Friday, June 29, 2012




TRACKING COOKIES

GOOD?

BAD?

UGLY?


A recent study found that 86% of the Top Websites exposed the viewer, and PC to the sometimes nefarious "Tracking Cookie". When I'm out on a virus call, Malwarebytes usually will fine a few Tracking Cookies and the customer will ask me: "Just what does a tracking cookie do?", and for those of you who are curious, check out the article on PC WORLD HERE.



TROJAN.MILICENSO
[WE'LL NEED MORE TREES]




If you happen to come into work one morning and find your networked printers have emptied their trays printing gibberish, then I suggest you are infected with the  Trojan.Milicenso. This is not a new Trojan but after a couple years, some internal tweaks, and a new name "Adware.Eorezo" is here and doing the same thing. This is an Adware program that displays advertisements in Internet Explorer. If you think you have this, or know you have it - but can't get rid of it, try these steps suggested by Symantec which you can find HERE.

THREAT EXPLORER

This page is a good one to check on the latest threats and how dangerous they are.

BTW

If you missed it, Google has introduced it's first 7" Tablet, designed to compete with the Kindle Fire, iPad, and Nook. As a casual observer, it seems like Android OS device makers are flooding the market with new and sometimes unusual devices - then throwing them on the consumer wall to see what sticks.

Tuesday, June 26, 2012


MONDAY-TUESDAYS - ARE DAYS YOU DON'T WANT TO REMEMBER


Yep, I was off yesterday (Ed. - intensive recovery from Van Halen concert the night before. 'Nuff said), so today was my Monday, as well as my Tuesday, and I'm sure a lot of you out there knows how that goes....


So much for me. Apple made news (not via announcement, but more by someone's observation) by dropping their claims of Virus immunity from the product line. This just wasn't a smart move, it was a smart legal move. If you and your MAC have been "Off the Grid" for a couple years, let me be the first to tell ya to get some anti-virus software.


Oops! My turrets accidentally did a 180 and pointed towards Microsoft. I'm not an advertising guru, and I certainly don't claim to see the future, but I wonder who-the-heck-named-the-new-Microsoft-tablet?? Just say it a few times:

"The Surface"

"The Surface"

Nope, I still don't get it. Or, maybe I do - "The Name STINKS". I can hear the jokes now when someone scratches another's screen. The owner goes ballistic while the "scratcher" sez "Don't worry, I've only begun to scratch the Surface". [Yeah, bad joke, but nonetheless, a joke......]


Firefox 13 is out. If you don't have flash, or have what you thought was the latest Flash out there it'll tell you to "Get yer butt to the Adobe website and get the latest version". I did and guess what? Flash wouldn't install. After googling the problem I found that it was pretty wide-spread, but who wants to mess with their registries?

FINALLY FOR TUESDAY, JUNE 26th:

Tick-Tock, Tick-Tock....that's right Texans, the clock is ticking down to July 1st - after which, we will all have to pay Texas sales tax on Amazon online orders. You have less than a week to buy that big purchase.

 WBY

Monday, June 25, 2012


WHILE NOT EXACTLY A SLOW WEEK FOR VIRUSES,
LET'S TAKE A BRIEF VIRUS VACATION AND TALK ABOUT PRINTERS!

Yep, nothing like mentioning printers and then sitting back and watch the fireworks as a group of printer owners try to become "King-of-the-Hill", or, as many of see it:how many times have they had to buy ink cartridges, and how much it cost to replace them. I've been there, done that my friends, and currently have two ink-jet printers along with one monochrome laser. I decided to write this column because I still have the music from last nights "Van Halen" concert ringing in my ears and haven't hit the sack yet. I do believe that writing about printers will be potent enough to put me to sleep when I'm finished.

We get several calls a month regarding repair of someones ink-jet printer. Usually it's about six years old and many times not even and AIO (All-In-One) printer. It could be that a cartridge is stuck and they can't get it out, the plastic belt broke, some of the plastic gears broke off of it, or any number of reasons to call and ask if we can repair them. Six years is a long time in PC years and many people don't realize how inexpensive they are now. Of the two ink jet printers we have at home, one is in the closet, the other is downstairs sitting on a small table (yes, it's wireless). I had an HP ink jet a few years ago and when hunting for some ink locally and was immediately hit with sticker shock - it would cost me about $60 + tax to get what I needed, but I had to hesitate on the purchase until I got back home and got online.

