XSS Attacks Pushing Fake Antivirus - Friendly Computers

According to the security researchers at Zscaler (a cloud security company), malware distributors are exploiting security flaws in news.com.au, lawyer.com, appleinsider.com and many other legitimate websites to thrust fake antivirus software on unwitting computer users. - Friendly Computers

Read more below…

Zscaler states that the currently spreading attacks are worth noting, as they exploit cross-site scripting or XSS flaws to conceal malicious links inside the URLs of reputed websites. Consequently, people in the hope of viewing websites that they know as well as trust land on a page, which make them think that their PCs are infected by malware.

Mike Geide, Senior Security Researcher at Zscaler, said that the interesting fact about the attacks was that they had embedded iframes to divert people elsewhere, as reported by The Register on December 16, 2009.

It is still not known who the individual or group of individuals is responsible for the XSS attacks. However, it is not difficult to understand the motive behind these attacks, which is to exploit people's faith on a familiar website so that malware distributors can load fake anti-virus software on the maximum number of computers possible.

Moreover, these malware distributors also exploit the situation of a large time gap between the injection of malicious software into users' computers and the development of an antivirus product by AV firms to detect and block that software.

As earlier exploration of such AV software has indicated, cyber criminals, who thrust fake AV programs, make huge amounts of dollars every month.

Further, hijacking of legitimate websites for distributing fake antivirus is not anything new. Earlier this year (2009), criminals hijacked the website of NY Times for the same purpose and soon thereafter the Gizmodo site as well.

In fact, security companies describe FAKEAV as a rising hidden threat. Over the recent years, this threat has been escalating vastly. Computer security company 'PandaLabs' substantiated this with its detection of 374,000 FAKEAVs during Q2 2009. McAfee, another security company, too notified a similar trend.

Finally, it can be said that the threat of fake antivirus requires to be tackled urgently.

Source: http://www.spamfighter.com/News-13664-XSS-Attacks-Pushing-Fake-Antivirus.htm

You Don't Need to Regularly Reinstall Windows; Here's Why - Friendly Computers

One of the most persistent myths about Windows is that you need to reinstall the operating system regularly to keep it running at top performance. Let's take a look at the real problem and how to fix it. - Friendly Computers

Read more below…

Today we're talking about the myth that Windows slows down over time, and how to solve the problem. The reality is that Windows doesn't slow down if you just take care of your PC a little more. Follow these procedures, and you won't have to wonder if spending hours backing up data, installing from disc, and re-installing your essential applications is really necessary.

What Does Slow Windows Down Over Time?
I'm not going to sit here and tell you that your Windows PC will never slow down—because for many people, they almost always do. What actually slows your PC down are too many poorly written applications that stay resident in memory and waste CPU cycles, having too many badly written low-level applications that hook into Windows, or running more than one antivirus application at a time. And of course, if you've run your PC's hard drive out of space, you can hardly blame Windows for that.

If you aren't getting the picture, the problem is usually the person behind the keyboard that installed too many junk applications in the first place. More gently put, it's often that (very well-meaning) person's gradual easing of their safeguards and cleaning regimens as time goes by.

Stop Installing Junk Applications
Installing software should be thought of like feeding your PC. If you constantly feed your PC garbage apps, it's going to get sick and won't be able to run fast anymore. These poorly written applications clutter your drive with unnecessary DLL files, add always-resident Windows services when they don't need to, bloat up your registry, and add useless icons to your system tray that waste even more memory and CPU cycles. Usually you can get away with using a few terrible applications, but as you continue to install more and more of them, your PC will slow down to a crawl.

Be Smarter About What You Do Install
We feature and recommend a lot of software applications around here, but you should keep in mind that we aren't trying to tell you to install every single one of them at the same time-just install the applications that you actually need and you'll generally prevent the dreaded format and reinstall.

Here's a few tips to help you know what applications you should be careful with:

Apps that function as an Explorer plug-in, because they directly hook into the shell and any problem will make your entire PC slow or in the worst case, crash repeatedly.
Antivirus applications are notorious for slowing your PC down, and you should never, ever, ever use more than one real-time antivirus application at a time. We recommend Microsoft Security Essentials as a free, fast, and awesome antivirus tool.
Anything that says it will "Speed Up Your PC" or "Optimize Your RAM" will most likely slow it down, or best case, do nothing at all. Avoid these like the plague.
Make sure to install official system drivers from the manufacturer website. Drivers have a huge impact on performance, and you want to have stable, updated drivers.
Registry cleaners are a mixed bag, and really aren't going to speed up your PC in most cases. The biggest problem, however, is that too many of the commercial registry cleaners set themselves to run at startup in the system tray, wasting your memory and CPU cycles.
You should strongly consider the idea of using portable applications wherever possible, since their self-contained nature means they won't clutter up the rest of your PC with things you don't need.
Keep Your Computer Clean and Trim
Once you've rid yourself of your junk application habit and resolved to only use healthy, useful applications, you'll want to make sure to keep your PC clean of any remaining clutter that doesn't need to be there. You can set up a shortcut to manually run CCleaner silently with the push of a button, but your best bet is to set up CCleaner to run automatically on a schedule, so you don't have to remember to do it.

Since CCleaner is only going to clean up temporary files, you'll still need a good solution for keeping the rest of your PC clean-and Lifehacker's own Belvedere can help you automate your self-cleaning PC or automatically clean up your download folder.

With all of this automated file deletion going on, your hard drive is likely to get a bit fragmented. If you're already running Windows 7 or Vista, automatic defrag comes out of the box and probably shouldn't be messed with, but Windows XP users will need to use Windows Tasks to setup a schedule and automatically defrag their drives.

Use a Virtual Machine or Sandbox to Test Software
If you still want to test out all of the latest software, including apps that look a bit rough around the edges, your best bet is to use a virtual machine to test out anything before putting it onto your primary operating system. You can install all of your software in an XP or Windows 7 VM just like it was a real PC, and with the latest VMWare player releases, you can even enable Windows Aero in a guest VM. If you are new to the idea and need some more help, you should check out our beginner's guide to creating virtual machines in VirtualBox, or Windows 7 users can check out our guide to using XP Mode. If you don't want to go the virtual machine route, Windows XP and Vista users can alternatively use Windows SteadyState to protect their PC and roll back all of the changes on a reboot.

Source: http://lifehacker.com/5435523/you-dont-need-to-regularly-reinstall-windows-heres-why

The new look of Mobile security - Friendly Computers

BURLINGAME, USA: Our phones are becoming more like computers with every passing day. The good news is that we can take our data anywhere and work wherever we'd like. The bad news is that our phones are becoming more vulnerable to spyware, viruses and other attacks. - Friendly Computers
Read more below…

A start-up called Lookout is trying to make phones safer and views itself as the "Symantec or McAfee of the mobile space." In 2010, the company will offer software that can scan phones to determine which apps are safe and which are not. "Applying PC solutions to a mobile problem just won't work," says Lookout Chief Executive John Haring.

Yahoo! BuzzHere's how Lookout's technology works: You download the software, sign up for an account and configure the options you want to enable. The software offers anti-virus, data backup and device location. Then, when you download a new app from, say, the Android Marketplace, Lookout's software automatically scans the app and alerts you to take action if an app contains spyware or other malware.

"As marketplaces become more open, and a guy from Romania is next to Google, it becomes hard to tell what's good and what's not," says Lookout Chief Technologist Kevin Mahaffey. "We see a tremendous need for someone to pass an opinion."

Lookout's technology works on Microsoft's ( MSFT - news - people ) Windows Mobile, Google's Android, Apple's ( AAPL - news - people ) iPhone and Research In Motion's ( RIMM - news - people ) BlackBerry platforms.

Haring says Lookout will release all of the applications in 2010, and begin development for the Symbian platform, the world's most popular mobile operating system. For now the software is free to use, and Lookout plans to introduce premium features and subscription accounts later next year.

Source: http://www.ciol.com/Technology/Security/Feature/The-new-look-of-Mobile-security/231209129273/0/

Facebook Trojan: Brazen, but (Luckily) Benign - Friendly Computers

Third-party application called "Phutos" was able to mimic Facebook's native functionality. - Friendly Computers

Read more below…

This past weekend, a Trojan mimicked Facebook's native functionality and sent notifications on the user's behalf. While Facebook says that the application was harmless, its ability to break through a boundary of trust on the platform alarmed me.

