SafeFighter Fake Antivirus – PandaLabs Takes a Look

Courtesy of Panda Security.

PandaLabs’ report this week focuses on two Trojans, and a new fake antivirus.

SafeFighter is a new fake antivirus.

Like other malware of this kind, it tries to fool users by displaying false infections, remote connections and vulnerabilities that do not exist. If users fall for the trap, they are directed to a screen where their credit card details are requested to carry out the transaction. This way, as well as obtaining money for a service that will never be provided, cyber-crooks steal users’ credit card details.

Removal help for this nasty is further on in this article.

Spammer.ANT is a Trojan that passes itself off as a Microsoft program.

Once run, it copies itself to the system and loads itself to memory under the name reader_s.exe. It then carries out remote connections and spams users, trying to get them to believe the messages received are from an online store.

It has a compressed file attachment with an executable called open.exe. When opened, AntivirusPro2010 is installed on the computer (a fake security solution we have discussed in the past).

The other Trojan in this report is Sinowal.WOE.

It reaches computers through email, and passes itself off as a Microsoft Word document. Once installed, it collects as much information as it can from the infected user.

Additionally, when the user opens the browser, the Trojan connects to a server where Sinowal.WOE stores the victim’s information, and downloads the AntivirusPro2010 fake security solution.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

SafeFighter and AntivirusPro 2010 Removal:

If you have become infected by AntivirusPro 2010, SafeFighter, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Click here to download free SUPERAntiSpyware to remove AntiVirusPro 2010.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Alpha Antivirus – PandaLabs Takes a Look

Courtesy of Panda Security.

PandaLabs’ report this week focuses on a worm, a fake antivirus, a Trojan and a traditional virus.

The new fake antivirus we are looking at this week is called Alpha Antivirus. Like many of its kind, it tries to fool users by displaying fake infections, false remote connections, or non-existent vulnerabilities.

It then encourages users to buy a fake security suite. Since this antivirus is a
fake antivirus, users end up paying for a product that does not exist, as well as revealing their bank details to cyber-crooks.

Removal help for this nasty is further on in this article.

JokR.A is a script worm which leaves a visible indication of infection for users to see. In order to spread, this malware copies itself under the name Th3_jOkEr.vbs together with the autorun.inf file (hidden) to all drives and the Windows folder.

This way, it runs whenever users access these drives. It also copies itself to removable drives to increase its chances of propagation. This malware makes a series of entries in the registry, to ensure it runs on every system start-up,
displaying the following warning: “Thanks for your participation”,  “My
virus is now on your computer, so thank you for your the participation
with your friends 🙂 !)”.

It also inserts the following text in the Internet Explorer header: “Hacked By Yassine [Th3_jOkEr] …:::… Fuck You …:::…” It’s difficult to see in the following image, but the IE header has been changed.

Finally, we want to mention a Trojan and a virus associated with an email with the subject Convocatoria en la Audiencia (Summons to the Central Criminal Court). This message has an attached file which looks like a pdf file, but in reality it has the “scr” extension.

On opening the file which supposedly contains the summons, users are taken to the official website of the Spanish National Police, while another connection is made to a page from where it downloads and installs the Banker.LYI Trojan and
the Induc.A virus.

Banker.LYI is a banker Trojan that targets a specific Spanish bank. This Trojan steals the bank details entered by users, and uses the Outlook address book to redistribute the same message among all the infected user’s contacts.

Induc.A is a virus written in Delphi. The first thing the virus does is search for versions of the Borland Delphi compiler (4,5,6 or 7) installed on the computer. If it finds a version, the virus inserts a code to infect all the files compiled with these versions.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

Alpha Antivirus Removal:

If you have become infected by Alpha Antivirus, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Windows Police Pro – PandaLabs Takes a Look

Courtesy of Panda Security.

This week’s PandaLabs report looks at a worm, a program for creating Trojans, and a new fake antivirus.

Windows Police Pro is a new example of rogueware.

