Tag Archives: threats

Download Free Returnil Virtual System 2010 Home

If you read yesterday’s principal post (Download Shadow Defender – Virtualized Intrusion Prevention), you’ll remember we discussed operating system virtualization. Specifically, controlling malware intrusion through the use of a ‘”virtual” environment, rather than operating in a “real” environment.

Shadow Defender, the virtual environment application we focused on is, by no means, the only solution designed to create a virtual environment, as a number of readers pointed out.

The alternative application most mentioned by readers (all of whom are frequent commenter’s, and high level users), was Returnil Virtual System. I’m not surprised; I’ve tested this application in the past and use it on one of my test platforms. I’ve long considered Returnil a worthwhile addition.

There are a number of differences between Shadow Defender and Returnil Virtual System:

Returnil Virtual System is a FREE application.

Returnil Virtual System creates the virtual disk in memory (RAM), rather than on the Hard Disk (there may be a speed advantage to this method).

Returnil Virtual System incorporates an anti-virus. This seems to me to be overkill.

Shadow Defender allows system changes to be permanently saved to disk. Using Returnil Virtual System, you must first create a virtual disk.

Similarities:

Both provide an intrusion prevention system that is non-intrusive, prevents damage from intrusions, and malicious software: viruses, worms, spyware, key loggers, etc., and after initial setup, requires a minimum of user intervention.

From the developer’s site:

Returnil Virtual System’s protection concept is very easy to understand. It provides an impenetrable, yet extremely simple to use mechanism to prevent unwanted or malicious changes from being made to your supported Windows Operating System and the drive where Windows is installed.

You operate a copy of your system in a virtual environment, so anything you do will happen in the virtual environment, to the copy, and not to the real operating system.

If your computer is attacked or gets infected with malware, all you need to do is simply restart your PC to erase all changes induced by it. Once restarted, the working-copy of your system is renewed, enabling you to go on working as if nothing ever happened.

At the same time, Returnil Virtual System can create a virtual storage disk for you; the purpose of this storage space is to provide a place for you to save your data when the System Safe (Virtual System) mode is turned ON. You can customize the size of this disk to meet your individual requirements.

When the System Safe (Virtual System) protection is OFF, you can install or remove programs, save documents within the Windows disk drive, install security upgrades and software patches, alter configurations, and update user accounts. All changes made will remain following a restart of the computer.

Both applications incorporate a simple, easy to understand, “follow the bouncing ball” user interface as the following Returnil Virtual System screen captures illustrate.

Returnil 1

Returnil 2

Returnil 3

Returnil 4

Fast facts:

Keeps your system safe when connected to the Internet

Viruses, Trojans, Worms, Adware, Spyware, Keyloggers, Rootkits and unwanted content disappear with a simple reboot

Enforces settings and protects your Internet privacy

Helps reduce overall disk wear by copying and operating your system from memory rather than the hard disk

Saves time and money by considerably speeding up the system

Reduces or eliminates the need for routine disk de-fragmentation

Leaves absolutely no traces of computer activities

Eliminates the dangers of evaluating new software

Seamless integration with supported Windows Operating Systems

Easy to use, simple to configure, and the one tool in your arsenal that will be there to save the day when all else fails

System requirements: Windows XP, Vista, Server 2008, Win 7 (32-bit/64-bit all)

Supported Languages: English, Japanese, Chinese (Simplified), Chinese (Traditional), Korean, German, Italian, Spanish, Russian, Polish, Dutch, Czech, Finnish, Portuguese.

Download at: Returnil

A number of readers made mention of Comodo Time Machine, a worthwhile free system restore utility. Popular guest author, Rick Robinette, has a very informative article over on his site, What’s On My PCComodo Time Machine – A Powerful System Restore Utility. I encourage you to read this article.

As well, Tech Paul (one of my daily reads), has just posted an article, Time Travel Fights Infection, in which he discusses the concept of virtualization. I encourage you to read this article to get another view on this technology.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

13 Comments

Filed under Anti-Malware Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Geek Software and Tools, Online Safety, Software, System Security, Windows 7, Windows Vista, Windows XP

Download Shadow Defender – Virtualized Intrusion Prevention

Shadow Defender is an intrusion prevention system that is non-intrusive, and after initial setup, requires a minimum of user intervention – perfect for the average user.

