Rss

Archives for : malware

Time to clarify what Geico, State Farm, and OnStar are selling you

No to in-car monitoring

Progressive claims this tool is used for discounts only

“You’ll save with our snapshot discount,” “State Farm has identified you as driving a vehicle with OnStar built into it. We are offering you a discount for having this service.” and there are many other examples of this.

Let us get to the heart of what this is.

For those of you who like to drive all over town but tell your insurance carrier that you drive to work and back only, these devices will root your out and you will receive a hefty price increase instead of the promised price decrease.

Someone would have to be nuts to allow any insurance company to monitor your activity, your driving habits, or let OnStar share your driving information with anyone. Why?

Simple…if you have ever heard of the term “red lining,” which is taking the crime statistics from any community and drawing a red mark on a map and anyone living or working in those areas get to pay higher car insurance rates because you are more at risk than someone who lives and works in a more affluent part of town.

That means that, in terms of odds, you are more likely to have something happen to your insured vehicle. It also means that the insurance company is more likely to see a claim from you.

So enter this world of “snapshot”,”OnStar”, and the various other devices insurers are trying to dangle in front of you attached to a word, “discount”, in order to get you to bite.

And enough people are biting on this lure and companies like Geico, Progressive, State Farm, All-State, and many others are trying to do anything to get you to let them spy on you more than they already are.

But the information that those devices record about your driving habits are tied into your computer. So if you change cd’s or the radio station while driving, if you change lanes without signaling due to a driver or animal moving into your path, or even something as innocuous as braking too severely will count against you and your discount will eventually morph into a significant rate increase.

From the Snapshot provider’s website about the device:

“Data We Collect:
The Snapshot device records vehicle speed and time of day, and when the device is connected and disconnected from the vehicle. It also records the Vehicle Identification Number upon installation. Other information, such as miles driven and rates of acceleration and braking, is derived from the speed and time information recorded by the device.”

Think about this…insurers tie your credit record into your auto insure rate. They tie in things like non-fault accidents into your rate. That’s not to mention the number of times you’ve been uninsured or placed into a high risk pool.

In short…don’t do it. Keep insurers out of your car unless of course, you are the perfect driver and you never drive anywhere except to home and work or home and school.

And for the record…this is, in my opinion, a polite way of asking “can we please put spyware on to your car’s computer to monitor you?”

I’m back and posting; more Symantec code stolen; and why your Apple really needs an antivirus

After a nine month hiatus, I am back and posting. No I did not have a baby but I did change jobs. I’m no longer the DOD contractor geek but now I’m a full time college professor teaching, among other things, security.

So let’s get started…Symantec initially said that hackers may have stolen their code base but it was for old products. Well that was not entirely truthful. Symantec’s latest announcement said that source code for Norton Antivirus Corporate Edition, Norton Internet Security, pcAnywhere, and Norton GoBack had been taken. This is in addition to the Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 that the company acknowledged two weeks ago.

What does this mean? Well if you are one of the many who use Symantec products, it means that you will need to be very careful about what updates for the Symantec software you download. Some of it could be fake.

Also puncturing a hole in a mythical secure operating system, is F-Secure’s announcement that the number of trojans, malware, and loaders for Apple MacOS products climbed this week.

Last year, F-Secure noted that Apple products enjoyed a roller-coaster ride of security. With some months being better than others. Best bet…if you have a Mac, get an antivirus.

And finally…I will be revamping this site a little now that I have more time to devote to it. Remember that the key to keeping crap off of your home computer is to be smart and not download or visit sites that are known for pushing malware on to user’s PC’s. Use Firefox with the NoScript add-in and above all else…stay away from porn and gambling sites.

Clicking on an Osama picture can be hazardous to your computer

Malware purveyors keep looking for the next thing to convince you to click on download/”Look at this!” type of links. Sunday night’s announcement of Osama Bin Laden’s (I don’t really care if I spell that name right–the terrorist doesn’t deserve for it to be spelled correctly) death and the subsequent details coupled with America’s thirst for blood and gore mean that the pickings are ripe for malware purveyors.

So Facebook users…you’re up first. You are a prime target because most of you are not all that computer saavy and most click on anything that looks tantalizing…afterall if it looks salacious it must be awesome, right? And also if no one knows I clicked on the gory details link, what’s the worst that can happen? After all, there is that big “X” in the upper right hand corner of my browser right?

