Google has added a new feature to its search engine – it can now detect if your PC is infected with malware. It’s a clever bit of code that just quietly watches for unusual activity.

At the moment it only detects one strain of malware, but since it’s transparent and non intrusive it’s a good thing. Also, this is only relevant to Windows.

So if you see this message, your PC is probably infected with malware. Google suggests some steps to remove it, and you should really buy and install an antivirus program to prevent further problems.

A French security company called Intego has released the first antivirus app for iPhones, called VirusBarrier. This is news because so far iPhones have not needed antivirus programs, there are currently no viruses on iPhones. Here’s a breakdown of what VirusBarrier is:

What VirusBarrier does:

• it can scan email attachments – but it’s not automatic, you need to go into VirusBarrier and tell it which email attachment to scan (and only one at a time)
• it can scan files on DropBox

What VirusBarrier does not do:

• it does not scan all files or apps on the iPhone. It can’t because of Apple’s sandbox model.
• it does not do automatic scans
• it does not do scheduled scans
• it does not scan apps

Here’s something that happens every day, a message appears in your web browser telling you a virus was found and to click OK to do a scan. To get straight to the point, this is a fake antivirus program designed to trick you into installing real malware.

If you see this on your browser, close the browser. Don’t click on any buttons. And most importantly, don’t panic. These scams are designed to scare you into making irrational decisions.

Below are screenshots of how it looks (click to enlarge the screenshots):

This type of scam happens on both Windows and Mac computers.

McAfee Stinger is a program to clean malware from PCs. It detects and removes more than 1300 types of malware – that’s pretty useful.

It’s not a replacement for a good antivirus product, but if it’s too late and your PC has been infected then this could help clean it.

Download it directly from McAfee’s web site and follow their instructions.

Here’s a combined hoax and malware. Let’s start from the beginning.

People have been posting notes on Facebook about something called “un named app”. It tells you to remove something from Facebook. It’s a hoax. Don’t believe what it says, don’t follow the instructions, and don’t pass it on.

Below are some quotes of the hoax:

ALERT >>>>> Has your facebook been running slow lately? Go to “Settings” and select “application settings”, change the dropdown box to “added to profile”. If you see one in there called “un named app” delete it… It’s an internal spybot. Pass it on

this is real.. i checked and found this app and deleted it… hopefully, my facebook will run better now.

Cannot believe how much quicker mine is running after doing this….

I don’t have this app on my Facebook account but if you do, don’t worry. It’s a normal part of Facebook and you shouldn’t delete it.

Now the second part of this hoax is a real trojan. If you go to Google and search for “facebook unnamed app” you’ll see quite a few results. Some of these results are fake antivirus programs.

A fake antivirus program is actually a trojan. It pretends to scan your PC and quietly installs malware in the background. It goes under the name of Security Tool, it has a fancy detection screen and everything. But it’s definitely bad.

The rule of thumb is that if a web page tells you that your PC might be infected, don’t trust it. Go and get your own antivirus program, not something that pops up on your screen (see here for a good free antivirus program).

There’s a lot to learn here. Basically, be careful who you trust. These days scammers have to trick you into installing malware and they’re good at it (it’s called social engineering).

Avast 5 is the latest version of a great (and free) antivirus program. It’s designed for Windows PCs and does a pretty good job. And did I mention it’s free? There’s no excuse not to have an antivirus program installed on any computer.

There’s also a paid version which extra features such as a personal firewall. I personally use and trust Trend Internet Security, but Avast would be my other choice (especially the paid version called Avast Internet Security).

The free version can be downloaded from here.

A personal firewall is a program you install on your computer. It stops unknown programs talking to the internet. Why is this important?

Just say some malware gets installed on your computer. It wasn’t picked up by your antivirus program for whatever reason (maybe you don’t even have antivirus). It starts watching you type in your passwords and tries to send details to a criminal’s server. This actually happens every day to some people.

A personal firewall would detect that an unknown program is trying to send information to the internet and bring it to your attention. It blocks the program and asks you if you want to allow it to proceed.

It’s different to a normal firewall because it runs on your PC instead of on the network. And it doesn’t just keep people from hacking into your computer, it stops malware connecting out to the internet. So overall it’s a good thing to have, it’s just a bit more defence against online fraud.

Below are some new deals I’ve come across. I haven’t tried these programs and can’t comment on how well they work – I suggest you ask around.

ZoneAlarm Pro – this program has been around for many years. The Pro version, which usually costs USD39.95, will be free for today only (13th of October 2009). Go to their web site here.

Online Armor Premium – I haven’t heard of this product before but it’s legitimate. It usually costs $39.95 but it’s free to PayPal members, until the 19th of October 2009. Click here, then on the button to buy now, then proceed to pay with PayPal, it will be discounted to $0.

Windows also has a firewall built in but in my opinion it isn’t very good and it’s difficult to configure. And most antivirus packages, the kind that cost money, include a personal firewall.

Today Microsoft launched a new anti-virus program called Microsoft Security Essentials. People who have tested it are fairly happy with it, it’s certainly better than not having any anti-virus. And best of all it’s free. It works on Window XP, Windows Vista, and Windows 7.

