With Kaspersky’s Free TDSSKiller You’ll Have A Fighting Chance To Kill Rootkits

There’s malware, and then – there’s MALWARE. In other words, all malware is not created equal. For example, Rootkits are not your common everyday piece of malware.

Rootkits are often designed to overwrite the Hard Drive’s MBR (master boot record), the first sector – Sector 0 – where the code to boot the operating system following BIOS loading, resides.

As a consequence, Rootkit files and processes will be hidden in Explorer, Task Manager, and other detection tools. It’s easy to see then, that if a threat uses Rootkit technology to hide, it is going to be difficult to find.

And yes, I’m aware that major AV application developers are fond of pointing out that their products will flag and remove Rootkits. Users are expected to believe those claims – DON”T!

From a previous article (June 2011) –

Microsoft is telling Windows users that they’ll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine’s boot sector. A new variant of a Trojan Microsoft calls “Popureb” digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration.

Scanning for Rootkits occasionally, is good practice and by scanning with the right tools, Rootkits can be hunted down and eradicated (maybe) – but  personally, I would never trust that any detection/removal application has successful removed a Rootkit.

If you have detected that your system has become infected by a Rootkit, I recommend that you first wipe the drive –  using a free tool such as Darik’s Boot And Nuke, reformat, and only then – reinstall the operating system.

Rootkit detectors can be difficult to work with and consequently, my good buddy Michael C., following the last post on Rootkit detection – Got A Rootkit Infection? – Find Out With These Four Free Rootkit Detectors – posed the following question: “Just wondering if there is a rootkit detector for us “average users” that doesn’t require a MIT degree.”

And, there is.

Kaspersky Labs has developed the free TDSSKiller utility which is designed to detect and remove common Rootkits. Specifically, Rootkits in the Rootkit.Win32.TDSS family (TDSS, Sinowal, Whistler, Phanta, Trup, Stoned) – in addition to regular Rootkits (now, there’s a misnomer), as well as Bootkits.

Usage instructions:

Download the TDSSKiller.zip archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (free 7-Zip, for example).

Run the TDSSKiller.exe file.

The utility can detect the following suspicious objects:

Hidden service – a registry key that is hidden from standard listing.

Blocked service – a registry key that cannot be opened by standard means.

Hidden file – a file on the disk that is hidden from standard listing.

Blocked file – a file on the disk that cannot be opened by standard means.

Forged file – when read by standard means, the original content is returned instead of the actual one.

BackBoot.gen – a suspected MBR infection with an unknown bootkit.

The interface (as shown below) is clean and simple. Click on any of the following graphics to expand.

A scan in progress.

The completed scan shows the system is clean and free of Rootkit infections. You’ll note that the scan finished in 10 seconds.

Following the scan, you will have access to a full report – if you choose.

System requirements: Win 7, Vista, XP (both 32 and 64 bit systems).

Download at: Kaspersky

Since the false positive issue is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

If you need help in identifying a suspicious file/s, you can send the file/s to VirusTotal.com so that the suspicious file/s can be analyzed.

To read a blow by blow description of just how difficult it can be to identify and remove a Rootkit, you can checkout this Malwarebytes malware removal forum posting.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tech Thoughts Daily Net News – August 16, 2011

Use the iPad to manage your home security system – Available from the App Store, The LifeView app for iPad allows users to easily manage their home security system from their iPad. Users control their system via the Console Tab that’s color-coded and shows the status of every sensor and device for the entire system – whether a screen is up or a door is open – and users can view the 20 most recent events instantly.

Lifehacker: Know Your Network, Lesson 1: Router Hardware 101 – Home networking is something we all have to deal with, but it can be confusing as heck. This week, we’re going to turn you into a networking wizard, starting with getting to know the most important device on your network: the router.

Banking Trojan that steals from the rich – To be sure, it steals from the poor, too, but it contains a routine that automatically tries to transfer a rather large amount of money from the victim’s account to those set up by the criminals.

Internet Explorer 9 Defends Best Against Malware Links – NSS Labs survey finds that IE9 blocks almost all malicious URLs, while the closest competition was at 13 percent.

Android Trojan Stealthily Answers Incoming Calls, Executes Remote SMS Commands – The latest Nickispy variant can intercept incoming calls without the user’s knowledge while sending call logs, text messages and other information to a remote server.

15 ways to select text in a Word document – There are many ways to select Word text – 15 at least! Susan Harkins shares her favorite selection methods.

10 things you can do to improve your Web site right now – Even if you don’t have the time or resources for a full-blown site redesign, you can make some small, easily implemented tweaks that will have a huge impact.

How Spammy Facebook Scams Still Manage to Claim Millions of Victims – As Facebook scams continue to loom and infiltrate news feeds, web security firm Websense has conducted a study to tabulate just how far these campaigns stretch. The news isn’t encouraging, with scams on Facebook estimated to reach more than a million users in a matter of days.

