Friendly Computers Virus and Spyware Alerts

Report: Sony Music Greece, Indonesia Hacked

2011-05-24T09:24:00.001-07:00

Sony Music Greece was hacked with its user data published to the Web and Sony Music Indonesia's Web site was defaced, according to an online news report.

The attacks, if confirmed, would be just the latest in a series of security problems the company has had in the past month starting with a distributed denial-of-service attack by the loosely organized hacker group Anonymous in early April to protest Sony's taking PS3 hackers to court.

A Sony spokeswoman provided this statement via e-mail this evening: "There was an online tweet that one page of Sony Music Indonesia's Web site was altered and Sony Music Indonesia shut down the access to such page and started investigation. We are investigating the Sony Music Greece matter."

SonyMusic.gr was attacked with a SQL injection method and customer names, user names, and e-mail addresses of potentially more than 8,300 users were posted on Pastebin.com, The Hacker News reported on Sunday. It displayed a screen shot that said "hacked by b4d_vipera." The link to the Pastebin page was empty as of Monday morning.

Chester Wisniewski at Sophos included a snippet of redacted data from the Pastebin page on his Naked Security blog post and said that it appeared to be incomplete "as it claims to include passwords, telephone numbers and other data that is either missing or bogus."

The SonyMusic.gr site was down this morning. Users should reset their passwords when they can and be alert to the possibility of phishing attacks, Wisniewski wrote.

The Hacker News first reported the Sony Greece hack on Saturday, as well as reporting that the Sony Music Indonesia site had been defaced with a screenshot saying "defaced by k4L0ng666." The Indonesia site was accessible on Monday morning.

On Friday, The Wall Street Journal reported that someone broke into the network of Sony's Japanese ISP subsidiary, So-net Entertainment, compromised e-mail accounts and stole customer rewards points. Also late last week, Sony Thailand's site was hacked and being used for phishing, according to ZDNet UK.

However, the big Sony breach came in April when someone hacked into the PlayStation Network and exposed personal information from 77 million customer accounts. Shortly thereafter, the company said attackers may also have obtained data from close to 25 million Sony Online Entertainment accounts.

It's likely that the subsequent attacks are not all connected, but could instead indicate that attackers are testing Sony's network for weaknesses and exploiting confusion among Sony customers about security of their accounts.

Source: http://news.cnet.com/8301-27080_3-20065389-245.html#ixzz1NHu7kyOv

LastPass Forcing Members To Change Passwords

2011-05-05T09:45:00.001-07:00

Users who manage and store their passwords through password management service LastPass are being forced to change their master passwords after the site noticed an issue this week that raised the spectre of a possible security breach.

As described in a blog yesterday, LastPass recently followed a string of breadcrumbs that pointed to an anomaly in its network traffic on Tuesday. Though such anomalies aren't unusual, LastPass found a matching anomaly in one of its databases. Unable to identify a root cause for either anomaly, the company made the decision to assume the worst--that some of its data had been hacked.

Although LastPass hasn't identified a specific breach, it's erring on the site of caution by now forcing its members to change their master passwords. For you non-LastPass users, what exactly does that mean?

Services like LastPass and rival RoboForm let users create and manage passwords to more easily log in to the vast array of secure Web sites they visit. Those passwords can be stored on a PC or mobile device as well as online. As one means of protection, both companies typically urge users to create a single complex master password that can unlock the key to accessing their passwords. Of course, if that master password is compromised, hackers potentially can gain access to all the individual passwords, one reason why these companies advise users to employ complex master passwords.

In this case, LastPass said it believes that users with complex non-dictionary master passwords were probably safe even if any data was compromised. But the company knows that many users out of force of habit often choose simple, easily decipherable passwords. Though it sees the need to require all users to change their passwords as an overreaction, as LastPass says, "we'd rather be paranoid and slightly inconvenience you than to be even more sorry later."

In the meantime, LastPass says that it's taking further precautions against the anomaly by shutting down and moving certain key services and verifying all of its source code. The company is also enhancing the encryption used to protect its data.

Update 9:30 a.m. PT: LastPass is now reporting on its blog that the company is being overwhelmed by support requests and is having trouble keeping up with the number of password changes. The company has since set up a way for users to confirm their e-mail addresses without having to change their passwords. As a result, LastPass is urging people who are using the service from the same computer or IP address to hold off on changing their passwords for a few days.

"We're asking if you're not being asked to change your password then hold off--we're protecting everyone."

The company further suggests accessing your LastPass data offline by disconnecting from the Internet and then logging in or by downloading its LastPass Pocket software, which lets you carry around your data on a USB stick.

Source: http://news.cnet.com/8301-1009_3-20060004-83.html#ixzz1LUtFvByE

Iran Targeted In New Malware Attack

2011-04-28T15:01:00.001-07:00

Iran is investigating new malware dubbed "Stars" that government officials say is being targeted at the country as part of ongoing cyberattacks.

"The particular characteristics of the Stars virus have been discovered," Gholamreza Jalali, commander of the Iranian civil defense organization, told the Mehr news agency according to Reuters.

"The virus is congruous and harmonious with the (computer) system and in the initial phase it does minor damage and might be mistaken for some executive files of government organizations," he said, declining to specify what equipment the virus targets.

Jalali said efforts to contain last year's Stuxnet infections are ongoing and called on the foreign ministry to take action to stop the "cyber wars" against the country.

Officials in Iran have accused the U.S. and Israel of being behind Stuxnet, which spread through Windows holes and targeted specific Siemens industrial control software. Experts speculate it was written to sabotage Iran's nuclear program.

Source: http://news.cnet.com/8301-27080_3-20057103-245.html#ixzz1KrFJA3Gs

Match.com To Screen For Sex Offenders

2011-04-19T10:53:00.001-07:00

(Credit: Chris Matyszczyk/CNET)

Match.com will start checking its members against a national sex offenders registry.

The company expects to start the new policy in 60 to 90 days, Match.com told CNET this morning, and confirmed that the policy will affect both new and existing members.

Match.com has been considering the option for a while, but yesterday's decision was hastened as a result of the attention brought on by a lawsuit filed last week, spokesman Matthew Traub told the Associated Press yesterday.

A woman in California has sued Match.com, claiming she was sexually assaulted by a man that she met through the online dating service. Arguing that the woman had no idea her date had been convicted of sexual battery, the suit is seeking an injunction to stop anyone from joining Match.com until the company sets up a process to screen for convicted sex offenders.

Match.com president Mandy Ginsberg told the AP that the company had been hesitant to implement such screenings due to their "historical unreliability." But discussions with advisers over the past few days convinced Match.com that certain improvements have made sex offender registries more accurate, prompting the dating service to reverse its stance.

To conduct its screening, the company will tap into a national registry of sex offenders set up by the federal government. This registry pulls together information from the 50 states and other U.S. territories and lets users search for sex offenders by name as well as location.

Since the registry relies on coordinating data from a variety of different local sources, Match.com is cautioning that these types of checks can still be highly flawed.

"It is critical that this effort does not provide a false sense of security to our members," Match.com said in a statement sent to CNET. "With millions of members, and thousands of first dates a week, Match.com, like any other large community, cannot guarantee the actions of all its members. Match.com is a fantastic service, having changed the lives of millions of people through the relationships and marriages it has given rise to, but people have to exercise common sense and prudence with people they have just met, whether through an online dating service or any other means."

Match.com advises its members to read and follow the safety tips that it posts on its Web site to better protect themselves both online and offline.

Update at 11:10 a.m. PT: Added statement and information from Match.com.

Source: http://news.cnet.com/8301-1009_3-20054881-83.html#ixzz1JzbtLGBO

New Fake Antivirus Accepts SMS Payments

2011-04-11T12:49:00.001-07:00

There's a new twist with some fake antivirus scareware that has cropped up. It accepts payment via SMS, according to antivirus firm CyberDefender.

Typical rogue security programs infect the system first, then display pop ups warning that the computer is infected, and request payment to clean it up. The new programs are seemingly more genteel, asking for the money before the program is installed and infects the system, said Achal Khetarpal, threat research director at CyberDefender. Of course, a payment does nothing to "fix" a system and means criminals now have your money and possibly your credit card information.

When a potential victim happens upon a Web site hosting the malware, a dialog box pops up that looks very much like an installer window for a legitimate antivirus product, according to screenshots from CyberDefender. It says "Welcome to" and names a popular antivirus software and suggests closing other applications. If the victim falls for the ruse, it then displays a message that says "To complete installation, you must go through activation" and offers several ways to pay, including SMS (Short Message Service), WebMoney, and credit card.

If you click "cancel," the program won't install, compared with typical fake antivirus programs that have already infected the system by the time the victim realizes what is happening and keep displaying the annoying pop-up messages, even after reboot, Khetarpal said.

The company has seen five versions of the rogue security programs masquerading as software from Avast, Norton, McAfee, BitDefender, and RootKitBuster, and they, as usual, target Windows systems.

Khetarpal could not say how widespread the malware is but said he has seen it in a "lot of Web sites" and in relation to search results for popular and trending topics.

Fake AV scammers aren't the only ones to hop on the SMS payment bandwagon. Scammers were found to be seeking payment by SMS for fake browser updates earlier this year, according to GFI Labs.

Source: http://news.cnet.com/8301-27080_3-20052203-245.html#ixzz1JFJAj0pp

McAfee: Cybercrooks Target Corporate Trade Secrets

2011-03-28T13:38:00.001-07:00

Cybercriminals are increasingly moving from stealing just personal data to capturing trade secrets and other corporate intellectual capital that they can easily sell through the underground market, according to a new report from McAfee and the SAIC.

In today's release of a new study, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency" (PDF), McAfee and the Science Applications International Corporate find that the theft of trade secrets, marketing plans, R&D data, and even source code is on the rise, especially as such information is often unprotected.

Based on a global survey of IT professionals, the report uncovered a number of findings.

A quarter of the companies surveyed said a data breach or just the threat of one has put a halt on plans for a merger or new product launch. Among those that actually suffered a data breach, only half of them took the necessary steps to prevent it from happening again.

Among companies that have been hit by cyberattacks, only about 3 in 10 have reported all such breaches, while 6 in 10 picked and chose which ones they reported. Along those lines, many organizations specifically look to store their data in countries where the laws are more lax over reporting data breaches to customers.

Hit by the recent economy downturn, many companies have been looking at cheaper ways of processing and storing their information abroad despite the potential risks, the report said. Across the world, China, Russia, and Pakistan are thought to be the least secure areas for storing critical data, while the U.S., U.K., and Germany are perceived to the safest. Currently, companies in the U.S., China, and India spend about $1 million a week to secure their sensitive data outside their own countries, the report said.

The information technology industry itself continues to be challenged trying to secure the wave of iPhones, iPads, and Android devices that employees are increasingly using on the job for sharing data, the report found.

"Cybercriminals have shifted their focus from physical assets to data-driven properties, such as trade secrets or product planning documents," said Simon Hunt, vice president and chief technology officer for endpoint security at McAfee. "We've seen significant attacks targeting this type of information. Sophisticated attacks such as Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the of the largest, and seemingly most protected corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding."

To generate the report, McAfee and the SAIC worked with Vanson Bourne to survey more than 1,000 senior IT decision makers across the U.S., U.K, Japan, China, India, Brazil, and the Middle East during November and December of last year. This latest report is a follow-up to a 2008 report entitled "Unsecured Economies," which at the time found that cybercrime was costing companies more than $1 trillion globally.

Source: http://news.cnet.com/8301-1009_3-20047876-83.html#ixzz1HvdyapDY

Sony: PS3 Hacker GeoHot Fled To South America

2011-03-25T10:06:00.001-07:00

date, 7:01 p.m. PT:with Hotz saying he is on a long-planned vacation.

If you've been following the drama between Sony and hacker GeoHot (aka George Hotz) then you're in for a fun twist today: Sony is accusing Hotz of fleeing the country, but Hotz says he's just enjoying spring break.

Sony makes the allegation in a court filing (PDF, see page 2, line 24) dated Friday.

After news stories began appearing today, Hotz wrote a blog post to set the record straight.

"Actually, it's true I'm in South America, on a vacation I've had planned and paid for since November. I mean, it is spring break; hacking isn't my life," he writes. "Rest assured that not a dime of legal defense money would ever go toward something like this. And of course [Sony-employed law firm Kilpatrick Townsend & Stockton] loves the idea of painting me as an international fugitive. I have been in contact with my lawyers almost every day; I would not let the case suffer."

George Hotz telling Sony how he feels.

(Credit: YouTube)

Hotz is well known for reverse-engineering the multi-digit code that allows the installation and execution of non-Sony-recognized code onPlayStation 3s, essentially allowing anyone with a PS3 to run homebrew software, or even pirated games.

A federal magistrate a couple weeks ago OK'd Sony's request for Hotz to hand over his hacking gear--his PS3 consoles, computers, and other equipment--untouched. It seems that before turning the stuff in, he allegedly made edits, deleting key evidence that Sony likely planned to use against him.

What's more, Hotz was allegedly caught lying about having a PlayStation Network (PSN) account. But Sony says it was able to prove that in February of last year, Hotz allegedly purchased a new PS3 and, tracing the serial number, Sony says it concluded that he had set up a PSN account under the screen name "blickmanic," which is also a name Hotz used on previous Web forums oniPhone jailbreaking.

Besides jailbreaking PS3s for non-sanctioned use on PSN, Hotz was a very vocal and active member of the iPhone/iOS jailbreaking community, bringing several key userland jailbreaks to the devices, including blackra1n and limera1n. While Apple consistently moved to patch the exploits Hotz used in its software, it never went overtly litigious as Sony has.

It's unclear what will happen in this case next. It's not publicly known where in South America Hotz is staying, what gear he has with him, and what assets he has access to. Recently, a court granted Sony access to Hotz's donation-based PayPal account, so that cash source may well be totally unavailable.

Whatever the case, we expect this to be far from over. There are egos, weird and obscure copyright laws, and potentially millions of dollars still at stake. If you're like me, you might want to make some metaphorical popcorn as well.

Source: http://news.cnet.com/8301-17938_105-20046386-1.html#ixzz1HdF1RaLX

Microsoft And Feds Bring Down Spam Giant Rustock

2011-03-21T11:09:00.001-07:00

Rustock, purveyor of more e-mail spam than any other network in the world, was felled last week by Microsoft and federal law enforcement agents.

A lawsuit by Microsoft that was unsealed at the company's request late today triggered several coordinated raids last Wednesday that took down Rustock, a botnet that infected millions of computers with malicious code in order to turn them into a massive spam-sending network.

"This botnet is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day," Richard Boscovich, senior attorney in the Microsoft Digital Crimes Unit, wrote in a blog post today.

The Wall Street Journal first reported that it was Microsoft's digital crimes unit, working in concert with U.S. marshals, that raided seven hosting facilities across the country and seized the command-and-control machines that ran the network. Those are the servers that send instructions to the fleet of infected computers to dish out spam messages hawking such items as phony lottery scams and fake and potentially dangerous prescription drugs.The takedown was known internally as Operation b107.

Hard drives seized yesterday at a hosting facility in Kansas City, Mo.(Credit: Microsoft)

Shutting down Rustock could put a huge dent in spam worldwide. Tech security giant Symantec estimated last year that Rustock was responsible for 39 percent of the world's spam. Global spam levels dropped 12 percent after Dutch authorities took down a Trojan horse named Bredolab last November.

Rustock's demise surprised the cybersecurity community last week, which often works in unison to corral spammers. According to an earlier Journal blog post, spam monitors didn't know why the botnet's activity halted. It was clear at the time that the effort was coordinated and complete.

Microsoft's digital crimes unit has long worked with law enforcement to track down and eliminate spammers, botnets, and other malicious code creators. Government authorities rarely have the resources to spend on the investigations, something Microsoft willingly finances since it has a vested interest in keeping people e-mailing.

Source: http://news.cnet.com/8301-10805_3-20044480-75.html#ixzz1HG6VXOoH

Critical Flash Flaw Won't Be Fixed Until Next Week

2011-03-18T10:36:00.001-07:00

Adobe Systems has discovered a "critical vulnerability" in its Flash Player that might cause all kinds of trouble for users.

The company said yesterday that the flaw could cause a user's computer or mobile device to crash--and, more concerning, that the vulnerability could "potentially allow an attacker to take control of the affected system." So far, the company has discovered that the vulnerability is being exploited in Flash files, as well as through Microsoft Excel. Adobe said that the issue hasn't affected Reader or Acrobat.

The flaw affects Adobe Flash Player 10.2.152.33 and earlier versions of the platform running on every major operating system, including Windows, Macintosh, Linux, and Solaris. It's also an issue on Android devices running Flash 10.1 and earlier.

That last point is destined to spark some controversy.

Unlike Android, Apple's iOS mobile operating system has never supported Flash. Instead, iOS supports HTML5, a standard that Apple believes will eventually overtake Flash. But it goes beyond just getting behind an alternative to Flash. Apple's big issue with Adobe's offering stems from the potential security headaches.

Writing last year in an open letter on his company's Web site, Apple CEO Steve Jobs said that "Flash is the No. 1 reason Macs crash." He also cited a report from security firm Symantec, saying that it "highlighted Flash for having one of the worst security records in 2009."

"We don't want to reduce the reliability and security of our iPhones, iPods, and iPads by adding Flash," Jobs wrote.

Adobe plans to release a fix for the vulnerability sometime next week. Until then, the company warned users to "follow security best practices by keeping their anti-malware software and definitions up to date."

Source: http://news.cnet.com/8301-13506_3-20043248-17.html#ixzz1GyQYzbnp

Microsoft Fixes Critical Windows Hole, Others

2011-03-09T15:50:00.001-08:00

Microsoft today released three bulletins fixing four vulnerabilities in Windows and Microsoft Office, including one that is rated "critical" for Windows XP, Vista, and Windows 7.

The bulletin MS11-015 resolves one critical vulnerability in DirectShow and one in Windows Media Player and Media Center, according to the security advisory. The more severe of the flaws could allow remote code execution, and thus complete control of a computer, if a malicious Digital Video Recording file were opened. The one vulnerability rated "important" affects certain media files in all versions of Microsoft Windows, the company said in a blog post.

"Microsoft normally rates this type of file format vulnerabilities as only 'important' because user interaction is required," said Wolfgang Kandek, chief technology officer of Qualys. "However this particular flaw has a component that allows for an attack through a browser link and allows its exploitation in automated 'drive-by' fashion" by merely visiting a Web site.

The other two bulletins both address a preloading issue with DLL (Dynamic Link Library) and are rated "important." The bulletins were released as part of Patch Tuesday, the company's monthly security update roundup.

MS11-016 affects Microsoft Groove 2007 Service Pack 2 used in Office. The vulnerability could allow remote code execution if a user opened a legitimate Groove-related file that is located in the same network directory as a malicious library file.

Meanwhile, MS11-017 affects Windows Remote Client Desktop. The vulnerability could allow remote code execution if a user opened a legitimate Remote Desktop configuration file located in the same network folder as a malicious library file.

Microsoft also said it is working to provide a solution through its monthly security update process to address a Mime HTML-related hole in all supported versions of Windows which became public last month.

Source: http://news.cnet.com/8301-27080_3-20040672-245.html#ixzz1G9KIsihU

France Hit By Cyberattack With G20 Focus

2011-03-07T14:24:00.001-08:00

The French finance ministry revealed today that it has been the victim of a major and sustained cyberattack.

The attack, which has been ongoing since December, seems to be the work of hackers looking for documents related to the G20 political group, which brings together 20 major nations tasked with stablizing the global economy and which is being led by France this year, according to AFP News.

With over 150 computers in the ministry reported to have been compromised, the ministry has so far been forced to shut down 10,000 computers, said a report in Paris Match magazine (Google Translate English version). And though the specific source of the attack hasn't yet been narrowed, down, an official told Paris Match that some of the hacked information was redirected to sites in China.

The finance ministry has filed an official complaint with the French courts, while the French secret service has started investigating the case, added AFP.

Holding their most recent summit in Paris last month, the G20 nations set an array of goals and compromises designed to stave off future financial crises. But China proved difficult in negotations over exchange rates, currency reserves, and surpluses, according to the BBC, which said that the U.S. and other nations have accused the country of purposely keeping down the value of its yuan as a way to hang onto a competitive edge in its exports.

The attack on France follows a cyberattack against the Canadian government in January that also was reportedly traced back to China. Last summer, Canada hosted the G-20 summit in Toronto.

Source: http://news.cnet.com/8301-1009_3-20040050-83.html#ixzz1FxHgW220

Beware Enticing Bieber Links, Free Offers On Facebook

2011-03-02T13:36:00.001-08:00

Old scams hiding under new headlines were circulating on Facebook this week, including promises of video involving obsessed Justin Bieber fans.

"I can't believe a GIRL did this because of Justin Bieber," says the post that has been appearing on Facebook walls and status updates.

Clicking the link leads to a fake YouTube-looking page that says "Please Watch this video only if you are 16 years or older," according to an M86 blog post. Hidden behind the video window is an iframe linked to Facebook so that clicking anywhere in the window will submit a "like" click to the page and spread the post on the victim's Facebook page. This is a standard clickjacking attack that is taking advantage of a current hot topic--the teen singer.

The scam doesn't stop there. A fake Facebook dialog box also pops up that asks the victim to verify his or her age by completing a survey with links to sites relating to auto insurance, according to M86.

Facebook was able to stop this scam fairly quickly, but not before it had garnered more than 20,000 likes. Other variants of the scam were spreading, M86 said.

Separately, scammers had rehashed some scams involving offers of free iPads, free Southwest Airlines tickets, and a Miley Cyrus-related video link via posts on the site and e-mail messages. It's unclear exactly how those scams worked and if they involved clickjacking.

Clickjacking prompts a victim to click something while a different action is taken behind the scenes. It takes advantage of a vulnerability in a Web browser and is not specific to Facebook.

If you see a potential or obvious scam on Facebook report it to the person whose account is spreading it, M86 said. The NoScript Firefox plug-in protects against clickjacking attacks such as this, it added.

Because clickjacking exploits a browser weakness, Facebook can't technically prevent it completely, a Facebook spokesman said. "We continue to build additional protections to mitigate its impact," he said in an e-mail. "We're also involved in discussions with others in the industry on how to fix the underlying issue on the browser side."

Facebook users should be suspicious of anything that looks or feels strange, even if it has been posted by a friend. Facebook offers tips for how to recognize and avoid clickjacking on the "Threats" tab of the Facebook Security Page here.

The company also has developed automated systems to detect and flag Facebook accounts that are likely to be compromised based on suspicious activity like lots of messages sent in a short period of time or messages with links that are known to be bad. Once Facebook detects a phony post it is deleted across the site. The company blocks malicious links from being shared and works with third parties to get phishing and malware sites added to browser blacklists or taken down. And Facebook displays warnings when people click on a link that has been identified as malicious from an e-mail notification.

Here are some basic safety tips for using Facebook or any site on the Web:

• Use an up-to-date browser that features an antiphishing blacklist.

• Choose unique log-ins and passwords for each of the Web sites you use.

• Check to see that you're logging in from a legitimate Facebook page with the facebook.com domain.

• Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional log-in.

Source: http://news.cnet.com/8301-27080_3-20037827-245.html#ixzz1FTZ7hTob

Mac OS X TrojanCcatches Sophos' Eye

2011-02-28T13:39:00.001-08:00

If you see this on your Mac, beware.

(Credit: Sophos)

A new Trojan has cropped up and it's targeting Mac OS X users, one security firm says.

According to Sophos, the Trojan, called "BlackHole RAT" by its author and "MusMinim" by the security firm, is a variant of the Remote Access Trojan on Windows. The author of the Trojan says the malware is not yet completed, but it already does some annoying things.

Overall, Sophos believes that the prevalence of the Trojan is relatively low. The malware can be removed by using antivirus software.

If a Mac becomes infected, the Trojan places text files on the desktop, puts the computer to sleep, commands it to restart or shutdown, and runs "arbitrary shell commands," Sophos says. It also loads a phishing window to get users to input their administrator password. When a full-screen window pops up forcing users to restart their computer, a rather disconcerting message is displayed.

"I am a Trojan Horse, so I have infected your Mac Computer," says the text in the Trojan, according to Sophos. "I know, most people think Macs can't be infected, but look, you ARE Infected! I have full controll (sic) over your Computer and I can do everything I want, and you can do nothing to prevent it.

"So, Im a very new Virus, under Development, so there will be much more functions when I'm finished," the text continues.

The text in the Trojan will surely fuel the long-running debate over whether Mac OS X really is more secure than Windows. Those in the Apple camp point to the numerous Windows security issues that have broken out over the years, compared to the few on Mac OS X, to try and prove that Apple's platform is more secure. Those in the Windows camp believe security is a money game, and malicious hackers have more revenue to generate by targeting all the Windows users in the world, rather than the smaller number of Mac OS X users. It's simply that hackers have ignored Mac OS X, they say.

Sophos says that BlackHole RAT infects computers through downloads over the Web. It might also find its way to the user's Mac through "a vulnerability in your browser, plugins, and other applications."

