Tag Archives: Blog

Follow the Link and You “Takes Your Chances”

image Regular readers on this site are aware, that virtually all downloads I recommend, are linked to CNET (download.com).

There is good reason for this – CNET scrupulously audits hosted downloads and linked sites, to ensure they are not contaminated by malware.

But links on Blogs can be a special problem for surfers – particularly links contained in comments. Don’t get me wrong –  comments are an important part of the blogging mix.

Amongst other things, comments can spark discussion (always a good thing), allow a reader to present his/her point of view, share tech wisdom, or spread the word on a unique piece of software.

But, Blog comments are not without their share of issues; with comment Spam (some containing malicious links), being the leading problem.

Spam is virtually everywhere on the Internet. In your inbox, on Twitter and Facebook, and other social networks, and so it’s not surprising that you’ll find Spam Blog comments.

WordPress, on which this Blog is hosted, has a Spam plug-in filter, Akismet, which does a good job of catching comment spam. Akismet automatically analyzes comments and flags for review, those it considers Spam.

On this Blog, Akismet routinely captures about 90% of spam comments, according to my blog stats. In real number terms, Akismet has captured in excess of 60,000 spam comments here, in the past two years. But what about the other 10%? – some of which will contain malicious links?

As a matter of policy, I test every allowed link included in a comment, for safety.

Regretfully, there are Bloggers who are fairly complacent and who rely only on a Spam filter to do this job. In doing so, they miss the reality: Spam filters can often miss comment spam, some of which are highly dangerous.

While comment Spam is a pain for the Blogger, a reader who follows a link in a malicious Blog comment, which leads to a malware site, is in for a very painful experience.

Here’s a case in point – any time I write on registry cleaners I can expect the following comment, (shown in the following screen capture), or one like it, to show up.

This comment included a link, to a free application, which supposedly is superior to the free application I recommended in the article.

Spam Comment

The comment itself looks harmless, but if I’d allowed this comment to be posted (and I’ve seen this comment published many times over, on many other sites), a reader who followed the link would have become infected simply by visiting the site.

Don’t think that this is an unusual set of circumstances – it’s not. On an average day, here on Tech Thoughts, 10 or more comments (thankfully picked up by Akismet), contain malicious, or dangerous links.

Some advice:

Be cautious when following links contained in comments on any web site – not just Blogs.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals. All software reviewed on this site, for example, has been thoroughly tested, by me, for usability. If a reader has a problem with recommended software, it’s generally a machine specific problem.

Be cautious when following any link contained in any web page. Recent reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable, or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/Firefox add-on, that offers substantial protection against questionable, or unsafe websites.

Use Norton DNS as an added safety precaution.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

15 Comments

Filed under Anti-Malware Tools, Browser add-ons, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Firefox Add-ons, Freeware, Internet Explorer Add-ons, Internet Safety Tools, Internet Security Alerts, Online Safety, Safe Surfing, Software, spam, Windows Tips and Tools, WOT (Web of Trust)

Internet: The Good, The Bad, And The Ugly

Guest writer Paul E. Lubic, Jr. takes a close up look at the Internet, and considers the impact of this potent tool in its totality. Or, as Paul puts it; the good; the bad; and the ugly side of  this world changer. See if you agree.

image The Internet is a phenomenon that has changed our world in many ways.  We communicate, conduct commerce, and obtain information globally…all good things.  However, it also has it’s dark side that we contend with too.

The Good

The use of the Internet has globalized our communication and information gathering by allowing us to email, blog, and message text with people and business partners in almost every country in the world. This has increased our productivity, and everyone’s ability to compete in the global economy.

Our schools are able to compare teaching techniques and strategy with schools in other countries, and help each other increase effectiveness.

Our businesses, large and small, have the ability to buy and sell products in countries previously not possible because of logistical restrictions.

Consumers have the ability to shop the world for goods and services previously not possible because of geographic boundaries.

