Why Do Users Keep Falling for Scams?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.

---

*Social engineering: refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access — Wikipedia

It’s unfathomable to me why so many people still get caught out by social engineering techniques, being tricked into clicking that link or opening that attachment.

Social engineering is one of the most prevalent methods used by cybercriminals to infect a system and/or gain a user’s sensitive information. Ransomware, phishing emails, scams, all generally involve an element of social engineering. Why? Because it’s simple, effective, and lucrative. It stands to reason then that the most potent method for eradicating these types of threats would be to make them less effective and less lucrative. The question is; how to achieve that?

You’ve no doubt come across the saying “education is key” – and, when it comes to social engineering, nothing could be truer. Because of the changing nature of socially engineered exploits, security software cannot always protect users from themselves. That’s why Tech blogs are repeatedly issuing the same advice/warnings – don’t click on links in emails from unknown senders, don’t open email attachments from unknown senders, etc., etc., etc. In fact, I recently published yet another list of do’s and don’ts  “10 Golden Rules to Defeat Scammers” . Yet, despite all this, so many people are still falling victim to social engineering.

A large part of the problem I suppose is that the users who need this type of advice the most are generally not the sort of people who tend to visit and read Tech blogs.

I was recently perusing a well-known freeware site and came across a comment from someone complaining that, despite being protected by a commercial grade antivirus, his company’s computers had been infected by ransomware… twice. On both occasions the infection was initiated by an employee clicking on something he or she shouldn’t have clicked on. I suggested to him that perhaps his company needed to review and strengthen its staff training program. Education is key.

My own clientele consists largely of elderly folk and, in my experience, many are highly susceptible to phishing and scams in general. I have a theory about this; I’m sure it’s because they were brought up in an era when trust was inherent; leaving the front door to the house open, leaving the car unlocked and keys in the ignition. Do you know what I mean? It’s not so much that they are gullible, more overly trusting.

These people also tend to be not so computer/security savvy, so rather than hit them with a long list of do’s and don’ts, which might be difficult to follow, I condense it all down to just three rules for them to remember:

1. Treat each and every unsolicited phone call and/or email as highly suspicious.

2. Always be very wary about giving out sensitive personal information over the internet.

3. If it sounds too good to be true, it almost certainly is.

If the more savvy among us would only take the time to pass this type of advice around their own particular circles of family, friends, and acquaintances, I believe that we, collectively, might just make a difference.

Norman Malware Cleaner –Another Free Tool To Remove Tough Malware

Just like the 14 free specialty malware removal tools I wrote on earlier this year, Norman Malware Cleaner has been designed to identify tough malware infections, including specific malware, and then help you eradicate those infections.

Since this particular application is a stand alone executable, it does not require installation (perfect for a Flash Drive). Since scanning with the most recent definition database is a must, you will need to download a new version of the application on a per use basis.

On execution, you will be presented with the following end user agreement. This may be the shortest end user agreement I’ve ever seen.

Despite the fact that this is a powerful application, setting the options is fairly straightforward.

For the first test, I ran a simple Quick scan as illustrated in the following two screen captures.

This scan completed in less than four minutes, and indicated that no infections were present.

I then changed two critical group policies which duplicated common malware attacks – no access to the Task Manager, and restricted access to Windows Explorer (show hidden files).

As you can see in the following screen shot, Norman Malware Cleaner had no difficulty picking up on, and cleaning, these registry changes on a scan rerun.

A scan results log file is saved to the desktop, as illustrated.

Fast facts:

Detect and Remove malware (viruses, Rootkit’s, FakeAV, worms and more)

Utilize advanced Anti-Rootkit technology

Quarantine module

Scanning and cleaning including Norman patented Norman SandBox technology

Supports Quick- Normal- Full- Custom Scan mode

Command line function for better tailor scanning across several machines (businesses)

Daily signature updates available

Systems requirements: Windows 2000, XP, 2003, Vista, 2008 and Win 7.

Download at: Norman

Registration is required.

Note: This application is for use when you are dealing with a machine you know is infected. It is not a replacement for a real-time AV.