The Trojan came to my attention on Saturday after I received several Facebook notifications (in the form of a red number in the bottom right of the page) telling me that friends had commented on my photos. It was the same notification that I receive on a day-to-day basis.

When I clicked on the notification, it attempted to load an application called "Phutos," which wanted access to my personal information and social network. I declined. A few minutes later, another notification appeared, but I was not taken to the application screen after I clicked on it. That seemed fishy, so I decided to review my applications.

"Phutos" was under my list of recently used applications-even though I never authorized its installation. At that point, I uninstalled the application and notified Facebook of my findings. Obviously, I also had some questions for it.

Facebook spokesperson Simon Axton stayed in steady contact with me over the weekend, and informed me on Monday that the company had disabled the application because it violated Facebook's Developer Principles and Policies. Facebook had determined that the application did not contain any malware, and has a dedicated enforcement team that investigates reports about suspicious applications, he told me.

When I asked what else Facebook does to protect its users, Axton said "We rely on reports from users for suspicious applications. Our team also conducts spot reviews of top applications and of many other applications, including looking at the data they need to run the application versus the data they gather. When we find a violation, we take action to enforce our policies."

It's great that Facebook says it's taking its users' safety seriously, but I am taken back by how easily a third-party application could mimic Facebook's default Web applications. Users can now specify what information applications may access, but everyone uses Facebook differently, so there is a bounty of information for malware to exploit.

There should be a wall between the Facebook development platform and the applications that make up the site itself.

Source: http://www.pcworld.com/article/185274/facebook_trojan_brazen_but_luckily_benign.html

Microsoft Virus Scanning Recommendations Bring Risks - Friendly Computers

We have recently received queries from customers about the official exclusion list recommendations from Microsoft. It seems that they have published a Knowledge Base entry that lists down recommendations to improve performance in Windows when running antivirus scanners. - Friendly Computers
Read more below…

This list recommends customers to exclude certain extensions and folders from antivirus scanning. Now, although it actually makes sense to stop checking Windows Update and some Group Policy-related files if you really want to speed up the system, we are concerned by the fact that this was released publicly.

This is an overview of these recommendations from Microsoft:

Certain files in the SoftwareDistribution folder.
Certain specific filename (for example: edb.chk)
A small extension list in certain specific folder (*.log)
Plus, some other similar lists for the Group Policy.

Following the recommendations does not pose a significant threat as of now, but it has a very big potential of being one. Cybercriminals may strategically drop or download a malicious file into one of the folders that are recommended to be excluded from scanning, or use a file extension that is also in the excluded list.

We find it sensible for users to aim for better system performance. However, we also think that excluding certain file types or folders from antivirus scanning is not something novice users should tinker with. Doing so may expose the system to risks that can lead to an inconvenience far more severe than a slightly slower system.

In line with this, we advise users to educate themselves fully about these recommendations before taking any actions. We recommend users not to exclude any file, unless there is a critical reason to do so, and be aware of the risks entailed by such an action.

Source: http://blog.trendmicro.com/microsoft-virus-scanning-recommendations-bring-risks/

MP3 Spam Is Back! - Friendly Computers

Old trends never die, it just resurface from time to time. - Friendly Computers
Read more below…

Case at point, spammed messages that have attached MP3 files, which was last seen two years ago, made its presence felt once again today.

Trend Micro researchers were alerted to the discovery of spammed messages that bore no subject and body content. The email message only contained a MP3 file that when executed, a voice advertising Viagra pills and other sexual enhancement pills is heard. The said “voice” also entices users to visit a certain URL, which points to the all-too familiar Canadian pharmacy sites.

In the past, Trend Micro has blogged about how cybercriminals utilized MP3 files or purport as such to proliferate their malicious activities in the following blog posts :

Storm Pump-and-Dump: The Musical
Music Unleashes the Malware Beast
Users are strongly advised not to open and execute attached files from unknowing users. Trend Micro secures users from this attack via its Smart Protection Network that blocks the said spammed messages.

Source: http://blog.trendmicro.com/mp3-spam-is-back/

AV-Test.Org Releases Real-World Malware Protection Report - Friendly Computers

Magdeburg-based research lab AV-Test.org today released the results of a lengthy real-world malware protection study. This test challenged a dozen major security suites to protect Internet-connected physical computers against up-to-the-minute threats. Each day for 60 days, researchers released 10 fresh threats on the test systems and analyzed each product's ability to detect the threat and to fully block its installation. They also checked for false alarms--valid programs reported as malware. All of the suites did a decent job, though some were significantly better than others. - Friendly Computers

Read more below…

The report notes that modern security suites include many layers of protection, including "URL filtering, web reputation services, exploit blocking, 'in-the-cloud' scanning as well as behavior-based protection mechanisms." A test that only challenges the product's on-demand scanner is not representative of real-world performance. The current test simply evaluated whether the product detected each malware sample, without regard for which security component handled the detection. Afterward, the team used in-house analysis software to determine whether the malware attack was successfully blocked.




This kind of dynamic testing is much more labor intensive than simply running a static collection of malware past an on-demand scanner. An automated static file test can process millions of samples without human intervention. By contrast, tracking the 600 malware samples and 400 clean files took all of AV-Test's resources. "Our entire lab with 14 full-time employees and up to 150 PCs and server systems were involved in this project."

Norton Internet Security 2010 scored highest at malware detection, at 98.0 percent. Even the least successful of the twelve, Trend Micro Internet Security 2010, detected 83.3 percent. Of course, detecting a threat doesn't always mean successfully preventing the attack. The top scorer for actual malware blocking was PC Tools Internet Security 2010, at 94.8 percent. CA Internet Security 2010 brought up the rear with 73.5 percent. Here are the full results:

MALWARE DETECTION RATES AND WARNING MESSAGES (FALSE ALARMS)



Tested Product Malware Detected False Alarms
Symantec Norton Internet Security 2010 98.0% almost none
Kaspersky Internet Security 2010 97.5% few
PC Tools Internet Security 2010 95.8% almost none
AVG Internet Security 9.0 92.2% few
G Data Internet Security 2010 90.0% many
Panda Internet Security 2010 90.0% almost none
Avira Premium Security Suite 9.0 87.7% many
McAfee Internet Security 2010 87.2% few
CA Internet Security 2010 86.7% few
F-Secure Internet Security 2010 85.8% almost none
BitDefender Internet Security 2010 84.3% few
Trend Micro Internet Security 2010 83.3% few




MALWARE BLOCKING RATES AND WARNING MESSAGES (FALSE ALARMS)



Tested Product Malware Blocked False Alarms
PC Tools Internet Security 2010 94.8% none
Symantec Norton Internet Security 2010 92.8% none
Kaspersky Internet Security 2010 89.8% few
Panda Internet Security 2010 88.7% none
Avira Premium Security Suite 9.0 87.2% none
McAfee Internet Security 2010 86.7% none
AVG Internet Security 9.0 84.2% few
G Data Internet Security 2010 83.0% few
Trend Micro Internet Security 2010 81.3% few
F-Secure Internet Security 2010 80.2% none
BitDefender Internet Security 2010 77.8% none
CA Internet Security 2010 73.5% none




This kind of dynamic testing is the wave of the future. It's hard to do, but it's the only way to really evaluate a product's ability to protect against malware.

Source: http://blogs.pcmag.com/securitywatch/2009/12/av-testorg_releases_real-world.php#more

Scammers exploit Google Doodle to spread malware - Friendly Computers

Online scammers are taking advantage of the public's interest in the Google Doodle to spread malware, a security firm warned on Tuesday - Friendly Computers
Read more below…

Online scammers are taking advantage of the public's interest in the Google Doodle to spread malware, a security firm warned on Tuesday.

In so-called "SEO poisoning," scammers use search engine optimization techniques to increase the distribution of malware. They create special malware-rigged Web sites or hide malware on legitimate Web sites they've compromised and then use tags associated with popular search terms to get them listed high up in search engine results.

Typically, scammers capitalize on public interest in news events or celebrities, targeting searches like "Swine Flu" or "Michael Jackson death." But in the latest twist on this technique, scammers are exploiting interest in the Google Doodle, the graphics that often take over the Google logo on holidays or to mark special events.

For instance, the doodle on Tuesday showed a flag for Esperanto, a universal language created by L.L. Zamenhof which is based on parts from a variety of languages. Clicking on the doodle, located near the search box, brings up a list of search terms for "L.L. Zamenhof."

