred documents containing personal or financial information before discarding. Most fraud and identity theft incidents happen as a result of mail and garbage theft.
• Review your credit report at least once a year, looking for suspicious or unknown transactions. You can get a free credit report once a year from each of the three major credit bureaus at www.annualcreditreport.com. For a small fee you can obtain a copy at any time directly from:
  • Equifax: 1-800-685-1111 or www.equifax.com
  • Experian: 1-888-397-3742 or www.experian.com
  • TransUnion: 1-800-916-8800 or www.transunion.com
• Place outgoing mail in a U.S. Postal Service mailbox to reduce the chance of mail theft.
• Promptly retrieve incoming mail to limit the opportunity for theft.
• Know your billing and statement cycles. Contact the company’s customer service department if you stop receiving your regular bill or statement.

Today’s free download: I found this list on the Wells Fargo Fraud Information Center. This site is a valuable public service that contains much useful advice, such as “How Fraudsters Operate”, “How To Protect Yourself”, and “Online, Mobile, Computer and Email Security Tips”. It is a free education, so check it out.

Copyright © 2007-8 Tech Paul. All rights reserved. post to jaanix

Share this post :

September 26, 2008 Posted by techpaul | Internet scam, advice, cyber crime, e-mail, how to, phraud, privacy, security | advice, credit report, equifax, experian, fraud, general, ID theft, phraud, prevent, prevention, safety, tips, transunion | 1 Comment

My Homework Is Missing!*

There have been occasions when I was not paying attention, and I saved (and/or downloaded) a file to some location I didn’t intend. What’s worse, I wasn’t watching closely enough to notice what and where that location was, and the file was effectively gone. Of course, my misplaced file wasn’t really gone … I just had to find it again. That’s when a desktop Search tool comes to my rescue.
Sometimes, though, the search comes up ‘empty’, or otherwise produces unhelpful results, and that’s what I want to address today.

Tip of the day: Find that file by using the proper search tool, properly. Windows comes with a built-in search tool, and there are “better” tools available (usually as free downloads) as well. But let’s start with the tool you already have. Windows Search is located in your Start menu (Start >Search) and is the magnifying glass icon.
If you cannot see a Search/magnifying glass: right-click on a blank area of your Taskbar and select Properties. Now click the Start Menu tab and click on the “Customize” button and select the Advanced tab. Scroll down and place a check in the box marked “Search”, as shown below.

Launch the Search tool and click on the “All files and folders” option in the “What do you want to search for?” area, and then — and here’s the trick — click on the “more advanced options” down arrow, and place a check in the top three checkboxes.

There are several “hidden” folders in the Windows filing system and it’s possible your file was moved into one of these (particularly downloaded emails) and if that happened, it will not show up in a “normal” search. Selecting the subfolders option ensures that your search is as thorough as possible. Now enter the file name and click the “Search” button and enjoy the cute antics of the animated ’search puppy’.

Bonus tip of the day: Often, I cannot remember the exact, or complete, name of the file, and that’s when the use of the wildcard symbol becomes very useful. Windows uses the “*” to represent “any”.

Let’s say, for sake of example, that I found a neat picture of a rose on the Internet (not copyrighted, of course!) and downloaded it. The actual file name is “DSCredrose16.jpg”, and being the incredible complex and super-busy human that I am … I download it to someplace other than where I expected. Searching for “rose.jpg”, in this case, produced no results (sometimes it will).

If I use wildcards, I don’t have to worry about an exact match. Typing in “*rose*.jpg” (no quotes) will find it, because I told the search to ‘match’ any letters before the characters r-o-s-e and any characters after them as well, and to show me only pictures.

If I’m not certain the picture was a JPEG, and that it might be a GIFF, or a TIFF, or a PNG, or a Photoshop picture (.psd), or a bitmap (.bmp) …I substitute a wildcard for .jpg, like this: “*rose*.*”.
If I type *.* into the search for box, I will get a list of every file on my machine — because I told it to ‘match’ every file name, and every file type.

Bonus bonus tip: Last night I was able to play Hero when my sister called begging me to help her “find” my niece’s homework assignment. Normal Search techniques were only showing very old (early) versions of the project, and so they were scared that all their hours of hard work had vanished.

