Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Layer 8

Folks, cleaning infected computers has me quite busy today, and it also caused me to decide to reiterate for you an important concept: each one of the machines on my workbench had up-to-date, for pay, antivirus and/or Internet Security Suite products installed.

Yet here they are — infected.

(Okay, now I’ll tell you about the title of this article. “Layer 8” is a play on the 7-layer OSI model of machine function. “Layer 8” translates to: “the human using the machine”.)

3 of the 4 machines (on my bench) were infected using the Trojan method – the User (unwittingly) downloaded and installed (willingly and on purpose) the infection. Please read Download Danger – the “Trojan” if you have not already.

The 4th machine was “drive-by” infected via unpatched (out-of-date) software. The User was in the habit of clicking “Remind me later” and never actually finding a convenient time to click “Install” when prompted by a pop-open. They visited a website that had been “poisoned” by a hacker and the hacker’s code attacked the unpatched vulnerability… no action on the User’s part was required.
The cure for this one is to realize that nothing you are doing on your PC is more important than applying the “a newer version”/”update”, as these releases are SECURITY fixes. (Yes.. I’m shouting.) To make sure you don’t have any unpatched/obsolete software on your system, click here, and then click on “Start scanner”.

Allow me to repeat:
I have written many articles regarding the epidemic that is “cybercrime”, and done my best to keep my readers informed about current scams, hacker techniques (like “social engineering” and “phishing“), as well as malware (Spyware, Trojans, worms, viruses, keyloggers, etc.) and provided you with advice and How-To’s for staying safer online.
(i.e., I have told you that malware has evolved into military-grade instruments.)

One item I have mentioned several times is the use of a free “online virus scanner” to help detect and remove malware that has managed to sneak past your current defenses (and don’t kid yourself, there are plenty of types that are capable of this trick). There are many such scanners out there, and some of them are fakes designed to trick you into thinking you’re infected — I suggest you avoid those!

Internet Security writer Bill Mullins published what I think is the perfect summary and analysis of the “good” online virus scanners, and their uses. I highly recommend you visit Think You’re Infected? Find Out – Run An Online Scanner From Your Browser and learn about these very important (free) tools.

Related: To read my other articles on malware, and how to deal with it, click here.

If you would like to hire me to clean your infection, click here.

Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved. jaanix post to jaanix.


>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<


Share this post :

June 26, 2010 Posted by | computers, cyber crime, how to, Internet, security | , , , , , , , , , | 8 Comments

Second rogue Facebook app spams ‘friends’

Scoundrels have created another rogue Facebook application, the second to hit the social networking site in less than a week.

In the second attack, Facebook users receive notices that they have supposedly being reported for violation of the social networking site’s terms of service by someone in their friends list. A link on the notification leads to an application called “f a c e b o o k – – closing down!!!” which, post installation, spams all the affected user’s friends with the same message…

Read the rest of this article here.

* Thanks to Lee at Technibble

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

March 1, 2009 Posted by | advice, cyber crime, hackers, Internet, Internet scam, Web 2.0 | , , , , , , , | 2 Comments

A Vast Criminal Enterprise Aimed At You

– Five Defensive Strategies

“Today’s Internet attacks are organized and designed to steal information and resources¹ from consumers and corporations. The web is now the primary route by which cybercriminals infect computers. Cybercriminals are planting malicious code on innocent websites. This code then simply lies in wait and silently infects visiting computers.

The scale of this global criminal operation has reached such proportions that Sophos discovers one new infected webpage every 4.5 seconds – 24 hours a day, 365 days a year. In addition, SophosLabs, our global network of threat analysis centers, is sent some 20,000 new samples of suspect code² every single day.

2008 at a glance

  • Biggest malware threats – SQL injection attacks against (legitimate) websites and the rise of scareware (aka “rogue” anti-malware programs)
  • New web infections – one new infected webpage discovered by Sophos every 4.5 seconds (24/7 x 365)
  • Malicious email attachments – five times more at the end of 2008 than at the beginning
  • Spam-related webpages – one new webpage discovered by Sophos every 15 seconds
  • New scareware websites – five identified every day
  • Top malware-hosting country – US with 37 percent
  • Top spam-relaying continent – Asia with 36.6 percent
  • Amount of business email that is spam – 97 percent

Injection attack? coming to get you By exploiting poorly secured legitimate websites, hackers have been able to implant malicious code onto them, which then attempts to infect every visitor. One of the reasons the web is so popular is that legitimate websites can attract large numbers of visitors, all of whom are a potential victim.
(This as also known as “poisoning”.)

Many well known organizations and brands have fallen victim to this kind of attack during 2008. Both large and small organizations have been targeted.
January 2008: Thousands of websites belonging to Fortune 500 companies, government agencies and schools/universities were infected with malicious code. more..

