Remove Them Now

How to Tell if your Computer has A virus

Mon, 09 Apr 2012 21:32:04 +0800

How to Tell if your Computer has A virus

Kaspersky Pure 2012 Review

Sat, 31 Mar 2012 19:38:06 +0800

Kaspersky Pure 2012 Review

Funny malware, related pics: Malwarebytes

Sat, 24 Mar 2012 17:00:05 +0800

Funny malware, related pics: Malwarebytes

New wave of phishing attacks serves malware to PCs and Macs

Sat, 24 Mar 2012 13:00:06 +0800

In the past few weeks, I’ve noticed an alarming increase in fraudulent email messages coming to some old, well-established email addresses of mine.

It’s not just the quantity of messages that’s noteworthy, it’s the quality as well. This particular wave of attacks includes some attacks that are frighteningly real looking. And they’re being used to serve up a toxic brew of malware to unprotected systems.

Consider these two examples of messages I received this week. The first appears to be a fraud alert from American Express:

It has all the right logos, and the wording has the same professional tone and grammatical accuracy I would expect of a legitimate communication from American Express. Unlike many phishing messages, this one made me look much more closely, and I suspect that the click-through rate was higher than most such attempts.

Related:

In the screenshot above, I’ve rested the mouse pointer over one of the links in the message. It doesn’t lead to an official AmEx site, but rather to a compromised site hosted at a domain in the Czech Republic.

Even more interesting is the destination. Historically, phishing attacks try to re-create a legitimate site, with the goal of convincing the victim to enter his or her username and password. Clicking this link led to a site that served up a variant of the Blacole (aka “blackhole”) exploit capable of installing a very nasty data-stealing Trojan on a PC or Mac that’s running outdated versions of Java, Adobe Shockwave, Adobe Acrobat and Reader, and other third-party software.

The target sites are probably running outdated WordPress installations that were remotely compromised to serve up a collection of exploits aimed at unpatched systems.

Another wave of messages to this account appeared to be from LinkedIn (ZDNet’s Dancho Danchev also flagged this attack earlier in the week). Again, they were skillfully done. Even a cautious recipient could be convinced to click one of the target links.

This sample led to another compromised website serving up a similar collection of exploits from the Blacole family.

Update: Danchev has more details on the LinkedIn wave of attacks in this post at the Webroot Threat Blog:

The campaign is using real names of LinkedIn users in an attempt to increase the authenticity of the spamvertised campaign.

The cybercriminals behind the campaign are currently relying on thousands of compromised legitimate sites, in an attempt to trick Web reputation filters into thinking that the payload is not malicious. Combined with the ever-decreasing price for launching a spam campaign through a botnet, the cybercriminals behind the campaign will definitely break-even from their original investment, and achieve a positive ROI (return on investment).

Mac users aren’t immune from this type of attack either. In recent weeks, security researchers I stay in touch with have observed an uptick in installations of the OSX/Flashback Trojan, which can be installed automatically via Java exploits or interactively, via social engineering.

The best protection available for this type of attack isn’t antivirus software; it’s a good spam filter and an effective update routine. Most of these messages were correctly flagged as spam by Microsoft Outlook, which moved them to the Junk E-mail folder and disabled all links. It also converted the HTML to plain text, making the fraudulent links obvious.

That combination of measures effectively kneecapped the potential exploit. To trigger the infection, the recipient would have to move the message to the inbox and then click on the booby-trapped link.

Even if a user could be convinced to click on the links, the exploits in question won’t work on a system that is properly updated. The exploits used in the two attacks I saw were aimed at vulnerabilities that were found and patched in 2010. Sadly, the population of computer users who ignore third-party software updates is big enough for this type of attack to be successful.

Apple Doesnt get Malware? Hmmmm….. Let me think again for...

Sat, 24 Mar 2012 10:00:05 +0800

Apple Doesnt get Malware? Hmmmm….. Let me think again for the second time once more…

"Hunger Games" Search Results Hide "Poisoned" Online Surprises

Sat, 24 Mar 2012 07:42:40 +0800

WHAT/WHY:
The dystopian world of the “Hunger Games” has enraptured millions of fans around the world, and cybercriminals are paying attention. Following the wild success of the young adult novel trilogy, the first blockbuster installment of the series is slated to hit the big screen on March 23, and where there are curious fans scouring the Internet for information and exclusive sneak peeks, there are crafty cybercriminals looking to capitalize.