Free download of Microsoft Security Essentials: http://www.microsoft.com/Security_essentials/

Now I’ve always said that paid anti-virus programs are generally better. I still believe this because you get more security features such as web page scanning, a personal firewall and fraud detection. And with all the online fraud and scams that happen every day you need all the security you can get and that costs money.

But sometimes you really can’t justify paying for anti-virus, like a computer you’re only going to use for a month. So this fits in nicely. Also keep in mind that there are several other good free anti-virus programs out there.

I’d also like to point out that sometimes internet security companies can be biased. Take Symantec as an example. On the same day that Microsoft launches a free anti-virus program Symantec started a campaign telling people that free anti-virus programs are bad. I see it as a clearly biased argument to protect their business. Marketing is always biased, it’s always best to get an independent opinion (Fraudo is not sponsored by any companies, the ads on the right are dynamic and I don’t get to choose them).

There is an organisation called AV-Comparatives that tests antivirus programs and compares their performance. They’re independent from the antivirus vendors making their tests more useful. So it’s good to look through the results and see which antivirus programs are working better than others.  Below are their top 7 programs, in no specific order:

• G Data
• Symantec
• Avast
• F-Secure
• BitDefender
• eScan
• ESET

Some people make the assumption that Macs can’t get malware, that it’s somehow a Windows-only problem. Unfortunately that’s not the case, any computer can get malware such as viruses and trojans (read here for some examples). And there are some companies that already make antivirus software for Macs.

Further evidence of the need for antivirus software on Macs is given by Apple themselves. They’ve made their own antivirus software for the latest version of OS X (called Snow Leopard). This built-in antivirus software is very limited at the moment:

• It can only scan files downloaded from a small number of programs (so it doesn’t scan “everything”), and
• At the moment it can only detect 2 trojans

If you’re a Mac user you can read more here. My point is that you should do everything possible to protect your computer from malware, scams, etc. Assuming that your computer is somehow superior and invulnerable just doesn’t cut it.

This product is a scam. It’s made to look like a real antivirus or antispyware program but all it does is ask you for money. It’s not a legitimate program, it doesn’t stop spyware, viruses or do anything useful.

It’s called PC Antispyware 2010, a name that sounds a bit serious (and misleading). The screen looks pretty fancy, maybe people trust things that look nice or shiny – don’t be fooled by it.

If you see the screen above then don’t click on the download link, don’t install it. You can see a larger screenshot by clicking here. Only use antivirus products from known and trusted vendors.

There is another fake anti-virus product called Malware Doctor. It pretends to scan your PC then tries to trick you into paying them money.

When Malware Doctor first starts up it pretends to scan your PC for viruses and other malware. Then it tells you it found a few things that shouldn’t be there.

It then says that you’re using an unregistered version of Malware Doctor and that you need to pay for the full version to remove the malware.

It’s a scam, if you see Malware Doctor on your PC you need to take action to clean your PC.

How does Malware Doctor appear on your PC?

There are viruses that spend their life downloading malware (viruses, trojans, etc) and installing them on your PC. So if you have Malware Doctor on your PC it means you have more malware that keeps installing it. A big problem.

How do you get rid of it?

There’s a procedure here. If this is too technical for you then you’ll need to get your PC serviced.

Always have a good anti-virus product on your PC that prevents all this malware from installing in the first place. It’s easier to prevent malware than it is to fix.

There are many fake anti-virus products out there, they try to convince you there’s something wrong with your PC or Mac then either ask you for money to fix it or install real viruses.

This new one’s the kind that asks you for money, it’s called System Security. It begins when you download the program believing it’s a new anti-virus product. It’s designed for Windows PCs.

When you install it, it pretends to scan your PC, then informs you it found a whole lot of malware on your PC including viruses, adware and spyware. This part is meant to scare and shock you.

Then it does something truly evil, it stops you doing anything on your PC until you “activate” the anti-virus. And by activate they mean pay them money. So at this stage the only thing you can do with your PC is go to the scammer’s website (which looks nice and professional), hand over your credit card details, and they’ll supposedly make your PC work again.

If you happen to download and install this fake product and it blocks your PC from working, don’t give them your credit card details or otherwise pay for it to be unlocked. You will be able to boot your PC in Safe Mode – ask for a PC technician to help you with this if necessary. You’ll then be able to remove the fake anti-virus.

This highlights the importance of using a good anti-virus product, one that’s known and respected in the IT industry. I generally try not to recommend one product over another but below are some of the trusted anti-virus companies available today:

• Trend Micro
• Symantec / Norton
• McAfee
• F-Secure
• AVG

There are many more and the market’s always changing. Feel free to write about your preferred products in the comments below. These days you can buy them online or walk into a computer store and buy one.

AVG has been making anti-virus products for years, they’re a trusted company. They’ve now made one of their products free, and it would be useful for many of you. It’s called AVG LinkScanner.

It’s a plugin for FireFox and Internet Explorer. It checks every web page you load, and if it’s a known dangerous site it stops it from loading, protecting you before any malware gets a chance to run.

