Video - How Hackers Infect Your PC

Ever wonder how they do it? This video from Panda Security shows one current method -- search results.

Blackhat SEO Attack Uses Wordpress to Spread Rogue Anti-Malware Software from Panda Security on Vimeo.

Please note: I have one, MAJOR, complaint about this video: it pretty much says that if you have an up-to-date anti-malware (such as an antivirus) on board, you’ll be protected from these things. WRONG! Once you click the links, ignore the the warnings, and click “Run”.. you’re hosed. Telling your machine to ‘run it’ bypasses all your protections.. even Vista’s annoying UAC.

Today’s free link: ErrorRepairTOOL Computer Infection? - Blame Your Search Engine!

Today’s free download(s): The best defense is to NOT click “Run” when you’re not sure.
But there are tools you can add to your web browser to help you detect and avoid these poisoned websites in the first place — known as “anti-phishing”. I suggest installing both:
WOT: (Web Of Trust) is a free Internet security add-on for your browser. It will help keep you safer from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky Website. It’s easy and it’s free.
Link Scanner Lite: Automatically inspect search results for exploits, hacked sites, fraud/crimeware, and other online threats. Includes right-click, on-demand scanning of any URL you choose.

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

The Internet Is Not Disneyland

Folks, the Internet is not Disneyland. Most knowledgeable people refer to it as the “wild, wild, West”, (a reference to sheer lawlessness) but I like a different analogy better.. think of it as going into the Big City, and going down to the docks/warehouse district, alone, and at night.
You can do it, but you best be careful.

What you can do to have protection:

1: please read Top 10 things you should do to your computer. It is a checklist, and provides you with the How To’s for a (more) secure computer, as well as providing links to important (free) security downloads.
2: enable an anti-phishing filter, which can help alert you to poisoned websites before you go there. All modern browsers have a filter built in, and all you have to do is turn it on. Or you can add an anti-phishing toolbar/plug-in such as Link Scanner Lite, McAfee’s Site Advisor and/or - the excellent WOT.
3: make sure ALL the programs on your computer are patched and up-to-date. The easiest and most effective way to do this (IMHO) is to download and install the PSI (Personal Software Inspector) from Secunia.
4: Never respond to e-mails asking for personal information. Legitimate businesses never contact you about “important issues” via e-mail. But criminals love to go phishing!
5: Be PARANOID on the Internet. (Use common sense) Think someone can’t trace back to you? Guess again; your browser reveals a wealth of information by default.
Sound too good to be true? It is. There’s no such thing as a “free iPod”… and, no, you did not win the Irish Lottery.
Is looking at sexually explicit material simply irresistible? Go to one of those video rental shops that has a back room instead of clicking links and images.

A malware infection can cost you all your data and/or several hundred dollars in cleanup.. and/or many hours of your time..

[note: almost all of these things referred to above are "set it, then forget it" simple. You do not have to be an über-geek, or devote hours, to implement them. An ounce of prevention really is worth a pound of cure!]

Today's free link: What’s On My PC… FREE Layers of Protection!

Today's free download: K9 Web Protection is a  free Internet filtering and control solution for the home. K9 puts YOU in control of the Internet so you can protect your kids.

* Orig post: 2/4/09

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

Two Quick "Must Reads"..

Folks, two recent articles are worthy of your special attention. Please see,

• Play “Want to Infect Your Computer With Malware?” - Follow These Easy Steps!
• What’s On My PC… FREE Layers of Protection!

Computer Security - Do You Even Care?

Folks, Internet Security blogger Bill Mullins has posted an insightful and thought-provoking article that I think deserves notice, and your attention. Here is the link, Computer Security - Do You Even Care?

Night of the Living Computer*

It’s like we woke up inside a horror movie– we are being attacked by zombies.

Yes. It’s true. Real life is imitating art (if you’re willing to call Night of the Living Dead “art”). We really are under attack by zombies– only our zombies aren’t trying to eat our flesh, they are trying to sell us bootleg Ph@rmacuticals and cheap V1@gra, fake Rolex watches, and steal our identities. [note in the photo how the zombie is reaching for the wallet?]