Dave Michmerhuizen, a research scientist at Barracuda Networks, found 31 poisoned sites among the first 100 results, 27 of them in the first 50 sites alone.

On the first results page was a link leading to a compromised Web site that redirects visitors to a fake antivirus site, according to Michmerhuizen. That site displays a fake alert saying the computer might be infected and does a fake scan before prompting the user to pay for antivirus software, he said.

A Google spokesperson said the company had already removed many of the allegedly malicious sites from the index using manual and automated processes to enforce the policies.

"As you probably know, the use of popular search terms to target malware is neither a new vector nor unique to any particular search engine. We work hard to protect our users from malware, and using any Google product to serve malware is a violation of our product policies," the spokesperson said in an e-mail.

"Our Safe Browsing technology is capable of detecting malware being served from sites that have been compromised," the Google e-mail said. "In fact, as we've explained publicly, we have been seeing more infections coming from compromised sites" across the entire Web.

Source: http://news.cnet.com/8301-27080_3-10416246-245.html?tag=mncol

Rating the best anti-malware solutions - Friendly Computers

AV-Comparatives' December 2009 report has been released and there are eight winners. The other eight products didn't do so well.
Friendly Computers
Read more below…

Following its November 2009 retrospective/proactive report, AV-Comparatives has released its December 2009 Potentially Unwanted Applications (PUA) comparative. PUA refers to adware, spyware, rogue, and other fraudulent software circulating on the Internet that are not typical malware (classification in the last category is sometimes not an easy task; under some circumstances, PUAs are accepted in some countries, depending on the cultural background or the legal system, and hence the term "potentially unwanted"). AV-Comparatives typically do not include PUAs in their malware test sets, but since users may want to know how well their antivirus program detects potentially unwanted software, a separate test was created.

The first PUA test contained 750,297 individual samples (only program executables) that cover mainly adware, spyware, and rogue software gathered between January 2009 and October 2009 (sets were frozen on the October 29, 2009). Dialers, potentially dangerous tools, and other greyware were not included, as their classification is debatable. Not all security products include detection for them as this sometimes breaks company policy. Sixteen products were updated on November 6, 2009, set on the highest detection settings (except for Sophos and F-Secure, per their own request), and put to the test.

Here are the results of this particular test:

1.G DATA Antivirus 2010: 99.8 percent
2.Trustport Antivirus 2010: 99.8 percent
3.AVIRA AntiVir Premium 9.0: 98.9 percent
4.McAfee VirusScan Plus 2010: 98.9 percent
5.BitDefender Antivirus 2010: 98.6 percent
6.eScan AntiVirus 10.0: 98.6 percent
7.F-Secure Anti-Virus 2010: 98.6 percent
8.Symantec Norton Antivirus 2010: 98.6 percent
9.Kaspersky Anti-Virus 2010: 96.7 percent
10.ESET NOD32 Antivirus 4.0: 96.5 percent
11.avast! Free 5.0: 96.3 percent
12.Sophos Antivirus 9.0.1: 95.4 percent
13.Microsoft Security Essentials 1.0: 94.6 percent
14.AVG Anti-Virus 9.0: 93.9 percent
15.Norman Antivirus & Anti-Spyware 7.30: 88.5 percent
16.Kingsoft AntiVirus 9 Plus: 87.1 percent

Missed Samples in Percentage Points
AV-Comparatives The bulleted list represents the detection rates in percentage points for adware, spyware, and rogues, while the chart shows the number of missed samples in percentage points. After taking these results into consideration, AV-Comparatives rated the security companies from best to worst in three categories:

•Advanced+: TrustPort, G DATA, McAfee, AVIRA, Symantec, F-Secure, BitDefender, eScan
•Advanced: Kaspersky, ESET, Avast, Sophos, Microsoft, AVG
•Standard: Norman, Kingsoft
The results seem to suggest that the best antivirus applications that regularly rank highly in general malware tests are not necessarily as good at anti-adware, antispyware, and antirogue detection. That said, all 16 products detected at least 85 percent of the threats, which is respectable. Overall, we can say that the detection rate of PUAs is similar to the detection rate of general malware.

It's worth noting that this is the first AV-Comparatives test in which Microsoft Security Essentials (MSE), Redmond's free antimalware solution, was tested in its final 1.0 form. MSE was released in September 2009 and these tests were performed last month. Clearly Microsoft has work to do, at least in the PUA department (the beta version did quite well in older antimalware tests).

Windows 7: Inside Multitouch

 

Friendly Computers have seen touch screens before, so what makes the ones supported by Windows 7 so special? Below is the inside scoop.

Touch screen technology may seem shiny and new but any analyst will tell you that it has been around for decades: ATMs, grocery store self-check kiosks, even museum exhibits. But what makes Windows 7 so exciting is that no computer operating system ever incorporated native support for multitouch before. The new breed of multitouch laptops and desktops with touch screens don't need extra downloads or plugins-- multitouch just works.

Multitouch's Predecessors

To be fair, Windows 7 is not the first operating system to support some form of touch computing. Vista offered single-touch capabilities in tablet mode, and pen input is quite common as well. But as much as Microsoft would love to paint multitouch as a natural progression in its operating systems, its Apple that was the real democratizer of multiple-input touch screens. Introducing now familiar gestures like pinching, tapping, and flicking, the iPhone and the iPod Touch, made multitouch second nature to many users. Apple followed up its mobile devices with gesture-based touchpads on its MacBook and MacBook Pro models in late 2008. Though it was a bit tough to get used to the integrated mouse button and touchpad, the ability to use gestures based on up to four fingers opened up new possibilities.

A few Windows-based "multitouch" systems have come out as well—namely the HP TouchSmart TX2 and Dell Latitude XT line of laptops, as well as the HP TouchSmart desktop PCs. These systems used built-in hardware and software solutions to accommodate two-finger touch (though they still couldn't support three- and four-finger gestures). But it wasn't until early glimpses at Windows 7 this year that we saw Microsoft itself respond to the multitouch trend.

How Multitouch Works

A few months before those MacBooks hit the scene, Microsoft announced its plans for multitouch at the All Things Digital conference in California. Unlike any of its predecessors, Windows 7 natively supports multitouch functionality in touch screens and is built to accommodate up to 10 points of contact. On the Engineering Windows 7 blog, the developers highlight all the ways the OS was tweaked to optimize it for touch. It's everything from making keys on the on-screen keyboard glow when your finger is covering the letter to improving high dpi support to make small links and buttons easier to access with touch.

Though the software is similar across platforms, the PCs we've tested use different hardware solutions. The multitouch laptops we've seen so far, like the Lenovo ThinkPad X200 Tablet and Fujitsu LifeBook T5010 use dual-active digitizers, meaning they have one technology for the stylus and another, called capacitive, is activated for multitouch using your fingers. Non-tablets like the Lenovo ThinkPad T400s use a capacitive touch screen only, and many more will follow this implementation (Toshiba and Acer have already announced capacitive touch panels on their mainstream laptops).

In capacitive screens, a small current of electricity runs across the surface, with circuits at the corners. Touching the screen interrupts that current. Capacitive technology only works on smaller screens, so desktops like the HP TouchSmart 600-1055 PC and Gateway One ZX6810-01 employ optical solutions. Optical sensors are set up around the screen creating a grid. The screen reacts when your finger, pen, stylus, or any other implement break one of the beams; you don't actually have to physically touch the surface to get a response.

All of the PC manufacturers that have put out multitouch systems so far have included Windows 7's Touch Pack, a software suite that incorporates applications that work with the Windows 7 kernel to use a multitude of different gestures. For instance, Microsoft Surface Collage lets you access and manipulate all your photos to create different designs on the screen. You can drag and drop images with one motion, resize or rotate them with two fingers, and scroll through the images available on the bottom pane using the flicking motion. Other games and applications like BlackBoard and Microsoft Surface Lagoon act like tutorials for multitouch, creating objectives that force you to perfect various gestures in order to win the games.

What's Next for Multitouch

Although the Windows 7 Touch Pack certainly has that gee whiz factor, the real question regards implementations for multitouch in the future. Will it change the user experience? And can we harness that potential to take it beyond a neat trick for games and fun apps? Clearly the onus right now is on software makers to come up with revolutionary ways to integrate multitouch and expand its possibilities. Some PC manufacturers have included programs built around multitouch, like Gateway's TouchPortal and HP's TouchSmart interface. While HP's includes extra functionality like Hulu desktop and HP games, these still don't bring much more to the table than a new way to interact with Microsoft's existing touch-based programs.