This is very useful if:

1. Your main web browser is FireFox or Internet Explorer, and
2. You use Windows, and
3. You haven’t invested in a good anti-virus package.

It’s a fact that a lot of malware (including viruses, spyware, adware, etc) installs itself when you visit a hacked page. Most of the time you won’t know it’s happening – it’s important to install something that helps protect you.

Download it for free from: http://linkscanner.avg.com/

Ad-Aware is a popular anti-spyware product made by Lavasoft. This protects Windows PCs from adware. Adware is a term for programs that installs themselves on your PC and show you ads – it’s generally a bad thing.

They’re just released version 8 which they’re calling their Anniversary Edition. They have a free edition and 2 paid editions, each with different features.

If you download the free edition remember that you’ll need an anti-virus program on your PC (one that scans web pages as well as your PC).

Main Ad-Aware web page (has all 3 editions): http://www.lavasoft.com/products/ad_aware.php

Direct download to the free version: http://www.download.com/Ad-Aware-Anniversary-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5&cdlPid=10998841

A lot of people are talking about Barack Obama, it seems to be a big news topic right now. Scammers have taken advantage of the media hype and have started publishing fake news sites.

These fake news sites are designed to get your attention and to go to their web page. Their web page then attempts to install malware on your PC.

Some of the fake headlines include:

• Barack Obama has refused to be a president
• Haven’t you heard latest news about our president-elect?
• Barack Obama abandoned sinking ship
• Obama doesn’t wany [sic] anymore to be a president

These fake sites have a professional look and feel. If you don’t have a good anti virus package installed it’s very likely your PC will become infected and you won’t know about it. The infection forms part of a botnet, meaning it’s under the control of someone else and will be used to commit online crimes.

So be cautious about these fake news articles. It’s highly unlikely that Obama has changed his mind at this stage. Use a good anti virus package that also scans web sites. And don’t use Internet Explorer, start using one of the popular alternative browsers such as FireFox, Opera, Chrome, and Safari.

Whenever something big happens in the news there are people that will always take advantage with made-up sensational headlines, designed to trick you into opening their web pages.

If you’re giving the beta version of Windows 7 a go you now have the option of installing an anti-virus package. Kaspersky has released a version of their anti-virus system that will work on Windows 7 beta.

If you’re using Windows 7 beta for anything more than testing and evaluation you should really consider installing it. Kaspersky’s website is: http://www.kaspersky.com/windows7

Anti-Malware Toolkit is a package produced by Lunarsoft. It helps you download 37 different tools you can use to protect your PC from all kinds of malware. A few of the tools it can install are quite useful, such as:

Spyware Blaster, CCleaner, RogueRemover, SUPERAntiSpyware, Malwarebytes, Spybot, Hijack This

I’d recommend this to more experienced PC users. General users are better off investing in commercial products, such as Trend Internet Security (there are a few good packages out there, Trend is just one). I say this because commercial products do most of the thinking for you and for a lot of people security is better this way.

The Anti-Malware toolkit can be downloaded from Lunarsoft’s site: http://www.lunarsoft.net/downloads

Note that it’s for Windows computers only.

ZoneAlarm has been making security products for a number of years and they have a good reputation. I don’t have the resources to review or evaluate security products so I tend not to make specific recommendations (but I do recommend that you should invest in a good antivirus package).

For one day only ZoneAlarm has made their ForceField product free to use for one year. It blocks phishing sites (this is a good thing), blocks keyloggers, and has a host of other interesting security features.

If you don’t already have a security package that does everything (and why not?) then try this one out. As I said, ZoneAlarm has a good reputation for this kind of thing and “free” is a good price. Note that they ask for your name and email address.

Link: http://download.zonealarm.com/bin/free/sum/index.html – click on the red button.

More info about ForceField here.

Update: This offer has expired. Good computer security is very important (read some of the pages on this site to find out why) and it’s definitely worth paying for good software that keeps you safe. You should be using a package that constantly scans your PC for malware (viruses, trojans, etc), scans all web pages and updates itself daily. It’s a very good investment.

Microsoft would like you to know that using Safari on a Windows PC is dangerous. And of course they’d say that, they have a competing product they’d like you to use (Internet Explorer). So what’s happening?

A few days ago Microsoft published a security advisory of a potential vulnerability in Apple Safari. Technically they’re correct, there is a vulnerability and we’ll look at it in a moment. The flaw hasn’t been exploited yet, at the moment it’s more theoretical. It’s just a little suspicious that they put this much effort into pointing out flaws in a competitor’s product and that they’ve used their security advisory system for what can be seen as a marketing manoeuvre.

So what’s the flaw?

It’s being called Carpet Bombing. Here’s how it works.

A web page is created that has hundreds of hidden download links (in the form of "iframes"). The files are silently downloaded onto the user’s desktop. This can be done without the user’s knowledge.

The vulnerability is that a user’s desktop could be covered with hundreds of icons for malicious programs, making it easy to accidentally click on one and run the malicious program.

Apple says it’s a security issue, not a vulnerability. Microsoft says users should avoid using Safari until researchers have looked further into.

