Google: Your Computer Appears to Be Infected

Posted on July 19, 2011 by wjimenez275

From KrebsOnSecurity

Google last week began warning more than a million Internet users that their computers are infected with a malicious program that hijacks search results and tries to scare users into purchasing fake antivirus software.

Google security engineer Damian Menscher said he discovered the monster network of hacked machines while conducting routine maintenance at a Google data center. Menscher said when Google takes a data center off-line, search traffic directed to that center is temporarily stopped. Unexpectedly, Menscher found that a data center recently taken off-line was still receiving thousands of requests per second.

Menscher dug further and discovered the source of the traffic: more than a million Microsoft Windows machines were infected with a strain of malware designed to hijack results when users search for keywords at Google.com and other major search engines. Ironically, the traffic wasn’t search traffic at all: The malware instructed host PCs to periodically ping a specific Google Internet address to check whether the systems were online.

For the rest of the article, please click here

NOTE: Unlike the scareware and fake anti-virus programs that “popup” on your screen, this is  a banner notice at the top of your search results. Use your own anti-virus programs to scan your computer as well as programs such as SuperAntiSpyware and Malwarebytes

 

 

 

Filed under: PC Security | Leave a comment »

Ah, Cookies

Posted on April 29, 2011 by wjimenez275

Tracking cookies

The other day I noticed that I was running out of space on the hard disk of my computer. I went through and removed some programs and moved some data to an external drive to free up some space, but the next day, the space was low again.

I ran my normal cleanup software, CCleaner, SuperAntiSpyware and Malwarebytes and found that I had a huge number of tracking cookies on my computer.

If you don’t know, most every website you visit downloads a small file to your computer, called a cookie. Cookies are set to stay on your computer for a period of time and contain information about the site you’re on. Often times, they will hold your login information to the site so that the next time you visit that site, you’ll automatically be logged in, or your preferences will be recorded and remembered so that you won’t have to reset everything time and again.

Tracking cookies, on the other hand, aren’t good. Websites sometimes allow third parties, such as advertisers and marketers, to also install what’s known tracking cookies on your computer. These cookies send information back to the marketing companies where your preferences are put in a database for future use. They don’t record personal information, such as credit card numbers or passwords but general information about your surfing habits and preferences. What they hope to do is to have the advertisements that you see on a page become advertisements that relate more specifically to you so that you’ll click and buy. The danger comes when that information, which is connected to you, becomes available to others.

So, what to do? You really need the main cookies a site saves because a lot of sites won’t work well unless you accept the cookies. Third party cookies, however, aren’t needed and should be blocked.

There are settings in each of the browsers that allow you to allow the main cookies and block the third party cookies. Here are the instructions to do so for the four main browsers:

Internet Explorer –

  • Open Tools, Internet Options | Privacy, click on the Advanced button.
    • Place a check in “Override automatic cookie handling”.
      Uncheck “Always allow session cookies
    • Set “First Party Cookies” to Accept, set “Third Party Cookies” to Block.

Firefox –

  • At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP) and then click Options. On the menu bar, click on the Firefox menu and select Preferences…At the top of the Firefox window, click on the Edit menu and select PreferencesAt the top of the Firefox window, click on the Tools menu and select Options…On the menu bar, click on the Firefox menu and select Preferences…At the top of the Firefox window, click on the Edit menu and select Preferences…
  • Select the Privacy panel.
  • Set Firefox will: to Use custom settings for history.
  • Uncheck Accept third-party cookies.

Chrome –

  • Click the wrench icon on the browser toolbar.
    • Select Options (Preferences on Mac and Linux; Settings on Chrome OS).
    • Click the Under the Hood tab.
    • Click Content settings in the “Privacy” section.
    • Click the Cookies tab in the Content Settings dialog that appears:

o   Block only third-party cookies: Select the “Ignore exceptions and block third-party cookies from being set” checkbox. Even if you’ve added a site to the Exceptions list and have chosen to allow its cookies, the site’s third-party cookies won’t be accepted if this checkbox is selected.

Safari –

  • From Safari, select “Safari” in the menu bar, and then select “Preferences”
  • In the Preferences Dialog Box, select the “Security” tab
  • Make sure the “Accept cookies:” setting is set to “Only from sites you navigate to”. You can also set this option to “Never”, but this will prevent many web sites that rely on cookies from working.