Firefox 6 available ahead of official launch – Eager to get your hands on the next version of the Firefox browser? Mozilla is scheduled to officially launch the browser on Tuesday, but you can get your hands on it now … if you know where to look!

Company News:

Trend Micro updates web gateway security – Trend Micro announced the latest release of the company’s web gateway solution, which now delivers visibility and control over the growing use of cloud-based applications such as instant messaging, peer-to-peer, video and audio applications, and web mail.

Cisco Sales Grow in 2011 as Business is Simplified – Fiscal 2011 was a challenging year for networking giant Cisco. The company closed business units and laid off employees. Even in the midst of those challenges, Cisco continues to push forward and realign its business for future growth.

Google to Purchase Motorola Mobility for $12.5 Billion – Google announced today that it intends to purchase smartphone maker Motorola Mobility for a staggering $12.5 billion in order to obtain its mobile-related patent holdings and hardware business. According to Google, this move will accelerate the online giant’s Android ecosystem, which until now was made up largely of independent partners. But it’s sure to attract intense antitrust scrutiny as well.

Kaspersky Beefs Up Internet Security – If you’re a long-time Kaspersky fan you may not recognize the company’s 2012 products. It garnered high scores from independent labs, offers an impressive firewall, and the Safe Run sandboxing feature protects the system from questionable files and Web sites.

Off Topic (Sort of):

Warren Buffett: Stop Coddling The Super-Rich – America’s second-richest man attacks fiscal perversity. “While the poor and middle class fight for us in Afghanistan, and while most Americans struggle to make ends meet, we mega-rich continue to get our extraordinary tax breaks”.

Six guidelines for resolving intergenerational conflict at work – For the first time in history, there are five generations working side by side. Here are some guidelines for resolving intergenerational conflict.

Cartoon makes better password point than many security experts – I’ve been using cryptic passwords since I cut my computing teeth on an IBM 370. I never liked using passwords like xkcd1234EMC2 though. They may have been more “secure,” but they were hellish to remember. I still use them today, but the brilliant Internet cartoon xkcd by Randall Munroe has just shown me that I, and many security experts, have been idiots for years. Read the cartoon below and you’ll see what I mean.

If cell phones existed back in the Founding Fathers’ time, they would have been included in the Second Amendment – Our personal communications technologies are as integral to our modern life as a sidearm was in Washington’s day.

Today’s Quote:

“I like to believe that people in the long run are going to do more to promote peace than our governments. Indeed, I think that people want peace so much that one of these days governments had better get out of the way and let them have it.”

–     Dwight D. Eisenhower

Today’s Free Downloads:

LibreOffice – When it comes to creating documents, spreadsheets, databases, and presentations, MS Office is the suite that comes to mind. But let’s face it: Office is a pricey piece of software. Thankfully, there are cheaper alternatives out there, but they don’t always live up to their promise. LibreOffice offers up a free alternative, and we found it on par with its more popular competitor.

PhraseExpress – No more typing common phrases again! Organize frequently used text snippets, expand abbreviations as you type, launch programs with text shortcuts, Auto-complete repetitive phrases, quick access to the Windows Clipboard History and correct spelling mistakes in any application.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

PC Tools Predicts New Breeds of Social Media Cyber Scams

PC Tools, the company which brings you PC Tools Firewall Plus (free), ThreatFire (free), and of course a complete line of award-winning commercial grade security offerings, is issuing this consumer alert advising the rollout of new social media sites and features, are leading to a fresh crop of online scams and threats.

PC Tools Top Three Social Network Threat Predictions

Email alerts for “tagged” photos where YOU might appear online.

Social networks are developing increased intelligence for facial recognition to assist with tagging photos. When you’re tagged in a photo or at a location in your photo album, you can often expect an email or notification letting you know where to view it online. Watch out!

Cybercriminals may be using this as a tactic to get you to click on malicious links asking for information – possibly even prompting you to click on a link leading to a fake login and password entry form posing as your social network.

Online robots or “bots” on social networking sites will be more sophisticated

We believe within the next few months that social media “bots” will become more advanced, effectively creating human-looking profiles and personalities. Cybercriminals rely on bots because they are the fastest and most cost-effective way to spread malware, spyware and scams through social network sites.

Through these bots, criminals can auto-create bogus personalities on social networks, which can in turn link to fake companies that sell phony products – all to trick users into buying merchandise that isn’t real or spreading news that doesn’t actually exist.

An increase in fake invites to join “new” or “exclusive” social networks or social groups

New social networks are popping up every day, some of which are “invite only” making them more appealing. Cybercriminals could use this appeal as a method to lure users into clicking on fake invites for exclusive networks. Upon clicking on these invites, users could be asked to provide personal details such as name, login, password or birthdates which should not be released.

“If you’re looking to join the hottest new social network, be careful where you click – your personal life may be at risk,” said Mike Chen, Product Marketing Manager at PC Tools. “Cybercriminals are taking advantage of the buzz surrounding these new social networks and features by tricking unsuspecting users to divulge personal information or download malware.”