So is this a sneaky marketing ploy from Microsoft? It could be, they’ve done things like this before. Or are they sincere and is Safari really as dangerous as they say?

We’ll know more in a few days, by which time Apple would most probably have a fix. I don’t consider this a high risk vulnerability, just something extra to be cautious about. A good antivirus program help here.

Microsoft’s advisory is here (it’s light on details at the moment): http://www.microsoft.com/technet/security/advisory/953818.mspx

Further info here, here and here.

Ad-Aware 2008 is now available. It’s a popular anti-spyware product for Windows that scans your computer for spyware and adware. It comes in three versions:

• Free
• US$26.95, includes features such as real time detection
• US$39.95, includes more advanced features such as network drive scanning

There’s a comparison chart here showing what’s different between the versions. If you’re new to this product and aren’t sure which version you need start with the free version.

Read more about Ad-Aware 2008 here including a download link.

Similar products available for Windows are:

• Spybot
• Windows Defender

Also note that the larger anti-virus packages such as Trend Internet Security also contain anti-spyware modules.

Yahoo! now lets you know if a web site contains malicious content. It works very similar to how Google does it. From a technical perspective Yahoo’s implementation seems better – it scans files that automatically download.

McAfee have provided the malware detection technology, called SearchScan, so it has a company with a good reputation behind it. Below is an example of how it looks when it finds something dangerous:

Yahoo! operates search engines in several countries, and it will be enabled by default for the following countries: Australia, Canada, France, Germany, Italy, New Zealand, UK, USA.

AVG has released a new version of their anti virus program. It comes in three versions:

• Free
• US$35
• US$55

8.0 was just released, the main new features are:

• link scanning
• anti spyware
• Email and instant messaging protection

The difference between the three prices are the features included. See this chart for details.

XP Antivirus is a fake antivirus program. It looks like an anti virus program and when run it tells you it found a number of threats. It then prompts you to spend money in order to remove the alleged threats. The threats it tells you about aren’t real, it’s a scam to get money from you.

The road to XP Antivirus is:

1. A malicious ad appears on legitimate web sites. The operators of the web sites hosting this ad aren’t aware of what it is.
2. A message appears offering a product called XP Antivirus. The message reads:
• Attention! If your computer is infected, you could suffer data loss, erratic PC behaviour. PC freezes and creahes.

  Detect and remove viruses before they damage your computer!
  XP antivirus will perform a quick and 100% FREE scan of your computer for Viruses, Spyware and Adware.

  Do you want to install XP antivirus to scan your computer for malware now? (Recommended)

  (Note: I bolded the typo that appears in the original ad)

3. If you say ok then a fake anti virus program is installed.
4. The program then informs you about a large number of (untrue) malware on your computer
5. You’re then asked to pay to remove them

A few days ago I mentioned a similar scam for Macs called iMunizator. These things will never let up so take care who you trust. Don’t just run or install unknown programs on your computer.

Symantec is well known for making security products (they also use the Norton brand for home products). A serious flaw has been found in some of their products including Norton AntiVirus, Norton Internet Security, Norton SystemWorks and Norton 360.

The flaw is in an ActiveX control that gets installed on the PC (the control is called SymAData.dll). This control is normally used for their AutoFix tool, however it was discovered that it can be exploited by adding some malicious code to a website. The exploit allows someone to take over the computer (generally a bad thing).

Two ways to fix this problem are:

• Engage in an online chat session with Symantec’s technical support team
• Download the patch from Symantec’s website, https://www-secure.symantec.com/techsupp/asa/install.jsp

Earlier we wrote about problems with ActiveX and suggested you disable it.

Hp flash drives were found to contain malware. These devices were sent as promotional items with new Proliant Servers.

Both 256MB and 1GB USB drives were infected with worms (W32.Fakerecy and W32.SillyFDC), and the worm can copy itself to all other mapped drives on your network.

This is particularly bad because IT technicians generally install these servers and generally have access to quite a few network drives.

HP’s software security response team admitted to the fault and has issued the following list of servers that shipped with the infected USB drive:

ProLiant BL20pG4; ProLiant BL25pG2
ProLiant BL45pG2
ProLiant BL260c
ProLiant BL460c; ProLiant BL465c; ProLiant BL465cG5; ProLiant BL480c
ProLiant BL680cG5; ProLiant BL685c; ProLiant BL685cG5
ProLiant DL120G5; ProLiant DL140G3; ProLiant DL145G3; ProLiant DL160G5;
ProLiant DL165G5; ProLiant DL180; ProLiant DL180G5; ProLiant DL185G5
ProLiant DL320G5; ProLiant DL320G5p; ProLiant DL320s; ProLiant DL360G5;
ProLiant DL365; ProLiant DL365G5; ProLiant DL380G5; ProLiant DL385G2;
ProLiant DL385G5
ProLiant DL580G4; ProLiant DL580G5; ProLiant DL585G2; ProLiant DL585G5
ProLiant ML110G4; ProLiant ML110G5; ProLiant ML115; ProLiant ML115G5;
ProLiant ML150G3; ProLiant Ml150G5
ProLiant ML310G4; ProLiant ML310G5; ProLiant ML350G5; ProLiant ML370G5
ProLiant ML570G4
IP Console Switch with virtual media
Server Console switch
Server Console Switch with virtual media
TFT7600 (USB Pass-through)
1U Rackmount Keyboard with USB

This kind of threat isn’t limited to HP customers. Any device you plug into a USB port can potentially carry malware. Therefore you should always have a good antivirus program running on your computers.

