It Is Only Getting Worse!!!!

Scareware, I have talked about it before.  You are warned that your computer is infected with a myriad of infections and that for $49.95, this miraculous software will fix all of these problems.  The site looks legitimate so you decide to download the software and fix this, seemingly, serious problem. However, what appears to be a problem is really a scam, you pay the money and what makes a bad situation worse, is that by downloading this software, that is supposed to fix all of your problems, you are actually downloading malware.  So you basically just paid a scammer to infect an otherwise healthy computer.  Well, just when you think that this could not get any worse……it does!!!  Panda Security has just found a new and nastier way in which the bad guys are taking advantage of innocent users.  This new technique is more invasive and can be more costly than anything that has been seen in the past.  Known as “Total Security 2009”, this new scam not only wants you to purchase their software, but will take your computer hostage in order to get it.  By clicking on their warning, software is installed on your computer which makes your file system useless.  Meaning that you cannot do anything, nothing will work on your computer, except you browser.  You have two choices at this point, either pay them the ransom, which by the way has increased, from the $49.95 to around $79.95, or reformat your drive and reinstall Windows.  So we pay the ransom.  This is a bad idea, as not only have you wasted your money, but the malware is still on your computer.  Yeah, you can now scan with a legitimate anti-malware software now and hopefully clean your computer, but I would not put a lot of hope in that.

Luis Corrons, the Technical Director of PandaLabs states that “Users are often infected unknowingly, in most cases, through visiting hacked websites, and once a computer is infected it is extremely difficult to eliminate the threat, even for those with a certain degree of technical knowledge. Users are also prevented from using any type of detection or disinfection tool, as all programs are blocked. The only application that can be used is the Internet browser, conveniently allowing the victim to pay for the fake antivirus. For this reason, on the PandaLabs blog, we have published the serial numbers required to unblock the computer if it has been hijacked. Users can then install genuine security software to scan the computer in-depth and eliminate all traces of this fake antivirus”.

So you see, this is a serious new threat to users everywhere.  This new threat is probably being implemented by scammers as users have become more aware of the previous threats and thus make them less effective.  This is just another example of how the scammers are staying one step ahead of the providers of malware protection.  Panda Security has a real nice overview of this new threat.  You can find it HERE and get the serial numbers at Panda’s Blog Site  HERE.

Keep this in mind when web surfing and checking emails.  As always, never click on links in emails, unless you are sure they are safe, and never open any media files (movies, photos, audio) from sites that you are not 100% sure are secure.  Also make sure that the site you are searching for is, in fact, the site that you are going to.  Always check the URL to make sure you are pointed at the site that you are really looking for.

Here is an article entitled “The Business of Rogueware” written by Sean-Paul Correll and Luis Corrons from Panda Security. (download the PDF)

By doing these things, it may prevent you from being held ransom from some hacker who just wants your money.  Ransom-ware is fast becoming a serious threat to regular users and not just large organizations and corporations anymore.

What are your thoughts…..Leave a comment!!!!

Stealth Fighters

Air, Sea, and Land Superiority….This is the key to winning any modern day battle, right?  Well, we’ve got it….Stealth capabilities, Mach Speeds, Laser Guided Missiles, Heat Seeking Missiles, Drones, and a myriad of other tools that were created to give the U.S. superior capabilities in the event of a crisis.  But something new has crept into the fray here that could jeopardize our National Security and those of our allies.  What is this new weapon?  What could possibly cripple a country with the capabilities as the U.S. and other countries like Russia, Great Britain, France, and China.  Nuclear weapons, well maybe, but their is a new weapon out there that could be much more devastating, as we would all still be here.  So again, what could this possibly be?  Well I will tell you…….Technology!!!!  Now you would think that a country as technologically sophisticated as the U.S. could not possibly be effected by an attack on our technology infrastructure.  Well, the truth of it all, is that it has already happened.  Earlier this year, our electrical grid was found to have been penetrated.  Just recently, over the 4th of July, a cyber attack was completed, via a botnet, in which many websites, including the U.S. Treasury’s, Secret Service’s, the FTC’s, the White House’s, and the Stock Exchange’s websites were hit with a DOS (Denial Of Service) attack which slowed them to a crawl or completely shut them down.  The fact is, the U.S. is a top target. According to a former CIA Official, there were more than 37,000 breaches reported against governmental agencies and private systems in 2007, and stated in a recent military recruitment commercial, more than 6 million attempts per day.  Estimated costs on our economy has been found to be more than $200 billion annually. The truth is, this is a serious problem and one that needs to be addressed.  Can you imagine if our communication, electrical, and/or financial grids were brought down in an attack……How would we (the world) survive.  Ours, and other country’s economies would come crumbling down, or at least be seriously compromised.  GPS would become unusable.  Satellite communications could be halted. Cyber attacks are the way of future espionage…no more James Bond’s.  Hackers could feasibly learn more about our infrastructure via a successful attack against…..say…..the Pentagon.  Now I know, there are safeguards against this, but cyber attacks are becoming more and more sophisticated and all that needs to occur is, for us, to drop our gloves, just once.  This is something that should become top priority within our Military and Homeland Security  Departments.