Once I removed the tracking cookies from my computer, I actually recovered almost 200 GB of disk space. I then went through each of my browsers and blocked third party cookies from being installed.

Filed under: Instructional, Internet Items, PC Security | 3 Comments »

Here’s One Reason Why You Need to Password Protect Your Wireless Router

Posted on April 24, 2011 by wjimenez275

Or if you’re using your neighbor’s wireless connection, you may want to reconsider.

To sum up, an individual in New York found himself facedown in his living room in the morning with federal agents all around him. They were accusing him of being a pedophile and pornographer. They ended up seizing his computer, his wife’s computer and iPad and iPhone. He claimed innocence and after a week, was cleared. His neighbor, however, wasn’t as lucky. Seems the neighbor was leaching off the non-password protected wireless router and trafficking child pornography.

Always, always, always password protect your router, or if you’re leaching off your neighbor, and they’re involved in something illegal, it could come back on you as well. Now here’s the article –

BUFFALO, N.Y. – Lying on his family room floor with assault weapons trained on him, shouts of “pedophile!” and “pornographer!” stinging like his fresh cuts and bruises, the Buffalo homeowner didn’t need long to figure out the reason for the early morning wake-up call from a swarm of federal agents.

That new wireless router. He’d gotten fed up trying to set a password. Someone must have used his Internet connection, he thought.

“We know who you are! You downloaded thousands of images at 11:30 last night,” the man’s lawyer, Barry Covert, recounted the agents saying. They referred to a screen name, “Doldrum.”

“No, I didn’t,” he insisted. “Somebody else could have but I didn’t do anything like that.”

“You’re a creep … just admit it,” they said.

Law enforcement officials say the case is a cautionary tale. Their advice: Password-protect your wireless router.

via NY case underscores Wi-Fi privacy dangers – Yahoo! News.

Filed under: Internet Items, PC Security, PC Tips and Tools | Leave a comment »

The curse of popularity: Hackers love Apple’s iPad, iPhone, too | ZDNet

Posted on August 4, 2010 by wjimenez275

As the popularity of the iPhone and the iPad – both of which run iOS – has gone mainstream, hackers are tapping iOS. And surely, they’re counting on users – who have long known about vulnerabilities to computers – to be naive about the vulnerabilities that are possible in the mobile world.

Today, Gizmodo posted an unsourced report about a security breach in iOS products that are being pushed through PDF files and the Web pages that load through the Safari browser. Gizmodo calls the vulnerability “easily exploitable” and explains that unsuspecting users who could be giving “total control” of their iPhones, iPod Touches or iPads to hackers. The blog reports:

It just requires the user to visit a web address using Safari. The web site can automatically load a simple PDF document, which contains a font that hides a special program. When your iOS device tries to display the PDF file, that font causes something called stack overflow, a technical condition that allows the secret ninja code inside the font to gain complete control of your device. The result is that, without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions… anything can be done.

via The curse of popularity: Hackers love Apple’s iPad, iPhone, too | ZDNet.

Filed under: PC Security | 1 Comment »

Windows XP zero-day under attack; Use Microsofts “fix-it” workaround | ZDNet

Posted on June 16, 2010 by wjimenez275

Just five days after Google researcher Tavis Ormandy released details of a critical vulnerability affecting Windows XP and Windows Server 2003, malware authors have struck, exploiting the flaw to plant malware on Windows machines.The attacks, described by Microsoft as “limited,” are being distributed on rigged Web sites drive-by downloads.“Windows Server 2003 customers are not currently at risk from the Win Help issue based on the attack samples we have analyzed,” according to Microsoft’s security response center.The attacks,  are only targeting Windows XP computers with the HCP protocol enabled.

ONE-CLICK FIX-IT

In the absence of a patch, Microsoft is recommending that affected Windows customers use this one-click Fix-It tool to unregister the problematic “hcp://” protocol.

This can also be manually done by following these simple directions:

  1. Click Start, and then click Run.
  2. Type regedit, and then click OK.
  3. Expand HKEY_CLASSES_ROOT, and then highlight the HCP key.
  4. Right-click the HCP key, and then click Delete.

Impact of Workaround: Unregistering the HCP protocol will break all local, legitimate help links that use hcp://.  For example, links in Control Panel may no longer work.

via Windows XP zero-day under attack; Use Microsofts “fix-it” workaround | ZDNet.