While video tutorials on character Katniss Everdeen’s trendy braid are innocent enough, Norton has found that a variety of searches related to the movies and books are turning up malicious results. Although difficult for the average user to distinguish, these “poisoned” links can instantly infect your computer with viruses, keylogging programs (which allow criminals to monitor your typing) and other software that can wreak havoc on your smartphone, computer or tablet. Ensuing problems can make you feel as though you’re battling against your devices.

To date, we have seen malicious results related to fans trying to find the copies of the full movie online and also on Suzanne Collins, author of the novels.

Top search terms that we’ve already seen returning poisoned results include:

Hunger Games Suzanne Collins
Hunger Games Free Movie Download
Hunger Games Full Movie Torrent

Norton expects to see an increase in the number of poisoned search results as anticipation for the movie comes to a boil.

EXPERTS:
Norton experts are available to share tips on how users can protect themselves from “Hunger Games”-related threats online, including:

Choose your allies carefully - Katniss Everdeen wouldn’t trust the people trying to defeat her, and neither should you. Cybercriminals promise sensational content, such as leaked videos, to lure you into clicking on their poisoned links. Better to get your information from a website you trust, and use the free tool to lead you to safe search results.
Know how to defend yourself - Online security software from a reputable company will identify malicious links and protect against other unseen threats. .
Don’t be tempted by false hope - If it sounds too good to be true, it probably is. Evaluate the information you come across as though it were propaganda from the Capitol — all that glitters isn’t gold so don’t let your curiosity overcome common sense.

WHEN:
Interviews available upon request

How To Shop Safely Online

Wed, 21 Mar 2012 20:21:59 +0800

Shopping online is so much more pleasant than going out to the mall. You don’t have to change out of your pajamas, don’t have to fight traffic, and don’t have to wrangle with other shoppers at the sale table. Be careful, though, or you might become a commodity for sale. Here are some tips to keep your online shopping worry-free.

Don’t Get Lazy
Many shopping sites invite you to set up an account so you won’t have to re-enter your payment information next time. It does seem convenient, but you’re much better off filling in the details each time. Otherwise, if your shopping site gets hacked like Zappos did, the bad guys will have all your personal details—maybe even your credit card number. You might expect the merchant would encrypt this sensitive data, or at least the credit card numbers. You might be wrong.

Clearly you have to give the merchant your address; otherwise they won’t know where to send the merchandise. But do leave any non-required fields blank. And if the order form asks for too-personal information like your SSN or bank account number, navigate away immediately. There’s no reason an honest e-tailer would need that information. While you’re at it, opt out of all communication other than what’s necessary to track and complete your order.

Skip Email Scams
I get email alerts from a number of online merchants about new items and new sales. Even for these expected alerts, I never click a link in the message. Rather, I navigate to the merchant’s website and view the new items there.

Email is intrinsically insecure. A fraudster can fake up a message that looks totally valid but directs you to a fake commerce site. They’re not going to ship you anything that you “buy” on the fake site. Worse, you’ve given them your credit card number along with your address and other personal information. Just get out of the habit of clicking links in email.

Don’t Get Phished
A phishing site mimics a legitimate shopping or commerce site, but when you log in you’ve given your credentials away to the scam’s perpetrator. If you refrain from clicking links in email messages you can avoid most phishing scams, though you may occasionally find a fraudster “typo-squatting” on a domain name that’s just a little off, like pcmga.com for pcmag.com.

For added protection, enable phishing protection in the browser. In Internet Explorer it’s called SmartScreen Filter. Firefox users should make sure “Block reported web forgeries” is checked. If you’re a Chrome fan, be sure “Enable phishing and malware protection” is turned on. Opera? Turn on “Enable Fraud Prevention.”

Many security suites include phishing protection among their collection of features, but the majority of them are less effective than IE alone. Unless a PCMag review has identified your particular suite as one with effective phishing protection, leave your browser’s antiphishing turned on.

Keep Your Virtual Cash Safe
When making a credit card purchase in person, there’s no way you’ll accidentally order one dozen gizmos when you wanted just one. You’ll notice, the merchant will notice, problem solved. There’s no such safety net online, so be very, very sure your order is correct and always print or save a copy for reference.

