The 411 on Conficker B++

There’s a lot of tech jargon when reporting the new variant of the Conficker worm, Conficker B++. We’ll skip it.

We previously reported on the miseries of the Conficker worm, AKA W32.Downadup.B: think locking you out of system directories, blocking access to security software and updates, and deleting any system restore points in your computer.

Ouch.

Conficker spread fast earlier this year; at one point Conficker infected over 6 million PCs within four days. Conficker generated random domain names to download more malware from, which created delays in stopping Conficker. Lucky for us, techies cracked the Conficker code, discovering how the worm generated those domains, and blocking access to them for most computer users.

Hold that “phew”: now Conficker B++ uses fresh, stealthier techniques. The SRI Report says that Conficker B++ bypasses the use of Internet Rendezvous Points, using a DLL patch and pipe backdoor to execute its code.

So how do you prevent Conficker B++? The Microsoft patch is critical in fighting Conficker B++. Microsoft’s corporate-friendly language hardly expresses the pain Conficker B++ could mean to you—don’t let understated sentences like “Vulnerability in Server Service Could Allow Remote Code Execution” have you delay these updates. Windows XP and earlier systems are especially vulnerable—if you haven’t already, set your computer to automatically update.

Conficker also exploits commonly used passwords. If you use any of the weak passwords that Conficker exploits, even only for low-value sites, make sure you change them.

Yeah, we’re referring to “sdrowssap”.

Guest Writer: This is a guest post by Kristopher Dukes of FasterPCCleanClean.com – an invaluable asset in the battle against malware. Pay a visit to FasterPCCleanClean.com, and I’m convinced you’ll become a regular visitor.

The content of this article is copyright 2009 © by Dukes Media, LLC All rights reserved.

What’s in a (File) Name?

One of Bill’s security recommendations (among the many that he tries to pound into the heads of his readers), is to disable the hiding of file extensions for known file types.

In this, my second article on Bill’s Blog, I will explain why this is important and how it can protect you.

This can get a bit complicated for the novice user, so I’ll try to make it easy to understand.

Firsts things first. What is a file extension? File extensions tell the operating system what type of file it is dealing with, which in turn determines what application is opened when you double click the file.

Adobe PDF documents have a PDF extension, MP3 audio files have the MP3 extension, video files use a number of extensions such as AVI, MPE, MPEG, WMV, and so on. Windows keeps track of what file extensions should be opened with which application, if you rename a file and delete its extension, Windows no longer knows what type of file it is and will not be able to open it.

When working with Windows, almost all files have an extension, this is the 3 or 4 characters after the LAST “.” (dot or period) in the file name. Why is the word LAST in upper case? Because file names can have more than one “.” in them, and this is where your ability to see these extensions can save you.

For example, consider this file named “Invoice.doc”. For many people they would immediately know this is a standard Microsoft Word document. If your PC is set to hide known file extensions then your computer would display the file in a Windows Explorer window, or email attachment, as “Invoice”, hiding the 3 digit extension.

The problem here is, a Trojan can come in as an email attachment as a compressed file, or an executable called Invoice.doc.exe. Remember, only the digits after the LAST “.” are important to the file type, so even though you see Invoice.doc, the file actually has an exe extension, making it an exe or program.

If you have your PC set to hide extension, you would see the file name as “Invoice.doc”, even though the actual extension (which is hidden by Windows) is exe. Another trick is to give the file an icon that makes it look like it’s a Word document to fool unsuspecting users even more.

So you can see, if you disable hidden extensions, you will be able to see the actual file extension, not the one the Trojan wants you to see, and you will be able to better determine if the file is in fact what it is claiming to be.

To unhide these hidden extensions;

1. Go to start>Control Panel

2. Click on >Folder Options

3. Now go to >View tab> Then uncheck the box “Hide extensions for known file types” >click Apply>then OK. That’s it done.

Now you can see the file extensions on all file types.

