The 411 on Conficker B++

There’s a lot of tech jargon when reporting the new variant of the Conficker worm, Conficker B++. We’ll skip it.

We previously reported on the miseries of the Conficker worm, AKA W32.Downadup.B: think locking you out of system directories, blocking access to security software and updates, and deleting any system restore points in your computer.

Ouch.

Conficker spread fast earlier this year; at one point Conficker infected over 6 million PCs within four days. Conficker generated random domain names to download more malware from, which created delays in stopping Conficker. Lucky for us, techies cracked the Conficker code, discovering how the worm generated those domains, and blocking access to them for most computer users.

Hold that “phew”: now Conficker B++ uses fresh, stealthier techniques. The SRI Report says that Conficker B++ bypasses the use of Internet Rendezvous Points, using a DLL patch and pipe backdoor to execute its code.

So how do you prevent Conficker B++? The Microsoft patch is critical in fighting Conficker B++. Microsoft’s corporate-friendly language hardly expresses the pain Conficker B++ could mean to you—don’t let understated sentences like “Vulnerability in Server Service Could Allow Remote Code Execution” have you delay these updates. Windows XP and earlier systems are especially vulnerable—if you haven’t already, set your computer to automatically update.

Conficker also exploits commonly used passwords. If you use any of the weak passwords that Conficker exploits, even only for low-value sites, make sure you change them.

Yeah, we’re referring to “sdrowssap”.

Guest Writer: This is a guest post by Kristopher Dukes of FasterPCCleanClean.com – an invaluable asset in the battle against malware. Pay a visit to FasterPCCleanClean.com, and I’m convinced you’ll become a regular visitor.

The content of this article is copyright 2009 © by Dukes Media, LLC All rights reserved.

Advertisements

What’s in a (File) Name?

One of Bill’s security recommendations (among the many that he tries to pound into the heads of his readers), is to disable the hiding of file extensions for known file types.

In this, my second article on Bill’s Blog, I will explain why this is important and how it can protect you.

This can get a bit complicated for the novice user, so I’ll try to make it easy to understand.

Firsts things first. What is a file extension? File extensions tell the operating system what type of file it is dealing with, which in turn determines what application is opened when you double click the file.

Adobe PDF documents have a PDF extension, MP3 audio files have the MP3 extension, video files use a number of extensions such as AVI, MPE, MPEG, WMV, and so on. Windows keeps track of what file extensions should be opened with which application, if you rename a file and delete its extension, Windows no longer knows what type of file it is and will not be able to open it.

When working with Windows, almost all files have an extension, this is the 3 or 4 characters after the LAST “.” (dot or period) in the file name. Why is the word LAST in upper case? Because file names can have more than one “.” in them, and this is where your ability to see these extensions can save you.

For example, consider this file named “Invoice.doc”. For many people they would immediately know this is a standard Microsoft Word document. If your PC is set to hide known file extensions then your computer would display the file in a Windows Explorer window, or email attachment, as “Invoice”, hiding the 3 digit extension.

The problem here is, a Trojan can come in as an email attachment as a compressed file, or an executable called Invoice.doc.exe. Remember, only the digits after the LAST “.” are important to the file type, so even though you see Invoice.doc, the file actually has an exe extension, making it an exe or program.

If you have your PC set to hide extension, you would see the file name as “Invoice.doc”, even though the actual extension (which is hidden by Windows) is exe. Another trick is to give the file an icon that makes it look like it’s a Word document to fool unsuspecting users even more.

So you can see, if you disable hidden extensions, you will be able to see the actual file extension, not the one the Trojan wants you to see, and you will be able to better determine if the file is in fact what it is claiming to be.

To unhide these hidden extensions;

1. Go to start>Control Panel

2. Click on >Folder Options

3. Now go to >View tab> Then uncheck the box “Hide extensions for known file types” >click Apply>then OK. That’s it done.

Now you can see the file extensions on all file types.

Guest Writer: This is a guest post by Dave Brooks a professional techie from New Hampshire, USA. Dave has now become a regular guest writer who’s last article “Let’s Talk About Backups” was a huge hit.

Pay a visit to Dave’s site at Tech-N-Go, and checkout the Security Alerts.

Cloud Computing – An Overview

Cloud computing is not a new concept. If you really want to get down to it, the internet IS the cloud.

The purpose of this article and the articles that will follow is to try and flush out desktop computing in the cloud and how we are moving farther away from the traditional “C drive” desktop and closer to the desktop that lives in the cloud.

First of all, we need to figure out what we are trying to accomplish. While there is more than one school of thought on how to get there, the end result is arriving at the same summit.