The FBI knew this was going to happen and issued a press release to the American public warning people about such links:

“The FBI today warns computer users to exercise caution when they receive e-mails that purport to
show photos or videos of Usama bin Laden’s recent death. This content could be a virus that could
damage your computer. This malicious software, or ‘malware’, can embed itself in computers and
spread to users’ contact lists, thereby infecting the systems of associates, friends, and family members.
These viruses are often programmed to steal your personally identifiable information.”

So what does this mean to you, the common user? It’s simple. Until the Obama administration announces it has released photographs and/or videos, there are no such things. You should pay full attention to the FBI’s warning. Click on nothing that you do not know. Click on only those things you were expecting and from trusted sources after using your anti-virus/anti-malware to the fullest.

Finally…if you do accidentally stumble into one of these traps…follow the regular steps to remove malware viruses from your computer. If you don’t know what these are, then you should be extra careful about the things you click on.

The Epsilon Breach Just Keeps Getting Worse

When it first happened, media from CNN, Fox, Time, NY Times, Washington Times, and other popularity driven news organizations did the lazy thing and reported the press release that Epsilon and those companies who turned over your personal information to Epsilon wrote to give the information they wanted you to think was true.

Epsilon Breach Press release

But the information contained in that release, like most press releases, is misleading at best and downright false at worst.

Here’s why…spam and spear phishing are the least of your worries in a breach of this kind. Coupled with other information email addresses, usernames, and companies you deal with can tell a lot about you and give identity thieves and identity sellers, loads of personal information to gain access into your life.

Not to mention that the folks who stole this information want you to turn over your computer to them. While they don’t want the electric bill from running it, they do want to use its CPU cycles, ram, and hard drive space to rent out to spammers, malware providers, adware servers, adult oriented material, child pornography, and let’s not forget about general mischief.

So how do you protect your from all of this sad activity?

1) Never click on links in incoming emails.
2) Use a good anti-virus/anti-malware/firewall.
3) Use common sense. Do not load photos/images just because a friend, an acquaintance, or someone else you may know sent them to you. Using steganography, a user can load javascript loaders, into the cutesie images that are sent to you and those can be used to begin delivery of malware, spyware, or other stuff you just don’t want on your system.
4) Stop sending emails that are meant to be forwarded. These give hackers an idea about which users are more susceptible to attack than others.

Finally–the reason why spam and malware continue to spread is because people are allowing the tools that come with their PC’s to expire, or just think a sofware firewall is sufficient. And let’s not forget the profit margin. Sending spam is quite profitable and people keep opening it, reading it, and responding to it.

It’s so profitable in fact, that many of the original spam factories of the 90’s are now legitimate email marketing companies.

So please…take responsibility for your computing actions. If you cannot afford to pay for the Symantec/McAfee software subscription that comes with your new computer…have a tech remove it and install Microsoft Security Essentials, AVG, Avast, Avira, or some other free anti-virus option.

Two Facebook search boxes are worse than one

FaceBook resource site, AllFacebook.com is announcing today that Facebook itself is denying testing a web search tool and additional search box on your page. The “search box” which looks like this:

Facebook fake search box from AllFacebook.com

Facebook fake search box from AllFacebook.com

 

So now the question is…what is this and what can you do about it?

Well Facebook has a tool created in cooperation with McAfee that can help you locate, isolate, and remove any malware that may be on your system.

http://www.mcafee.com/US/

If you have questions..just ask.

Video Malware attacks on Facebook

See any posts like this lately?

Example of malware video post on Facebook

Here is an example of a malware video post on Facebook

This is the latest wave of malware loaders to hit Facebook. Facebook assumes that you are a responsible PC owner and leave it up to you what you will and won’t click on.

But make no mistake…this is a trojan horse that delivers a negative software load on to your pc and may create a bigger hole for worse stuff to load on to it later down the line.

If you click on one of these links accidentally…immediate use the Kill IE button we created last night and then download a copy of MalwareBytes. Then update the MalwareBytes definitions and finally run a scan on your system.

Warn your friends and family members who are on Facebook about this and let’s stop this replication.