Source: http://news.cnet.com/8301-13506_3-20037158-17.html#ixzz1FIAb22V9

Report: Canadian Cyberattack Traced To China

2011-02-22T14:04:00.001-08:00

A cyberattack against Canada that tried to access classified government information and forced two key departments to go offline has been traced back to China, according to a story today from CBC News.

Sources told the CBC that the attacks were initially discovered in early January but that it's unknown whether the attackers themselves were in China or just directed their attacks through the country to hide their true source.

Specifically, the attacks reached computer systems at the Canadian government's Finance Department and Treasury Board in an attempt to capture passwords for government databases. In response, the government was forced to shut down all Internet access for the two departments, according to the CBC, and only now are public employees slowly getting that access back.

In a brief statement released by the Treasury Board, the Canadian government did confirm an "unauthorized attempt to access its networks," but provided few other details beyond that, according to AFP.

In response to a request for comment, Canada's Public Safety Department e-mailed CNET the following statement on behalf of its minister, Vic Toews:

"We do not comment on the details of security related incidents. That said, our government takes threats seriously and has measures in place to address them. The next phase of our economic action plan is still in development and we have no indication that Budget security has been compromised."

On its end, China has denied any involvement in the attacks.

"What you mentioned is purely fictitious and has an ulterior motive," Chinese Foreign Ministry spokesman Ma Zhaoxu told a new briefing in Beijing, according to Reuters. "China attaches great importance to computer security and consistently opposes and cracks down on hacking activities according to relative laws and regulations."

Though cyberattacks are used as weapons today by many different countries and organizations, China has often been fingered as a major source of online attacks against other nations. A report released in November by the U.S.-China Economic and Security Review Commission pointed to Chinese government involvement in a number of hacking attempts and computer exploits.

Specifically, the USCC found that a Chinese state-run telecommunications provider had redirected traffic for U.S. military and corporate data in April. The group also reported that a China-based spy network was accused of targeting government departments and other groups in India in an attempt to steal sensitive information.

And China was traced as the source behind the cyberattacks launched against Google and other companies in 2009 as a way of targeting human rights activists.

Source: http://news.cnet.com/8301-1009_3-20032813-83.html#ixzz1EjBlLpUI

New Norton CyberCrime Index Rates Rour Risk

2011-02-16T14:38:00.001-08:00

A new free tool from the makers of Norton attempts to quantify the real-time state of cybersecurity. It makes its debut today alongside the latest version of Symantec's all-in-one consumer security suite, Norton 360.

The Norton CyberCrime Index lies somewhere between a weather report and the United States' threat level advisory system, and Norton 360 version 5 launches with a direct link to it.

Norton CyberCrime Index (images)

The CyberCrime Index uses a statistical model based on information from Symantec's Global Intelligence Network, ID Analytics, and DataLossDB. At the top level, the CyberCrime Index takes this data and creates a number evaluating the relative risk of the threats of the day. However, it also provides a more in-depth look at active threats, threat trends, and provides advice on what kinds of behaviors are being most heavily targeted that day.

Symantec has had the statistical model and algorithm it uses in the CyberCrime Index vouched for by the University of Texas at San Antonio.

The service is set to go live this morning, so check back here later today for a hands-on update.

Symantec isn't forcing the index on any of its users, though the new version of Norton 360 does include a direct link to the service. Version 5 of Norton 360 includes the real-time threat map that debuted in Norton's 2011 consumer suites, along with all the features that were introduced in Norton's 2011 consumer suites last fall. These include updates to Norton's Insight engine, which instantly checks a file's origins and how long it's existed to determine how safe it is. The new version of System Insight also profiles your programs to determine if any of them are slowing down system performance, and automatically alerts users when a program is eating up too many resources.

Now included in Norton 360 is the Norton Bootable Recovery Tool, which will clean heavily infected systems enough to get Norton 360 installed, and can create a rescue tool on disc or USB so that your computer can be resuscitated. The backup features in Norton 360 have been improved, too, adding in automatic file encryption to the backup process. Lastly, Norton Safe Web's social-media scanner has been imported from Norton Internet Security 2011. Currently, it still only supports Facebook, though that's a good start: it will check your Facebook wall and news feeds from within Norton.

Norton 360 version 5 (review) comes with a 30-day trial and can be used on up to three computers. A one-year license with 2GB of online storage retails for $79.99. Bumping that up to 25GB of storage costs $99.99.

Source: http://download.cnet.com/8301-2007_4-20032077-12.html

Google Extends Two-Step Log-In Process To All

2011-02-14T14:43:00.001-08:00

Now all Google users can take advantage of the two-step log-in procedure previously available to Google Apps customers.

This screen can be found in Google under "Account Settings," linked on top of a Google page, and used to set up two-step verification.(Credit: Google)

The company started rolling out the option to use two-step verification to Google Account holders today, according to a blog post. The idea comes from a classic security tactic, the notion that accounts are more secure when you log in using two factors: something you know, such as a password, and something that only you have, such as your phone.

Google Apps users started using this feature in September. Account holders log in to Google as usual, but the first time they enable the two-step process they will receive a code via a voice call or text message, or they can generate their own code using a mobile app available for iPhone, Android, or BlackBerry. That code can be saved for 30 days.

Obviously it will be much harder for anyone bent on hacking your account to steal a code sent to your phone (unless you're a valuable enough target to warrant stealing your phone and hacking your password). It's an optional feature, but one strongly recommended by security experts.

Source: http://news.cnet.com/8301-30684_3-20031351-265.html#ixzz1DyYU7wnR

iPhone Passwords Succumb To Researchers' Attack

2011-02-10T13:33:00.001-08:00

Researchers at the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany, have found a way to steal passwords found in the Apple iPhone's keychain services within six minutes.

In order to steal passwords, the researchers said, the attacker must have have the actual, physical iPhone in hand--this isn't a remote maneuver. First, the attacker has to jailbreak the iPhone, and from there then must install an SSH server on the smartphone to be able to run unrestricted programs. The researchers also created a "keychain access script" that they then copied to the iPhone. After executing that script, they found that they were able to decrypt and see some passwords saved in the keychain.

Over the past year, several iPhone exploits have been revealed by researchers around the world, including some that attack vulnerabilities in the mobile Safari browser. But at least so far, the issues have affected users who jailbreak their own devices. Even in the Fraunhofer Institute's case, a non-jailbroken iPhone will not reveal keychain passwords. Jailbreaking is the process of bypassing the restrictions that Apple sets up to keep users from tinkering with the device's underlying system software.

Researchers said that this latest issue has to do with how iOS handles encryption--namely, that "encryption is independent of the personal password to protect access to the device properly." In other words, even if a user protects access to the iPhone--or any other iOS-based device--with a passcode, it won't be enough to stop hackers from using this method to access saved passwords in the keychain.

It should be noted that the proof-of-concept maneuver would not reveal passwords for Web sites. Services like Gmail, AOL Mail, Yahoo Mail, and others with "protected" passwords "were available to the script only after entering the passcode to unlock the device, which by assumption, should not be possible for an attacker," the researchers noted.

But the folks at Fraunhofer Institute don't necessarily believe that iPhone owners should assume that they will be safe if they don't jailbreak their iPhones. In their scenario, the researchers assumed that the iPhone was stolen and the person who took it knew how to jailbreak the device and create and run scripts. They said in their evaluation of their proof-of-concept that the difficulty level of exploiting the vulnerability is "low."

"Owners of a lost or stolen iOS device should therefore quickly initiate a change of all stored passwords," the researchers wrote in their report. "Additionally, this should be also done for accounts not stored on the device but which might have equal or similar passwords, as an attacker might try out revealed passwords against the full list of known accounts."

Malicious hackers are increasingly turning towardsthe mobile market to target unsuspecting victims.

Earlier this week, security firm McAfee revealed that mobile malware threats were up 46 percent last year. The company said that it expects "cybercriminal activity" in the mobile market to surge in 2011.

Source: http://news.cnet.com/8301-13506_3-20031297-17.html#ixzz1DatgQ2bL

Microsoft To Seal 22 Security Holes This Month

2011-02-08T13:51:00.000-08:00

Microsoft today said it will address 22 vulnerabilities as part of next week's Patch Tuesday, three of which are critical.

Three of the 12 bulletin items released by Microsoft earlier today are classified as critical, and affect Microsoft's Windows operating system, with one affecting Microsoft's Internet Explorer browser as well. The rest are classified as "important."

In a post on Microsoft's Security Response Center blog, the company said it will be making fixes for vulnerabilities in the Windows Graphics Rendering Engine, as well as CSS exploit in Internet Explorer that could allow an attacker to gain remote code execution.

Along with the fixes for the rendering engine and the CSS exploit, Microsoft says it will be addressing zero-day flaws that created vulnerabilities in the FTP service found inside of Internet Information Services (IIS) 7.0 and 7.5.

Not included in this month's batch of announced patches is a fix for the recently-discovered script injection attacks that affect Internet Explorer. Acknowledged by the company last week in Security Advisory 2501696, the exploit targeted the way IE handled MHTML on certain types of Web pages and document objects, and could provide hackers with access to user information. According to Wolfgang Kandek, chief technology officer at Qualys, the best route to prevent those attacks continues to be the workaround Microsoft outlined in its initial security advisory about the problem.

Microsoft has a full list of the pending issues here.

Source: http://www.news.cnet.com/8301-1009_3-20030613-83.html#ixzz1DPGp6pCT

Cyber Monday: Beware The Malware

2010-11-29T14:17:00.001-08:00

It's the Monday after Thanksgiving and you're sitting at your work computer suffering from food coma. Too bloated to get any real work done, you decide to do something that doesn't occupy too much of the brain--online Christmas shopping.

There's more at stake here than the cost of shipping and handling, though. First off, your boss probably doesn't want you to be surfing Amazon when you have spreadsheets to complete. Secondly, you could be opening up the corporate network to malicious hackers during what is known to be a particularly risky period.

Scammers are ready for unsuspecting online shoppers to be hunting for holiday bargains that hit on what has become known as Cyber Monday (given that more than 40 percent of you will be buying holiday gifts online, according to this survey). There will no doubt be malware hiding on retail sites, fake sites created just for distributing viruses and Trojans, and e-mails with malware-laden attachments and links leading to nastiness.

Once inside the corporate network, the malware can easily spread to other computers in the company and leave back doors that can be used later for nefarious purposes, putting corporate data at risk.

Unless a company forbids Web surfing on company time and uses software to monitor and enforce the policy, there is little recourse once workers start browsing. IT departments should do what they can to protect the networks before then, by using the most up-to-date spam filters and anti-malware software and adjusting the enterprise Internet settings to alert users when a program attempts to download something.

Communication is key, too. Corporate IT personnel should consider sending an alert to remind employees of the dangers and to report suspected malware downloads, advises Adam Chernichaw, a privacy expert and partner at the law firm White & Case. Also, they should tell employees to not click "Agree" or "OK" to close a window, but to click the red "X" in the upper corner or press "ALT + F4" instead.

Employees should practice safe browsing. CNET contributor Lance Whitney wrote about some general tips for Web surfers from Webroot, including typing URLs in directly instead of following links and keeping a close eye on PayPal and other payment accounts.

Be careful of electronic greeting cards, because they are an easy way to trick people into downloading malware. Verify that the merchant or site a greeting card is sent from is legitimate, warns the United States Computer Emergency Readiness Team, an arm of the Department of Homeland Security. If you get an e-card from someone you don't know, be suspicious. You can always ask friends in an e-mail to confirm that he or she sent you something.

If you are buying gift cards online, only shop at reputable retailers and not through online auction sites, says the National Retail Federation. Gift cards sold through online auction sites may be counterfeit or stolen and once you buy it it's yours. The group has more online shopping tips on its Web site.

And for people wanting to donate to charity, the U.S. Federal Trade Commission has a charity checklist with tips such as asking groups seeking donations for more information about who is behind the operation, being wary of charities that spring up overnight in response to disasters, and not sending cash or donations.

Web searches can be dangerous any time of year as scammers use search engine optimization tactics to lure people to their sites. But holiday shopping online presents an attractive pool of potential victims. Be extra cautious when doing searches related to "holiday sale" and "Christmas specials" during this time of year.

F-Secure has compiled a Holiday 2010 Cyber-Watch List of popular search terms that are expected to be used by scammers to poison search results, which features "Kinect for Xbox" and "Call of Duty: Black Ops" at the top.

And make sure you don't do too much shopping at work or you'll instead be online checking out the job wanted ads.

Read more: http://news.cnet.com/8301-27080_3-20023728-245.html#ixzz16iEVo8Aj

Guide For Teen-Proofing Facebook Released

2010-11-08T14:53:00.000-08:00

If you are a parent and you want your teen to be able to use Facebook without either of you having to worry that your child is sharing too much personal information, there's a new resource that can help.

A "Parents' Guide to Facebook," being unveiled today, offers hands-on, step-by-step instructions and illustrations, as well as information on safety, privacy, and reputation protection; and it covers the use of Facebook on computers and cell phones. It also offers specific recommendations for configuring privacy settings, noting that the default Facebook settings are not as privacy protective as they should be, even for adults.

The guide is being debuted at the fourth annual Family Online Safety Institute conference by the iKeepSafe Coalition and Connect Safely, a project of the nonprofit Tech Parenting Group. (CBS.com contributor Larry Magid of SafeKids.com is a co-director of that group.)

Facebook also has its own Safety Center, launched earlier this year, that provides information geared toward parents and teens.

The guidance will no doubt be a welcome resource for parents who have trouble keeping up with their teens' activities, both online and offline. A recent survey found social networks are not doing enough to protect teens' privacy. The guide may even help teens avoid the mistake one girl made recently when she accidentally invited thousands of strangers to her private house party.

Read more: http://news.cnet.com/8301-27080_3-20021992-245.html?tag=mncol;title#ixzz14jahVRh9

Adobe: Flash, Reader Hole Used In PDF Attacks

2010-11-01T14:25:00.000-07:00

A new critical vulnerability in Flash and Adobe Reader and Acrobat 9.x is being exploited to attack computers running the popular PDF viewer software, Adobe warned today.

Adobe is not currently aware of attacks targeting Flash Player, the company said in a blog post.

The bug is in Flash Player 10.1.85.3 and earlier versions for Windows, Mac, Linux, and Solaris, and Flash Player 10.1.95.2 and earlier for Android. It also is in the authplay.dll component in Reader 9.4 and earlier 9.x versions for Windows, Mac, and Unix, and Acrobat 9.4 and earlier 9.x versions for Windows and Mac. The component renders Flash content in the PDF viewer.

Adobe Reader and Acrobat 8.x and Reader for Android are not impacted by the flaw, the company said.

The hole could be used by an attacker to take control of the system. In the existing attacks, a Trojan is being dropped onto victims' computers that steals sensitive data and loads other malware, according to ThreatExpert.

Adobe is working on a fix and expects to provide it in an update for Flash Player by November 9 and an update for Reader and Acrobat 9.x during the week of November 15.
Workarounds are included in this security advisory.

This afternoon, Adobe issued a fix for a hole in Shockwave Player that was disclosed last week. Earlier this month, the company plugged 23 holes in Reader and Acrobat, including two being used in attacks.

The company is adding sandbox technology designed to add more layers of protection to the next version of Adobe Reader, Reader X, which is due out by mid-November.

Updated 12:50 p.m. PDT with Adobe releasing fix for Shockwave Player hole.

Read more: http://news.cnet.com/8301-27080_3-20021055-245.html?tag=mncol;title#ixzz144Imxx00

Report: United States Is World's Top Spammer

2010-10-19T14:04:00.000-07:00

The United States is now the top source of spam, accounting for almost 19 percent of all junk e-mail sent throughout the world, according to a new report out today from Sophos.

The security firm's "Dirty Dozen" report highlighted the top 12 countries responsible for the world's supply of spam during the third quarter. With the United States generating almost 2.5 times more spam than second-place India, the country now accounts for almost one in five junk messages. The United States' 18.6 percent share of all global spam also showed a significant jump from its 15.2 percent share in the second quarter.

Among the other top sources of spam, according to Sophos, are India with 7.6 percent of all global junk mail, Brazil with 5.7 percent, France with 5.4 percent, and the U.K. with 5 percent.

The report also highlighted the growth in spam from social-networking sites over the third quarter. Last month, Twitter users were hit by a "MouseOver" exploit that redirected them to third-party spam sites if they simply hovered over a link in a tweet. And over the summer, Facebook users faced their own scams, ones that attempted to trick them into filling out bogus surveys, with the information then used to spam their friends.

Much of the spam now being generated around the world isn't coming from the spammers themselves but from botnets, networks of infected computers directed to send junk mail to other unsuspecting users.

"You should never even be tempted to open a spam message out of curiosity, as it can only take a second to effectively hand over control of your computer to the spammers," Graham Cluley, senior technology consultant at Sophos, explained in a statement. "If your computer does become part of a botnet, you're also inviting further malware infections, which may compromise your personal or banking information."

To protect their PCs from infection by bots and other malware, Cluley advises users to run antispam and anti-malware tools, behave sensibly when online, and stay updated with the latest security patches.

Read more: http://news.cnet.com/8301-1009_3-20019611-83.html?tag=mncol;title#ixzz12qFP4bjw

Microsoft To Fix 49 Holes In Windows, IE, Office, And .NET

2010-10-11T12:33:00.000-07:00

Microsoft will fix a record 49 vulnerabilities in its Patch Tuesday release next week that will involve 16 security bulletins affecting Windows, Internet Explorer, Office, and the .NET framework.

Four of the bulletins carry a "critical" rating, 10 are rated "important," and two are "moderate," according to the advisory.

They affect specifically Windows XP, Vista, Windows 7, Windows Server 2003 and 2008, Microsoft Office XP Service Pack 3, Office 2003 Service Pack 3, Office 2007 Service Pack 2, Office 2010, Office 2004 for Mac and 2008 for Mac, Windows SharePoint Services 3.0, SharePoint Server 2007, Groove Server 2010, and Office Web Apps.

Microsoft did not indicate whether two unpatched Windows holes that are being exploited by the Stuxnet worm will be fixed next week. Microsoft previously patched two other zero-day vulnerabilities in Windows the worm was using and said during last month's Patch Tuesday release that two more holes being used by Stuxnet needed to be plugged. Stuxnet spreads through the Windows vulnerabilities but was designed to target industrial control and critical infrastructure systems running Siemens software.

This is the highest number of vulnerabilities fixed in one Patch Tuesday release; the previous record was 34 holes fixed in August.

Meanwhile, in a tacit acknowledgment that after-the-fact patching isn't enough, Microsoft is proposing new ways to address security issues online. Earlier in the week, Microsoft released a paper (PDF) written by Scott Charney, corporate vice president for Microsoft's Trustworthy Computing, in which he proposes applying public health models to the Internet.

He suggests that computers could be given "health certificates" indicating whether they have the latest software patches, their firewalls are installed and correctly configured, antivirus programs are up-to-date, and that they are free of malware. If the health certificate indicates that something is amiss, an ISP could notify the computer user about the problem, and if the computer is being used in an attack, the bandwidth could be throttled to curb that activity, he said.

Comcast is already taking action to alert its Internet-using customers to possible malware on their computers as part of its anti-botnet service. And Brian Krebs reports that the FCC may do more to encourage ISPs to be more proactive in protecting consumer PCs.

Read more: http://news.cnet.com/8301-27080_3-20018933-245.html?tag=mncol;title#ixzz1253q6VPW

Dozens Charged In Use Of Zeus Trojan To Steal $3 Million

2010-09-30T13:23:00.000-07:00

The FBI and the U.S. Attorney's office in southern New York announced charges today against 37 people accused of being part of an international crime ring that stole $3 million from bank accounts by infecting computers with the Zeus Trojan and other malware.

Between federal and state charges, more than 60 people total are being charged in the operation, officials said.

Ten people were arrested today by federal and New York law enforcement officers and another 10 were previously arrested in the U.S. as part of a coordinated takedown, authorities said. Seventeen people are still being sought in the U.S. and abroad, officials said. The defendants named in the documents, unsealed by the court today, were all listed as being from Eastern Europe and face federal charges.

Separately, 10 people were charged earlier today in England for similar Zeus-related crimes.

The Zeus Trojan was identified earlier this year as a key factor in the construction of a botnet that infected tens of thousands of computers around the world.

The defendants charged in Manhattan federal court today include alleged managers of the operation as well as alleged money mules recruited to open bank accounts for laundering money and a person accused of obtaining false foreign passports for mules.

The group allegedly recruited mules by placing ads on Russian language Web sites seeking students with J-1 visas, who could open bank accounts in the U.S.

One of the purported victims was identified as a municipal entity in Massachusetts.

Some of the alleged mules are accused of retrieving money from breached brokerage accounts at eTrade and TD Ameritrade. Other defendants allegedly received stolen money from wire transfers to bank accounts in Asia or by withdrawing money from ATMs in New York, the documents indicate.

The investigation appears to have been triggered when New York police detectives went to a Bronx bank in February to investigate a suspicious $44,000 withdrawal, according to a news release issued by the FBI, the U.S. Attorney's office, the New York Police Department, and other agencies.

The charges range from bank fraud and false use of passport to money laundering and conspiracy to commit wire fraud. Maximum prison sentences range from 10 years to 30 years and fines from $250,000 to $1 million per count.

Read more: http://news.cnet.com/8301-27080_3-20018177-245.html?tag=mncol;title#ixzz112wQTfox

Stuxnet Worm Hits Iranian Nuclear Plant

2010-09-27T13:44:00.000-07:00

Iran's official news agency said today that a sophisticated computer worm purportedly designed to disrupt power grids and other such industrial facilities had infected computers at the country's first nuclear-power plant but had not caused any serious damage.

The Stuxnet worm, which some see as heralding a new era of cyberwarfare, appeared in July and was already known to be widespread in Iran. In fact, its high concentration there, along with a delay in the opening of the Bushehr plant, led one security researcher to hypothesize that Stuxnet was created to sabotage Iran's nuclear industry.

In addition to emphasizing the threat posed by the worm, which could be used to remotely seize control of industrial systems, today's news could well add to speculation about Stuxnet, the sophistication of which has caused some to suspect that a nation state, such as Israel or the U.S., might be behind its creation.

The worm exploits three holes in Windows, one of which has been patched, and targets computers running Siemens software used in industrial control systems.

Mahmoud Jafari, the project manager at the Bushehr plant, said the worm "has not caused any damage to major systems of the plant" and that a team was working to remove it from several computers, according to Iran's IRNA news agency, which was cited in a report by the Associated Press.

Jafari said the infection involved the personal computers of several staff members working at Bushehr and would not affect plans to open the nuclear plant in October, the AP reported.

Read more: http://news.cnet.com/8301-1009_3-20017651-83.html?tag=mncol;title#ixzz10lUCBP1g

Report: Half Of Apps Have Security Problems

2010-09-22T13:42:00.000-07:00

This chart shows the source of application and the failure rate for security acceptance based on how critical the app is to the business.
(Credit: Veracode)

More than half of software used in enterprises has security problems, according to a new report to be released today from Veracode, an application security company.

Veracode looked at more than 2,900 applications over an 18-month period that were used by its cloud-based customers and found that 57 percent of all the apps were found to have unacceptable application security quality.

Eight out of 10 Web apps failed to meet the OWASP (Open Web Application Security Project ) Top 10 requirement that is necessary to achieve PCI (payment card industry) compliance for use in financial and e-commerce sites, Veracode said.

The report finds that third-party code, which is growing in use in enterprises, is often insecure. Third-party suppliers failed to achieve acceptable security standards 81 percent of the time, the report said.

Meanwhile, cross-site scripting remains the most common of all application vulnerabilities, and .NET applications showed "abnormally high" numbers of flaws, Veracode said.

"A lot of work still needs to be done around the work of software security," Sam King, vice president of product marketing at Veracode, told CNET.

Also on Wednesday, WhiteHat Security released a report that found that the average Web site had nearly 13 serious vulnerabilities.

Security Fixes Land In Chrome 6

2010-09-15T14:03:00.000-07:00

Google updated the stable and beta builds of its Chrome browser on Tuesday evening, making a fix marked as critical to the Mac version and numerous repairs marked as high-priority across all platforms. Chrome 6.0.472.59 for Windows, Mac, and Linux also repaired a Linux-specific memory corruption bug.

At the time of writing, the critical Mac bug was still blocked from public view. This is not uncommon with bugs that can represent serious security risks. Judging by its public security logs, Google appears to be releasing details on fixed bugs no earlier than a week after the bug has been repaired.

Other security issues that were addressed include multiple high-level bugs involving use-after-free in document APIs, SVG styles, and nested SVG elements. Two high-level memory corruption bugs were also fixed, one in the HTML5 Geolocation feature, and another in language handling for Khmer. Finally, a small number of users who experienced browser crashes when blocking pop ups should now see that fixed. The Chrome 6.0.472.59 changelog can be read at Google's Chrome updates blog.

Adobe Warns Of Zero-Day Hole In Reader, Acrobat

2010-09-08T13:59:00.000-07:00

Adobe on Wednesday warned of a zero-day hole in Reader and Acrobat that is reportedly being exploited in the wild.

The critical vulnerability is in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh, and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh, according to the security advisory. The hole could allow an attacker to take control of an affected computer and potentially affects millions of computers using the Adobe software, which is the most popular PDF (portable document format) viewer.