A while back we reported on similar incidents: Digital Picture Frames with malware, MP3 players sold with malware

Brave Sentry is a fake anti spyware product that’s been going around a lot lately. It’s also known by these names:

• Brave Sentry
• Spy Sheriff
• Spyware Quake
• SpyFalcon

Once it gets onto your computer it tells you it found a large number of threats. For example, it could say “BraveSentry Scan found 138 threats“. This is false, following its instructions takes you to a site asking for money to remove the spyware.

Here’s a procedure on how to remove Brave Sentry, if you happen to become infected.

And to avoid infection follow these tips:

• Install a good (and well known) anti virus/anti spyware product.
• Avoid using Internet Explorer. Use one of the current alternative browsers such as:

• Firefox
• Opera
• Safari

There’s a new virus affecting mobile phones (cell phones) that use Symbian series 60. It’s been detected in China and is called Kiazha-A Trojan.

It gets transmitted through Bluetooth or MMS messages so you can’t completely avoid receiving it but you can delete it if it arrives on your phone.

It first deletes all text messages in the phone then displays a message asking for RMB 50 yuan (US$7) to get them back.

We have a list here showing some of the more popular phones that are vulnerable. If your phone uses Symbian S60 then be aware of virus messages like this one and delete them if you receive it.

It’s also a good idea to backup your phone’s contents to a memory card every couple of months.

Windows powered phones are also susceptible to viruses, as we’ve mentioned here.

There’s a new phishing attack targeting PayPal customers. It begins with an email like the following:

Subject: PayPal Account Review Department

Dear PayPal customer,

We recently reviewed your account, and we suspect an unauthorized transaction on your account

Protecting your account is our primary concern. As a preventive measure we have temporary limited your access to sensitive information.

Paypal features. To ensure that your account is not compromised, simply hit “Resolution Center” to confirm your identity as member of Paypel.

• Login to your Paypal with your Paypal username and password.
• Confirm your identity as a card member of Paypal

Please confirm account information by clicking here Resolution Center and complete the “Steps to Remove Limitations.”

All typos and grammatical errors are from the original email.

If someone was to click on the link provided in the email they would be taken to a hacked copy of PayPal’s site and they’d be asked to provide their bank’s name, ATM PIN code, mother’s maiden name, birth date,and social security number. All very personal information that the real PayPal doesn’t need.

So avoid traps like these by never giving out sensitive information like the above, not trusting emails you didn’t ask for, and most of all use a good antivirus package that also scans web sites for attacks such as this. Also have a look at the new version of Haute we discussed recently, available for free.

There are thousands of phishing emails such as this and over time the quality of them gets better, such as the tax scams we wrote about earlier (Australian version here, US version here) and the student phishing attack last month.

Haute Secure is a security service developed by 3 former Microsoft security specialists. It’s designed to filter the web pages you browse and it blocks any websites known to contain malware.

It’s free for people to download and install on their computers. If you run a website they charge money so they can scan your website and alert you if it gets hacked and infected with malware.

Most of the good antivirus packages have had this feature for a long time, and it’s a good idea to invest in one of these.

If you really believe it’s not worth spending money to keep your computer secure and you insist on using free antivirus programs, then this will make a good addition since free antivirus programs don’t usually filter web sites.

There’s a malware program called MonaRonaDona, if you end up installing it (by being tricked into downloading something you don’t really need) it causes a bit of havoc with your computer.

It then suggests you try an antivirus program called Unigray. This is one of those fake antivirus programs that have been appearing lately. All it does is mess up your computer, and you’re asked to pay $39.90 for it.

So stay away from MonaRonaDona and Unigray. Use one of the popular antivirus packages (such as those you can buy in a computer shop).

F-Secure is a security software company that has been making good products for a long time. They have published a new tool that scans your computer for vulnerabilities and provides a report on what programs you need to update.

The application runs inside Internet Explorer and requires Window XP or Vista. Try it out here, http://support.f-secure.com/enu/home/onlineservices/fshc.shtml

Note that this doesn’t replace anti-virus software. It only checks which programs on your computer are vulnerable to attacks and need to be updated.

It’s not news that PDF files can contain viruses. As useful as PDF files are the flaw is with the reader program, called Adobe Reader (previously called Adobe Acrobat Reader).

It’s possible to embed code in PDF files and it’s been shown that this code can download malicious programs from the internet and install them on the computer. At the moment the latest malicious code comes from Netherlands, and as with all things on the internet it can move or spread quickly.

If you have one of the following programs then you’re at risk. According to Adobe’s notice it affects all platforms (Windows, Mac, etc).