Filed under: Instructional, PC Security | 1 Comment »

Adobe reports critical flaw in Flash, Acrobat | Security – CNET News

Posted on June 8, 2010 by wjimenez275

Adobe has issued a security advisory about a “critical” vulnerability in its Flash Player and Adobe Reader and Acrobat products that it says could let attackers take control of peoples computers. The company said late Friday that there had been reports of the hole actually being exploited and that an official patch was not yet available. Affected software includes: Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris, Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh, and Unix. The company said that the Flash Player 10.1 Release Candidate does not seem to be vulnerable and that Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Adobe didn’t say when an official fix would be released, but according to the company, computer users can mitigate the Flash issue by downloading the release candidate mentioned above. The Acrobat and Reader issue can be addressed by “deleting, renaming, or removing access to the authplay.dll file” that ships with those products, Adobe said. This will, however, cause a nonexploitable crash or error message if a user opens a PDF file that contains SWF content. The .dll file is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat, Adobe said.The complete security advisory is available here.

via Adobe reports critical flaw in Flash, Acrobat | Security – CNET News.

Filed under: Instructional, PC Security | 1 Comment »

Defective McAfee update causes worldwide meltdown of XP PCs | Ed Bott’s Microsoft Report | ZDNet.com

Posted on April 21, 2010 by wjimenez275

At 6AM today, McAfee released an update to its antivirus definitions for corporate customers that had a slight problem. And by “slight problem,” I mean the kind that renders a PC useless until tech support shows up to repair the damage manually. Here’s how the SANS Internet Storm Center describes the screw-up:McAfee’s “DAT” file version 5958 is causing widespread problems with Windows XP SP3. The affected systems will enter a reboot loop and [lose] all network access. We have individual reports of other versions of Windows being affected as well. However, only particular configurations of these versions appear affected. The bad DAT file may infect individual workstations as well as workstations connected to a domain. The use of “ePolicyOrchestrator”, which is used to update virus definitions across a network, appears to have [led] to a faster spread of the bad DAT file. The ePolicyOrchestrator is used to update “DAT” files throughout enterprises. It can not be used to undo this bad signature because affected system will lose network connectivity.The problem is a false positive which identifies a regular Windows binary, “svchost.exe”, as “W32/Wecorl.a”, a virus.McAfee now has its own KnowledgeBase page posted, with details about the problem and the fix. The symptoms are described, tersely, as “Blue screen or DCOM error, followed by shutdown messages after updating to the 5958 DAT on April 21, 2010.”

via Defective McAfee update causes worldwide meltdown of XP PCs | Ed Bott’s Microsoft Report | ZDNet.com.

Filed under: Instructional, PC Security | 1 Comment »

FIFA World Cup themed malware campaign spreads malicious PDF files | Zero Day | ZDNet.com

Posted on March 29, 2010 by wjimenez275

For all of you World Cup Soccer fans:

Researchers from Symantec are reporting on an ongoing targeted malware campaign using a FIFA World Cup 2010 theme, in an attempt to trick end users into executing a malicious PDF file, exploiting a recently patched flaw in Adobe Reader.More details on the campaign:The attackers have downloaded Greenlife’s PDF document, and changed it to include malicious code. They then attempted to email the malicious PDF to a user in a major international organization that brings together governments from all over the world. We should emphasize that downloading the PDF from the Greenlife website is perfectly safe at the time of writing this blog.The attack makes use of a recently patched vulnerability in Adobe Reader – CVE-2010-0188. The patch for this critical rated vulnerability was released by Adobe on February 16, 2010. Since then we have observed a large number of targeted attacks attempting to exploit this vulnerability. Proof-of-Concept exploit code is available in the Internet which is contributing to the large number of observed attacks. The exploit makes use of a flaw in the TIFF file parsing in Adobe Reader. In particular, a stack overflow is caused by inserting a TIFF image into the PDF with a specially crafted “DotRange” tag.

According to recent reports, malicious PDF files not only comprised 80 percent of all exploits for 2009, but also, represent the preferred infection vector for targeted attacks in general, for the first time ever surpassing the use of malicious Microsoft Office files.

Users should not just update their Adobe products, or perhaps even consider an alternative PDF reader, if truly paranoid. They should take a comprehensive approach when dealing with all the 3rd party applications and browser plugins, currently installed.

via FIFA World Cup themed malware campaign spreads malicious PDF files | Zero Day | ZDNet.com.

