From the Mind of Marc... » Virus Protection

Norton releases 2011 product betas

Marc — Wed, 21 Apr 2010 18:40:27 +0000

Norton recently released its 2011 line of products in their beta form, meaning they are available to people for free to test while they continue to develop and refine based on user feedback. You can read a more in-depth review from PC Magazine here: http://bit.ly/98ZVGp.

Free way to avoid web-based malware.

Marc — Mon, 20 Apr 2009 19:58:20 +0000

AVG is now providing its LinkScanner product free to download. LinkScanner will scan web pages as you surf and warn you if a page you visit is trying to install malware or is compromised in some way. It’s a good idea to use it, considering that the web is the most popular way to deliver malware these days. You can read a quick overview of the product here and download it at http://linkscanner.avg.com. There is free support available from AVG at http://freeforum.avg.com.

One of Conficker’s purposes revealed….

Marc — Fri, 10 Apr 2009 21:21:56 +0000

It looks like all that updating Conficker did on April 1st and in the past few days had a reason: to push rogue anti-spyware software. According to several security software vendors, Conficker is dropping a program called SpywareProtect2009 on infected machines. The purpose of rogue anti-spyware programs is to scare users into paying for the software to clean up infections that the software itself has downloaded to the machine. Typically these programs will besiege the user with large pop-up windows proclaiming, in big red letters, that the computer is infected with hundreds of pieces of malware. If you receive any of these so-called warnings, don’t click on any of them. Run your security software (Norton, McAfee, Trend Micro, etc) to remove the threat. You can also go to any of the security vendors’ websites to get free removal tools for Conficker or any of the rogue anti-spyware programs. Check out our previous blog posts here for more information on Conficker and how to check for and remove it.

Conficker is alive.

Marc — Thu, 09 Apr 2009 13:13:46 +0000

It’s been in the news recently, and we’ve talked about it here in previous posts and newsletters. The Conficker worm came to life yesterday according to TrendLabs, Trend Micro’s blog. It apparently downloads a file from other infected machines via P2P, similar to how file and music sharing services like Limewire work. From the TrendLabs blog:

Trend now detects this new Conficker variant as WORM_DOWNAD.E. Some interesting things (well at least in our perspective) found are:

(Un)Trigger Date – May 3, 2009, it will stop running
Runs in random file name and random service name
Deletes this dropped component afterwards
Propagates via MS08-067 to external IPs if Internet is available, if no connections, uses local IPs
Opens port 5114 and serve as HTTP server, by broadcasting via SSDP request
Connects to the following sites:
- Myspace.com
- msn.com
- ebay.com
- cnn.com
- aol.com

It also does not leave a trace of itself in the host machine. It runs and deletes all traces, no files, no registries etc.

Read more: DOWNAD/Conficker Watch: New Variant in The Mix? - http://blog.trendmicro.com/downadconficker-watch-new-variant-in-the-mix/#ixzz0CBXDoaOb

If you think you might be infected, use the Conficker eye chart to confirm, and follow the PC Mag Security Blog steps to help remove it; or give us a call.

The Conficker Worm

Marc — Thu, 09 Apr 2009 12:00:34 +0000

A particularly nefarious piece of malware has been in the news a lot lately: Conficker. Also known as Downadup and the April Fools worm, it is very sneaky and difficult to detect. Fortunately, because of its popularity, there has been a lot of research done to figure out ways to stop it from spreading and to remove it from machines that have been infected. The easiest way to determine if you have been infected with Conficker is to use the Conficker eye chart (available here). Part of Conficker’s programming is to block access to well-known security software vendors’ websites, such as Symantec and Trend Micro. The “eye chart” has a legend that explains what you should see if you don’t have Conficker, and also what you see if you do have Conficker. If the chart appears normal, then you most likely haven’t been infected; if there are some images missing, then you probably have Conficker. Don’t panic though, it can be fixed. You can access a list of steps to remove Conficker here, or you can give us a call. Even if you don’t have Conficker, make sure you have the latest version of your preferred security software and that it’s up-to-date. We recommend Norton Internet Security 2009 (available here).

