Comodo’s Free Site Inspector –Malware and Blacklist Detection For Website Owners

Comodo recently released SiteInspector, a free service which has been designed to automatically check owner operated websites on a daily basis to ensure the sites remains malware free and, has not been captured by a blacklist. If the worst happens – Comodo will immediately notify the website owner by email, so that corrective action can be taken.

Despite the fact that the free service is restricted to checking 3 pages on a domain, it’s a tool worth considering if you are a webmaster. Any free service that can help web site owners keep the malware hounds at bay – is worth considering.

You certainly don’t want a prospective visitor to see this!

Signing up for the service is a simple process, as the following screen captures indicate.

Following initial sign up you will receive a receipt notice.

While on the SiteInspector screen, click on “Manage Subscriptions” ……..

to set up both the site you wish to cover, and the form of coverage.

Any after the fact changes, require a sign in to your account.

The first report from Comodo – click to expand.

Fast Facts:

Daily Malware Scanning – SiteInspector scans your website for potential malicious code injection on a daily basis and notifies you if any such event has occurred, so that you can take action against them in a timely fashion, before the injected code starts affecting your visitors’ computers.

Blacklist Monitoring – Comodo SiteInspector checks major blacklists such as Google Safe Browsing, PhishTank, Malwaredomainlist, Malcode, Clean MX every day to make sure your website is not listed. If it is, you will be immediately alerted so that you can take remedial action and remove your site from blacklist, minimizing the downtime.

Immediate notifications means you react faster – Immediately after a problem is discovered, we’ll dispatch an email notification alerting you. Your support technicians don’t have to wait for angry customers to complain that your site contains malicious content

Independent external testing from your customer’s perspective – SiteInspector connects to your website in the same way that a customer would. If it discovers any problems with your website, it is likely your customers will be affected too.

No software downloads. No complicated set up – SiteInspector is a website checking service that runs remotely from secure servers managed by Comodo, so the user is not required to install software on their machine or network. Account management is done via our 100% online interface. All you need to do to take advantage of this great service is sign up, configure your tests and let SiteInspector do the rest.

The Comodo sign up page is here.

ClearCloud DNS Service Bites The Dust – Pick Up The Slack With Norton DNS

Occasionally, when I’m stuck for time, I’ll post an edited version of an earlier article. In choosing an appropriate article, I try to focus on a free application or service that has real value, but is often underappreciated. More and more often though, I’m finding that a free application I reviewed is no longer free, or the free service I recommended, no longer exists.

Another one bites the dust.

Regular reader Georg L., has just notified me that ClearCloud DNS, a free DNS alternative (reviewed here September 5, 2010) which prevented users from visiting sites identified as harboring malware exploits, will be closing the curtain – effective September 1, 2011.

If you are currently using ClearCloud DNS, you will need to reconfigure your network connection prior to September 1, so that your Internet connectivity is not interrupted. You can learn how to remove ClearCloud DNS from your computer by clicking here.

If you’re convinced that an alternative DNS service has value, and you wish to continue to harden your system by substituting your ISP provided DNS service, with a more secure alternative – you have a number of choices to consider, including – Norton DNS, with Norton Safe Web.

Benefits of running with Norton DNS:

Malware Site Blocking – Automatically blocks known dangerous and infected Web sites. Provides a complete overview of the threats found so you know why a site is blocked.

Web Content Filtering – Lets you block Web sites that contain content that you think is inappropriate or dangerous. You can choose from over 45 different categories of content to block and specify individual sites to block.

Here’s an example of Norton DNS in action following my clicking on a spam comment link. 

Further investigation of the Threat Report, reveals the following.

Pretty scary stuff, I think you’ll agree.

You can install Norton DNS either by download and running the installer or, if you want to have a bit of fun – you can choose to install manually. At first glance, you may think this is complicated when it fact, it’s quite easy. So, give it a try, and don’t be nervous. 

The screen captures below, reflect the changes I made.

Manual Setup for Windows:

Open the Control Panel from your Start menu.

Click Network Connections and choose your current connection.

On the General tab of the Connection Status screen, click Properties.

On the General tab of Connection Properties, scroll down and select Internet Protocol (TCP/IP), then click Properties.

On the General tab of Internet Protocol (TCP/IP) Properties, select Use the following DNS server addresses, then enter the two NortonDNS IP addresses 198.153.192.1 and 198.153.194.1.

Click OK until each window is closed. You are now using NortonDNS.

Once installation is complete, you will be presented with the following confirmation screen.