As with most tools in this class, advanced computer knowledge is required. Unless you feel confident in your diagnostic skills, you would be better off avoiding this application.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

PandaLabs Second Quarter Security Landscape Report

In a rather surprising statement, PandaLabs, in its 2011 Second Quarter Security Report, makes the point that there’s a challenging grey area between “Hacktivism” (LulzSec and Anonymous), and Criminality. Frankly, I don’t subscribe to this “blurry lines” view.

I see the issue in rather simpler terms – if security holes exist in critical systems which enterprise, or government, are either unwilling, or unable to address – ultimately creating a host of innocent victims – then I encourage LulzSec and Anonymous to continue their campaigns of outing non-responsive, and non-responsible organizations. I’m more than a little tired of being placed at risk due to organizational ineptness, or failure to adhere to common sense security practices.

Some key findings from Panda’s report (determined from data collected through Panda ActiveScan) include:

Every minute, 42 new malware strains were created.

Trojans constitute 70 percent of new malware followed by viruses (10 percent) and worms (8.53 percent). Surprisingly, Adware, which only represents 1.37 percent of all malware, accounted for more than 9 percent of all infections.

China, Thailand and Taiwan continue to lead infection rankings.

Top 10 least infected countries.

So, should these statistics hold any relevancy for you? Should you be preoccupied, or overly concerned, with these numbers? The answer, it seems to me, depends on how aware you are of the overallInternet security landscape, and where you fit into the following user groups.

• Those who know.
• Those who think they know.
• Those who don’t know, that they don’t know.

Hopefully, you are in that small group who can confidently say – “I know”.

Broken record time:

I’ll risk sounding like a broken record, once again, and repeat what I’ve said here numerous times –

“Controlling malware intrusion, while surfing the Net, through the use of a  “virtual” environment rather than operating in a “real” environment, makes sense given the escalating level of cyber criminal activity on the Internet.”

BufferZone, is a particular effective and easy to use freeware virtualization application (perfect for casual users), which creates an isolated environment called the Virtual Zone, while you surf the Internet. You can read more about BufferZone, here.

About PandaLabs:

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats.

To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 73,000 new malware strains that appear every day.

This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage.

The full report (PDF), is available here.

Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

BitDefender’s Free Virus Guard Protects BitTorrent Users

If you’re into downloading open license movies, music, games and applications, then there’s a good chance you’re into the enormously popular BitTorrent peer-to-peer file sharing application.

Just to be clear – I am not a fan of public, peer to peer file sharing – here’s why: Peer to peer file sharing carries with it a high risk that the user will not get what he thinks he will. And, may pick up something nobody wants to pick up.

So is this a serious risk? You bet – take a look at the following from the BitTorrent Beginner’s Guide –  How do I know that someone isn’t sending out viruses on BitTorrent?

In short, you don’t. You should treat something downloaded with BitTorrent just like any file downloaded from the internet – that is, if you don’t trust the source of the file, then you should use caution when opening it.

BitTorrent guarantees that the content you download is not altered from when the torrent was originally created, but if the source files used to create the torrent were already infected, this will provide no protection!

What’s a user to do then, who enjoys file sharing through BitTorrent, and wants to reduce the risk of being burned by cybercriminals who lurk on public file sharing networks? BitDefender’s new Virus Guard, might provide part of the answer.

BitDefender’s free Virus Guard, which is now part of BitTorrent’s App Studio, is available to BitTorrent’s 80 million users.  Virus Guard quickly scans torrents before they’re launched, and flags any potential threats it finds; effectively giving users an opportunity to delete torrents before they can do any harm.

Here’s a screen capture of the BitTorrent application with BitDefender’s Virus Guard installed. Click on the graphic to expand to original size – 1260 x 745.

BitDefender’s Virus Guard Fast Facts:

Scan from within BitTorrent — avoid wasting resources on a full disk scan.

Check all torrent downloads (including ZIP, RAR, and TAR archives) to eliminate potential threats before they occur.

Protect against viruses and other malware using industry-leading technology.

Keep all your torrent downloads safe and clean.

BitDefender provides industry-leading protection based on two proactive threat detection technologies.