In real life, our zombies can’t claw at us directly and they don’t have teeth. Our zombies are computers. Our computers. And they attack via e-mail and the Internet. Like the zombies in Night, they spread the zombie disease by infection. Differently, our zombies aren’t mindless; they’re controlled by villains (aka “cyber-criminals”).

Yes. Your computer may be a zombie, and odds are you wouldn’t know.

If it isn’t a zombie (yet), it is constantly under the attack of infection via the Internet. An unprotected computer, connected to the Internet, will be infected within 8 minutes (12 seconds in a recent test).
90 to 95% of all Internet traffic traveling the wires is zombie-generated junk e-mail that’s either a fraud attempt or (and?) loaded with malware– the “attack”.

How did this happen? Well, part of it is the Tech Industry’s fault (see, How the Tech Industry is Failing You), either unintentionally, or through lack of foresight, or through willful negligence and the rush to market. Security either wasn’t considered, or it was too expensive.
Nobody predicted the nerdy hackers evolving into the organized, well-financed, Mafia-style criminal gangs of today.
And they put too-powerful, fully-capable machines into the hands of the unwashed masses– us.
The rest of it is our fault.

* We let our antivirus expire and, every day, close the warning.
* We think we’ve just won the British Lottery.
* We still run Windows 98 because we’re “comfortable with it”.
* We cannot resist ‘free’ pornography.
* We cannot be bothered with those REALLY ANNOYING little windows that pop open at the worst times and tell us that a “newer version is available.”
* When someone tries to tell us about our machines, they start using big words in a funny language and we ‘tune out’.
* We believe that everything computer-related should be free, so we download cracked (aka “pirated”) software, bootleg music and video, and we don’t care who or where it comes from.

I could go on and on and on (and on, believe me!).

Yes.. we are our own worst enemies. But, you don’t have to be a part of the problem. And you don’t have to learn a big word-filled foreign language (aka “Geek speak”) to avoid the zombie attack.

Today’s free link: I have put together a list of proactive steps every computer user should know.. a checklist. In it you will find links to free, safe, and effective methods for protecting your computer, and keeping it safe. Please look over, Top 10 Things You Should Do To Your Computer. And then do us all a favor, pass the list on to your friends who have computers.

* Orig post: 08/18/08

Today's free download: RUBotted by Trend Micro (see below)

Today's free link: RUBotted is a program that can help detect if your machine has been zombie-ified, and Bill Mullins has written a good description/review of it, here (he also posts the download link, so you can visit there and don't need to return here..) Catch the Bad Bots with Free RUBotted from Trend Micro

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

New Rogue Uses Fake PC Magazine Review

Yesterday, the good folks at BleepingComputer posted removal instructions for a rogue antivirus (please see, Internet Plague - Rogue Antivirus) that is demonstrating a new behavior...

Quote: "Anti-virus-1 is a new rogue anti-spyware program from the same family as Antivirus 2010 and Antivirus 360. This program is promoted primarily through two methods. The first is through the use of advertisements that pretend to be online anti-malware scanners. These advertisements go through what appears to be a scan of your machine and then when finished, state that your computer is infected and that you should download Anti-virus-1 to protect yourself.

Remember, though, that this is just an advertisement and it has no way of knowing what is running on your computer. The second method that is used to promote this rogue is through the use of Trojans. When certain Trojans are installed on your computer they will display security alerts stating that your computer is infected or that you have some other security risk. When you click on these alerts, it will download and install Anti-virus-1 onto your computer..."

But that is not the new part, the new behavior adds entries to your HOSTS file so that if you go to any of a number of technology sites, including pcmag.com, you are instead brought to their site and are shown the malware author's content. This content includes a doctored PCMag review of their fake anti-malware product.

For more on the story, click here.
And for removal instructions, click here.

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :