Triona's Tech Tips

The mainstream media is swooning over the recently discovered “Here You Have” virus, which spreads via malicious links in email messages. The virus, also called Imsolk, has infected some high-profile companies including Disney, Proctor & Gamble and Wells Fargo, according to reports.

It’s typical that the viruses that get the most attention are those that happen to infect big-name organizations. (Note that ABC News reports that ABC/Disney itself was infected by the virus.) In this case, the virus itself is not that scary. Sure, it’ll infect your computer, disable your security protections, spread through removable drives and network shares, and send itself to everyone in your contacts list. But a lot of viruses do that. And yes, it’ll overwhelm your network if you allow it to run rampant, which is what appears to have happened at some of these large companies. But, the thing about Here You Have is that it’s avoidable if you follow some simple precautions:

• Never click on email links.
• Run a good-quality security suite that includes antivirus and anti-spyware protections. The major security programs have already been updated with protections against Here You Have.

And, if you’re in a corporate setting:

• Filter spam at your network perimeter.
• Block unnecessary attachment types, like the .SCR file type used by Here You Have.

Want to know the viruses that scare me? The ones no one hears about because they are too sneaky. The ones that work silently, slipping into your computer without any interaction from you. The ones that can’t be removed with standard security tools. The ones that secretly record your keystrokes and quietly commandeer your computer. The ones that only infect a few computers at a time so as not to be detected.

That’s not to say you shouldn’t be wary of Here You Have, especially since it appears new variants of the virus are arising. But remember, the viruses that do the most damage don’t always make the headlines.

If you get a phone call saying you have a virus on your computer, hang up.

As reported by researcher Orla Cox on Symantec’s blog, the sellers of fake antivirus and security software have gone old-school and are now phoning victims to peddle their snakeoil. Cox posed as a computer novice to investigate:

Once I was connected to one of their agents I explained my problem to them. My computer was running really slowly and crashing a lot. The agent, “Brian”, proceeded to tell me that I was the victim of a virus that had entered my computer over the Internet. He walked me through opening up the Event Viewer and asked if I saw any errors or warnings in there.

[Note from Triona: That's because Event Viewer's purpose is to log what Windows is doing. These errors and warnings are part of normal operations and don't necessarily correspond to problems.]

Cox continues:

Naturally, I did. Brian then told me that these were indications of a virus infection. Was it serious, I asked? Brian said yes. Sounds ominous. Thankfully there was help at hand though… To clean up the computer, and also to avail of their software maintenance service, I could pay a yearly subscription fee of 129 euro. I could also pay 250 euro for a two year subscription. Brian was pushing hard for me to go for the two year option but in the end we agreed to go for just a one year subscription.

Cox was then urged to send an email with name, address, phone number, email address… and credit card details. If your red flags haven’t already been raised, that should send them to the top of the pole. No legitimate company would ever ask you to email your credit card details, that’s like a burglar asking you to stick your keys under the doormat.

Why are the miscreants behind rogue security software resorting to this tactic? Remember, it’s all about social engineering: the art of getting you to breach your own protections. Real security programs have become so good that the best way to commit cybercrime is to trick you, the person at the keyboard. Just as no security in the world can protect your house if you unlock the door, no security software can protect your computer if you can be tricked into bypassing it. That’s why these scams are called scareware — because they try to scare you into falling for their tricks.

Don’t be a victim of scareware scams. When in doubt, hang up on that fake call, ignore those phony “antivirus” warnings and pay no attention to spam emails. If you think you may have a virus use a real program like AVG’s free antivirus, Malwarebytes’ malware scanner and Trend Micro’s online House Call scanner to determine if you’re infected.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

The battle for your computer has stepped up a notch, as fake security software now offers real tech support. Talk about twisted!