The company said it is evaluating the schedule for releasing a security update to resolve the issue.

"Unfortunately, there are no mitigations we can offer," the advisory said. "However, Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available."
Adobe learned of the issue on Tuesday, according to a company statement.

'LOL Is This You?' Spam Spreading Via Facebook Chat

2010-08-31T14:29:00.000-07:00

Facebook on Friday afternoon was investigating what appeared to be a new spam scheme that results in users getting messages from friends over Facebook chat that have malicious links.

The messages say "LOL is this you?" and are accompanied by a link that looks like it leads to a video on Facebook, one victim told CNET. In his case, clicking the link directed to a Web page with a "404-Page Not Found" error message and his account sent the spam out to at least one of his friends, he said.

The spam was also reported on Twitter, but at this point the outbreak seems to be minor..

A Facebook spokesman said the company is looking into the matter.

The spam message is similar to ones used in several phishing attacks on Twitter in February.

Update 10:07 a.m. PDT August 30: A Facebook spokesman provided this comment over the weekend:

"The Chat messages were being sent from compromised accounts and included a link to an application on Facebook that has now been disabled. We disable spam applications as soon as they're reported to us or surfaced by our automated systems and before the scammers can get very far. We also quickly delete malicious links across the Facebook site, and when we detect that an account may be compromised, we block access to it and put the owner through a series of remediation steps."

Read more: http://news.cnet.com/8301-27080_3-20014977-245.html?tag=mncol;title#ixzz0yDnPv6yt

Rustock Botnet Responsible For 39 Percent Of All Spam

2010-08-25T14:08:00.000-07:00

Botnets are now responsible for sending 95 percent of all spam, up from 84 percent in April, and almost half of that spam comes from a single botnet, Rustock.

Rustock sent 41 percent of the world's botnet spam in August, up from 32 percent in April. This is despite the network actually shrinking in size from 2.5 million to 1.3 million bots over the same period, security company Symantec said on Tuesday. This means Rustock is currently responsible for 39 percent of all the world's spam e-mails.

"Overall, the total amount of spam in circulation is down slightly from the previous quarters as most botnets have reduced their number of bots, [but] one exception is Rustock, which has decreased its number of bots, but increased its [spam] volume," according to Paul Wood, a MessageLabs Intelligence senior analyst for Symantec Hosted Services. Rustock has been responsible for a 6-percent increase in spam e-mails per day, he said in a statement.

Sophos Flags Facebook 'Dislike Button' Scam

2010-08-17T13:18:00.001-07:00

Security firm Sophos has highlighted yet another scam that's zipping around Facebook in the form of a third-party application, this one spreading in the form of links claiming to be from friends that encourage members to install a Facebook "dislike button."

Sophos wrote about the scam in a blog post Monday, pointing out that a link to it tends to appear in wall posts that appear to be from the user's friends ("I just got the Dislike button, so now I can dislike all of your dumb posts lol!!") but which are actually automated messages from friends who have already been duped. The scam's purpose is to force users to complete a survey contained in the application, a bit of trickery that has already been known to be perpetuated through scam links like "Justin Bieber trying to flirt" and "Anaconda coughs up a hippo," the two of which presumably would be enticing to rather different demographics of Facebook users.

As Facebook's surging membership numbers have blazed past 500 million around the world, its channels of fast social connection and messaging have become a prime target for scammers and viruses. This one's particularly nasty because a "dislike button," offering some kind of counterpoint to Facebook's own "like" button, is something that many members have been clamoring for.

Beyond tricking a user into completing a survey, and hence gaining access to your profile and the ability to spam your friends, there doesn't appear to be much about the scam that's dangerous. Eventually, after the user completes the survey, it does redirect to FaceMod, the maker of a Facebook-based "dislike" button that takes the form of a Firefox browser plug-in. Sophos points out that the scam does not appear to have any direct connection to FaceMod.

"If you really want to try out FaceMod's add-on (and note - we're not endorsing it, and haven't verified if it works or not), get it direct from the Firefox Add-ons Web page, not by giving a rogue application permission to access your Facebook profile," the Sophos post by analyst Graham Cluley read.

iPhone Jailbreak Could Double As Security Hole

2010-08-09T15:33:00.000-07:00

The jailbreak for the iPhone released over the weekend may have exposed a flaw in the iPhone's mobile Safari browser.

Unlike previous jailbreaks, which required the iPhone to be connected to a computer to run the software update, the latest jailbreak, posted by the iPhone Dev Team at Jailbreakme.com, is accomplished via the Safari browser loaded on the device.

But the fact that it can be performed just through Safari, and the way it's done, points to a larger problem, as several CNET readers and listeners wrote to us to point out Tuesday. It means potentially anyone could control your iPhone (or iPod Touch or iPad) just by visiting a certain Web page. A site can present the exploit as a simple PDF link, which requires no explicit user action short of clicking a link. It can then launch an exploit that takes advantage of the way the PDF viewer loads fonts.

The end result is that the program can then have unrestricted access to your iPhone or iPad or iPod Touch on virtually all versions of iPhone firmware, short of the iOS 4.1 beta, currently in the hands of developers for testing.

When reached for comment, an Apple representative said Apple is "aware of the reports and is investigating." We'll update if we hear more.

"It's really serious," said Charlie Miller, a principal analyst at Independent Security Evaluators, who was the first person with a public remote exploit for the iPhone.

There are two distinct vulnerabilities and two distinct exploits, he told CNET. One flaw is in the way the browser parses PDF files, enabling the code to get inside a protective sandbox, and the other hole allows code to break out of the sandbox and get root, or control, privileges on the device, he said.

"Basically, the way the iPhone is made to be secure is through several layers of defense, so even if someone were to compromise your Web browser, it limits what they can do," Miller said.

"There are a lot of people known for doing iPhone research, but I've never heard of this guy," Miller said, referring to whoever created the iPhone 4 jailbreak. "It goes to show you that for every researcher who is known, there are a bunch of others who know the same stuff and probably more"--and whose intentions might not be honorable, he said.

While this exploit is not malicious, other hackers could take the software, reverse-engineer it, and then release an exploit that takes control of the device for nefarious purposes.

"Vulnerabilities with reliable exploit code tend to get reused and repurposed for other attacks/malware/uses," David Marcus, security research and communications manager at McAfee, wrote in a blog post.

"This should serve as a wake-up call for anyone with a mobile device: remote exploitation is real and here to stay," he wrote. "For now, these vulnerabilities are being used only (as far as we know) to jailbreak iPhones, but they could be used to do many other things to iPhones and their owners around the world."

Microsoft Plugs Windows Shortcut Hole

2010-08-02T14:17:00.000-07:00

As planned, Microsoft released a fix on Monday for a critical Windows vulnerability that was being exploited by a fast-spreading virus and other malware.

The software patch fixes the way Windows Shell handles shortcut files, which are links to a file represented by an icon and implemented with the .lnk extension. Attackers exploiting the hole could take complete control of the computer, the security advisory said.

An attacker could disseminate a USB or other removable drive with a malicious shortcut file on it and when the target victim opens the drive in Windows Explorer or any other application that parses the icon of the shortcut, the malicious code would execute on the victim's computer. An attacker could also embed malware in a malicious Web site, a remote network share, or in a Microsoft Word document, Microsoft said.

Originally, the Windows flaw was used to spread the Stuxnet worm via USB drives and it was stealing information from systems running Siemens software used in critical infrastructure companies. Late last week, Microsoft issued a blog post that said there were copycat attacks exploiting the hole, including one involving the Sality.AT virus, which was spreading fast.

The situation was serious enough to prompt Microsoft to release an "out of band" patch instead of wait a week to fix the hole with its next scheduled Patch Tuesday security update, on August 10.

"Symantec is aware of multiple threats leveraging the vulnerability, and attempted exploitations have steadily increased since the security hole first came to light," said Ben Greenbaum, senior research manager for Symantec Security Response. "One such threat is a new variant of Changeup," a highly destructive threat.

The hole affects all versions of Windows including Windows 2000 and Windows XP service pack 2, which are not supported by Microsoft anymore. Customers using those versions need to upgrade to be protected from the attacks.

"So far, most of the exploits using this vulnerability have been targeting SCADA (supervisory control and data acquisition) systems, and these systems typically run on older operating system versions. These older systems are not being patched today," said Andrew Storms, director of security operations for nCircle. "Utility companies that know they cannot upgrade are fully aware their systems contain a public vulnerability that is being exploited. Utility companies and SCADA vendors are probably scrambling to find a resolution to this problem as quickly as possible."

Microsoft: IE8 Barred 1 Billion Malware Downloads

2010-07-26T13:26:00.000-07:00

Internet Explorer 8, with the help of its SmartScreen Filter, has "blocked 1 billion attempts to download malware," Microsoft product manager James Pratt said in a blog post Friday.

The SmartScreen Filter evaluates URLs and their associated servers. If the software recognizes a server as containing malicious content, it displays a warning, saying it's unsafe to browse to a respective site that could cause harm on the user's computer. The user is then given the option to continue to the page or go back to their home page without downloading any content.

According to Microsoft, the SmartScreen filter continues to improve. In August 2009, it blocked 70 million malware download attempts. At the time, just 15 percent of Web users were surfing with Internet Explorer 8. Today, Microsoft reported, nearly 26 percent of the Web population is using IE8, and the company's SmartScreen filter is blocking "five times more malware month on month" compared to August 2009.

Of course, whether Microsoft's ability to block a billion malware download attempts is really something to gloat about is up for debate. On one hand, the company seems to be doing a better job of keeping users safe. On the other, the fact that that many attempts have been made might speak to security issues that still plague the Windows ecosystem. Regardless, it seems that Microsoft is turning its blocking abilities into a positive thing. And to some extent, it's commendable.

But that won't stop me from choosing Google Chrome or Mozilla Firefox over Internet Explorer.

Spy Rootkit Goes After Indian, Iranian Systems

2010-07-19T12:52:00.000-07:00

Sophisticated malicious software that infects critical infrastructure systems is spreading in the wild, according to security companies.

Finnish security company F-Secure, which is in the process of analyzing the malware, told ZDNet UK that critical infrastructure in India and Iran had been affected.

The malware takes advantage of a zero-day vulnerability in Microsoft .lnk shortcut files, and infects Siemens WinCC Scada software running on Windows 7 Enterprise Edition x86 systems. It spreads via USB drives and runs automatically when a shortcut icon is displayed on a user's screen.

Read more of "Spy rootkit goes after key Indian, Iranian systems" at ZDNet UK.

Report: NSA initiating program to detect cyberattacks

2010-07-12T12:22:00.000-07:00

The National Security Agency is reportedly launching a program to monitor for cyberattacks against government agencies and private companies responsible for key services such as electricity, nuclear power, and transportation, according to a story in Thursday's Wall Street Journal.

The program, known as "Perfect Citizen," is already triggering mixed reactions, says the Journal. Some in industry and government see it as an attempt by the NSA to intrude into domestic matters, while others believe it's a much-needed step in fighting the threat of cyberattacks.

Perfect Citizen would establish a series of sensors across various computer networks that would sound an alarm in the event of a possible cyberattack. The sensors would be deployed at agencies and private companies that handle the nation's most critical infrastructure, including the electrical grid, nuclear power plants, subway systems, and air-traffic control networks.

The program would reportedly focus on older computer systems and networks that were initially designed without Internet access or any real security in place but have since been linked to the Internet, leaving them open and vulnerable. Since it can't force private companies to accept Perfect Citizen, the government would dangle various incentives to get them to tie into the new system, according to the Journal.
In spite of privacy concerns, many businesses might find the extra protection valuable, as in the case of Google, which enlisted the aid of the NSA last year to help investigate the cyberattacks launched from China. Reportedly, Google and the NSA chatted earlier this year about a more formal partnership to thwart future cyberattacks.

Officials in Washington and executives in the private sector have increasingly expressed fears that major cyberattacks launched against the country's critical infrastructure could seriously harm the government and economy. U.S. intelligence experts have already been monitoring attempts to hack into the electric grid and other key services, which they believe stem from China and Russia, the Journal reported.

The new program is getting funding from the Comprehensive National Cybersecurity Initiative. This multibillion initiative hinted at the Perfect Citizen project with plans by the NSA to expand its surveillance into the private sector through a network monitoring system named Einstein. Defense company Raytheon has already scored a contract worth up to $100 million for the initial stage of the project, the Journal said, citing a person familiar with the project.

Since Perfect Citizen is still in its infancy, key questions will need to be addressed, including which network systems will be monitored and how information will be gathered. The NSA would probably kick off the project with the most critical services, such as electricity, nuclear power, and air traffic control systems, said the Journal.

Ad-Aware Free Gains Antivirus Abilities

2010-07-07T13:35:00.000-07:00

The paid upgrade versions of the popular malware remover Ad-Aware have offered antivirus support for more than a year, but now that feature, plus a long-awaited scheduler, have been added to the free version.
On Tuesday, Ad-Aware Free Internet Security 8.3 offered users of its free product those two new features in a minor update.

Ad-Aware Free Internet Security 8.3 finally offers its users a scheduler.
(Credit: Screenshot by Seth Rosenblatt/CNET)

Although the update sounds small, the addition of a scheduler comes after years of the publisher LavaSoft restricting the feature to its paid upgrades as bait to get users to buy a license. Many software publishers have similar business models, though there is an ongoing debate among users as to what is acceptable to restrict and what cripples a program's core functionality. While the scheduler doesn't affect the program's ability to function, many users felt that by forcing them to rely on themselves to run scans, the company was, in effect, making their computers less secure.

The antivirus feature is new to Ad-Aware, having only been introduced in 2008. Originally, the program used Avira's virus detection engine, but since 2009, the detection engine has been provided by Sunbelt Software. These changes to the free version of Ad-Aware put it on more competitive footing with other well-known free security programs, such as AVG, Avast, and Avira.

Latest Virus Threats Announced Online By Free Trial Spyware

2010-07-01T11:58:00.000-07:00

Jay Stamford of Spyware Free Trial has announced that Win32/Oficla.GN trojan is one of a number of recent virus threats. When the infected e-mail attachment is executed, it copies to a Windows system folder and modifies the registry to load automatically on next startup.

It also downloads and installs several malicious files in the infected system. This is low to medium security threat. "Spywares and adwares are not only annoying but more often than not tend to damage your computer software and sometimes can even cause some damage to your hardware too. These annoying bugs have become a bane for internet browsers worldwide.

They have become a normal occurrence that we sometimes tend to ignore but God forbid we should never accept." Said Jay Stamford, site manager of Spyware Free Trial Spyware is computer software that spies on your internet usage. It collects highly personal and confidential information like credit card numbers, IPs and even addresses. The spyware program gets the credit card entries as the user logs them on a web form or an online application. Some spyware are even programmed to record your usage of the internet, what sites you visit, what files you download and how long you stay online.

Smart phone under threat of attacks - Friendly Computers

2010-03-01T11:20:00.000-08:00

Smartphones are at risk of becoming the next major target for computer hackers. Researchers at Rutgers University presented their findings on cell phone vulnerabilities at a mobile computing workshop in Maryland, informing both users and phone manufacturers of the potential security threat. - Friendly Computers

Read more below…

“Smartphones are essentially becoming regular computers … they run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malicious,” said Vinod Ganapathy, assistant professor of computer science in the Rutgers School of Arts and Sciences, in a Rutgers press release.

Since 2006, attacks on cell phones have become more common. The first attacks on cell phones came in the form of multimedia messages. After the user’s phone received the message, the cell phone would continually process the information and drain the battery 20 times faster than regular use. While cell phones have become more advanced, the types of attacks have also become more sophisticated.

Ganapathy and his team worked on a specific type of nefarious malware dubbed “rootkits.” Unlike computer viruses, rootkits attack the heart of a computer’s software, the operating system.

Rootkits can only be detected through a program known as a “virtual machine monitor,” which examines every operating system operation and data structure. An anti-virus scan would be unable to detect this specific type of malware.

Combating rootkits on smartphones is impossible since smartphones lack a virtual machine monitor program due to processing constraints. The program simply demands too much processing resources and energy that a portable phone could currently support.

Rootkits can be dangerous for the user. Not only could the assailant eavesdrop on conversations and extract personal information from phone directories, they could even keep track of a user’s whereabouts by querying the phones’ Global Positioning System receiver.

In Europe and Asia, rootkits could even gain access to a user’s finances. With mobile phones that can make payments like a credit card, a rootkit could potentially make the phone issue “reverse SMS” orders, which would direct payments to the assailant.

Currently, rootkits can be spread through an online website or Bluetooth. A benign Bluetooth worm has already been discovered in Singapore. Security specialists speculate that it was simply a test of the efficiency and effectiveness of the infection mechanism and that a major virus might be in the works.

While there isn’t much that users can do currently to protect themselves from attacks, it is advisable to visit only credible websites and delete text messages from unknown senders.

Source: http://www.theticker.org/about/2.8220/smart-phone-under-threat-of-attacks-1.2174454

Killer Whale Video Spreading Viruses - Friendly Computers

2010-02-26T13:00:00.000-08:00

DENVER -- The IT and security firm Sophos is warning computer uses to be ware of messages and Web sites that claim to show video or pictures of the death of killer whale trainer Dawn Brancheau. - Friendly Computers

Read more below…

Hackers have created Web pages stuffed with content that appears to be video footage of the trainer's death, but the sites are actually designed to infect computers.

Brancheau was killed when the 12,000-pound killer whale named Tilikum dragged her into its pool and thrashed the woman to death as audience members watched in horror.

"It's hard to believe that anyone would want to watch video footage of this horrible death, but it's currently one of the very hottest search terms on the Internet," said Sophos Senior Technology Consultant Graham Cluley in a news release.

"These poisoned pages can appear on the very first page of your search engine's results, and if you visit the links you may see pop-up warnings telling you about security issues with your computer. These warnings are fake and designed to trick you into downloading dangerous software or handing over your credit card details," Cluley said.

Scareware and fake anti-virus attacks like this have become an increasingly common weapon. They have been seen following the deaths of several high-profile individuals including Patrick Swayze and Natasha Richardson.

"You could argue that anyone hunting for footage of this horrific accident deserves everything that's coming to them, but the real sick ones here are the hackers who are trying to profit from the death of an innocent woman in a tragic accident," Cluley said.

INTERNET PROTECTION TIPS:
•Security: Microsoft security
•E-mail: Cyber Alerts
•Download: Virus Definitions
•Download: Other Tools
•Download: Securities Update Vault

REMEMBER: Don't open e-mail attachments that end in .vbs, .pif or other unfamiliar extensions. Even if the e-mail appears to come from a trusted source, it could be someone "spoofing" an address. Confirm it's from who you think it's from before you open.
Sophos suggests you make sure your anti-virus software is up to date and be cautious about the links you click on.

"The general public would find it much safer to get their news from established news outlets rather than any Tom, Dick or Harry website on the internet. There are simply too many cybercriminals out there waiting to trip up the unwary," Cluley said.

Sophos makes anti-virus software and provides analysts on Internet security. Their Web site says they have 100 million users in 150 countries.

Source: http://www.thedenverchannel.com/technology/22682717/detail.html

UTA Prof.: Kneber botnet a new sort of stealth computer virus - Friendly Computers

2010-02-23T11:43:00.000-08:00

Businesses and government agencies have a new weapon to fear -- one that is stealthy, secretive and can steal secrets without easy detection, said Matthew Wright, assistant professor in the Department of Computer Science and Engineering at the University of Texas at Arlington. - Friendly Computers

Read more below…

A new generation of computer viruses have been born, according to Wright. This threat was furthered this week when news broke that Herndon-based NetWitness identified a virus, dubbed the Kneber botnet, that was able to affect up to 75,000 systems in 2,500 organizations worldwide.

“I think it’s very likely there are additional businesses that are affected, and they don’t know about it,” said Wright.

Based on NetWitness’ research, the new virus is able to gather log-in credentials for financial systems, social networking sites and e-mail systems from infected computers.

The source is hard to detect, Wright said.

He added that the creators of the new virus have essentially tied two types of malware, or negative software, together and created a system that allows all of the affected computers to talk to each other.

Wright said businesses should consider meeting with their security vendors or IT security groups to discuss handling or preventing these types of attacks. But don’t expect an ominous sign when your system has been hit.

“This is not going to take down your computers or cause trouble in any way,” he said. “It is going to stay low and quiet. The original goal is to steal online banking credentials.”

Wright said this new threat is real and even has the American government concerned.

“We’ve been seeing this trend over the past decade,” he said. “Hacking and virus-writing has gone from kids messing around with computers to pure criminalization. This is becoming a true criminal enterprise,” he said.

And what does the new generation of hackers want from companies?

“I don’t want to speculate too much," Wright said, “but any corporate secrets, technology that is going to be developed … anything about company projects.”

He added that the incentive for this information would be a criminal’s impetus to sell that information to competitors.

Source: http://www.bizjournals.com/dallas/stories/2010/02/15/daily37.html

Norton 360 checks the Web's rep to keep you safe from viruses - Friendly Computers

2010-02-17T10:06:00.000-08:00

Today Norton has announced a new version of its Internet protection suite, Norton 360 v4, which includes antivirus protection, smart startup, online backup and uses reputation to keep you safe from malicious websites and enjoying your computer. - Friendly Computers

Read more below…

As we discussed in our look at SafeCentral, protecting against viruses is difficult because new threats come up every day. While Norton hasn't gotten to the point that it has an emergency response team breaking down the doors of hackers, it is building a rep of keeping your computer safe by letting Norton 360 users rate the reputation of websites and threats. Since it has added reputation, the new tool has blocked a previously hidden threat for one out of two users and has had more than 177 billion reputation rankings since September.

Reputation helps users by preventing them from visiting one of the 27% of websites deemed poisonous by Norton. A great example of it in use is that if you search Google for "amy wynalda" 8 out of the first 10 search results are malicious; which, thanks to reputation,Norton 360 can protect you against.

One of the biggest things that Norton has worked on addressing in the recent releases of Norton 360 is providing users with potent protection without slowing down their computer. According to a new report from the Passmark Software benchmarking company, Norton has done a good job, as Norton 360 v4 was awarded best overall performance in January 2010.

As far as slowdowns go, a slow computer was recently noted as one of the top 10 workplace frustrations and slow to start up computers are the frustration of many home users, like my father, who simply want to get one thing done and get on their way.

One of the most common reasons that your computer is slow to start up, and even slow to run, are the numerous programs that launch every time you turn your computer on. Windows has a built in tool to edit the start up of programs and you can open up each program and turn off auto-start one by one. but the first option can be confusing for many users and one-by one removal can take a while if you don't know what you're looking for.

Norton 360 v4 has added a new tool called Start up Manager, which on average can cut 30 seconds off the time it takes your computer to turn on. Start up Manager makes uses of the reputation management that is a large part of Norton 360 and helps you decide what programs to remove from start up based on what other users have done. You can also set items to start up 5 minutes after your computer turns on so you can get to work faster.

In addition to the 2GB of online backup that has been included, Norton 360 v4 has added the ability to access this important data anywhere, including on your mobile devices. Shortly you will be able to access these files on Android devices, the iPhone and even the iPad. Another part of this feature is the ability to email large files securely so you can easily share with business associates and family members.

It is great to see that antivirus companies are focusing on the performance of their products which had driven many users away and led to headaches for those of us who provide IT support to friends and family. Tech savvy users will be able to achieve the performance boost of cleaning out their start up and using an online backup tool like Dropbox; but the addition of reputation ranking and performance boosts make Norton 360 v4 a complete package for people, like my parents, who want a central system for protection. Upgrade pricing starts at $59.99 and new one year subscriptions are available for $79.99.

source: http://www.walletpop.com/blog/2010/02/17/norton-360-checks-the-webs-rep-to-keep-you-safe-from-viruses/

Valentine's Day E-Cards May Contain Virus - Friendly Computers

2010-02-16T11:31:00.000-08:00

BOSTON -- E-cards may be a sweet gesture from your sweetie this Valentine's Day, but beware of e-mail scams sent by less than loving cyber-criminals. These criminals are taking advantage of the holiday to infect computers with nasty viruses, according to Internet security companies McAfee and AVG technologies. - Friendly Computers

Read more below…

"Beware that surprise e-card," wrote JR Smith, CEO of AVG in a blog post. "It could contain a whole load of heartache in the form of a hard drive hack designed to steal your identity."

Cyberscammers are sending e-cards with cute Shih tzu puppies, love notes reading "Deeply in love with you" and little red hearts to lure users to download a computer virus if they click on the links in the message.

To protect your computer, AVG and McAfee suggest that you do not open e-cards sent to you from people you don't know, or even e-mail the sender asking if they sent you an e-card. Do not open an e-mail with generic things in the subject line and make sure your security software is updated.

It is safer to copy and paste a URL from an e-mail into the browser than to click a link directly. E-card companies do not send cards as attachments. If you receive a card attachment, AVG suggests you delete the e-mail immediately.

Viruses from these e-mails, if clicked, may be installed without the user's knowledge.

If you suspect e-card an e-card contains a virus, you can file a complaint with the Internet Crime Complaint Center.