Simply put, Shadow Defender, when active, creates a virtual environment on your computer by redirecting all changes to your system to an unused location on your Hard Drive. At, or before shut down, these system changes can be permanently saved to disk, or completely discarded.

Virtualization can be analogous to – “now you see me; now you don’t”, or “you think you can see me, but I’m not really here”. By handling security in this way, Shadow Defender prevents damage from intrusions, and malicious software: viruses, worms, spyware, key loggers, etc.

A case in point:

While surfing the Net, an inexperienced user mistakenly accepts an invitation to install a scareware application but realizes, after the fact, that this is a scam. Operating in a “real” environment, the damage, unfortunately, would already have been done.

Operating in a “virtual” environment with Shadow Defender active; operating in Shadow Mode, the system changes made by this parasite could be completely discarded, since the attack occurred in the, “I’m not really here” environment .

A system reboot would restore the system to the original state, as if the attack had not occurred.

So what’s Shadow Mode?

Shadow Defender clones an independent system platform with the same configuration, and functions,  as the existing system. The important difference between “normal mode”, and the shadow mode is: everything in Shadow Mode, including the file/s you downloaded, the document/s you created, or the settings that you changed, will disappear when you exit Shadow Mode.

The user interface is “follow the bouncing ball” simple as the following screen captures illustrate.

Since I’m not a fan of application auto start, I configured this application to start on an on demand basis – only at Browser launch.

Shadow Defender 1

At the following screen, I set the application to protect both partitions on my Hard Drive. Simple.

Shadow Defender 2

If a user choose to run Shadow Defender on a continuous basis, an option is available to exclude specific files and folders. Remember, since all downloaded files, all created documents, and all system changes will disappear when the user exits Shadow Mode, unless excluded, this is a critical option.

Shadow Defender 3

The administration screen allows the user to fine tune the application to their specific needs including allowing/disallowing auto start at boot.

Shadow Defender 4

Fast facts:

Prevent all viruses and malware.

Surf the internet safely and eliminate unwanted traces.

Protect your privacy.

Eliminate system downtime and maintenance costs.

Reboot to restore your system back to its original state.

Maintain a system free from malicious activity and unwanted changes.

Test software and game installations in a safe environment.

Protect against unwanted changes by shared users (suitable for workplaces and educational institutions).

During a quick test, I downloaded application files, video files, moved files between partitions, wrote and saved test documents, and made minor system changes with Shadow Defender active. On reboot, no changes were evident.

System requirements: Windows 2000, XP, Vista (32-bit), Windows 7 (32-bit and 64-bit).

This application is not freeware but you may download a 30 day trial version at: Shadow Defender

Purchase Price $35.00

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

21 Comments

Filed under Anti-Malware Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Internet Safety Tools, Online Safety, Software, Software Trial Versions, Spyware - Adware Protection, System File Protection, System Security, Tech Net News, Utilities, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

Valentine’s Day: Love in Your Inbox – Malware on Your Computer

imageIt’s only a few weeks until Valentine’s day, so it’s not to early to get ready for the deluge of  “I love you”, “Wish you were mine”, and of course the proverbial “Happy Valentine’s Day” emails.

Hopefully, you will have a Happy Valentine’s Day, but you won’t if you fall victim to the burst of spam that is aimed at lovers, at this time of year, every year. Much of it designed to drop malware on unsuspecting users machines.

Like clockwork, spammers and cyber crooks ramp up the volume of spam emails aimed at unsuspecting users, just prior to this day, culturally set aside as a “celebration of love”.

In previous years, starting just about this time, we saw abnormally high rates of this type of spam, and since cybercrooks are “opportunity driven”, we can expect much more of this type of cybercriminal activity this year.

Maybe you’re a very cool person who’s significant other is always sending you neat little packages in your email. Things like MP3 files, screensavers, cartoons, YouTube videos and the like. You get them so often, that you just automatically click on the email attachment without even thinking. If you are this type of person, here’s a word of advice – start thinking.

The hook, as it always is in this type of socially engineered email scam, is based on exploiting our emotions. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprises. I think it’s safe to say, we all find it difficult, if not irresistible, to peek at love notes received via email.