Chen added that today’s malware looks legitimate, but what may seem like a harmless email or link can actually result in a person’s stolen identity or credit card data theft. And according to Pew Research, 46% of internet users agree that “most people can be trusted” – a prime reason why cybercriminals are so successful at duping consumers.

About PC Tools:

With offices located in Australia, Ireland, United States, United Kingdom and the Ukraine. PC Tools is a fast-growing brand with dedicated Research and Development teams that ensure PC Tools maintains a competitive edge. With registered customers in over 180 countries and millions of downloads to date, PC Tools’ products continue to win awards and gain recommendations from respected reviewers and independent testing labs around the world.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tech Thoughts Daily Net News – August 15, 2011

The Best Video Chat Apps for Your Smartphone – Looking for a face-to-face chat using your Android smartphone or iPhone? There are a surprising number of apps to choose from, but not all are created equal.

Researchers Expose Cunning Online Tracking Service That Can’t Be Dodged – Researchers at U.C. Berkeley have discovered that some of the net’s most popular sites are using a tracking service that can’t be evaded — even when users block cookies, turn off storage in Flash, or use browsers’ “incognito” functions. The service, called KISSmetrics, is used by sites to track the number of visitors, what the visitors do on the site, and where they come to the site from — and the company says it does a more comprehensive job than its competitors such as Google Analytics. But the researchers say the site is using sneaky techniques to prevent users from opting out of being tracked on popular sites, including the TV streaming site Hulu.com.

10 Favorite Free Fonts – Everything written–be it a novel, a report, or a witticism–reads better in the right font. Here are the classic serif, sans serif, and script fonts, along with brush scripts, blackletter, and quirkier fare. Walt Disney’s autograph? Creepy horror fonts? Tattoo templates? They’re all here.

Why Has There Been So Much Hacking Lately? Or Is It Just Reported More? A Freakonomics Quorum – You don’t have to be all that sharp to see that there’s a lot of hacking going on lately. But is there really more hacking than usual of late, or are we just more observant? To answer this question, we put together a Freakonomics Quorum of cyber-security and I.T. experts and asked them the following: Why has there been such a spike in hacking recently? Or is it merely a function of us paying closer attention and of institutions being more open about reporting security breaches?

Can You Do Real Work With the 30-Year-Old IBM 5150? – Our intrepid reporter spends a week trying to write, browse the Web, edit photos, and even (shudder) tweet on IBM’s first PC.

Company News:

Acer Iconia Tab A100 Runs ‘Honeycomb’ for $329.99 – Acer America just introduced its Iconia Tab A100 7-inch tablet to the market Aug. 12. The slate costs $329.99 for an 8GB model, or $349.99 for the $16GB version.

iPhone privacy and mobile data protection – McAfee WaveSecure iOS Edition enables users to protect their privacy and mobile data, whether their iPhone is lost or stolen, ensuring irreplaceable and private information can be backed up and restored, safe from misuse.

Portable storage for wireless document sharing on iOS – Kingston launched the Wi-Drive, a wireless, Flash memory based portable storage solution that allows users to play videos, access music or share files with other Apple device owners.

ATandT Partners With Juniper Networks for Mobile Security Platform – Juniper Networks will build a mobile security platform for AT&T to protect its wireless customers from mobile malware and from the negative consequences of having their devices lost or stolen.

Short Story of the Week:

Paul Andrew Russell’s – Rules

Jimmy Swinson never did as he was told. As a child, if his parents told him not to touch something he would go ahead and touch it. At first, Jimmy’s flagrant disregard of the rules, any rules, was a source of amusement. His parents found it funny. Their friends found it funny.

Off Topic (Sort of):

Brazilian police to use ‘Robocop-style’ glasses at World Cup – Brazilian police will use futuristic ‘Robocop-style’ glasses fitted with facial recognition equipment to identify and root out troublemakers at the 2014 World Cup. A small camera fitted to the glasses can capture 400 facial images per second and send them to a central computer database storing up to 13 million faces. The system can compare biometric data at 46,000 points on a face and will immediately signal any matches to known criminals or people wanted by police.

30 Years of the PC: A Timeline – The original idea of the PC was sound: using off the shelf parts combined with a relatively open, but fiercely curated set of standards so we wouldn’t have to reinvent the wheel every time we wanted to advance from one version of the PC to the next. Remember that in the 1960s and 1970s, you routinely had to know assembly or machine language commands to operate a computer to its fullest potential. Now all manner of computers from PCs to smartphones to tablets are touch-enabled and simple enough for even a two year old to manage.

Airport body scanners useless: German police – Body scanners being tested at Germany’s Hamburg airport have had a thumbs down from the police, who say they trigger an alarm unnecessarily in seven out of 10 cases, a newspaper said Saturday. The weekly Welt am Sonntag, quoting a police report, said 35 percent of the 730,000 passengers checked by the scanners set off the alarm more than once despite being innocent.

