Triona's Tech Tips

If you get a phone call saying you have a virus on your computer, hang up.

As reported by researcher Orla Cox on Symantec’s blog, the sellers of fake antivirus and security software have gone old-school and are now phoning victims to peddle their snakeoil. Cox posed as a computer novice to investigate:

Once I was connected to one of their agents I explained my problem to them. My computer was running really slowly and crashing a lot. The agent, “Brian”, proceeded to tell me that I was the victim of a virus that had entered my computer over the Internet. He walked me through opening up the Event Viewer and asked if I saw any errors or warnings in there.

[Note from Triona: That's because Event Viewer's purpose is to log what Windows is doing. These errors and warnings are part of normal operations and don't necessarily correspond to problems.]

Cox continues:

Naturally, I did. Brian then told me that these were indications of a virus infection. Was it serious, I asked? Brian said yes. Sounds ominous. Thankfully there was help at hand though… To clean up the computer, and also to avail of their software maintenance service, I could pay a yearly subscription fee of 129 euro. I could also pay 250 euro for a two year subscription. Brian was pushing hard for me to go for the two year option but in the end we agreed to go for just a one year subscription.

Cox was then urged to send an email with name, address, phone number, email address… and credit card details. If your red flags haven’t already been raised, that should send them to the top of the pole. No legitimate company would ever ask you to email your credit card details, that’s like a burglar asking you to stick your keys under the doormat.

Why are the miscreants behind rogue security software resorting to this tactic? Remember, it’s all about social engineering: the art of getting you to breach your own protections. Real security programs have become so good that the best way to commit cybercrime is to trick you, the person at the keyboard. Just as no security in the world can protect your house if you unlock the door, no security software can protect your computer if you can be tricked into bypassing it. That’s why these scams are called scareware — because they try to scare you into falling for their tricks.

Don’t be a victim of scareware scams. When in doubt, hang up on that fake call, ignore those phony “antivirus” warnings and pay no attention to spam emails. If you think you may have a virus use a real program like AVG’s free antivirus, Malwarebytes’ malware scanner and Trend Micro’s online House Call scanner to determine if you’re infected.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

It may be hard to believe, but some of the best software is free. Try out these fabulous freebies:

1) AVG Antivirus (Windows)
AVG offers some of the best security suites on the market, and they make the antivirus component free for personal use. If you’re looking for greater protection, try the paid AVG Internet Suite which also includes anti-spyware and a firewall.

2) Malwarebytes (Windows)
I use Malwarebytes to rid computers of the worst spyware infections. It doesn’t offer continual protection (you’ll need a security suite for that) but it can help get rid of anything that may sneak through.

3) CutePDF Writer (Windows)
Need to create a PDF file? Try this quick, free program. (Mac users, use the built-in Print to PDF option under the File menu.)

4) Mozilla Thunderbird (Windows and Mac)
A free email program that rivals Outlook and spotlights Outlook Mac equivalent Entourage’s shortcomings.

5) OpenOffice (Windows) and NeoOffice (Mac)
Why pay for Microsoft Office when you can get the same functionality for free? OpenOffice and NeoOffice can open and save Word, Excel and PowerPoint documents with ease.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Today Microsoft released an off-schedule update to fix a bug in Windows that could allow your machine to be infected simply by browsing a list of files with Windows Explorer. This emergency update applies to Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008. You can read the Microsoft security bulletin here.

Microsoft’s normal monthly updates arrive the second Tuesday of the month, otherwise known as Patch Tuesday. Off-schedule updates are typically only released in cases like this, where vulnerabilities are being actively exploited by viruses and malware. One particular virus is especially virulent. A variant of the Sality virus, it disables your security software and downloads more malware onto your computer.

If you have Automatic Updates enabled you’ll eventually get this update, but to make sure you are protected as quickly as possible visit update.microsoft.com and make sure you install update MS10-046 (aka 2286198).

The battle for your computer has stepped up a notch, as fake security software now offers real tech support. Talk about twisted!

As I’ve written before, rogue security software pretends to be real antivirus and anti-malware software in order to commandeer your computer. It disables your bona fide protections and claims that you must purchase their super-duper software to save you from invented infections. Now, they’ve added a “support” option as further bait. After all, if the software offers you tech support by live chat and email, it must be legitimate, right? And so much money is being made on this fake software that they can actually afford to hire real people to provide said tech support! It’s a whole new take on social engineering, the unethical art of doing anything and everything to manipulate you.