If you look just below the “Look in: Local Hard Drives” drop-down, you will see in bold “When was it modified?” This allows you to search by date (or date ranges). I used this to limit the search to just yesterday’s activity. I quickly found the missing school project– it had been Saved to a browser’s obscure “Temp” folder (because it had been e-mailed, and she had “Opened” it instead of “Save”-ing a copy to her Desktop).

Today’s free link(s): If you want a faster/better/more capable desktop search tool than the one built into Windows XP (and if you spend a lot of time searching for files on your machines, you may), the top three downloads are Microsoft’s Windows Desktop Search, Google Desktop search, and Copernic. I must warn you that there are some privacy and security issues revolving around Google Desktop that may or may not remain valid — that debate still lingers. I can also tell you that Copernic is the geek’s choice.

* Original post: 7/26/07

Copyright © 2007-8. Tech Paul. All rights reserved. post to jaanix

Share this post :

September 25, 2008 Posted by techpaul | PC, Windows, advice, computers, e-mail, file system, how to, missing files, searching, tech, wildcards | advanced techniques, copernic, desktop search, document, file, find, how to, image, lost, misplaced, missing, project, search puppy, windows search tool | 2 Comments

Firefox 3.0.2 now available

Tip of the day: Mozilla has released a new update for its extremely popular Firefox Web browser. This update closes two “critical” security holes, and fixes several bugz (for details, click here), and I suggest Firefox 3 users get and apply the update.

Today’s free download(s): Folks, we here at T4E Headquarters encourage you to give an “alternative” browser a test drive if you have not already done so. (‘Export’ your Favorites/Bookmarks to a .htm file, and then ‘Import’ them into the new browser.) Without question Firefox is the most popular alternative to IE– and with good reason considering the multitude of capabilities you can enjoy when you discover Firefox Add-ons. Go on, give it a try, visit the download page here.

Also, we strongly advise you keep all the programs updated with the latest patches. Visit the Secunia Online Software Inspector for a quick scan: “The Secunia Online Software Inspector, or short OSI, is a fast way to scan your PC for the most common programs and vulnerabilities, thus checking if your PC has a minimum security baseline against known patched vulnerabilities.” [note: you can also download the more robust Personal Inspector here too]

* Since this post, 3.0.3 has become available.

Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix

Share this post :

September 24, 2008 Posted by techpaul | Firefox, Internet, News, PC, advice, browsers, computers, security, software, tech | 3.0.2, alternative, browser, Firefox, update, web | No Comments Yet

Encryption: say no to data theft*

If your laptop is stolen, will the thief be able to read your vital statistics and personal info? They will if you haven’t used encryption. They’ll have your passwords as well. Do you keep any confidential business files on your computer — like some doctors and Veteran’s Affairs employees do?

As I mentioned in my series on the NTFS file system (click here), Windows has the ability to encrypt your stored data as well as controlling access from networked computers. Enabling encryption is easy, and acts invisibly to the user (you) — and by that I mean your files will look like they always do, but to an “unauthorized user” they will look like a garbled alphabet soup of nonsensical gibberish.

Tip of the day: Encrypt your My Documents folder for top-notch security. To encrypt files and/or folders in Windows you must be using the NTFS file system, which most of you will already have on your machines (use the link above to read how to check, and convert to NTFS if neccessary). There are a few different ways to use encryption; you can encrypt individual files; you can encrypt entire folders and, by default, their subfolders; and, you can encrypt your hard drive (of import for laptop owners). The process for the first two are the same, while the third requires a different method.

[Vista Users: Microsoft says, "EFS is not fully supported on Windows Vista Starter, Windows Vista Home Basic, and Windows Vista Home Premium." Of course, what they mean by that is "NOT supported; and if you want it, spring for Ultimate Edition". I recommend using the free TrueCrypt to encrypt your data.]

The simplest method to provide encryption to your personal data is to encrypt the My Documents folder, which I will use for purposes of demonstration — as I mentioned, doing so will encrypt all the files inside and also encrypt the contents of any subfolders. Start by right-clicking on the My Documents folder and selecting Properties…accessing the folder may be as simple as clicking the Start button or finding its icon on your desktop or you may have to click Start >My Computer >Local drive C:, depending on your settings and preferences.

When the My Documents folder’s Properties window opens, click on the “Advanced” button.

