Triona's Tech Tips

If you get a phone call saying you have a virus on your computer, hang up.

As reported by researcher Orla Cox on Symantec’s blog, the sellers of fake antivirus and security software have gone old-school and are now phoning victims to peddle their snakeoil. Cox posed as a computer novice to investigate:

Once I was connected to one of their agents I explained my problem to them. My computer was running really slowly and crashing a lot. The agent, “Brian”, proceeded to tell me that I was the victim of a virus that had entered my computer over the Internet. He walked me through opening up the Event Viewer and asked if I saw any errors or warnings in there.

[Note from Triona: That's because Event Viewer's purpose is to log what Windows is doing. These errors and warnings are part of normal operations and don't necessarily correspond to problems.]

Cox continues:

Naturally, I did. Brian then told me that these were indications of a virus infection. Was it serious, I asked? Brian said yes. Sounds ominous. Thankfully there was help at hand though… To clean up the computer, and also to avail of their software maintenance service, I could pay a yearly subscription fee of 129 euro. I could also pay 250 euro for a two year subscription. Brian was pushing hard for me to go for the two year option but in the end we agreed to go for just a one year subscription.

Cox was then urged to send an email with name, address, phone number, email address… and credit card details. If your red flags haven’t already been raised, that should send them to the top of the pole. No legitimate company would ever ask you to email your credit card details, that’s like a burglar asking you to stick your keys under the doormat.

Why are the miscreants behind rogue security software resorting to this tactic? Remember, it’s all about social engineering: the art of getting you to breach your own protections. Real security programs have become so good that the best way to commit cybercrime is to trick you, the person at the keyboard. Just as no security in the world can protect your house if you unlock the door, no security software can protect your computer if you can be tricked into bypassing it. That’s why these scams are called scareware — because they try to scare you into falling for their tricks.

Don’t be a victim of scareware scams. When in doubt, hang up on that fake call, ignore those phony “antivirus” warnings and pay no attention to spam emails. If you think you may have a virus use a real program like AVG’s free antivirus, Malwarebytes’ malware scanner and Trend Micro’s online House Call scanner to determine if you’re infected.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

The battle for your computer has stepped up a notch, as fake security software now offers real tech support. Talk about twisted!

As I’ve written before, rogue security software pretends to be real antivirus and anti-malware software in order to commandeer your computer. It disables your bona fide protections and claims that you must purchase their super-duper software to save you from invented infections. Now, they’ve added a “support” option as further bait. After all, if the software offers you tech support by live chat and email, it must be legitimate, right? And so much money is being made on this fake software that they can actually afford to hire real people to provide said tech support! It’s a whole new take on social engineering, the unethical art of doing anything and everything to manipulate you.

Remember, rogue security software will not protect you; it will leave you vulnerable. Your best protection is to stick with security programs from known vendors. Norton, McAfee, AVG, Trend Micro, and avast! are all real companies with real products. Although I’m still not enamored of Norton and McAfee (see why), you’re certainly better off with them than a rogue. Become familiar with what your regular antivirus program looks like. If you sit down at your computer one day and see something different, be very suspicious. Also, be careful if you do a web search for antivirus software, because many of the “sponsored links” lead you to fake programs. Once fake security software is on your computer, it’s extremely difficult to remove. And don’t fall for the trick “uninstaller,” which leaves remnants of the rogue to regenerate itself.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

A recent wave of viruses that propagate via Skype and Yahoo Messenger illustrate the principles of social engineering: how viruses bypass security precautions by tricking you into letting them in.

The Skype and Yahoo Messenger worms distribute themselves via messages like  “Does my new hairstyle look good? bad? perfect?” and “My printer is about to be thrown through a window if this pic won’t come our right. You see anything wrong with it?” The accompanying link appears to point to an innocent jpg, but when you click on it you are actually running the worm.

Don’t confuse social engineering with social networking. Social networking means interactive Web 2.0 sites like Facebook, MySpace, LinkedIn and Twitter. Social engineering is the art of tricking you into installing viruses or malware on your computer. PC and Mac users alike can be drawn in by social engineering scams.