Source: http://www.thebostonchannel.com/news/22543278/detail.html

Computer virus attacks increasingly malicious - Friendly Computers

2010-02-11T12:11:00.000-08:00

Though the Gumblar computer virus and its variants initially targeted private firms, these viruses are now increasingly affecting Web sites of local governments, universities and independent administrative institutions. - Friendly Computers

Read more below…

Attacks by new types of computer viruses similar to Gumblar have recently come to light, with about 400 private firms' Web sites altered since late December, according to a survey conducted by a computer security firm.

In the attacks by Gumblar and its variants, people who visit infected Web sites are redirected to other sites that then install malware onto their computers, resulting in private information such as passwords and IDs being stolen.

While the purpose behind such attacks has been unclear, attackers using the new Gumblar-type viruses have a clearer criminal intent, as such viruses are capable of stealing credit card numbers - something that older versions of the Gumblar variants could not do.

The Web sites of Tokyo's Mizuhomachi town government and Hokkaido prefectural government have been affected by Gumblar or its variants. The Mizuhomachi town government Web site was altered on different occasions between Oct. 12 and 30, and the personal computers of about 8,000 people who visited the site could potentially have been infected with the virus.

For the Hokkaido prefectural government, eight government-related Web sites, such as that of the Hokkaido Lifelong Learning Promotion Center, were altered on different occasions between Dec. 11 and Jan. 5. During this period, a total of about 1,800 people reportedly visited these infected Web sites.

Due to fears that the personal information of residents and other people could be stolen via infected Web sites, the Internal Affairs and Communications Ministry is calling for local governments across the nation to introduce a Gumblar-detection system developed by the Local Authorities Systems Development Center, which is under the ministry's control.

Meanwhile, it also has been learned that other Web sites might have been infected with Gumblar or its variants, including those belonging to Tokyo University's Graduate School of Education and Faculty of Education; the Organization for Small and Medium Enterprises and Regional Innovation, Japan; Sapporo's parks and greenery association; and the Sendai International Relations Association.

"In addition to private firms' Web sites, Gumblar and its variants are now affecting other sites," an official at G Data Software K.K. said. "Attackers apparently target Web sites by using autopilot and other software."

Gumblar and its variants started circulating around the globe last spring. Though the attacks seem to have gone into respite, they flared up again around October. At that time, visitors to infected Web sites were redirected to other sites, where their personal information such as IDs and passwords could be stolen.

However, no actual damage was reported at that time, and the attacks tailed off again in mid-December.

Around that time, however, a third wave of attacks started. In these latest attacks, visitors to infected Web sites are redirected to illicit Web sites where the users inadvertently install bogus antivirus software that is capable of stealing credit card numbers. These Web sites also can make visitors' computers send spam e-mails.

According to a survey by Kaspersky Labs Japan, a Tokyo branch of a Moscow-based computer security firm, similar kinds of attacks have occurred on more than 380 Web sites in the country since Dec. 24.

"In the previous attacks, the intention of attackers was unclear. But in the latest attacks, there's clearly a financial motive," Suguru Ishimaru, an analyst at the company said.

"An increasing number of computers may have been remotely operated by third parties without the computer owners even noticing. Individual users should take protective measures, such as updating their (antivirus) software," Ishimaru added.

Source: http://www.philly.com/philly/business/technology/020810_malicious_virus_attacks_rise.html

Antivirus programs fail to stop new malware - Friendly Computers

2010-02-10T14:08:00.000-08:00

Nearly a third of PCs protected by up-to-date antivirus software show signs of malware infection, a new analysis based on real-world scans has found.

Dutch cloud security startup, SurfRight, studied scans from 107,435 PCs that had downloaded its cloud-based behavioural scanning system, and found malware on 35 percent of the machines, about what one might expect of the general population of PCs. More surprising, however, was that 32 percent of machines using a fully-updated antivirus programs also had such files present.

Although the much older Windows XP was more likely to have these files than other versions of Windows, all versions including Windows 7 had significant problems. Later service packs lowered infection levels, but not by enough to undermine the observation that malware is managing to get around installed protection often enough for it to be a concern.

The main reason that SurfRight is able to spot infections, it will claim, is its cloud model, which relies on uploading files to a host where they are run through a range of different engines (PCs run only one at a time) by the company's Hitman Pro 3 system. Systems are then analysed at a lower level, for instance by looking closely at the registry for inconsistencies.

"Our research shows that traditional antivirus software cannot keep up with cyber criminals," said SurfRight CEO, Mark Loman. "Despite all their efforts, it is often days or even weeks before some suppliers of antivirus programmes release a solution to a new threat."

So what is going wrong? In some cases, the fault might lie with the user and not the security product. The second most common type of malware found on 13,000 systems related to bogus anti-virus and spyware programs, which typically ask for user consent before installation proceeds. At that point the only line of defence would be the Windows User Account Control (UAC) which users are routinely said to ignore.

That aside, by far the largest group of infections was for 'generic' malware, which is to say files that are believed to be malevolent due to their design and behaviour but which simply have not been identified yet. These are the most dangerous type of malware because any single AV product will probably not be able to see many of them.
Nearly a third of PCs protected by up-to-date antivirus software show signs of malware infection, a new analysis based on real-world scans has found. - Friendly Computers

Read more below…

"We also found that not all programmes detect the same threats, so the only way for users to be really sure would be to combine multiple anti-malware programmes on their PCs." said Loman.

The company reckons that for as long as Windows can only cope with a single antivirus product on each PC, the answer is to give users a 'second opinion' using cloud technologies. It's a model that has been around for some years in a number of smaller vendors such as UK-based Prevx, and whose time might yet have come after investment in the idea by larger companies such as Symantec and Pandalabs.

The company's scanner can be downloaded from the SurfRight website and claims to check each PC in minutes without conflicting with installed software. The software is free to use for scanning but activates a one-month free trial for removal if it encounters malware after which an annual malware removal subscription costs 17.95 euros ($24).

Source: http://news.idg.no/cw/art.cfm?id=B8791702-1A64-6A71-CE9B978133633493

More people falling for fake anti-virus scam - Friendly Computers

2010-01-27T16:11:00.000-08:00

If you're on your computer when a pop-up says your computer may be infected and recommends you click "OK" for a free scan, don't do it! - Friendly Computers

Read more below…

You could load a rogue anti-virus program on your computer.

"The bad guys will actually write a program that looks like it's going to help you with viruses," says Bob Sullivan, author of the book Stop Getting Ripped Off. "You download it and install it and you've just volunteered to be a criminal on behalf of the hacker because now they have control of your computer."

Sullivan says once that rogue software is in your computer, the cyber thieves may try to extort money.

"They'll try to charge you $10, $20, $30 to remove the software that they just put on your computer. The scam is widespread, it's growing quickly, it's harder and harder for the average consumer to tell what's real antivirus software and what's rogue antivirus software."

Play it safe and skip the free scans. Most are scams.

Buy your anti-virus software from a reputable retailer, in a shrink wrapped box or downloaded from a trusted site.

There are some good free anti-virus programs. Don't search for them -- go to download.com or pcworld.com so you get the real deal. If you have a PC, you can get Microsoft Security Essentials from Microsoft. It's free and does a good job.

Source: http://www.kpic.com/news/consumertips/82704457.html

ESET NOD32 An Effective Antivirus Solution - Friendly Computers

2010-01-25T11:38:00.000-08:00

(OPENPRESS) January 25, 2010 -- Antivirus security has become essential to safeguard computers from any unwanted viruses, worms, Trojans, spyware, adware, rootkits, phishing and such. - Friendly Computers

Read more below…

If your computer is only used for writing and printing purposes, excluding the use of internet, the chances of your computer getting affected by the outside Trojans is minimal. Still, some undesired malware may attack your computer, through the use of pendrives, CD, or other transferrable media. So it is wise to install antivirus security like ESET NOD32, to be on the safe side.

When you search for a security program for your computer, you may come across various packages that are offered free of cost. But compared to paid solutions, the efficiency of the free security pack is very low. Alternatively, you can get ESET NOD32 antivirus pack, which is alive constantly on guard, to sense and eliminate any kind of virus, at a very affordable cost. Further, there are multiple packages, which help you to choose according to your need and budget. If you want security just for Windows or Apple Mac or for both, there are program options to suit you.

Personal as well as business computers have some files stored in a corner of the computer, but when a virus invades the computer, it may damage your hard drive and stop the entire working condition of your computer to the point that your machine is incapacitated, requiring a trip to the local computer store, which is an unnecessary extra expense. Further, some of your secrets involved in the business may be stolen via virus and have the risk of tampering the exclusive nature of your product or service. Just paying a nominal amount for antivirus protection like ESET NOD32, can bring you peace of mind, as it is awarded, in the two subsequent years from 2006, as BEST antivirus Solution, by AV-Comparatives.

Apart from the awards, many users of ESET NOD32 have provided testimonials that explain all the efficiencies in protection of a computer. The company has included ThreatSense Technology in the packages, so that the efficacy of detection is much more advanced than other antivirus solution available on the market. Both obvious and mysterious threats to your computer are detected and eliminated with this powerful technology. You can easily download ESET NOD32 to your computer and use it without disturbing other tasks, as it does not require huge memory or other resources.

Virus creation is a business for the virus creators and they take effort and time to design them in such a way that the new ones can override the old defense solutions. Further, the modifications in the making of computers and software installed is constantly changing. Hence, it is crucial to look for the updated versions of antivirus solution. ESET NOD32 can offer you the security with the option of renewing each year, so that every year you get the latest program, according to your computer and to your budget. The updated technology fetches you the facility of automatic early detection and elimination of threats. ESET NOD32 is a great solution for any occasion.

Source: http://www.theopenpress.com/index.php?a=press&id=65848

Koobface virus plagues students - Friendly Computers

2010-01-21T12:01:00.000-08:00

To many people, "Koobface" may sound like a half-witted insult, but to the faculty, staff and students of Capital University, it means something much more. - Friendly Computers

Read more below…

Koobface is a new computer virus that surfaced sometime during Christmas break.

Information Technology does not know for sure when the virus started, but it was first noticed as the faculty and staff returned from break, Andrew Daugherty, student technical assistant in the tech department of IT, said.

"It's a pretty serious virus, and it is definitely one of the most widespread we've seen on campus," Daugherty said.

Koobface is spread mostly through social networking sites such as Facebook, MySpace and possibly even Twitter. Supposedly, the virus attacks through external links posted on a person's wall or page, often connecting to a video or photo.

Sometimes the external links or videos will ask a person to update the flash player or download some kind of program that looks legitimate, Rob Ahern, desktop administrator in IT, said.

"I would be wary if you are prompted to download a program while you are on a social networking site," Ahern said. "Even if the link is from someone you know, use your instincts."

"If you're going to download flash go to the actual website, don't trust a link or a pop-up," Daugherty added.

Once a computer is infected with the Koobface virus, it weakens the system and allows for other viruses to infect the computer as well. Once a computer has Koobface, it only gets progressively worse.

The virus is known to have a few common signs, although Ahern says if you're seeing these signs, it is probably already too late.

"The first characteristic of the virus is browser hijacking. At anytime you can be redirected to a page with malicious intent, and it can actually force you to download the virus," Daugherty said. Even safe downloads like Yahoo messenger, for example, can be unknowingly redirected and begin loading Koobface onto your computer.

Daughtery said a second trait of the virus is having multiple Internet Explorers or My Documents windows opening at the same time.

"They can open upwards of 250 windows at once," Daugherty said.

"If Internet Explorer, or the 'blue e' as many people call it, begins to act funny or flaky, get it checked out quickly. If it crashes a lot or even simple Google searches get messed up, it needs to be addressed," Ahern said.

The final known characteristic of the virus is that it can taunt you by name.

"It's really creepy," Daugherty said. "It can actually say something like 'Haha, Andrew, you can't get rid of me!'"

The damages associated with Koobface are similar to other types of viruses. If taken care of quickly there may be no serious damage done to the computer, however if the computer is exposed long enough, it can completely ruin the system and crash the hard drive or other components.

"You might have to re-install windows or even get a new computer completely," Daugherty said. "But hopefully you can catch it in time and simply delete it and have your computer back to normal. The virus is only affecting Windows, it is of no danger to Macs."

The common treatment of Koobface includes running a special virus scan that can take anywhere from ten minutes to over an hour. There is no guarantee that a computer can be fixed or that the data saved on it can be restored to its original form.

Ahern calculated about 15 to 20 faculty cases so far, but is unsure of the number of student cases. Most of the computers IT has fixed have taken 15 to 20 minutes and have been restored to working condition.

Steve Kall, sophomore, is a student affected by the virus. A friend posted a link to his wall telling him to watch himself in a funny video. When Kall clicked on the link, he was prompted to update his flash player and did so. From there, he could not get the windows to close or any other programs to open.

"Internet Explorer kept opening and asking me to run and download programs that weren't even on my computer," Kall said. "I took my computer to IT and they were able to fix it for me. I've had no problems since then."

Daugherty's best advice for avoiding the devastating effects is to back up data onto an external hard drive, even if you have a Mac.

"Most hard drives come with programs to back up data with. Or you can ask IT for help or do a Google search on your own. If you do a web search, be careful of what you download, though, because it might just be a scam to download a virus," Daugherty said.

Source: http://media.www.capitalchimes.com/media/storage/paper1195/news/2010/01/21/News/Koobface.Virus.Plagues.Students-3855430.shtml

Free antivirus drives AVG to 110M users - Friendly Computers

2010-01-20T14:10:00.000-08:00

Free is a good price. Just ask AVG Technologies, which announced today that active users for its antivirus software have now surpassed 110 million. - Friendly Computers

Read more below…

The Amsterdam-based company gives away its antivirus software for free. Most people use the software for free, but they can also pay to upgrade it to a full-featured security software suite. Back in October, the company said it had 85 million users, so the growth rate is impressive.

The company announced today that it will keep J.R. Smith as the chief executive as the company prepares for an initial public offering at an unspecified point in the future.

In each of the last three years, the company has posted a 75 percent increase in revenues. Dale Fuller, chairman of AVG, said that the board was initially looking for a CEO who had experience taking companies through public offerings — an experience that Smith does not have. But after another successful year, Fuller said that Smith’s ability to execute and his vision are far more valuable to the company.

AVG offered its first suite of free software in 2005 and launched its ninth version in October. In 2009, it averaged more than 1.5 million downloads per week, and total downloads in the year surpassed 251 million. Of the 110 million users, it’s not clear exactly how many are paying for premium software.

Microsoft announced last October that it was going to launch its own free antivirus software, Microsoft Security Essentials. While Microsoft is offering bare bones protection for free, AVG has added a lot of protection over the years through the acquisition of startups.

The company makes money by selling a paid version of its software starting at $34.99. With that, you get customer support, protection from infections via instant messenger chat, and a “root kit” that can protect against hidden threats. Future expansion areas include protection for cell phones and Mac computers. AVG was founded more than 18 years ago. In 2006, the company received $52 million in private equity investments from Intel and Enterprise Investors. Benson Oak Capital also owns about 35 percent of the company. Smith joined in 2007 and the company has since managed to fend off challengers and keep growing.

Source: http://venturebeat.com/2010/01/19/free-antivirus-drives-avg-to-110m-users/

New Version Of Avast Antivirus Software Introduced - Friendly Computers

2010-01-19T13:12:00.000-08:00

A new version of what many people regard as the best free security product available has been released. Avast Free Antivirus Version 5.0 is available, and it comes with more than just a simple upgrade or tweak compared to the previous offering. - Friendly Computers

Read more below…

New Version Of Avast Antivirus Software Introduced

The most noticeable change relates to the interface. Say "goodbye" to the dated design that, for no apparent reason, looked like a music player. The new one has navigation tabs and more text, making it appear much more like the useful computer program it is.

At the same time, Avast worked to make its software less intrusive. The free registration process has been reduced to a single click, saving people from filling out forms and providing their email addresses. A gaming mode's been introduced, too, so that not-critical reminders don't interrupt users' virtual firefights.

And of course, Avast tried to make sure its software keeps folks safe. Vincent Steckler, the CEO of ALWIL Software (which is Avast's developer), wrote on a corporate blog, "[I]n addition to the signature-based AV protection that you would expect, you also get all the modern detection techniques. Central to this is protection against web threats. These are 85% of the threats our users see . . . . There are also heuristic detections, behavioral detections, and just about any type of protection you can think of."

Not a bad deal, considering it's all available at no charge. Avast may well gain additional market share with this new version.

Source: http://www.securitypronews.com/insiderreports/insider/spn-49-20100119NewVersionOfAvastAntivirusSoftwareIntroduced.html

Internet security comes into sharp focus after Google attack - Friendly Computers

2010-01-15T11:27:00.000-08:00

Following news that Google's (NASDAQ: GOOG) Gmail service was the target of an attack from Chinese hackers, websites - Google included - are beefing up their security procedures. - Friendly Computers

Read more below…

Google said it would make an encrypted connection the default for Gmail users in a bid to ensure user safety.

Facebook announced this week that it would partner with security software provider McAfee to better protect the popular social networking site. Users with compromised accounts will be able to scan their computers for viruses or malware at no charge.

The goal, said Facebook global communications vice president Elliot Schrage, is "reducing the possibility of threats being brought onto our service by unsuspecting users."

Antimalware software developer BitDefender suggests that social networking sites like Facebook will increasingly become the target of malware developers. The sites' overwhelming popularity - Facebook has an estimated 350 million users - makes them low-hanging fruit for hackers.

Another software company, Kaspersky, predicts that attacks on iPhone and Android mobile platforms will become more prevalent this year. Research firm ABI Research released this week a report on mobile security trends, saying that the market for mobile device security software will grow by a factor of five in the next half-decade.

Source: http://www.nasdaq.com/newscontent/20100115/internet-security-comes-into-sharp-focus-after-google-attack.aspx?storyid=19558991

Intego Releases VirusBarrier X6 - Much More than Just an Antivirus - Friendly Computers

2010-01-13T15:06:00.000-08:00

Austin, TX - Intego, the Mac security specialist, today announced the release of VirusBarrier X6, the latest version of its acclaimed antivirus and anti-malware software that has garnered excellent reviews from the Mac press. VirusBarrier X6 now provides comprehensive protection from both malware and network threats. - Friendly Computers

Read more below…

VirusBarrier X6 is the only antivirus program for Mac that includes full antivirus and anti-malware protection together with a two-way firewall, network protection, anti-phishing, anti-spyware features and more.

As malware changes, protection needs to be reinforced

While viruses, Trojan horses, worms and other forms of malware are a constant threat to computers of all kinds, cyber-criminals are turning to new techniques to infect and control Macs. These new threats come silently, with little warning, over the Internet: in many cases, simply visiting a booby-trapped web page can compromise a Mac. Focusing on malware or network attacks alone is no longer sufficient to protect Macs from the dangers of the Internet.

Comprehensive protection with VirusBarrier X6

VirusBarrier X6, the latest version of Intego's network and malware security program, includes threat-detection techniques, improved methods of detection, combined detection protocols, proactive behavioral analysis, and a full range of defensive functions. VirusBarrier X6 protects Macs from all known network-based threats, as well as all known malware.

Customers spoke, we listened

Intego's customers have told us what they wanted, and we listened. VirusBarrier X6 includes many major changes compared to the X5 version. Here's some of what we've done to make VirusBarrier X6 the best Mac security program:

* New low price: customers told us they wanted lower prices; we made VirusBarrier X6 much less expensive than the X5 version.
* Standard license protects two Macs: many of our customers have both desktop and laptop Macs, and want to be able to use VirusBarrier on both computers. Our standard license now protects up to two Macs.
* Family savings: families with multiple Macs can now buy 5-Mac family packs for just a bit more than standard license to protect their entire family, offering the lowest cost per Mac for multi-Mac users.
* Integrated two-way firewall: an antivirus is no longer enough to protect Macs from the dangers of the Internet. We've added a powerful 2-way firewall to VirusBarrier X6, making it the only antivirus for Mac with comprehensive protection.
* Phishing protection: phishing is one of today's most serious threats, where scammers attempt to fool users into giving up personal information on bogus web sites, and VirusBarrier X6 provides robust protection against this menace.
* Protection against all types of malware: with new threats, Mac users need new protection. VirusBarrier X6 protects against all types of viruses and malware, as well as network threats, phishing, spyware and much more.

More than 100 new features

In addition to being the best defense against viruses and malware for Macs, VirusBarrier X6 adds more than 100 new features that provide hardened security and help protect against the latest threats. Here are some of them:

* Two-way firewall: VirusBarrier X6 now includes a powerful two-way firewall, extending the program's protection beyond detecting and eradicating malware. This firewall offers preset configurations, for most users, and customizable, rule-based settings for advanced users, to protect Macs from dangerous network traffic.
* Antivandal and web threat protection: VirusBarrier X6 protects users from intrusions, attacks and booby-trapped web pages. A full range of features is included to protect against the many new types of threats facing Internet users.
* Dynamic Code Monitoring: Intego's new technology detects suspicious actions carried out by applications that may be malicious, and detects malware by examining its code as it acts in real time.
* Phishing protection: Mac users are protected from phishing web sites that try to trick them into entering personal information, such as a credit card number or a password, on a site that looks exactly like a valid web site.
* New types of malware detected: VirusBarrier X6 detects a wide range of new types of malware, such as scareware (software that tries to trick users into thinking their Mac is infected, in order to get them to pay for software), spyware (including commercial software used as keyloggers or monitoring tools), hacking tools, dialers (software that initiates phone calls to premium-rate phone numbers), proof-of-concept malware (software designed to show how to exploit a vulnerability, which is not circulating "in the wild"), and more.
* Fine-tuned scanning and security policies: choose from a number of detailed options to determine exactly what is scanned and when, and the type of threats that VirusBarrier X6 scans for. There are also basic settings for users who don't need such detailed options.
* Performance control: users can choose a level of CPU time to be allocated to background scans, in order to optimize CPU and disk priorities for malware scans.
* 64-bit software: all of Intego's software is now provided with 64-bit code, fully compatible with Snow Leopard, and ready for the future.

System Requirements:
* Mac OS X 10.5 or 10.6 (Leopard or Snow Leopard)
* Runs on Macs with Intel or PowerPC processors

Pricing and Availability:
VirusBarrier X6 is available now. Standard licenses protect up to 2 Macs. Also available: 5-Mac family packs and multi-seat licenses. For pricing and upgrade information, see Intego online. Also available is Internet Security Barrier X6, which includes VirusBarrier X6 and four other Intego programs, ContentBarrier, Personal Backup, Personal Antispam and FileGuard, providing parental control, backup, antispam, confidential document protection features and much more.

Intego
VirusBarrier X6

Intego develops and sells desktop Internet security and privacy software for Macs. Intego provides the widest range of software to protect users and their Macs from the dangers of the Internet. Intego's multilingual software and support repeatedly receives awards from Mac magazines, and protects more than one million users in over 60 countries. Intego has headquarters in the USA, France and Japan. For further information, please visit them online.

Source: http://prmac.com/release-id-10021.htm

Good boot: If computer is slow, it's most likely something you've done - Friendly Computers

2010-01-11T13:20:00.000-08:00

For those who may be wondering who or what contributed most to robbing their computer of its speed, I suggest it's more than likely a who, who did it and the who is you. - Friendly Computers

Read more below…

Perhaps a kinder and gentler way to put it is that although your computing regimen has always been marked by good intentions, because you became less vigilant about safeguarding and cleaning your system, you robbed it of its vitality and transformed it from a sprinter into a dawdler.
And here's how you did it.
You failed to control your addiction to installing junk software that bloated your registry with conflicting information, installed poorly written applications that cluttered your system with unnecessary DLL files and added unnecessary, always-running-in-the-background services.
Obviously listing all the applications I've discovered over the years to be "junk" is not possible, but I can suggest three categories of applications to avoid.
1.Utilities claiming they'll "Optimize Your RAM" or "Speed Up Your Computer". More than likely they'll either slow it down or do nothing at all.
2.Poorly written Explorer plug-in applications. Because they hook directly into Explorer's shell may slow down and in a worst case scenario crash your computer.
3.Registry Cleaners. Unless you're at least a bit beyond novice do not install a Registry cleaner. Novices will often discover that cleaning their Registry is a lot like playing Russian Roulette. And even if you consider yourself a bit beyond novice, do not allow your Registry cleaner to run in the background. Most versions will significantly hog your Windows resources.
Also do not install multiple anti virus applications. Multiple anti virus programs are counter productive and can create serious Registry problems.
And do not select an anti virus program by the number of features its vendor advertises. Bloated anti virus programs like Registry cleaners will make extraordinary demands on your system's resources.
In fact, I suggest you investigate AVG (the free version) and Microsoft's Security Essentials (now offered as a free download).
Beware becoming a junkie of junk applications, but if you've been seduced and your computer has gone from sprinter to a dawdler, I suggest you:
Identify your junk applications and use Revo Uninstaller (revouninstaller.com) to uninstall them and clean your computer of application leftovers.
Better yet, why not start the New Year right by inviting a qualified technician to your home and, with all your peripherals attached, thoroughly purge the junk from your computer.
Here's wishing you a Good Boot

Source: http://www.news-press.com/article/20100111/COLUMNISTS18/1110313/1014/business/Good-boot--If-computer-is-slow--it-s-most-likely-something-you-ve-done

BitDefender 2010 Security Editions Launched - Friendly Computers

2010-01-08T12:23:00.000-08:00

BitDefender has introduced latest customized editions of its Internet Security
and Antivirus solutions for its consumers through Unistal. - Friendly Computers
Read more below…

BitDefender Internet Security 2010 locks out viruses, hackers and spam, while providing parental control and firewall protection. BitDefender 2010 features Active Virus Control security system, which constantly monitors all the processes on your PC, blocking any malicious behaviour before it can cause any damage. BitDefender's optimized scanning avoids scanning of files that are known to be safe. As a result, BitDefender 2010 scans your PC in half the time needed by previous versions, while using fewer resources.

