Pensacola Computer Help Technoblog

This past week, Facebook has once again been the target of a massive malware attack, this time through a huge emailing campaign that sent out millions of fake emails that read “Because of the measure taken to provide safety to our clients, your password has been changed. You can find your new password in the attached document.” – Of course, the attachment is malware that includes password stealing Trojans, downloaders and scareware fake antivirus software. Opening the attachment is of course on of the big no-no’s in computer security – you should never ever open an attachment unless you specifically know the person and that they have told you that they were sending you an attachment. Facebook continues to be one of the highest used vectors for the spread of malware, and a lot of the danger comes from the inadequate security measures that Facebook takes in regards to its users.

Also this week, the cybercriminals have targeted college basketball fans and celebrity gossip watchers (specifically the Jesse James/Sandra Bullock story).  These criminals have very slickly optimized their malware infested webpages for the search engines. Security biggee Mcafee reported that 5 out of the first 10 hot searches on Google Trends were sites that had been hacked to serve malware. Most of these sites are not dangerours to systems that are protected, however there are many people who do not keep their antivirus/antispyware software up to date and are vulnerable.

The greatest defense to all of these things is of course to not visit such sites – however that is not always practical. Keeping up to date security software, and never EVER downloading software without knowing the source, and never EVER opening attachments in emails without first verifying the source and content are important practices to follow. Remember, if you get a pop-up saying to update your Flash player, or Quicktime or anything else, Do NOT allow it to install anything – instead go to the source of the software, ie: Adobe.com for Flash, or Apple for quicktime etc.

Here in Pensacola, approx 60% of the computers I have had to clean malware and viruses off of got infected from Facebook, so for users of this popular social networking site, I advise extra caution. One of the easiest ways to get infected on Facebook is from a friend who has had their account hacked (usually because of using an easy to guess password – make sure to always use a complex password on such sites!).  One an account is hacked, the hackers send out messages to all the friends on the persons lists, usually with links to infected websites, so be careful even of messages from friends!

For links to great free and paid for antivirus and antispyware, visit Pensacola Computers.Com Tech Support page

Lately I have been seeing more computers infected with the Vundo Trojan, which as one of the ill effects constantly bombards users with Antivirus 360 messages that their computer is infected. This program should not be confused with Norton’s 360 (which in my opinion is almost as bad, but not malware). The infections it tells users are on their machines are bogus, and are often critical Windows Files. Of course they want you to buy their product in order to ‘clean’ your system, however what you buy is actually more spyware/malware. Unfortunately, in many cases if your computer is infected with this, there is a chance that you also have other infections, and while there are tools such as Malwarebytes Anti-Malware and Spybot S&D that can help remove some of these, they often cannot get everything (it is a hit or miss kind of thing).

The best thing of course is not to get infected in the first place, which can be done by keeping up to date Windows updates, a good antivirus, and usually a couple anti-spyware products, and of course not downloading anything that you aren’t sure of what it is. Many of these spyware products are installed when you install supposed ‘video codecs’ or by viewing infected videos and even music files (stay away from the file sharing sites). You can also be infected by malicious code that can attack your computer from social networking sites like MySpace and Facebook (never click on a link that you aren’t sure of, nor download any kind of ‘media viewer’ from these sites).

If you do get infected, you can try a system restore (hopefully you have a restore point that is before you got infected), as well as run full antivirus and anti-spyware scans. Many times it is best to run these scans in Windows Safe Mode (press the F8 key when the computer is first booting). Safe mode will load only essential drivers and services and often the antivirus/antispyware software will have better success at killing these pesty infections. Of course, before attempting any cures, it is a good idea to make sure you have critical data backed up (and make sure you scan your backups for viruses/spyware before putting it back on your system once it is cured!)

Win Antivirus 2009, it’s not an antivirus program, rather it is a particularly nasty piece of malware that will infect your machine, tell you that your machine is infected (all the stuff it says you are infected with is bogus), and will try to get you to purchase something that will ‘clean’ your system, when in fact it will just infect it further. What is particularly nasty about this program is that it often bundles even more garbage on your system and the resultant infection can be almost impossible to remove. Besides hitting you with constant popups telling you that your system is infected, it will slow your internet browsing to a crawl, redirect your web searches, and it, or one of the other bits of crap it installs, can disable your antivirus, block you from downloading products that can actually detect and remove some parts of it, disable your system restore points, replace critical system files, install other nasties like keyloggers which can steal your passwords, infect your email program and send off copies of other malware to your contacts, and generally just make your system unusable.

While I have read of many different methods to remove this infection, due to the nature of it, the only guaranteed way to ensure a clean system after a nasty infection like this is to wipe the drive and reinstall Windows. This is often the cheapest (in terms of time) and pretty much the only sure fire way to make sure your system is clean.