Considering all the good things mentioned above, we tend to ask ourselves what we ever did without the Internet.  However, considering the “dark side” of the Internet, we wonder how long we’ll be able to  continue to use it.

The Bad

When discussing the Internets list of warts, the proliferation of pornography comes to mind first.  Despite the efforts of law enforcement around the world; you can access any genre of porn in photographs and video very easily.

Spam and Junk mail are next on my list of objectionable features on the Internet.  Most of it a nuisance, some of which is an insult to our sensibilities.  And we are inundated with a huge volume of malicious email that has doubled in the past year.

The Ugly

Another wart on the list is criminal activity in cyber space.  There are organized crime groups in many countries whose sole objective is to use the Internet to steal our money.

The cast of characters is constantly changing.  It started with the Russian Mafia, then they were joined by groups from Romania and other eastern block countries.  Next came the Koreans, Chinese and India.  And now I’m seeing a lot of activity… though on a smaller scale (they can only afford to buy some of the older, cheaper malware).

This proliferation of crime is fueled by the malware-for-sale market where a criminal can buy revenue-producing malware and rent part or all of a bot-net to run it on.

Finally, the proliferation of destructive viruses that harm our computers and cause us to lose our ability to use them until we remove the offenders.

These malicious programs are created by two categories of criminals: the hacker; a programmer who wants recognition among the growing herd of hackers…there are conventions where they meet to brag on their accomplishments and obtain new skills; and the other group is the criminal faction mentioned above.

All in all, I’d say that in spite of the list of dark side attributes, there is far more positive value we derive from the Internet.  However, the lesson we must take from this phenomenon is that we need to educate ourselves on the downside problems of the Internet so that we are able to enjoy the positive attributes safely and securely.

All in all, I’d say that in spite of the list of dark side attributes, there is far more positive value we derive from the Internet.  However, the lesson we must take from this phenomenon is that we need to educate ourselves on the downside problems of the Internet so that we are able to enjoy the positive attributes safely and securely. (All Rights Reserved.  Paul E. Lubic, Jr.)

Guest writer Paul E. Lubic, Jr. is a long time IT professional who’s held the positions of programmer, IT Security Manager and Chief Information Officer.  His interests lie in the IT security area, but he writes on all categories of technology.  Paul has a blog that caters to home computing.  Check him out at his Blog – Paul’s Home Computing.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under cybercrime, Guest Writers, Interconnectivity, Networking, Personal Perspective, Windows Tips and Tools

A Message for Spam Commenters – WTF!

image For many Bloggers, particularly technology Bloggers, comments are an important part of the mix. Amongst other things, comments can spark discussion (always a good thing), allow a reader to present his/her point of view, share tech wisdom, or spread the word on a unique piece of software.

But, Blog comments are not without their share of issues; with comment Spam, in my view, being the leading problem. Spam is virtually everywhere on the Internet. In your inbox, on Twitter and Facebook and other social networks, and so it’s not surprising that you’ll find Spam Blog comments.

Let me throw some numbers at you. In the roughly two years I have been writing this Blog, there have been 67,000+ comments of which 59,000 +  have been Spam. In other words only 8,000 (approximately), have been legitimate comments.

WordPress, on which this Blog is hosted, has a Spam plug-in filter, Akismet, which does a reasonable job of catching comment spam. Akismet automatically analyzes comments and flags for review, those it considers Spam. This is not as effective as it once was, since it’s now much harder to distinguish Spam comments from legitimate comments.

Except of course, for comments that look like these two examples from this morning:

Itboibltlx – fAHU7K kfyvjnunmugw, [url=http://avfqgyvilzvj.com/]avfqgyvilzvj[/url], [link=http://jlroercbkvod.com/]jlroercbkvod[/link], http://sjxsnveldoke.com/

Rzjulixnne – JvgMqE sakykccvvzrv, [url=http://dpbvrodxgikt.com/]dpbvrodxgikt[/url], [link=http://tiewycygcttc.com/]tiewycygcttc[/link], http://etukxnfppged.com/

When you see this type of comment, you have to wonder about these morons.

image

Since it takes time and effort to manually cull comments so that they are  relevant and Spam free, there are Bloggers who are fairly complacent and who rely only on a Spam filter to do this job. In doing so, they miss the reality: Spam filters can often miss comment spam, some of which is highly dangerous.