BitDefender 2010 also features three dashboard views - Novice, Intermediate, and Expert - to better accommodate users with different levels of PC knowledge.

Even the parental control is better than earlier versions. The Parental Control module features a newly added reporting system allowing parents to view what websites their children visit. Moreover, parents can set specific time intervals in which their children are allowed to access the Internet or use certain applications. BitDefender detects and blocks attempts to change critical system files or registry entries on your PC and warns you about attacks performed by code injection (DLL injection).

BitDefender Antivirus 2010 provides advanced proactive protection against viruses, spyware, phishing attacks and identity theft, without slowing down your PC.

Other features of importance that BitDefender Internet Security 2010 and BitDefender Antivirus 2010 have include the following:

• Blocks spyware programs that track your online activities
•Blocks web pages that attempt to steal your credit card data
•Prevents personal information from leaking via e-mail, Web or instant messaging
•Instant Messaging Encryption keeps your conversations private on Yahoo! and MSN Messenger
•Reduces the system load and avoids requesting user interaction during game play
•Laptop Mode prolongs battery life

Bit Defender Internet Security 2010 - 3 Users - is available for Rs. 1,750 (MRP), while you can get BitDefender Anti Virus 2010 - 1 User - for Rs. 750 (MRP).

For further details on BitDefender 2010, visit www.bitdefender.com/world
You can download the demo from www.unistal.com/bitdefender.html

Source: http://www.techtree.com/India/News/BitDefender_2010_Security_Editions_Launched/551-108545-582.html

Virus can put child porn on your computer - Friendly Computers

2010-01-06T12:28:00.000-08:00

St. Petersburg, Florida - Experts are warning about a new virus that can be used by pedophiles to store child porn on your computer. The worst part is, the victims are not aware that the child porn is being stored on their computers. - Friendly Computers

Read more below…

"It's the worst possible scenario that you could have," said Robert Dobbs with the Geek Squad.

Dobbs tells 10 Connects they have not had any local cases, but says there have been several cases nationally.

The Associated Press recently finished an investigation and found cases in which innocent people were branded as pedophiles because the virus attacked their computer. In the case of Michael Fiola, the AP says he was arrested and charged before he was finally exonerated. Fiola says he spent $250,000 to clear his name.

To best avoid getting the virus, Dobbs says follow these tips:

•Have an antivirus program that automatically scans your harddrive.
•Make sure you empty out your temporary internet files.
•Avoid file sharing websites.

Source: http://www.wtsp.com/news/local/story.aspx?storyid=121424&catid=8

Computer questions answered - Friendly Computers

2010-01-05T10:33:00.000-08:00

READERS have raised queries about the need for virus protection while another is off around Australia and wants to keep in touch on the cheap. - Friendly Computers

Read more below…

Q I am running Spybot, Avast and PC Firewall. Do I need any additional protection for my laptop?

A It depends on what you do with the laptop. These free programs are all fine but they are not integrated so viruses and spyware can slip between the cracks. My tip for 2010 is to buy a fully integrated internet security suite like AVG 9.0 or Norton Internet Security. In my opinion the risks are now too great to rely on freeware security programs if you plan to do internet banking or pay your bills online.

Q I have been using AVG 8, Spybot, CleanUp and, occasionally, CCleaner without problems. I took my PC tower for a clean and service and the company removed AVG 8 and installed an Avast anti-virus program. They also reinstalled Spybot, deleting Tea Timer. Their reasoning for the AVG 8 change was that "it hasn't been any good since December and doesn't remove all the viruses". Is there any truth to this?

A There are so many myths out there and most are based on personal preference or bias, not experience. Please refer to the previous question on freeware virus and spyware. I think AVG 9 is one of the best and the free version is certainly more fully featured than most other free programs but it's not enough to cover all contingencies.

Q My wife and I are about to embark on a caravan trip around Australia and would like your advice on the cheapest and most efficient means of keeping in touch via email. Public libraries are useful but are often booked out.

A The best answer, though not the cheapest, is to get a Telstra NextG smartphone that allows tethering (connecting to a PC or laptop via USB) and buy a data pack from Telstra. You can get 150Mb per month for $10 and it will work in most places and should cover monthly email access unless you are sending lots of photos. You don't need to buy a top-end smartphone to get tethering. If you have WiFi in your notebook you can also use it at net cafes but be sure to have a full internet security suite like AVG 9.

Source: http://www.news.com.au/couriermail/story/0,23739,26556584-8362,00.html

Expect new, evolving computer viruses in 2010 - Friendly Computers

2010-01-04T11:56:00.000-08:00

McAfee is becoming the Nostradamus of the antivirus software world. - Friendly Computers
Read more below…

This week, the Santa Clara, Calif., firm came out with its 2010 threat predictions report. Among the dire predictions — cybercriminals will target social networking sites and third-party applications and use more complex Trojans and botnets to build and execute attacks, according to McAfee Labs.

Still, McAfee Labs also predicts 2010 will be a good year for law enforcement’s fight against cybercrime.

"Over the past decade, we’ve seen a tremendous improvement in the ability to successfully monitor, uncover and stop cybercrime" said Jeff Green, senior vice president of McAfee Labs. "We’re now facing emerging threats from the explosive growth of social networking sites, the exploitation of popular applications and more advanced techniques used by cybercriminals, but we’re confident that 2010 will be a successful year for the cybersecurity community."

Here are some online threats to watch out for:

Social networks will be the vehicle for emerging threats. Facebook, Twitter and third-party applications on those sites will make computers more vulnerable to attacks. Cybercriminals will take advantage of friends trusting friends to get users to click on malicious links. The use of abbreviated URLs on sites like Twitter makes it easier for criminals to lure people onto a bad site.

Malware. Internet surfers will continue to shift their activities away from their desktop to online applications, allowing malware writers to prey on them.

Trojans. Trojans, which can spread bad software to computers, will become more sophisticated in 2010 and easily get around current protections used by banks. New techniques include a Trojan’s ability to silently interrupt a legitimate transaction to make an unauthorized withdrawal and simultaneously check the user’s transaction limits to avoid alerting the bank.

Cybercriminals. They will target popular programs such as Adobe Reader and Flash.

In 2009, McAfee Labs saw an increase in attacks targeting client software. Cybercriminals will target Adobe products, primarily Acrobat Reader and Flash, two of the most widely deployed applications in the world. McAfee Labs expects Adobe product exploitation will likely surpass that of Microsoft Office applications in 2010.

Botnets. The versatile software will spread stolen computing power and bandwidth around the globe.

Source: http://www.nj.com/business/index.ssf/2009/12/expect_new_evolving_computer_v.html

XSS Attacks Pushing Fake Antivirus - Friendly Computers

2009-12-29T11:23:00.000-08:00

According to the security researchers at Zscaler (a cloud security company), malware distributors are exploiting security flaws in news.com.au, lawyer.com, appleinsider.com and many other legitimate websites to thrust fake antivirus software on unwitting computer users. - Friendly Computers

Read more below…

Zscaler states that the currently spreading attacks are worth noting, as they exploit cross-site scripting or XSS flaws to conceal malicious links inside the URLs of reputed websites. Consequently, people in the hope of viewing websites that they know as well as trust land on a page, which make them think that their PCs are infected by malware.

Mike Geide, Senior Security Researcher at Zscaler, said that the interesting fact about the attacks was that they had embedded iframes to divert people elsewhere, as reported by The Register on December 16, 2009.

It is still not known who the individual or group of individuals is responsible for the XSS attacks. However, it is not difficult to understand the motive behind these attacks, which is to exploit people's faith on a familiar website so that malware distributors can load fake anti-virus software on the maximum number of computers possible.

Moreover, these malware distributors also exploit the situation of a large time gap between the injection of malicious software into users' computers and the development of an antivirus product by AV firms to detect and block that software.

As earlier exploration of such AV software has indicated, cyber criminals, who thrust fake AV programs, make huge amounts of dollars every month.

Further, hijacking of legitimate websites for distributing fake antivirus is not anything new. Earlier this year (2009), criminals hijacked the website of NY Times for the same purpose and soon thereafter the Gizmodo site as well.

In fact, security companies describe FAKEAV as a rising hidden threat. Over the recent years, this threat has been escalating vastly. Computer security company 'PandaLabs' substantiated this with its detection of 374,000 FAKEAVs during Q2 2009. McAfee, another security company, too notified a similar trend.

Finally, it can be said that the threat of fake antivirus requires to be tackled urgently.

Source: http://www.spamfighter.com/News-13664-XSS-Attacks-Pushing-Fake-Antivirus.htm

You Don't Need to Regularly Reinstall Windows; Here's Why - Friendly Computers

2009-12-28T14:24:00.000-08:00

One of the most persistent myths about Windows is that you need to reinstall the operating system regularly to keep it running at top performance. Let's take a look at the real problem and how to fix it. - Friendly Computers

Read more below…

Today we're talking about the myth that Windows slows down over time, and how to solve the problem. The reality is that Windows doesn't slow down if you just take care of your PC a little more. Follow these procedures, and you won't have to wonder if spending hours backing up data, installing from disc, and re-installing your essential applications is really necessary.

What Does Slow Windows Down Over Time?
I'm not going to sit here and tell you that your Windows PC will never slow down—because for many people, they almost always do. What actually slows your PC down are too many poorly written applications that stay resident in memory and waste CPU cycles, having too many badly written low-level applications that hook into Windows, or running more than one antivirus application at a time. And of course, if you've run your PC's hard drive out of space, you can hardly blame Windows for that.

If you aren't getting the picture, the problem is usually the person behind the keyboard that installed too many junk applications in the first place. More gently put, it's often that (very well-meaning) person's gradual easing of their safeguards and cleaning regimens as time goes by.

Stop Installing Junk Applications
Installing software should be thought of like feeding your PC. If you constantly feed your PC garbage apps, it's going to get sick and won't be able to run fast anymore. These poorly written applications clutter your drive with unnecessary DLL files, add always-resident Windows services when they don't need to, bloat up your registry, and add useless icons to your system tray that waste even more memory and CPU cycles. Usually you can get away with using a few terrible applications, but as you continue to install more and more of them, your PC will slow down to a crawl.

Be Smarter About What You Do Install
We feature and recommend a lot of software applications around here, but you should keep in mind that we aren't trying to tell you to install every single one of them at the same time-just install the applications that you actually need and you'll generally prevent the dreaded format and reinstall.

Here's a few tips to help you know what applications you should be careful with:

Apps that function as an Explorer plug-in, because they directly hook into the shell and any problem will make your entire PC slow or in the worst case, crash repeatedly.
Antivirus applications are notorious for slowing your PC down, and you should never, ever, ever use more than one real-time antivirus application at a time. We recommend Microsoft Security Essentials as a free, fast, and awesome antivirus tool.
Anything that says it will "Speed Up Your PC" or "Optimize Your RAM" will most likely slow it down, or best case, do nothing at all. Avoid these like the plague.
Make sure to install official system drivers from the manufacturer website. Drivers have a huge impact on performance, and you want to have stable, updated drivers.
Registry cleaners are a mixed bag, and really aren't going to speed up your PC in most cases. The biggest problem, however, is that too many of the commercial registry cleaners set themselves to run at startup in the system tray, wasting your memory and CPU cycles.
You should strongly consider the idea of using portable applications wherever possible, since their self-contained nature means they won't clutter up the rest of your PC with things you don't need.
Keep Your Computer Clean and Trim
Once you've rid yourself of your junk application habit and resolved to only use healthy, useful applications, you'll want to make sure to keep your PC clean of any remaining clutter that doesn't need to be there. You can set up a shortcut to manually run CCleaner silently with the push of a button, but your best bet is to set up CCleaner to run automatically on a schedule, so you don't have to remember to do it.

Since CCleaner is only going to clean up temporary files, you'll still need a good solution for keeping the rest of your PC clean-and Lifehacker's own Belvedere can help you automate your self-cleaning PC or automatically clean up your download folder.

With all of this automated file deletion going on, your hard drive is likely to get a bit fragmented. If you're already running Windows 7 or Vista, automatic defrag comes out of the box and probably shouldn't be messed with, but Windows XP users will need to use Windows Tasks to setup a schedule and automatically defrag their drives.

Use a Virtual Machine or Sandbox to Test Software
If you still want to test out all of the latest software, including apps that look a bit rough around the edges, your best bet is to use a virtual machine to test out anything before putting it onto your primary operating system. You can install all of your software in an XP or Windows 7 VM just like it was a real PC, and with the latest VMWare player releases, you can even enable Windows Aero in a guest VM. If you are new to the idea and need some more help, you should check out our beginner's guide to creating virtual machines in VirtualBox, or Windows 7 users can check out our guide to using XP Mode. If you don't want to go the virtual machine route, Windows XP and Vista users can alternatively use Windows SteadyState to protect their PC and roll back all of the changes on a reboot.

Source: http://lifehacker.com/5435523/you-dont-need-to-regularly-reinstall-windows-heres-why

The new look of Mobile security - Friendly Computers

2009-12-23T11:39:00.000-08:00

BURLINGAME, USA: Our phones are becoming more like computers with every passing day. The good news is that we can take our data anywhere and work wherever we'd like. The bad news is that our phones are becoming more vulnerable to spyware, viruses and other attacks. - Friendly Computers
Read more below…

A start-up called Lookout is trying to make phones safer and views itself as the "Symantec or McAfee of the mobile space." In 2010, the company will offer software that can scan phones to determine which apps are safe and which are not. "Applying PC solutions to a mobile problem just won't work," says Lookout Chief Executive John Haring.

Yahoo! BuzzHere's how Lookout's technology works: You download the software, sign up for an account and configure the options you want to enable. The software offers anti-virus, data backup and device location. Then, when you download a new app from, say, the Android Marketplace, Lookout's software automatically scans the app and alerts you to take action if an app contains spyware or other malware.

"As marketplaces become more open, and a guy from Romania is next to Google, it becomes hard to tell what's good and what's not," says Lookout Chief Technologist Kevin Mahaffey. "We see a tremendous need for someone to pass an opinion."

Lookout's technology works on Microsoft's ( MSFT - news - people ) Windows Mobile, Google's Android, Apple's ( AAPL - news - people ) iPhone and Research In Motion's ( RIMM - news - people ) BlackBerry platforms.

Haring says Lookout will release all of the applications in 2010, and begin development for the Symbian platform, the world's most popular mobile operating system. For now the software is free to use, and Lookout plans to introduce premium features and subscription accounts later next year.

Source: http://www.ciol.com/Technology/Security/Feature/The-new-look-of-Mobile-security/231209129273/0/

Facebook Trojan: Brazen, but (Luckily) Benign - Friendly Computers

2009-12-22T11:57:00.000-08:00

Third-party application called "Phutos" was able to mimic Facebook's native functionality. - Friendly Computers

Read more below…

This past weekend, a Trojan mimicked Facebook's native functionality and sent notifications on the user's behalf. While Facebook says that the application was harmless, its ability to break through a boundary of trust on the platform alarmed me.

The Trojan came to my attention on Saturday after I received several Facebook notifications (in the form of a red number in the bottom right of the page) telling me that friends had commented on my photos. It was the same notification that I receive on a day-to-day basis.

When I clicked on the notification, it attempted to load an application called "Phutos," which wanted access to my personal information and social network. I declined. A few minutes later, another notification appeared, but I was not taken to the application screen after I clicked on it. That seemed fishy, so I decided to review my applications.

"Phutos" was under my list of recently used applications-even though I never authorized its installation. At that point, I uninstalled the application and notified Facebook of my findings. Obviously, I also had some questions for it.

Facebook spokesperson Simon Axton stayed in steady contact with me over the weekend, and informed me on Monday that the company had disabled the application because it violated Facebook's Developer Principles and Policies. Facebook had determined that the application did not contain any malware, and has a dedicated enforcement team that investigates reports about suspicious applications, he told me.

When I asked what else Facebook does to protect its users, Axton said "We rely on reports from users for suspicious applications. Our team also conducts spot reviews of top applications and of many other applications, including looking at the data they need to run the application versus the data they gather. When we find a violation, we take action to enforce our policies."

It's great that Facebook says it's taking its users' safety seriously, but I am taken back by how easily a third-party application could mimic Facebook's default Web applications. Users can now specify what information applications may access, but everyone uses Facebook differently, so there is a bounty of information for malware to exploit.

There should be a wall between the Facebook development platform and the applications that make up the site itself.

Source: http://www.pcworld.com/article/185274/facebook_trojan_brazen_but_luckily_benign.html

Microsoft Virus Scanning Recommendations Bring Risks - Friendly Computers

2009-12-21T11:16:00.000-08:00

We have recently received queries from customers about the official exclusion list recommendations from Microsoft. It seems that they have published a Knowledge Base entry that lists down recommendations to improve performance in Windows when running antivirus scanners. - Friendly Computers
Read more below…

This list recommends customers to exclude certain extensions and folders from antivirus scanning. Now, although it actually makes sense to stop checking Windows Update and some Group Policy-related files if you really want to speed up the system, we are concerned by the fact that this was released publicly.

This is an overview of these recommendations from Microsoft:

Certain files in the SoftwareDistribution folder.
Certain specific filename (for example: edb.chk)
A small extension list in certain specific folder (*.log)
Plus, some other similar lists for the Group Policy.

Following the recommendations does not pose a significant threat as of now, but it has a very big potential of being one. Cybercriminals may strategically drop or download a malicious file into one of the folders that are recommended to be excluded from scanning, or use a file extension that is also in the excluded list.

We find it sensible for users to aim for better system performance. However, we also think that excluding certain file types or folders from antivirus scanning is not something novice users should tinker with. Doing so may expose the system to risks that can lead to an inconvenience far more severe than a slightly slower system.

In line with this, we advise users to educate themselves fully about these recommendations before taking any actions. We recommend users not to exclude any file, unless there is a critical reason to do so, and be aware of the risks entailed by such an action.

Source: http://blog.trendmicro.com/microsoft-virus-scanning-recommendations-bring-risks/

MP3 Spam Is Back! - Friendly Computers

2009-12-18T15:28:00.000-08:00

Old trends never die, it just resurface from time to time. - Friendly Computers
Read more below…

Case at point, spammed messages that have attached MP3 files, which was last seen two years ago, made its presence felt once again today.

Trend Micro researchers were alerted to the discovery of spammed messages that bore no subject and body content. The email message only contained a MP3 file that when executed, a voice advertising Viagra pills and other sexual enhancement pills is heard. The said “voice” also entices users to visit a certain URL, which points to the all-too familiar Canadian pharmacy sites.

In the past, Trend Micro has blogged about how cybercriminals utilized MP3 files or purport as such to proliferate their malicious activities in the following blog posts :

Storm Pump-and-Dump: The Musical
Music Unleashes the Malware Beast
Users are strongly advised not to open and execute attached files from unknowing users. Trend Micro secures users from this attack via its Smart Protection Network that blocks the said spammed messages.

Source: http://blog.trendmicro.com/mp3-spam-is-back/

AV-Test.Org Releases Real-World Malware Protection Report - Friendly Computers

2009-12-17T11:36:00.000-08:00

Magdeburg-based research lab AV-Test.org today released the results of a lengthy real-world malware protection study. This test challenged a dozen major security suites to protect Internet-connected physical computers against up-to-the-minute threats. Each day for 60 days, researchers released 10 fresh threats on the test systems and analyzed each product's ability to detect the threat and to fully block its installation. They also checked for false alarms--valid programs reported as malware. All of the suites did a decent job, though some were significantly better than others. - Friendly Computers

Read more below…

The report notes that modern security suites include many layers of protection, including "URL filtering, web reputation services, exploit blocking, 'in-the-cloud' scanning as well as behavior-based protection mechanisms." A test that only challenges the product's on-demand scanner is not representative of real-world performance. The current test simply evaluated whether the product detected each malware sample, without regard for which security component handled the detection. Afterward, the team used in-house analysis software to determine whether the malware attack was successfully blocked.

This kind of dynamic testing is much more labor intensive than simply running a static collection of malware past an on-demand scanner. An automated static file test can process millions of samples without human intervention. By contrast, tracking the 600 malware samples and 400 clean files took all of AV-Test's resources. "Our entire lab with 14 full-time employees and up to 150 PCs and server systems were involved in this project."

Norton Internet Security 2010 scored highest at malware detection, at 98.0 percent. Even the least successful of the twelve, Trend Micro Internet Security 2010, detected 83.3 percent. Of course, detecting a threat doesn't always mean successfully preventing the attack. The top scorer for actual malware blocking was PC Tools Internet Security 2010, at 94.8 percent. CA Internet Security 2010 brought up the rear with 73.5 percent. Here are the full results:

MALWARE DETECTION RATES AND WARNING MESSAGES (FALSE ALARMS)

Tested Product Malware Detected False Alarms
Symantec Norton Internet Security 2010 98.0% almost none
Kaspersky Internet Security 2010 97.5% few
PC Tools Internet Security 2010 95.8% almost none
AVG Internet Security 9.0 92.2% few
G Data Internet Security 2010 90.0% many
Panda Internet Security 2010 90.0% almost none
Avira Premium Security Suite 9.0 87.7% many
McAfee Internet Security 2010 87.2% few
CA Internet Security 2010 86.7% few
F-Secure Internet Security 2010 85.8% almost none
BitDefender Internet Security 2010 84.3% few
Trend Micro Internet Security 2010 83.3% few

MALWARE BLOCKING RATES AND WARNING MESSAGES (FALSE ALARMS)

Tested Product Malware Blocked False Alarms
PC Tools Internet Security 2010 94.8% none
Symantec Norton Internet Security 2010 92.8% none
Kaspersky Internet Security 2010 89.8% few
Panda Internet Security 2010 88.7% none
Avira Premium Security Suite 9.0 87.2% none
McAfee Internet Security 2010 86.7% none
AVG Internet Security 9.0 84.2% few
G Data Internet Security 2010 83.0% few
Trend Micro Internet Security 2010 81.3% few
F-Secure Internet Security 2010 80.2% none
BitDefender Internet Security 2010 77.8% none
CA Internet Security 2010 73.5% none

This kind of dynamic testing is the wave of the future. It's hard to do, but it's the only way to really evaluate a product's ability to protect against malware.

Source: http://blogs.pcmag.com/securitywatch/2009/12/av-testorg_releases_real-world.php#more

Scammers exploit Google Doodle to spread malware - Friendly Computers

2009-12-16T12:16:00.000-08:00

Online scammers are taking advantage of the public's interest in the Google Doodle to spread malware, a security firm warned on Tuesday - Friendly Computers
Read more below…

Online scammers are taking advantage of the public's interest in the Google Doodle to spread malware, a security firm warned on Tuesday.

In so-called "SEO poisoning," scammers use search engine optimization techniques to increase the distribution of malware. They create special malware-rigged Web sites or hide malware on legitimate Web sites they've compromised and then use tags associated with popular search terms to get them listed high up in search engine results.

Typically, scammers capitalize on public interest in news events or celebrities, targeting searches like "Swine Flu" or "Michael Jackson death." But in the latest twist on this technique, scammers are exploiting interest in the Google Doodle, the graphics that often take over the Google logo on holidays or to mark special events.

For instance, the doodle on Tuesday showed a flag for Esperanto, a universal language created by L.L. Zamenhof which is based on parts from a variety of languages. Clicking on the doodle, located near the search box, brings up a list of search terms for "L.L. Zamenhof."

Dave Michmerhuizen, a research scientist at Barracuda Networks, found 31 poisoned sites among the first 100 results, 27 of them in the first 50 sites alone.

On the first results page was a link leading to a compromised Web site that redirects visitors to a fake antivirus site, according to Michmerhuizen. That site displays a fake alert saying the computer might be infected and does a fake scan before prompting the user to pay for antivirus software, he said.

A Google spokesperson said the company had already removed many of the allegedly malicious sites from the index using manual and automated processes to enforce the policies.

"As you probably know, the use of popular search terms to target malware is neither a new vector nor unique to any particular search engine. We work hard to protect our users from malware, and using any Google product to serve malware is a violation of our product policies," the spokesperson said in an e-mail.

"Our Safe Browsing technology is capable of detecting malware being served from sites that have been compromised," the Google e-mail said. "In fact, as we've explained publicly, we have been seeing more infections coming from compromised sites" across the entire Web.