As is typical of these fake antivirus programs, it tries to convince users that their systems are infected, being hacked, or contain vulnerabilities. Users that fall for the ruse are taken to a screen in which they are asked to enter their credit card details. This way, in addition to paying for a disinfection, they will never receive, they have also handed over confidential information to cyber-crooks.

Removal help for this nasty is further on in this article.

Vobfus.A is a worm that spreads through USB drives and shared folders. The first action it takes when run is to make a series of copies of itself in several directories and connect to certain Japanese Web pages, from which it downloads files related to adware.

When a USB device is connected, the worm creates a series of shortcuts through which the infected file – which is hidden – is run. It also creates an autorun file on the USB drive in order to spread. One interesting thing about this malicious code is that is makes certain modifications to the registry, installing language packets that allow the operating system to recognize characters in Chinese and Japanese.

Thanks to this, the worm can redirect the Internet browser to pages in Chinese, interpreting them and downloading files. It also creates a key in the registry to ensure it is run every time the system is started up.

KeyLogger.FT is a program for building keylogger Trojans.

These programs capture keystrokes and then send the information to an email account, with details about where the information has been entered. The Trojan builder lets users include features such as automatic activation on system restarts, or uninstallation on a certain date. It also includes the option to disable the Task Manager on the infected PC, or close it as soon as it is opened.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

Windows Police Pro Removal:

If you have become infected by WinPolicePro, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Personal Guard 2009 – PandaLabs Takes a Look

Courtesy of Panda Security.

This week’s PandaLabs report looks at a rogue antivirus, a backdoor Trojan and a program for creating Trojans.

Personal Guard 2009 is a new sample of the infamous rogue antivirus programs. On reaching computers, it runs a spoof hard disk scan.

These malicious codes typically display fake infections when running the scan, but Personal Guard 2009 does not show any infections during the first scan. Instead, the file goes hard disk resident and later on displays pop-ups in the toolbar warning about possible malicious items. During the second scan it shows fake viruses.

From then on it follows the standard procedure; tempting users into buying a fake security program in order to profit directly as well as stealing any data entered by the user.

WinVNC.A is a backdoor Trojan distributed via email. It uses the subject of swine flu as a lure, and talks about a potential conspiracy of pharmaceutical laboratories, tricking users into opening a PowerPoint presentation (“POS.exe”) where “the big secret” is revealed.

On running the attached file, the Trojan is downloaded to the computer without the user’s knowledge, while the presentation is displayed. This malicious code is especially designed to steal confidential information from the user and send it to its creator.

Finally, PassThief.A is a program designed to create password-stealing Trojans.

The information stolen by the Trojan is sent to an email account specified
by the program user. The directory where the Trojan will be installed can be selected, and whether it should run during the first or fourth operating system restart.

The Trojan will have the same icon as the task manager and will function on WIN9x/WINME, as it steals the passwords of the pwl files in the operating systems. These pwl files contain passwords for accessing protected resources, session start, phone access to networks, etc.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you become infected by Personal Guard 2009, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Patrick Swayze’s Death – An Opportunity For Hackers

Dirty Dancing star Patrick Swayze, as most people are now aware, passed away several days ago, and it hasn’t taken long for cyber crooks to use this to advantage. Cybercriminals have jumped on this information, and are already exploiting this sad event.

Searching for news of Swayze’s death has multiple risks attached, including the risk of landing on an infected web site, which can lead to the downloading of “scareware” – fake security software.

Scareware is now recognized, by security experts, as the single most profitable money maker for cybercriminals, with thousands of users falling victim to scareware scams every day.

Cybercriminals are experts at exploiting our natural curiosity surrounding current events, and by focusing on this aspect of social engineering, they are increasingly creating opportunities designed to drop malicious code, including rootkits, password stealers, Trojan horses, spam bots, and of course scareware, on our computers.

If an event is newsworthy, or it’s titillating in any way, you can be sure cybercriminals are exploiting it for their own advantage. A case in point: Serena Williams’ disgraceful behavior at the US Open, is currently been used by cybercriminals to trap victims into downloading rogueware.

