Tom Sanders SEO – A Bottom Feeding Specialist

Over the last 60 days or so, comment spam here has taken a huge jump. Not a big deal you might suppose – after all, with one or two clicks the damn stuff can be deleted. With 400 or more spam comments every day, I find that deletion is the only sane solution. Taking as little as 10 seconds to peruse each spam comment, would add roughly one hour of unproductive activity to an already full day.

So, the solution to this aggravation is simple enough (or, so it seems) – but, the downside to hitting the “Empty Spam” button is an increased risk of seemingly ignoring a reader’s comment which has been spam trapped. In terms of “blogging sins” – ignoring a reader’s comment, ranks well up on the list of grievous offenses.

The screen capture shown below (taken from my blog’s Dashboard several weeks ago), shows 259 spam comments awaiting moderation.

I have little doubt, that trapped within these fake comments (such as the one shown below), were bona fide readers’ comments which (as they normally do), would have expanded the scope of the relevant article. The power of reader comments to enhance, and round out an article, is a key feature of blogging in my estimation.

Which brings me to Tom Sanders (if that’s his real name). Tom is in the business of pissing people off. Tom, like so many of his competitors in the search engine optimization (SEO) business, is an unethical twit – a parasitic ignoramus who is content to feed off, and potentially damage, the works of others.

Sanders, and others like him, ignore the impact their SEO schemes (as illustrated in the following email dated October 13), are likely to have on web content providers. Slimy, sleazy practices, such as this, inevitably lead to an onslaught of spam email which the content provider is then forced to deal with.

Tom Sanders tom193@seo-service.com to me (show details 6:32 AM (47 minutes ago)

Hi,

My name is Tom and I am a link builder. I sell blog comment links for website owners at low price.

Blog comment links can help you in a number of ways. Here are three major advantages:

– Increase link and IP popularity
– Direct traffic to your site
– Higher rankings in search engines

I can do thousands of blog comment links for your site in a couple of days, and they get indexed very fast. If you would like more details about my offer, or would like to ask me anything you’d like regarding this matter, then feel free to reply with a YES.

Best regards,
Tom

Normally, I wouldn’t bother writing an article on what might be perceived to be a “so what” internal issue. Except, my good buddy Michael F., questioned me this morning as to whether I was knowingly rejecting his comments. Which, immediately raised the question – “how many other readers have encountered the same ‘rejection’ issue?”

If you have commented here, and then failed to receive an acknowledgement from me, please accept my apology. Tom Sanders (in reality, just another cyber criminal), and his leech-like SEO industry operatives, have created a bottleneck in the free flow of reader comments. Another obstacle to overcome – created by the marginal morons who slither through the Internet.

Just a passing note – There are bloggers (known to me), who regularly post “edited” spam comments passed off as legitimate comments. Sleeping with the enemy just about covers that. You (and you know who you are), need to give your head a shake.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Fake URL Shortening Services –Spammers Latest Weapon

According to Symantec’s May 2011 MessageLabs Intelligence Report, released several days ago, spammers are now employing their own fake URL shortening services to redirect users to the spammer’s Web site. It’s hardly surprising that this new technique has directly contributed to rising spam rates.

MessageLabs Intelligence reports that “shortened links created on these fake URL-shortening sites are not included directly in spam messages. Instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites. These shortened URLs lead to a shortened-URL on the spammer’s fake URL-shortening Web site, which in turn redirects to the spammer’s own Web site.”

Key findings from the May 2011 report include:

Spam: In May 2011, the global ratio of spam in email traffic from new and previously unknown bad sources increased by 2.9 percentage points since April 2011 to 75.8% (1 in 1.32 emails).

In the US 76.4 percent of email was spam, 75.3 percent in Canada, 75.4 percent in the UK, and 73.9 percent in Australia.

Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 222.3 emails (0.450 percent) in May, a decrease of 0.143 percentage points since April.

Endpoint Threats: The most frequently blocked malware targeting endpoint devices for the last month was the W32.Ramnit!html, a worm that spreads through removable drives and by infecting executable files.

Phishing: In May, phishing activity was 1 in 286.7 emails (0.349 percent), a decrease of 0.06 percentage points since April.

Web security: Analysis of Web security activity shows that approximately 3,142 Web sites each day were harboring malware and other potentially unwanted programs including spyware and adware, an increase of 30.4 percent since April 2011. 36.8 percent of malicious domains blocked were new in May, an increase of 3.8 percentage points since April. Additionally, 24.6 percent of all web-based malware blocked was new in May, an increase of 2.1 percentage points since last month.