Whether its niche markets like education, health care, and engineering finding new uses for multitouch, or multitouch making its way onto new platforms like netbooks, there's no question that this interface can change the way we look at computing. The Engineering Windows 7 blog sums its effect up well. In it, Steven Sinofsky, the president of the Windows division wrote, "One of my favorite experiences recently was watching folks at a computer retailer experience one of the currently available all-in-one touch desktops and then moving to another all-in-one and continuing to interact with the screen—except the PC was not interacting back. The notion that you can touch a screen seems to be becoming second nature."

For a closer look at some of the emerging Windows 7 multitouch systems, be sure to read our full reviews.

 

 

Source: http://www.pcmag.com/article2/0,2817,2354680,00.asp

Magic Mouse: Oh my God—it's full of capacitive sensors!

 

Friendly Computers thought you would enjoy an inside view of the new Mac Magic Mouse and Screen.

 

iFixit

You thought iFixit was going to gut the new unibody white MacBook and call it a day? Oh no—it has vivisected Apple's new Magic Mouse to see just how the "magic" happens. The gang also went ahead and disassembled the 27" iMac that came with it, too.

The first thing that iFixit discovered is that Apple really does not want you to take the Magic Mouse apart. The whole thing is held together with some really tough glue instead of screws, or clips, or anything that might make it easier to take apart and put back together. Once apart, though, iFixit verified that the entire top surface is literally covered in capacitive touch sensors—138 in all—just as Apple promised. This is what allows the multitouch gestures to be so accurate and specific over such a small surface—though it would be nice if Apple enabled pinch-to-zoom and two-finger rotate.

Though the mouse has an aluminum base, the total aluminum content weighs just 10 grams. "That's compared to 37 grams of plastic and 47 grams of batteries," according to iFixit. "Nearly half the mouse's weight comes from the two AA batteries."

The diminutive circuit and electronic components do contribute a few grams to the overall light weight of the Magic Mouse. Part of what makes the circuit so small is a Broadcom BCM2042A4KFBGH, part of the BCM2042 family of chips that integrate keyboard and mouse controller functions with an HID profile and full Bluetooth communications stack. Broadcom brags that the chip allows wireless input devices to "approach the price points of legacy-wired mice and keyboards," but this is Apple here—paying a slight premium for a "better" mouse is par for the course. Besides, what is the standard price for a wired multitouch mouse? (Answer: there isn't one!)

Of course, after discovering all the magic Apple could stuff into a $69 mouse, though, you can hardly blame iFixit for "taking apart the iMac that came with our Magic Mouse." The new 27" iMac (the lower-end Core 2 Duo version) isn't radically different that the 24" iMac model that preceded it. However, iFixit did turn up a few interesting details.

iFixit

One nice addition is that Apple has doubled the amount of RAM slots; when stuffed with 4GB SO-DIMMs, you can have a total of 16GB of RAM. The new model also eliminates the 4mm aluminum bezel around the display glass cover—it goes all the way to the top and side edges, giving it a slightly cleaner appearance. The DisplayPort connection isn't wired up to allow the display to be powered separately when using the promised external source display functionality, though—the whole machine will have to be powered on for it to work.

A couple other notable discoveries: the power supply is 310W, the largest on any iMac; the SuperDrive is 12.5mm height, so it could be swapped for a Blu-ray drive if Apple ever gets over that bag of hurt; because the new back is all aluminum, the plastic Apple logo now serves as the only way for WiFi signals to get in and out of the iMac; and cooling the new machine requires two large heat sinks and three large, low-noise fans.

Source:http://arstechnica.com/apple/news/2009/10/magic-mouse-oh-my-godits-full-of-capacitive-sensors.ars

Technology Fails: 8 Extreme Electronic Disasters

 

Friendly Computers would like to inform you about the eight extreme electronic disasters that seems to effect each and everyone of us.

 

Let's face it: Technology seems made to stop working. Screens crack, circuits short, and power supplies abruptly conk out. It's all part of the complex and confounding ecosystem of electronics.

The worst, though, is when something really is built to break--and in the most extreme way. I'm talking fiery explosions, flying components, and acid-leaking compartments, all courtesy of bugs built right into ill-fated devices.

Sound far-fetched? Hey, we've seen some crazy stuff happen over the years. Some of it is astonishing; some of it is merely annoying. But all of it is extreme--and entirely too real.

We start with some good old-fashioned spontaneous combustion.

Combustible Computers

Nothing screams "tech disaster" like a laptop on fire. Due to the intricacies of modern-day electronics, it takes only a minor manufacturing error to send your system up in flames--and not the kind generated by the jerks of online forums, either.

The most extreme example of fire-related fallout may be the massive series of recalls brought about by bad Sony batteries in 2006. Small shards of nickel made their way into the batteries' cells during production, causing numerous systems to overheat and sometimes catch fire. The recalls affected laptops sold by Dell, Hitachi, IBM, Lenovo, Toshiba, and even Apple.

By the end, a staggering 9.6 million laptop owners had been burned (figuratively speaking) by the failure, and Sony had spent nearly $430 million to replace all the defective units.

Lest you think I'm just blowing smoke up your ash, let me assure you that this danger was far from hypothetical. (Watch PC Pitstop simulate a laptop battery explosion where the temperatures soared to 1000 degrees.) A Sony-battery-powered laptop famously exploded and caught fire at the Los Angeles International Airport in 2007, and a traveler managed to catch the entire incident on tape.

Be warned: You will hear a few expletives shouted during some of the more dramatic moments. With a blast like that, I'd say they were warranted.

Fire risks have led to countless other laptop battery recalls over the years. Scientists are now working on developing a new material that could better protect the lithium ion technology and keep such short-circuiting from occurring.

Exploding iPhones

Apple's all about glitz and bang for its product launch events. Lately, however, the company has been making headlines for a different kind of spark. Reports surfaced in late July suggesting that numerous iPods and iPhones had erupted in flames and scalded their owners.

Soon after, word broke that the European Union had launched an inquiry into exploding iPods overseas. Apple reportedly claimed that some sort of improper handling led to the explosions, calling them "isolated incidents." A full investigation is currently under way.

The recent rash of complaints isn't the first time Apple's iPods and iPhones have come under fire. In March, an Ohio mother sued Apple over allegations that her 15-year-old son's iPod Touch had malfunctioned. The device, she said, exploded in the teenager's pants.

Speaking of explosions, did you hear about those new porn-star apps people are downloading?

Acid Rock

The avatar for Kurt Cobain may be making Guitar Hero headlines right now, but one year ago a far more corrosive controversy was connected to the product. Rage Wireless Guitars, a series of controllers sold for use with the game, were found to have circuit-board defects that could cause battery acid to leak outside the devices.

If you're not sure how severe of a problem that could be, just think about this: Over what area of the body do most people hold a guitar? Yeah...not the best place for a chemical burn. It actually happened to at least one person, too, according to reports filed with the manufacturer and published by the U.S. Consumer Product Safety Commission.

That's one disaster I'd suspect even the great Jimi Hendrix, famously fond of both acid and fiery guitar solos, wouldn't be willing to risk.

Red Ring of Death

If there were an award for the most extreme-sounding technology flaw, the red ring of death would win, hands-down. Microsoft's Xbox 360 became known for it due to a widespread hardware failure that reared its ugly head in 2007. Its signature sign: three red lights blinking at you, like a disco flashback gone horribly awry.

The lights were more than a mere nuisance: They were frequently an indication of a complete hardware failure that had rendered the system useless. The issue was severe enough to earn the Xbox 360 the branding of "least reliable gaming console in recent history" from at least one publication.

Microsoft ended up spending a reported $1 billion to extend warranties as a result of the red-tinted menace, citing an "unacceptable number of repairs" as the catalyst for its decision. The company also agreed to reimburse customers who had spent their own cash trying to get their consoles fixed.

Recently, a second red-ring-like error has cropped up on some Xbox 360 systems, causing users to see a fatal error with the code "E74." Though the dreaded red lights themselves don't flash, the console is again rendered useless. Microsoft announced in April that it would offer a similar extended warranty and repair reimbursement program for anyone affected by the issue.