¹ read “money”
² read “malware”

Folks, this is taken from a whitepaper titled “Security Threat Report 2009” and produced by the IT Security firm Sophos. Some of the emphasis is mine. You can download the document here.
I want to take a moment to thank them for publishing this, and saluting their effort to combat malware and the criminals behind it. In fact, let me go a step further and salute all you whitehats out there. Thank you.

What you can do

1: please read Top 10 things you should do to your computer–updated. It is a checklist, and provides you with the How To’s for a (more) secure computer, as well as providing links to important (free) security downloads.
2: enable an anti-phishing filter, which can help alert you to poisoned websites before you go there. All modern browsers have a filter built in, and all you have to do is turn it on; or, you can add a toolbar/plug-in such as McAfee’s Site Advisor or the excellent WOT.
3: make sure ALL the programs on your computer are patched and up-to-date. The easiest and most effective way to do this (IMHO) is to download and install the PSI (Personal Software Inspector) from Secunia.
4: Never respond to e-mails asking for personal information. Legitimate businesses never contact you about “important issues” via e-mail. But criminals love to go phishing!
5: Be PARANOID on the Internet. (Use common sense) Think someone can’t trace back to you? Guess again; your browser reveals a wealth of information by default. Sound too good to be true? It is. There’s no such thing as a “free iPod”… and, no, you did not win the Irish Lottery. Is looking at sexually explicit material simply irresistible? Go to one of those video rental shops that has a back room instead of clicking links and images — a malware infection can cost you all your data and/or several hundred dollars in cleanup.. and/or many hours of your time..

Folks, the Internet is not Disneyland. Most knowledgeable people refer to it as the “wild, wild, West” (a reference to sheer lawlessness) but I like a different analogy better.. think of it as going into the Big City, and going down to the docks/warehouse district, alone, and at night.
You can do it, but you best be careful.

Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

December 12, 2008 Posted by | advice, anti-spyware, antivirus, computers, cyber crime, e-mail, hackers, how to, Internet, PC, Phishing, phraud, security, software, tech | , , , , , , , , , , , , , , , , , , | 3 Comments

It’s not your fault– how the Tech Industry is failing you

Your computer was infected with pop-up pornography because you visited a popular travel Website to look at hotel room prices in Orlando. And you have a well-known Company’s Internet Security Suite.

Or maybe, because your ISP promised you they’d scan all your e-mails for you, before they got into your Inbox.. you thought they really did, and you also thought that made your e-mail safe. You clicked on a link in one of those e-mails… (it said it was from your Uncle Victor..) and, voilà! Someone’s using your credit card.
In Malaysia.
To buy big-screen TV’s.
Like, six of them.. so far.

Perhaps you did neither of those things. But.. your friends wanna know why you’re sending them all this junk e-mail, and your ISP is threatening to turn you off if you don’t stop sending mass-mailings. Huh?
Turns out, you happen to have CoolProgram 6.0* on your machine, and a cracker has “exploited” the code and turned your machine into a spambot. Your machine has been merrily sending out thousands of e-mail come-ons for generic drugs, male enhancements, and penny stocks… all while you were asleep in bed.

Or you brought home a new digital picture frame…

Does this sound like a bad sci-fi movie to you? It does to me. But, sadly, this is our current reality.

You haven’t done anything wrong (or, really stupid) and you’ve even tried to protect your machine, but you got hijacked anyway.

I, for one, think there’s something seriously wrong with this state of affairs. When I think about the state of the Internet, I start feeling like that guy in the movie.. you know the one..

Why is this happening? Many reasons. Some are:
* Software companies are, to this day, releasing programs which contain insecure code.
* Hardware manufactures don’t include any extra features– like hard-wired security.
* In their rush to bring us new and exciting technology (he who’s first to market, wins), nobody stops and ponders the consequences.. or the vulnerabilities.
* For a long time, nobody took the hackers seriously enough.
* Cost. (I put this last because this can be offset.)

Believe it or not, there are steps the IT Industry can take to remedy a lot of this, and counteract this unsecured Internet. They could be doing much more to combat spam, malware, and hackers. There’s also steps we (us “consumers”) can take as well.. which space restriction has run out of room for today, and I will discuss tomorrow.

To be continued…

Today’s free link: I have recommended other graphics manipulation/image editing tools in the past, and it is only fitting that I give space to another winner: Paint.NET is simply the closest thing to Photoshop I have seen. 5 Star-rated by C/Net.

* Pick a program, any program. “CP 6.0” is simply my generic example.

*** Folks, like my new look? Hate it? Let me know by answering this 1 Question survey Click Here to take survey. ***

To read part 2, click here.

Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

May 9, 2008 Posted by | advice, computers, hardware, Internet, PC, security, software, tech | , , , , , , , , , , , , , , , , , , , , | 3 Comments