To ensure that you have in fact, been successful in making the change, visit this Norton page. The page will let you know if you are currently using Norton DNS.

or

System requirements: Windows XP (32-bit) with Service Pack 2 or later, Vista (32-bit and 64-bit) Win 7 (32-bit and 64-bit).

Download at: Norton DNS

Note: Uninstalling or canceling Norton DNS is easy – simply uninstall it. The process will revert your DNS settings to their previous values.

Additional free alternatives include OpenDNS, and Google Public DNS.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

How Do I Select The Right Company To Host My Website If I Live In Australia?

Guest article: If you want a website online, there are a number of reasons why you want all your support in your region. This is not just because they will speak your language. You are making contractual arrangements with suppliers, and therefore, you need them to be in your region for legal issues. Here is a deeper look at this issue when setting up a website.

Despite it being the World Wide Web, we want to make sure we know where our website is being hosted. This will also depend on the type of website you are building. Locality is always an issue. For example, if you live in Brisbane, you want IT services Brisbane.

In this article, we look at the right type of services, and other server needs you must think about. You could have put a lot of effort into your website, and you want to make sure you have complete control. There are some very local issues to understand even though you could view your website from anywhere in the world

• Getting Started. When we think about setting up a simple website, we think about getting online and buying a host program – the hosting program is where your site will go. On these websites, we can buy domain names and buy the space and location for our website. We build our site ourselves, or we build it online through one of these sites. When everything is running smoothly there will be no problem. What happens if that company that you bought your domain name and hosting location goes out of business? What happens if something goes wrong or there are legal problems and the hosting company you bought space from is in another country? While we will buy a simple hosting package online, we still need to make sure that company is in our locality, city, state or country. It could be very hard to deal with them if they were in some lawless country on the other side of the planet. You know you are safe when the supplier is in your country, and they have a physical location. Get your hosting program from a company in your locality.
• Computer Support. The hosting company will give you a limited amount of IT support in relation to how their servers work. This support is normally in the form of emails and other online interaction. You still need to maintain your own computers repairs, service and security. Even simple sites can have very confidential information, and so you will need to know how to handle this. If you are in Brisbane, for example, having a local computer repairs is essential. You might need to get face-to-face support by people who understand you and speak your language. Having support locally is always essential.
• Going a Bit More Professional. When you buy your hosting program online, you are normally buying space that is shared with other people. The hosting company has a room of servers where everyone’s website and web space is shared. If you are looking for a more secure and professional setting, you will need to look for a more professional dedicated servers provider. Dedicated servers are individual computers for each client. This will mean you will have your own computer in a secure location with your own super-high speed internet connection and support. If you are intending to earn income from your website, this will be essential. It will mean your data, and information is more secure, your website’s speed will not be influenced by anyone else’s internet use, and you will have professionals who will keep an eye on it for you. You could set up your own server in your own location if you have that knowledge. You would need to make sure you have backup power and a range of other security issues (both online and offline) solved. Dedicated servers are often in a very secure location, and you want this location to be in your locality, city, state or country. Again there are legal issues you need to think about. Just like your hosting program, domain name and IT services, you want them from someone who understands you and resides locally.

Guest article by Sachin.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Steer Clear of Malware Web Sites With ClearCloud DNS

Security conscious Internet users are aware, that so called “trusted” websites, are not always to be trusted. We’ve covered this issue here on Tech Thoughts a number of times, most recently in, “How Safe Are Trusted Web Sites? Not Very!”

The following is a brief explanation, from that article, on how cyber crooks manage to infect web sites:

“Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine”.

Unfortunately, installed anti-malware solutions may not always provide adequate protection against this type of attack. Luckily, there is a solution which can add an additional layer of security by substituting your ISP provided DNS service, with a more secure alternative. An alternative that can prevent you from visiting sites that harbor malware exploits.

Free alternatives include OpenDNS, Google DNS, Norton DNS – and now, an additional free service can be added to this list with the release of ClearCloud Beta from Sunbelt Software, the developer’s of the highly regarded VIPRE antivirus application.

According to ClearCloud, the application “checks every website address your computer is trying to access, whether you’re browsing the internet, clicking a link in an email, or a program “under the hood” trying to communicate with servers for information or updates”.

In a quick 24 hour test, I found ClearCloud worked as advertised. With ClearCloud up and running, you will be prevented from visiting sites identified as harboring exploits. In which case, you will get detailed information on why ClearCloud believes the site is unsafe.

Taking advantage of this service couldn’t be easier. Simply download the setup application, execute, and as the simply interface shown below indicates, you’re now protected by ClearCloud.