I went to my go-to Internet store (AMAZON) and found the ink with a total of about $50, no tax, and free 2-day shipping, however the tingling of my IT Monkey hairs kept me from putting them in the cart and started looking at printers. The HP we had was an early 2000-2001 model, and the only complaint we had was the cost of ink. I didn't have the actual receipt, but I believe we paid about $150-$180 dollars for the printer at a Best Buy. So now it was 2011 and I was doing diligent searches on Amazon when I came across an Epson Workforce wired, or wireless ink jet AIO printer for only $74.  Two days later the printer arrived, and within 10 minutes or so the printer was unpacked, ink cartridges installed, paper put in the tray, and setup for wireless printing. I must admit - it's been a great printer to have when color is required, or a copy of something must be made, or even scanning an article and having it convert it to .PDF form and sending it to a folder on my computer on the 2nd floor. The ink has lasted a good long time as well (slightly over a year old and I just replaced the 3 ink cartridges).

**NOTE TO READER: I recently read an article (within the last couple weeks) where ink jet cartridge prices were really rising (according to the article I read, HP was raising some of theirs by a whopping 33%).

So how often do you really have to use color on a printout? Usually when I ask someone, they'll reply "I really don't use the color much at all". So, perhaps it's time to look into buying a laser printer. Sure, I know lasers were expensive back in the day, but that's not true any longer. I have a smallish looking Brother laser printer that has been used both frequently and infrequently. It's 4 years old and - I'm still on the original toner cartridge! Usually, if you happen to know someone with a Brother laser printer you'll usually hear good things about it.
The one pictured above, is the first one the popped up on my Amazon search page. It's Model Number HL2280DW and is $139.99 on Amazon's website as I type this information. There is another one I see just below it for $99.99, and it is also wireless, will print duplex (both sides of the paper) and Brother toner cartridges are only about $48. Color laser printers? Yes, Brother makes those as well, in fact, we use one at work. Brother has several color laser printers to choose from in the $200-$350 price range, and while they do indeed use color toner cartridges (meaning you'd have to buy more that one), they are priced at almost half of what an HP color laser would cost you. So check out your options when you're going to buy a new printer. Stop by the shop with a few model numbers and maybe we can help you decide, but by all means - starting thinking "LASER" for your next purchase.


Saturday, June 23, 2012




NOT UNEXPECTEDLY, AND MUCH REPEATED

"THERE'S A NEW VIRUS IN TOWN"



The first thing I'd like you to do is look at the MS12-037 bulletin on Microsoft's website [ed. - ah heck, click HERE to go to the page] And here is a brief snippet:

"This security update resolves one publicly disclosed and twelve privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

Did you catch all of that? Basically, it takes advantage of a security issue addressed by bulletin MS12-037, and once it does this it downloads malicious files onto your PC. Usually most Anti-Virus/Security firms have their own name for each virus, trojan, or worm they find.  Trend Micro's is JS_DLOADER.SMGA, and of course Microsoft issued a patch for this last month, but either it's not working, or, you are ignoring your Microsoft updates. Because they have already proclaimed IE8 "DEAD", you may be more at risk (I'm not sure, but I think they still do IE8 updates), or, download FireFox and start using it. And yes, I can already hear Vista and Win7 users moaning "O-why-O-why-did-I-go-back-to-IE8?", if you recall, it was because you couldn't get IE9 to work on sites you need access to for work, but don't worry, IE9 users are in danger as well.

But I digress....

Once the DLOADER is in place it signals back to a remote server (possibly using the Vulcan "Cloaking Shield") and downloads a .JPG file. Sounds innocent enough right? wrong. In a previous blog post I wrote about how malicious code could be written and hidden even in a .JPG photo. The code in this .JPG contains a BACKDOOR. If you're not familiar with the term, a BACKDOOR on your PC allows another user to communicate, run commands, add more viruses and control your PC via port 80. Did you notice the name of the first infection? See the "JS"? Can you guess what JS stands for? If you said "Java Script" you are correct, and if I recall, it seems like just yesterday when I reminded readers to keep their JAVA (amongst other things) up-2-date. Click on JAVA now and run an update (please).

I didn't start this Blog until January or February, but I've passed the 1,400 views mark without advertising. So to my fearless fans out in the cold and dangerous cybernet, I say "Thank You" for taking time out of our day to read it.