As I’ve written before, rogue security software pretends to be real antivirus and anti-malware software in order to commandeer your computer. It disables your bona fide protections and claims that you must purchase their super-duper software to save you from invented infections. Now, they’ve added a “support” option as further bait. After all, if the software offers you tech support by live chat and email, it must be legitimate, right? And so much money is being made on this fake software that they can actually afford to hire real people to provide said tech support! It’s a whole new take on social engineering, the unethical art of doing anything and everything to manipulate you.

Remember, rogue security software will not protect you; it will leave you vulnerable. Your best protection is to stick with security programs from known vendors. Norton, McAfee, AVG, Trend Micro, and avast! are all real companies with real products. Although I’m still not enamored of Norton and McAfee (see why), you’re certainly better off with them than a rogue. Become familiar with what your regular antivirus program looks like. If you sit down at your computer one day and see something different, be very suspicious. Also, be careful if you do a web search for antivirus software, because many of the “sponsored links” lead you to fake programs. Once fake security software is on your computer, it’s extremely difficult to remove. And don’t fall for the trick “uninstaller,” which leaves remnants of the rogue to regenerate itself.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

If you get an email from Facebook saying there is a message for you, do NOT click on the link. Visit Facebook’s site directly instead to respond to any and all messages.

Like the Facebook update scam I dissected for you a few months ago, this latest scam tries to trick you into clicking a potentially malicious link by mimicking a legitimate Facebook message. Take a look at this screenshot and compare it to the Facebook update scam. You’ll see similarities, including the use of Facebook formatting and logo as well as a legitimate-looking link. However, the link actually redirects you to a malicious site. The site on this particular message has already been blocked as being harmful; it probably belongs to some innocent victim whose web site was hacked to deliver viruses or harvest passwords a la the Twitter DM worm. But there are plenty of other phony sites out there that may not have been blocked.

In my case I was alerted to the scam because I’d never heard of the people from whom the messages were purportedly sent, but that’s not a foolproof way to tell if a message is fake or not. Facebook accounts can be hacked, and false messages sent. This grants the fake messages an undeserved level of trust because they come from someone you know–and that’s the point. Cybercriminals know people are unlikely to click on unsolicited links and far more likely to click on something sent by someone they know. The best way, as I said, is to distrust all email links no matter who they’re from. You are far safer visiting the Facebook site directly and checking your messages from there.

We’ve talked before about Facebook privacy, or lack thereof. Facebook is facing such public scrutiny over privacy, it’s hard to keep up with the number of changes they’ve made. They’ve expounded upon their improvements to news media and set up a page dedicated to privacy. But given the popularity of social networking sites and the multitude of ways they can be exploited to trick unwary users, I expect privacy will remain an issue for some time to come.

Many people believe the illusion of privacy offered by social networking sites. They think they are conversing in a private setting, when in reality that information can easily end up on search engines and other public places. Google and other search engines routinely index data from Facebook and other social networking sites, and data can slip through even if your privacy settings are set to maximum.

Security also remains a concern for Facebook users. Clickjacking–tricking users into clicking links–has become so prevalent on Facebook it’s earned its own term: “likejacking.” A recent worm using link-bait such as “The Prom Dress That Got This Girl Suspended From School” has infected hundreds of thousands of Facebook users. Clicking the link marks it as “like” to your Facebook friends, giving it unwarranted credibility and helping to spread the worm. Worms like this may also attempt to gain control of your Facebook page or use malicious code to introduce viruses into your computer. Other scams use recent events like the World Cup to entice you into clicking links that purportedly go to video clips. You are then prompted to download software to view the videos, but the downloads are viruses. All those links that claim you will get X number of goodies for Farmville or other games are mostly scams. Criminals may even try to “friend” you from phony accounts so they can target you for burglaries and other crimes.

In other words, social networking sites are about as secure as sieves. What’s a Facebook user to do? My advice is to remember that anything you say on the Internet is public, regardless of your privacy settings. Don’t post information about your children, your vacation plans, or other information than could be used against you. Be wary when clicking on links, and make sure you have a good security suite that is continually updated. And, as always, stay tuned to Tech Tips for the latest computer news.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

A recent wave of viruses that propagate via Skype and Yahoo Messenger illustrate the principles of social engineering: how viruses bypass security precautions by tricking you into letting them in.