The May 2011 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available here.

Reading this type of report (or at least the highlights), can be a major step in expanding the sense of threat awareness that active Internet users’ require.

Symantec’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from control towers around the world scanning billions of messages each week.

About Symantec:

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Cybercrime 101 – Advertise On A Search Engine For Success

If you want to enhance your chances of being a successful cyber scam artist/cybercrook, you need to; look the part and act the part, of a successful Internet business organization.

How hard is that? Not hard at all when you consider all you need to do is offer a product that appears genuine, and perhaps most importantly – advertise in readily available and trusted media.

So, if you want to succeed in the $105 BILLION “Internet shadow economy”, advertising your “product” on an Internet search engine, could be a major step in helping you reach your financial goals.

Why an Internet search engine? Well, if one were to poll a group of typical Internet users as to the safety and reliability of search engine results, including the pervasive ads that search engines sprout; there is little doubt that the answer would be positive. In a sense, search engines impart instant legitimacy.

Part of the process of offering a product that appears to be genuine, would include producing and promoting a Web site that instills confidence in those unlucky enough to click on your ad, such as the site pictured below for ErrorSmart.

But, here’s what 2-Spyware.com has to say about ErrorSmart:

Error Smart is not an anti-spyware as it says but a smart new scam luring online for victims. Usually, ErrorSmart must be downloaded and installed manually from promoting website, but sometimes it is distributed by trojans. Error Smart is presented as reputable security tool, but the facts speak differently.

It compromises the system by disabling firewalls and other security applications. It displays large numbers of fabricated security reports that are partially true because Error Smart is able to download additional computer parasites on the infected computer.

On top of that, Lavasoft’s Ad-aware, sees ErrorSmart as a Rogue application as the following graphic indicates.

But hold on! Given that search engine results can be manipulated, or worse (see “Search Engine Results – Malware Heaven!” on this site), it’s reasonable to ask the question – why aren’t typical Internet users aware of this situation?

The simple answer is – search engines make little, or no effort, to educate their users in the risks involved in relying on advertisements appearing in their applications. As a consequence, the typical user I come into contact with believes search engine output to be untainted, and free of potential harmful exposure to malware.

A user looking for a review of ErrorSmart, for example, has a reasonably good chance of finding the following review:

ErrorSmart uses the industry’s most advanced error-resolution technology and puts it to work for you. By scanning your hard drive, analyzing the errors and correcting the problems, ErrorSmart can restore your system performance and increase startup speed by up to 70 percent.

Whether it’s incomplete uninstalls, failed installations, driver issues or spyware infections that are affecting your PC, ErrorSmart will rid you of your computer problems in just minutes.

However, the graphic below, illustrates WOT users’ reactions to this article.

Fact: Consumer confidence in the strength and reliability of search engine results, particularly ads, is seriously misplaced.

ErrorSmart (the site pictured earlier), a “scareware/rogueware” application developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false positives generated by the application, has been “advertised” for months on a number of leading search engines.

If you think this is a one off, or an isolated incident, then you’ll be surprised to learn it’s not. For additional information on this issue see “Search Engine Results – Malware Heaven!”, on this site.

So will search engine providers address the issues described in this article? Sure – but only when consumers who are totally fed up with tainted search engine results finally force them to. I don’t see that happening any time soon.

Writing articles like this is not without risk. For example, several years ago I wrote an article on an application – Finally Fast – considered by many to be less than it pretends to be. Google “Finally Fast scam” to see what I mean.

Recently, Ascentive, the developers behind Finally Fast, had their lawyers email me a letter in which they threatened to sue me for posting my unbiased views on their product. Since I live in Canada, where the courts are not sympathetic to lawsuits that are launched to intimidate and harass, this letter had little effect. Actually, I considered their threat a backhanded compliment!

Nevertheless, since Ascentive is well know for aggressive threats to sue – they even sued Google – “ The claimant, Ascentive,  a software producing corporation that, after some bad press, got kicked (“suspended”) out of Google’s organic search results & whose AdWords account got disabled, is now  suing  Google”, I did hand the email to my lawyer.

My lawyers advice to me, in decidedly unlawerly language was – “tell them to kiss your ass”.  He want on to explain that a “libel chill” lawsuit such as this, had little chance of being considered by the courts in this country.

Like most people I don’t react well to threats, so I did consider looking to the Blogger community for support on this and mounting a campaign, with the help of the community, to take up the gauntlet and spotlight Ascentive’s actions.