Debit cards don’t offer the same kind of purchase protection you get from credit cards; avoid using them for online purchases. Some credit card issuers offer a service that generates one-time card numbers for use in online shopping. The card number is good for only one transaction. The merchant never sees your actual card number, but the purchase shows up on your normal bill. Getting a one-off card number is a little more effort than just typing the number from your card, but making that effort could save you big-time headaches.

Cover Your Tracks
When you finish shopping online, shut down the browser. You don’t want to take the slightest chance that someone else could sit down at the computer and use the Back button to return to your transaction. Better still, wipe out all traces of recent browsing. In IE, Firefox, and Chrome, pressing Ctrl+Shift+Del brings up the trace-cleanup feature.

IE, Firefox, and Chrome all offer a mode that lets you surf without retaining any traces. IE calls it InPrivate browsing, Chrome calls it Incognito mode, and Firefox just calls it private browsing. If you remember to switch into this mode before starting your online shopping spree you won’t have to worry about cleaning up afterward.

Use Common Sense
Criminal coders write malware to make money. A drive-by download introduced by a poisoned banner ad could plant a credit-card stealing Trojan on your system. Don’t even consider shopping online unless you’ve installed a highly-rated antivirus program or, better yet, a full security suite. Be sure to keep your protection up to date, too.

Frequently malicious code exploits vulnerabilities in Windows, the browser, or third-party programs to plant its sneaky code on your PC. For safety, configure Windows Update to install all important updates automatically. Adobe add-ins like Reader and Flash Player have been hit quite a bit lately, so make sure all your add-ins stay up to date as well.

Keep these tips in mind, use your common sense, and you can enjoy the convenience of online shopping in safety.

Malware related pictures, Spyware. Everyone has it!

Wed, 21 Mar 2012 03:00:06 +0800

Malware related pictures, Spyware. Everyone has it!

Funny IT related Pic, Bill Gates. Well admit it, even though we...

Tue, 20 Mar 2012 23:00:05 +0800

Funny IT related Pic, Bill Gates. Well admit it, even though we have Mac on our system, we install virtual Microsoft in Mac.

Microsoft urges firms to apply ‘critical’ security patch for March 2012

Tue, 20 Mar 2012 21:09:16 +0800

Continuing our series of posts on activity in the patch arena, today we highlight Microsoft’s latest critical bulletin which has been issued to urge businesses running Windows XP Service Pack 3 (and later versions through to Windows 7) to apply the update made available in March’s Patch Tuesday release.

Microsoft’s monthly security update for this month resolves two vulnerabilities in the Remote Desktop Protocol (RDP).

This protocol, often used by system administrators to perform technical support procedures, provides a channel for connecting to another user’s computer and displaying a full graphical user interface representation of the remote machine.

The RDP vulnerability could potentially be exploited by hackers and used to maliciously transmit compromised data ‘packets’ over the web and, ultimately, allow code execution on a targeted machine.

According to Microsoft, “The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.”

It is important to reiterate this and note that although RDP is commonly used by administrators and IT support personnel when they want to gain remote control of Windows machines; it is not configured to ‘active’ status by default.

Microsoft has said that the majority of firms will have automatic updating enabled, but that customers who have not enabled automatic updating need to check for updates and install this update manually.

According to Microsoft, “For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.”

This month’s Patch Tuesday updates also addressed five other Windows vulnerabilities, although these are ranked as “less severe” in nature.

Funny Malware Related Pics. poor guy… Why you always...

Mon, 19 Mar 2012 23:00:06 +0800

Funny Malware Related Pics. poor guy… Why you always visiting porn sites?

Study finds cyberbullying less common but more harmful to victims

Mon, 19 Mar 2012 20:17:21 +0800

Children who bully others online believe that their actions are less harmful than those that bully others face-to-face, according to a major survey of offline and cyberbullying by the Queensland University of Technology (QUT).

The University interviewed 3112 grade 6 to 12 students in 30 schools across Australia. Their data shows that 30% of students say they have been victim to “traditional” face-to-face bullying while 15% were subject to online bullying. Some 7.5% of the total students surveyed said they had been bullied both face-to-face and online.