Source: http://news.cnet.com/8301-27080_3-10416246-245.html?tag=mncol

Rating the best anti-malware solutions - Friendly Computers

2009-12-15T15:55:00.000-08:00

AV-Comparatives' December 2009 report has been released and there are eight winners. The other eight products didn't do so well.
Friendly Computers
Read more below…

Following its November 2009 retrospective/proactive report, AV-Comparatives has released its December 2009 Potentially Unwanted Applications (PUA) comparative. PUA refers to adware, spyware, rogue, and other fraudulent software circulating on the Internet that are not typical malware (classification in the last category is sometimes not an easy task; under some circumstances, PUAs are accepted in some countries, depending on the cultural background or the legal system, and hence the term "potentially unwanted"). AV-Comparatives typically do not include PUAs in their malware test sets, but since users may want to know how well their antivirus program detects potentially unwanted software, a separate test was created.

The first PUA test contained 750,297 individual samples (only program executables) that cover mainly adware, spyware, and rogue software gathered between January 2009 and October 2009 (sets were frozen on the October 29, 2009). Dialers, potentially dangerous tools, and other greyware were not included, as their classification is debatable. Not all security products include detection for them as this sometimes breaks company policy. Sixteen products were updated on November 6, 2009, set on the highest detection settings (except for Sophos and F-Secure, per their own request), and put to the test.

Here are the results of this particular test:

1.G DATA Antivirus 2010: 99.8 percent
2.Trustport Antivirus 2010: 99.8 percent
3.AVIRA AntiVir Premium 9.0: 98.9 percent
4.McAfee VirusScan Plus 2010: 98.9 percent
5.BitDefender Antivirus 2010: 98.6 percent
6.eScan AntiVirus 10.0: 98.6 percent
7.F-Secure Anti-Virus 2010: 98.6 percent
8.Symantec Norton Antivirus 2010: 98.6 percent
9.Kaspersky Anti-Virus 2010: 96.7 percent
10.ESET NOD32 Antivirus 4.0: 96.5 percent
11.avast! Free 5.0: 96.3 percent
12.Sophos Antivirus 9.0.1: 95.4 percent
13.Microsoft Security Essentials 1.0: 94.6 percent
14.AVG Anti-Virus 9.0: 93.9 percent
15.Norman Antivirus & Anti-Spyware 7.30: 88.5 percent
16.Kingsoft AntiVirus 9 Plus: 87.1 percent

Missed Samples in Percentage Points
AV-Comparatives The bulleted list represents the detection rates in percentage points for adware, spyware, and rogues, while the chart shows the number of missed samples in percentage points. After taking these results into consideration, AV-Comparatives rated the security companies from best to worst in three categories:

•Advanced+: TrustPort, G DATA, McAfee, AVIRA, Symantec, F-Secure, BitDefender, eScan
•Advanced: Kaspersky, ESET, Avast, Sophos, Microsoft, AVG
•Standard: Norman, Kingsoft
The results seem to suggest that the best antivirus applications that regularly rank highly in general malware tests are not necessarily as good at anti-adware, antispyware, and antirogue detection. That said, all 16 products detected at least 85 percent of the threats, which is respectable. Overall, we can say that the detection rate of PUAs is similar to the detection rate of general malware.

It's worth noting that this is the first AV-Comparatives test in which Microsoft Security Essentials (MSE), Redmond's free antimalware solution, was tested in its final 1.0 form. MSE was released in September 2009 and these tests were performed last month. Clearly Microsoft has work to do, at least in the PUA department (the beta version did quite well in older antimalware tests).

Windows 7: Inside Multitouch

2009-10-26T13:55:00.001-07:00

Friendly Computers have seen touch screens before, so what makes the ones supported by Windows 7 so special? Below is the inside scoop.

Touch screen technology may seem shiny and new but any analyst will tell you that it has been around for decades: ATMs, grocery store self-check kiosks, even museum exhibits. But what makes Windows 7 so exciting is that no computer operating system ever incorporated native support for multitouch before. The new breed of multitouch laptops and desktops with touch screens don't need extra downloads or plugins-- multitouch just works.

Multitouch's Predecessors

To be fair, Windows 7 is not the first operating system to support some form of touch computing. Vista offered single-touch capabilities in tablet mode, and pen input is quite common as well. But as much as Microsoft would love to paint multitouch as a natural progression in its operating systems, its Apple that was the real democratizer of multiple-input touch screens. Introducing now familiar gestures like pinching, tapping, and flicking, the iPhone and the iPod Touch, made multitouch second nature to many users. Apple followed up its mobile devices with gesture-based touchpads on its MacBook and MacBook Pro models in late 2008. Though it was a bit tough to get used to the integrated mouse button and touchpad, the ability to use gestures based on up to four fingers opened up new possibilities.

A few Windows-based "multitouch" systems have come out as well—namely the HP TouchSmart TX2 and Dell Latitude XT line of laptops, as well as the HP TouchSmart desktop PCs. These systems used built-in hardware and software solutions to accommodate two-finger touch (though they still couldn't support three- and four-finger gestures). But it wasn't until early glimpses at Windows 7 this year that we saw Microsoft itself respond to the multitouch trend.

How Multitouch Works

A few months before those MacBooks hit the scene, Microsoft announced its plans for multitouch at the All Things Digital conference in California. Unlike any of its predecessors, Windows 7 natively supports multitouch functionality in touch screens and is built to accommodate up to 10 points of contact. On the Engineering Windows 7 blog, the developers highlight all the ways the OS was tweaked to optimize it for touch. It's everything from making keys on the on-screen keyboard glow when your finger is covering the letter to improving high dpi support to make small links and buttons easier to access with touch.

Though the software is similar across platforms, the PCs we've tested use different hardware solutions. The multitouch laptops we've seen so far, like the Lenovo ThinkPad X200 Tablet and Fujitsu LifeBook T5010 use dual-active digitizers, meaning they have one technology for the stylus and another, called capacitive, is activated for multitouch using your fingers. Non-tablets like the Lenovo ThinkPad T400s use a capacitive touch screen only, and many more will follow this implementation (Toshiba and Acer have already announced capacitive touch panels on their mainstream laptops).

In capacitive screens, a small current of electricity runs across the surface, with circuits at the corners. Touching the screen interrupts that current. Capacitive technology only works on smaller screens, so desktops like the HP TouchSmart 600-1055 PC and Gateway One ZX6810-01 employ optical solutions. Optical sensors are set up around the screen creating a grid. The screen reacts when your finger, pen, stylus, or any other implement break one of the beams; you don't actually have to physically touch the surface to get a response.

All of the PC manufacturers that have put out multitouch systems so far have included Windows 7's Touch Pack, a software suite that incorporates applications that work with the Windows 7 kernel to use a multitude of different gestures. For instance, Microsoft Surface Collage lets you access and manipulate all your photos to create different designs on the screen. You can drag and drop images with one motion, resize or rotate them with two fingers, and scroll through the images available on the bottom pane using the flicking motion. Other games and applications like BlackBoard and Microsoft Surface Lagoon act like tutorials for multitouch, creating objectives that force you to perfect various gestures in order to win the games.

What's Next for Multitouch

Although the Windows 7 Touch Pack certainly has that gee whiz factor, the real question regards implementations for multitouch in the future. Will it change the user experience? And can we harness that potential to take it beyond a neat trick for games and fun apps? Clearly the onus right now is on software makers to come up with revolutionary ways to integrate multitouch and expand its possibilities. Some PC manufacturers have included programs built around multitouch, like Gateway's TouchPortal and HP's TouchSmart interface. While HP's includes extra functionality like Hulu desktop and HP games, these still don't bring much more to the table than a new way to interact with Microsoft's existing touch-based programs.

Whether its niche markets like education, health care, and engineering finding new uses for multitouch, or multitouch making its way onto new platforms like netbooks, there's no question that this interface can change the way we look at computing. The Engineering Windows 7 blog sums its effect up well. In it, Steven Sinofsky, the president of the Windows division wrote, "One of my favorite experiences recently was watching folks at a computer retailer experience one of the currently available all-in-one touch desktops and then moving to another all-in-one and continuing to interact with the screen—except the PC was not interacting back. The notion that you can touch a screen seems to be becoming second nature."

For a closer look at some of the emerging Windows 7 multitouch systems, be sure to read our full reviews.

Source: http://www.pcmag.com/article2/0,2817,2354680,00.asp

Magic Mouse: Oh my God—it's full of capacitive sensors!

2009-10-23T13:10:00.001-07:00

Friendly Computers thought you would enjoy an inside view of the new Mac Magic Mouse and Screen.

iFixit

You thought iFixit was going to gut the new unibody white MacBook and call it a day? Oh no—it has vivisected Apple's new Magic Mouse to see just how the "magic" happens. The gang also went ahead and disassembled the 27" iMac that came with it, too.

The first thing that iFixit discovered is that Apple really does not want you to take the Magic Mouse apart. The whole thing is held together with some really tough glue instead of screws, or clips, or anything that might make it easier to take apart and put back together. Once apart, though, iFixit verified that the entire top surface is literally covered in capacitive touch sensors—138 in all—just as Apple promised. This is what allows the multitouch gestures to be so accurate and specific over such a small surface—though it would be nice if Apple enabled pinch-to-zoom and two-finger rotate.

Though the mouse has an aluminum base, the total aluminum content weighs just 10 grams. "That's compared to 37 grams of plastic and 47 grams of batteries," according to iFixit. "Nearly half the mouse's weight comes from the two AA batteries."

The diminutive circuit and electronic components do contribute a few grams to the overall light weight of the Magic Mouse. Part of what makes the circuit so small is a Broadcom BCM2042A4KFBGH, part of the BCM2042 family of chips that integrate keyboard and mouse controller functions with an HID profile and full Bluetooth communications stack. Broadcom brags that the chip allows wireless input devices to "approach the price points of legacy-wired mice and keyboards," but this is Apple here—paying a slight premium for a "better" mouse is par for the course. Besides, what is the standard price for a wired multitouch mouse? (Answer: there isn't one!)

Of course, after discovering all the magic Apple could stuff into a $69 mouse, though, you can hardly blame iFixit for "taking apart the iMac that came with our Magic Mouse." The new 27" iMac (the lower-end Core 2 Duo version) isn't radically different that the 24" iMac model that preceded it. However, iFixit did turn up a few interesting details.

iFixit

One nice addition is that Apple has doubled the amount of RAM slots; when stuffed with 4GB SO-DIMMs, you can have a total of 16GB of RAM. The new model also eliminates the 4mm aluminum bezel around the display glass cover—it goes all the way to the top and side edges, giving it a slightly cleaner appearance. The DisplayPort connection isn't wired up to allow the display to be powered separately when using the promised external source display functionality, though—the whole machine will have to be powered on for it to work.

A couple other notable discoveries: the power supply is 310W, the largest on any iMac; the SuperDrive is 12.5mm height, so it could be swapped for a Blu-ray drive if Apple ever gets over that bag of hurt; because the new back is all aluminum, the plastic Apple logo now serves as the only way for WiFi signals to get in and out of the iMac; and cooling the new machine requires two large heat sinks and three large, low-noise fans.

Source:http://arstechnica.com/apple/news/2009/10/magic-mouse-oh-my-godits-full-of-capacitive-sensors.ars

Technology Fails: 8 Extreme Electronic Disasters

2009-10-22T15:26:00.001-07:00

Friendly Computers would like to inform you about the eight extreme electronic disasters that seems to effect each and everyone of us.

Let's face it: Technology seems made to stop working. Screens crack, circuits short, and power supplies abruptly conk out. It's all part of the complex and confounding ecosystem of electronics.

The worst, though, is when something really is built to break--and in the most extreme way. I'm talking fiery explosions, flying components, and acid-leaking compartments, all courtesy of bugs built right into ill-fated devices.

Sound far-fetched? Hey, we've seen some crazy stuff happen over the years. Some of it is astonishing; some of it is merely annoying. But all of it is extreme--and entirely too real.

We start with some good old-fashioned spontaneous combustion.

Combustible Computers

Nothing screams "tech disaster" like a laptop on fire. Due to the intricacies of modern-day electronics, it takes only a minor manufacturing error to send your system up in flames--and not the kind generated by the jerks of online forums, either.

The most extreme example of fire-related fallout may be the massive series of recalls brought about by bad Sony batteries in 2006. Small shards of nickel made their way into the batteries' cells during production, causing numerous systems to overheat and sometimes catch fire. The recalls affected laptops sold by Dell, Hitachi, IBM, Lenovo, Toshiba, and even Apple.

By the end, a staggering 9.6 million laptop owners had been burned (figuratively speaking) by the failure, and Sony had spent nearly $430 million to replace all the defective units.

Lest you think I'm just blowing smoke up your ash, let me assure you that this danger was far from hypothetical. (Watch PC Pitstop simulate a laptop battery explosion where the temperatures soared to 1000 degrees.) A Sony-battery-powered laptop famously exploded and caught fire at the Los Angeles International Airport in 2007, and a traveler managed to catch the entire incident on tape.

Be warned: You will hear a few expletives shouted during some of the more dramatic moments. With a blast like that, I'd say they were warranted.

Fire risks have led to countless other laptop battery recalls over the years. Scientists are now working on developing a new material that could better protect the lithium ion technology and keep such short-circuiting from occurring.

Exploding iPhones

Apple's all about glitz and bang for its product launch events. Lately, however, the company has been making headlines for a different kind of spark. Reports surfaced in late July suggesting that numerous iPods and iPhones had erupted in flames and scalded their owners.

Soon after, word broke that the European Union had launched an inquiry into exploding iPods overseas. Apple reportedly claimed that some sort of improper handling led to the explosions, calling them "isolated incidents." A full investigation is currently under way.

The recent rash of complaints isn't the first time Apple's iPods and iPhones have come under fire. In March, an Ohio mother sued Apple over allegations that her 15-year-old son's iPod Touch had malfunctioned. The device, she said, exploded in the teenager's pants.

Speaking of explosions, did you hear about those new porn-star apps people are downloading?

Acid Rock

The avatar for Kurt Cobain may be making Guitar Hero headlines right now, but one year ago a far more corrosive controversy was connected to the product. Rage Wireless Guitars, a series of controllers sold for use with the game, were found to have circuit-board defects that could cause battery acid to leak outside the devices.

If you're not sure how severe of a problem that could be, just think about this: Over what area of the body do most people hold a guitar? Yeah...not the best place for a chemical burn. It actually happened to at least one person, too, according to reports filed with the manufacturer and published by the U.S. Consumer Product Safety Commission.

That's one disaster I'd suspect even the great Jimi Hendrix, famously fond of both acid and fiery guitar solos, wouldn't be willing to risk.

Red Ring of Death

If there were an award for the most extreme-sounding technology flaw, the red ring of death would win, hands-down. Microsoft's Xbox 360 became known for it due to a widespread hardware failure that reared its ugly head in 2007. Its signature sign: three red lights blinking at you, like a disco flashback gone horribly awry.

The lights were more than a mere nuisance: They were frequently an indication of a complete hardware failure that had rendered the system useless. The issue was severe enough to earn the Xbox 360 the branding of "least reliable gaming console in recent history" from at least one publication.

Microsoft ended up spending a reported $1 billion to extend warranties as a result of the red-tinted menace, citing an "unacceptable number of repairs" as the catalyst for its decision. The company also agreed to reimburse customers who had spent their own cash trying to get their consoles fixed.

Recently, a second red-ring-like error has cropped up on some Xbox 360 systems, causing users to see a fatal error with the code "E74." Though the dreaded red lights themselves don't flash, the console is again rendered useless. Microsoft announced in April that it would offer a similar extended warranty and repair reimbursement program for anyone affected by the issue.

Melting Multimedia

We all want home theater systems that make us feel like we're inside the movies--but when your DVD player actually reproduces on-screen fire inside your home, things have probably gone too far.

Wal-Mart recalled 4.2 million Durabrand DVD players this fall after discovering that the devices could overheat and set an entertainment center aflame. The company received more than a dozen reports of overheated players, at least seven of which ended with some kind of property damage to the owner's home.

Other multimedia devices recalled due to reported fires or fire risks include DVD players by Toshiba, digital cameras by Hewlett-Packard, and speaker systems by Philips Magnavox.

Retail Viruses

Would you like a virus with that purchase? In an age when keeping up with the latest security threats can feel like a full-time job, knowing that a virus could come preloaded on brand-new technology is a real kick in the pants. Unfortunately, it's also an all too common occurrence.

In some cases an entire computer system could be the culprit. Last fall Asus announced that it had accidentally shipped a line of Eee Box PCs with preloaded viruses. A malicious file on one of the systems' hard drives would not only infect local data but also copy itself to other drives and external storage devices connected to the computer.

Viruses have been found on new digital photo frames, USB flash drives, factory-sealed hard drives--and yes, even some iPods. (Those models, it probably goes without saying, were not the "funnest ever.")

Disappearing Data

You don't need a built-in virus to leave you with a manufacturer-caused data disaster--you can also experience one of the always-popular instances of crappy-hard-drive-itis.

Plenty of people came down with the disease earlier this year when Seagate revealed that its Barracuda 7200.11 hard drives had a firmware bug that was causing widespread failures. According to user reports, the drives would die while booting up, leaving no way to access any of the data inside.

Once Seagate isolated the bug, the company offered free data-recovery services to try to make up for the mess-up. Gauging from various online discussions, though, its customers' goodwill is likely one thing the company can't recover anytime soon.

Dangerous Rides

As if Segway riders didn't already look goofy enough, a couple of apparent glitches started sending them flying through the air a few years back. The two-wheeled transporter, as the late Rodney Dangerfield might say, just can't get no respect.

The trouble started in 2003, when Segway had to recall about 6000 of its devices. In that case, the company found that riders could suddenly fall off when the vehicles' batteries ran low. Then, in 2006, a second recall targeted 23,500 more Segways; that time, the devices were found to be "unexpectedly apply[ing] reverse torque" (translation: "causing people to eat pavement").

Thankfully for Segway users, those problems are in the past. Now mall cops are back to relying on their own instincts--and, of course, the fact that they ride around on silly-looking stick machines--to look like total twits.

(Photo of a burning laptop, used as promotional art for this story: Courtesy of Secumem, Wikimedia Commons)

Source: http://www.pcworld.com/article/173933/technology_fails_8_extreme_electronic_disasters.html

HP's New Touch Screen Laptop and All-In-Ones Debut

2009-10-20T14:27:00.001-07:00

Friendly Computers discovered the NEW touch screen HP Laptop. We thought you might be interested in today’s technology is now rising up to.

HP is taking touch to the people, with new touch screen laptop and desktop models, all featuring Windows 7 and some shipping on Oct. 22, when the new operating system is formally introduced.

The new multi-touch models include a number of applications that take advantage of the interface, including Hulu, Netflix, Pandora, Recipe Box, a webcam "photo booth" application, and the HP Music Store.

HP TouchSmart tx2 -- A laptop, starting at $799, with a 12.1-inch screen that rotates 180-degrees for use as a tablet. Besides touch commands, users can write or draw on the screen with an electronic pen. Available Oct. 22.
HP TouchSmart 300 and 600 -- Are the third-generation of HP's touch-enabled desktops. The 300 has a 20-inch screen and the 600 (shown) has a 23-inch display. The 300 starts at $899 and will begin deliveries on Nov. 1, with the 600 due Oct. 22 and priced starting at $1,049. Read our review of the HP TouchSmart 600.
HP TouchSmart 9100 -- An all-in-one desktop, starting at $1,299, which includes a 23-inch touch screen. It can be used as standard touch screen PC or tasked as a map or events kiosk in an office, hotel, or other location. Deliveries begin in December.
HP LD42200tm -- A digital signage device with a 42-inch touch screen. Available in December for $2,799.

Besides touch screens, HP also introduced several business desktop and laptop computers as well as new value-oriented Compaq-branded desktops and a laptop.

The Compaq Presario CQ61z (where do they get these model numbers?) costs only $399 and features a 15.6-inch screen, after $100 instant rebate. The Compaq 500B business desktop sells for $359, while the new Compaq Presario 4010f desktop sells for $309.

My take: The laptop looks very interesting and I will consider purchasing one during my next upgrade cycle. I am not wild about reaching out to touch a desktop, although HP is pushing these models for entertainment and kitchen use, where touch makes some sense.

In the kitchen, the touch screen is meant to be used with recipes and other applications that can work entirely by touch when keyboard use isn't appropriate. Verbal directions are also provided.

The new Compaq's are a welcome addition to lowest-priced laptops and desktops. The laptop competes with netbooks on price and will win some of those battles.

Source: http://www.pcworld.com/businesscenter/article/173551/hps_new_touch_screen_laptop_and_allinones_debut.html

Email Isn’t Dead- But It Is Broken

2009-10-16T14:25:00.001-07:00

Friendly Computers found this article to be quite interesting. With all the websites like Twitter, Facebook and many others, this guy seems to think that are email days are over.

PCMag.com's managing editor for software, Sean Carroll, just got back from that rare place few of us can imagine these days: a two-week vacation. We got by without him, his reviews posted, and he only lost one staffer (his senior editor, Matt Murray, just took the reins at ExtremeTech.com). He returned refreshed and reenergized, only to discover an inbox box of 2,200 messages! E-mail, that revolutionary advance in human productivity, is sucking our time. E-mail is, to be blunt, broken. And it is going to take some new technologies, and some changes in human behavior, to save it.

Just this week, The Wall Street Journal, hardly a hot bed of techno-radicalism, ran a story suggesting that e-mail's days are numbered. With the advent of Twitter, Facebook, and Tumblr, sending a plain old e-mail seems not just dated, but ineffective. If you sent Sean Carroll an e-mail over the last two weeks, you know what I am talking about. It was once poor etiquette not to return an e-mail. Now most of us can honestly say we missed it. Personally, I get 300-400 e-mails a day, (I send about 30)—can you blame me if I missed one, especially if it is from an address I have never seen before?

Now, I should probably admit that I have mixed feelings about e-mail. One of my earliest stories at PCMag was 50 Reasons Not to Send that E-mail. I came up with a lot more than just 50. My biggest problem with e-mail, however, is that people just send too much of the stuff. It's sometimes a result of misdirected manners: I can't resist typing "thanks" and hitting Send. But most of the e-mail I receive is just useless—press releases, random story pitches, line edits on a story, press releases, obscure-newsletters-I-never-signed up-for, press releases, office joke threads. (Okay, I have chimed in on some of those, too.) Honestly, keeping a heavy finger on the Delete key can resolve a lot of these annoyances and keep your inbox free.

Let's not forget that, at its core, e-mail is a form of mail. Mail used to take three to four business days, now it takes three to four seconds. Too many people measure their importance based on how many e-mails they read, and their self-worth on how many e-mails they send. We have hit the tipping point: we can no longer read all the e-mail we create. Technology can help. And it will.—Next: The Wall Street Journal Is Right >

The Wall Street Journal is right (...gulp, did I just type that?). We are creating a new communication vocabulary, an evolving new media vernacular. Instant messaging is used for real-time cube-to-cube messages. If it is just office gossip, and I'm busy, I can ignore it. Texting is a great way to communicate point-to-point, and I can respond instantly or hours later. Best of all, you have to know my number to reach me, and I don't spread it around. Social networks like Twitter and Facebook are great for broadcast communications, and, when I have time, more direct conversations. It is impossible to call all of my old friends every week, but a few minutes here and there on Facebook, and we can keep in touch. I think there is a phone in my office as well, but I am pretty sure it just makes outbound calls.

I am currently testing a host of software tools designed to help you manage your e-mail. Xobni works with Outlook to provide context to all of your e-mail communications. When someone sends me an e-mail, Xobni shows me their most recent e-mails, social network profiles, any attachments they have sent me, and most importantly, their photo, pulled from LinkedIn. Just seeing the face of the individuals I am e-mailing is a wonder. I am also looking a Gwabbit, a small app that sucks up the signature information at the bottom of e-mails and drops it into a Contact file. I am still testing, but so far it's amazing.

Then there is Google Wave, Google's attempt to combine e-mail, IM, search, collaboration software, photo management, and about a dozen other applications. Despite seeing and participating in lots of demos, Google Wave is a technology that you have to use to understand. It is like trying to explain Facebook to someone who has never logged on. We are just starting to use Wave at the office, so I will report back when I understand it better.

Given my job, I am a huge fan of technological solutions, but fixing e-mail is going to require some serious behavioral modification. We need to rethink how we use e-mail. It isn't a real-time communication tool, and shouldn't be used as one. It may seem like we can send and receive an infinite supply of e-mail, but we can't. Sending a lot of e-mail doesn't make you more productive—in fact, it makes everyone else less productive. Choose your e-mails carefully, for you own productivity and sanity. And for mine, too.

Source: http://www.pcmag.com/article2/0,2817,2354216,00.asp

Kaspersky Lab announces publication of The Cash Factory

2009-10-13T14:08:00.000-07:00

Friendly Computers wants to inform about the malicious bots that download programs from the Internet, including a Trojan designed to steal passwords to FTP clients used to manage website content and these passwords can then be used by cyber criminals to modify websites and place malicious tags on their pages.

Kaspersky Lab, a leading producer of secure content management systems, announces the publication of its latest article, The Cash Factory. The article looks at the methods used by cyber criminals to create and run botnets in order to generate large profits.