• Adobe Reader 8.1.1 and earlier versions
• Adobe Acrobat Professional 8.1.1 and earlier versions
• Adobe Acrobat 3D 8.1.1 and earlier versions
• Adobe Acrobat Standard 8.1.1 and earlier versions

The vulnerability has been fixed in version 8.1.2 so update all your computers to avoid this one. Antivirus software can also protect you if you keep it up to date and use a well established product.

All these fake sites and applications are becoming a bigger problem. The latest is called removal-tool . com (warning, do not try going to this site). It appears to be a collection of spyware removal tools except that it actually tries to install quite a few different bits of malware on your computer. It’s a malicious web page in disguise.

The web site looks nice, contains a blog, a news section, and reviews. The authors went to some effort to make it look convincing. Most of the links on the site even work. It would be difficult to tell that this site will compromise your computer.

Good anti virus software these days has the option to filter all web pages and they stop most of these sites before your web browser starts loading them. It’s a good investment.

Another technique to avoid these traps is to use a less popular web browser such as Firefox or Opera, or to use a less popular operating system such as Mac OS or Linux.

At the moment the majority of malicious code is designed to target Windows and Internet Explorer. That’s not to say that other systems are immune, malware is just less common on them.

HP laptops come with some software to keep them updated and to help HP provide support. Lately there have been a couple of vulnerabilities discovered in these tools.

A support feature on HP computers is something called HP Virtual Rooms, an online collaboration suite. There’s a flaw in the ActiveX control that it uses and it’s possible to create a web page that lets someone install programs on your computer.

The file at risk is called HPVirtualRooms14.dll. If you have an HP computer you can check the properties of this file (do a search for the file), if it’s version 1.0.0.100 then it’s at risk.

The best defence is to have a good anti virus package, and to update this tool when HP get around to releasing an update.

The second HP vulnerability is with HP’s Software Update utility. This utility keeps the computer patched, which is always a good thing to do. Except that it also has a vulnerability and the computer can be compromised by visiting a web page with malicious code.

The program affected is called HP Software Update Client, version 3.0.8.4.

Again, use a good anti virus program and update the update tool when HP releases a fix.

As always whenever something becomes popular with the media dozens of malware sites appear overnight promising to have interesting articles. Instead they link to malicious code that can end up being installed on your computer.

In short, if you search for Heath Ledger and end up at a website asking you to install “A new version of ActiveX Object” close your web browser immediately.

A good anti-virus package will filter malicious web sites and help protect you.

There’s a new worm (malicious code) going around infecting mobile phones that use the Symbian system (see below for a list of phones). There are two variants called the Beselo.A and Beselo.B worms.

It gets transmitted by Bluetooth or by MMS so you can’t really avoid receiving it. It consists of two parts:

• An attachment with an interesting name, such as beauty.jpg, sex.mp3, or love.rm
• A text message asking you to “install” the attachment to view it

With MMS messages it’s not necessary to “install” anything to view a picture or to play an audio attachment. What’s really happening is there’s no picture or audio file attached, it’s a malicious program. The wording of the message is just a trick to install the worm (a technique known as social engineering). If it were really a picture you’d be able to see it without installing anything, and likewise for audio attachments.

If you receive a message asking you to install something and it promises to show you a picture or play an audio file, say no. Delete the message.

F-Secure make an antivirus package specifically for phones that use Symbian, and that would detect the file. But common sense and the explanation above should be sufficient to avoid it.

Below are some of today’s popular phones that use Symbian S60. If your phone is on this list then it’s vulnerable to this attack.

• LG – JoY
• Nokia – 3250, 5500 Sport, 5700, 6110 Navigator, 6260, 6290, 6600, 6630, 6680, 6682, E50, E51, E60, E61, E61i, E65, E70, E90, N70, N72, N73, N75, N76, N80, N81, N90, N91, N92, N93i, N93, N95, N95 8GB, N82, N81 8GB, 6120, N77
• Nokia (discontinued) – 6681, 6670, 3230, 7610, 3650, 3600, 3660, 3620, 7650, N-Gage, 6620
• Panasonic – X800, X700
• Samsung – SGH-D720, SGH-D730, SGH-i450, SGH-i520, SGH-i550, SGH-i560
• Sendo – X
• Siemens – SX1

Now you also have to be careful when you buy digital picture frames. There have been numerous reports of some of these devices being infected with a virus. When you put in a photo memory card it installs a trojan onto the card. Then later, if you put the card into your computer it can install the trojan onto the computer.

It then tries to stop any anti-virus system the computer may have and then starts stealing passwords. Pretty serious stuff.

And it seems the digital picture frames came from the factory with this already installed. No one had tampered with the devices beforehand.  This has been happening to quite a few digital gadgets such as MP3 players.

A good anti-virus system will detect this and prevent itself to be disabled, so if you haven’t already done so invest in one. And if you come across such a device have a chat to the store you bought it from, it’s possible they have no idea it’s happening.

Update (26 Jan 08): Best Buy were selling these devices with the brand name Insignia. They’ve just realised and have taken the off the shelf and are trying to contact customers who bought them.