Melting Multimedia

We all want home theater systems that make us feel like we're inside the movies--but when your DVD player actually reproduces on-screen fire inside your home, things have probably gone too far.

Wal-Mart recalled 4.2 million Durabrand DVD players this fall after discovering that the devices could overheat and set an entertainment center aflame. The company received more than a dozen reports of overheated players, at least seven of which ended with some kind of property damage to the owner's home.

Other multimedia devices recalled due to reported fires or fire risks include DVD players by Toshiba, digital cameras by Hewlett-Packard, and speaker systems by Philips Magnavox.

Retail Viruses

Would you like a virus with that purchase? In an age when keeping up with the latest security threats can feel like a full-time job, knowing that a virus could come preloaded on brand-new technology is a real kick in the pants. Unfortunately, it's also an all too common occurrence.

In some cases an entire computer system could be the culprit. Last fall Asus announced that it had accidentally shipped a line of Eee Box PCs with preloaded viruses. A malicious file on one of the systems' hard drives would not only infect local data but also copy itself to other drives and external storage devices connected to the computer.

Viruses have been found on new digital photo frames, USB flash drives, factory-sealed hard drives--and yes, even some iPods. (Those models, it probably goes without saying, were not the "funnest ever.")

Disappearing Data

You don't need a built-in virus to leave you with a manufacturer-caused data disaster--you can also experience one of the always-popular instances of crappy-hard-drive-itis.

Plenty of people came down with the disease earlier this year when Seagate revealed that its Barracuda 7200.11 hard drives had a firmware bug that was causing widespread failures. According to user reports, the drives would die while booting up, leaving no way to access any of the data inside.

Once Seagate isolated the bug, the company offered free data-recovery services to try to make up for the mess-up. Gauging from various online discussions, though, its customers' goodwill is likely one thing the company can't recover anytime soon.

Dangerous Rides

As if Segway riders didn't already look goofy enough, a couple of apparent glitches started sending them flying through the air a few years back. The two-wheeled transporter, as the late Rodney Dangerfield might say, just can't get no respect.

The trouble started in 2003, when Segway had to recall about 6000 of its devices. In that case, the company found that riders could suddenly fall off when the vehicles' batteries ran low. Then, in 2006, a second recall targeted 23,500 more Segways; that time, the devices were found to be "unexpectedly apply[ing] reverse torque" (translation: "causing people to eat pavement").

Thankfully for Segway users, those problems are in the past. Now mall cops are back to relying on their own instincts--and, of course, the fact that they ride around on silly-looking stick machines--to look like total twits.

(Photo of a burning laptop, used as promotional art for this story: Courtesy of Secumem, Wikimedia Commons)

Source: http://www.pcworld.com/article/173933/technology_fails_8_extreme_electronic_disasters.html

HP's New Touch Screen Laptop and All-In-Ones Debut

 

Friendly Computers  discovered the NEW touch screen HP Laptop. We thought you might be interested in today’s technology is now rising up to.

 

HP is taking touch to the people, with new touch screen laptop and desktop models, all featuring Windows 7 and some shipping on Oct. 22, when the new operating system is formally introduced.

The new multi-touch models include a number of applications that take advantage of the interface, including Hulu, Netflix, Pandora, Recipe Box, a webcam "photo booth" application, and the HP Music Store.

• HP TouchSmart tx2 -- A laptop, starting at $799, with a 12.1-inch screen that rotates 180-degrees for use as a tablet. Besides touch commands, users can write or draw on the screen with an electronic pen. Available Oct. 22.
• HP TouchSmart 300 and 600 -- Are the third-generation of HP's touch-enabled desktops. The 300 has a 20-inch screen and the 600 (shown) has a 23-inch display. The 300 starts at $899 and will begin deliveries on Nov. 1, with the 600 due Oct. 22 and priced starting at $1,049. Read our review of the HP TouchSmart 600.
• HP TouchSmart 9100 -- An all-in-one desktop, starting at $1,299, which includes a 23-inch touch screen. It can be used as standard touch screen PC or tasked as a map or events kiosk in an office, hotel, or other location. Deliveries begin in December.
• HP LD42200tm -- A digital signage device with a 42-inch touch screen. Available in December for $2,799.

Besides touch screens, HP also introduced several business desktop and laptop computers as well as new value-oriented Compaq-branded desktops and a laptop.

The Compaq Presario CQ61z (where do they get these model numbers?) costs only $399 and features a 15.6-inch screen, after $100 instant rebate. The Compaq 500B business desktop sells for $359, while the new Compaq Presario 4010f desktop sells for $309.

My take: The laptop looks very interesting and I will consider purchasing one during my next upgrade cycle. I am not wild about reaching out to touch a desktop, although HP is pushing these models for entertainment and kitchen use, where touch makes some sense.

In the kitchen, the touch screen is meant to be used with recipes and other applications that can work entirely by touch when keyboard use isn't appropriate. Verbal directions are also provided.

The new Compaq's are a welcome addition to lowest-priced laptops and desktops. The laptop competes with netbooks on price and will win some of those battles.

Source: http://www.pcworld.com/businesscenter/article/173551/hps_new_touch_screen_laptop_and_allinones_debut.html

Email Isn’t Dead- But It Is Broken

Friendly Computers found this article to be quite interesting. With all the websites like Twitter, Facebook and many others, this guy seems to think that are email days are over.

 

PCMag.com's managing editor for software, Sean Carroll, just got back from that rare place few of us can imagine these days: a two-week vacation. We got by without him, his reviews posted, and he only lost one staffer (his senior editor, Matt Murray, just took the reins at ExtremeTech.com). He returned refreshed and reenergized, only to discover an inbox box of 2,200 messages! E-mail, that revolutionary advance in human productivity, is sucking our time. E-mail is, to be blunt, broken. And it is going to take some new technologies, and some changes in human behavior, to save it.

Just this week, The Wall Street Journal, hardly a hot bed of techno-radicalism, ran a story suggesting that e-mail's days are numbered. With the advent of Twitter, Facebook, and Tumblr, sending a plain old e-mail seems not just dated, but ineffective. If you sent Sean Carroll an e-mail over the last two weeks, you know what I am talking about. It was once poor etiquette not to return an e-mail. Now most of us can honestly say we missed it. Personally, I get 300-400 e-mails a day, (I send about 30)—can you blame me if I missed one, especially if it is from an address I have never seen before?

Now, I should probably admit that I have mixed feelings about e-mail. One of my earliest stories at PCMag was 50 Reasons Not to Send that E-mail. I came up with a lot more than just 50. My biggest problem with e-mail, however, is that people just send too much of the stuff. It's sometimes a result of misdirected manners: I can't resist typing "thanks" and hitting Send. But most of the e-mail I receive is just useless—press releases, random story pitches, line edits on a story, press releases, obscure-newsletters-I-never-signed up-for, press releases, office joke threads. (Okay, I have chimed in on some of those, too.) Honestly, keeping a heavy finger on the Delete key can resolve a lot of these annoyances and keep your inbox free.

Let's not forget that, at its core, e-mail is a form of mail. Mail used to take three to four business days, now it takes three to four seconds. Too many people measure their importance based on how many e-mails they read, and their self-worth on how many e-mails they send. We have hit the tipping point: we can no longer read all the e-mail we create. Technology can help. And it will.—Next: The Wall Street Journal Is Right >

The Wall Street Journal is right (...gulp, did I just type that?). We are creating a new communication vocabulary, an evolving new media vernacular. Instant messaging is used for real-time cube-to-cube messages. If it is just office gossip, and I'm busy, I can ignore it. Texting is a great way to communicate point-to-point, and I can respond instantly or hours later. Best of all, you have to know my number to reach me, and I don't spread it around. Social networks like Twitter and Facebook are great for broadcast communications, and, when I have time, more direct conversations. It is impossible to call all of my old friends every week, but a few minutes here and there on Facebook, and we can keep in touch. I think there is a phone in my office as well, but I am pretty sure it just makes outbound calls.

I am currently testing a host of software tools designed to help you manage your e-mail. Xobni works with Outlook to provide context to all of your e-mail communications. When someone sends me an e-mail, Xobni shows me their most recent e-mails, social network profiles, any attachments they have sent me, and most importantly, their photo, pulled from LinkedIn. Just seeing the face of the individuals I am e-mailing is a wonder. I am also looking a Gwabbit, a small app that sucks up the signature information at the bottom of e-mails and drops it into a Contact file. I am still testing, but so far it's amazing.