Social engineering is a common tactic used by viruses and malware. The Twitter worm we discussed in February uses direct messages to entice users into visiting a pseudo-Twitter login page that harvests login credentials. Scams like the faux Facebook Update arrive via email, and contain links to malicious web sites. Rogue antivirus software is all about social engineering: make users think their computers are infected with viruses that can only be removed by purchasing the fake software.

How do you avoid social engineering scams?

• Links can look legitimate when they’re not. For example, I can spoof a link that says: http://support.microsoft.com. Now, before you click that, mouse over it without clicking and look at the status bar at the bottom of your web browser. (If you don’t see the status bar, go to the View menu and make sure Status Bar is checked. It may be under the Toolbars sub-menu.) You’ll note that the status bar reveals the true destination. In this case I used a safe example: my Tech Tips blog. But you can see how links can easily be redirected. The status bar trick works in email, too. It’s not foolproof (the status bar contents can be spoofed as well), but it is a good place to start.
• If you get a message from someone, try doing a web search on the text of the message to see if it’s a known scam. For example, with the Skype and Yahoo Messenger trick, a quick search for “Does my new hairstyle look good? bad? perfect?” reveals news of the worm, especially if you pair the search with the word “virus.”
• Don’t let your software protections lull you into a false sense of security. Yes, you need to run good security software and keep it up to date, but the point of social engineering is to get you to click, thus bypassing your protections.
• And, as always: when in doubt, don’t click.

Don’t forget, if you subscribe to my Tech Tips email newsletter you’ll receive tips like these, plus tech support tricks and other ways you can get the most out of your PC or Mac computer. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

VeriSign iDefense has discovered a hacker selling 1.5 million hacked Facebook profiles for sale on the black market. The profiles are going for $25 for 1,000 profiles with under 10 contacts, and $45 for 1,000 profiles with more than 10 contacts.

Why sell profiles? As you can see from the pricing, it’s all about the contacts. Hacked profiles give criminals the ability to advertise to trusting users. If you get a message from a Facebook friend telling you to click a link, you are more likely to do so than if you get an anonymous spam message in your email. This is what we call spear phishing, targeted campaigns that appear to be from trusted sources. Buy profiles for cheap, trick people into clicking on malicious links or buying junk like rogue antivirus software, and voila! the criminals rake in the profits.

Hacked profiles can also be used to harvest your personal information to crack security questions for juicier targets like your bank accounts. Many people falsely consider Facebook a private environment and post all sorts of information about themselves, their families and their backgrounds. If you post a cute picture of your dog Rover and the security question for your bank is “What is your dog’s name?” you’ve just given away important information.

Likely there are more than 1.5 million Facebook profiles for sale out there. Also for sale are LinkedIn and Twitter accounts, email usernames and passwords, and la creme de la creme, bank accounts and passwords. Even your computer’s processing power can be bought and sold under your nose. It’s a whole underground economy taking advantage of you.

How can you protect yourself? Strong passwords that are unique on every system, good quality security software, and common sense before clicking links. I also encourage you to avoid posting personal information on places like Facebook, be careful of the friend requests you accept, and adjust your privacy settings to maximum. Even so, plenty of people who follow all the rules fall victim. The scams get trickier and more difficult to expose. It’s important to stay educated about computer security, which is why you should subscribe to my free Tech Tips newsletter to keep on top of the latest news.

My Northwest Herald column this month is about rogue security software, also called scareware because it tries to frighten you into purchasing and installing it. I’ve talked about how rogues disable your real protections before (here and here), and how they take advantage of poisoned search engine results to trick you. I thought I’d show you some screenshots so you can see how rogues mimic real security software.

As you can see below, rogues look like the real deal. They pretend to scan your computer and they always display dire warnings. Note the button in the lower left corner telling you to purchase the rogue to remove the purported infections. But the real infection is the rogue itself.