As with every festive event Valentine’s Day brings a whole new wave of malware. Emails are already being sent around the internet carrying dangerous attachments. While the subject keeps changing, the more common attachments seen so far are:

• withlove.exe
• with_love.exe
• Greeting card.exe
• love_me.exe
• porno_03.exe
• valsday.exe

Never open attachments that end with .exe. Unless you’ve specifically asked someone to send you a file with that exact name, it’s almost certainly malware. Delete it.

There are some programs that claim to test your computer for malware, then it will always tell you it found something bad. After that it either asks you for money to clean it or does some other misleading action.

Based on some security company’s research there are now 500 of these programs, including some for Mac as well as for Windows.

They look like serious programs, have interesting names, and are complete with websites. Below are some of the more recent ones:

• AVSystemCare
• DriveCleaner
• MalwareAlarm
• AntiSpywareSheild
• MacSweeper (written for the Mac)

Avoid all of these programs (don’t download or install them).

Unfortunately this is a growing trend with new products popping up all the time. Use a trusted antivirus package such as the kind that can be purchased from shops.

Yesterday’s article explained how DNS poisoning works. And there’s already quite a bit of it happening. In Mexico there’s an ISP that offers their customers ADSL modems with the brand 2Wire.

There’s an exploit for this particular model making it easy for their DNS settings to be changed, effectively attacking the internet of users. It’s as simple as opening an email with the malicious code.

If your modem is a 2Wire then change the password and filter your emails with a good anti-virus program.

Some MP3 players sold in the Netherlands have been found to contain malware. The model is "Victory LT-200".

This isn’t the first time gadgets come with viruses already installed (such as Maxtor’s  external drive). There have been USB flash drives, camera memory cards, and even GPS navigators that have been sold with infected files pre-installed.

Often it happens when a computer at the factory is infected and somehow the files end up on the device during testing.

Any good anti-virus program would be able to detect the files and clean them for you.

Another virus/worm has been spreading on MSN Messenger (also called Windows Live Messenger). It sends you a message with some text encouraging you to download some photos, then it sends you a file called:

Photos1-2008.zip

This zip file contains the virus. Ignore any messages you get with a file with the above name.

There’s a trojan that has a tricky way of extorting money from users. It begins with a computer being infected with this particular trojan.

Then it shows an image on your screen (that won’t go away) telling you that you need to renew your security software (whether or not you have security doesn’t matter, this shows a fake screen). It gives you two options to pay for an update, both of which are part of the scam, the money goes into the pockets of the people who have spread this trojan.

Method 1: it asks you to send an SMS to a premium service, which costs you £10 (or the equivalent in your currency).

Method 2: it asks you to call a phone number, which is also a premium service and costs you the equivalent of US$35 (different prices and currencies in different countries).

Have a look at the screen-shots on this web page to recognise the fake renewal request.

The message reads (complete with spelling errors):

Browser Security and Antiadware Software component license exprited! Surfing PORN, ADULT and some other kind of sites you like without this software is dangerows and threatens with infection of your computer by harmful viruses, adware, spyware, etc… You strongly need to update your software to avoid infection and losting information from your computer. Please complete procedure of software update

If you come across this, or any other similar scam never ever pay them any money, or call the supplied phone number or SMS (otherwise you’ll be out of pocket a small amount of money).

Here’s another vulnerability to report on. If your computer has the following then you’re at risk:

• Windows 2000 or Windows XP
• Internet Explorer 6 or 7
• RealPlayer versions:

• 6.0.10
• 6.0.11
• 6.0.12
• 6.0.14
• 6.0.14.536
• 6.0.14.543
• 6.0.14.544
• 6.0.14.550
• 6.0.14.552

The vulnerability makes it possible for you to infect your computer just by opening a malicious web page (you wouldn’t know it’s happened till it’s too late). So if your version of RealPlayer is out of date and you fall into the category above then update RealPlayer to the latest version.

There’s another email being sent around that contains an attachment called MerryChristmas.pps. It’s a PowerPoint presentation showing some Christmas type message and at the same time tries to install a trojan onto the computer.

Delete it and move on.

It’s also good to keep your antivirus software updated and if you’re using Windows then make sure you’ve updated it all (Windows, Office, etc), as described in this earlier post.

Skype is a popular communication tool allowing people to have voice and video conversations over the internet. And one of its features is how it transports that communications data. Skype first encrypts your data then distributes it using a network of other skype users (using what’s called a peer to peer model).

The encryption is intended to stop random strangers eavesdropping on your conversations. And it seems to be fairly effective from what this article says – the German Federal Police Office have a problem wiretapping Skype calls.

Is this a good thing or a bad thing? Well, it’s a little of both. It gives Skype users a level of security that makes the general public comfortable enough to use it, and stops casual eavesdropping. That’s the good news.

The bad news is that VoIP traffic (phone calls over internet) can be intercepted in other ways. When it becomes too hard to break the encryption, as the German police found, an easier path is to install a trojan on the PC and intercept the voice data before it becomes encrypted. This stuff really happens.

The German federal police office is looking into developing trojans so they can install one on people’s computers they need to listen in on (article here). This is a legal form of spyware (at least in the country it’s used in). Other governments have been using this technique for years and legally it’s not much different to wiretapping a phone. What makes it scary is that antivirus companies have an understanding with law enforcement agencies and some government spyware may go undetected.