This is what I think……

What are your thoughts????

Conficker is Alive (and Well)!!!!

Conficker, aka Downadup seems to have awoken and has become active.  After the hype created on April 1st, it appears that the worm has waited 1 week, as on Wednesday April 8th it reared it’s ugly head.  We all new that a piece of code that is so expertly written, albeit devious at the same time, was not just going to sit there and do nothing.  It now appears that things are starting to happen.

On April 12th, the University of Utah confirmed that their network was infected with the a variant of the worm. The worm was first detected on Thurday, April 9th and by Friday had infected more than 700 systems, including those of their 3 hospitals.  Conficker, which will slow systems down is also capable of erasing data, and stealing personal information.  University Officials confirmed though, that personal medical information at the hospitals are secure and that nothing has been compromised.  As a security precaution however, the university did shut down all internet access, to some campus locations, for up to six hours on Friday, in order to isolate the worm.

Conficker is also responsible for a new rogue scareware tactic known as Spyware Protect 2009.  This is an old money making scheme in which a pop-up will appear warning of dangerous malware on your computer.  And for the bargain price of $49.95, it will remove it.  The sinister thing is that the removal tool is the worm and by entering any credit card information onto it, the scammers will be laughing all the way to the bank……YOUR BANK!!!!  Please do not fall for these scams.  Remember, a web site cannot tell whether your computer is infected with malware.  Here is a good TIP to show you how to tell the difference from scams and legitimate warnings.

Conficker has also been seen to have direct connections to the Waledac Trojan which leads me to believe that Conficker is also sending or planning on sending a large amount of spam from it’s Zombie computer network.  The funny thing about the Waledac (aka Storm) Tojan though, is that it propagated very well in early 2009, but has sent relatively few spam messages.  Teamed with Conficker may be another issue though.  Click HERE to read an article from PC World regarding Waledac and other botnets.

Conficker, which first appeared back in November 2008 and can infect any Windows computer running 2000 or above, including XP, Vista, and Windows 7 Beta.  It uses a hole in the Windows Server application, which Microsoft discovered and patched in October 2008 with it’s MS08-067 Security Bulletin.  Sadly, many computers, for whatever reason, never were patched which would have stopped Conficker in it’s tracks. Microsoft patched the hole and updated it’s Malicious Software Removal Tool to remove Conficker from infected systems. Yet somehow, the worm still survived and spread.  Once infected with this worm, it may shut down and prevent any further Windows Updates, as well as not allowing any malicious software removal tools to run on the infected system.

What is even more threatening, is that Conficker is currently trying to spread to more systems thus creating an even larger botnet.  By connecting to sites like MySpace.com, CNN.com, MSN.com, eBay.com and AOL.com, it is searching for more computers connected to the internet that may not have received Microsoft’s critical update in October.  Also by using Conficker’s P2P (Peer To Peer) technology, it will be able to contact other infected host computers, which may not have received the new “instructions” on April 1st, and can then update them with the current variant.  This test is supposed to end on May 3rd at which time it may sit and wait for new instructions on what it should do next. At that time it will delete any trace that it had ever been there in the first place.  No files, no registries, no nothing, however it will remain on the infected computer and will just sit quietly awaiting new commands from it’s master.

The ironic thing about this worm, is that once it infects a new system, it will patch the hole in Windows by itself, in order to keep other malware from using the same opening that it used to infect the system.  Microsoft, who has done a good job at attempting to corral this worm, has offered a $250,000 bounty on anyone who can discover who is responsible for Conficker.  Many believe that the creators are located somewhere in the Ukraine.