Rogue security software

In this next image, the rogue is imitating Windows Security Center. Note how it claims that “Antivirus 2010″ (the rogue) is unregistered, a typical trick to get you to purchase the software.

Rogue imitating Windows Security Center

There are no limits to which rogues won’t go. Here, the rogue infiltrates Internet Explorer, displaying a false warning that claims you can’t get on the Internet unless you buy their scam software.

Rogue imitating Internet Explorer error

Another fake error message, this time the ominous Blue Screen Of Death (BSOD). Note once again the false warning claiming that you need to register (e.g. buy) the rogue to fix your computer.

Rogue faking a Blue Screen Of Death (BSOD)

Rogues will even go so far as to put messages on your Windows startup screen claiming that the product is unregistered and your computer unprotected.

Rogue hijacking Windows startup

To protect yourself, make sure your real security software is up to date, and steer clear of any advertisements or popups that claim you are infected. Be careful when searching for security tools because of poisoned search results. Your best bet is typing the name of a known software vendor directly into your browser instead of clicking on a link.

Rogues are notoriously difficult to remove, and regenerate if even the tiniest piece is left behind. Your best bet is to hire a professional familiar with how to remove rogue security software and restore your computer’s bona fide protections.

Sign up for my free Tech Tips newsletter and continue to learn how to get the most out of your PC or Mac computer. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

The real Microsoft Security Essentials is a free tool that helps protect your computer from viruses and other threats. A fake antivirus program is using the Security Essentials name to spread its infections.

Fake antivirus programs are viruses that purport to be legitimate security software. It can be very difficult to tell the tricksters from the real deal. In this case, if you run across something claiming to be “Security Essentials 2010“, stay far away.

Like other fake antivirus programs, this particular rogue hijacks your computer and prevents you from accessing the web sites of legitimate antivirus vendors. It uses hyperbole to convince you that your computer is infected, then tries to con you into paying for removal. Such tricks are becoming more common. I’ve previously written about the odious Win Antivirus 2010, a rogue that really raised the bar on how far these con artists will go in order to make money at your expense.

By itself, Microsoft Security Essentials (the real one) is not adequate security software. You need something more robust like the free or paid versions of AVG, or Trend Micro or McAfee. I’m still not recommending Norton because it’s such a memory hog, but use it if you must. Also be careful if you look for for antivirus programs via a search engine, as the con artists hijack search results to spread their dangerous look-alikes.

The next time you do an online search for something, pause before you click. Some of the results you receive are poisoned links to malicious sites that may infect your computer with viruses and malware.

Search engines don’t verify that keywords match results, nor that sites are free from infection. Sponsored ads are particularly notorious. If you do a search for “Windows antivirus”, the paid results are often links to fake antivirus programs just waiting to lure you in.

I advocate the use of link-checkers such as McAfee SiteAdvisor or LinkExtend for Firefox. These free add-ons indicate through red, yellow or green icons whether links are safe to visit. Even so, you should always be cautious. Make sure your security software is up to date and that you have the latest versions of programs like Adobe Reader and Flash (here’s why). You can also run Secunia’s Online Software Inspector to check the status of your security protections.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Starting in 2010, I’m writing a monthly technology column for The Northwest Herald. In January’s column, Old Software Poses Risk Of Viruses, I talk about how outdated versions of your software can open the floodgates. Here are some previous Tech Tips articles on how you can protect yourself:

• Old Versions Of Internet Explorer Vulnerable To Viruses
• Fall In Love With Secunia Personal Software Inspector
• Mozilla Firefox Expands Check For Unsafe Plug-Ins
• No Click Required: Malware Via Infected Ads

Below you’ll find links to related resources including those mentioned in the column.

• Adobe Acrobat Reader updates
• Flash updates
• Mozilla Firefox plug-in check
• Microsoft Update for Windows, Office, Internet Explorer
• Apple Software Updates for Mac OS, iTunes, Safari, iPhone and iPod
• Secunia Online Software Inspector for Windows

Your free email subscription to Tech Tips includes bonus tips, tricks and product reviews. Through January 31, 2010, new subscibers will also receive a special gift: my IT Business Continuity Checklist. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

This week sees the public release of Microsoft Windows 7. I’ll be giving you an in-depth look at Windows 7 in next month’s Tech Tips (so don’t miss your free subscription and special gift). To whet your appetite, let’s talk about whether or not you should upgrade.