The simple answer: I envision browser based computing where all of my data exists on a web accessible server from anywhere in the world. This includes my software, desktop, c drive, storage, etc.

So basically when I boot my machine, it opens a browser that contains my “desktop” that exists on the web. Synchronizing that information to the c: drive is important as well for the times you are unable to connect to the web.

I hear what you are saying – the technology already exists and is used. Unfortunately, the people who are making this point are geeks like you and me and do not apply to the mainstream computer user. To get an acceptance of moving desktop computing to the web, we must convince the mainstream that it is safe to do.

In my next article, we will attempt to explore the biggest concern:

The Cloud – Is my information safe?

In the meantime, here are several up and coming Cloud Links:

Cloudo is a cloud based desktop with storage (not much mind you). The concept is there and will give an idea of what is possible. This is free for all, so sign up and give it a try.

This is a short article explaining Google’s up and coming Gdrive and their attempt to dethrone Microsoft from your desktop.

Guest Writer: This is a guest post by Glenn Taggart of The Crazy World of G, who brings a background as a high level super user, to the Blogging world.

Why not pay a visit to Glenn’s site at The Crazy World of G.

Inventive FaceBook Scammers Trick You Out of Money with Trojans

Do you take the same pains to protect your FaceBook details online, that you do your banking info?

A recent case involving a Microsoft employee from Seattle, Bryan Gutberg, highlighted the need to protect your FaceBook details in the same way, and be as wary surfing around FaceBook as you are the rest of the net.

This story was first reported by Bob Sullivan, respected cyber-scam reported for MSNBC. In the tale, hackers somehow gained access to Gutberg’s login and password – most likely through a keylogger, or a Trojan such as Zlob or Vundo.

They logged into his FaceBook account and posted a status update saying “Bryan IS IN URGENT NEED OF HELP!” They had also emailed all of his contacts, saying that he had been robbed and that he was in need of money to get home. Many of his friends were ‘defriended’ on FaceBook, so he wasn’t able to have them post messages on his wall letting his FaceBook-contact only friends know that they were the victims of a scam.

One of Gutberg’s friends did fall for the scam – his good-heartedness cost him US$1,200. He wired $600 through Western Union, and then a further $600 at the scammers’ behest.

Trojans and other malware that are designed to steal passwords can quite easily obtain your FaceBook account details from your computer. You can fight these infections by ensuring that you regularly use anti-malware software (certified, not rogue!), keeping all of your programs updated and patched, and taking online browsing precautions like not installing extra codecs.

FaceBook is also urging customers to be aware when they click on links in emails to access their accounts. FaceBook regularly sends these emails with links, so they are a ripe target for scammers. Pay extra attention that the FaceBook login page looks as you remember it, and access your account by opening a new browser window and typing in the address directly wherever you can.

Guest Writer: This is a guest post by Kristopher Dukes of 411-Spyware.com – an invaluable asset in the battle against malware. Pay a visit to 411-Spyware.com, and I’m convinced you’ll become a regular visitor.

The content of this article is copyright 2009 © by Dukes Media, LLC All rights reserved.

Pop-up Downloads – They Get You Coming and Going

Being unaware can cause havoc on your computer.

Your Firewall and Security Applications provide the ultimate in protection while you’re surfing the web, right? Well in a sense, they do.

Paradoxically, it’s because current anti-malware solutions are much more effective than they have ever been in detecting worms and viruses, that we’re now faced with another insidious form of attack.

Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and more crafty recently. The latest twist on this is the so called “pop-up download”.

If you’re unfamiliar with the term, “drive-by download”, they are essentially programs that are automatically downloaded and installed on your computer without your knowledge. This action can occur while visiting an infected web site, opening an infected HTML email, or by clicking on the newest threat, a deceptive popup window – the so called “pop-up download”.

For example, when visiting a site, a user might receive a pop-up box that appears as an offer to download an application. The user is then asked to accept the download despite the fact no application name is offered.

Unfortunately, a typical computer user is generally undereducated in the Internet safety issues that apply in this type of scenario. Clicking “yes”, will lead to the automatic installation of an application – an unknown application.

Often, more than one program is downloaded. For example, file sharing with tracking spyware is very common. Again, it’s important to remember that this can take place without warning, or your approval. Apparently, there are some legitimate application developers who are using this “pop-up download” method to distribute their product.

I find it galling that more so called Internet security analysts have not taken a harder line on this deceptive marketing technique. Is it any wonder the economy is in the tank, when for 20+ years the economy has been based on fraud, and deceptive and illegal practices? When are we going to learn to speak out against this type of nonsense?