Following installation, visit the ClearCloud block page to verify the service is up and running.

System requirements: Windows, Mac.

Download at: ClearCloud

Alternatively, you can manually set your DNS server address to 74.118.212.1.

Note: You can configure ClearCloud on your router. Click here for a setup walkthrough.

A big ”Thank You” to regular reader TeX for bringing this service to my attention.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Norton DNS Can Save Your Butt!

In early June, I posted an article – Norton DNS – Another Layer of Computer Security, in which I stated –

You should consider additional system hardening by substituting your ISP provided DNS service, with a more secure alternative.

A few days later, I posted an article – Follow the Link and You “Takes Your Chances”, in which I made the point –

As a matter of policy, I test every allowed link included in a comment, for safety. Spam filters can often miss comment spam, some of which are highly dangerous. While comment Spam is a pain for the Blogger, a reader who follows a link in a malicious Blog comment, which leads to a malware site, is in for a very painful experience.

The following comment emailed to me by WordPress just today, and not picked up by the Askimet spam filter, provides a perfect example where these two intersect:

The email notice:

A new comment on the post “Download TrueCrypt –  TrueCrypt Beats The FBI Decryption Team!” is waiting for your approval.

Author : retnol (IP: 202.70.54.67 , 202.70.54.67)

E-mail : retno.larasati08@student.ipb.ac.id

URL    : http://retno.larasati08.student.ipb.ac.id

Comment:

well, nice post. Thank you for sharing.

Approve it:

Trash it:

Spam it:

On testing the URL (the link), contained in the comment, I get this result from Norton DNS. This is not as uncommon as you might think.

Further investigation of the Threat Report, reveals the following.

Pretty scary stuff, I think you’ll agree.

So, I’ll repeat –

Be cautious when following links contained in comments on any web site – not just Blogs.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals. All software reviewed on this site, for example, has been thoroughly tested, by me, for usability. If a reader has a problem with recommended software, it’s generally a machine specific problem.

Be cautious when following any link contained in any web page. Recent reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable, or unsafe websites.

Use Norton DNS as an added safety precaution.

You simply cannot trust links, given the state of the Internet, so if you haven’t hardened your system by substituting your ISP provided DNS service, with a more secure alternative, I urge you to do so.

I deal with comments like this every day – it just happens, that today, I had some spare time to bring this situation to your attention, one more time.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Norton DNS – Another Layer of Computer Security

Here’s an item from today’s Tech Net News – “Thousands Of High-Ranked Web pages Infected With Malware, including ……”

We’ve covered this issue here on Tech Thoughts a number of times, most recently in, “How Safe Are Trusted Web Sites? Not Very!”

The following is a brief explanation, from that article, on how cyber crooks manage to infect web sites:

“Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine”.

Unfortunately, your anti-malware solutions may not always protect you from this type of attack, so you should consider additional system hardening by substituting your ISP provided DNS service, with a more secure alternative.

Free alternatives include OpenDNS, Google DNS, and now Norton DNS – a free service (in Beta), that provides faster web browsing with basic security. The additional security is provided by Norton Safe Web, which provides a quick check on each site to make sure that it isn’t a threat. If it is, you are protected from the site, and you will get detailed information on why Norton believes the site is unsafe.

Norton DNS, with Norton Safe Web incorporated, prevents users from visiting sites identified as harboring exploits including.

Viruses

Drive-By Downloads

Malicious Downloads

Worms

Suspicious Applications

Suspicious Browser Changes

Security Risks

Heuristic Viruses

Adware

Trojans

Phishing Attacks

Spyware

Backdoors

Remote Access Software

Information Stealers

Dialers

Downloaders

Norton has not yet provided an install client, but in the meantime, you can make the required changes manually by following the instructions below. At first glance, you may think this is complicated when it fact, it’s quite easy. So, give it a try, and don’t be nervous.  🙂

The screen captures below, reflect the changes I made.

Manual Setup for Windows:

Open the Control Panel from your Start menu.

Click Network Connections and choose your current connection.

On the General tab of the Connection Status screen, click Properties.

On the General tab of Connection Properties, scroll down and select Internet Protocol (TCP/IP), then click Properties.

On the General tab of Internet Protocol (TCP/IP) Properties, select Use the following DNS server addresses, then enter the two NortonDNS IP addresses 198.153.192.1 and 198.153.194.1.

Click OK until each window is closed. You are now using NortonDNS.

