Tel: 01489 577 073 Mob: 07777 679 541

Press [CTRL] + F to search this page 

Identity Theft: Clever phone scam to wheedle out your 'security code' Please Read This!!!!

MacOS security worse than Windows

While the headlines in the IT press may be dominated by tales of security flaws found in Windows, new research by the security firm Secunia has found that Mac maker Apple had the highest number of security bugs in their software over the last year. Microsoft came in third, behind database maker Oracle. In total, Secunia found 380 vulnerabilities within the top 50 most common applications installed on a typical PC in the first six months of 2010. This is almost 90% of the total number of bugs found in the whole of 2009, suggesting that PC software is getting less secure.

Windows has long been the main target for hackers and virus writers, for the simple fact that it is much more popular and widespread than other operating systems. By focusing their attention on Windows, the hackers have a much greater chance of been able to take over a PC, due to the sheer number of Windows machines out there compared to competitor operating systems. Fortunately, there are many steps you can take to boost the security of your Windows system. In article S 38, coming up in update 6 of The Windows Advisor, we'll show you how to configure Windows for ultimate privacy. If you're not currently subscribed to the Windows Advisor update service, you can sign up here.

PCs still at risk 10 years after the notorious LoveBug virus

If you’ve been a PC user since the late 90s, you probably remember the LoveBug virus, which crippled the world’s email systems for quite some time. LoveBug was one of the fastest spreading viruses ever, and infected your system via an email that appeared to come from someone that you know.  Clicking on the email caused the virus to be installed on your system, from where it proceeded to email everyone in your address book with the same trick. The virus was so virulent that at one point it was emailing 45 million people a day.

Back in the year 2000, no one had seen a virus that emailed itself to people, claiming to be from someone that the targeted user knew. This is why many users clicked on the email and were then infected. Nowadays, most email programs integrate with anti-virus software to try to spot such attacks before they make it to your inbox. But it seems that we haven’t quite learned all the lessons of LoveBug, since even today lots of malware still operates by trying to fool users into activating it, rather than by exploiting security bugs in software. Today, these so called phishing attacks are used to fool people in to giving away their online banking details and credit card numbers, meaning that the consequences of falling for an attack are much more serious. To ensure that you are constantly on the lookout for the latest phishing attacks, take a look at Windows Advisor article I27 – ‘Internet: Secure Browsing with a Phishing Filter’. If you are not currently subscribed to the Windows Advisor, click here.

Beware the botnet threat to Windows security

Spanish police have recently announced the arrest of three suspects accused of running one of the world’s biggest botnets – that is, a network of thousands of infected PCs under the control of hackers. The botnet in question, called Mariposa, consisted of over 12.7 million infected PCs, from all over the world. Usually such botnets are used to launch distributed denial of service (DoS) attacks, in which each infected PC sends out thousands of Internet messages to a targeted web site, or network owned by a particular target company. The target will invariably crash or become unavailable due to the sheer number of messages hitting it.

It seems that this botnet had a different use though, as police recovered online banking and financial details from 800,000 individuals whose PCs had become infected, although it is not known if the details stolen were used for fraud. The botnet itself was discovered last May, and the investigations were carried out by a private company – Panda security – who infiltrated the command system of the botnet and tracked down its controllers. This illustrates a problem with many forms of online crime – much of it is too complicated for police forces alone to investigate, so specialist IT security companies are called in to help amass evidence.

PCs become part of a botnet when they are infected with malicious viruses containing the botnet software. If you suspect that your PC might be infected, follow the investigation and removal steps given in article A 6 in your Windows Advisor manual. If you are not a current Windows Advisor subscriber, you can sign up here.  

http://www.windowsadvisor1.co.uk/lp/v1108/index.html?sid=371604

Beware of rogue Microsoft Security Essentials

Microsoft Security Essentials is a free anti-virus and anti-spyware software available from Microsoft, which includes some of the features of Windows Defender, and is designed solely for use by home PC users. Now it seems, hackers are trying to ride on the back of the Microsoft brand by releasing a rogue version of Security Essentials, designed to implant malicious software on to the PC of any user who downloads it. The rogue version, called Security Essentials 2010, also installs a fake virus scanner on infected PCs, and blocks programs from running that might be used to remove it. It also blocks access to the websites of many security and anti-virus companies. The fake virus scanner will keep popping up messages telling you that you are infected, and change your desktop background to a green and black warning message.