As you can see, my My Documents is set to “compressed”, but is not encrypted yet. Compression is another feature of NTFS that was very, very much sought-after in the days before giant hard drives (back then, we hadn’t heard of digital ID Theft) and is a method that uses an algorithm to shrink file sizes. You cannot, however, use encryption and compression at the same time, and today the value of the former far outweighs the latter. Fortunately, switching from one to the other requires no effort on your part, simply select “Encrypt contents to secure data” and the rest is automatic.
Now click “OK”, and then “Apply”. Whenever you encrypt a folder, you will be asked if you want to apply encryption to just that folder, or all the files and subfiles and folders; you want the latter, which is the default.
That’s it. You’re done. Your documents are now safe from “unauthorized” eyes.

That is true, unless the person trying to access your data has their hands on your machine and is able to ‘crack’ your User password (you have given your User Account a password, haven’t you?) which may be the case if your laptop is stolen. To prevent data loss in that type of a situation, you want to encrypt your whole startup process and password protect it…which in essence encrypts your whole hard drive. To do so, click Start >Run and then type in “syskey” (no quotes). Now click on the “Update” button.

Select the top radio button, “Password Startup” and enter a good, strong password. Then enter it again for confirmation. Be sure to write down your password and keep it in a safe place — should you ever forget it, it is not an easy task for even an experienced tech to get you back in to your machine.

A final thought: I think it only fair to tell you (what you may have already guessed/know) that a very knowledgable Evil Doer, if they have physical access to your machine, can often get around whatever security you have in place. The hacker expression is, “if I can touch it, I own it.” So please don’t be careless with your, or your company’s, vital data. Also, you may want to consider a more powerful, 3rd Party encryption tool like TrueCrypt.

Today’s free link: most of you already know that the World Wide Web is a wonderfully rich resource for researching information, but did you also know it is an excellent resource for digital images? Need a picture of the Golden Gate bridge to put into your child’s homework assignment? The place to start looking is Google Images.

Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix

Share this post :

September 23, 2008 Posted by techpaul | PC, Vista, Windows, XP, advice, computers, converting to NTFS, encrypting files, file system, how to, security, software, storage, tech | encrypting, Encryption, file, files, folders, ntfa, privacy, security, system | 1 Comment

Angry IT workers: A ticking time bomb? InfoWorld/Dan Tynan

Dan Tynan has written a a thoughtful, and thought-provoking, article– published on InfoWorld.
I highly recommend the read: Angry IT workers: A ticking time bomb? IT workers are mad as hell and they’re not going to take it anymore.

September 22, 2008 Posted by techpaul | computers | angry, article, chasm, cost, damages, dan, gap, geeks vs suits, infoworld, IT, management, rebellion, sabotage, tynan, workers | No Comments Yet

Fwd: BIG VIRUS WARNING *** DO NOT DELETE***

Folks, two weeks ago I wrote an article advising you to immediately delete, unopened, these types of e-mail.. which are inevitably forwarded to us by well-meaning friends and family.
There’s one going around right now, warning about “the worst virus ever”.

Please read, SEND THIS E-MAIL TO EVERYONE YOU KNOW!, and then please forward it to those friends and family members who show a proclivity to be helpful and concerned — and fall for this scam. (You know who they are.)

These e-mails will contain an image (attachment) which will automatically be downloaded and displayed when you open the e-mail — please see, HTML e-mail and image spam (repost) — which automatically gives the cyber-criminal a matching valid e-mail address and machine/IP address– yours.

You don’t need to click any links, you just need to view the message, and the damage is done.

So even though the Subject line advises DO NOT DELETE, go ahead and do so– immediately and unopened. You’ll be protecting your Inbox and Identity.
And, need I say it? The “warning” is a bogus fraud, carefully crafted to play off people’s ignorance and fear.

Today’s free link: Today’s link is to a bargain shopper’s Website recommended to me by a Loyal Friend and True of Tech–for Everyone. FatWallet.com has the steals, online coupons, price comparisons, and forums you’re looking for.

Copyright 2007-8 © Tech Paul. All rights reserved. post to jaanix

Share this post :

September 22, 2008 Posted by techpaul | Internet, Internet scam, News, advice, cyber crime, e-mail, hackers, privacy, security, spam and junk mail, tech | alert, e-mail, forward, fraud, known sender, phraud, scam, spam, warning | 5 Comments