Virus definition library updated continuously to protect you from the latest threats.

Download Virus Guard at: BitTorrent’s App Studio.

Old advice, but more important than ever: Trade-offs and risks you should consider if you’re a fan of Peer to Peer file sharing.

Privacy: When you are connected to file-sharing programs, you may unintentionally allow others to copy confidential files you did not intend to share. So be sure to setup the file-sharing software very carefully.

If you don’t check the proper settings when you install the software, you could allow access not just to the files you intend to share, but also to other information on your hard drive, such as your tax returns, email messages, medical records, photos, and other personal and financial documents.

It’s extremely important to be aware of the files that you place in, or download to, your shared folder. Don’t put information in your shared folder that you don’t want to share with others. Your shared folder is the folder that is shared automatically with others on peer to peer file sharing networks.

Copyright Issues: You may knowingly, or otherwise, download material that is protected by copyright laws and find yourself caught up in legal issues. Copyright infringement can result in significant monetary damages, fines, and even criminal penalties.

Some statistics suggest as many as 70% of young people between the ages of 9 – 14, regularly download copyrighted digital music. If you are a parent, you bear the ultimate responsibility for this illegal activity.

Adult Content: Again, if you are a parent you may not be aware that their children have downloaded file-sharing software on the family computer, and that they may have exchanged games, videos, music, pornography, or other material that may be unsuitable for them. It’s not unusual for other peoples’ files to be mislabeled and you or your children can unintentionally download these files.

Spyware: There’s a good chance that the file-sharing program you’re using has installed other software known as spyware to your computer’s operating system. Spyware monitors a user’s browsing habits and then sends that data to third parties. Frequently the user gets ads based on the information that the spyware has collected and forwarded to these third parties.

I can assure you that spyware can be difficult to detect and remove. Before you use any file-sharing program, you should buy, or download free software, that can help prevent the downloading or installation of spyware, or help to detect it on your hard drive if it has been installed.

Viruses: Use and update your anti-virus software regularly. Files you download could be mislabeled, hiding a virus or other unwanted content. Use anti-virus software to protect your computer from viruses you might pick up from other users through the file-sharing program.

Generally, your virus filter should prevent your computer from receiving possibly destructive files. While downloading, you should avoid files with extensions such as .exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.

Default Closing Behavior: It is critical that you close your connection after you have finished using the software. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and will increase your security risk. Be sure to turn off this feature in the programs “preferences” setting.

What’s more, some file-sharing programs automatically run every time you turn on your computer. As a preventive measure, you should adjust the file-sharing program’s controls to prevent the file-sharing program from automatically starting.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Symantec MessageLabs Intelligence October 2010 Report – Targeted Email Attacks On The Rise

Even in a world where Internet threats present an ever evolving and increasingly sophisticated danger to businesses, targeted email attacks are the most potent of all – potentially dealing  devastating short and long-term damage to the victims.

Counter to intuitive thinking, a high degree of sophistication gives these low volume, highly personalized emails an edge, and a higher probability of success than mass email blasts.

The goal of targeted attacks is simple – an attempt to gain access to specific sensitive data, intellectual property or confidential internal systems, by targeting specific individuals and companies.

According to Symantec Hosted Services, targeted attacks on the retail sector took a big jump in October, with 25 percent of all targeted attacks directed at this economic sector.

When you consider that in the previous 2 years, less than half of one percent of targeted email attacks were directed at the retail sector – versus the 25% discovered by Symantec Hosted Services in October, it’s evident cyber crooks have a razor sharp focus on the retail sector.

The spam landscape changes constantly, and while your industry sector may not be in the crosshairs currently, given that 200 and 300 organizations are targeted each month with the industry sector varying, it may be only a matter of time.

Knowledge is power, and as computer users we need as much power as we can get in order to stay safe on the Internet, so I encourage you to read the highlights of MessageLabs Intelligence October report, just released today. The full report is available here.

Selected report highlights:

Spam: In October 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 87.5 percent (1 in 1.4 emails), a decrease of 4.2 percentage points since September.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 221.9 emails (0.45 percent) in October, an decrease of .01 percentage points since September. In October, 23.1 percent of email-borne malware contained links to malicious websites, an increase of 15.5 percentage points since September.