Be leery of videos that say “SICK” “FUNNY” or anything else that seems unusual. Also look at the url that the video is hosted on. If the video comes from YouTube, Vevo, MTV, Comedy Central or other trusted sources you are okay.

If the video is hosted on a site you have never heard of…DON’T CLICK ON IT!

Build your own IE “eject” button

Sometimes Google sends you to sites where there is no safe place to click.

If you ever find yourself on a page that locks your browser up so that your only choice is to click on a site manufactured pop-up; then you need an eject button and I am going to show you how to make one.

Step one, right click anywhere on your desktop that is empty and choose Create New –> Shortcut

Kill IE shortcut button

An icon/button that you can use to shutdown IE safely

Now you need to give the shortcut some direction and tell it what to do. The command that you would type in DOS to kill IE is:

C:\Windows\System32\taskkill.exe /F /IM iexplore.exe /T

So you need to enter this command into the Target field and then select okay.

Kill IE Screenshot 2

Adding in the command into the target field in Windows new shortcut

Next step–name the shortcut. I call it KillIE.exe

Kill IE Shortcut Screenshot 3

Name that new shortcut

Now you have a perfectly good shortcut to kill a locked browser safely. There is a technical reason why we will kill Internet Explorer in this manner but trust me, this is safer than use CTRL-ALT-DEL/task manager.

Why? Because this way is a rude way to exit IE. Task Manager uses a polite mechanism which politely unloads the content from the Windows. This polite manner gives scripts that lock up your browser a chance to save their place and store data on your computer. The Kill IE tool/shortcut not only simply kills the IE session, it can also be modified to work on Firefox, Chrome, Opera, and other browsers and it is safer because it does not allow a site to grab a foothold on your system.

Questions? Ask John

Could it be true? A Mac OS trojan?


Sophos’ Naked Security blog is reporting that they have discovered a Mac OS X backdoor trojan.

Now in plain English…people have flocked to Macs in part because they feel like they are safer and to a degree that is correct. There are fewer viruses, malware, and junk written for the Mac OS in part because the Mac OS X is based on the Unix platform.

That means that it is that much harder for writers of these tricks have to get the same payoff they would get on the Windows OS.

Now the difference between a Mac and a Windows PC is now only software. Mac’s are made on Intel chips, with the same integrated products that may be on your personal Windows computer right now. In fact…check our Franken-macs and see how some innovative users are finding ways to install the Mac OS X operating system on to their home made computers.

So why is it harder to build a virus/trojan/malware/or junk for a Mac? Well in part, think about who you are using your Windows computer as. You are running it as the system administrator most of the time. You are not running this as a plain user which has no installation or administration rights. This means that a piece of software that can load on to a Windows system is pretty much guaranteed on installing itself with Administrator privileges and thus it can run without your knowledge or permission.

Microsoft tried to correct this with a clunky User Access Control (UAC for short) but so many people complained because it wasn’t convenient enough and that it balked at everything they tried to do. Well imagine how that would have happened in a plain user scenario. The user would not be allowed to install anything so they probably would never be pushed to grant permission for an image to load or for a javascript to run.

But running your Windows PC as an Admin means you will likely never know that software with bad intent has landed on your machine. So where does that leave you?

Yup…wishing you had a Mac. But now Mac users are having to think a little harder and find a tool that will help protect their system. Most rely on just the MAC/Unix OS to protect them and their data but a trojan, which is a piece of software pretending to be something useful, can gain a foothold on your system and begin chipping away at your Mac’s known insecurity levels.

So what’s a Mac user to do? Well there are many Mac anti-virus programs available. Many are available for free.

My research has indicated that iAntivirus would be the best bet because it’s definitions and routines are meant solely for the Mac OS and will not include any Windows information.

There are other freebie anti-virus tools for you as well: ClamAV, Avast, BitDefender, and others. Norton/Symantec makes what my research shows as the weakest protection for your Mac.

What about the guys who are getting credit for uncovering this trojan, Sophos? Well they are useful to the consumer but they are expensive and they are designed to be a business/enterprise anti-virus that home users can use. So you should ask yourself…do I need enterprise level protection in my daily activities?

Plus you should do your own research. Don’t take my word on everything…read some for yourself and because your own expert and advocate.

You can find all of these anti-virus tools on CNet’s Download.com

Download.com’s AV list