But, considering the number of hours that such a campaign would require, I took the easy way out and removed the article. However, if my daily workload should ever lighten – I may yet revisit my decision.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Defensive Downloading – The Basics

BitDefender is currently warning,  on its Malware City site, of a fake Stuxnet removal tool which, once downloaded and installed, will wipe out the contents of the victim’s Hard Drive.

As we’ve pointed out here many times in the past – if it’s in the news, you can be sure cyber criminals are exploiting it to their advantage. So we shouldn’t be too surprised, that cyber criminals have been very successful in hijacking searches related to the Stuxnet worm.

Unfortunately, following hijacked links is the common behavior of a large percentage of unaware, undereducated, and less security conscious computer users. Is it any wonder the cyber criminals are winning the game?

At the risk of sounding insensitive it’s fair to say, that users who get victimized by the type of scheme described above, end up that way because they behave like victims.

It’s beyond dispute that download sites are not all equal and as a result, downloading can be extremely risky, especially for unaware users. It’s frustrating to realize that so many users lack this basic knowledge.

Download basics are just that – basic:

Download ONLY from well established sites, or sites that are known to you.

Preferably, download from the developer’s official site.

Regardless of origin, scan all downloads with 2 or more, security applications.

Install a Browser security add-on such as WOT, which  investigates web sites for spyware, spam, viruses, browser exploits, phishing, and online scams.

Since “trusted” websites, are not always to be trusted, consider installing an additional layer of security by substituting your ISP provided DNS service, with a more secure alternative such as ClearCloud.

Despite the best precautions, it is still possible to become infected – so, make regular backups of critical data. If you become infected this may be your only solution.

Finally, don’t store critical data on the system partition.

Regular readers will know, that virtually all downloads recommended here, are hosted on CNET’s (download.com), site. There is good reason for this – CNET scrupulously audits hosted downloads, to ensure they are not contaminated by malware.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

XP Antivirus 2010 is Back – Removal Instruction

Back in the day (the mid 1960’s), I heard an old time College Football coach (Darryl Royal, of the University of Texas Longhorns) say, in answer to a question concerning his plans for an upcoming game, “we’ll dance with who brung us”.

What he meant was, he would continue to go with the players, and plays, that had contributed to a winning season. Or, to put it more succinctly – success breeds success.

Cyber criminals, particularly those responsible for the rogue software/scareware application, XP Antivirus, have learned this lesson well. XP Antivirus is back, and is running rampant on the Internet at the moment; having morphed from previous versions we had to deal with in 2008, and 2009.

Of all the rogue security applications released to date, and there have been thousands of them, this particular one has been the most successful for the criminal developers.

I first wrote on this scourge in 2008, and in the interim period, that specific article has been read 130,000+times. In the last week or so, I was surprised to see this older article, suddenly jump to the top of the daily read chart.

This shift in popularity, coupled with a number of readers reporting having to deal with infections caused by XP Antivirus 2010, convinced me to cover the scareware issue once again.

Just like its predecessor, XP Antivirus 2010 installer can be found on adult websites, salacious news sites, or it can be installed manually from rogue security software websites.

After the installation of XP Antivirus 2010 be prepared for false positives; fake or false malware detection warnings. As with all rogue security applications, XP Antivirus 2010 was developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

If the full program fee is not paid, XP Antivirus 2010 continues to run as a background process incessantly reporting those fake or false malware detection warnings. To really try your patience, this rogue security software cannot be uninstalled using the Windows Add/Remove Programs tool.

XP Antivirus 2010 Removal Instructions:

If you have become infected by XP Antivirus 2010, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security app

What can you do to ensure you are protected, or to reduce the chances you will become a victim?

Consider the ramifications carefully before responding to a Windows Security Alert pop-up message. This is a favorite vehicle used by rogue security application to begin the process of infecting unwary users’ computers.

Be cautious in downloading freeware, or shareware programs. Spyware, including scareware, is occasionally concealed in these programs. Download freeware applications only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications, since exposure to rogue security applications is widespread.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on, that offers substantial protection against dangerous websites.

As a form of added protection, you should consider running in a virtual environment while connected to the Internet. To find out what this means to your overall security, and to download a free virtual software application, please read “Download Free Returnil Virtual System 2010 Home”, on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Got a Christmas Card Video? Beware of the Koobface Worm

Just yesterday I mentioned; even technically astute users are finding that staying safe on the Internet is more difficult than it has ever been.