The Skype and Yahoo Messenger worms distribute themselves via messages like  “Does my new hairstyle look good? bad? perfect?” and “My printer is about to be thrown through a window if this pic won’t come our right. You see anything wrong with it?” The accompanying link appears to point to an innocent jpg, but when you click on it you are actually running the worm.

Don’t confuse social engineering with social networking. Social networking means interactive Web 2.0 sites like Facebook, MySpace, LinkedIn and Twitter. Social engineering is the art of tricking you into installing viruses or malware on your computer. PC and Mac users alike can be drawn in by social engineering scams.

Social engineering is a common tactic used by viruses and malware. The Twitter worm we discussed in February uses direct messages to entice users into visiting a pseudo-Twitter login page that harvests login credentials. Scams like the faux Facebook Update arrive via email, and contain links to malicious web sites. Rogue antivirus software is all about social engineering: make users think their computers are infected with viruses that can only be removed by purchasing the fake software.

How do you avoid social engineering scams?

• Links can look legitimate when they’re not. For example, I can spoof a link that says: http://support.microsoft.com. Now, before you click that, mouse over it without clicking and look at the status bar at the bottom of your web browser. (If you don’t see the status bar, go to the View menu and make sure Status Bar is checked. It may be under the Toolbars sub-menu.) You’ll note that the status bar reveals the true destination. In this case I used a safe example: my Tech Tips blog. But you can see how links can easily be redirected. The status bar trick works in email, too. It’s not foolproof (the status bar contents can be spoofed as well), but it is a good place to start.
• If you get a message from someone, try doing a web search on the text of the message to see if it’s a known scam. For example, with the Skype and Yahoo Messenger trick, a quick search for “Does my new hairstyle look good? bad? perfect?” reveals news of the worm, especially if you pair the search with the word “virus.”
• Don’t let your software protections lull you into a false sense of security. Yes, you need to run good security software and keep it up to date, but the point of social engineering is to get you to click, thus bypassing your protections.
• And, as always: when in doubt, don’t click.

Don’t forget, if you subscribe to my Tech Tips email newsletter you’ll receive tips like these, plus tech support tricks and other ways you can get the most out of your PC or Mac computer. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

VeriSign iDefense has discovered a hacker selling 1.5 million hacked Facebook profiles for sale on the black market. The profiles are going for $25 for 1,000 profiles with under 10 contacts, and $45 for 1,000 profiles with more than 10 contacts.

Why sell profiles? As you can see from the pricing, it’s all about the contacts. Hacked profiles give criminals the ability to advertise to trusting users. If you get a message from a Facebook friend telling you to click a link, you are more likely to do so than if you get an anonymous spam message in your email. This is what we call spear phishing, targeted campaigns that appear to be from trusted sources. Buy profiles for cheap, trick people into clicking on malicious links or buying junk like rogue antivirus software, and voila! the criminals rake in the profits.

Hacked profiles can also be used to harvest your personal information to crack security questions for juicier targets like your bank accounts. Many people falsely consider Facebook a private environment and post all sorts of information about themselves, their families and their backgrounds. If you post a cute picture of your dog Rover and the security question for your bank is “What is your dog’s name?” you’ve just given away important information.

Likely there are more than 1.5 million Facebook profiles for sale out there. Also for sale are LinkedIn and Twitter accounts, email usernames and passwords, and la creme de la creme, bank accounts and passwords. Even your computer’s processing power can be bought and sold under your nose. It’s a whole underground economy taking advantage of you.

How can you protect yourself? Strong passwords that are unique on every system, good quality security software, and common sense before clicking links. I also encourage you to avoid posting personal information on places like Facebook, be careful of the friend requests you accept, and adjust your privacy settings to maximum. Even so, plenty of people who follow all the rules fall victim. The scams get trickier and more difficult to expose. It’s important to stay educated about computer security, which is why you should subscribe to my free Tech Tips newsletter to keep on top of the latest news.