Facebook, Others to Meet With UK Officials Amidst Proposed Social Media Ban – In the wake of U.K. Prime Minister David Cameron calling for rioters to be banned from social networks, Facebook, Twitter, and BlackBerry Messenger producer Research in Motion will reportedly meet with U.K. officials next week to discuss the issue.

Today’s Quote:

“Most people would like to be delivered from temptation but would like it to keep in touch.”

–    Robert Orben

Today’s Free Downloads:

RealDownloader – This free utility lets you download a variety of Web-based videos with a simple click, so you can save them for viewing later. RealDownloader works with Google Chrome (4.0+), Mozilla Firefox (3.0+), and Internet Explorer (6.05+)

MyGardenBytes – The biggest challenges for all growers–commercial or recreational–is keeping track of the variables of the season and making decisions based on past performance. MyGardenBytes is a database that allows you to track seeds, clones, plants, and fertilizer use, in general and through daily journals, and across multiple locations.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tech Thoughts Daily Net News – August 14, 2011

Tips for a Malware-Free Android Smartphone – Since more and more malware is emerging for the Android platform every day, you must pay strict attention to what is happening on your phone or tablet. Smartphones are essentially computers–and all computers are vulnerable to viruses, phishing, and other attacks from malicious software.

How to View Any File in Windows – Having trouble viewing unusual file types? Here are some tips and tools.

Eject USB devices quickly and safely with ProEject – ProEject is a small, free program that can safely eject mounted drives at the press of a button. It will clear the registry and folders of traces that USB drives can leave behind, such as the MRU (most recently used) sections of the Windows Registry, entries created in the “Run on Startup” key, shortcuts created in the SendTo, Recent, Quick Launch, Pinned (for Windows 7) and the Windows Firewall.

Ultrabooks: What You Need To Know – If you follow the PC industry at all, you may have heard that “ultrabooks” are the next hot thing to hit the market. Faster than a netbook, more flexible than a tablet, these thin, slim machines could be the next hot product segment. Or they could be a waste of money. Lead Laptop analyst Cisco Cheng gives you the lowdown.

Why Google Needs Firefox – In just a few months Google’s search deal with Firefox will expire, putting at risk the source of 97% of Mozilla’s income. Sounds like it should be a scary time for Firefox, but not according to ExtremeTech’s Sebastian Anthony. He says Google should be worried. And Microsoft should break out its wallet. Find out why.

One Third Of Drug-Related Searches Lead To Illicit Pharmacy Sites – Widespread manipulation of search results puts consumers at risk, university researchers say.

How to Boost Weak Cell Service at Home – The problem is familiar to many cell phone users: When you’re indoors, even within your carrier’s coverage area, the network’s signal sometimes simply isn’t strong enough to support voice calls or data services. With so many consumers ditching their landlines for cell phones, poor reception at home is no longer acceptable. Fortunately, a slew of products now address the problem, though they don’t come cheap.

Starbucks Pulls Plug on ‘Jonathan’s Card’ Social Experiment – For almost a month, a mobile developer shared access to his iOS app Starbucks card and invited anyone to save it to their phone and use it to purchase drinks.

Company News:

Nintendo Applies for ‘Massively Single Player’ Patent – Nintendo is attempting to claim a patent for the curious concept of a “massively single player online game.”

What Windows 7 Has Taught Microsoft – Microsoft’s Windows 7 operating system has taken the company to new heights. Even as reports crop up suggesting Microsoft will be launching Windows 8 next year, companies still are planning to invest in Microsoft’s current operating system. But with any success comes lessons. And for Microsoft, there are several lessons to be learned from Windows 7. Here’s a look at those lessons and what they have to teach Microsoft about how to make Windows 8 succeed.

Security Researchers Give BlackBerry PlayBook Pass Mark – The QNX operating system that will power future BlackBerry devices has been given a cagey thumbs up by testers commissioned to probe for weaknesses.

Off Topic (Sort of):

A beautiful realised example of ‘Miniature faking’ using time lapse photography + tilt-shift lens – The idea is to produce real video footage of the Chicago cityscape in such a way as to create the illusion that you are viewing a film of a miniature animated diorama ~ a model layout populated by impossibly realistic toy moving people. boats, cars etc. (submitted by Michael F.)

On Eve of PC’s 30th Birthday, IBM and Microsoft Debate Its Future – Friday is the 30th anniversary of the PC, but executives who helped develop and advance the groundbreaking technology have different opinions on its future.

Comic book heroes then and now – We take a look at how some comic book characters have changed a lot since their initial introduction, some decades ago.

‘End’ Game Helps You Contemplate Your Mortality – Analysis: It’s fun, but it’s more than entertainment — it’s an opportunity for philosophical exploration.