To disable or uninstall Norton DNS manually:

Follow the same instructions above, but on step five, select Obtain DNS server address automatically on the last screen (or replace our NortonDNS addresses with your recursive resolver IP addresses).

To ensure that you have in fact, been successful in making the change, visit this Norton page. The page will let you know if you are currently using Norton DNS.

Note: According to Norton, this service is currently only available in English and, not all users in all countries will benefit.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

SpySkype.C Trojan Wants to Talk to You!

Panda Security’s weekly report on viruses and intruders (1/30/2009) provides details on a recently discovered Skype Trojan classified by Panda as SpySkype.C. The initial objective of this malware is to steal the user’s login details.

According to Panda, the Trojan achieves its ends by convincing the user that a new Skype plug-in, Skype-Defender has been loaded onto the potential victim’s computer. As is common with this type of parasite, user action is then required to complete the infection.

Following the acceptance of the installation of the Trojan, users are instructed to enter their user name and password on a spoofed web page which are then transmitted to the malware’s author.

Luis Corrons, Technical Director of PandaLabs, explains the ultimate objective of the SpySkype.C Trojan is to use the newly infected account to spam the victims Skype contacts through the messaging service. According to Corrons “these messages can include a copy of this malware, or a different example of malware”.

To keep ahead of malware threats, go to Panda Security’s malware information site. For additional information on Skype scams read TechPaul’s Skype — “Windows Requires Immediate Attention”.. Not!

Replace Task Manger with Free System Explorer

Windows Task Manager falls far short of providing me with the information that I really need to monitor activity such as running tasks, processes, modules, system performance, open files, and particularly open Internet connections on my computer systems.

While there are a number of free tools available, that taken together, can provide information on any of the above, my preference has always been for an all-in one application that provides me with all the information.

Recently, I came across just such a free application; one that gives me all that I need, and more; all in a small package. System Explorer, not only monitors activity as described above but in addition, with a right menu click, provides online information including virus checking for any process, driver or service, from VirusTotal or Jotti.

(Click image for larger image)

Since I am by nature a security freak when it comes to system security on the Internet, System Explorer’s ability to provide me with details on file and process via online databases, and automatic security checking of processes, modules and selected files, is a real bonus.

If you are the type of computer user whose comfort level demands full knowledge of your system’s operations then this neat little program shouldn’t disappoint.

For those users’ who like to carry diagnostic programs on a USB flash drives a portable version is also available.

(Clck image for larger image)

Fast facts:

Detailed information on Tasks, Processes, Modules, Startups, IE Add-ons, Uninstallers, Services, Drivers, Connections and Opened Files

Easy check of suspicious files via VirusTotal or Jotti

Easy search details on file/process via online databases

Security Extension for automatic check on processes, modules and selected files

Action History for monitoring processes activities

Performance graphs for monitoring usage of system resources

System Snapshots to monitor system changes

System Report builds rich text report on system

Multilanguage

Plugins Support

System Requirements: Windows XP, Vista

System Explorer is free for both personal and commercial use.

Download at: FileForum

IRS Tax Notification Refund Scam – Don’t be Victimized!

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $939.40. – Fraudulent IRS email

Now who wouldn’t be thrilled to receive an email informing them that U.S. Internal Revenue Service is going to play Santa Clause and give them $939.40? Well I wouldn’t object, and I suspect you wouldn’t either. Like you, I can think of a few places where this unexpected windfall could be put to good use.

Despite the fact that I am a Canadian, and I reside in Canada, it seems the U.S. Government is eager, and determined, to give me money for the third time in just a few months. Yes, this is the third such scam email I have received in just the last few months.

Since I am a Canadian I do not file U.S. income tax returns and I do not qualify for a refund from the IRS. Despite this, the cyber-criminals responsible for this fraudulent email were optimistic that I would click on the enclosed email link.

Clicking on the link would have redirected me to a spoof IRS page, comparable to the original site, and I would then have begun a process in which the scammers would have stripped me of all the confidential information I was willing to provide.

Information requested on the spoof IRS page includes; social security number, credit card and debit card numbers, postal address, and date of birth. The financial and personal details entered into this fraudulent web site are harvested by cyber-crooks who would have used this information to commit identity and financial theft.

The reality is of course, the IRS doesn’t send out unsolicited emails asking for personal or financial information. Credit card numbers, ATM PIN numbers and additional financial information would never be required to enable you to discover the current status of your tax return, or your tax refund.

According to the IRS there are over 1600 IRS phishing sites operating, or online, at any given time in search of potential victims willing to hand over sensitive financial data. It’s easy to see that the emails I received are not isolated incidents. The IRS confirms that by their estimates, 1% of all spam email is an IRS phishing scam.