So you’re shopping online and you start to check out. Seeing the HTTPS in your address bar, you enter your credit card number. But is that web site really secure?

Just because the site says HTTPS does not make it secure. It’s become easier for hackers to infiltrate HTTPS connections and forge digital certificates. Advanced techniques include hijacking your computer and redirecting you to a phony site that looks like the real deal, complete with HTTPS and digital certificate.

What about those icons that “guarantee” a secure web experience? Again, these can be forged, or may no longer be valid. Even a positive McAfee SiteAdvisor rating is not a one hundred percent guarantee of a valid site.

Visiting a bona fide secure web site can also result in a hijacked credit card, if your computer is infected with a keylogger virus that records everything you type.

Your best bet is to do business only with sites you know and trust, preferably those with a brick-and-mortar presence or a well-established online reputation. Be sure to type web addresses directly into your browser rather than clicking on links in email or search engine results, because these may be poisoned. Check your security protections regularly, and stay tuned to Tech Tips for the latest news.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

My Northwest Herald column this month is about rogue security software, also called scareware because it tries to frighten you into purchasing and installing it. I’ve talked about how rogues disable your real protections before (here and here), and how they take advantage of poisoned search engine results to trick you. I thought I’d show you some screenshots so you can see how rogues mimic real security software.

As you can see below, rogues look like the real deal. They pretend to scan your computer and they always display dire warnings. Note the button in the lower left corner telling you to purchase the rogue to remove the purported infections. But the real infection is the rogue itself.

Rogue security software

In this next image, the rogue is imitating Windows Security Center. Note how it claims that “Antivirus 2010″ (the rogue) is unregistered, a typical trick to get you to purchase the software.

Rogue imitating Windows Security Center

There are no limits to which rogues won’t go. Here, the rogue infiltrates Internet Explorer, displaying a false warning that claims you can’t get on the Internet unless you buy their scam software.

Rogue imitating Internet Explorer error

Another fake error message, this time the ominous Blue Screen Of Death (BSOD). Note once again the false warning claiming that you need to register (e.g. buy) the rogue to fix your computer.

Rogue faking a Blue Screen Of Death (BSOD)

Rogues will even go so far as to put messages on your Windows startup screen claiming that the product is unregistered and your computer unprotected.

Rogue hijacking Windows startup

To protect yourself, make sure your real security software is up to date, and steer clear of any advertisements or popups that claim you are infected. Be careful when searching for security tools because of poisoned search results. Your best bet is typing the name of a known software vendor directly into your browser instead of clicking on a link.

Rogues are notoriously difficult to remove, and regenerate if even the tiniest piece is left behind. Your best bet is to hire a professional familiar with how to remove rogue security software and restore your computer’s bona fide protections.

Sign up for my free Tech Tips newsletter and continue to learn how to get the most out of your PC or Mac computer. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

The real Microsoft Security Essentials is a free tool that helps protect your computer from viruses and other threats. A fake antivirus program is using the Security Essentials name to spread its infections.

Fake antivirus programs are viruses that purport to be legitimate security software. It can be very difficult to tell the tricksters from the real deal. In this case, if you run across something claiming to be “Security Essentials 2010“, stay far away.

Like other fake antivirus programs, this particular rogue hijacks your computer and prevents you from accessing the web sites of legitimate antivirus vendors. It uses hyperbole to convince you that your computer is infected, then tries to con you into paying for removal. Such tricks are becoming more common. I’ve previously written about the odious Win Antivirus 2010, a rogue that really raised the bar on how far these con artists will go in order to make money at your expense.

By itself, Microsoft Security Essentials (the real one) is not adequate security software. You need something more robust like the free or paid versions of AVG, or Trend Micro or McAfee. I’m still not recommending Norton because it’s such a memory hog, but use it if you must. Also be careful if you look for for antivirus programs via a search engine, as the con artists hijack search results to spread their dangerous look-alikes.