If you use Windows, you’ll have to upgrade eventually, especially if you haven’t already made the leap to Vista. Many people have delayed this either because they don’t like the changes to the Windows look-and-feel, or because they have software that isn’t compatible. But, as I said in a previous article:

It’s sad to say, but our decisions to upgrade have become less about whether we need it for productivity and more about whether our computers can remain functional against the continual onslaught of cyber-attacks. Remember, Windows XP is 8 years old. These attacks are sneaking through despite our best defenses. Windows Vista is no panacea, but its improvements in security offer better protection.

This is even more true of Windows 7, which improves on Vista’s security while eliminating some of the headaches that slowed Vista adoption, notably incompatibility with drivers. In the past most of us have chosen to hold off until the first Service Pack comes out, but in this case we may not have that luxury. Hardware makers aren’t likely to support three versions of Windows, so they will be eager to get everyone off XP as soon as possible by making new equipment Vista- and Windows 7-compatible only. Between that, the Internet threat risk and Microsoft’s lifecycle policy, XP’s days are numbered.

The good news is, Windows 7 is supposed to be more stable than Vista, so waiting for the first Service Pack isn’t a necessity. Also Windows 7 comes with a compatibility mode for XP, which may make migrating your applications easier.

If you have an older computer and are considering an upgrade anyway, Windows 7 is a wise choice. If your computer is less than three years old and doing what you want it to do, you don’t have to move to Windows 7 right away. But plan for the future, knowing you will eventually have to make that leap even if you’re not fond of Windows 7′s Vista-like look.

Are you planning to move to Windows 7? Why or why not? Click Comments to discuss.

Through November 1st, 2009, new subscribers to the free email version of Tech Tips will receive a special tip sheet on Four Easy Ways To Protect Your Computer. Just click here to sign up.

We all know the risks of computer viruses, but what do you do if you think you have one?

First, follow Douglas Adams’ advice: Don’t Panic! Run your antivirus and anti-spyware software to see if they can remove the infection. Windows users might try the free online virus scanners from McAfee and Trend Micro. Malwarebytes is a good Windows resource for removing spyware and other kinds of virus-like intruders. Mac users should try the free programs Avast for Mac or ClamX AV.

Some viruses are easily removed, but others embed themselves deep within your computer. The worst-case scenario is having to format and reinstall your computer from scratch, which is why backups are a must.

There are some commonly-held misconceptions about how to prevent computer viruses.

• Adding “aaaa@aaaa” to your address book doesn’t work. It was a trick from years ago that only applied to one particular virus… for about five minutes, until the virus-writers wrote a workaround. These days it’s the equivalent of fighting a wildfire with a squirt gun.
• Booting into Safe Mode also doesn’t work. Safe Mode is used to diagnose computer problems by starting Windows into a minimal version where only the basics are loaded. Most of your software won’t function and the virus will remain in the background, chewing on your system.
• Fake antivirus software and computer cleaners will only add to your woes. Ads for these run rampant across the Internet, especially when you’re searching for legitimate tools like the ones I mentioned above.
• Fake security bulletins claim to be magic cure-alls, but they’re far from it. They are scams out to trick you into clicking on malicious links and further infecting your computer.
• Fake pop-up Web windows pretend to scan your computer, but they are also scams trying to trick you into clicking them.

Your best protection is prevention. Maintain good backups and stay tuned to Tech Tips for the latest computer news. Through November 1st, 2009, new subscribers to the free email version of Tech Tips will receive a special tip sheet on Four Easy Ways To Protect Your Computer. Just click here to sign up.

In November I’ll teach you about Do-It-Yourself Tech Support. If you have any computer questions, let me know.