The article is authored by Sergei Golovanov, Senior Malware Analyst, Igor Sumenkov, Head of Kaspersky Lab's Content Filtering Infrastructure Development Group, and Maria Garnayeva, Malware Analyst.

The Cash Factory unveils the cyclical process used to create botnets from computers infected by the bot Backdoor.Win32.Bredolab. First, cyber criminals hack a site's content management system and modify its pages with tags that redirect to websites containing malicious exploits. These exploits pave the way for infection and penetration by other bots, which then join to form a botnet and obey commands issued from a remote command and control center.

The bots download malicious programs from the Internet, including a Trojan designed to steal passwords to FTP clients used to manage website content. These passwords can then be used by cyber criminals to modify websites and place malicious tags on their pages.

The process is essentially a vicious circle that can be repeated and extended, and is used by cyber criminals to ensure the smooth running of their "cash factory."

The full version of The Cash Factory is available on viruslist.com. The executive summary is available here.

The material can be reproduced provided the author; company name and original source are cited. Reproduction of this material in re-written form requires the express consent of the Kaspersky Lab PR department.

Avoid being a victim of an e-mail phishing scam

2009-10-07T10:24:00.001-07:00

Phishing scams are attempts by cybercriminals to steal your information, usually by directing you to a website that looks like your banking or email website and asks for your log-in information. Friendly Computers found some useful tips for keeping your information away from phishers. Read more below…

A recent phishing scam resulting in usernames and passwords of Microsoft's Hotmail, Google's Gmail, and possibly accounts of AOL and Yahoo users being posted online is cause for concern for anyone who uses any of those services. Rather than panic, though, there are simple ways to avoid becoming a victim or being further victimized, if your account has already been compromised.

Microsoft and Google said the compromised information likely came as a result of a phishing scam, through which millions of people are sent e-mail (often warnings about a fake security breach), asking them to click on a link to take them to a Web site so that they can enter their correct information.

When phishing attacks first became prevalent, the fake sites were often crude imitations of the real things, but these days, they can look exactly like the legitimate site, typically of a bank, a payment service such as eBay's PayPal, or another financial company. When the user logs in with a username and password, or provides credit card numbers and other confidential data, that information is captured by the e-mail senders, who can use it to impersonate the victims.

In addition to someone being able to read your messages, a risk of having your e-mail account compromised is that many sites will send a lost password to an e-mail address, so if criminals can access your e-mail, they might be able to use it to get passwords from other sites, including financial accounts.

BBC News is reporting that it has seen lists containing more than 30,000 names and passwords, some of which "appear to be old, unused or fake," but "many--including Gmail and Hotmail addresses--are genuine." To put this into context, Gmail and Hotmail sites had more than 84 million unique visitors in July. Yahoo Mail had more than 156 million unique visitors, according to ComScore.

Here's some advice that can help you avoid becoming a phishing victim.

Change passwords regularly
Even if this particular breach hadn't occurred, many experts recommend that you change your password about every three months. This is as good a time as any to do just that. It's also a good idea to avoid using the same password on multiple sites, but if you're one of the many people who have done that, be sure to change your password elsewhere. Gmail asks users to provide them with an alternate e-mail address, so be sure to change the password for that account as well.

As I pointed out in this post about password security, consider using a password manager like LastPass (free) or RoboForm that can generate and manage strong passwords.

Click cautiously
If you get an e-mail that appears to be from legitimate site with a request that you click on a link to visit the site for any reason, including updating your security information, think before you click. It might be taking you to a rogue site that captures that information for possible identity theft or other crime. It's safer to just type in the URL yourself. Be extremely wary of any requests to provide Social Security numbers or credit card information, unless you're absolutely sure that you're dealing with a legitimate site. When visiting a site, make sure that the URL is that of the organization.

Look for secure sites
If you're asked to provide sensitive information such as a credit card number, be sure that the URL begins with "https" (the "s" stands for "security") and that there is a padlock icon, typically in the lower-right corner of the browser.

Use a phishing filter and good antimalware software
The most recent versions of most browsers, including Microsoft's Internet Explorer and Mozilla's Firefox, help filter phishing sites, as do security suites from McAfee, Symantec, TrendMicro, and other companies. Security software also helps protect you against malicious software that can log your keystrokes, or otherwise jeopardize your privacy and security. Make sure that your security software and your operating system are up-to-date.

Think critically
If something seems too good to be true, it's almost invariably too good to be true. Think about what you're about to do on any site you visit, especially if it's a site you don't already trust. Never use the same password on an unknown site that you use for e-mail, banking, or other sites where security is essential.

The U.S. Department of Homeland Security's National Cyber Alert System has additional tips to help you avoid phishing and other social engineering attacks, and ConnectSafely.org has tips to create an manage strong passwords.

Source: http://news.cnet.com/8301-19518_3-10368801-238.html

BEBLOH steals your money and hides it from you

2009-10-05T15:43:00.001-07:00

Friendly Computers gained information about a frightening new malware that can steal money from your bank account, and will re-write online banking pages to disguise these transactions. Read more below…

Trend Micro analysts have come across a new variant of the BEBLOH family of information stealers that goes well beyond the traditional tactic of logging keystrokes and sending it to another server for exploitation. Instead, this particular variant steals user information, uses it right away, and cleverly disguises it from users.

This particular variant, detected as TSPY_BEBLOH.AE, immediately connects to a command and control (C&C) server when it is executed. It downloads an encrypted configuration file from the said server, as seen below:

Figure 1. Captured traffic between affected system/C&C server

The configuration file contains key information, most importantly the name of the bank being targeted. If the user logs into the secure banking website of the target bank, their user name and PIN are both captured by the malware.

Instead of sending the account information to cybercriminals via e-mail or a website, however, it uses this to steal money from the account. If prompted by the central C&C server (which it contacts periodically), it transfers money from the user’s bank account to an account specified in the configuration file (The amount is also based on several parameters included in the said file; the values of these parameters are chosen to minimize the possibility of detection). Very good technical details can be read here.

Lastly, it also disguises its malicious transactions from the user. When the user attempts to view static pages that contain information such as remaining account balance(s), balance sheets, and previous transactions, the malware rewrites these pages on the fly, disguising any previous thefts from the user. Victims would not know they had been robbed unless they attempted to access the online banking site from an uninfected machine, or used separate facilities such as ATMs.

Source: http://blog.trendmicro.com/cooked-balance-sheets-bebloh-style/

Tweeting Misleading Applications

2009-09-28T12:03:00.001-07:00

Link shortening is popular among users of Twitter and other social networking websites, but Friendly Computers warns you to be careful of what you click on. Since the links are indistinct, it is difficult to tell what you are clicking on until you have already clicked it. The shortened links often lead to pages containing malware or phishing scams. Read more below…

A lot can be said with 140 characters. It’s just enough to convey a point, but constricting enough to make things concise. No wonder microblogging sites such as Twitter have become so popular.

Unfortunately one of the limitations here is sharing Web pages with long URLs. In order to address this issue, URL-shortening utilities have grown in popularity on the site. Using such tools allows you to include a link well within the 140-character limit, which will redirect anyone who clicks it to the longer URL and thus the site you wanted to share.

There’s one downside here, from a security point of view—you’ll often have no idea where the link leads until you click it. Clicking any link like this is entirely a security leap of faith. Unfortunately malware authors have caught on to this and are currently distributing misleading applications using these shortened URLs. Using enticing tweets and commonly used twitter search terms, their goal is to get other users to click on their links, leading to malicious code.

Now, neither Twitter nor the URL shorting services are at fault here. This is simply another case where malicious attackers are using a neutral technology as a means to their deceptive ends. Both Twitter and the URL-shortening services are convenient technologies that we don’t see going away any time soon.

So how do you protect yourself? The good news is that both Firefox and Internet Explorer offer browser plug-ins that will check a shortened URL for you and show you the final URL before you even click on it. While this won’t tell you for sure if the link is malicious, it will at least allow you to look more carefully before clicking.

While the misleading applications currently being served up in this manner all seem look very similar today, we’re likely to see more variety in the future. If you’re running Symantec antivirus software, there’s no need to worry. The current IPS signatures will detect and block these risks from being downloaded onto your computer.

Source: http://www.symantec.com/connect/blogs/tweeting-misleading-applications

Bogus Sponsored Link Leads to FAKEAV

2009-09-24T16:02:00.001-07:00

Watch out for fake sponsored links in search engines – Friendly Computers learned that they may lead to the dreaded FakeAV trojan. Read more below…

Apart from SEO poisoning, cybercriminals have found another avenue to proliferate FAKEAV malware—bogus sponsored links (sitio patrocinados in Spanish). Just recently, Trend Micro researchers were alerted to malicious search engine ads that appeared in Microsoft’s Bing and AltaVista, among others, when a user searches the string “malwarebytes.” (Malwarebytes is a free antivirus product, but of course, not a FakeAV.) Clicking the malicious URL points the user to an executable file named MalwareRemovalBot.exe-1 (detected by Trend Micro as TROJ_FAKEAV.DMZ).

Upon execution, the rogue antivirus displays false information that the system is infected with files that do not even exist.

In the past, cybercriminals employed the same tactic when it hitchhiked on Trend Micro. Some Google searches then showed banner ads that led to a fraudulent Trend Micro website.

Though the ads may not appear in all regions, all users are still strongly advised to be extra careful when clicking links in search engines. Users connected to the Trend Micro Smart Protection Network are protected from this attack as it detects and blocks all malicious URLs.

Source: http://blog.trendmicro.com/bogus-sponsored-link-leads-to-fakeav/

How to Maximize the Malware Protection of Your Removable Drives

2009-09-23T13:06:00.001-07:00

USB drives or external hard drives may not be something you typically think of when you think of protecting your PC from malware, but Friendly Computers warns you that they are just as vulnerable to viruses and other malware as your main hard drive is. Read more below for information on how to secure your removable drives…

Removable drives are one of the most common infection vectors for malware today. Worms propagate via these vectors to proliferate their payload and ultimately, infect more users.

Users need to perform some countermeasures to secure their systems. One way of doing this is to protect removable drives against worms using the Autorun feature.

One popular way of protecting removable drives is by creating a folder or file and renaming it as AUTORUN.INF. It could enable the malware to automatically run on the system even without the users executing it. By creating this file beforehand, ideally, worms would not be able to run in this way.

However, this method is not perfect. Worms can delete the existing AUTORUN.INF file or folder, and then replace it with a malicious version. This would negate any protection placed by the user on the said file. However, by using file permissions to restrict changes, the AUTORUN.INF file can be protected more effectively.

Note: Make sure that your external drive is formatted using NTFS, as this procedure uses a specific feature of NTFS. If your removable drive is formatted using either FAT or FAT32, back up any data on the said drive first and reformat using NTFS. This may require Windows Vista or Windows 7.

Create a new folder in the root directory of the removable disk and rename it as “AUTORUN.INF.”

Create four more folders in the same location and named it as “recycle,” “recycler,” “recycled,” and “setup” respectively.
Note: The folders recycle, recycler, recycled and setup are optional but it is recommended for users to create these as malware often use these names/titles.

Open a command prompt (cmd.exe) and go to the root directory of your removable drive.

Set the folder attributes using the following DOS command:
attrib autorun.inf /s /d –a +s +r

Figure 1. Setting the folder attributes

Set the privilege level of the folder using the following DOS command:
cacls autorun.inf /c /d administrators

Figure 2. Setting the privilege level of the folder

Select ‘Y’ and press enter when the message, “Are you sure (Y/N)?” is prompted.

To test it, try to delete, modify, rename, copy, or open the created folder. If you cannot perform any of these functions, then the procedure is successful.

Figure 3. When the user deletes the created folder, the system displays this message prompt.

In addition to the above procedure, users may also choose to use hardware means of protection. Certain removable drives have an external switch that prevents the device from being written to. This would prevent malware from making any modifications to the drive, including the AUTORUN.INF file. However, as this may prove to be somewhat inconvenient, it is still a good idea to use the procedure shown above.

Source: http://blog.trendmicro.com/how-to-maximize-the-malware-protection-of-your-removable-drives/

Microsoft to release free security software soon

2009-09-21T15:51:00.001-07:00

Microsoft’s foray into the free security software game, Microsoft Security Essentials, will be available to the public soon, Friendly Computers has learned. Read more below…

Microsoft plans to release the final version of its free antivirus software soon, according to a note sent to testers late Sunday.

"The final version of Microsoft Security Essentials will be released to the public in the coming weeks," Microsoft said in the note.

Microsoft first announced its plans for the product, then code-named Morro, last November, at the same time the company said it was scrapping its paid Windows Live OneCare product.

Public beta testing of Security Essentials started in June, with Microsoft reaching its goal of 75,000 testers just one day after it issued a call for them.

On a personal note, I've been using the product on several machines since June, and I like the way--unlike other antivirus programs--it doesn't make a spectacle of itself, just quietly doing its thing. I often forget it is running on a machine, yet it did save my bacon a couple weeks back when I almost caught Koobface from a friend on Facebook.

Source: http://news.cnet.com/8301-13860_3-10357370-56.html

Social Engineering Watch: Another IRS Scam

2009-09-16T12:19:00.001-07:00

Friendly Computers warns you to be wary of a new spam campaign posing as an email from the IRS that distributes malware to your computer if a link is clicked. Read more below…

Trend Micro warns users of the latest spam campaign that targets US taxpayers with Foreign Bank and Financial accounts. The said spam rides on the September 23 extended deadline set by the Internal Revenue Service (IRS) for filing ‘FBAR’ or the Report of Foreign Bank and Financial Accounts.

The spammed message bears the subject “Notice of Underreported Income” and lures users to click the link that supposedly contains the tax statement. Users who click the URL are led to a site where they get infected by various ZBOT variants. ZBOT variants are notorious for their information theft routines.Trend Micro detected these ZBOT variants as TSPY_ZBOT.BZJ, TSPY_ZBOT.BZT, TSPY_ZBOT.BZS, and TSPY_ZBOT.COB.

Figure 1. Bogus IRS Spam

Ever since this spam run began, ZBOT creators have been generating new binaries, probably to avoid detection and removal.

Source: http://blog.trendmicro.com/social-engineering-watch-another-irs-scam/

Be On The Lookout For Holiday Spam

2009-09-14T14:40:00.001-07:00

Holiday season is just around the corner, and cybercriminals are already trying to use this to their advantage. Friendly Computers found an article about the various holiday related spam currently circulating around the web. Read more below…

September signals the onset of holidays and as early as this month, spammers are already gearing up for the said season as they “spamvertise” their products.

Just recently, Trend Micro discovered several spammed messages that used “Christmas” as its subject. The said spam email entices users to avail the “best gift” for their loved ones by clicking the URL.

After the users clicked on the link, it points them to a website that sells replica watches for a discounted price. Although the redirected site does not infect users with malware, it could possibly lead to information theft.

Cybercriminals often use the holidays as part of the social engineering ploy. Trend Micro recently blogged about these tactics in the following blog posts:

‘Tis the Season to Stay Secure

Greeting Cards Spread No Cheer

Holidays Proving Stormy

Trend Micro protects users from this spam attack via the Trend Micro Smart Protection Network. Users are also advised to stay vigilant especially in the upcoming holidays as spam (that may even contain malware) is very rampant.

Source: http://blog.trendmicro.com/heads-up-for-holiday-spam/

Trojan Hides Its Brain in Google Groups

2009-09-11T14:23:00.001-07:00

Social networking websites seem to be the new target for many cyber criminals. Friendly Computers found information about a trojan that accesses a Google Groups group to download updates. Read more below…

Virus writers keep getting sneakier. In an effort to evade detection, they've begun hiding their command and control instructions in legitimate Web 2.0 sites such as Google Groups and Twitter.

Recently, security vendor Symantec spotted a Trojan horse program that's been programmed to visit a private Google Groups newsgroup, called escape2sun, where it can download encrypted instructions or even software updates.

These "command and control" instructions are used by criminals to keep in touch with hacked PCs and update their malicious software. Researchers have also seen criminals hide their messages in RSS feeds that are set up to broadcast Twitter messages, said Gerry Egan, a director with Symantec Security Response. "We're seeing a trend toward using more mainstream social media-type interactions to hide command and control," he said.

The Google Groups system appears to be a prototype, but Egan expects the bad guys to increasingly use social media sites for this purpose, as security software becomes more effective at rooting out traditional command and control mechanisms. "Malware authors are saying now that they're on to [our] techniques, let's try something different," Egan said.

Today most criminals communicate with the machines they've hacked via IRC (Internet Relay Chat) servers, or by placing commands on obscure, hard-to-find Web sites. As system administrators are getting better at spotting and blocking these communications, the bad guys are "trying to hide these command and control messages inside legitimate traffic, so the presence of the traffic in and of itself doesn't raise a red flag," Egan said.

A system administrator can block access to IRC pretty easily, but blocking Twitter or Google is another matter altogether.

The Google Groups Trojan appears to be Taiwanese in origin and was probably used to quietly gather information for future attacks. According to the data on Google Groups, the Trojan has not spread widely since it was created in November 2008. "Such a Trojan could potentially have been developed for targeted corporate espionage where anonymity and discretion are priorities," Symantec said in a Friday blog posting.

Source: http://www.pcworld.com/businesscenter/article/171846/trojan_hides_its_brain_in_google_groups.html

Remove viruses from an infected PC, and keep them from coming back

2009-09-09T12:36:00.001-07:00

Friendly Computers found an informative article about how to remove a virus from your PC as well as how to prevent new ones from popping up. Read more below…

Our family PC gets quite a workout. It's a five-year-old machine that runs Windows XP and is used primarily by my daughter and teenage grandson for instant messaging, e-mail, social networking, and downloading audio and video files. Since I rarely use the system, I didn't notice that its antivirus subscription had expired.

Which explains why I was a bit surprised when my grandson called when I was out of town to tell me that the PC was acting strangely. Ads appeared on the desktop as soon as Windows started and Firefox and other programs would occasionally close without warning or fail to open at all.

I immediately suspected a virus and instructed my grandson to perform a virus scan. Unfortunately, the machine's antivirus app had gone AWOL. I talked him through the process of using System Restore to revert the PC to an earlier time. This improved matters somewhat, but the system continued to act flaky.

When I returned from the trip, I started the troublesome machine and attempted to open the Microsoft Update site to make sure its copy of XP was up-to-date. But the malware had managed to disable several Windows services intermittently, including Services.msc, so Internet Explorer would shut down repeatedly.

At this point, I was seriously considering a hard-disk reformat and XP reinstall. I even had the XP installation CD in the drive and was ready to begin the process. But even though my daughter and grandson assured me that they had backup copies of all their personal files, I decided to try one more time to salvage the existing setup.

I'm very glad I did, because it turns out there were lots of vacation and holiday images and videos on the machine that hadn't been backed up. First, I installed a free copy of Malwarebytes' Anti-Malware antivirus program on the infected PC, updated the app's virus definitions, and ran a complete scan.

The initial Malwarebytes Anti-Malware scan detected 104 separate infected files and folders.

That first scan turned up a mere 104 infected files and folders. Here's a list of the nasties the machine had picked up:

• Trojan.Vundo
• Troja.Vundo.H
• Trojan.FakeAlert
• Rogue.Installer
• Trojan.Downloader
• Trojan. Dropper
• Trojan.Agent
• Worm.KoobFace
• Rogue.AdvancedVirusRemover
• Rogue.SystemSecurity
• Adware.BHO
• Rootkit.Agent
• Spyware.Agent
• Trojan.BHO
• Hijack.LSP
• Rogue.Multiple
• Disabled.Security

After viewing the report, I rebooted the PC and ran another malware scan. This time, Malwarebytes' app found only nine infected files.

The second Malwarebytes Anti-Malware scan detected only nine infected items.

I rebooted once more and ran yet another scan, which indicated that the PC came up clean.

The third Malwarebytes Anti-Malware scan indicated that all viruses and other malware had been removed from the infected PC.

Once I was assured that the PC was malware-free, I revisited the Microsoft Update site to download and install all the XP security patches the machine required. Then I sprang for the $25 version of Anti-Malware to get the program's real-time virus scanning and automatic updates.

I knew all attempts to alter the user behavior that led to the infections would be futile, so instead, I instructed my daughter and grandson to run Malwarebyte's scanner each time they start the system and just before each shutdown. That was a little over two weeks ago, and so far, the PC remains free of infection. Still, you can bet I'll be paying much closer attention to that machine from now on.

Source: http://news.cnet.com/8301-11128_3-10347497-54.html

Password Hackers Gear for Action

2009-09-04T14:06:00.001-07:00

Friendly Computers advises you to create good passwords that are very difficult to guess, and change them regularly. Also, never give your password to anyone, even if you think you can trust them. This can prevent your computer or accounts from being hacked into and your data from being stolen. Read more below…

All that often stands between a malicious hacker and access to valuable, confidential data is a few keystrokes: an end-user's or admin's password. Yet even the most carefully crafted and well-guarded password is susceptible to being stolen from an innocent victim, and crafty miscreants have numerous techniques at their disposal to do the dirty deed.

In order to protect users and your organization from a password attack, you must first have a clear understanding of the various tactics available. From there, you can develop policies and educate users to prevent such an attack from succeeding. Today, we'll take a closer look at some of the types of attacks, as well as the best approaches to squelching them.

The most popular password attacks include authentication bypassing; guessing; network sniffing or eavesdropping; keystroke logging; hash cracking; credential replaying; and social engineering.

Authentication bypassing
This attack entails simply hacking around the authentication check. A common example: A would-be hacker uses a separate boot disc with the ability to read the targeted data partitions so as to bypass the normal log-on prompts and access the data directly. Another example would be an attacker using a remote buffer overflow (or SQL injection, and so on) against a running application or service to gain unauthorized access to the data.

Password guessing
Here, an attacker attempts to guess a user's password by making multiple (sometimes thousands or millions) log-on attempts using proposed passwords against some sort of log-on prompt. Common guessing locations include the normal log-on prompt, Web-based e-mail, FTP, and remote management consoles.

Source: http://www.pcworld.com/businesscenter/article/171468/password_hackers_gear_for_action.html

Mobile Users Unfazed by Web Threats

2009-09-03T14:02:00.001-07:00

It may seem like browsing the internet on your cell phone would be a lot safer than a computer, but this may not be the case. There are a variety of malware affecting mobile phones and their numbers are growing rapidly. Friendly Computers recommends that you use security software if possible, and to be careful when browsing the web on your phone. Read more below…

Users are under the impression that mobile phones are more secure than PCs, according to the latest Trend Micro survey. A number of users are found not practicing safe browsing when using their mobile phones.

The survey shows that 44% of over 1,000 respondents are lax when it comes to surfing using their mobile phones. The respondents are actually more concerned of losing data such as contact numbers via physical phone loss rather than information loss due to Web threats and phishing or spam attacks. In fact, only 23% utilize security software already installed in their phones. Some even believe there is no use for such software as mobile phones are not as prone to security risks.

Quite unfortunate is the fact that users’ assumption that mobile phones are spared of attacks by cybercriminals is very much incorrect, as mobile threats have been around for the past four years now. Trend Micro researchers often see Symbian malware such as SYMBOS_BESELO.A, SYMBOS_VIVER.A, SYMBOS_FEAKS.A, and SYMBOS_YXES.B infect Symbian-based phones. Other notable mobile malware include WINCE_INFOJACK.A and WINCE_CRYPTIC.A, which target Windows mobile phones. These so-called traditional mobile malware are still very much active up to this day as seen in the chart below.

As mobile phones become more Web-based and as users more heavily rely on them to conduct their day-to-day business, potential risks brought about by phishing and other Web threats will become more rampant as well. Users are advised to be wary when browsing as this could lead them to malware infection and information loss. They are strongly urged to use security software to stay protected from malware infections.

Source: http://blog.trendmicro.com/mobile-users-unfazed-by-web-threats/

Trojan Targets Skype Users

2009-08-31T14:55:00.001-07:00

Friendly Computers discovered information about a frightening new piece of malware affecting Skype users, which records your voice calls and could potentially send them to a third party. Read more below…

TrendLabs researchers were alerted of a newly released Proof-of-Concept (PoC) that listens and records voice calls carried out via Skype. Trend Micro detects this as TROJ_SPAYKE.C. Skype is a popular application used for making voice over IP (VoIP) calls.

Upon execution, the DLL component (also detected as TROJ_SPAYKE.C) intercepts Skype traffic and hooks the send and recv APIs. This is done before Skype encrypts the traffic it sends to other users. This enables the Trojan to save all gathered information as audio files, which could then be sent to a malicious user. Here’s a screenshot of the captured information:

Figure 1. Sample of intercepted traffic

This poses no threat as of the moment; it only collects information but does not decrypt the said information and consequently send it to a remote user. However, future attacks that do engage in information theft cannot be ruled out.

Users are advised not to give away any crucial information when conversing online to prevent info theft. Trend Micro protects users from this attack through the Trend Micro Smart Protection Network.