This isn’t a problem to most people. And at the end of the day it’s no different to using a house or mobile (cellular) phone.

The message in this article is that you should place the same level of trust in any VoIP phone (such as Skype) as you would with any other phone. It doesn’t offer any additional level of privacy. Law enforcement agencies have been finding ways to listen in, and fairly soon we’ll have spyware that can do the same thing only with less legal intentions.

Some programs you use are critical to the safe use of your computer, and it’s important to keep these patched.

In this article critical software is the collection of programs (both visible and those that run in the background) that transport information from a web server to your screen. It’s the chain of data flow that you use the most often when using the internet.

You have your operating system (e.g. Windows, MacOS, Linux), a web browser, and a stack of drivers that basically make the internet work for you. This is a simplified model, most people’s computers will be unique and full of all sorts of programs.

Because information is flowing along this chain of programs, data being handed off from the operating system to the web browser, every link in the chain is critical. And like the old mantra, the price of security is eternal vigilance. In this case we’re looking at the eternal task of patching your software.

Patches are released by software vendors, whether it’s a free open source program or from a commercial software company. Patches are written because the programmers are always fixing bugs, in particular they’re always fixing security vulnerabilities as they are discovered. It’s a way of strengthening each of the links in your data chain.

The point of this article is that you should always update the following:

• Patch your operating system (Windows, Mac OS, Linux, etc). Yes there’s a risk in being the first to install a patch, it might break something. Large companies have long complicated procedures to test patches before installing them. Small companies and home users need to take the risk and apply the patch blindly, trusting the vendor. It’s a choice between having the most secure computer possible or waiting to see if a patch is released by mistake. My advice is to take the secure option and make regular backups of all your data (backups would be a good topic for a future article). Most operating systems these days have automated patching systems in place making this simple and often a transparent process.
• Patch your web browser. All web browsers need to be patched – Microsoft Internet Explorer (IE), FireFox, Opera, Safari, etc. Apply patches as soon as they’re released. Today a web browser is the most vulnerable program on a computer, it gets used to run code that other people write. Code that comes from all corners of the world and is almost always not certified in any way and there’s almost no way of trusting the code. Your web browser will execute it blindly, trusting that it’s safe and you trust that all other programs on your computer (including the operating system) will handle the attacks in a graceful way. Web browsers will be attacked, this is almost a certainty these days. So you need to very latest version that hopefully has had every known vulnerability fixed.
• Patch your antivirus software. This is often automatic, and it’s often a paid service. Antivirus companies spend a lot of time and money keeping their tools up to date and it’s in your best interest to use their technology. Consider it a good investment, it could cost you thousands of dollars if your system is compromised.
• Sometimes routers will have to be patched as well. This is a little more advanced and you should only do it if you’re comfortable working with your router.
• Personal firewalls should also be patched. If your antivirus software includes a [personal] firewall then it’ll be patched automatically, otherwise it’s a separate process.

All software that uses the internet in any way, including the various video and music players, needs to be kept up to date. Web browsers and operating systems are the most critical and should be patched the most often. The time and effort you spend is the price you pay for having a safe computer.

It used to be that your computer could become infected if you went to a pornographic or warez website (warez sites are where people can illegally obtain software cracks). While this is still true, “normal” websites can also be vulnerable these days.

The Laos Airlines website was hacked and some code was added at the bottom – malicious code that isn’t visible to the average person. If you were to visit their website (whether to look up travel information or to book a flight) your web browser will also try to load a web page (being hosted in China) that then will try to install malware onto your computer.

The airline itself was a victim, and now that it’s been discovered and made public they’ll no doubt fix it. It’s certainly no reason not to travel to Laos or to use their airline. And the fact that the malicious code was hosted in China is an indicator that a lot of (black hat)hackers are setting up shop over there (until recently Russia was their country of choice to hide their malicious activities).

A couple of tips to avoid being a victim of crimes like this:

• Use alternative web browsers whenever possible. Use FireFox or Opera instead of Internet Explorer.
• Use a good antivirus program that monitors web browsing, and that constantly updates itself (these are usually not free, and it’s well worth paying their fee to keep you safe).

And keep reading as much as possible about online security. Education can only help you.

Here’s a new vulnerability in Apple’s QuickTime program, discovered just recently (and published today). A computer can become vulnerable if the following events happen:

• You have Quicktime version 7.x installed (any version beginning with 7.)
• Your computer uses Windows XP or Windows Vista
• You use FireFox for web browsing (IE 6, 7, and Safari are safe from this vulnerability for the now)
• QuickTime is your default media player
• You visit a site hosting a malicious video file that takes advantage of this exploit.

Chances are you don’t meet all of the above criteria, but since there are so many computers on the internet now there would still be a large number of people who do.

The damage from this could be anything for now. Since the exploit has been published malicious hackers all over the world are probably busy writing viruses and trojans to take advantage of it.

So when Apple releases an update be sure to install it. And if you use a good antivirus package it won’t be long until they release a new update (this is why it’s important to keep your antivirus program updated).

Details have been published here.