The unfortunate truth is, these spam emails often contain links that deliver advertisements, or worse redirect the victim to an unsafe site where malware can be installed on the victim’s computer.

Last year at this time, a friend, who is an astute and aware computer user, fell for one of these carefully crafted teasing emails. On opening the email, he was taken to a site which had pictures of hearts and puppies, and was then asked to choose which one was for him.

image

Fortunately, common sense prevailed and he backed out of this site. If he had clicked on this site, he would have begun the process of infecting his machine with a Trojan, which can connect to remote command and control Web sites.

Unfortunately, being smart is often NOT enough to protect yourself. Experienced users are on guard year round for these, and other types of scam/spam email.

You know what to do, right?

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Email, email scams, Internet Safety, Malware Advisories, trojans, Viruses, Windows Tips and Tools, worms

Safe, Secure Browsing, with Free WOT Browser Add-on

WOT (Web of Trust) recently awarded it’s 2009 “WOT Publicity Award” to 10 Bloggers and happily, Tech Thoughts was one of the recipients.

image It would be difficult for regular readers of this site not to be aware, that I write consistently on the importance of Internet browser protection, and how strongly I feel that Web of Trust, is the application leader in providing critical Browser protection.

In fact, I frequently hear from readers who, after installing WOT on their computer systems, feel reassured that they are safer than ever before, and who express a renewed sense of confidence, and  a new level of enthusiasm, while surfing the Internet.

And why not. Security starts with your web browser, and WOT substantially reduces the risk exposure, that comes with wandering through the increasingly risky neighborhood that the Internet has become.

What is WOT?

WOT, one of the most downloaded FireFox Add-ons at the Mozilla add-on site, (also compatible with Internet Explorer and Chrome), is a free Internet Browser resource which  investigates web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites.

For example, here’s a Google search in which WOT indicates which sites are safe. Notice the unsafe (red) sites, in the Google ads!

WOT Google

Take a look at what happens if, in fact, you do end up on an unsafe web site. WOT’s dropdown warning current blocks access to the site until you determine otherwise.

WOT - new

WOT operates in a unique fashion in order to offer active protection to the Internet user community. It stands out from the crowd of similar applications, by soliciting the opinions of users/members whose views on web site safety are incorporated into the overall site safety rating. According to WOT, the user community now has reputation data on over 25 million sites worldwide.

The shared information on a site’s reputation includes trustworthiness, vendor reliability, privacy, and child safety. As well, in order to achieve maximum security coverage, WOT uses thousands of trusted sources including phishing site listings, to keep users protected against rapidly spreading threats.

image

WOT integrates seamlessly with search engine results from popular search engines including Google, Yahoo, MSN and other popular sites, and provides impressive protection against Internet predators.

WOT recently added the top three web-based email services – Google Gmail, Windows Live Hotmail and Yahoo! Mail, to its free security protection. You can now feel more confident and secure, since WOT checks links embedded in your email, and warns you of dangerous web sites so that you can avoid spyware, spam, phishing, identity theft and other Internet scams; before you click on dangerous embedded links.

How WOT works:

The Browser add-on icon, displays a color rating for each site you visit, indicating whether a site is safe to use, should be used with caution, or avoided entirely.

Using traffic light colors, (green, yellow, and red), WOT leaves you in no doubt as to the safety rating of a web site. An impressive feature of WOT is the dropdown transparent warning curtain, shown earlier, triggered on visiting a dangerous site.

Recognizing that up to ten percent of Internet users are at a disadvantage however, due to colorblindness, and cannot rely on an Internet safety system based on color coding, the Web of Trust development team recently released an adaptive version of WOT. This version incorporates equivalent alternative information, through assistive or adaptive technology, for colorblind users.

This colorblind accessible application provides the same critical benefits to those individuals who have to contend with visual impairments, as it has to those of us who have come to rely on WOT as a major defense against the pervasive hazards we encounter on the Internet.

Quick facts – WOT checks the following on each web site visited:

Trustworthiness

Vendor reliability

Privacy

Child Safety

More quick facts:

Ratings for over 25 million websites

The WOT browser add-on is light and updates automatically

WOT rating icons appear beside search results in Google, Yahoo!, Wikipedia, Gmail, etc.