Source: http://blog.trendmicro.com/trojan-targets-skype-users/

Beware fake Snow Leopard sites

2009-08-28T15:33:00.001-07:00

Although Mac OS X Snow Leopard will not be released until Friday, many websites are offering a free download of what is allegedly the new OS. Really, they are just offering up a trojan that will redirect you to phishing websites and possibly install fake antivirus software. Friendly Computers advises you to avoid these websites and purchase the upgrade from Apple when it is released. You can read more below…

Before the August 28 official release of Apple’s OS X Snow Leopard, cybercriminals are already hitchhiking on this to proliferate their malicious activities. Earlier today, Advanced Threat Researcher Feike Hacquebord discovered several fake sites that supposedly give Mac users free copies of the newest version of the Mac OS, Snow Leopard. However, accessing these malicious sites land users to a DNS changer Trojan detected by Trend Micro as OSX_JAHLAV.K.

Once executed, OSX_JAHLAV.K decrypts codes, which include a script that downloads other malicious scripts. The said script then alters the DNS configuration and includes two additional IP addresses in its DNS server. Users are thus possibly redirected to phishing sites and other fraudulent sites. In fact, some of these bogus sites are reportedly hosting FAKEAV (rogue antivirus) variants and components.

As of this writing, all malicious URLs are already blocked by Trend Micro. Users are strongly advised to get only the latest Snow Leopard update directly from the Apple site…

Source: http://blog.trendmicro.com/bogus-snow-leopard-update-sites-lead-to-dns-changers/

Snow Leopard Contains an Antivirus

2009-08-26T10:19:00.001-07:00

Friendly Computers discovered that the next version of Mac OS X, Snow Leopard, could come with an antivirus feature. This is a surprise, considering one of the major selling points of Macs and Mac OS X is that they are prone to be malware-free. Read more below…

We’ve gotten reports about an interesting feature in Snow Leopard, the new version of Mac OS X due for release this Friday. According to reports we’ve seen – and the screen shot below – Snow Leopard contains an antimalware feature.

We’re not sure yet exactly how this works, but the above screen shot shows this feature working with a download made via Safari, detecting a version of the RSPlug Trojan horse in a downloaded disk image.

Source: http://blog.intego.com/2009/08/25/snow-leopard-contains-an-antivirus/

Rogue Facebook apps steal login data, send spam

2009-08-19T15:34:00.001-07:00

Friendly Computers warns you to be careful using Facebook apps. There are few out there that can steal your log in info and spam your friends. Read more below…

Security firm Trend Micro warned on Wednesday that a handful of rogue Facebook apps is stealing log in credentials and spamming the victim's friends.

So far, six malicious applications have been identified: "Stream," "Posts," "Your Photos," "Birthday Invitations," "Inbox (1)," "Inbox (2)" according to a blog post by Trend Micro researcher Rik Ferguson.

As of Wednesday afternoon, all of the apps were live except for "Stream," he said in an e-mail.

This screenshot shows evidence of the phishing scam on Facebook.

(Credit: Trend Micro)

The activity started earlier in the week with a Facebook notification Ferguson says he got from an app called "sex sex sex and more sex!!!," which has more than 287,000 fans. The notification said that someone had commented on one of his posts. That app doesn't appear to be malicious and may have been compromised somehow in order to begin the distribution of the spam, he said.

That first notification included hyperlinks that led to a phishing site on the "fucabook.com" domain, allegedly registered to someone in Armenia, he said. Once Ferguson gave up his credentials (for a Facebook account he uses for research purposes) he was directed to Facebook and to an application install screen for the app called "Posts."

He installed that app and immediately his friends were spammed with a bogus notification "Profile_name has sent you a message," with the hyperlink to the phishing site.

On Tuesday, the first couple of apps were sending notifications that hyperlinked to the fucabook phishing site but by Wednesday the destination had changed to a simple IP address rather than a domain name, he said. A JavaScript that pulls up Facebook bounces the browser around among any of the six rogue apps to get them widely installed and the cycle continues, he said.

All the apps look and act exactly the same and include ads.

"I am keeping Facebook informed of these developments as they arise and they are working hard to rectify the situation," Ferguson wrote on his blog.

A Facebook spokeswoman said the company was looking into the matter and provide more comment later.

Ferguson recommends that Internet users always check the URL displayed in the browser address bar before entering any sensitive information on a site and hover the mouse over a hyperlink to see the URL. Facebook users should also review their privacy settings regularly and delete any applications they no longer use, he said.

Source: http://news.cnet.com/8301-27080_3-10313618-245.html

Security firms discover botnet on Twitter

2009-08-14T15:25:00.001-07:00

Microblogging website Twitter has been on the forefront of news because of its security issues lately, and Friendly Computers just discovered that it could be used to spread malware and create a botnet. Read more below…

A Twitter account can be used as the command center for harnessing a "botnet" of virus-infected computers, security firms Arbor Networks and Symantec reported. In a blog post Friday, Symantec analyst Peter Coogan wrote that researchers found an account, @upd4t3, which was tweeting out links to download a piece malware called Downloader.Sninfs. The account has since been suspended by Twitter.

Downloader.Sninfs, also known as Infostealer.Bancos, is a Trojan that uses the guise of a Brazilian banking site to collects passwords and related personal information from infected computers.

Security on Twitter is front and center right now, as the microblogging site was completely downed by a distributed denial-of-service attack last week that was targeting a Georgian political blogger. While other services like Facebook and the Google-owned Blogger were also hit by the attack, Twitter was the only one to suffer a full-out, hours-long outage, and it called into question just how secure the service really is.

But in this case, the Twittering botnet doesn't necessarily highlight a vulnerability that would be unique to Twitter.

"Although Twitter.com has been used in this instance, there are plenty of alternative sites on the Internet that could also be used as a similar medium of communication," Coogan wrote.

Source: http://news.cnet.com/8301-13577_3-10310168-36.html

Prevent USB Drives from Spreading Viruses

2009-08-10T15:41:00.001-07:00

If you have a USB drive that you use with multiple computers, it could be used to spread viruses and malware from one PC to another. Friendly Computers advises you to change your AutoPlay settings to prevent this from happening, and you can read how to do it below…

When you stick a thumb drive infected with a worm like Conficker/Downadup into a clean system, the normally handy AutoPlay feature launches the worm and spreads the infection. So, what are you waiting for? Turn off AutoPlay! Panda Security offers a free "vaccine" program that will turn it off. But you can actually flip the master switch without any utilities. Here's how:

On non-Home versions of Windows (for example, Windows XP Professional, Vista Ultimate):
1. Click Start, click Run, enter gpedit.msc (launch Group Policy Editor);
2. XP users: Open Computer Configuration | Administrative Templates | System,
Vista users: Open Computer Configuration | Windows Components | AutoPlay Policies;
3. Find Turn Off AutoPlay in the right-hand pane and double-click it;
4. Choose Enabled and set it for All drives.

Or, in any Windows version:
1. Launch the Registry editor (Start | Run | regedit);
2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Policies\Explorer;
3. Double-click NoDriveTypeAutoRun in the right-hand pane and set its value to hexadecimal FF.

Source: http://www.pcmag.com/article2/0,2817,2343838,00.asp

Cookienator Cleans Up Questionable Cookies

2009-08-07T15:41:00.001-07:00

Friendly Computers discovered a useful utility that deletes all of the potentially harmful cookies on your computer while leaving the others in-tact. Read more below…

Windows only: Portable application Cookienator cleans up cookies from any of the major browsers, but instead of removing all your cookies, only removes the ones that are used to track you.

Once you've downloaded and extracted the no-installation-required utility, you can simply launch the executable to analyze just how many evil cookies are sitting around on your computer, and clean them up immediately. The options panel will let you choose which browsers to check, and it even includes the hard-to-delete Flash cookies. The utility can automatically clean your cookies when you log in, or you could choose to only run it manually.

Cookienator is a free download for Windows only. If you'd like to just opt-out of the tracking mechanisms, you can use previously mentioned PrivacyChoice, which works the opposite way—it adds a cookie that tells advertisers not to track you.

Source: http://lifehacker.com/5332032/cookienator-cleans-up-questionable-cookies

Mysterious computer virus quiet, but attack may be in works

2009-08-05T13:48:00.001-07:00

The Conficker worm that caused an uproar in April may finally be launching an attack sometime soon. Friendly Computers has more information below…

Malicious software installed on millions of computers has yet to wreak havoc on technology systems worldwide as some fear, but researchers warned that the ”Conficker worm” could still strike in the future.

Also known as Downadup or Kido, Conficker turns infected PCs into slaves that respond to commands sent from a remote server that effectively controls an army of slave computers.

Researchers feared that the network created by Conficker might be deployed Wednesday for the first time since the worm surfaced last year because its code suggested it would seek to communicate with its master server on April 1.

They formed an industry-wide task force to fight the worm, bringing widespread attention that experts said probably scared off the criminals who command the army of slave computers, known as a botnet.

“The Conficker-infected machines attempted to call home to get new commands from their master but those calls went unanswered,” said Joris Evers, spokesman for security software maker McAfee Inc.

Researchers warned that the botnet’s commanders are probably waiting until they are under less scrutiny before they mobilize the network of infected computers.

“I never thought it would happen April 1,” said Roger Thompson, chief research officer at AVG, an anti-virus firm. ”It might be tomorrow. It might be next week. It might be next month.”

Privately held AVG and other firms with security labs including Microsoft Corp, Symantec Corp, McAfee and Trend Micro Inc will closely monitor the botnet’s activities long after Wednesday.

The virus exploits weaknesses in Microsoft’s Windows operating system. It can evade corporate firewalls by passing from an infected machine onto a USB memory stick, then onto another PC.

In February, Microsoft announced it was offering a $250,000 reward for information leading to the arrest and conviction of whoever is responsible for creating Conficker, saying the worm constituted a criminal attack.

Source: http://www.canada.com/technology/Mysterious+computer+virus+quiet+attack+works/1452302/story.html

Firefox 3.5.2 and 3.0.13 security updates now available for download

2009-08-04T15:30:00.001-07:00

Users running Mozilla Firefox, including some of us here at Friendly Computers, should make sure they have updated their browser to the newest version that was just released, as it corrects some major security flaws. Read more about the update below…

As part of Mozilla’s ongoing stability and security update process, Firefox 3.5.2 and Firefox 3.0.13 are now available for Windows, Mac, and Linux as free downloads:

Firefox 3.5.2 is available at http://firefox.com/

Firefox 3.0.13 is available at http://www.mozilla.com/firefox/all-older.html

We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 3.5 or Firefox 3, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu.

For a list of changes and more information, please review the Firefox 3.5.2 Release Notes and the Firefox 3.0.13 Release Notes.

Note: All Firefox 3.0.x users are encouraged to upgrade to Firefox 3.5.2 by downloading it from http://firefox.com/ or by selecting “Check for Updates…” from the Help menu.

Source: http://blog.mozilla.com/blog/2009/08/03/firefox-3-5-2-and-3-0-13-security-updates-now-available-for-download/

Using software updates to spread malware

2009-08-03T11:16:00.001-07:00

Friendly Computers stumbled upon an intriguing story about a new way for malware could be transmitted to your computer – via your Wi-Fi connection during software updates. Read more below…

Two researchers from Israeli security firm Radware have figured out a way to trick computers into downloading malware or take over a computer by hijacking the communications during the update process for Skype and other applications.

About 100 applications, many among the most popular on CNET's Download.com, can be targeted, said Itzik Kotler, team leader of Radware's security operations center, before his presentation here at the Defcon conference.

Kotler and colleague Tomer Bitton are releasing a tool called Ippon (which means "game over" in Judo) that enables the attack and offers a 3D view of potential victims on a network.

With the tool, an attacker can scan a Wi-Fi network for computers checking for new updates via HTTP (Hyper Text Transport Protocol). If the system detects a computer sending a software update request, the tool replies before the app update server can respond, Kotler said.

Ippon customizes messages for the particular application and sends a message indicating that there is an update available even when the system already has the most recent legitimate update, he said. A malicious file is then downloaded from the attacker's server onto the victim's computer.

The researchers said they had not tested whether Firefox or other major browsers are vulnerable. Microsoft software is not vulnerable because it uses digital signatures in its update process, which all software updates should, Kotler said. People should be careful when using public Wi-Fi networks and avoid doing software updates on them, he said.

"You have to assume when on a public infrastructure that the infrastructure can be attacked," he added.

There is also the possibility that someone could spread an "airborne virus" via software updates that uses victim machines to attack and infect other machines on a network, according to Kotler.

Source: http://news.cnet.com/8301-27080_3-10301485-245.html

Apple fixes iPhone SMS flaw

2009-07-31T13:18:00.001-07:00

If you own an iPhone you may want to connect your phone to your computer and click “check for updates”. Recently, a flaw related to SMS revealed that a hacker could take control of someone’s iPhone, make calls, send texts, and more. Friendly Computers read about this and we think you will find this useful:

Apple on Friday fixed an SMS-related security flaw in the iPhone that had been at the center of one of the most talked-about exploits at this week's Black Hat security conference.

"We appreciate the information provided to us about SMS vulnerabilities which affect several mobile phone platforms," Apple representative Tom Neumayr told CNET.

"This morning, less than 24 hours after a demonstration of this exploit," Neumayr continued, "we've issued a free software update that eliminates the vulnerability from the iPhone. Contrary to what's been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit."

The security flaw involved malicious SMS messages that could allow hackers to take control of an iPhone. The flaw could have let them make calls, send text messages, or almost anything they wanted on the victim's iPhone.

Security researchers Collin Mulliner and Charlie Miller showed the flaw in action at Black Hat earlier this week. Miller said the flaw could take control of the iPhone because of the way the device handled the SMS message. Researchers at Black Hat also showed how SMS-related vulnerabilities can affect Windows Mobile smartphones including those from HTC, Motorola, and Samsung.

Miller said that Apple was first notified of the flaw six weeks ago.

According to Apple, the iPhone 3.0.1 update released today improves the device's memory handling, essentially fixing the exploit.

The update is available by plugging your iPhone into your computer and clicking on the Check for Update button in iTunes.

Source: http://news.cnet.com/8301-1009_3-10301001-83.html?tag=mncol;title

Clampi Trojan stealing online bank data from consumers and businesses

2009-07-30T09:29:00.001-07:00

Friendly Computers recently learned of a scary Trojan that has been circulating around the web for a few years. This Trojan, known as Clampi, can steal bank info and is already responsible for the loss of many large sums of money. Read more about it below…

LAS VEGAS--Hundreds of thousands of Windows computers are believed to be infected with a Trojan called "Clampi" that has been stealing banking and other log-in credentials from compromised PCs since 2007, a security researcher said on the eve of the Black Hat security conference.

Clampi, also known as Ligats, Ilomo, or Rscan, infects computers in drive-by downloads when people visit Web sites hosting malicious code that exploits vulnerabilities in browser plug-ins Flash and ActiveX, said Joe Stewart, director of malware research for the Counter Threat Unit of SecureWorks.

When the infected computer is used to access a targeted banking or other site, the log-in and other information is stolen.

Clampi has spread quickly through Microsoft-based networks in a worm-like fashion in recent months, Stewart said. It uses domain administrator credentials that were either stolen by the Trojan or based on an administrator logging into an infected system. It then uses a Windows executable SysInternals tool, "psexec," to copy itself to all the computers on the domain, he said.

Clampi also serves as a proxy server for criminals to anonymize their activity when logging into stolen accounts.

Stewart has identified 1,400 Web sites in 70 different countries out of 4,500 sites being targeted by the Trojan attack. The sites include banks, credit card companies, online casinos, retail sites, utilities, ad networks, stock brokerages, mortgage lenders, and government and military portals.

Based on the techniques they are using, Stewart said criminals in Eastern Europe are believed to be behind Clampi.

Because it can take days or weeks to get a sample of the latest version of the Trojan, antivirus protection is often delayed, arriving after a PC is already infected, according to Stewart.

"This type of Trojan, banking Trojans in general, are the biggest threat to home computer users and businesses doing banking online," he said. "You can't rely on antivirus. At some point you are going to visit the wrong site and they'll get a Trojan on your computer."

The Trojan uses three types of encryption and sophisticated virtual machine-based packing technology to disguise itself in order to get through antivirus filters, according to Stewart.

SecureWorks' intrusion prevention software doesn't stop computers from getting infected but it prevents the stealing of the data by blocking the encrypted traffic that it deemed suspicious, he said.

Stewart recommends that consumer and business Web surfers use a dedicated computer for their banking and other sensitive financial online activities that is separate from the computer where e-mail is accessed and Web surfing is done. People should also be careful using removable drives on those isolated computers as Trojans can spread that way.

By now, the criminals "probably have way more accounts than they can actually clean out," Stewart said.

Even so, the losses from Clampi are starting to be publicized. The Trojan was behind the theft of nearly $75,000 from Slack Auto Parts in Gainesville, Ga., according to the Security Fix blog at The Washington Post.

Source: http://news.cnet.com/8301-27080_3-10298233-245.html

Microsoft to fix critical hole in IE

2009-07-27T13:35:00.001-07:00

Although Microsoft usually only releases security updates once a month, it has stated that it will be releasing an out-of-cycle patch tomorrow to fix a vulnerability in Internet Explorer and Visual Studio. Friendly Computers has more information below…

In a rare move, Microsoft on Friday said it would be releasing security updates on Tuesday--outside of its monthly patch cycle--for a critical vulnerability in Internet Explorer and a moderate vulnerability in Visual Studio.

The two security bulletins will address one overall issue and are being released separately "to provide the broadest protections possible to customers," Microsoft said in a statement.

The vulnerabilities affect Windows 2000, Windows XP, Vista, Windows Server 2003 and 2008, Internet Explorer 6, 7 and 8, Microsoft Visual Studio .NET 2003, Visual Studio 2005 and 2008 and Visual C++ 2005 and 2008, according to the security bulletin advance notification.

"While we can't go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications," the statement said. "The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin."

"The Internet Explorer update will also address vulnerabilities rated as critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported," Microsoft said.

Customers who are current with their security updates are protected from known attacks related to the updates, the company said. The updates will be released through the Microsoft Update, Windows Update, and Windows Server Update services.

A Webcast to address customer questions is scheduled for Tuesday from 1 p.m. PDT to 2 p.m. at this site.

Microsoft typically releases security patches on a monthly basis, the second Tuesday of every month, and did not say why it is making this rare, out-of-cycle release.

Source: http://news.cnet.com/8301-27080_3-10295592-245.html

Adobe to fix critical Flash hole next week

2009-07-23T15:01:00.001-07:00

Friendly Computers learned that Adobe will finally patch a security hole that has been around since last year. Read more below…

Adobe said Thursday that it will issue fixes next week for a critical hole in Flash that is being exploited in attacks against Adobe Reader version 9 on Windows.

The vulnerability exists in current versions of Flash Player for Windows, Macintosh, and Linux and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for those same platforms, Adobe said in an advisory.

The vulnerability could cause a system to crash or allow an attacker to take control of the computer, Adobe said.

An update for Flash Player v9 and v10 for Windows, Mac, and Linux will be released by July 30, while a fix for Solaris is pending. Adobe should have an update for Reader and Acrobat v9.1.2 for Windows, Macintosh, and Unix by July 31.

An attacker can exploit the vulnerability by luring someone to a Web site hosting a specially crafted Shockwave Flash file, US-CERT said in an advisory Thursday.

"The Adobe Flash browser plug-in is available for multiple Web browsers and operating systems, any of which could be affected," CERT said. "An attacker could also create a PDF document that has an embedded SWF file to exploit the vulnerability. This vulnerability is being actively exploited."

The vulnerabilities can be mitigated by disabling the Flash plug-in or by using the NoScript extension for Mozilla Firefox or SeaMonkey to whitelist sites that can access the Flash plug-in, CERT said.

To disable Flash, US-CERT recommends:

• Disabling Flash in Adobe Reader 9 on Windows platforms by renaming the following files: "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" and "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll".

• Disabling Flash Player or selectively enabling Flash content as described in the "Securing Your Web Browser" document.

"Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF that contains SWF (Shockwave Flash) content," the Adobe advisory said.

Typically, the authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll or C:\Program Files\Adobe\Acrobat 9.0]\Acrobat\authplay.dll, Adobe said.

Windows Vista users can mitigate the impact of the exploit by enabling UAC (User Access Control), according to Adobe. Flash Player users should be careful when browsing unfamiliar Web sites.

Researchers on Wednesday reported that they had uncovered attacks in the wild in which malicious Acrobat PDF files were exploiting a vulnerability in Flash and dropping a Trojan onto computers.

The bug used in the exploit has been around since December 2008.

Source: http://news.cnet.com/8301-27080_3-10294212-245.html?tag=mncol;title

How do I know if my computer has a virus?

2009-07-21T10:00:00.001-07:00

As usual, Friendly Computers reminds you to regularly update your antivirus and operating system software to avoid getting viruses and other malware. In addition, we found a great article outlining the signs to look for to determine if your computer is infected with a virus. Read more below…

Do you think you may have a virus? The following are some ways you can tell you may have a virus

Your Anti-virus software won't come up when you try to start it.

You get a lot of returned e-mails that you did not send. NOTE: this might also be spoofing, meaning someone else is infected and is giving out your address.

You get e-mails back letting you know you have a virus. This could also be spoofing If there are attachments, do not click on them or open them. Delete the messages immediately.

Your computer is unusually slow, or exhibiting strange behavior. Spyware will also commonly cause these symtoms.
If your computer does have a virus, you should purchase anti virus software and install it on your computer if you do not have any. You can find it at places like most retail outlets, and allcomputer stores. In the meantime, you can immediately do a free virus scan by simply typing "free virus scan" into your favorite search engine. You can also instantly purchase the software at various sites such as Free AVG, Norton AntiVirus and Macafee. Check with your ISP, as they may offer free virus/security protection. Comcast for instance offers Macafee for free to all her customers.

If you have anti-virus software make sure, it is updated regularly. In fact, most programs have an option to perform automatic updates.

The best way to keep a virus from spreading through your computer and to remove it is to boot the computer into safe mode, by hitting the boot menu key at startup (usually F8)

If you cannot get it to remove a, send or take it in to a computer repair shop and have them clean it out.

Source: http://www.examiner.com/x-5426-Internet-and-Technology-Examiner~y2009m7d19-Gadgets-101-How-do-I-know-if-my-computer-has-a-virus

'Harry Potter' Computer Virus Plagues Would-Be Downloaders

2009-07-20T10:39:00.001-07:00

The latest Harry Potter movie is not only attracting raging fans – it’s also enticing hackers and cybercriminals. The latest virus plaguing internet users claims to be a video player needed to watch the movie online. In actuality, it is malware that scans your computer for credit card and bank information. Friendly Computers found more information about the virus, which you can read below…

Harry Potter's latest cinematic adventure is already breaking box-office records, as the boy wizard encounters murder, betrayal and heartbreak at a theater near you. But a very different danger is plaguing his fans in cyberspace — where hackers are using the blockbuster to cast a spell on computers worldwide.

"It's definitely the most targeted film that we've seen," explained Michael Greene, VP of Product Strategy at PC Tools, whose virus fighters have been hard at work battling "Harry Potter hackers" over the last few weeks. "This is pretty scary stuff."

Here's how it works: These days, millions of people are searching the Web for info on "Harry Potter and the Half-Blood Prince," which is certain to become the #1 film in the country. Knowing this, cybercriminals are using search optimization tactics to target popular sites like Digg.com with headlines like "Watch 'Harry Potter and the Half-Blood Prince' online free!" and comment posts filled with related keywords to attract Google. Seeing professional-looking images from the film, Potter fans are convinced that the movie is one click away — but as they keep clicking, a virus is being installed on their computers.

"A couple of weeks ago I started to notice it; there was a Digg post about viewing the new 'Harry Potter' movie in advance," Greene explained. "It tells you to download a video player — which is actually pretty common — if you watch a Flash movie or don't have the right software. But in this case, you're not getting a Flash plug-in or anything like that — what you're getting is the malware of the day.

"At that point, your computer has been infected," he added. "And even worse, you don't get to see the 'Harry Potter' movie."

The reason it's particularly scary is that these virus downloads are brazenly creeping onto legitimate Web sites — and teasing a largely youth-oriented fanbase with the forbidden fruit of a free, legal download. "In the old days, people would go to gambling sites or pornography sites and get infected — the dark underbelly of the Internet," Greene said of the new hackers. "Viruses and malware would just trash your computer, and you might lose some data. Nowadays, it's a lot worse than that."

The Potter virus is categorized as crimeware, which searches your computer for credit card or bank information, Greene said. "[The hackers] will collect credit card details, social security numbers. Then they'll turn around and sell that to another group, a 'carding operation' they call it, and these guys will buy blank credit cards from a third group; they'll put them together, print out the credit cards and then sell physical credit cards with your numbers on the street."

The lesson, Greene explained, is a basic one: If you want to see "Half-Blood Prince," pay 10 bucks and get yourself to a movie theater. And if you're one of the many who've already attempted to download something too good to be true — get yourself a good antivirus program and begin cleaning up your computer, immediately.

"As long as there is money to be made, havoc to be created, there will be Voldemorts out there," Greene joked, comparing the Harry Potter hackers to the boy wizard's evil nemesis. "To keep Hogwarts running, we have to train the magicians to keep themselves safe."

Source: http://www.mtv.com/movies/news/articles/1616331/story.jhtml