Are you afraid that you may be infected?  Symantec, Trend Micro, F-Secure and other security firms all offer free removal tools from their websites.  However, if you are infected, the worm will most likely block any attempts at reaching these sites in order to prevent it’s removal.  If you are being blocked from reaching any of these sites as well as Microsoft’s website, then there is a genuine risk that you may be infected with Conficker.  You can visit the Conficker Working Group’s website to learn more about removal.  Their Conficker Eye Chart is a good way of telling whether you are infected. This tactic of shutting down removal options is used in many other malicious software though and is not a surety that you are infected with Conficker.  However, if you are being blocked, then even though it may or may not be Conficker, the chances are great that you do have something on your system.

Conficker does not effect Unix, Linux, or Apple’s Macintosh Operating Systems.

What Now???

It just seems like every time I turn on the computer , there is a new threat out there that we need to know about. Well, this week was no different as on February 19th Adobe announced a “Buffer Overfow Issue in Version 9.0 and Earlier of Adobe Reader and Acrobat”.  That is all well and good, but what does that mean?  It is basically a hole in Adobe Reader that would allow a back door attack from a hacker whenever a Personal Document File (.pdf) is opened.  This particular attack is serious as it could allow the hacker access to all files and processes on your computer.  They could take control of your computer.  Adobe is working feverishly with anti-virus vendors to find a patch for this flaw, but unfortunately it does not appear that any update will arrive before mid-March.

So what do I do?  If you use .pdf files, and everyone does, for the time-being I would recommend using an alternative PDF Reader.  One good one is called Foxit and can be downloaded HERE.  For now, uninstall Adobe Reader and install Foxit.  Once the repair is made, you can either stay with Foxit, or reinstall Adobe Reader.  Both softwares are free.  This is a cross platform problem so Mac and Linux users should also be cautious. OS X users can simply open .pdf’s using Preview until this is patched.

To read the Adobe announcement……Click HERE

Anti-virus Scan Scam

This may be old news to some of us, but recently I have come across numerous Windows computers that have fallen victim to this scam.  A pop-up appears on your computer, looking very official stating that your computer is infected with malware.  Now this sight will look very official, it may have the Windows insignia, it may look like Norton 360, or a myriad of other looks.  Well, this is a complete scam, it will tell you to to use their online scanner to clean your computer.  Looking very official, naturally you click on it.  Now low and behold, the scan finds numerous infections on your computer and offers to clean them for you, for the bargain basement price of around $49.95.  This is bogus, it does nothing.  First off, let me make one thing clear…. There is no website out there that can tell whether your computer is infected. So any pop-up that you get from a web site is bogus.  Do not get confused with pop-ups from the anti-virus software that you have installed locally on your computer, as those are different.  This scam is known as Antivirus 2008, and is a serious threat.  Many people are paying for this and getting nothing.  And if that is not bad enough, this scanner is malware itself, and can hold computers hostage.  This pop-up will become relentless until you pay them, it will shut down current AV’s and anti-malware software on your computer so that it cannot be detected.  It can also terminate any kind of downloads that you may attempt in order to get rid of it.

Fortunately back in October 2008, Microsoft issued a fix for this hole with it’s update to the Malicious Software Removal Tool (MSRT).  Unfortunately though, many people do not install Windows updates regularly and cannot get rid of this worm.  Now, even though many people do get their Windows updates on a regular basis, running the MSRT is a riddle in itself…….Thank-you Microsoft.  You may have the tool, but have no idea how to use it.  Well it is actually very easy.  This holds true for both XP and Vista.  Go the the Run dialog box and type “msrt” (without the quotes)……..oops, that’s not right (thanks again Microsoft).  It is not “msrt” but only “mrt”.  So click Start>Run and type “mrt” (no quotes)  in the open dialog box, then press Enter, and that will launch the tool.

Another effective way to get rid of this annoyance is a software named Malwarebytes (aptly named….don’t you think?).  It can be found HERE and is free.  Download, install, update the definitions, and scan your whole computer.   It is easy to use and understand.  It is not limited to picking up this malicious entity either, as it will help with other infestations that you may have too.  I highly recommend this software.

Hopefully you have not fallen victim to this scam, as many have, but running the above software will repair and get rid of that annoying pop-up.

Good Luck!!!!