Then there is Google Wave, Google's attempt to combine e-mail, IM, search, collaboration software, photo management, and about a dozen other applications. Despite seeing and participating in lots of demos, Google Wave is a technology that you have to use to understand. It is like trying to explain Facebook to someone who has never logged on. We are just starting to use Wave at the office, so I will report back when I understand it better.

Given my job, I am a huge fan of technological solutions, but fixing e-mail is going to require some serious behavioral modification. We need to rethink how we use e-mail. It isn't a real-time communication tool, and shouldn't be used as one. It may seem like we can send and receive an infinite supply of e-mail, but we can't. Sending a lot of e-mail doesn't make you more productive—in fact, it makes everyone else less productive. Choose your e-mails carefully, for you own productivity and sanity. And for mine, too.

Source: http://www.pcmag.com/article2/0,2817,2354216,00.asp

Kaspersky Lab announces publication of The Cash Factory

Friendly Computers wants to inform about the malicious bots that download programs from the Internet, including a Trojan designed to steal passwords to FTP clients used to manage website content and these passwords can then be used by cyber criminals to modify websites and place malicious tags on their pages.

Kaspersky Lab, a leading producer of secure content management systems, announces the publication of its latest article, The Cash Factory. The article looks at the methods used by cyber criminals to create and run botnets in order to generate large profits.

The article is authored by Sergei Golovanov, Senior Malware Analyst, Igor Sumenkov, Head of Kaspersky Lab's Content Filtering Infrastructure Development Group, and Maria Garnayeva, Malware Analyst.

The Cash Factory unveils the cyclical process used to create botnets from computers infected by the bot Backdoor.Win32.Bredolab. First, cyber criminals hack a site's content management system and modify its pages with tags that redirect to websites containing malicious exploits. These exploits pave the way for infection and penetration by other bots, which then join to form a botnet and obey commands issued from a remote command and control center.

The bots download malicious programs from the Internet, including a Trojan designed to steal passwords to FTP clients used to manage website content. These passwords can then be used by cyber criminals to modify websites and place malicious tags on their pages.

The process is essentially a vicious circle that can be repeated and extended, and is used by cyber criminals to ensure the smooth running of their "cash factory."

The full version of The Cash Factory is available on viruslist.com. The executive summary is available here.

The material can be reproduced provided the author; company name and original source are cited. Reproduction of this material in re-written form requires the express consent of the Kaspersky Lab PR department.

Avoid being a victim of an e-mail phishing scam

Phishing scams are attempts by cybercriminals to steal your information, usually by directing you to a website that looks like your banking or email website and asks for your log-in information. Friendly Computers found some useful tips for keeping your information away from phishers.  Read more below…

A recent phishing scam resulting in usernames and passwords of Microsoft's Hotmail, Google's Gmail, and possibly accounts of AOL and Yahoo users being posted online is cause for concern for anyone who uses any of those services. Rather than panic, though, there are simple ways to avoid becoming a victim or being further victimized, if your account has already been compromised.

Microsoft and Google said the compromised information likely came as a result of a phishing scam, through which millions of people are sent e-mail (often warnings about a fake security breach), asking them to click on a link to take them to a Web site so that they can enter their correct information.

When phishing attacks first became prevalent, the fake sites were often crude imitations of the real things, but these days, they can look exactly like the legitimate site, typically of a bank, a payment service such as eBay's PayPal, or another financial company. When the user logs in with a username and password, or provides credit card numbers and other confidential data, that information is captured by the e-mail senders, who can use it to impersonate the victims.

In addition to someone being able to read your messages, a risk of having your e-mail account compromised is that many sites will send a lost password to an e-mail address, so if criminals can access your e-mail, they might be able to use it to get passwords from other sites, including financial accounts.

BBC News is reporting that it has seen lists containing more than 30,000 names and passwords, some of which "appear to be old, unused or fake," but "many--including Gmail and Hotmail addresses--are genuine." To put this into context, Gmail and Hotmail sites had more than 84 million unique visitors in July. Yahoo Mail had more than 156 million unique visitors, according to ComScore.

Here's some advice that can help you avoid becoming a phishing victim.

Change passwords regularly
Even if this particular breach hadn't occurred, many experts recommend that you change your password about every three months. This is as good a time as any to do just that. It's also a good idea to avoid using the same password on multiple sites, but if you're one of the many people who have done that, be sure to change your password elsewhere. Gmail asks users to provide them with an alternate e-mail address, so be sure to change the password for that account as well.

As I pointed out in this post about password security, consider using a password manager like LastPass (free) or RoboForm that can generate and manage strong passwords.

Click cautiously
If you get an e-mail that appears to be from legitimate site with a request that you click on a link to visit the site for any reason, including updating your security information, think before you click. It might be taking you to a rogue site that captures that information for possible identity theft or other crime. It's safer to just type in the URL yourself. Be extremely wary of any requests to provide Social Security numbers or credit card information, unless you're absolutely sure that you're dealing with a legitimate site. When visiting a site, make sure that the URL is that of the organization.

Look for secure sites
If you're asked to provide sensitive information such as a credit card number, be sure that the URL begins with "https" (the "s" stands for "security") and that there is a padlock icon, typically in the lower-right corner of the browser.

Use a phishing filter and good antimalware software
The most recent versions of most browsers, including Microsoft's Internet Explorer and Mozilla's Firefox, help filter phishing sites, as do security suites from McAfee, Symantec, TrendMicro, and other companies. Security software also helps protect you against malicious software that can log your keystrokes, or otherwise jeopardize your privacy and security. Make sure that your security software and your operating system are up-to-date.

Think critically
If something seems too good to be true, it's almost invariably too good to be true. Think about what you're about to do on any site you visit, especially if it's a site you don't already trust. Never use the same password on an unknown site that you use for e-mail, banking, or other sites where security is essential.

The U.S. Department of Homeland Security's National Cyber Alert System has additional tips to help you avoid phishing and other social engineering attacks, and ConnectSafely.org has tips to create an manage strong passwords.

Source: http://news.cnet.com/8301-19518_3-10368801-238.html

BEBLOH steals your money and hides it from you

Friendly Computers gained information about a frightening new malware that can steal money from your bank account, and will re-write online banking pages to disguise these transactions. Read more below…

Trend Micro analysts have come across a new variant of the BEBLOH family of information stealers that goes well beyond the traditional tactic of logging keystrokes and sending it to another server for exploitation. Instead, this particular variant steals user information, uses it right away, and cleverly disguises it from users.

This particular variant, detected as TSPY_BEBLOH.AE, immediately connects to a command and control (C&C) server when it is executed. It downloads an encrypted configuration file from the said server, as seen below:

Figure 1. Captured traffic between affected system/C&C server

The configuration file contains key information, most importantly the name of the bank being targeted. If the user logs into the secure banking website of the target bank, their user name and PIN are both captured by the malware.

Instead of sending the account information to cybercriminals via e-mail or a website, however, it uses this to steal money from the account. If prompted by the central C&C server (which it contacts periodically), it transfers money from the user’s bank account to an account specified in the configuration file (The amount is also based on several parameters included in the said file; the values of these parameters are chosen to minimize the possibility of detection). Very good technical details can be read here.

Lastly, it also disguises its malicious transactions from the user. When the user attempts to view static pages that contain information such as remaining account balance(s), balance sheets, and previous transactions, the malware rewrites these pages on the fly, disguising any previous thefts from the user. Victims would not know they had been robbed unless they attempted to access the online banking site from an uninfected machine, or used separate facilities such as ATMs.

Source: http://blog.trendmicro.com/cooked-balance-sheets-bebloh-style/

Tweeting Misleading Applications

Link shortening is popular among users of Twitter and other social networking websites, but Friendly Computers warns you to be careful of what you click on. Since the links are indistinct, it is difficult to tell what you are clicking on until you have already clicked it. The shortened links often lead to pages containing malware or phishing scams. Read more below…

A lot can be said with 140 characters. It’s just enough to convey a point, but constricting enough to make things concise. No wonder microblogging sites such as Twitter have become so popular.

Unfortunately one of the limitations here is sharing Web pages with long URLs. In order to address this issue, URL-shortening utilities have grown in popularity on the site. Using such tools allows you to include a link well within the 140-character limit, which will redirect anyone who clicks it to the longer URL and thus the site you wanted to share.