Filed under: Instructional, PC Security, Uncategorized | Leave a comment »

Do You Really Know Where That Link Is Taking You?

Posted on March 19, 2010 by wjimenez275

These are some scary technical times we live in. Yes, it’s very nice that everything is available with a click of the mouse button, but do you really know where that click is taking you?

Scammers are taking advantage of every hot news story out. Do a search for an issue and the results may contain poisoned links that lead to malware. The malware could be in the form of rogue antivirus software, which looks like a professional looking antivirus program and warns you of non-existent infections. The fake apps then push you to buy a license for the software to clean up the fake malware it finds. Once you’ve clicked on that link, look out. Some of the things the downloaded malware will do is steal passwords and logins by recording your keystrokes. It can install programs that will turn your computer into  bot to be used in future infections of other computers. It could be used to hold your data for ransom, where the owner of the malware charges you in order to receive the removal information. In many instances,  you’re reformatting your hard drive and reinstalling your programs.

So, how do you really know that the link you’re clicking on is safe? My preference is to install W.O.T. (Web of Trust) in your browser. When you do a search, W.O.T. will place a circle next to the link and it will be Green for safe, Yellow for caution, and Red for stay-away. The other thing you can do with W.O.T. is to right-click on a link on a website and choose View WOT Scorecard. That will take you to a page that shows you the ratings of the page before you actually visit it. The latest browsers are trying to help keep you safe as well, with built-in phishing and malware protection so it’s recommended that you update your browsers to the most recent versions. You can find the latest version of Firefox here, Internet Explorer here, and Google Chrome here.

Now and in the future, it’s really important to be careful about your browsing. Make sure the links you click on are going to be good for you.

Filed under: Instructional, PC Security, Uncategorized | 2 Comments »

You might be breaking the law with your computer: UPDATED | 10 Things | TechRepublic.com

Posted on March 17, 2010 by wjimenez275

Twice this week I’ve had people ask me that  if they connect to a neighbor’s unsecured wi-fi if it is possible that their neighbor could gain access to their files or information. I told them that since they were actually joining that neighbor’s network, than under certain circumstances, yes their information could be accessed. I was reminded of the other reason you may not want to ride your neighbor’s wi-fi in this article of 10 ways you might be breaking the law with your computer. The item pertaining to this topic follows.

State and federal laws regarding access to networks

Many states have criminal laws that prohibit accessing any computer or network without the owner’s permission. For example, in Texas, the statute is Penal Code section 33.02, Breach of Computer Security. It says, “A person commits an offense if the person knowingly accesses a computer, computer network or computer system without the effective consent of the owner.” The penalty grade ranges from misdemeanor to first degree felony (which is the same grade as murder), depending on whether the person obtains benefit, harms or defrauds someone, or alters, damages, or deletes files.

The wording of most such laws encompass connecting to a wireless network without explicit permission, even if the Wi-Fi network is unsecured. The inclusion of the culpable mental state of “knowing” as an element of the offense means that if your computer automatically connects to your neighbor’s wireless network instead of your own and you aren’t aware of it, you haven’t committed a crime. But if you decide to hop onto the nearest unencrypted Wi-Fi network to surf the Internet, knowing full well that it doesn’t belong to you and no one has given you permission, you could be prosecuted under these laws.

A Michigan man was arrested for using a café’s Wi-Fi network (which was reserved for customers) from his car in 2007. Similar arrests have been made in Florida, Illinois, Washington, and Alaska.

The federal law that covers unauthorized access is Title 18 U.S.C. Section 1030, which prohibits intentionally accessing a computer without authorization or exceeding authorized access. But it applies to “protected computers,” which are defined as those used by the U.S. government, by a financial institution, or used in or affecting interstate or foreign commerce. In addition to fines and imprisonment, penalties include forfeiture of any personal property used to commit the crime or derived from proceeds traceable to any violation. You can read the text of that section here.

In a recent case regarding unauthorized access, a high profile lawsuit was filed against a school district in Pennsylvania by students who alleged that district personnel activated their school-issued laptops in their homes and spied on them with the laptops’ webcams. The FBI is investigating to determine whether any criminal laws were broken. Because the school district owned the computers, there is controversy over whether they had the right to remotely access them without the permission of the users.

via 10 ways you might be breaking the law with your computer: UPDATED | 10 Things | TechRepublic.com.

Filed under: Instructional, Internet Items, PC Security | Leave a comment »

« Previous PageNext Page »