False Malware Cleaners

Posted by on 18 January, 2008 No comments

There are some programs that claim to test your computer for malware, then it will always tell you it found something bad. After that it either asks you for money to clean it or does some other misleading action.

tempted by a poison apple Based on some security company’s research there are now 500 of these programs, including some for Mac as well as for Windows.

They look like serious programs, have interesting names, and are complete with websites. Below are some of the more recent ones:

  • AVSystemCare
  • DriveCleaner
  • MalwareAlarm
  • AntiSpywareSheild
  • MacSweeper (written for the Mac)

Avoid all of these programs (don’t download or install them).

Unfortunately this is a growing trend with new products popping up all the time. Use a trusted antivirus package such as the kind that can be purchased from shops.

Only 5% of Windows PCs are fully patched

Posted by on 15 January, 2008 No comments

A recent survey by a security company called Secunia shows that only 5% of computers are fully patched. The other 95% are running insecure software.

pie_chart It’s important to patch all of your software. This includes the operating system itself (e.g. Windows, Mac OS, Linux), your web browser (e.g. Internet Explorer, Firefox), and all your applications. And of course in an office environment patches should be carried out by IT administrators (complete with backups).

This serves as a gentle reminder to our previous post on patching. Read Secunia’s article here.

Don’t trust public computers in hotels

Posted by on 15 January, 2008 No comments

hotel If you use public computers in hotels and similar environments (e.g. internet cafes) you need to keep in mind that the computer could be capturing your passwords. You can’t just assume it’s a safe computer.

This week a man was sentenced for installing key-logging programs on hotel computers in Miami, Las Vegas, and other US cities. Customers used these computers and whenever they entered a credit card number, the number was captured and used to buy over US$400,000 worth of products and services.

Mario Alberto Simbaqueba Bonilla, a 40 year old engineer, was arrested in Miami International Airport last year and has just pleaded guilty. He installed the key-logging software onto hotel computers and watched as hotel guests used the computers.

This isn’t a once off incident. If the computer isn’t yours then you just have to assume someone can capture your passwords or credit card numbers. If you need to use these computers to log into a corporate network or some other secure service (such as online banking) then think twice. Is it really that important? If so, then change the password as soon as you get onto a different computer.

MySpace Pages Can Carry Viruses

Posted by on 14 January, 2008 No comments

There have been some pages on MySpace that cause a window to popup telling used to install a Microsoft Security Update. And instead of installing a security update it installs some malicious code.

The last one to make the news involves requests coming from a user called "Rita". This is just an arbitrary name that someone has setup, and it won’t be the last.

So if websites like MySpace or Facebook ask you to install programs on your computer you should generally ignore or deny them.

ADSL Modems in Mexico are being attacked

Posted by on 12 January, 2008 No comments

Yesterday’s article explained how DNS poisoning works. And there’s already quite a bit of it happening. In Mexico there’s an ISP that offers their customers ADSL modems with the brand 2Wire.

There’s an exploit for this particular model making it easy for their DNS settings to be changed, effectively attacking the internet of users. It’s as simple as opening an email with the malicious code.

If your modem is a 2Wire then change the password and filter your emails with a good anti-virus program.

MP3 players sold with malware

Posted by on 12 January, 2008 No comments

Victory LT-200

Some MP3 players sold in the Netherlands have been found to contain malware. The model is "Victory LT-200".

This isn’t the first time gadgets come with viruses already installed (such as Maxtor’s  external drive). There have been USB flash drives, camera memory cards, and even GPS navigators that have been sold with infected files pre-installed.

Often it happens when a computer at the factory is infected and somehow the files end up on the device during testing.

Any good anti-virus program would be able to detect the files and clean them for you.

DNS Poisoning

Posted by on 12 January, 2008 1 comment

DNS poisoning is an attack that’s becoming more widespread and it can affect most people using broadband.

Here’s a summary on what it is, how it can affect you, and what you can do about it.

Every time you use anything on the internet, including reading web pages, reading or sending emails, online chatting, etc, you use domain names (even if you don’t realise you’re using them). Domain names could be www.google.com, or www.fraudo.com, etc. They’re just addresses on the internet.

Your internet service provider (ISP) would have a machine in their network that your computer uses to look up these addresses. You won’t realise you’re using it but your computer definitely needs it (and it’s called a DNS server).

A DNS server is a phone book of web addresses.

Here’s how things work on a healthy environment (click to enlarge):

click to enlarge

You try to load up www.fraudo.com

  1. Your computer finds the DNS Server and asks it "where’s www.fraudo.com?"
  2. The DNS Server responds ("there it is –>")
  3. Your computer finds FraudO on the internet

All’s good and everyone’s happy browsing the internet. Along comes someone trying to hack your system. They make a change to your modem/router, telling it to use someone else’s DNS server.

How do they do this? The most common method today are viruses that break into routers and change settings. We’ll cover these another time.

Here’s how an environment looks when it’s been DNS poisoned (click to enlarge):

click to enlarge

Instead of using your ISP’s DNS server, it’s using a bad DNS server. The bad DNS server tells your computer how to find the evil websites instead of the real ones.

If this happens chances are you wouldn’t know how or why, it can be difficult to see what’s happening.

To prevent things like this happening here are some tips:

  • Change the password on your router. Everyone knows the default password (here’s a list of all the default passwords, find yours in the list)
  • Use a good virus scanner that scans all web pages, emails, and files
  • Keep your virus scanner up to date

Critical Microsoft Patch

Posted by on 9 January, 2008 No comments

A (new) flaw has been discovered in Windows that Microsoft regards as critical. And they’ve released a patch to fix it. If you’re computer(s) use the following then you need to install the patch now.

  • Windows Vista
  • Windows XP
  • Windows Server 2003

Electrical Tape That should cover pretty much everyone using Windows at home and at work, and both servers and PCs.

To apply the patch use Windows Update in Internet Explorer (in the Tools menu), or if your computer is set to automatically download and apply patches then it’ll be applied automatically overnight.

This one’s pretty serious so don’t delay. More information on Microsoft’s web site.

iPhone Trojan

Posted by on 9 January, 2008 No comments

There’s an iPhone download available on the internet that is actually a trojan. After you install it, and when you try removing it, it seems to cause problems on the phone.

It’s called the iPhone firmware 1.1.3 prep tool, and people are being told it’s required before they can upgrade to version 1.1.3 of the iPhone. Do not install this application, just ignore it.

Update: it seems this utility was written by an 11 year old.