What can you do to ensure you are protected, or to reduce the chances you will become a victim?

The following are actions (familiar to regular readers of this site), that you can take to protect your computer system:

• When surfing the web – Stop. Think. Click
• Don’t open unknown email attachments
• Don’t run programs of unknown origin
• Disable hidden filename extensions
• Keep all applications (including your operating system) patched
• Turn off your computer or disconnect from the network when not in use
• Disable Java, JavaScript, and ActiveX if possible
• Disable scripting features in email programs
• Make regular backups of critical data
• Make a boot disk in case your computer is damaged or compromised
• Turn off file and printer sharing on your computer.
• Install a personal firewall on your computer.
• Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
• Ensure the anti-virus software scans all email attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

I recommend that you ensure that the current anti- malware applications, which you depend on to protect your system, are up to the task by reading “The 35 Best Free Applications” on this site.

If you missed “Rogue Security Software on the Rise – What You Need to Know Now!”, you can read it on this site.

GOM Media Player – 5 Star Rated and Free!

Free 5.1 Channel Output. Advanced Playback Capabilities.

Tired of Windows Media Player’s weaknesses? Fed up with its 24.5 MB bloated size? Are you unhappy with its outrageous overhead requirements? Then GOM Media Player, (the unusual name stands for Gretech Online Movie Player), may well be the tool you’ve been looking for.

GOM Media Player’s support for a diverse range of file formats, it’s built in Codecs, and its advanced playback capabilities, have made it one of the most downloaded of all Windows Media Player replacements. It is the number one downloaded media player on CNET (download.com), with nearly 12,000,000 downloads to date.

GOM Media Player is a relatively small (4.66MB) application that can play most encoded video formats including AVI, DAT, FLV, MPEG, DivX, XviD, and more, with its own built-in Codec system.

If you’re the impatient type, GOM Media Player can even play video files that are still in the process of being downloaded. As well, files that have been broken during the downloading process can still be played.

For audio/video files that GOM Media Player can not play due to a missing Codec, (I haven’t found one yet), GOM Media Player will attempt to find one using GUID; if you are interested in seeing how GUID works then go to GUID.org. http://www.guid.org/ Once it finds a match, you will be redirected to a download site from which you can download and install the required Codec/s.

A built-in Screen Capture utility allows you to take screenshots of your video directly from GOM Media Player. Using the Burst Capture feature, you can take up to 999 shots continuous screenshots. I love this feature!

This is my personal choice of media player, and I have yet to be disappointed with its performance. I highly recommend this really excellent free application.

Quick facts:

• DVD-quality videos with 5.1 channel audio output.
• Supports most Codecs (AVI, DAT, MPEG, DivX, FLI using an embedded Codec system
• Plays incomplete or damaged AVI file by skipping the damaged frames
• Plays Locked Media Files while downloading or sharing
• Supports HTTP Streaming ASF/OGG/MP3/AAC/MPEG PS/MPEG TS
• Subtitle, Overlay Mixer features, Keys Remapping, Super speed/High Mode
• Play Audio CD
• Play Video CD/SVCD/XCD
• Enhanced Filter Rendering
• Drag-and-drop support
• Editable skins
• Real-time index rebuilding for AVI files
• Unicode support

Advanced Features:

• Customizable settings on the control panel
• Adjust image brightness, hue, and saturation
• Sharpen and add noise to your video
• Audio equalizer
• Fast forward/rewind using left/right keys
• Repeat a section of your video using A-B Repeat feature

System Requirements: Windows Me/2000/XP/2003 Server/Vista

Note: I’m currently running this application on Windows 7 Beta with no problems what-so-ever.

Download at: Download.com

IE7 Vulnerability Now Being Exploited

A number of Internet security providers, including McAfee, Trend Micro, and F-Secure are reporting that exploit code for the Internet Explorer 7 vulnerability, patched by Microsoft last week, is now circulating in the wild.

If you have not downloaded and applied this patch you should do so immediately. If you have Automatic Updates enabled on your computer, then this patch has already been applied. Careful users will verify that this patch, has in fact, been applied.

Security vendors have noted that emails which take advantage of this vulnerability, are now circulating on the net that have an attached MS Word document, which if opened, will allow a cybercriminal remote control over the now infected machine.

Consequences:

• Loss of personal data.
• Malicious application installation.
• Possible botnet connection.

Given the abysmal state of Internet security, there is no doubt that unpatched systems will be attacked! Take the time to ensure your system has been updated correctly.

Minimum email security precautions:

• Don’t open emails that come from untrusted sources.
• Don’t run files that you receive via email without making sure of their origin.
• Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.