To illustrate this point, I noted that in last few months, some of my favorite tech writers have come clean, and admitted having had to deal with malware infections on their personal machines.

If you’re wondering why even security experts can be fooled, the simple answers is – all of us, you, me, the informed and the uninformed, are in a battle with cybercriminal experts.

I long ago came to the conclusion that cybercriminals are some of the craftiest people on the planet. I say this, not in admiration of what they do, but instead, how they do it.

Business in general, could take away some valuable lessons from the methods used by cybercriminals to achieve maximum “market” penetration. Recognition of opportunity, and the timing and implementation of strategy, is critical to business success. I can’t think of another group  that does this with more skill, than the cybercriminal community.

Cybercriminals use every conceivable opportunity to spread malware, and the celebration of special events creates an exceptional opportunity for cybercriminals.

The Christmas season, when most of us let our guard down somewhat, in the spirit of the season, I suspect, is a timely opportunity for cybercriminals.

PandaLabs, Panda Security’s malware analysis and detection laboratory, has just reported on a new Christmas Holiday FaceBook scam that renders users’ computers useless, should they follow a malicious link on a user’s wall.

If you have a Facebook page, you may well be curious and even anxious to follow this link, or links like it, but don’t let your curiosity override your common sense. Security experts argue (none too successfully it seems), that a significant number of malware infections could be avoided if users stopped  clicking haphazardly, or opening the types of files and emails that are potentially dangerous.

Those unlucky victims who become infected by the Koobface worm involved in this attack, may be lucky, and may be able to recover control of their computer – but I wouldn’t count on it.

I encourage you to read the following PandaLabs Report:

Cybercriminals are capitalizing on the Christmas holiday in a new Facebook scam that renders users’ computers useless.

Following the posting of malicious links on Facebook users’ walls, the bait directs to a fake embedded video player that poses as a Christmas greeting. When users try to play the video or click on a link on the page, their computers download and install a variant of the well-known Koobface worm, Koobface.GK.

After the virus is installed on a computer, a Captcha is displayed that threatens to reboot the computer within three minutes. Although nothing happens after three minutes, the computer is rendered useless.

Every time a user enters the Captcha text, Koobface.GK registers a new domain where the infection files are hosted, facilitating the worm’s continued distribution.

“Social networks have become one of the popular entry points used by hackers to spread their creations, due to the false sense of security many users have regarding the content published on these networks,” says Luis Corrons, technical director of PandaLabs. “Users generally trust the messages and content they receive, and consequently hackers get a high level of response through these channels.”

Christmas: Cybercriminals’ favorite time of year

The latest attack takes advantage of an increase in Internet users sending Christmas greeting cards to their family and friends. It follows continued attention from cybercriminals on the holiday season, with Christmas-themed malware that is created year after year.

Examples of Christmas-specific malware first appearing in past holiday seasons include:

ZafilD, 2002: Although this worm appeared several years ago, it is still distributed through e-mails that use Christmas greetings as bait. It opens a port on the infected computer without users’ knowledge and downloads another Trojan.

MerryX.A, 2005. MerryX.A infected users’ computers in a Christmas greetings e-mail with an attachment, which was really a Trojan designed to capture keystrokes and steal information.

This Trojan managed to infect more than 50,000 Internet users in only one week.

The Navidad (Christmas in Spanish), 2007. This malware family has numerous variants. These astute worms are difficult to detect because they reach computers are sent in the form of an e-mail reply, which has previously been sent to another (infected) recipient. The message includes the Navidad.exe file, which infects computers when run.

To stay safe on social networks, PandaLabs recommends Internet users do the following:

Don’t click suspicious links from non-trusted sources. This should apply to messages received through Facebook, other social networks and even via e-mail.

If you click on links, check the target URL. If you don’t recognize it, close your browser.

Even if you don’t see anything strange on the target URL page but are asked to download something, don’t accept.

If you do download or install an executable file and the PC starts to launch messages, there is probably malware on your computer.

As a general rule, make sure your computer is well protected to ensure you are not exposed to the risk of infection from any malicious code. You can protect yourself by downloading Panda Security’s new free Panda Cloud Antivirus solution.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Search Engine Results – Not to be Trusted!

It’s been more than a year since I last reported on fake search engine results, and in that time, this Internet scam has not gone away, but it did seem to develop a lower profile.