Guest Writer: This is a guest post by Dave Brooks a professional techie from New Hampshire, USA. Dave has now become a regular guest writer who’s last article “Let’s Talk About Backups” was a huge hit.

Pay a visit to Dave’s site at Tech-N-Go, and checkout the Security Alerts.

Cloud Computing – An Overview

Cloud computing is not a new concept. If you really want to get down to it, the internet IS the cloud.

The purpose of this article and the articles that will follow is to try and flush out desktop computing in the cloud and how we are moving farther away from the traditional “C drive” desktop and closer to the desktop that lives in the cloud.

First of all, we need to figure out what we are trying to accomplish. While there is more than one school of thought on how to get there, the end result is arriving at the same summit.

The simple answer: I envision browser based computing where all of my data exists on a web accessible server from anywhere in the world. This includes my software, desktop, c drive, storage, etc.

So basically when I boot my machine, it opens a browser that contains my “desktop” that exists on the web. Synchronizing that information to the c: drive is important as well for the times you are unable to connect to the web.

I hear what you are saying – the technology already exists and is used. Unfortunately, the people who are making this point are geeks like you and me and do not apply to the mainstream computer user. To get an acceptance of moving desktop computing to the web, we must convince the mainstream that it is safe to do.

In my next article, we will attempt to explore the biggest concern:

The Cloud – Is my information safe?

In the meantime, here are several up and coming Cloud Links:

Cloudo is a cloud based desktop with storage (not much mind you). The concept is there and will give an idea of what is possible. This is free for all, so sign up and give it a try.

This is a short article explaining Google’s up and coming Gdrive and their attempt to dethrone Microsoft from your desktop.

Guest Writer: This is a guest post by Glenn Taggart of The Crazy World of G, who brings a background as a high level super user, to the Blogging world.

Why not pay a visit to Glenn’s site at The Crazy World of G.

Inventive FaceBook Scammers Trick You Out of Money with Trojans

Do you take the same pains to protect your FaceBook details online, that you do your banking info?

A recent case involving a Microsoft employee from Seattle, Bryan Gutberg, highlighted the need to protect your FaceBook details in the same way, and be as wary surfing around FaceBook as you are the rest of the net.

This story was first reported by Bob Sullivan, respected cyber-scam reported for MSNBC. In the tale, hackers somehow gained access to Gutberg’s login and password – most likely through a keylogger, or a Trojan such as Zlob or Vundo.

They logged into his FaceBook account and posted a status update saying “Bryan IS IN URGENT NEED OF HELP!” They had also emailed all of his contacts, saying that he had been robbed and that he was in need of money to get home. Many of his friends were ‘defriended’ on FaceBook, so he wasn’t able to have them post messages on his wall letting his FaceBook-contact only friends know that they were the victims of a scam.

One of Gutberg’s friends did fall for the scam – his good-heartedness cost him US$1,200. He wired $600 through Western Union, and then a further $600 at the scammers’ behest.

Trojans and other malware that are designed to steal passwords can quite easily obtain your FaceBook account details from your computer. You can fight these infections by ensuring that you regularly use anti-malware software (certified, not rogue!), keeping all of your programs updated and patched, and taking online browsing precautions like not installing extra codecs.

FaceBook is also urging customers to be aware when they click on links in emails to access their accounts. FaceBook regularly sends these emails with links, so they are a ripe target for scammers. Pay extra attention that the FaceBook login page looks as you remember it, and access your account by opening a new browser window and typing in the address directly wherever you can.

Guest Writer: This is a guest post by Kristopher Dukes of 411-Spyware.com – an invaluable asset in the battle against malware. Pay a visit to 411-Spyware.com, and I’m convinced you’ll become a regular visitor.

The content of this article is copyright 2009 © by Dukes Media, LLC All rights reserved.

Pop-up Downloads – They Get You Coming and Going

Being unaware can cause havoc on your computer.

Your Firewall and Security Applications provide the ultimate in protection while you’re surfing the web, right? Well in a sense, they do.

Paradoxically, it’s because current anti-malware solutions are much more effective than they have ever been in detecting worms and viruses, that we’re now faced with another insidious form of attack.

Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and more crafty recently. The latest twist on this is the so called “pop-up download”.

If you’re unfamiliar with the term, “drive-by download”, they are essentially programs that are automatically downloaded and installed on your computer without your knowledge. This action can occur while visiting an infected web site, opening an infected HTML email, or by clicking on the newest threat, a deceptive popup window – the so called “pop-up download”.

For example, when visiting a site, a user might receive a pop-up box that appears as an offer to download an application. The user is then asked to accept the download despite the fact no application name is offered.

Unfortunately, a typical computer user is generally undereducated in the Internet safety issues that apply in this type of scenario. Clicking “yes”, will lead to the automatic installation of an application – an unknown application.

Often, more than one program is downloaded. For example, file sharing with tracking spyware is very common. Again, it’s important to remember that this can take place without warning, or your approval. Apparently, there are some legitimate application developers who are using this “pop-up download” method to distribute their product.

I find it galling that more so called Internet security analysts have not taken a harder line on this deceptive marketing technique. Is it any wonder the economy is in the tank, when for 20+ years the economy has been based on fraud, and deceptive and illegal practices? When are we going to learn to speak out against this type of nonsense?

What can you do to ensure you are protected, or to reduce the chances you will become a victim?

The following are actions (familiar to regular readers of this site), that you can take to protect your computer system:

• When surfing the web – Stop. Think. Click
• Don’t open unknown email attachments
• Don’t run programs of unknown origin
• Disable hidden filename extensions
• Keep all applications (including your operating system) patched
• Turn off your computer or disconnect from the network when not in use
• Disable Java, JavaScript, and ActiveX if possible
• Disable scripting features in email programs
• Make regular backups of critical data
• Make a boot disk in case your computer is damaged or compromised
• Turn off file and printer sharing on your computer.
• Install a personal firewall on your computer.
• Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
• Ensure the anti-virus software scans all email attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

I recommend that you ensure that the current anti- malware applications, which you depend on to protect your system, are up to the task by reading “The 35 Best Free Applications” on this site.

If you missed “Rogue Security Software on the Rise – What You Need to Know Now!”, you can read it on this site.

GOM Media Player – 5 Star Rated and Free!

Free 5.1 Channel Output. Advanced Playback Capabilities.

Tired of Windows Media Player’s weaknesses? Fed up with its 24.5 MB bloated size? Are you unhappy with its outrageous overhead requirements? Then GOM Media Player, (the unusual name stands for Gretech Online Movie Player), may well be the tool you’ve been looking for.

GOM Media Player’s support for a diverse range of file formats, it’s built in Codecs, and its advanced playback capabilities, have made it one of the most downloaded of all Windows Media Player replacements. It is the number one downloaded media player on CNET (download.com), with nearly 12,000,000 downloads to date.

GOM Media Player is a relatively small (4.66MB) application that can play most encoded video formats including AVI, DAT, FLV, MPEG, DivX, XviD, and more, with its own built-in Codec system.

If you’re the impatient type, GOM Media Player can even play video files that are still in the process of being downloaded. As well, files that have been broken during the downloading process can still be played.

For audio/video files that GOM Media Player can not play due to a missing Codec, (I haven’t found one yet), GOM Media Player will attempt to find one using GUID; if you are interested in seeing how GUID works then go to GUID.org. http://www.guid.org/ Once it finds a match, you will be redirected to a download site from which you can download and install the required Codec/s.

A built-in Screen Capture utility allows you to take screenshots of your video directly from GOM Media Player. Using the Burst Capture feature, you can take up to 999 shots continuous screenshots. I love this feature!

This is my personal choice of media player, and I have yet to be disappointed with its performance. I highly recommend this really excellent free application.