What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses. As well, giving the time of year, the timing is right. Be warned, IRS scam emails always ramp up before tax day and continue for some time afterwards.

You know what to do right? Follow the tips below to protect yourself against these threats:

• Your bank, the IRS, or any other legitimate organization will never ask you to divulge account information or passwords via email. Never give out this information, especially via email.
• Don’t open emails that come from un-trusted sources.
• Don’t run files that you receive via email without making sure of their origin.
• Don’t click links in emails. If they come from a known source, type them in the browser’s address bar. If they come from an un-trusted source, simply ignore them.
• Keep your computer protected. Install a security solution and keep it up-to-date. Also, before carrying out any kind of financial transaction on the Web, I recommend that you scan your computer with a second-opinion security solution, such as NanoScan.

Be kind to your friends, relatives, and associates and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

To help you fight back, the following information has been taken from the official IRS web site and provides instructions on how to assist the IRS in shutting down these schemes.

The good news is that you can help shut down these schemes and prevent others from being victimized. If you receive a suspicious e-mail that claims to come from the IRS, you can relay that e-mail to a new IRS mailbox, phishing@irs.gov.

Follow instructions in the link below for sending the bogus e-mail to ensure that it retains critical elements found in the original e-mail. The IRS can use the information, URLs and links in the suspicious e-mails you send to trace the hosting Web site and alert authorities to help shut down the fraudulent sites. Unfortunately, due to the expected volume, the IRS will not be able to acknowledge receipt or respond to you.

IRS reporting site

Bogus IRS Tax Notification Email – Don’t Be a Victim!

Despite the fact that I am a Canadian it seems the U.S. Government, by way of the Internal Revenue Service, wants to give me money for the second time in just a few months.

Back in February of this year, I received an email indicating I could expect a tax refund of $873.20, and just in the last few days I received an IRS Tax Notification email informing me that an additional $184.80 was mine if I just clicked on the enclosed email link.

Unfortunately, since I am a Canadian I will not be getting a refund from the IRS, but the cyber-criminals responsible for this email were hopeful that I would click on the enclosed link.

Clicking on the link would have redirected me to a spoof IRS page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide. Information requested on the spoof IRS page includes; social security number, credit card and debit card numbers, postal address, and date of birth.

The financial and personal details entered are harvested by cyber-crooks who would then have used this information to commit identity and financial theft.

The reality is of course, the IRS doesn’t send out unsolicited emails asking for personal or financial information. Credit card numbers, ATM PIN numbers and additional financial information would never be required to enable you to find out the current status of your tax return, or your tax refund.

According to the IRS there are over 1600 IRS phishing sites operating, or online, at any given time in search of potential victims willing to hand over sensitive financial data. It’s easy to see that the emails I received are not isolated incidents. The IRS goes on to say that by their estimates, 1% of all spam email is an IRS phishing scam.

What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses. As well, giving the time of year, the timing is right. Be warned, IRS scam emails always ramp up before tax day and continue for some time afterwards.

You know what to do right? Follow the tips below to protect yourself against these threats:

• Your bank, the IRS, or any other legitimate organization will never ask you to divulge account information or passwords via email. Never give out this information, especially via email.
• Don’t open emails that come from un-trusted sources.
• Don’t run files that you receive via email without making sure of their origin.
• Don’t click links in emails. If they come from a known source, type them in the browser’s address bar. If they come from an un-trusted source, simply ignore them.
• Keep your computer protected. Install a security solution and keep it up-to-date. Also, before carrying out any kind of financial transaction on the Web, I recommend that you scan your computer with a second-opinion security solution, such as NanoScan at www.nanoscan.com.

Be kind to your friends, relatives and associates and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.

To help you fight back, the following information has been taken from the official IRS web site and provides instructions on how to assist the IRS in shutting down these schemes.

The good news is that you can help shut down these schemes and prevent others from being victimized. If you receive a suspicious e-mail that claims to come from the IRS, you can relay that e-mail to a new IRS mailbox, phishing@irs.gov.

Follow instructions in the link below for sending the bogus e-mail to ensure that it retains critical elements found in the original e-mail. The IRS can use the information, URLs and links in the suspicious e-mails you send to trace the hosting Web site and alert authorities to help shut down the fraudulent sites. Unfortunately, due to the expected volume, the IRS will not be able to acknowledge receipt or respond to you.

IRS reporting site: phishing@irs.gov