Despite developing this lower profile, cyber-crooks continued to be unrelenting in their chase to infect web search results. Recently, there has been a resurgence in the use of custom-built Websites designed to drop malicious code on computers, and in the manipulation of legitimate pages in order to infect computers with malware.

A new grouping of 200,000+ compromised sites has been discovered, all of them redirecting to fake security software. The following graphic (courtesy of Cyveillance Blog), shows an attack underway.

As is usual with this type of redirection, when a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer, by exploiting existing vulnerabilities, is extremely high.

The following graphic (courtesy of Cyveillance Blog), illustrates 260,000 sites, they discovered, which will redirect.

Redirection exploit process:

Generally, there are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

It’s often difficult to determine who the cybercriminals responsible for specific attacks of this type are, but not in this case. Researchers have concluded the infamous Koobface gang are responsible.

Regular readers are aware that we repeat the following advice regularly, but it’s worth repeating.

Keep all applications (including your operating system) patched.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.

Turn off your computer or disconnect from the network when not in use.

Disable Java, JavaScript, and ActiveX if possible.

Disable scripting features in email programs.

Make regular backups of critical data.

Make a boot disk in case your computer is damaged or compromised.

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

Ensure the anti-virus software scans all e-mail attachments.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

SafeFighter Fake Antivirus – PandaLabs Takes a Look

Courtesy of Panda Security.

PandaLabs’ report this week focuses on two Trojans, and a new fake antivirus.

SafeFighter is a new fake antivirus.

Like other malware of this kind, it tries to fool users by displaying false infections, remote connections and vulnerabilities that do not exist. If users fall for the trap, they are directed to a screen where their credit card details are requested to carry out the transaction. This way, as well as obtaining money for a service that will never be provided, cyber-crooks steal users’ credit card details.

Removal help for this nasty is further on in this article.

Spammer.ANT is a Trojan that passes itself off as a Microsoft program.

Once run, it copies itself to the system and loads itself to memory under the name reader_s.exe. It then carries out remote connections and spams users, trying to get them to believe the messages received are from an online store.

It has a compressed file attachment with an executable called open.exe. When opened, AntivirusPro2010 is installed on the computer (a fake security solution we have discussed in the past).

The other Trojan in this report is Sinowal.WOE.

It reaches computers through email, and passes itself off as a Microsoft Word document. Once installed, it collects as much information as it can from the infected user.

Additionally, when the user opens the browser, the Trojan connects to a server where Sinowal.WOE stores the victim’s information, and downloads the AntivirusPro2010 fake security solution.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

SafeFighter and AntivirusPro 2010 Removal:

If you have become infected by AntivirusPro 2010, SafeFighter, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Click here to download free SUPERAntiSpyware to remove AntiVirusPro 2010.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Scareware Not Swine Flu – An Epidemic Nevertheless!

Cyber crooks are continuing to develop and distribute “rogue software”, also known as “scareware’,  at a furious pace; there are literally thousands of variants of this type of malware currently circulating on the Internet.

Unless you have had the bad experience of being trapped by this type of malicious software, you may not even be aware that such a class of software even exists. The average computer user that I speak with informally, has no idea that rogue applications even exist.  But they do, and distribution has now reached virtual epidemic proportions on the Internet.

It’s all about the money:

Rogue software is software that uses malware, or malicious tools, to advertise or install itself. After the installation of rogue software, false positives; a fake or false malware detection warning in a computer scan, are a primary method used to convince the unlucky user to purchase the product.

Rogue security software can write itself into multiple parts of the operating system, and in many cases it can hide its files, registry entries, running process and services, making the infection, in many cases, virtually impossible to find and remove.

As well, the installation of such malware can lead to a critically disabled PC, or in the worst case scenario, allow hackers access to important personal and financial information.

(Current Internet infections – courtesy of Panda Security)

The highest rated articles on this Blog, in the last 12 months, have been those associated with this type of malicious software. It’s easy to see why.

So how much money is really involved here? Lots -according to Panda Security, approximately 35 million computers are infected with scareware/rogueware each month (roughly 3.50 percent of all computers), and cybercriminals are earning more than $34 million monthly through rogueware attacks.

(An example of a current rogue security application)

Recently, a reader of this Blog made the statement “These people (cyber criminals), should stop doing this and get a real job”. The obvious answer to this of course is – this is their real job! How many jobs – a relatively easy job at that – could produce this type of income?

The following two examples taken from this Blogs readers’ questions, illustrate the consequences of becoming infected by rogue security software.