While comment Spam is a pain for the Blogger, a reader who follows a link in a malicious Blog comment, which leads to a malware site, is in for a very painful experience.

Here’s a case in point – just this past week (and not for the first time), a site which is renown as a site that specializes in malicious content, left a comment which was not filtered by Akismet. This comment included a link, to a free application, which supposedly was superior to the free application I recommended in the article.

Spam Comment

The comment itself looks harmless – but you pay me to be careful – right?

If I’d allowed this comment to be posted (and I’ve seen this comment published many times, on many other sites), a reader who followed the link would have become infected simply by visiting the site.

Don’t think that this is an unusual set of circumstances – it’s not. On an average day, 10 or more comments (thankfully picked up by Akismet), contain malicious or dangerous links.

Some advice:

Be cautious when following links contained in comments on any web site – not just Blogs.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals. All software reviewed on this site, for example, has been thoroughly tested for usability. If a reader has a problem with recommended software, it’s generally a machine specific problem.

Be cautious when following any link contained in any web site, since the latest reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on active. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

11 Comments

Filed under Browser add-ons, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Internet Safety, Malware Advisories, Online Safety, spam, Windows Tips and Tools

Windows 7 – Security Essentials You Need to Know

Guest writer Mark Schneider gives you some important pointers on how to take advantage of Windows 7 security features.

image Windows 7 is a big deal. Many people, in the tech industry, believe it will be the catalyst for the next tech boom in hardware sales. Could be – Windows 7 is a great OS.

Staying secure in Windows 7 however, still requires users to be careful. If you upgrade to Windows 7, one of the first things I recommend most users do is, go to UAC in “start search” and click on “Change User Account Control Settings”.

image

Once the UAC window appears, use the new slider interface to move your security settings all the way to the top to “Always Notify Me” – the most secure setting you can have. The reason is obvious: the UAC is there for a reason, to protect you. There’s no point in turning down the protection you already have built in to your computer.

To back up this point, I found a post from Sophos, a security software company, that found a random sample of 10 malware samples infected Windows 7 running UAC, at its default mode. It also ran the test on a machine running no security software.

Neowin, a popular Windows blog, however cried fowl, and ripped the methodology of the “study”. I admit, Sophos sells sell security software so their motives might be questionable. But I still think it’s prudent, and wise, to turn up your UAC.

So the next step after turning up UAC is to make sure you have an antivirus program. The free Microsoft Security Essentials is a fine, free program and I’m running it on several machines. I’d also get Malwarebytes Anti-Malware software, and top it off with SuperAntispyware another great antispyware program.

Microsoft Security Essentials

image

Malwarebytes’ Anti-Malware

image

SUPERAntiSpyware

image

Another common item on the security checklist – type “Folders” into “start search”, open “Folder Options” and select “View”. Uncheck “Hide Extensions for known File Types” – this way, if someone sends you a picture you normally see as a .jpg file but it is in fact, an executable file, then you will see the jpg.exe it really is.

Folder Options

Pictures don’t normally have executables in them, and for some unknown reason Microsoft continues to hide known extensions by default.

Security threats being what they are, a few quick techniques will help keep you safe, even with the latest, and greatest, from Microsoft.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.

Why not pay a visit to Mark’s site today.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under Anti-Malware Tools, Antivirus Applications, Don't Get Hacked, downloads, Free Anti-malware Software, Freeware, Guest Writers, Microsoft, Operating Systems, Software, System Security, Windows 7, Windows Tips and Tools

Dangerous Comment Spam – Deadly Links

image For many Bloggers, particularly technology Bloggers, comments are an important part of the mix. Amongst other things, comments can spark discussion (always a good thing), allow a reader to present his/her point of view, share tech wisdom, or spread the word on a unique piece of software.