Remember, rogue security software will not protect you; it will leave you vulnerable. Your best protection is to stick with security programs from known vendors. Norton, McAfee, AVG, Trend Micro, and avast! are all real companies with real products. Although I’m still not enamored of Norton and McAfee (see why), you’re certainly better off with them than a rogue. Become familiar with what your regular antivirus program looks like. If you sit down at your computer one day and see something different, be very suspicious. Also, be careful if you do a web search for antivirus software, because many of the “sponsored links” lead you to fake programs. Once fake security software is on your computer, it’s extremely difficult to remove. And don’t fall for the trick “uninstaller,” which leaves remnants of the rogue to regenerate itself.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

If you get an email from Facebook saying there is a message for you, do NOT click on the link. Visit Facebook’s site directly instead to respond to any and all messages.

Like the Facebook update scam I dissected for you a few months ago, this latest scam tries to trick you into clicking a potentially malicious link by mimicking a legitimate Facebook message. Take a look at this screenshot and compare it to the Facebook update scam. You’ll see similarities, including the use of Facebook formatting and logo as well as a legitimate-looking link. However, the link actually redirects you to a malicious site. The site on this particular message has already been blocked as being harmful; it probably belongs to some innocent victim whose web site was hacked to deliver viruses or harvest passwords a la the Twitter DM worm. But there are plenty of other phony sites out there that may not have been blocked.

In my case I was alerted to the scam because I’d never heard of the people from whom the messages were purportedly sent, but that’s not a foolproof way to tell if a message is fake or not. Facebook accounts can be hacked, and false messages sent. This grants the fake messages an undeserved level of trust because they come from someone you know–and that’s the point. Cybercriminals know people are unlikely to click on unsolicited links and far more likely to click on something sent by someone they know. The best way, as I said, is to distrust all email links no matter who they’re from. You are far safer visiting the Facebook site directly and checking your messages from there.

We’ve talked before about Facebook privacy, or lack thereof. Facebook is facing such public scrutiny over privacy, it’s hard to keep up with the number of changes they’ve made. They’ve expounded upon their improvements to news media and set up a page dedicated to privacy. But given the popularity of social networking sites and the multitude of ways they can be exploited to trick unwary users, I expect privacy will remain an issue for some time to come.

Many people believe the illusion of privacy offered by social networking sites. They think they are conversing in a private setting, when in reality that information can easily end up on search engines and other public places. Google and other search engines routinely index data from Facebook and other social networking sites, and data can slip through even if your privacy settings are set to maximum.

Security also remains a concern for Facebook users. Clickjacking–tricking users into clicking links–has become so prevalent on Facebook it’s earned its own term: “likejacking.” A recent worm using link-bait such as “The Prom Dress That Got This Girl Suspended From School” has infected hundreds of thousands of Facebook users. Clicking the link marks it as “like” to your Facebook friends, giving it unwarranted credibility and helping to spread the worm. Worms like this may also attempt to gain control of your Facebook page or use malicious code to introduce viruses into your computer. Other scams use recent events like the World Cup to entice you into clicking links that purportedly go to video clips. You are then prompted to download software to view the videos, but the downloads are viruses. All those links that claim you will get X number of goodies for Farmville or other games are mostly scams. Criminals may even try to “friend” you from phony accounts so they can target you for burglaries and other crimes.

In other words, social networking sites are about as secure as sieves. What’s a Facebook user to do? My advice is to remember that anything you say on the Internet is public, regardless of your privacy settings. Don’t post information about your children, your vacation plans, or other information than could be used against you. Be wary when clicking on links, and make sure you have a good security suite that is continually updated. And, as always, stay tuned to Tech Tips for the latest computer news.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Computer infections go by many names: viruses, Trojan horses, malware. But there is a particular class of infections that is not only malicious but nearly invisible in nature.

Keyloggers are virus-like programs that capture everything you type on your computer. Because they sit between your applications and the software than drives your keyboard, they are difficult to detect and harder to remove. They are often invited by viruses that have already infected your computer. There are even hardware keyloggers that can be secretly installed between the keyboard cable and your computer.

Keyloggers are seen in conjunction with rootkits, software designed to capture control of your computer. Anti-rootkit tools can help keep keyloggers at bay. Although these tools are not yet part of standard security suites, in the future I anticipate we’ll see more commercial protections against keyloggers and rootkits.

In the meantime, how do you protect yourself? The usual recommendations apply: run a strong security program, avoid clicking on links, and make sure all of your software is up to date. It’s far easier to avoid keyloggers and rootkits than it is to remove them.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Did you know you can expand your web browser’s functionality? Extensions (also called add-ons or plug-ins) are little programs that run within Internet Explorer, Firefox, Safari, and other web browsers. While extensions offer increased options, they also pose security risks.