Victim #1 – What do you do if you were duped into buying the XP Antivirus software? Should I take any precautions such as canceling credit card and/or email passwords etc.? Is my home edition of avast! 4.8 Antivirus enough to keep me safe from bogus and/or rogue software???? Please help…my computer is my life! Thank you.

Victim #2 – I unfortunately fell for the “virus attack” after trying to remove it, gave in and bought the XPAntivirus. They charged me not only for what I had bought but charged me again, $ 78.83 for something which I hadn’t ordered, nor ever received. It was a nightmare trying to get in touch with anybody.

I finally connected with a guy with an accent, who told me to E-mail the billing service re: my problem. I wrote them tried to call, it’s been a week, and they still won’t contact me to clarify what occurred. I printed off a purchase order from them when I bought the XP which verifies what I received. Anybody know what state their in, I’ll notify the states attorneys office. These people are crooks.

(These two readers were responded to privately.)

If you become infected by this, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so. The following removal solutions will be invaluable.

The individuals / companies, who wrote and developed these free tools, and who offer free removal advice, are to be congratulated for giving back, so freely, to the Internet community.

Without their generous efforts, those infected by rogue applications, would be faced, without the assistance of a professional, with the unenviable task of performing a complete system reinstall, with a strong probability of losing irreplaceable Hard Drive data.

Free resources:

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

Additional precautions you can take to protect your computer system:

When surfing the web: Stop. Think. Click

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all email attachments

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Want to be a Successful Cyber Crook – Here’s a Tip!

If you want to enhance your chances of being a successful cyber scam artist/cyber crook, you need to; look the part and act the part, of a successful Internet business organization.

How hard is that? Not hard at all when you consider all you need to do is offer a product that appears genuine, and perhaps most importantly – advertise in readily available and trusted media.

So, if you want to succeed in the $105 BILLION “Internet shadow economy”, advertising your “product” on an Internet search engine, could be a major step in helping you reach your goals.

Why an Internet search engine? Well, if one were to poll a group of typical Internet users as to the safety and reliability of search engine results, including the pervasive ads that search engines sprout; there is little doubt that the answer would be positive. In a sense, search engines impart instant legitimacy.

Part of the process of offering a product that appears to be genuine, would include producing and promoting a Web site that instills confidence in those unlucky enough to click on your ad, such as the site pictured below for ErrorSmart, a notoriously misleading application .

But hold on! Given that search engine results can be manipulated, or worse (see “Search Engine Results – Malware Heaven!” on this site), it is reasonable to ask the question – why aren’t typical Internet users aware of this situation?

The simple answer is – search engines make little, or no effort, to educate their users in the risks involved in relying on advertisements appearing in their applications. As a consequence, the typical user I come into contact with believes search engine output to be untainted, and free of potential harmful exposure to malware.

A user looking for a review of ErrorSmart, for example, has a reasonably good chance of finding the following fraudulent review:

ErrorSmart uses the industry’s most advanced error-resolution technology and puts it to work for you. By scanning your hard drive, analyzing the errors and correcting the problems, ErrorSmart can restore your system performance and increase startup speed by up to 70 percent.

Whether it’s incomplete uninstalls, failed installations, driver issues or spyware infections that are affecting your PC, ErrorSmart will rid you of your computer problems in just minutes.

Fact: Consumer confidence in the strength and reliability of search engine results, particularly ads, is seriously misplaced.

For example ErrorSmart (the site pictured earlier), a “scareware/rogueware” application developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false positives generated by the application, has been “advertised” for months on a number of leading search engines.

I shudder when I think of the huge numbers of surfers who have suffered the consequences of accepting a download of this misleading application.

If you are one of the unlucky computer users’ who is struggling with computer chaos caused by the installation of this “scareware”, visit 411-spyware.com, a great site that specializes in helping those who have been manipulated into installing rogue software.

If you think this is a one off, or an isolated incident, then you’ll be surprised to learn it’s not. According to Panda Security, approximately 35 million computers are infected with scareware/rogueware each month (roughly 3.50 percent of all computers), and cybercriminals are earning more than $34 million monthly through rogueware attacks.

I’ve said it before and I’ll say it again – an argument can be made, that the Internet has turned into a playground for cyber-criminals.

So will search engine providers address the issues described in this article? Sure – but only when consumers who are totally fed up with tainted search engine results, and malicious hackers, finally force them to.

Fact: Failure to protect the Internet, which by definition is an open network, has substantial penalties ranging from productivity decreases, infrastructure compromise, to a failure in consumer confidence and more.

Great business model!!

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.