I highly recommend that you watch the following YouTube video (courtesy of Sophos), which illustrates just how easy it is for the bad guys to trap unprepared computer users into downloading rogue software.

Save yourself from being victimized by scareware, or other malware, and review the following actions you can take to protect your Internet connected computer system:

• When surfing the web – Stop. Think. Click
• Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.
• Don’t open unknown email attachments
• Don’t run programs of unknown origin
• Disable hidden filename extensions
• Keep all applications (including your operating system) patched
• Turn off your computer or disconnect from the network when not in use
• Disable Java, JavaScript, and ActiveX if possible
• Disable scripting features in email programs
• Make regular backups of critical data
• Make a boot disk in case your computer is damaged or compromised
• Turn off file and printer sharing on your computer.
• Install a personal firewall on your computer.
• Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.
• Ensure the anti-virus software scans all e-mail attachments.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Internet Security – Stop Guessing With Free GeSWall

GesWall (GentleSecurityWall), is one of the most important security application I have tested this year. I wanted to spread the word on this application almost immediately, but I held off until I had completed my usual 30 day test period.

Anti-virus, anti-spyware and firewall applications generally offer reasonable protection against the increasingly more powerful and destructive Internet based attacks, against home computer systems. Unfortunately, these applications, even taken together, do not make up for the lack of experience, and intuitiveness, of most computer users.

A good example of the effects of this lack of experience can be seen in the field day that malware such as rogue applications, or scareware, is currently enjoying on the Internet. Unaware users are downloading these highly damaging applications by the boatload.

Techies and geeks, on the other hand, have the ability to respond to these types of Internet threats in ways that would dazzle an average computer user. They can do this because of their experience, and their highly developed intuitiveness. So, why not develop a software application that is, in a sense, experienced and intuitive?

GentleSecurity has done just that with the release of GesWall, an intrusion prevention system that is non-intrusive, and requires a minimum of user intervention – perfect for the average user.

I’m going to describe this application, as best I can, in a non-technical way, since the objective is to convince less experienced users to give this free application a try. Power users already understand the principals involved in “isolating”, or “sandboxing” applications. Strictly speaking though, GeSWall is not a sandbox.

Simply put, GeSWall is an isolator which dynamically isolates Internet applications including Web Browsers, Chat Clients, Email Clients, and so on.

By handling security in this way, GeSWall prevents damage from intrusions and malicious software: viruses, worms, spyware, key loggers etc., including disallowing rogue software from being installed.

The following graphic illustrates, in an uncomplicated way, how GeSWall works. Use your screen magnifier to make viewing easier.

Following the installation of GeSWall, you are presented with the following screen at which time you have the opportunity to isolate specific applications; particularly applications that interact with the Internet. For example, I have isolated all of my web browsers, and I strongly recommend that you do so as well.

There is nothing to be gained by re-inventing the wheel, so I’ll refer you to an excellent video, posted on YouTube, which provides a terrific overview on how effective GeSWall is at protecting a computer against infection. This is an impressive video, and Kudos to Matt over at RemoveMalware.com, for putting it together.

Regular readers of this site are aware that I surf the underbelly of the Internet regularly, seeking out unsafe and damaging sites, malware, rogue applications, etc. I regularly infect the test bed machine I have set aside for this purpose. I then test the removal ability of anti-malware applications.

No matter how I tried however, (being reasonably responsible, of course), I could not infect the machine I set aside to test GeSWall  – it performed flawlessly. If you watched the video I recommended above, then you’ll have seen just how effective this application can be.

GeSWall Fast facts:

Prevents key loggers, rootkits, backdoors.

Prevents confidential file disclosure.

Prevents targeted intrusions.

Prevents malicious software infection.

Independent of attack techniques.

Easy to use, non-intrusive.

Central Management through Active Directory Group Policy

If you use any of the following applications, you can increase your Internet security substantially by installing this free application.