So how do these infections spread? There are a few ways that such nasty malware is spread across the internet, some of the more popular ways are through email attachments (never open attachements unless you know specifically that someone was sending you something, as even if the email comes from a friend, they themselves may be infected, and it is the virus that sent the email and not them), another way is through false ‘updates’, like if you go to a website that says something like “in order to view this content you need to update your flash player, or quicktime, or you need some kind of codec” – when you get something like this, NEVER install from that site. If you actually do need an update to flash, go to adobe.com, for quicktime, go to apple.com, for other codecs, go to the manufacturer. Once you have the latest update, or if you already do, and you still get those kind of popups, then you can be pretty much assured that it is a scam. These kind of things can also come from some spoofed Ecard sites, ie: you get an email from a known friend or associate that has a link to view an ecard they sent you, and when you go to the site, it says something like “click here to install the ecard viewer” – this is most commonly another way to install garbage on your computer.

Most importantly, make sure you are running current antivirus and antispyware programs. If you are unsure of something, don’t click on it. If you do get infected, as soon as you experience symptoms, try to do a system restore to a point before you got infected (sometimes you can’t as the system restore points are removed by the virus). In cases where you can’t get rid of it, take it to a professional, or if you are comfortable doing it yourself, back up all your important files, and reinstall Windows (a fresh install of Windows can be a good thing in terms of bringing back the speed to your system). Just make sure to update Windows with all the patches and service packs before venturing back out onto the internet!

Recently I have had a lot of people come to me with Virus and Spyware infected computers, and many people have asked me why has this happened to them, and if it is even safe anymore to go on the internet. My answer is of course not easy – it is yes, and no. Yes the internet can be safe if you take reasonable precautions. Never open email attachments (even from people you know) unless you specifically know that someone was sending you something. Many viruses will infect a computer, harvest email addresses from address books on it, and unknowingly to the computer owner, send copies of itself to all that persons contacts. Always run a current Antivirus and Anti-spyware product (usually a combination of anti-spyware products is best, though never run more than one Antivirus).  Make sure that Windows is up to date with the latest security patches (these generally are released on Tuesday’s, although Microsoft will sometimes release them on other days if it is a serious threat that they address. Never, ever, click on links in an email as they are often what are called misleading links – although the link may say something like https://yourbank.com, the actual link may be something like https://yourbank.com.imahackerinchina.cn (you can tell the actual link by right clicking on it, choosing copy link, then pasting it in a text document). These malicious links can be anything from a spoofing site (designed to get your passwords), to a site with malicious code that will try to hijack your web browser, or download a virus or spyware.

You should also run some kind of firewall on your computer to keep hackers out – the best solution is to use a hardware router with a built in firewall along with some kind of software firewall. The router solution is often the best first line of defense as a hacker will generally only see the router and not any of your computers behind it. Also, beware of file sharing sites such as limewire, and torrents. Many of the files shared on these networks, in addition to being illegal copies, are full of viruses and spyware.

Most infections on computers get there because at some point, the computer user clicked a button allowing something to be installed. All the security in the world cannot do much if a user allows something to be installed in the first place. While most good Antivirus and Antispyware products will catch malicious programs when they are downloaded and installed, when a new Virus or Spyware program is first released on the internet, it often takes a while before the Antivirus/Antispyware software will have updated definitions to find it. If you happen to allow it to be installed, by the time the security software on your computer finds it, it may well be to late as many of these malicious programs can pretty much wipe out a Windows installation (and for you Mac users out there – Macs are no more secure than Windows in any way, as a matter of fact they are more vulnerable in many ways – it’s just that there aren’t many viruses that are written to attack them - yet).

In the end, your best defense is common sense and using good security practices. The other important thing, and this is probably the MOST IMPORTANT: always, always keep current backups of your important files. If by chance your computer does get a bad infection, often a Windows Reinstall is the best, cheapeast, and easiest way to safely remove it, however if you don’t have backups, this can cause additional problems as well as costs.

Lately, one of the nastiest spyware/viruses out there causes pop-ups that tell you your computer is infected – this is just another ploy to get you to click and buy even more garbage. Unfortunately, some of these infections are very nasty because they disable your system restore, redirect your web browser, and some will even stop you from installing programs that can find and kill them.

Some of these real nasty ones are what they call polymorphic – they will recreate themselves using random file names, hide copies of themselves all throughout your files, and some will even release time bombs (applications that lay dormant for a specific period of time, making them very hard to be found and killed). While most of these infections can be removed, sometimes the removal process is very time consuming (sometimes not though), and there comes a time when you have to balance whether it is worth the time to try to kill these vermin, or if it is a better use of time to just wipe and reinstall Windows (reinstalling Windows is sometimes the only guaranteed way of ridding yourself of some of these pests for good).

So what can you do to protect yourself? First, make sure you have up to date antispyware and antivirus programs and definitions. Scan your computer regularly. Never open unknown Email attachments. And NEVER install anything that you aren’t sure of (many times these malicious files come when you visit a website and you get a box telling you that you need to install something to view the content) – generally if it isn’t something that you can get from a reputable site, like Adobe’s flash, or Windows media player, or  Java, you could be risking your computer’s health by downloading an unknown plugin or program.