Endpoint Threats: Threats against endpoint devices such as laptops, PCs and servers may penetrate an organization in a number of ways, including drive-by attacks from compromised websites, Trojan horses and worms that spread by copying themselves to removable drives. Analysis of the most frequently blocked malware for the last month revealed that the Sality.AE virus was the most prevalent. Sality.AE spreads by infecting executable files and attempts to download potentially malicious files from the Internet.

Phishing: In October, phishing activity was 1 in 488.0 emails (0.20 percent), a decrease of 0.06 percentage points since September.

Web security: Analysis of web security activity shows that 51.3 percent of malicious domains blocked were new in October, an increase of 17.7 percentage points since September. Additionally, 24.7 percent of all web-based malware blocked was new in October, an increase of 2.9 percentage points since last month. MessageLabs Intelligence also identified an average of 2,280 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 23.9 percent since September.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Free Stuxnet Removal Tool From BitDefender

BitDefender an award-winning provider of innovative internet security solutions, has just released a free removal tool targeting Win32.Worm.Stuxnet.

This tool is capable of removing all known variants of Win32.Worm.Stuxnet, as well as the rootkit drivers that are used to conceal critical components of the worm.

Win32.Worm.Stuxnet is a new breed of e-threats that emerged in mid-July. Although it infects all Windows-based systems alike, it primarily targets supervisory control and data acquisition (SCADA) systems which run the Siemens WinCC software.

The worm spreads by taking advantage of a multitude of zero day exploits in the current versions of Windows. Moreover, it can execute itself from an infected removable medium as soon as the .lnk file on the drive which has been read by the operating system. Successful exploitation of this vulnerability results in the injection of a backdoor, as well as the installation of two rootkits that will conceal both the .lnk files and the accompanying .tmp files.

“BitDefender added generic detection covering all variants of Stuxnet on July 19, thus protecting our customers since day zero. As part of our constant efforts to help worldwide users fight against e-threats, BitDefender has also created a Stuxnet Removal Tool. Computer users who are not protected by a BitDefender security solution can now eliminate Stuxnet from their infected systems as well,” said Catalin Cosoi, Head of the BitDefender Online Threats Lab.

The tool can be run on both 32- and 64-bit installations, and it will eliminate both the rootkit drivers and the worm. Stuxnet Removal Tool can be downloaded from the Removal Tools section of www.malwarecity.com.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

“Here You Have” Worm Alert – The Incompetents Take The Bait

In Chapter One of, Internet Security 101, the following is the first point made – “Don’t run files that you receive via email without making sure of their origin.”

OK, I’m stretching the truth a little, since I don’t actually know of a book with the title “Internet Security 101”. But, the truism “Don’t run files that you receive via email without making sure of their origin”, remains valid.

Despite constant warnings NOT to run this type of file, many users continue to disregard this critical advice. The success of the email delivered “Here you have” worm that clogged email systems on Thursday, despite the usual misspelling, grammatical, and punctuation errors in the email, leaves little doubt.

According to Symantec’s Message Labs Intelligence, the worm is delivered in a  standard email that directs the recipient to click on a link pointing to a malicious file that’s disguised as a PDF. Clicking on the link installs the worm on the victim’s machine.

Graphic courtesy of Symantec.

Regardless of the fact that the delivery method and the worm itself are not particularly sophisticated, this attack affected hundreds of thousands of computers worldwide, and then went on to spread through the following – instant messenger, mapped drives, and email, by taking contacts from the victim’s address book.

While doing the background work on this attack, I came across the following forum comment – “This hit one of our affiliated corporate networks today around 12 pm eastern. It was a mess.”

As one pundit put it – the attack was designed to “prey on the incompetent”. I find it hard to argue with that observation.

For additional information on this scam checkout Malware Operations Engineer Tony Millington’s Blog post over at the Symantec Hosted Services Blog.

About Message Labs Intelligence:

Symantec’s Message Labs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Tips For Using Instant Messenger Applications Safely

In a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users, one resultant statistic made me sit up a little straighter. Just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.