Today’s Quote:

“The fact that an opinion has been widely held is no evidence whatever that it is not utterly absurd; indeed in view of the silliness of the majority of mankind, a widespread belief is more likely to be foolish than sensible.”

–     Bertrand Russell

Today’s Free Downloads:

Kaspersky TDSSKiller – Kaspersky Lab has developed the TDSSKiller utility that allows removing rootkits. A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API).

SUPERAntiSpyware – Detect and Remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products and many other types of threats.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

I’m Infected With Technology Fatigue

The Internet is a demanding mistress. Once you hookup – you’re hooked. At the moment I’m on a short vacation and yet, I find I have a craving to stay connected.

Now, that’s either a sad commentary on my lifestyle, or the tentacles of “always on” communication have finally managed to wrap themselves around my DNA. Maybe this is what evolution is really all about   Frankly though, I’m beginning to find the whole thing neuron numbing.

It’s not just the Net that has wormed its way into my subconscious (I wonder what Freud would say about that), it’s the entire technology thing – the world of connected devices, and the ever increasing perceptual need for increased speed.

A couple of years ago, I wrote a piece – which I didn’t post – in which I kicked around the following personal points.

---

I’m an old computer dog now, and I must admit, that being so makes it just a little harder to learn new tricks. On the other hand, being an old dog does have a positive side – I’m not a techno lemming.

You won’t find me jumping off the cliff with the masses on their way to the Apple (Techno Lemmings “R” Us) Store, for the latest and greatest iPad, or iPhone, or stripping out a dual core processor for a tiny improvement (maybe) to be gained by installation a quad core, or better, processor.

Even Facebook has little appeal – although, I will admit, I do have a Facebook account. Not sure why really – I just don’t see the benefit; at least not yet. Hmmm, maybe I’m more hype driven than I feel comfortably admitting.

---

Fast forward to today  – I now use Facebook more than ever, (as well as Google+), I jumped off the techno lemming cliff and bought an iPad (to mate with my smart phone) and, went so far as to install a quad core processor – and realized no perceptible gain. Although, I’m sure a benchmarking application will show an increase in performance – if I could only learn to count in microseconds I’m convinced I’d see it too.

This past week, I paid a visit to my Bank (for the first time in years), and not surprisingly, few of the staff recognized me as a customer. Hardly unusual given that I conduct all my financial affairs on the Net. Still, I found it troubling since in years gone by, dropping into the Bank was not unlike stopping by the coffee shop – a bit of conversation – a chance to catch up on the local gossip.

I’m not suggesting that I’ll give up on Internet banking anytime soon but, my banking visit drove home to me that there is a personal hidden price to all this new fangled technology – at my Bank, for example, I’ve become a nameless, faceless, non-entity. Given the types of transactions I complete on the Net, I suspect this is just the tip of the iceberg. In all likelihood, I’ve been reduced to an IP address.

Some years back, I cut my Internet connection for eighteen months or so (2000 – 2001), and, I was more than a little surprised to find that I didn’t miss it – not at all. Interestingly, by the time I reconnected, the basics had not changed. Sure, the hype machine was in its usual overdrive mode in its attempt to convince me that I had missed a revolution – and admittedly, I had missed some evolution – but, hardly a revolution.

I’m now an even older computer dog and, despite my best efforts, I have become a techno lemming. I’m convinced that I’m addicted to the adrenalin rush attached to the self driven need to stay on the leading edge of technology. Sad really.

Marshal McLuhan was right – “The medium is the message”. On balance, I think that connective technologies have been hijacked, more often than not, so that the technologies have become the message rather than content. And so, the need by technologists to disparage “soon to be old technology” which must be replaced by new and more exciting advances. Or so goes the ever active hype machine.

I’m taking myself out of that game. While it’s hardly practical for me to cut the Internet cord again – it is time for me to climb another mountain I think – time to reassess the benefits of my wired world – time to reconnect more closely with the “real” world.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tech Thoughts Daily Net News – August 13, 2011

Photo Flash Maker Free – Flash slideshows are a fun way to present your photos to friends and family. As its name suggests, Photo Flash Maker Free offers to help you create your own Flash slideshows. This program’s easy-to-use interface and fun themes will appeal to a variety of users.

Monitor your Windows, Linux computer from a smartphone – Maybe you just need to see how a download is progressing, or maybe you need to kill a process that’s eating your network alive. If you’re on-site, it’s easy, but if you’re working remotely, you need a solution. PC Monitor lets you check in with and exert control over your Windows or Linux machine from almost any smartphone. Here’s how to get started with it.

Browser Sign In Firefox Add-on – Mozilla announced a new sign-in system technology back in July. With the help of this new technology, Mozilla promised to make log ins easier and more secure. Instead of having to remember and type in log ins for different web services and sites, users can utilize the Browser ID to sign in just with their email address on sites that support the feature. (submitted by Michael F.)