Some extensions are probably familiar to you. One of the most popular, Flash, lets you see video content on the Web. Flash also illustrates the risks of extensions. Viruses can enter your computer through malicious Flash content, especially if you’re running an older version of the extension. Most people don’t realize that browser extensions, like all software, need to be updated.

To solve that problem, several months ago Mozilla introduced a check for Firefox to help users find and update their extensions. Mozilla is now offering this free service for other browsers. To maximize your computer security, become familiar with the extensions you’re running. The easiest way to do that is to visit Mozilla’s extensions check page, but you can also find them under Tools>Manage Add-Ons (Internet Explorer), Tools>Add-Ons (Firefox), and Help>Installed Plug-Ins (Safari).

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

A recent wave of viruses that propagate via Skype and Yahoo Messenger illustrate the principles of social engineering: how viruses bypass security precautions by tricking you into letting them in.

The Skype and Yahoo Messenger worms distribute themselves via messages like  “Does my new hairstyle look good? bad? perfect?” and “My printer is about to be thrown through a window if this pic won’t come our right. You see anything wrong with it?” The accompanying link appears to point to an innocent jpg, but when you click on it you are actually running the worm.

Don’t confuse social engineering with social networking. Social networking means interactive Web 2.0 sites like Facebook, MySpace, LinkedIn and Twitter. Social engineering is the art of tricking you into installing viruses or malware on your computer. PC and Mac users alike can be drawn in by social engineering scams.

Social engineering is a common tactic used by viruses and malware. The Twitter worm we discussed in February uses direct messages to entice users into visiting a pseudo-Twitter login page that harvests login credentials. Scams like the faux Facebook Update arrive via email, and contain links to malicious web sites. Rogue antivirus software is all about social engineering: make users think their computers are infected with viruses that can only be removed by purchasing the fake software.

How do you avoid social engineering scams?

• Links can look legitimate when they’re not. For example, I can spoof a link that says: http://support.microsoft.com. Now, before you click that, mouse over it without clicking and look at the status bar at the bottom of your web browser. (If you don’t see the status bar, go to the View menu and make sure Status Bar is checked. It may be under the Toolbars sub-menu.) You’ll note that the status bar reveals the true destination. In this case I used a safe example: my Tech Tips blog. But you can see how links can easily be redirected. The status bar trick works in email, too. It’s not foolproof (the status bar contents can be spoofed as well), but it is a good place to start.
• If you get a message from someone, try doing a web search on the text of the message to see if it’s a known scam. For example, with the Skype and Yahoo Messenger trick, a quick search for “Does my new hairstyle look good? bad? perfect?” reveals news of the worm, especially if you pair the search with the word “virus.”
• Don’t let your software protections lull you into a false sense of security. Yes, you need to run good security software and keep it up to date, but the point of social engineering is to get you to click, thus bypassing your protections.
• And, as always: when in doubt, don’t click.

Don’t forget, if you subscribe to my Tech Tips email newsletter you’ll receive tips like these, plus tech support tricks and other ways you can get the most out of your PC or Mac computer. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

VeriSign iDefense has discovered a hacker selling 1.5 million hacked Facebook profiles for sale on the black market. The profiles are going for $25 for 1,000 profiles with under 10 contacts, and $45 for 1,000 profiles with more than 10 contacts.

Why sell profiles? As you can see from the pricing, it’s all about the contacts. Hacked profiles give criminals the ability to advertise to trusting users. If you get a message from a Facebook friend telling you to click a link, you are more likely to do so than if you get an anonymous spam message in your email. This is what we call spear phishing, targeted campaigns that appear to be from trusted sources. Buy profiles for cheap, trick people into clicking on malicious links or buying junk like rogue antivirus software, and voila! the criminals rake in the profits.

Hacked profiles can also be used to harvest your personal information to crack security questions for juicier targets like your bank accounts. Many people falsely consider Facebook a private environment and post all sorts of information about themselves, their families and their backgrounds. If you post a cute picture of your dog Rover and the security question for your bank is “What is your dog’s name?” you’ve just given away important information.

Likely there are more than 1.5 million Facebook profiles for sale out there. Also for sale are LinkedIn and Twitter accounts, email usernames and passwords, and la creme de la creme, bank accounts and passwords. Even your computer’s processing power can be bought and sold under your nose. It’s a whole underground economy taking advantage of you.

How can you protect yourself? Strong passwords that are unique on every system, good quality security software, and common sense before clicking links. I also encourage you to avoid posting personal information on places like Facebook, be careful of the friend requests you accept, and adjust your privacy settings to maximum. Even so, plenty of people who follow all the rules fall victim. The scams get trickier and more difficult to expose. It’s important to stay educated about computer security, which is why you should subscribe to my free Tech Tips newsletter to keep on top of the latest news.