There’s one downside here, from a security point of view—you’ll often have no idea where the link leads until you click it. Clicking any link like this is entirely a security leap of faith. Unfortunately malware authors have caught on to this and are currently distributing misleading applications using these shortened URLs. Using enticing tweets and commonly used twitter search terms, their goal is to get other users to click on their links, leading to malicious code.

Now, neither Twitter nor the URL shorting services are at fault here. This is simply another case where malicious attackers are using a neutral technology as a means to their deceptive ends. Both Twitter and the URL-shortening services are convenient technologies that we don’t see going away any time soon.

So how do you protect yourself? The good news is that both Firefox and Internet Explorer offer browser plug-ins that will check a shortened URL for you and show you the final URL before you even click on it. While this won’t tell you for sure if the link is malicious, it will at least allow you to look more carefully before clicking.

While the misleading applications currently being served up in this manner all seem look very similar today, we’re likely to see more variety in the future. If you’re running Symantec antivirus software, there’s no need to worry. The current IPS signatures will detect and block these risks from being downloaded onto your computer.

Source: http://www.symantec.com/connect/blogs/tweeting-misleading-applications

Bogus Sponsored Link Leads to FAKEAV

Watch out for fake sponsored links in search engines – Friendly Computers learned that they may lead to the dreaded FakeAV trojan. Read more below…

Apart from SEO poisoning, cybercriminals have found another avenue to proliferate FAKEAV malware—bogus sponsored links (sitio patrocinados in Spanish). Just recently, Trend Micro researchers were alerted to malicious search engine ads that appeared in Microsoft’s Bing and AltaVista, among others, when a user searches the string “malwarebytes.” (Malwarebytes is a free antivirus product, but of course, not a FakeAV.) Clicking the malicious URL points the user to an executable file named MalwareRemovalBot.exe-1 (detected by Trend Micro as TROJ_FAKEAV.DMZ).

Upon execution, the rogue antivirus displays false information that the system is infected with files that do not even exist.

In the past, cybercriminals employed the same tactic when it hitchhiked on Trend Micro. Some Google searches then showed banner ads that led to a fraudulent Trend Micro website.

Though the ads may not appear in all regions, all users are still strongly advised to be extra careful when clicking links in search engines. Users connected to the Trend Micro Smart Protection Network are protected from this attack as it detects and blocks all malicious URLs.

Source: http://blog.trendmicro.com/bogus-sponsored-link-leads-to-fakeav/

How to Maximize the Malware Protection of Your Removable Drives

USB drives or external hard drives may not be something you typically think of when you think of protecting your PC from malware, but Friendly Computers warns you that they are just as vulnerable to viruses and other malware as your main hard drive is. Read more below for information on how to secure your removable drives…

Removable drives are one of the most common infection vectors for malware today. Worms propagate via these vectors to proliferate their payload and ultimately, infect more users.

Users need to perform some countermeasures to secure their systems. One way of doing this is to protect removable drives against worms using the Autorun feature.

One popular way of protecting removable drives is by creating a folder or file and renaming it as AUTORUN.INF. It could enable the malware to automatically run on the system even without the users executing it. By creating this file beforehand, ideally, worms would not be able to run in this way.

However, this method is not perfect. Worms can delete the existing AUTORUN.INF file or folder, and then replace it with a malicious version. This would negate any protection placed by the user on the said file. However, by using file permissions to restrict changes, the AUTORUN.INF file can be protected more effectively.

Note: Make sure that your external drive is formatted using NTFS, as this procedure uses a specific feature of NTFS. If your removable drive is formatted using either FAT or FAT32, back up any data on the said drive first and reformat using NTFS. This may require Windows Vista or Windows 7.

1. Create a new folder in the root directory of the removable disk and rename it as “AUTORUN.INF.”
2. Create four more folders in the same location and named it as “recycle,” “recycler,” “recycled,” and “setup” respectively.

   Note: The folders recycle, recycler, recycled and setup are optional but it is recommended for users to create these as malware often use these names/titles.

3. Open a command prompt (cmd.exe) and go to the root directory of your removable drive.
4. Set the folder attributes using the following DOS command:
   attrib autorun.inf /s /d –a +s +r

   

   Figure 1. Setting the folder attributes

5. Set the privilege level of the folder using the following DOS command:
   cacls autorun.inf /c /d administrators

   

   Figure 2. Setting the privilege level of the folder

6. Select ‘Y’ and press enter when the message, “Are you sure (Y/N)?” is prompted.
7. To test it, try to delete, modify, rename, copy, or open the created folder. If you cannot perform any of these functions, then the procedure is successful.

Figure 3. When the user deletes the created folder, the system displays this message prompt.

In addition to the above procedure, users may also choose to use hardware means of protection. Certain removable drives have an external switch that prevents the device from being written to. This would prevent malware from making any modifications to the drive, including the AUTORUN.INF file. However, as this may prove to be somewhat inconvenient, it is still a good idea to use the procedure shown above.

Source: http://blog.trendmicro.com/how-to-maximize-the-malware-protection-of-your-removable-drives/

Microsoft to release free security software soon

Microsoft’s foray into the free security software game, Microsoft Security Essentials, will be available to the public soon, Friendly Computers has learned. Read more below…

Microsoft plans to release the final version of its free antivirus software soon, according to a note sent to testers late Sunday.

"The final version of Microsoft Security Essentials will be released to the public in the coming weeks," Microsoft said in the note.

Microsoft first announced its plans for the product, then code-named Morro, last November, at the same time the company said it was scrapping its paid Windows Live OneCare product.

Public beta testing of Security Essentials started in June, with Microsoft reaching its goal of 75,000 testers just one day after it issued a call for them.

On a personal note, I've been using the product on several machines since June, and I like the way--unlike other antivirus programs--it doesn't make a spectacle of itself, just quietly doing its thing. I often forget it is running on a machine, yet it did save my bacon a couple weeks back when I almost caught Koobface from a friend on Facebook.

Source: http://news.cnet.com/8301-13860_3-10357370-56.html

Social Engineering Watch: Another IRS Scam

Friendly Computers warns you to be wary of a new spam campaign posing as an email from the IRS that distributes malware to your computer if a link is clicked. Read more below…

Trend Micro warns users of the latest spam campaign that targets US taxpayers with Foreign Bank and Financial accounts. The said spam rides on the September 23 extended deadline set by the Internal Revenue Service (IRS) for filing ‘FBAR’ or the Report of Foreign Bank and Financial Accounts.

The spammed message bears the subject “Notice of Underreported Income” and lures users to click the link that supposedly contains the tax statement. Users who click the URL are led to a site where they get infected by various ZBOT variants. ZBOT variants are notorious for their information theft routines.Trend Micro detected these ZBOT variants as TSPY_ZBOT.BZJ, TSPY_ZBOT.BZT, TSPY_ZBOT.BZS, and TSPY_ZBOT.COB.

Figure 1. Bogus IRS Spam

Ever since this spam run began, ZBOT creators have been generating new binaries, probably to avoid detection and removal.

Source: http://blog.trendmicro.com/social-engineering-watch-another-irs-scam/

Be On The Lookout For Holiday Spam

Holiday season is just around the corner, and cybercriminals are already trying to use this to their advantage. Friendly Computers found an article about the various holiday related spam currently circulating around the web. Read more below…

September signals the onset of holidays and as early as this month, spammers are already gearing up for the said season as they “spamvertise” their products.

Just recently, Trend Micro discovered several spammed messages that used “Christmas” as its subject. The said spam email entices users to avail the “best gift” for their loved ones by clicking the URL.

After the users clicked on the link, it points them to a website that sells replica watches for a discounted price. Although the redirected site does not infect users with malware, it could possibly lead to information theft.

Cybercriminals often use the holidays as part of the social engineering ploy. Trend Micro recently blogged about these tactics in the following blog posts:

• ‘Tis the Season to Stay Secure
• Greeting Cards Spread No Cheer
• Holidays Proving Stormy

Trend Micro protects users from this spam attack via the Trend Micro Smart Protection Network. Users are also advised to stay vigilant especially in the upcoming holidays as spam (that may even contain malware) is very rampant.

Source: http://blog.trendmicro.com/heads-up-for-holiday-spam/

Trojan Hides Its Brain in Google Groups

Social networking websites seem to be the new target for many cyber criminals. Friendly Computers found information about a trojan that accesses a Google Groups group to download updates. Read more below…

Virus writers keep getting sneakier. In an effort to evade detection, they've begun hiding their command and control instructions in legitimate Web 2.0 sites such as Google Groups and Twitter.