Google’s Chrome operating system gets a much needed update – Google Chrome OS has been greatly improved, but for most users it’s still not good enough. Here’s what’s new and improved and where it still falls short.

How Facebook got your phone number (and how to take it back) – Chances are Facebook not only has your phone number, but a whole phone book of all your friends’ numbers too.

DDoS attack disrupts trading on Hong Kong’s stock exchange – The site went down on Tuesday and returned back online of Wednesday evening after experts from the company supplying the stock exchange’s intrusion protection technology successfully implemented a filter mechanism to fend off further attacks.

Firefox 8 halts aggressive add-ons – Mozilla has had it with add-ons that install without your permission. Starting in Firefox 8, add-ons forced into Firefox by third-party programs will be deactivated until you explicitly activate them.

Company News:

Cain & Abel 4.9.42 released – Cain & Abel is a password recovery tool for Microsoft operating systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using dictionary and brute force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Severe Remote Flaw Fixed in BlackBerry Enterprise Server – There are remotely and easily exploitable vulnerabilities in the BlackBerry Enterprise Server that could allow an attacker to gain access to the server by simply sending a malicious image file to a user’s BlackBerry device.

100 Million Member LinkedIn Drives Into Privacy Ditch, Hits Reverse – LinkedIn is responding to user complaints about its new social advertising model, which asked its 100 million users to ‘opt-out’ if they didn’t want advertisers to pair their message with content – including photographs – from users’ profiles.

Google+ gets game: Now Facebook assault really begins – Google+ gets games and is hoping developers flock to its platform so it can compete better with Facebook.

Off Topic (Sort of):

Lifehacker: How to Banish Your Ex from Your Digital Life – All of these tips are a drama-free, quiet way to give yourself space without bringing up old issues or alienating friends. In some cases, you’ll be better off unfriending, de-circling, blocking, and completely cutting those digital ties. Whether your goal is an etiquette-be-damned removal from all your digital haunts or a less dramatic suppression, the tips below will banish your ex from your digital life.

The Moral Decay Of Our Society Is As Bad At The Top As The Bottom – “The so-called feral youth seem oblivious to decency and morality. But so are the venal rich and powerful – too many of our bankers, footballers, wealthy businessmen and politicians.” Culture of greed, impunity stretches a long way.

The great debate on strong passwords: xkcd weighs in – The xkcd web comic offers a humorous snapshot of the value of security advice about password strength over the years. This might be a good one to pin up in your office.

CEO: Facial Recognition Technology Doesn’t Track People – People Track People! – In an interview with InfoSecurity.com, Stewart Hefferman, the CEO of facial scanning firm OmniPerception, said that face scanning was getting a bad rap. Taking a page out of the National Rifle Association’s handbook, Hefferman made the argument that ‘face scanners don’t snoop on people…people snoop on people.’

Engineer of original IBM PC declares end of PC era – One of the engineers who designed the original IBM PC — which turns 30 on August 12 — says the PC era is over. Jason Hiner argues that the post-PC era is actually still “coming soon.”

Today’s Quote:

“A billion here, a billion there, pretty soon it adds up to real money.”

–    Senator Everett Dirksen

Today’s Free Downloads:

Chrome Toolbox – Chrome Toolbox is an extension for Google Chrome. A quick access tool that allows you to put your favorite browser commands in one drop down menu, save unsubmitted form data and more.

Fresh Diagnose – Fresh Diagnose is an utility designed to analyze and benchmark your computer system. It can analyze and benchmark many kinds of hardware, such as CPU performance, hard disk performance, video system information, mainboard information, and many more.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Gmail Scammers Still On The Make

Email spammers/scammers are masters of the well worn “carrot or stick” school of motivation. They seem to bounce from “this is what you’ll get” versus, “this is what you’ll lose” – with some regularity.

Some samples of each motivational technique taken from my spam honeypot Gmail account in the last few days.

The carrot:

Hi
It`s Kerri again. Will you ever contact me?
I made those nude pictures especially for you and I won’t write to you again!
If you wanna see them just drop me a line at – – – – – – –

and the following heavily edited example.

Robert S.Mueller
FBI Director

Check: To be deposited in your bank for it to be cleared within three working days. Your payment would be sent to you via any of your preferred option and would be mailed to you via UPS. Because we have signed a contract with UPS which should expire by August 20th you will only need to pay $150 instead of $420 saving you $270 So if you pay before August 20th, 2011 you save $270.

Oh yeah, don’t forget to send us your name/address; sex/age; cell number; and –  a scanned copy of your driver’s license.

Yes, I’ll get right on that  

Both of the above are just too preposterous to be taken seriously. Although, as difficult as it is to believe, there are those who are laughably loony enough to  respond.

The stick is a little different, and a good example of this is the various forms of the “Your Gmail account needs verification to avoid being shut down ” phishing attack.

Unaware webmail users are much more likely to respond to the threat of losing their email privileges than you might imagine. If the notice looks convincing enough (and, they often do), some Gmail users are bound to be taken in.