Settings can be customized to better protect your family

WOT Security Scorecard shows rating details and user comments

Works with Internet Explorer, FireFox and Chrome

Interface supports English, French, German, Spanish, Italian, Russian, Polish, Portuguese, Swedish and Finnish.

Surf more securely by installing this browser add-on which will provide you with an in-depth site analysis based on real world results. Keep in mind however, that you are your own best protection. Stop · Think · Click

Download at: MyWot

Bonus: Watch a demo video showing how WOT works in practice.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 Comments

Filed under Anti-Malware Tools, Browser add-ons, Chrome Add-ons, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Firefox Add-ons, Free Security Programs, Freeware, Internet Explorer Add-ons, Internet Safety Tools, Software, Windows Tips and Tools, WOT (Web of Trust)

Internet Dangers – Real Life Stories

image Many of my friends think that I lean towards a “scare them to death” philosophy, when it comes to the Internet. I often get badgered with “friendly” questions such as – “Don’t you ever see anything good about the Internet?” Or, “Don’t you get tired of scaring people with all your talk of the dangers on the Internet?”

Frankly, I find it enormously depressing writing on malware, scareware, Browser exploits, and all the other exploits that continue to threaten our enjoyment of the Internet. Testing and recommending new software, is much more appealing.

But, when all is said and done, I’m left with this question – if I don’t educate my friends, and by extension, my readers, who will?

Just to be clear – there is no doubt that the Internet can provide a rich educational and cultural experience, at a minimum, but at the same time, it is virtually impossible for users not to be exposed to the underbelly of the Internet.

The sad reality is, the majority of computer users are undereducated when it comes to recognizing the dangers, and threats, that the Internet poses to their computers and to their personal privacy. This is a case where, what you don’t know can hurt you – big time!

For this article, rather than me get up on my “the Internet can be a dangerous place” soapbox, one more time, let me offer you two edited comments from readers following recent articles.

The question that arises from both these comments might be – if a technically sophisticated computer user finds navigating the Internet hazardous then, is an average user now essentially at the mercy of cybercriminals?

The first comment is from Mark Schneider, a high level “super user”, who occasionally guest writes on this Blog.

I agree with you about personal responsibility being paramount; even the careful user can get into trouble. My daughter borrowed my old ThinkPad recently – she needed it for doing research for the colleges she’s applying to. Everything seemed fine when I used the machine again.

I did a routine scan and MalwareBytes found 15 Trojans and at least one rootkit. I was not amused, and when I checked the browsing history, virtually every site (she visited), had been an .edu site. I looked into it and found out many .gov and .edu sites have been compromised.

I’ve gone to using “No-scripts” extension with Firefox as well as the usual tools. And frankly, outside an enterprise firewall I’m beginning to question running XP at all anymore. Many applications don’t work well when running as a limited user so, you end up running as admin.

With the number zero day exploits these days, and the state of the Internet, (with the use of JavaScript everywhere), it’s getting tough to stay safe even when following decent security protocols.

I’ve begun test running Open Solaris, in a virtual machine, to do online banking and going to my eBay account. I don’t want to sound paranoid but, Windows users are at risk every time they go online. I think Vista and Windows 7 are more secure than XP if you turn the (much hated) User Account Control to maximum protection, but then people complain about convenience.

Unfortunately convenience and security are two diametrically opposite realities – it’s very difficult to have both while running Windows online in 2009.

Sorry about the rant but I guess I’m a little frustrated as well.

The second comment is from reader RHH who occasionally comments here.

As a recent victim of an infected link on Goggle, and having previously installed the new Panda Cloud anti-malware service, I wonder why Panda could not stop the auto loader malware as the malware certainly was in circulation longer than the 6 minutes Panda touts as their ability to mark a malware and neutralize it. I would add that not even the WOT had marked the infected link as unsafe.

Also, I hope Firefox can give us a way to selectively stop the browser from restoring a session and restarting an infected web site after having shut down a computer.