Downadup = 4/1 (or: Conficker set to do something on April 1)

Marc — Mon, 30 Mar 2009 18:45:29 +0000

Conficker (also known as Downadup) is a pretty nasty worm that has three known variations (A, B, and most recently C). It gets onto your machine through a Windows security flaw that was patched in October of 2008, and is programmed to call a sequence of control servers for updates and presumably other nasty activities. Recently, Kaspersky Labs, a security software and research company, was able to figure out the list of names the worm would check for updates and teamed with OpenDNS to block these attempts. Now researchers are saying that the worm is programmed to do something on April 1. What that is, they don’t know; they only know that it is set to “call home” on that day. Fortunately, there are many ways to remove the worm if you’ve been infected. And as always, keeping your antivirus and antispyware software up-to-date and installing Windows updates will help protect your machine.

Reminder!!!

Marc — Tue, 17 Mar 2009 00:05:27 +0000

Over the past couple of months, I’ve seen a lot of machines infected with malware. In about 80% of the cases, I’ve had to completely reinstall Windows to clear up the problems. Not only is this time consuming (It takes 2-3 days depending on how busy we are) but it’s also expensive for the customer. So much can be avoided by running the latest internet security suite (I recommend Norton Internet Security 2009, available here) and keeping it up to date. If you think your machine is infected, run a scan using your security software. If you don’t think you’re running the latest version, you can do a free scan using Spyware Doctor (available from PC Tools here) or Trend Micro’s online scanning tool (on our website here, then click Free Tools). As always, if you have any questions or need help, just give us a call.

Educating the average computer user

Marc — Mon, 13 Oct 2008 20:12:58 +0000

Occasionally someone will tell me that I’m talking over their head. More often, they will just nod in agreement to make me think they understand. Don’t get me wrong, some people really do understand my poor attempt to explain a technical problem in lay terms; but most people probably do not. I try to make it as non-technical as possible, but it’s difficult when there just isn’t an easy translation from techno-speak to everyday language. Because of the complexity of computer security, most people don’t understand the importance or know the how-to of keeping their computer secure and virus free. To that end, Symantec (the parent company of Norton) has created a “cult icon” superhero called Norton Fighter. You can read more about their endeavor here. Unfortunately, Norton Fighter exists only in Japan at this point; but the idea is good. Hopefully it will encourage more security companies to come up with creative ways to explain the complexities of computer security to the average user. And the next time I start getting carried away with the techno-speak, feel free to tap me on the shoulder and bring me back down to earth.

Free scanning tools

Marc — Tue, 02 Sep 2008 23:27:31 +0000

I was just reading an email from Microsoft promoting a free scanning tool from their OneCare service, so I decided I’d post here about it and also include some links to a couple other scanning tools.

The first time I ran the scanning tool from OneCare, it crashed Internet Explorer. Not a good sign, but it could have something to do with all the other windows I had open at the time. The second time, it finished completely. It took a while to scan, a little over an hour and a half, most likely because it was performing other scans in addition to just a virus and spyware scan (it also scans the registry, temporary files, disk fragmentation, and network security). All in all it seems like a decent tool to use in addition to your existing software. I still wouldn’t reccomend OneCare as your primary security suite because it has gotten very poor reviews; the number one reccomendation is still Norton Internet Security. If you want a full rundown of the latest security suites, check PC Mag’s full review here.

Here are some links to free scanning tools:

TrendMicro’s HouseCall and RUBotted (click on the Free Tools tab)

Panda’s ActiveScan 2.0 (registration required)

Microsoft’s OneCare

Spam, spam, and more spam…

Marc — Tue, 02 Sep 2008 20:41:52 +0000

It seems that the spam never ends these days. In a previous post, I wrote about a new wave that looked like it came from CNN, Microsoft, and later, MSNBC. That seems to have slowed down as everyone caught on that it was a hoax, but the general sea of spam has kept up at a steady pace. I just wanted to remind everyone about the basics of good email safety: never open a message from someone you don’t know; never click on a link in an email (if you have to go to the link, such as a bank, open your browser and type in the address); don’t send your personal information via email; no reputable company will EVER ask you for either your personal information or your account information via email, so don’t send it. The most popular spam email subjects I’ve seen lately are “security updates” from small banks; the oldie but goodie “You’ve received an ecard”; and of course the ever present porn subject line. A couple months ago, I wrote an email newsletter about email and computer safety that you can read here.