The stick:

If you expand this graphic to its original size, you’ll notice the sender is googleemail.com – close, but no cigar. As well, if you’re a WOT (Web of Trust) user, you’ll see that WOT has cleared the “Sign in” link as being safe.

A rather confusing mixed message. Googlee is not Google, but WOT marks the link as safe.

Unfortunately, this “green light” is a shortcoming in WOT’s reputation assessment since the rating reflects the reputation of the the principal domain, and not a subdomain – which, in this case, the link resolves to.

Sadly, average users are generally unaware that Gmail provides a simple tool to view message headers which contain tracking information for an individual email.

In this case, checking the headers (as shown in the following screen capture) reveals this email actually came from prajim.siaminterhost.com – obviously, not Google.

Of course, I didn’t response to this password phishing attempt and click on the enclosed link. But, those users who fall for this type of crafty scam, are often redirected to a forged version of Gmail’s login page where they can happily provided the requested information.

Advice worth repeating:

If you have any doubts about the legitimacy of any email message, or its attachment, delete it.

Better yet, take a look at the email’s headers. Check the initial “Received from” field in the header, since this field is difficult to forge. Additionally, the mail headers indicate the mail servers involved in transmitting the email – by name and by IP address.

It may take a little practice to realize the benefits in adding this precaution to your SOP, but it’s worth the extra effort if you have any concerns.

If you have a webmail account other than Gmail, check out this page for instructions on finding headers for your specific provider.

Google provides excellent advice on their page – Messages asking for personal information, from which the following has been taken.

Here’s what you can do to protect yourself and stop fraudsters:

Check the email address of the sender of the message by hovering your mouse cursor over the sender name and verifying that it matches the sender name.

Check whether the email was authenticated by the sending domain. Click on the ‘show details’ link in the right hand corner of the email, and make sure the domain you see next to the ‘mailed-by’ or ‘signed-by’ lines matches the sender’s email address.

Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site. Although some links may appear to contain ‘gmail.com,’ you may be redirected to another site after entering such addresses into your browser.

Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.

Check the message headers. The ‘From:’ field is easily manipulated to show a false sender name. Learn how to view headers.

If you’re still uncertain, contact the organization from which the message appears to be sent. Don’t use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.

If you enter your Google account or personal information as the result of a spoof or phishing message, take action quickly. Send a copy of the message header and the entire text of the message to the Federal Trade Commission at spam@uce.gov. If you entered credit card or bank account numbers, contact your financial institution. If you think you may be the victim of identity theft, contact your local police.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tech Thoughts Daily Net News – August 12, 2011

How to Fix Your Family’s PC Problems – Are you the first line of tech support for your friends and family? Here’s everything you need to troubleshoot for the not so tech-savvy.

How browsers and security software can keep you safer online – Online criminals have a seemingly bottomless bag of tricks to get you to click on a link that leads to an unsafe download. The link can come via e-mail, or in search results, or as part of a normal looking web ad, like the one shown here. That link leads to malware, but there’s no easy way to be certain of that just from looking at the URL. How do you avoid being victimized?

How to Watch Netflix Anywhere – In a time when anything less than instant seems to be unacceptable, Netflix is taking great strides to be your streaming service of choice. You can watch movies and TV shows instantly and from almost anywhere. You can even authorize up to six devices and stream two simultaneously.

Free, Secure Remote Network Access – A VPN not only helps you to access your work machine back in the office, it can also provide consumers more secure Internet browsing or virtual LANs. There are some good free choices available, too.

Google Researcher Dissects Sophos Antivirus Software – AV product vendors don’t provide sufficient technical details on how their products work, researcher says at Black Hat USA. Ormandy said he will release free tools that he developed while researching the Sophos software. His main take on the product: It doesn’t live up to its claims. “It’s safe to say that Sophos’ technology is not really equipped to deliver on the promise they made,” Ormandy said.

Fake CCleaner offered for a small fee – Anything and everything you download from the Internet could be a piece of malware, disguised as a legitimate document or software. GFI has recently spotted a Russian website located at myccleaner(dot)ru offering for download the well-know system optimization tool CCleaner. But, there’s a catch – once the user downloads the offered ccsetup303.exe file and tries to install it, he is asked to pay a small fee of about $5 in order to activate it.

Adobe Patches Flash, Shockwave and Photoshop – The August Flash update addresses at least 13 vulnerabilities in Adobe’s Flash Player. According to Adobe, they are not aware of any exploits “in the wild” for the issues addressed in the update.

Multiple vulnerabilities in Symantec Endpoint Protection Manager – Multiple vulnerabilities have been discovered in Symantec Endpoint Protection Manager, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks, according to Secunia.

Company News:

Amazon Defies Apple With Kindle Cloud Reader – Amazon’s new HTML5 Kindle Cloud Reader gets around Apple’s App Store rules at the same time it expands the retailer’s cloud offerings, but a snub against Apple.