Quick facts:

• DVD-quality videos with 5.1 channel audio output.
• Supports most Codecs (AVI, DAT, MPEG, DivX, FLI using an embedded Codec system
• Plays incomplete or damaged AVI file by skipping the damaged frames
• Plays Locked Media Files while downloading or sharing
• Supports HTTP Streaming ASF/OGG/MP3/AAC/MPEG PS/MPEG TS
• Subtitle, Overlay Mixer features, Keys Remapping, Super speed/High Mode
• Play Audio CD
• Play Video CD/SVCD/XCD
• Enhanced Filter Rendering
• Drag-and-drop support
• Editable skins
• Real-time index rebuilding for AVI files
• Unicode support

Advanced Features:

• Customizable settings on the control panel
• Adjust image brightness, hue, and saturation
• Sharpen and add noise to your video
• Audio equalizer
• Fast forward/rewind using left/right keys
• Repeat a section of your video using A-B Repeat feature

System Requirements: Windows Me/2000/XP/2003 Server/Vista

Note: I’m currently running this application on Windows 7 Beta with no problems what-so-ever.

Download at: Download.com

IE7 Vulnerability Now Being Exploited

A number of Internet security providers, including McAfee, Trend Micro, and F-Secure are reporting that exploit code for the Internet Explorer 7 vulnerability, patched by Microsoft last week, is now circulating in the wild.

If you have not downloaded and applied this patch you should do so immediately. If you have Automatic Updates enabled on your computer, then this patch has already been applied. Careful users will verify that this patch, has in fact, been applied.

Security vendors have noted that emails which take advantage of this vulnerability, are now circulating on the net that have an attached MS Word document, which if opened, will allow a cybercriminal remote control over the now infected machine.

Consequences:

• Loss of personal data.
• Malicious application installation.
• Possible botnet connection.

Given the abysmal state of Internet security, there is no doubt that unpatched systems will be attacked! Take the time to ensure your system has been updated correctly.

Minimum email security precautions:

• Don’t open emails that come from untrusted sources.
• Don’t run files that you receive via email without making sure of their origin.
• Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

Western Digital WD TV – Impressive!

If you are a computer media junky like yours truly, getting that media to your analog and digital television can present a challenge. Like in, how does one do it?

Wonder no more my friends. Western Digital has a great affordable answer to this challenge.

I bought the Western Digital WD TV set top box about a month ago, and have been putting it to the test with various types of computer type media. To put it bluntly, I’m impressed with this unit. In the past 30 days, I have yet to throw a file at it that it won’t play or view.

For those of you with analog TVs, it features a composite cable output. For those of you with up to 1080P high def TVs, the WD comes with an hdmi hookup.

Because my TVs are somewhat older and don’t utilize an hdmi input, I have been using the composite cables to view the media. Once you have the WD TV hooked up, you need only to copy your media files to a flash drive (thumb drive), or any USB connectible storage medium. I have tried it on both a portable WD hard drive, and a flash drive, and both work flawlessly.

Types of media:

• Music
• Video
• Pictures

Pros:

• Plug and play. If you can hook up the cables, this thing pretty much guides you to the point of playing your media. Very user friendly.
• View’s nearly every media format out there. I have yet to have it reject any media.
• Comes with remote
• Small footprint

Cons:

• Remote is small – you could lose it.
• Slight delay sometimes with selecting media with remote – this is a very minor con.
• If you lose the remote, you will have to buy a new one because it is the only way to control the unit.

Rating: 10/10. Simply put, WD TV hits on all cylinders. It is simple to use, plays almost all formats of media, and is very affordable for what it does. Highly Recommend.

Price as tested: $90 from Newegg.com

Guest Writer: This is a guest post by Glenn Taggart of The Crazy World of G, who brings a background as a high level super user, to the Blogging world.

Why not pay a visit to Glenn’s site at The Crazy World of G.

For another take on this amazing product, checkout “Review of the Western Digital WD TV HD Media Player” by fellow Blogger Rick Robinette, at his site What’s On My PC.

Free Software For Tough Economic Times

Times are tough, the economy is in the tank, and if anything, times will get much tougher long before they get better.

We are all now faced with the task of trimming expenses this year, and software applications that cost hundreds of dollars are not going to be number one on our list of must haves.