Security Essentials 2010 makes use of one of the virus writers oldest tricks – naming their malicious software after a much more famous legitimate product, in order to try and fool users into thinking it is the genuine article. If you see a site offering Security Essentials 2010, then avoid it. The only legitimate version of Security Essentials is produced by Microsoft, and is available for free from the link below. To remove Security Essentials 2010 if you are infected, follow the steps below:

1. Download and run the RKILL.COM tool from: http://download.bleepingcomputer.com/grinler/rkill.com. This will stop all of the processes associated with Security Essentials 2010.

2. Download and run Malwarebytes Anti-Malware software from: http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe

3. Right-click on the mbam-setup.exe icon that you downloaded and choose Rename. Rename the file Explorer.exe

4. Close all open applications and double-click on the Explorer.exe icon. This will install Malwarebytes Anti-Malware on your system.

5. Download the Malwarebytes .EXE file from http://mbam.malwarebytes.org/program/random.php and save it to C:\​Program Files\​Malwarebytes' Anti-Malware\​

6. Double-click on the .EXE file you downloaded in step 5 to run the software.

7. Click on the Scanner tab, select Perform full scan, then click Scan.

8. Follow the steps of the wizard to remove any infections discovered. 

You can get the legitimate Microsoft Security Essentials here:

http://www.microsoft.com/Security_Essentials/

Beware: Google Toolbar Might be Tracking You!

The Google Toolbar is one of the most popular add-on extensions for Internet Explorer and Firefox. In case you haven’t seen it, Google Toolbar adds a Google Search box to the main browser toolbar, along with tools to quickly access Gmail email and some other Google services. You probably don’t know that the Google Toolbar can also supply tracking data on your web browsing habits back to Google – this happens if you have selected that you want to enable the enhanced features of the toolbar. Now a security researcher has discovered that the Internet Explorer version of the toolbar will still supply this tracking data even when you have disabled it in your browser.

Google have acknowledged the problem and say that they will issue an automatic update to fix it. However, if you are not comfortable automatically supplying tracking data to Google, I suggest you remove the toolbar completely, as follows:

1. Click Start > Control Panel > Add or Remove Programs.

2. Select Google Toolbar for IE.

3. Click Remove.

Urgent: Latest security threat to Internet Explorer revealed

If you are a user of Internet Explorer 6 or 7, now is the time to upgrade. Security researchers have discovered a serious vulnerability in older versions of Windows default web browser, which can allow hackers to crash your browser and inject malware into your system. Even though the flaw, in a component called HTML Viewer, has only just been discovered, it is exploited by a few malicious websites at the moment, and security experts believe that more robust attacks are currently being developed.

To avoid the problem, you really need to upgrade to Internet Explorer 8, but, in the meantime, you might be able to avoid attack by turning off Javascript as follows (although this will also cause some websites not to function properly):
1. In IE, click Tools > Internet Options.
2. Click Security > Custom Level.
3. Select Disable under Active Scripting.
4. Click OK > OK.

For complete peace of mind, upgrade to Internet Explorer 8 by following the steps in Windows Advisor Update articles I29 and I31. If you’re not currently a Windows Advisor subscriber you can sign up for a 6 week free trial here.

Beware: Phishing fraud up to two year high

Phishing, the theft of sensitive data such as online banking passwords from unsuspecting Internet users, has risen to a two year high. The attacks usually take the form of maliciously crafted websites or emails designed to fool the user in to disclosing important financial details to fraudsters, and sometimes can be very hard to spot. Security company MarkMonitor recorded 151,000 separate attacks in the second quarter of 2009, a two year high.