I also wonder why Goggle cannot get the links in their system screened to prevent, or at least minimize, malware from being passed forward to the users. If Cyveillance Blog can screen and find 250,000+ problem sites, cannot Google do the same and counter attack somehow?

It honestly seems like major players like Google, and others, also have a stake and responsibility to work at getting the malware out of their links before we run into them – no matter how hard we work at avoiding problems.

So what do you think? Has the Internet now reached a critical mass in terms of cybercrime?

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

9 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Interconnectivity, Malware Advisories, Online Safety, Personal Perspective, Safe Surfing, Windows Tips and Tools

Email “Non Delivery Report” Spam Up 2000% – Panda Labs

image When it comes to criminal creativity, I find it difficult to think of a group that’s more creative than spammers. Not only do these cyber criminals develop new and creative ways to bilk unaware computer users out of their money, but they regularly roll out time tested older spam scams.

Rolling back, this time, for another shot at the unaware user, is that old familiar spam scam – the NDR, an email “non-delivery report”. Personally, I have noticed a major increase in this annoying spam in the last few weeks.

image

PandaLabs recently reported on a 2000 percent increase in the amount of NDR spam messages in circulation – compared to the number of samples detected between January and June of this year. Twenty percent of global spam monitored by Panda Security now uses this technique.

According to Panda “These messages are usually legitimate, but this mail server function is being exploited by spammers to distribute spam, using the sender’s real name. The spam content is usually sent as an attachment to the fake non-delivery notice. Although in most cases users have not sent the supposedly undelivered email, they still become curious and open it”.

Curiosity is an issue we have covered on this site repeatedly. Let me give you this from the article “Want to Avoid Malware on the Internet? – Think BEFORE You Click” “….it may well be our conditioned human responses that pose the biggest risk to our online safety and security. Our curiosity, coupled with our conditioned responses can often override our common sense, so it’s not unusual for people to open an email attachment, for example, despite knowing that the attachment could be a virus or other form of malware”.

I handle hundred of emails every day, and in all the years I have been on the Internet and using email, I can recall only two non-delivery reports that were legitimate.

While it’s unlikely that opening a spam email non-delivery report will lead to system damage, or an infection, the one thing I will guarantee you is this – you will get a LOT more spam/scam email. It goes without saying, that the more spam you receive, the more likely it is that at some point, you will suffer a malware attack.

So do yourself a favor, if you receive a non-delivery report, simply ignore it. Of course, be guided by your own experience level in handling potential threats.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Email, email scams, Malware Advisories, Online Safety, Panda Security, PandaLabs, Windows Tips and Tools

Dangerous Porn Sites – Tips on How to Avoid Them

image Would you be surprised to learn that pornography has an ancient history? Well, it does.

It seems that pornography has always been a force to be reckoned with. From prehistoric rock paintings depicting sex, through to the Greeks, Romans, the Renaissance period ( in which it flourished), and on to the mass production of pornography in the early 20th century when purveyors adapted to the new technologies then available.

No surprise then, to see the distributers of sexually explicit material almost immediately adopted the Internet as the preferred method of  mass distribution, which allows uncontrolled and anonymous access to explicit sexual content. Fast, anonymous, and in many cases, free access to porn online, has been a driving force in making the Internet the preferred mode of access.

Even if you are an infrequent user of the Internet, it is probable that you have been exposed to porn, unwanted or otherwise, while surfing the web.

image

The distribution of pornography is enormously profitable. Consider this statistic: the pornography industry has revenues larger than the revenues of the top technology companies combined. That’s right, the combined revenues of Microsoft, Google, Amazon, eBay, Yahoo!, Apple, Netflix and EarthLink. You’re not really surprised, are you?

Pornography is what it is; I am not a member of the Morality Police, and I hold no religious, or political views, on the availability of pornography on the Internet; except of course, pornography which is clearly illegal, or morally reprehensible.

My main concern with pornographic Websites is focused instead on the primary/secondary use that many of these sites are designed for – as a vehicle for the distribution of potentially harmful malware applications that can be surreptitiously dropped onto unwitting visitors computers.

The potential for damage to both computers, and users is real, and can have dramatic consequences, considering the confidential/financial data that can be stolen by keyloggers, tracking cookies, and other common forms of malware used by porn sites.