HoneyPoint Console 3.50 released – The software helps organizations detect true attacks on their system and has been upgraded with several new features. New interface enhancements have been added, making it easier to manage HoneyPoint data.

LinkedIn mimics Facebook, introduces questionable on-by-default feature – According to Steve Woodruff, LinkedIn has changed its Privacy Policy a couple of months ago and among the changes is the SA feature, which is “on” by default. In short, it allows LinkedIn to pair your name and/or picture to its advertisers’ ads. So, if you don’t want to be seen as de facto endorsing those products and services, you are required by LinkedIn to say so explicitly.

Off Topic (Sort of):

Most Consumers “Just Say No” to Posting Vacation Pictures Online – Twenty-two percent of those surveyed share vacation information only with their closest friends, according to Avira

In the future, you’ll be able to text and send videos to 9-1-1 – In a speech before the Association of Public Safety Communications Officials in Philadelphia yesterday, FCC Chairman Julius Genachowski announced plans to radically expand 9-1-1 coverage.

Solid State Drive Adoption Sees Explosive Growth – Businesses are adopting and deploying solid state storage for rapid access to transactional data, the cloud and virtual desktop infrastructures, according to a new survey.

When the out of box experience becomes an out of mind nightmare – Laptop makers only get one first impression, and when they preinstall junkware that ruins the first boot they have failed the customer.

Today’s Quote:

“Time is the coin of your life. It is the only coin you have, and only you can determine how it will be spent. Be careful lest you let other people spend it for you.”

–    Carl Sandburg

Today’s Free Downloads:

Darik’s Boot and Nuke (DBAN) – I destroy my old data using what storage experts call a “block-erasure utility” such as Darik’s Boot and Nuke. DBAN overwrites each block on a computer’s hard drive several times–up to standard levels specified for the Royal Canadian Mounted Police and the U.S. Department of Defense. DBAN can create either a bootable floppy disk or an ISO file that you burn to a CD. Once you boot from the startup disk (you may have to tweak settings in your system’s startup program to boot from the floppy or CD), just a few keystrokes will begin blowing away your data.

DisplayFusion – DisplayFusion makes it easy to customize your desktop wallpaper with your own images. Select pictures from your own hard drive or pull them down from Flickr with this freebie. You can search for and preview shots from Flickr from within the program, and there are nice options for those with multiple monitors.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Search Engine Malware – The Same Old, Same Old

In the News within the past 3 days –

Web security firm Armorize – over 6 million e-commerce web pages have been compromised in order to serve malware to users.

Ed Bott Report – criminal gangs that specialize in malware love search engines, because they represent an ideal vector for getting Windows users to click on links that lead to potentially dangerous Trojans. The latest attack targets ads, and the social engineering is frighteningly good.

Not in the News –

The specifics may be news but, this particular malware attack vector is so old I’m surprised that more Internet users aren’t aware of it. No, I take that back – based on a conversation I had just last night.

Me: “So, what antimalware applications are you currently running?”

She: “Well, I can cut and paste and I can get on the Internet, but I don’t worry about all that other stuff. I don’t understand it anyway.”

I’m well past the point where I allow myself to show surprise when I hear this type of response – it’s just so typical. Given that level of knowledge, it’s hardly surprising then, that consumer confidence in the reliability of search engine results, including relevant ads, is taken for granted.

I’ve yet to meet a typical user who would consider questioning a search engine’s output as to its relevant safety.  It’s been my experience, that typical Internet users blindly assume all search engine results are malware free.

This, despite the reality that the manipulation of search engine results, exploiting legitimate pages, and the seeding of malicious websites among the top results returned by search engines in order to infect users with malware, is a continuing threat to system security.

Here’s how the cyber crooks do it:

When a potential victim visits one of these infected sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

Let’s take, as an example, a typical user running a search for “great vacation spots” on one of the popular search engines.

Unknown to the user, the search engine returns a malicious or compromised web page as one of the most popular sites. Users with less than complete Internet security who visit this page will have an extremely high chance of becoming infected.

There are a number of ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate. In the example mentioned earlier, the web page would appear to be a typical page offering great vacation spots.

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The following comment (posted here March 15, 2011), illustrates perfectly the issues discussed in this article.

Funny you write about this today. I was reading about the spider issue Mazda was having and wanted to know what the spider looked like so I Googled it, went to images and there it was. There was also a US map that had areas highlighted, assuming where the spiders exist, and before I clicked on the map I made sure there was the green “O” for WOT for security reasons.

I clicked on the map and BAM I was redirected instantly and hit w/ the “You have a virus” scan malware. I turned off my modem then shut my computer off. I restarted it and scanned my computer w/ MS Security Essentials and Super Anti Spyware. MS Essentials found Exploit:Java/CVE-2010-0094.AF, and Trojan:Java/Mesdeh and removed them. I use WOT all the time, but now I’m going to be super cautious.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.