Chat Messengers

Download Managers

E-Mail and News

IRC

Multimedia

Office

P2P

Viewers

Web Browsers

Operating system: Windows 2003, Windows Vista, Windows XP, Windows 2000, Windows 7

Download at: Download.com

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

SmartVirusEliminator – Panda Security Takes a Look

Courtesy of Panda Security.

This week’s PandaLabs report looks at the SmartVirusEliminator adware, and the MSNWorm.GU worm.

The SmartVirusEliminator adware displays the following window while being downloaded.

Then, once it is downloaded and installed, it opens a window similar to the Windows security window.

This adware tries to pass itself off as a legitimate antivirus. To do so, it scans the computer and displays fake warnings to convince users they are infected. To disinfect the computer from the threats “detected” by the fake antivirus, users must purchase it by providing their bank details, which is the malware’s ultimate objective.

The MSNWorm.GU worm uses the popular MSN Messenger application to spread. It infects systems silently without any visible symptoms. However, a characteristic icon is displayed.

MSNWorm.GU worm modifies the Windows registry so that it launches on every system start-up, and goes memory resident. It also copies itself to C:\WINDOWS\system32\wupdate.exe.

While users chat through an instant messaging application (e.g. MSN Messenger), they receive a message from one of their contacts (which doesn’t raise suspicion), with a link to download a file. If the user clicks the link, the worm installs on the system and the infection begins.

First, the worm connects to a server to check whether there are any up-to-date versions of itself which will then be downloaded to the computer. If there are not, it makes a copy of itself in the system path.

It then creates a series of traces to this copy, or to the updated version of itself. One of the traces aims at ensuring the worm is launched on every system start-up.

The worm has bot features, which allows it to open a connection to communicate with its creator waiting for commands. Finally, the file stays memory resident, awaiting a new connection to another instant messaging application in order to spread.

More information about these and other malicious codes is available in the Panda Security Encyclopedia.

You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you become infected by this, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

Additional precautions you can take to protect your computer system:

When surfing the web: Stop. Think. Click

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all email attachments

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

SaveSoldier Fake Antivirus – Panda Security Takes a Look

Courtesy of Panda Security.

This week’s PandaLabs report discusses the SaveSoldier fake antivirus and the Ramson.G worm.

The first malware we’re looking at this week is another example of malicious programs that pass themselves off as legitimate software applications in order to steal users’ money by tricking them into believing that they will eliminate (non-existent) threats.

This fake antivirus is designed to collect personal and bank details provided by users when they buy it. This malware scans the system searching for infected software –

and displays an interface which resembles the interface of a typical antivirus program –

It then asks users to buy and install certain software to resolve problems caused by the malicious software supposedly detected on the computer.

When the fake antivirus ‘detects’ infected files, it prompts the user to enter a code they will receive when they buy the antivirus pack.

To do so, users are redirected to a page where they can purchase the software using a credit card.

It also displays several warnings informing about malware problems, registry errors, etc.

The second example of malware in this report is the Ramson.G worm, which appears on screen with the icon of an executable file and constantly launches the Windows taskkill utility to eliminate processes, passing a series of commands.

When the computer is restarted, a message in Russian is displayed

and a code to access the system is requested. Once the code is entered, it displays another message and restarts the system.

It spreads through mapped, shared and removable drives. It uses its autorun.inf configuration file for malware to self execute through these drives.

More information about these and other malicious codes is available in the Panda Security Encyclopedia.

You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you become infected by this, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

Additional precautions you can take to protect your computer system:

When surfing the web: Stop. Think. Click

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all email attachments

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Want to be a Successful Cyber Crook – Here’s a Tip!

If you want to enhance your chances of being a successful cyber scam artist/cyber crook, you need to; look the part and act the part, of a successful Internet business organization.

How hard is that? Not hard at all when you consider all you need to do is offer a product that appears genuine, and perhaps most importantly – advertise in readily available and trusted media.

So, if you want to succeed in the $105 BILLION “Internet shadow economy”, advertising your “product” on an Internet search engine, could be a major step in helping you reach your goals.