Given the frequency with which instant messaging is used to distribute malware (recent statistics indicate almost 50% of worms use this method to spread), I was more than a little surprised at this unrealistic response.

We’ve talked about IM security a number of times here, but this recent statistics indicates, a quick refresher might be in order.

The reality is, from a security perspective Instant Messaging applications can present considerable security risks. Security breakdowns can occur when these programs are used to share files, folders, or in some cases, entire drives. Instant messaging, unfortunately, is a primary channel used by cyber-criminals to distribute malware and scams.

Just a few days ago, for example, a Trend Micro analyst discovered an IM variant of the “Solve the IQ test”. Had he followed the instructions, he could have let himself in for a series of monthly charges of $9.99–$19.99 a month, automatically added to his cell phone bill.

Programs such as MSN Messenger, Yahoo! Messenger, AIM, and a basket full of other IM applications, are extremely popular with users who want real-time contact with each other and (no surprise here), this makes them the perfect vehicle for cyber criminals.

Hackers use two methods of delivering malicious code through IM: delivery of virus, Trojan, or spy ware within an infected file, and the use of “socially engineered” text with a web address that entices the recipient to click on a URL which connects to a website that downloads malicious code. Viruses, worms, and Trojans then typically propagate, by sending themselves rapidly through the infected user’s buddy list.

The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.

As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.

Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.

Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.

Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.

Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.

For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.

It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.

Above all, if you are a parent, take exceptional care with the access that your children have to these programs.

The risk here goes beyond malware, as sadly, they could come into contact with undesirable individuals. The risk is low of course, but……..

Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software, Parental Control Bar,  to help you do just that.

Readers with younger children, please read, KidZui – Free, Safe Internet Browsing for Kids, on this site. This guest writer article, by Silki Garg of the Internet Security Blog, provides a comprehensive review of KidZui.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

BitDefender Says Facebook Hacker: A Do-It-Yourself Kiddie Script Is On The Loose!

We live in a do-it-yourself world. We’re encouraged to renovate our own homes, repair our own cars, publish our own newsletters, and more; all without the support of paid professionals. It’s fair to say, that we are immersed in a DIY culture.

Not surprisingly then, if you want to create your own malware that will allow you to steal passwords, drop viruses, worms, adware, and Trojans, on innocent people’s computers, you’ll find a DIY culture on the Internet ready to help with a wealth of do-it-yourself malware kits.

The latest, so called Kiddie Script scourge, recently discovered by BitDefender, is Facebook Hacker – identified by BitDefender as Trojan.Generic.3576478.

Using this highly sophisticated do-it-yourself kit, there is no need for amateur cyber- crooks to be familiar with the intricacies of coding, or programming. In the image below, you can see just how easy it is to create malware that can have devastating impact on a victim’s computer. All of this without having to have any hacking skills, or programming knowledge.

According to BitDefender, Facebook Hacker is an application driven by a point and click interface, making it dead easy to construct malware designed to steal login credentials.

As the screen shot shows, there are only three fields that need completion – a disposable e-mail address, a password, and a target.

After clicking the “build” button, a server.exe file is created and deposited into the Facebook Hacker folder along with the initial files. This newly created malware (server.exe), is now ready to do its dirty work.

Here’s how BitDefender describes a Facebook Hacker attack:

Once run, the malicious tool will snatch the victim’s Facebook account credentials, along with all the usernames and passwords that we carelessly ask the browser to remember for us.

In order to successfully collect passwords, the malicious binary includes applications able to squeeze data out of the most popular browsers on the market, as well as of almost all instant messaging clients available.

To add insult to injury, the application also enumerates all dialup/VPN entries on the computer and displays their logon details: User Name, Password, and Domain.

To avoid detection, the Facebook Hacker will look for processes related to a security suite and kill them upon detection. It is important to mention that it is accessorized with a hard-coded list of processes associated with AV solutions that are to be checked and stopped, if found.

Last but not least, the piece of malware looks for network monitoring applications and terminates them. This is a safety measure that will prevent curious users from seeing their passwords leave the system.