Unethical porno sites have a reputation for some, or all, of the following behavior:

Pop-up windows that are difficult, or impossible to close. Tip: Pressing the Control key and the W key simultaneously, will generally close pop-ups.

Browser hijacking.

Dropping spyware, viruses, Trojans, and rogue applications.

Requiring the installation of a plug-in or codec to view movies – a favorite method of malware insertion.

Be particularly cautious of so called “free three-day trial memberships”. These schemes are notorious for fraud and credit card scams. Just try to take advantage of a “free three-day trial memberships”, without providing credit card details.

To maximize your Internet safety and security, especially while surfing porn, its important that you run with a browser security add-on.

The following are browser security add-ons that are noted for their effectiveness, although it is important to recognize cyber-criminals are crafty, and there is no one perfect solution.

Being the kind of security conscious fellow that I am, I run both WOT and McAfee SiteAdvisor together, while surfing the Internet. You just never know. Right?

Web of Trust (WOT)

WOT is a free Internet Browser add-on (my personal favorite), that has established an impressive and well deserved reputation. WOT tests web sites you are visiting for spyware, spam, viruses, browser exploits, unreliable online shops, phishing, and online scams, helping you avoid unsafe web sites.

McAfee SiteAdvisor

A free browser add-on that adds small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives. These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats.

Finjan SecureBrowsing

Finjan SecureBrowsing searches major websites as well as search results for malicious content hiding behind links. By accessing and scanning destination URLs in real time, the add-on proactively warns you when a link is potentially dangerous.

ThreatExpert Browser Defender

The Browser Defender toolbar allows you to surf safely by displaying site ratings as you browse the Internet. When you visit a site its address will be checked by our servers and a rating shown in the toolbar based on any malicious behavior or threats we have found associated with the site. The toolbar also integrates with the search results provided by popular search engines such as Google and Yahoo! so you can see if, in our view, it is safe to continue before you visit a site.

AVG Security Toolbar Free Edition

AVG’s unique Search-Shield, available with the AVG Security Toolbar Free Edition, marks all web pages which are infected by zero day exploits and drive-by downloads. This powerful LinkScanner based technology works in real-time to provide comprehensive protection. Other programs rely on static databases and cannot protect you at the only time that matters – the time you click on a link.

TrendProtect

TrendProtect is a free browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers billions of Web pages.

Additional ways to Mitigate your risks while surfing the Internet:

Consider running your web browser in a sandboxed environment. Read “Sandboxie – A Freeware Sandbox App – Protect Your PC on the Internet”, for additional information.

Consider running your system in a virtual environment such as Returnil Virtual System Personal Edition.

Install the latest operating system updates, and patches, on your computer. This step is just common sense in all circumstances. Unpatched systems will be attacked!

Be aware that unethical porn sites can drop malicious code which will exploit vulnerabilities in your browser or operating system. Just visiting these sites can infect, or damage your system.

Ensure you are using the latest version of your Internet Browser – known security holes in older Browser versions will be exploited.

Consider switching your Browser – Experienced computer users tend to use FireFox as their principal Internet Browser, since the security add-ons which are available, offer substantial protection from exploits. No Browser however, is totally secure against exploits.

Turn off JavaScript in your Browser.

Install effective ant-malware solutions on your computer.

For additional information on protecting your computer, check out “The Best Free Spyware, Virus, and Browser Protection”, on this site.

How much information can a web site collect about you?

In my experience, most people are shocked at the amount of information that a web site is capable of collecting from a simple visit.

If you are interested in seeing just how much information your Internet Browser gives away about you and your computer system when you visit a web site, then checkout BrowserSpy.dk.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

19 Comments

Filed under Don't Get Scammed, Don't Get Hacked, Firefox Add-ons, Free Security Programs, Freeware, Interconnectivity, Malware Advisories, Online Safety, pornography, Software, System Security, Utilities, Windows Tips and Tools

Ransomware in Your Browser

image Ransomware, a vicious form of malware, is nothing new. It has been around in one form or another, since the late 1980’s.

Once installed on a victim’s computer, the Trojan will generally encrypt the victim’s files, after which the cyber-criminal demands a monetary ransom to decrypt the kidnapped files.