'Nuff Said

Friday, June 22, 2012



SHORT WORDS OF WISDOM



Remember, keep your Adobe Reader, Flash, JAVA, and Anti-virus software updated. Don't forget what I wrote earlier - go directly to the website for Reader, Flash, and Java updates [ed. - see how short that was?]

With the "Short words of wisdom" over, now let me tell you a story which I've called "Two links, but not related" [ed.- technically not related to each other, just one user]. A pc user had a problem with links in Outlook and links on a website that his company logged into to purchase items, and neither worked! One gave him a cryptic message about talking to your network administrator message, which in a 3-PC workgroup-only scenario seemed a bit odd. The first thing the IT Monkey (me) did was to check his version of Internet Explorer. He had I.E.9, so I un-installed that update which reverted his explorer back to version 8, and you guessed it - those links worked just fine now.

The user quickly tried his Outlook, and turned to me to say (I already know what he was going to say, I guess I'm gifted that way), "But it didn't fix my Outlook!", and I replied - "Correct you are, for these are links where one cure will not fix both". 'Natch, being the IT Monkey that I am, I opened up my iPad and did a google search which led me directly to a Microsoft page, which conveniently also had an auto-fix graphic to click on. A few clicks later the genie from Microsoft told us it had been done....

So, the user tried it and......yup, it was fixed, and you could almost smell the magic in the air. If you are suffering with link issues in Outlook, I strongly suggest that you go HERE. Just scroll down and look for the Mr. Fixit Icon.

'Nuff Said,
Have a good weekend.

Sunday, June 17, 2012


THERE 'S A NEW TROJAN IN TOWN:

"trojan:win64/sirefef.y"

[and it's a tough adversary - should you get it]



Yes, you could almost call this "A Tale of Two Brian's", but I leave it at that and tell you this Trojan is smart, clever, and as frustrating as another Trojan was back at the first of the year! The Trojan let's you log into your PC, and as you fervently try to get Malwarebytes going (or anything else), it reboots your system. The time it lets your PC stay "UP", is in the 50 second to just under 2 minutes time frame- You are then informed via pop-up it's shutting down the computer.

Safemode? Safemode w/networking? safemode command prompt? same results. After an hour of sweat layered on my skin I began to think "This is one of those rare ones that I'm going to have to bring back to the shop" (I even brought in my two wheeler after the first hour).

I had my Microsoft "OFFLINE DEFENDER SECURITY CD" with me which identified the files, but when it came to deleting them all I got was an error message. I did write down the path though, just as the whistle blew telling me it was the 7th inning stretch and time was running out - 2 more inning's and it was back to the showers. 

Basically what worked:

Using the customers other PC (laptop) I d/l'd the latest 64bit version of "Offline Defender" from MS (making a USB stick a bootable Offline Defender), ran the scan and it found it, and removed it (twice)

Next, PC allowed me to do multiple runs of Combofix, autoruns, Malwarebytes, etc.

Several combofix/Mbam's later and so far - 2 days later, the customer has seen no further problems.

The "other" Brian, whose image is distorted as he is now in the "virus protection system"

P.S.- Many thanks to the unnamed "Brian" who was savvy enough to read up on the Trojan and try a few things before I arrived that saved me time!

Friday, June 15, 2012

THE QUESTION IS:
"WHO DO YOU BELIEVE"?

I just read an article with a headline that read "Apple's iPad is running circles around Android". Several different surveys and groups were used in mining the information, but they all seemed to agree on this fact, and threw out a few numbers:  Apple's 2011 share of the market would rose from 58.2% to 62.5% this year (so far), while Androids declined from 2001's 38.7% to 36.5% this year (so far). They had more to say, but yadda-yadda-yadda.

I then went to PC World's website to see what was "new and interesting", and the first thing I see is the headline: "Androids Beating Out iPad in business and IT".

For now, I believe, it's like the age old question, "Should I leave my PC "On" tonight, or turn it "Off"?

P.S. - By now most of you have heard about the huge virus/trojan called "FLAME". Evidently FLAME infected machines have been given a suicide command - to destroy any and all evidence of itself so it won't leave any clues laying about on any individuals or Countries that may have been involved.

Friday, June 8, 2012


WHAT ALL THOSE PASSWORDS HACKS MEAN TO YOU?