Our advice is to ensure that you are using the latest version of your web browser (either Internet Explorer 8 or Firefox 3.5) and that all available updates are installed for your PC. The latest web browser versions now indicate whether you are on a legitimate secure website by colouring the address bar green. We advise that you never respond to an email asking you to send your password, and if in doubt contact the company concerned by telephone.

To find out more about protecting yourself from phishing attacks, see Windows Advisor article I27 - Internet: Secure Online Browsing with a Phishing Filter. If you’re not currently subscribed to the Windows Advisor you can sign up here:

www.windowsadvisor.co.uk

Update: The latest weapon in the battle against rootkits

Rootkits are one of the most serious threats to your PC’s security. A rootkit is a piece of malicious software designed to hide itself so deep inside your PC that your regular security software can’t detect it. It is typically used to conceal key logging software, to secretly steal passwords and other sensitive data that you type on your keyboard without you noticing. Because of this most users infected with a rootkit usually have no idea that their computer’s security has been compromised.

While some search tools do exist to detect and remove rootkit infections, now security researchers from Microsoft and North Carolina University have invented a system to make your PC much less prone to rootkit infection. The system, called HookSafe, works by relocating the Operating System’s kernel to a highly secure area of memory, to protect it against infection. HookSafe managed to secure a test system against 9 real world rootkit infections with only a 6% slowdown in performance, which is likely to be much reduced when the system becomes commercially available.

The HookSafe software is still at the research stage at the moment and not available for Windows, so if you are concerned you might be infected with a rootkit read article Windows Advisor article S20. If you’re not currently a Windows Advisor subscriber you can sign up for a 6-week free trial here.

To find out more about the HookSafe system, see here:

http://discovery.csc.ncsu.edu/pubs/ccs09-HookSafe.pdf

Security Alert: W32.Ackantta.C@mm

W32.Ackantta.C@mm is a virus which infects PCs and uses them to send out SPAM email to a huge number of targets, and spreads itself through file sharing networks.

The worm will install several files on your system, so to check if you are infected open up Windows Explorer and look for the following files on your system:
• C:\Windows\javapatch[TWO RANDOM NUMBERS].exe
• C:\Windows\snd.exe
• C:\Windows\SKYNET[EIGHT RANDOM CHARACTERS].dll
• C:\Windows\SKYNET[EIGHT RANDOM CHARACTERS].dll

So if you see files in your Windows directory with filenames made up of random characters, it is a sign you could be infected. The virus also adds several new registry settings, so finding the following in your registry is also an indication that you are infected:
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Run\"Windows Audio Service" = "%System%\sndmic32.exe"
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\Run\"Windows Audio" = "%Windir%\snd.exe"
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\Policies\Explorer\Run\"Windows Audio" = "%Windir%\snd.exe"
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}\"StubPath" = "\"%Windir%\snd.exe\""

Before removing the infection, backup your registry following the steps in article R11 of your main Windows Advisor manual, or here:
http://www.windowsadvisor.co.uk/reg_backup.html

To remove:
1. Press [Windows Key] + [R], type REGEDIT and click OK.
2. Navigate to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. Delete the registry entry: Windows Audio Service = "%System%\sndmic32.exe"
4. Navigate to the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
5. Delete the registry entry: Windows Audio = "%Windir%\snd.exe"
6. Navigate to the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
7. Delete the registry entry: Windows Audio = "%Windir%\snd.exe"
8. Navigate to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}
9. Delete the registry entry: StubPath = "\"%Windir%\snd.exe\""
10. Navigate to the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

11. Delete the registry entry: %System%\sndmic32.exe= "%System%\sndmic32.exe:*:Enabled:Explorer"
12. Delete the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SKYNET[EIGHT RANDOM CHARACTERS]
13. Delete the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\FXS
14. Delete the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\solashit2
15. Delete the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\sunshit2
16. Exit the registry editor.