But, Blog comments are not without their share of issues; with comment Spam, in my view, being the leading problem. Spam is virtually everywhere on the Internet. In your inbox, on Twitter and Facebook and other social networks, and so it’s not surprising that you’ll find Spam Blog comments.

Let me throw some numbers at you. In the roughly two years I have been writing this Blog, there have been 61,560 comments of which 55,957 have been Spam. In other words only 5,603 have been legitimate comments or, barely 1 in 10.

WordPress, on which this Blog is hosted, has a Spam plug-in filter, Akismet, which does a reasonable job of catching comment spam. Akismet automatically analyzes comments and flags for review, those it considers Spam. This is not as effective as it once was, since it’s now much harder to distinguish Spam comments from legitimate comments.

image

Since it takes time and effort to manually cull comments so that they are  relevant and Spam free, there are Bloggers who are fairly complacent and who rely only on a Spam filter to do this job. In doing so, they miss the reality: Spam filters can often miss comment spam, some of which is highly dangerous.

While comment Spam is a pain for the Blogger, a reader who follows a link in a malicious Blog comment, which leads to a malware site, is in for a very painful experience.

Here’s a case in point – just this past week (and not for the first time), a site which is renown as a site that specializes in malicious content, left a comment which was not filtered by Akismet. This comment included a link, to a free application, which supposedly was superior to the free application I recommended in the article.

Spam Comment

The comment itself looks harmless – but you pay me to be careful – right?

If I’d allowed this comment to be posted (and I’ve seen this comment published many times, on many other sites), a reader who followed the link would have become infected simply by visiting the site.

Don’t think that this is an unusual set of circumstances – it’s not. On an average day, 10 or more comments (thankfully picked up by Akismet), contain malicious or dangerous links.

Some advice:

Be cautious when following links contained in comments on any web site – not just Blogs.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals. All software reviewed on this site, for example, has been thoroughly tested for usability. If a reader has a problem with recommended software, it’s generally a machine specific problem.

Be cautious when following any link contained in any web site, since the latest reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on active. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Anti-Malware Tools, Don't Get Scammed, Don't Get Hacked, downloads, Firefox, Firefox Add-ons, Freeware, Internet Safety, internet scams, Malware Advisories, Software, Windows Tips and Tools

5 Million New Threats in Three Months – PandaLabs’ Quarterly Report

Courtesy of Panda Security.

PandaLabs’ Quarterly Report – Record-breaking quarter for hackers.

pandasecurity_logo PandaLabs has released its quarterly report detailing cyber-threat activity from July to September. The full report can be downloaded from Panda.

The major story this quarter is that hackers have broken all records when it comes to creating new threats: Over the last three months, PandaLabs has recorded five million new strains of malware. Most of these were banker Trojans, although adware and spyware have also increased.

image

We are currently receiving some 50,000 new examples of malware everyday, this compares to 37,000 just a few months ago. There is no reason to believe that the situation will improve in the coming months,” explains Luis Corrons, Technical Director of PandaLabs.

In terms of the number of computers infected, there has been a 15% rise compared to the previous quarter. In more than 37% of cases, the culprits were Trojans, while adware was responsible for 18.68% of all infections. This category in particular has been expanding largely due to the major proliferation of fake antivirus programs, or rogueware.

image

This report also notes the trends analyzed over the last quarter. PandaLabs has detected a major growth in the distribution of malware through spam, social networks and search engine optimization techniques, which draw users to spoof Web pages from which malware is downloaded.

These methods for propagating malware often use social engineering, exploiting a range of current issues such as swine flu, Independence Day, forest fires or speeches of Barack Obama.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Interconnectivity, Malware Advisories, Malware Reports, Panda Security, PandaLabs, System Security, trojans, Viruses, Windows Tips and Tools, worms

And Now for a Little Shameless Self Promotion

This Blog is routinely in the top 40,000 to 100,000 of all the web sites (out of approximately 320 Million), on the Internet, as per Alexa, the Amazon owned premier Internet web site rating service. As well, some 13,000+ other web sites link to this site to acquire article content for their own readers.