Recently, security vendor Symantec spotted a Trojan horse program that's been programmed to visit a private Google Groups newsgroup, called escape2sun, where it can download encrypted instructions or even software updates.

These "command and control" instructions are used by criminals to keep in touch with hacked PCs and update their malicious software. Researchers have also seen criminals hide their messages in RSS feeds that are set up to broadcast Twitter messages, said Gerry Egan, a director with Symantec Security Response. "We're seeing a trend toward using more mainstream social media-type interactions to hide command and control," he said.

The Google Groups system appears to be a prototype, but Egan expects the bad guys to increasingly use social media sites for this purpose, as security software becomes more effective at rooting out traditional command and control mechanisms. "Malware authors are saying now that they're on to [our] techniques, let's try something different," Egan said.

Today most criminals communicate with the machines they've hacked via IRC (Internet Relay Chat) servers, or by placing commands on obscure, hard-to-find Web sites. As system administrators are getting better at spotting and blocking these communications, the bad guys are "trying to hide these command and control messages inside legitimate traffic, so the presence of the traffic in and of itself doesn't raise a red flag," Egan said.

A system administrator can block access to IRC pretty easily, but blocking Twitter or Google is another matter altogether.

The Google Groups Trojan appears to be Taiwanese in origin and was probably used to quietly gather information for future attacks. According to the data on Google Groups, the Trojan has not spread widely since it was created in November 2008. "Such a Trojan could potentially have been developed for targeted corporate espionage where anonymity and discretion are priorities," Symantec said in a Friday blog posting.

Source: http://www.pcworld.com/businesscenter/article/171846/trojan_hides_its_brain_in_google_groups.html

Remove viruses from an infected PC, and keep them from coming back

Friendly Computers found an informative article about how to remove a virus from your PC as well as how to prevent new ones from popping up. Read more below…

Our family PC gets quite a workout. It's a five-year-old machine that runs Windows XP and is used primarily by my daughter and teenage grandson for instant messaging, e-mail, social networking, and downloading audio and video files. Since I rarely use the system, I didn't notice that its antivirus subscription had expired.

Which explains why I was a bit surprised when my grandson called when I was out of town to tell me that the PC was acting strangely. Ads appeared on the desktop as soon as Windows started and Firefox and other programs would occasionally close without warning or fail to open at all.

I immediately suspected a virus and instructed my grandson to perform a virus scan. Unfortunately, the machine's antivirus app had gone AWOL. I talked him through the process of using System Restore to revert the PC to an earlier time. This improved matters somewhat, but the system continued to act flaky.

When I returned from the trip, I started the troublesome machine and attempted to open the Microsoft Update site to make sure its copy of XP was up-to-date. But the malware had managed to disable several Windows services intermittently, including Services.msc, so Internet Explorer would shut down repeatedly.

At this point, I was seriously considering a hard-disk reformat and XP reinstall. I even had the XP installation CD in the drive and was ready to begin the process. But even though my daughter and grandson assured me that they had backup copies of all their personal files, I decided to try one more time to salvage the existing setup.

I'm very glad I did, because it turns out there were lots of vacation and holiday images and videos on the machine that hadn't been backed up. First, I installed a free copy of Malwarebytes' Anti-Malware antivirus program on the infected PC, updated the app's virus definitions, and ran a complete scan.

The initial Malwarebytes Anti-Malware scan detected 104 separate infected files and folders.

That first scan turned up a mere 104 infected files and folders. Here's a list of the nasties the machine had picked up:

• Trojan.Vundo
• Troja.Vundo.H
• Trojan.FakeAlert
• Rogue.Installer
• Trojan.Downloader
• Trojan. Dropper
• Trojan.Agent
• Worm.KoobFace
• Rogue.AdvancedVirusRemover
• Rogue.SystemSecurity
• Adware.BHO
• Rootkit.Agent
• Spyware.Agent
• Trojan.BHO
• Hijack.LSP
• Rogue.Multiple
• Disabled.Security

After viewing the report, I rebooted the PC and ran another malware scan. This time, Malwarebytes' app found only nine infected files.

The second Malwarebytes Anti-Malware scan detected only nine infected items.

I rebooted once more and ran yet another scan, which indicated that the PC came up clean.

The third Malwarebytes Anti-Malware scan indicated that all viruses and other malware had been removed from the infected PC.

Once I was assured that the PC was malware-free, I revisited the Microsoft Update site to download and install all the XP security patches the machine required. Then I sprang for the $25 version of Anti-Malware to get the program's real-time virus scanning and automatic updates.

I knew all attempts to alter the user behavior that led to the infections would be futile, so instead, I instructed my daughter and grandson to run Malwarebyte's scanner each time they start the system and just before each shutdown. That was a little over two weeks ago, and so far, the PC remains free of infection. Still, you can bet I'll be paying much closer attention to that machine from now on.

Source: http://news.cnet.com/8301-11128_3-10347497-54.html

Password Hackers Gear for Action

Friendly Computers advises you to create good passwords that are very difficult to guess, and change them regularly. Also, never give your password to anyone, even if you think you can trust them. This can prevent your computer or accounts from being hacked into and your data from being stolen. Read more below…

All that often stands between a malicious hacker and access to valuable, confidential data is a few keystrokes: an end-user's or admin's password. Yet even the most carefully crafted and well-guarded password is susceptible to being stolen from an innocent victim, and crafty miscreants have numerous techniques at their disposal to do the dirty deed.

In order to protect users and your organization from a password attack, you must first have a clear understanding of the various tactics available. From there, you can develop policies and educate users to prevent such an attack from succeeding. Today, we'll take a closer look at some of the types of attacks, as well as the best approaches to squelching them.

The most popular password attacks include authentication bypassing; guessing; network sniffing or eavesdropping; keystroke logging; hash cracking; credential replaying; and social engineering.

Authentication bypassing
This attack entails simply hacking around the authentication check. A common example: A would-be hacker uses a separate boot disc with the ability to read the targeted data partitions so as to bypass the normal log-on prompts and access the data directly. Another example would be an attacker using a remote buffer overflow (or SQL injection, and so on) against a running application or service to gain unauthorized access to the data.

Password guessing
Here, an attacker attempts to guess a user's password by making multiple (sometimes thousands or millions) log-on attempts using proposed passwords against some sort of log-on prompt. Common guessing locations include the normal log-on prompt, Web-based e-mail, FTP, and remote management consoles.

Source: http://www.pcworld.com/businesscenter/article/171468/password_hackers_gear_for_action.html

Mobile Users Unfazed by Web Threats

It may seem like browsing the internet on your cell phone would be a lot safer than a computer, but this may not be the case. There are a variety of malware affecting mobile phones and their numbers are growing rapidly. Friendly Computers recommends that you use security software if possible, and to be careful when browsing the web on your phone. Read more below…

Users are under the impression that mobile phones are more secure than PCs, according to the latest Trend Micro survey. A number of users are found not practicing safe browsing when using their mobile phones.

The survey shows that 44% of over 1,000 respondents are lax when it comes to surfing using their mobile phones. The respondents are actually more concerned of losing data such as contact numbers via physical phone loss rather than information loss due to Web threats and phishing or spam attacks. In fact, only 23% utilize security software already installed in their phones. Some even believe there is no use for such software as mobile phones are not as prone to security risks.

Quite unfortunate is the fact that users’ assumption that mobile phones are spared of attacks by cybercriminals is very much incorrect, as mobile threats have been around for the past four years now. Trend Micro researchers often see Symbian malware such as SYMBOS_BESELO.A, SYMBOS_VIVER.A, SYMBOS_FEAKS.A, and SYMBOS_YXES.B infect Symbian-based phones. Other notable mobile malware include WINCE_INFOJACK.A and WINCE_CRYPTIC.A, which target Windows mobile phones. These so-called traditional mobile malware are still very much active up to this day as seen in the chart below.

As mobile phones become more Web-based and as users more heavily rely on them to conduct their day-to-day business, potential risks brought about by phishing and other Web threats will become more rampant as well. Users are advised to be wary when browsing as this could lead them to malware infection and information loss. They are strongly urged to use security software to stay protected from malware infections.

Source: http://blog.trendmicro.com/mobile-users-unfazed-by-web-threats/