Why an Internet search engine? Well, if one were to poll a group of typical Internet users as to the safety and reliability of search engine results, including the pervasive ads that search engines sprout; there is little doubt that the answer would be positive. In a sense, search engines impart instant legitimacy.

Part of the process of offering a product that appears to be genuine, would include producing and promoting a Web site that instills confidence in those unlucky enough to click on your ad, such as the site pictured below for ErrorSmart, a notoriously misleading application .

But hold on! Given that search engine results can be manipulated, or worse (see “Search Engine Results – Malware Heaven!” on this site), it is reasonable to ask the question – why aren’t typical Internet users aware of this situation?

The simple answer is – search engines make little, or no effort, to educate their users in the risks involved in relying on advertisements appearing in their applications. As a consequence, the typical user I come into contact with believes search engine output to be untainted, and free of potential harmful exposure to malware.

A user looking for a review of ErrorSmart, for example, has a reasonably good chance of finding the following fraudulent review:

ErrorSmart uses the industry’s most advanced error-resolution technology and puts it to work for you. By scanning your hard drive, analyzing the errors and correcting the problems, ErrorSmart can restore your system performance and increase startup speed by up to 70 percent.

Whether it’s incomplete uninstalls, failed installations, driver issues or spyware infections that are affecting your PC, ErrorSmart will rid you of your computer problems in just minutes.

Fact: Consumer confidence in the strength and reliability of search engine results, particularly ads, is seriously misplaced.

For example ErrorSmart (the site pictured earlier), a “scareware/rogueware” application developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false positives generated by the application, has been “advertised” for months on a number of leading search engines.

I shudder when I think of the huge numbers of surfers who have suffered the consequences of accepting a download of this misleading application.

If you are one of the unlucky computer users’ who is struggling with computer chaos caused by the installation of this “scareware”, visit 411-spyware.com, a great site that specializes in helping those who have been manipulated into installing rogue software.

If you think this is a one off, or an isolated incident, then you’ll be surprised to learn it’s not. According to Panda Security, approximately 35 million computers are infected with scareware/rogueware each month (roughly 3.50 percent of all computers), and cybercriminals are earning more than $34 million monthly through rogueware attacks.

I’ve said it before and I’ll say it again – an argument can be made, that the Internet has turned into a playground for cyber-criminals.

So will search engine providers address the issues described in this article? Sure – but only when consumers who are totally fed up with tainted search engine results, and malicious hackers, finally force them to.

Fact: Failure to protect the Internet, which by definition is an open network, has substantial penalties ranging from productivity decreases, infrastructure compromise, to a failure in consumer confidence and more.

Great business model!!

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Total Security 2009 Scareware – Panda Security Takes a Look

Courtesy of Panda Security.

This week’s PandaLabs report looks at Total Security 2009, yet another
example of the many fake antiviruses in circulation.

This type of malware passes itself off as legitimate software applications in order to steal users’ money by tricking them into believing that they will eliminate threats that actually do not exist.

Once installed on the target computer

Total Security displays a warning indicating that the computer is at risk.

Then, it simulates a system scan reporting a series of infections in order to scare users into buying the antivirus solution.

On finishing the scan, Total Security displays a screen offering a solution to the
user’s problem.  The solution consists of activating the fake antivirus.

However, to activate the product, users must pay a fee to the anti-malware vendor. After this, users receive a code they must enter in the program.

Once they do this, the malicious application stops displaying warnings about
threats. This aims to make users believe they have actually bought an antivirus product, whereas, in reality, no infection has been removed and users are not protected against threats.

Total Security installs on computers just as if it were a legitimate security solution. It creates a shortcut in the desktop, another one in the program directory of the Start menu and a third one in the Add or Remove Programs section.

This malware can reach users in a variety of ways: through links in spam messages, downloaded from a malicious Web page, etc. Once run, the
program launches the installation process.

More information about these and other malicious codes is available in
the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you become infected by this, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice, you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

Additional precautions you can take to protect your computer system:

When surfing the web: Stop. Think. Click

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all email attachments

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.