From the Mind of Marc... » Malware

Free way to avoid web-based malware.

Marc — Mon, 20 Apr 2009 19:58:20 +0000

AVG is now providing its LinkScanner product free to download. LinkScanner will scan web pages as you surf and warn you if a page you visit is trying to install malware or is compromised in some way. It’s a good idea to use it, considering that the web is the most popular way to deliver malware these days. You can read a quick overview of the product here and download it at http://linkscanner.avg.com. There is free support available from AVG at http://freeforum.avg.com.

Conficker is alive.

Marc — Thu, 09 Apr 2009 13:13:46 +0000

It’s been in the news recently, and we’ve talked about it here in previous posts and newsletters. The Conficker worm came to life yesterday according to TrendLabs, Trend Micro’s blog. It apparently downloads a file from other infected machines via P2P, similar to how file and music sharing services like Limewire work. From the TrendLabs blog:

Trend now detects this new Conficker variant as WORM_DOWNAD.E. Some interesting things (well at least in our perspective) found are:

(Un)Trigger Date – May 3, 2009, it will stop running
Runs in random file name and random service name
Deletes this dropped component afterwards
Propagates via MS08-067 to external IPs if Internet is available, if no connections, uses local IPs
Opens port 5114 and serve as HTTP server, by broadcasting via SSDP request
Connects to the following sites:
- Myspace.com
- msn.com
- ebay.com
- cnn.com
- aol.com

It also does not leave a trace of itself in the host machine. It runs and deletes all traces, no files, no registries etc.

Read more: DOWNAD/Conficker Watch: New Variant in The Mix? - http://blog.trendmicro.com/downadconficker-watch-new-variant-in-the-mix/#ixzz0CBXDoaOb

If you think you might be infected, use the Conficker eye chart to confirm, and follow the PC Mag Security Blog steps to help remove it; or give us a call.

Happy April Fool’s Day

Marc — Wed, 01 Apr 2009 20:51:52 +0000

So April 1st is here, and the end of the world has not been brought about by the Conficker worm… as far as we know. However, Conficker is still around, and if you are not sure whether or not you have it, it’s better to be safe. PC Magazine has put together a checklist of steps to make sure your machine is not infected; it’s available here. If you just want to download the scanning and removal tools, you can get them from the Conficker Working Group site here. And make sure you have installed the latest Windows updates and any updates for your security software (you DO have security software right?!?!?).

PS- This is NOT an April Fool’s joke.

Macs attacked again… through pirated software.

Marc — Mon, 30 Mar 2009 18:57:23 +0000

A while back, Adobe was getting ready to release its Creative Suite 4. A pirated version of the software showed up on file-sharing networks, where a Mac version was available, and bundled with a Trojan horse. Unsuspecting users who installed it were immediately infected. In January, researchers found more malware in pirated versions of Apple’s new iWorks ‘09. And once again, pirated software for the Mac is being passed around embedded with malware. A good rule of thumb is that you should never install pirated versions of anything (on Windows or Macs) because it is illegal, and usually comes with malware.

Downadup = 4/1 (or: Conficker set to do something on April 1)

Marc — Mon, 30 Mar 2009 18:45:29 +0000

Conficker (also known as Downadup) is a pretty nasty worm that has three known variations (A, B, and most recently C). It gets onto your machine through a Windows security flaw that was patched in October of 2008, and is programmed to call a sequence of control servers for updates and presumably other nasty activities. Recently, Kaspersky Labs, a security software and research company, was able to figure out the list of names the worm would check for updates and teamed with OpenDNS to block these attempts. Now researchers are saying that the worm is programmed to do something on April 1. What that is, they don’t know; they only know that it is set to “call home” on that day. Fortunately, there are many ways to remove the worm if you’ve been infected. And as always, keeping your antivirus and antispyware software up-to-date and installing Windows updates will help protect your machine.

Reminder!!!

Marc — Tue, 17 Mar 2009 00:05:27 +0000

Over the past couple of months, I’ve seen a lot of machines infected with malware. In about 80% of the cases, I’ve had to completely reinstall Windows to clear up the problems. Not only is this time consuming (It takes 2-3 days depending on how busy we are) but it’s also expensive for the customer. So much can be avoided by running the latest internet security suite (I recommend Norton Internet Security 2009, available here) and keeping it up to date. If you think your machine is infected, run a scan using your security software. If you don’t think you’re running the latest version, you can do a free scan using Spyware Doctor (available from PC Tools here) or Trend Micro’s online scanning tool (on our website here, then click Free Tools). As always, if you have any questions or need help, just give us a call.

Getting spammed by CNN and Microsoft…

Marc — Mon, 11 Aug 2008 20:33:31 +0000

A new round of spam has been showing up in inboxes the past 2 weeks. The first round purports to come from CNN, with the subjects “Daily Top Ten” or “My Custom Alerts”; the other looks like it is from admin@microsoft.com and has the subject “Internet Explorer 7″. The gotcha in the CNN spam is a link to supposed CNN videos that require you to download and install “Flash Player”; of course the download is actually malware and will infect your computer. As always, never open any unsolicited email, even if it seems to come from a legimate source.