I'm taking away your sandbox if you had your head stuck in the sand again. Passwords/Information "Hacks" [i.e.- stealing] seem to run in waves, for example: like a Sine-wave. Yahoo and and Facebook have already had their names in the headlines, and this weeks victims are no less unknown: LinkedIn, eHarmony, and LAST.FM (owned by CBS and Cnet.com). With a show of hands [or perhaps answering the survey to the right], who uses the same passwords on more than one website? Many of the customers I visit use one password for everything which is not a good thing to do. Let's get creative and come up with some new passwords! 

Thursday, June 7, 2012

JUNE BUGS



June bugs make noise, and sometimes sleep intermittent. But the bug I'm talking about are ones that are related to computers and Smart Phones (I didn't laugh). There was the 20k file that infected your computer via excel, and in the last couple of days we can add two others:
Yes, this is an impressive start, with new security holes and other issues happening every day this month.  If they apply to you - read them. If the don't apply to you - read them anyways. If you have a friend suffering from one of these maladies, you'll be their hero!

Monday, June 4, 2012

TOO MUCH OF A GOOD THING IS, WELL, TOO MUCH OF A GOOD THING


I was doing some virus removal the other day and on this particular computer they had AVG (Free version), Microsoft Security Essentials (also free), an expired McAfee anti-virus suite, and active McAfee search toolbar (free), and a Current Norton 360 Ver.5 anti-virus suite on just this one computer! (don't get me started on CC Cleaner, PC-Doctor, Comcast free Norton, etc.).

The call was scheduled because their PC seemed a bit slow, but I'm sure they felt like their Dell P4 with 256MB of RAM should be able to handle this. Granted, they were running XP, but can you imagine only having 256MB of RAM?? I can imagine it, and I shudder each time I think about it. STEP 1, was running back to the truck to see if I had come compatible memory that I could put into the computer - I did. At least now I could get my diagnostics program to boot (but not run).

STEP 2 - Uninstalling all but their paid up subscription to Norton 360. After what seemed like endless reboots, the programs were gone and the PC was much faster than when I first arrived. Defragging the hard disk helped even more. This brings me to STEP 3 - To run my virus/trojan/rootkit utilities. Quite often when you have more than one anti-virus running, not only will it slow the PC down, but make it EASIER for a virus, trojan, or worm to slip through. 45 minutes later, the Malwarebytes Quick scan finished with a grand total of 1,113 infections. My other utility (good for rooting out rootkits, did not find any, however, it detected a little over 2500 Trojans on the computer).

Three hours, countless reboots, a recommendation that they change all of their internet passwords, a pinky-swear that they would run a quick-scan with Malwarebytes twice-a-month, and the sale and install of one DDR2 stick later - I left. 

The moral of this story [ed. - well maybe 2 morals], is find a good anti-virus [I always recommend Symantec Internet Security 2012], keep it up-to-date and let it do it's job. The 2nd one is pretty simple: Memory is cheap (perhaps cheaper than it's ever been) - buy as much as your PC and OS will use.

TODAY'S SERMON HAS ENDED



DANGER

DANGER




There's a nasty bugger of a PowerPoint file going around now and hopefully you'll read this here, or anywhere to save you some grief, and $$$.

As one "might" expect, it has a secret Flash component which exploits a security hole in certain versions of Adobe Flash [ed. - keep that Flash updated!!].

As you would expect, targets will be mostly business addresses with subject's like "Here's the final version of the PowerPoint presentation", or, "New revision, take this one on your trip instead of the old one", etc. One opened, the Flash component goes to work and opens a backdoor to your computer for possible information gathering, potential bot operations, or to load other malicious information onto your PC. It's a dangerous world out there - be careful.

Oh! that black dot in the picture? It's just a Black Hole sucking your companies information from you. Sleep easy tonight.

Sunday, June 3, 2012

"TIMBA" IT'S ONLY 20K IN SIZE
BUT A BIG RISK

A new Trojan called TIMBA has been discovered, and unlike many of it's larger counterparts it's the size of some "Cookies". This little devil will worm it's way deep into your brower (IE or F.Fox) and has the brains to steal logons, passwords, and other data! Read the article HERE.

AND....
(ALSO FROM PC WORLD)

Ransomware Scam Accuses People of Viewing Child Porn, Tells Them to Pay Up

"Online scammers’ latest ploy is a scheme that lures Internet users to install ransomware on their computers, which then makes them think they violated federal law by viewing child porn and must pay a fine.

The Internet Crime Complaint Center (IC3) is warning people about a new Citadel malware platform used to deliver ransomware, named Reveton." See screenshot of the scheme and read more about it HERE.