The ever creative cyber criminal community has now gone one better, with the release of Trojan.Ransompage. This piece of malware is designed to kidnap the victim’s Internet browser, including Internet Explorer, Firefox and Opera.

Note: The latest update of Firefox is apparently unaffected. Another good reason to update.

According to Symantec, Trojan.Ransompage “uses scare or nuisance tactics – similar to rogue antivirus programs, in an attempt to demand ransom from its victims. Once infected with Trojan.Ransompage, a victim’s browser will display a persistent inline ad on every page that the victim visits”.

image

Roughly translated from Russian, the ransom demand reads in part:

To remove the informer, send SMS message with text [5-digit number] to number [4-digit number].
Enter the code, received in response, MC

Affected Systems: Windows 95, 98, NT, 2000, XP, Vista, Server 2003

System Impact:

Deletes Files: Deletes Web Browser files.

Modifies Files: Modifies Web Browser files.

Releases Confidential Info: May send confidential information to a remote location.

Degrades Performance: Displayed image may degrade Web Browser performance.

Action you can take if infected:

According to Symantec, “the ransomware is designed to expire in 30 days, so anyone who falls victim to the infection can remove it simply by setting their system clock forward one month”.

Common sense security precautions:

Make regular backups of critical data. If you are infected this may be your only solution

Don’t store critical data on the system partition

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable scripting features in email programs

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

The authorities need to kick some ass here, and determine who owns the contact phone number and close it down. How hard is that?

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Browsers, Don't Get Scammed, Don't Get Hacked, Firefox, Interconnectivity, Internet Explorer, internet scams, Internet Security Alerts, Malware Advisories, Ransomware, Rogue Software, scareware, Symantec, System Security, trojans, Windows Tips and Tools

Hey Sucker – Read This! Michael Jackson’s Not Dead!

image The Web is the success it has become at least partially due to the fact that it can satisfy our curiosity about almost anything we can think of, including the sensational death of Michael Jackson .

We have learned to satisfy this curiosity simply by a mouse click here, and a mouse click there. In a sense, we have developed a conditioned response to “just click”. You are reading this article, in all likelihood, because the title roused your curiosity.

Using the Internet we can snoop, probe, and pry; and question, or confirm, virtually any statement, fact or opinion. We now have access to a quantity, and quality (some might dispute the quality), of information as never before. Sensational news alerts are a particularly delicious enticement.

Naturally of course, sensational news alerts, will continue to be one of the methods cyber-crooks will use to capture Internet users’ attention, particularly in emails, Google search results, and on social networking sites like Twitter and FaceBook.

Michael Jackson email scams

Since Michael Jackson’s death, email inboxes have been flooded with enticing scam emails, along with the usual emails offering pharmaceuticals, expensive watches, and other knockoff products with which we are all familiar.

image

Email scams work because the cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity – the reason you clicked on this article. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like sensational topics.

Knowing this, email scammers (cyber-crooks), will continue to exploit our natural curiosity, to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots on our computers.

With the worldwide Internet population now estimated to be 1.08 billion users, email scammers (cyber-crooks), have a huge playing field in which to practice their crafty scams.

Cyber-crooks, I’m convinced, must feel as if they are in cyber-crooks paradise given the opportunities such a large number of generally unaware potential victims present for illicit monetary gain.

Security experts (including me), argue that a significant number of malware infections could be avoided if users stopped “just clicking haphazardly” or opening the types of files that are clearly dangerous. To this point however, this type of dangerous behavior continues despite the warnings.

It continues to be true  that the majority of typical users, that I meet, are unaware of the very real dangers that spam emails and social networking links, hold for their safety, security and identity protection.

On the other hand, I’ve noted that aware Internet users rely on their own experiences and common sense to avoid malware infections. Generally, they are well aware of the hidden dangers on the Internet and have overcome that natural tendency to “just click”.

While on the Internet keep the following tips in mind:

Don’t click links in emails or social networking sites. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them.

Don’t open emails that come from untrusted sources.

Don’t run files that you receive via email without making sure of their origin.

Keep your computer protected. Install a security solution and keep it up-to-date.

Despite the title of this article Michael Jackson is dead. Yes, I know you knew this.