Luckily, they don’t need to be.

There’s a wealth of tried and tested free software out in the wild blue of the Internet that will meet virtually every need you’re likely to have this year. Take a look at the following recommended free downloads that will help you communicate, get needed work done, have some fun, and manage and protect your system while you’re surfing the Internet.

To download the application/s of your choice, simply click on the application name.

Process those words:

OpenOffice:

OpenOffice 2 is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. It is available in many languages and works on all common computers. It stores all your data in an international open standard format and can also read and write files from other common office software packages including Microsoft Word.

AbiWord:

AbiWord is a free light weight word processing program similar to Microsoft Word. It is suitable for a wide variety of word processing tasks.

WordWeb:

WordWeb is a one-click English thesaurus and dictionary for Windows that can look up words in almost any program. It works off-line, but can also look up words in web references such as the Wikipedia encyclopedia.

Manipulate and correct your pics – put them online:

FastStone Image Viewer:

This is one of my favorite photo applications, with good reason. It’s not just a viewer, but an image browser, converter, and an editor as well. You’ll find the interface intuitive and very easy to use. This program is loaded with features including, renaming, cropping, color adjustments, lossless JPEG transformation, drop shadow effects, image frames, scanner support, histogram and much more.

IrfanView:

IrfanView is a very fast, small, compact and innovative graphic viewer for Windows 9x/ME/NT/2000/XP/2003/Vista. Strange name – terrific application.

Google Picasa:

A free software that helps you locate and organize all the photos on your computer, edit and add effects to your photos with a few simple clicks and share your photos with others through email, prints and on the web.

Play those tunes:

Audacity:

Audacity is free, open source software for recording and editing sounds. It is available for Mac OS X, Microsoft Windows, GNU/Linux, and other operating systems. Definitely the best of breed.

iTunes:

According to Apple this is the world’s best digital music jukebox. Download music, TV shows, movies, and more.

Winamp:

A multimedia player that supports numerous audio and video formats. It also plays streamed video and audio content, live and recorded, authored worldwide.

Watch your fav videos:

Miro:

Miro is a free application for channels of internet video (also known as ‘video podcasts and video rss). Miro is designed to be easy to use and to give you an elegant full screen viewing experience.

VLC:

A highly portable multimedia player for various audio and video formats (MPEG-1, MPEG-2, MPEG-4, DivX, mp3, ogg …) as well as DVDs, VCDs, and various streaming protocols.

Free FLV Converter:

This free software let you search YouTube and dailyMotion videos without opening your browser and you can even watch the videos using the built-in video player.

Free Video To iPhone Converter:

Convert video files to Apple iPhone MP4 video format. Convert the whole movie or select a partition from the movie to convert (trim video).

iPod Video Converter:

Free iPod Video Converter provides an easy and completed way to convert all popular video formats to iPod video.

Better browsing:

FireFox:

FireFox includes tons of useful features such as tabbed browsing, built-in and customizable search bars, a built-in RSS reader and a huge library of extensions developed by thousand of developers.

Opera:

Opera introduces Speed Dial which vastly improves navigation to your favorite sites. In addition, there’s Fraud protection, anti-phishing detection keeps browsing safe and secure.

Web of Trust (WOT):

WOT is a free Internet Browser add-on (my personal favorite), that has established an impressive 4.5/5.0 star user rating on CNET. WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites.

Protect your system:

Spyware Doctor Starter Edition:

This free version of the award winning program, with its easy to use interface, is used by millions of people worldwide to protect their computers; it’s reported there are a million+ additional downloads every week.

AVG Anti-Virus:

AVG Anti-Virus Free now incorporates protection against spyware through a new combined anti-virus and anti-spyware engine as well as a “safe-searching component” which has been incorporated into the new AVG Internet Security Toolbar. This program scans files on access, on demand, and on schedule and scans email incoming and outgoing. For those on Vista, you’re in luck, it’s Vista-ready

Comodo Firewall Pro:

The definitive free firewall, Comodo Firewall protects your system by defeating hackers and restricting unauthorized programs from accessing the Internet. I have been using this application for 10 months and I continue to feel very secure. It resists being forcibly terminated and it works as well, or better, than any firewall I’ve paid for. This is one I highly recommend. Amazing that it’s free!