In case you might think that this type of do-it-yourself malware creation kit is a new or an unusual phenomenon; it isn’t. Downloadable malicious programs, such as this, have been available for some time.

Some well known examples we’ve covered here in the past include, T2W – Trojan 2 Worm (Constructor/Wormer) – Script Kiddie Paradise, Constructor/YTFakeCreator – A New Kiddie Script/Malware Downloader, and BitTera.C – DIY Malware Creator for Script Kiddies.

These applications are so sophisticated, that even advanced computer users, and business networks, have been successfully penetrated by amateur cyber-criminals using these malicious tools.

Curious as to why these kits are free and downloadable on the Internet? Well, the accepted view is  – “real” cyber-crooks create these free “services” in order to create a market for their pay services – more sophisticated malware creation tools, often customized to the user’s needs.

Regular readers of this Blog are very familiar with the following tips, but they are worth repeating, which offer a substantial level of protection against attacks created by malicious applications that are currently flooding the Internet.

Do not click on unsolicited invitations to download software of any kind.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/Firefox add-on that offers substantial protection against questionable or unsafe websites.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a website designed to download malware onto your computer.

Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.

Never click on embedded cell phone links.

When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.

Keep your computer protected. Install a security solution and keep it up-to-date.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Download Two Free Last Resort Malware Removal Tools – Norton Power Eraser and NoVirusThanks

I just set up a system with Windows 7 Enterprise Edition to take it for a bit of a test run. This new install gave me the perfect opportunity (on an known clean system), to test a couple of specialty malware removal tools I’ve had kicking around for a while. Ones that I hadn’t gotten to yet.

What intrigued me with these tools was, each one makes reference to the fact that it is capable of detecting and removing Rogue Software, a scourge that currently infests the Internet.

The first one I took a look at was – NoVirusThanks Malware Remover, which, according to the publisher, is “an application designed to detect and remove specific malware, Trojans, worms and other malicious threats that can damage your computer. It includes the ability to remove rogue software, spyware and adware.”

For a complex tool, the user interface is surprisingly simple, since it’s laid out in the familiar tabs and check boxes format which makes it easy to follow.

Despite the publisher’s assertion that this tool “is very fast”, I didn’t find it particularly so. It took fully 15 minutes to complete the scan. Norton Power Eraser (described later), took less than 2 minutes.

On the plus side though, NoVirusThanks Malware Remover did not return any false positives, which is a bit unusual for an aggressive specialty tool. This can be very positive of course, for those users unused to running such a high powered tool.

Fast facts:

Accurate Disinfection Method
Remove Rogue Software and Unwanted Applications
Remove Trojans, Spyware and Worms
Quick Scan and Full Scan
Scan Processes
Scans Modules
Scans Registry
Backup Files and Folders
Easy to use

System requirements: Windows 7, Windows 2003, Windows 2000, Windows Vista, Windows XP

Download at: Novirusthanks.org

The second specialty malware removal tool I took a look at, comes from a more familiar developer – Symantec, who’s free Norton Power Eraser, makes essentially the same claims as NoVirusThanks. Specifically, that it detects and removes scareware, or rogueware.

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Again, Norton Power Eraser’s user interface is simple, and easy to follow.

As opposed to NoVirusThanks, Norton did point out two issues that were in fact, false positives, as the following screen capture indicates.

Power Eraser, does offer the user additional information on suspicious files, so that the user can make a more accurate assessment as to the validity of the findings, as the following screen capture shows. You’ll note that in this case NoVirusThanks, is shown as a suspicious file.

It should be shown as a suspicious file, since its behavior replicates, in part, the familiar behavior of malware.

The second suspicious activity “advanced”, refers to my habit of hiding my Desktop icons, since I dislike that cluttered look. Besides which, on all my machines, my work applications are displayed in the Taskbar.

Note: According to Symantec – “You should use Power Eraser only when nothing else will remove the threat and you are willing to accept the risk that the scanner may quarantine a legitimate program.”

System requirements: Windows 7, Windows Vista, Windows XP

Download at: Symantec

These tools require advanced computer knowledge, and unless you feel confident in your diagnostic skills, you should avoid them.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.