Elsewhere on this site there are additional articles dealing with current email and financial scams.

See: Bank of America Alert – Update Your Account Scam!

See: Online Banking – Be Safe, Not Sorry!

See: Avoid Trojans/Viruses – Stop with the Crazy Clicks Already!

12 Comments

Filed under Don't Get Hacked, Email, email scams, Google, Interconnectivity, internet scams, Malware Advisories, Online Safety, Safe Surfing, social networking, Spyware - Adware Protection, Twitter, Windows Tips and Tools

Best Spam Story Ever! Thanks Pastor Mike

image Earlier this year I wrote an article on home networking “Your Electric Wiring Is a Wi-Fi Network Alternative”, which proved to be fairly popular with readers outside of North America.

Just two days ago I wrote an article “Email Spammers Are Smarter than You Think”, in which I stated – “I long ago came to the conclusion that spammers are some of the craftiest people on the planet. I say this not in admiration of what they do, but instead, how they do it”.

Then, this morning, I received the following spam email offering to provide me with a contract worth $2.5 million, provided I am prepared to engage in fraud, graft and government corruption. Now, I could use $2.5 million, but I’ll pass!

The connection between the networking article, and this carefully crafted spam email, points out how spammers can modify their criminal activities to seek out a specific target market, rather than rely only on the more general broadcast, and non-specific targeting method, we are more familiar with.

I’m posting the email in its entirety since I found it very funny, and you may too. I consider it more than ironic, that the apparent sender is a pastor, given that he is advocating fraud, graft, and corruption. Halleluiah , brother!

Dear Sir,

RE: CONTRACT SUPPLY OF NETWORK WIRES WORTH USD2.5 MILLION FOR INTERNET ACCESS TO SECONDARY SCHOOLS

We are much delighted to enter into business relationship with your company of which we request for your full cooperation in order to achieve this goal.

I am a commission agent and consultant and there is a business I want to introduce to your company and if everything goes well, at the end, you will pay me 1% of the total value of the deal as commissions. Briefly, let me explain to you the nature of the concerned business. A government department in Nigeria UNIVERSAL BASIC EDUCATION NIGERIA is looking for a reliable and trustworthy company that can supply the above.

The ministry wishes to award the contract for the supplies to any reputable company in your area with proven capability to supply the above quantity items within a period of 10 months against upfront payment by telegraphic transfer 60% advance by telegraphic transfer immediately the contract is sign while is delivery is by sea to Lagos seaport within 8 months upon you/ contractors receipt of full advance payment. I am writing you this letter because I want to know whether your company has the ability to undertake the contract from for the supply of the above listed items?

Really, it is sometimes difficult to get such a big order from government of any country especially when the term of payment is 60% advance deposit after contract signing and balance 40% before shipment. The good news is that I have friends in the UNIVERSAL BASIC EDUCATION NIGERIA office of the principal buyer and these friends of mine are willing to help me to convince the top official of the ministry in Nigeria to give the contract to your company if you co-operate with me.

The co-operation I need from is to agree to compensate me with 1% of the total value of the contract if we are able to make the transaction. I depend on the success of this transaction and the commission I will receive from this transaction as my own benefits and to uplift my standard of living.

If you are interested to get this contract and if you are capable to handle the contract and willing to give me 1% of the total value of the contract, please contact me by email to enable to give you instructions on how you will apply for the contract.

As soon as you apply for the contract, I will contact my friends in the ministry for them to start underground works with the top officials of the ministry to give the contract to your firm. I am waiting for a speedy answer from you to enable show it my friends in the ministry for them to know whether it will stand a better chance of winning the contract as well on how you should prepare your tender documents.

Kindly treat urgent by confirming your interest, also send us your prices of the above products immediately by internet so that we will advice on how to prepare your tender documents.

Thanks for your kind cooperation also call me upon receipt of this mail.

Yours sincerely

Pastor. Mike Ukwu
NEW AGE TRADING
No. 120 Brass Street
Aba,
Tel: 00234-07056757161

4 Comments

Filed under Don't Get Hacked, Email, email scams, Interconnectivity, internet scams, Just for Laughs, Online Safety, Windows Tips and Tools