Staying in touch:

Windows Live messenger:

The next generation MSN Messenger. It comes with everything that were already available in Messenger, and a new i’m Initiative that makes helping your favorite charity as easy as sending an instant message.

Pidgin:

A multi-protocol Instant Messaging client that allows you to use all of your IM accounts at once. Pidgin can work with: AIM, Bonjour, Gadu-Gadu, Google Talk, ICQ, IRC, MSN, Yahoo!, MySpaceIM and many more.

Trillian:

A fully featured, stand-alone, skinnable chat client that supports AIM, ICQ, MSN, Yahoo Messenger, and IRC.

System Tools:

CCleaner:

CCleaner is a freeware system optimization, privacy and cleaning tool. It removes unused files from your system – allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. But the best part is that it’s fast; normally taking less than a second to run.

Glary Utilities:

Glary Utilities, a free all-in-one utility, is a terrific collection of system tools and utilities to fix, speed up, maintain and protect your PC. Personal experience with this application for the last 8 months has convinced me that a typical user can really benefit by having this application on their system. With this free program you can tweak, repair, optimize and improve your system’s performance; and its ease of operation makes it ideal for less experienced users.

Revo Uninstaller:

Revo Uninstaller is a superior program to uninstall programs from your computer. This free program with its advanced and fast algorithm scans before, and after you uninstall an application. After the program’s regular uninstaller runs, you can remove additional unnecessary files, folders and registry keys that are usually left over (those “orphaned” registry entries we talked about earlier), on your computer. This feature is a definite plus.

AbiWord – The Best Multilingual MS Word Alternative

A friend called me recently and wondered if he could “borrow” my copy of MS Word so that he could update a saved copy of his resume in Microsoft Word format. It seems he no longer had access to Word.

I pointed out to him that he could simple download any one of the many free alternatives to Word that are available for download; most of which “save” and “open” in Word’s .doc format.

It surprised me to learn that he was unaware that there are free alternatives to Word, of which, AbiWord is arguably one of the best of these light word processing applications.

AbiWord has been designed to integrate perfectly with the operating system it runs on, and there are many, including Windows, Linux, Mac OS X (PowerPC), ReactOS, and BeOS. This great application has been written to take advantage of the functionality provided by the system it runs on, such as image loading, or printing capabilities.

AbiWord is no slouch when it comes to being able to read and write all industry standard document types, like OpenOffice, Microsoft Word, WordPerfect, Rich Text Format, HTML web pages, and many more.

There’s no learning curve involved with AbiWord since it features a similar looking interface to Word, with it’s basic character formatting, paragraph alignment, spell checker, interactive rulers and tabs, styles, unlimited undo/redo, find and replace, and image support.

AbiWord has a very small resource footprint, which allows full functionality on systems that are not considered “State of the Art”. For those users with underpowered systems (by modern standards), this alternative light word processors should prove to be ideal.

I find AbiWord with its surprising amount of features and simple straightforward interface, to be the appropriate word processor I need running in the background while I’m on the Internet. Its small memory footprint, as opposed to memory hogging Microsoft Word, is ideal for most of my day to day work. In fact, portable AbiWord is my word processor of choice for my portable office on my USB key.

As you can see from the picture below, this article was written on AbiWord.

Features:

• Multi Platform
• Internationalized
• Advanced document layout options
• Tables, bullets, lists, images, footnotes, endnotes and styles
• Available in most common, and many not-so-common languages
• Spell checker
• Dictionaries for over 30 languages
• Supports right-to-left, left-to-right, and mixed-mode text
• The above feature allows support for languages like Hebrew and Arabic
• Mail Merge capabilities

Download at: Download.com