Thanks, to all of you who have helped make this site the success it has become.

What users’ say regarding articles on this Blog:

The best antivirus out there is your awareness, so this is an outstanding Blog.

Thanks, definitely going to use these.

I have to say — I really like a community like this — there’s not a lot of people that I know personally that understand (or are as excited about), the technical aspects of things as well as the people here. (On this Blog).

Bill — you are to be commended for having such an extensive site — not just in the breadth of subjects covered, but in the depth of the articles.

Wow. You’ve been a great help. Thanks for the post.

Good post, it’s very useful for me.

Oh, Thanks! A really amazing Blog.

Good article by an author who knows what he writes about.

Great article. It is written very distinctly. To the author, thank you.

Thank you, Bill Mullins.

A very interesting post. I really enjoyed reading it.

What an awesome Blog this is, thank you.

Thank you, Mr. Mullins for this wonderfully helpful article on such an important subject.

Thank you (again) Mr. Mullins, this tool had escaped my notice.

I appreciate these ideas.

Mr. Mullins, thank you for posting this excellent advisory.

Perfect! Right on! Yes!

This article SHOULD be read before anyone is allowed their Internet Surfer’s License.

I love the site.

Love your Blog, Bill.

You have a great Blog out there, very useful for newbies like me, thanks.

If you’re a regular reader of this Blog, thank you. If you’re not, and you’re just passing by, a thank you to you as well; think about Book Marking this site, since in the coming weeks, some exciting changes will be occurring, including extensive video coverage of new, free outstanding software offerings, and of course video coverage of all the latest malware threats that impact all of us as we roam the Internet.

For those of you who think you knew me in Utah, Cincinnati, Las Vegas, London, England; Dublin, Ireland; or 100 other places, thanks for inquiring but I’m a Canadian through and through.

Thanks for visiting.

Bill Mullins

2 Comments

Filed under Personal Perspective, Web Development

McAfee to Test Spam – Cyber Criminal Link

This morning my email inboxes in two of the five email services that I use, held a surprise for me once again, with an email from myself. As always, I simply deleted this spoofed spam email along with the other unsolicited junk mail.

The spoofed spam reminded me of an experiment being run by McAfee Inc., a world leader in antivirus, firewall, and Internet security software. McAfee began soliciting for volunteers in December 2007 and selected 50 of them to participate in a test in which the volunteers will have to respond to every unsolicited email mail they receive over a thirty day test period, beginning today.

Their laptops, supplied by McAfee, will operate without active anti-spam protection so that McAfee can test the theory that spam email is linked to cyber crime. Personally, I think that’s a no-brainer; so why bother with a test.

McAfee’s view however, as expressed by Christopher Bolin, McAfee’s chief technology officer is “Spam isn’t just a nuisance. It’s a tool used by cyber criminals to steal personal and business data. And, as scammers become more adept at writing spam in local languages it’s becoming more difficult for Internet users to detect spam. It’s vital that computer users understand the risks of leaving their computers unprotected.”

It seems to me, given the fact that spam exists in many forms including instant messaging spam, Web search engine spam, Blog spam, cell phone messaging spam, and more, that focusing on a narrow definition of what constitutes spam, has little relative value.

So I’m skeptical about the significance of this type of experiment given what we already know about spam, malware attacks in all its various forms, and the known connection to cyber criminals. However, I’m a curious fellow and I’ll follow the research, and the results obtained, with interest.

If you’re interested, you can visit McAfee/Spam Experiment to track the daily progress of the S.P.A.M. Experiment and read Blog reports from the test participants.

Share this post :

4 Comments

Filed under Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Personal Perspective, Safe Surfing, Spyware - Adware Protection, Windows Tips and Tools