The study looked at the impact and perceived impact of online and traditional bullying by bullies and victims. It found that pupils who were bullied face-to-face felt it had a greater impact on their lives and was more cruel than pupils who were bullied online. However, the paper reports that pupils who were bullied online suffered from higher levels of depression, anxiety, and social problems than pupils bullied offline.

The Associate Professor of the Faculty of Education in QUT, Marilyn Campbell, said that while fewer children reported being bullied online it appeared to have a more damaging impact on their mental health than other forms. Speaking to the Education Review website Professor Campbell said that many victims of online bullying were unaware of the effect it was having on them,

“When we measured their social problems, children who had been cyberbullied had much higher scores than victims of traditional bullying but they didn’t see it themselves,

“[for victims] It’s a cycle. They go to school, they get bullied. They go home and get cyberbullied. They go back to school and are bullied again.”

As for bullies: some 8% said that they had engaged in online bullying and of majority of these felt that their actions were not harmful to their victims. Some 12% of those surveyed said they bullied face-to-face.

Pupils who engaged in bullying said they did so for fun or because their victim “deserved it.” Professor Campbell called for more to be done to prevent bullying, both online and off, but emphasised the pervasive nature of online bullying.

“With the 24/7 nature of technology, access to a wider potential audience and the power of the written word and images, cyberbullying has more detrimental effects.”

The results of the study came as Australian schools held their annual National Day of Action Against Bullying and Violence.

Parents, pupils, and general users can find more information about social web on the big three social network’s help pages.

Security Expert? I dont think so comrade

Wed, 14 Mar 2012 17:00:06 +0800

Security Expert? I dont think so comrade

Facebook Timeline Tips

Wed, 14 Mar 2012 16:01:23 +0800

Facebook’s Timeline is coming, whether you like it or not, to Facebook accounts everywhere - including yours. I’ve been using Timeline for about a month now, and I’m not sure how I feel about it.

On the one hand, it’s a lot easier to find things — events, wall posts, etc, because you can now search your Facebook profile by date. On the other hand, it’s much easier for other people—friends, strangers, you name it — to find things, because they can now search your Facebook profile by date.

Timeline Tell-all

As it turns out, I’ve posted a lot of things — not all of which are totally tame and/or work-appropriate — over the past eight years that I’ve had Facebook. And now they’re all neatly categorized by date.

While it’s true that you could technically see these posts before the introduction of Timeline, you would have had to do a lot more work. For example, in order to see my posts from 2006, you would have had to go to my Facebook profile, wait for the 20 or so most recent posts to load, and then click “Older posts” about…500 times. Honestly, if someone really wanted to see my posts from 2006 that badly, more power to them.

But now they can just see those posts by going to the right side of my profile and hitting 2006 — and then choosing the month they want to see posts from. This convenient access to my info is little unnerving, in my opinion.

So here’s how to fix that.

Make Your Timeline Private

The first step to Facebook privacy is making your profile, or Timeline, private. To do this, go to Privacy Settings > How You Connect and change the settings for “Who can post on your timeline?” and “Who can see posts by others on your timeline?” from “Public” to “Friends.”

Go to Privacy Settings > How Tags Work and change the settings for “Maximum Timeline Visibility” from “Public” to “Friends.”

If you’re super-intense, you can change those settings to “Custom” and choose “Only Me” — then you’ll be the only one who can see the posts.

Finally, limit your past posts — which may have been made public at the time — to Friends only. To do this, go to “Limit the Audience for Past Posts” and click “Manage Past Post Visibility,” then “Limit Old Posts.” This will change all past posts to Friends-only, even if you initially made them public.

Hide Past Posts

This is the hard part — because it takes awhile. Go to your Timeline and look to the right. There will be a list of years — all of the years that you have been using Facebook and posting items, as well as any years that you or your friends have posted about (for example, years people were born).

To pare down catalog of information, you’ll have to start from the very beginning. Click on the first year you started using Facebook. You’ll see 20 “highlights” from that year, as well as month-by-month breakdowns. First you’ll need to click on the upper right corner of each of the “highlight” posts and choose “Hide from Timeline.” If you’re truly bold, you can choose “Delete Post” instead.

Once a post is “hidden” it shouldn’t come back to haunt you — until the next Facebook redesign. If you delete the post, you will be deleting it forever (certain posts, such as friend acceptances, and life events like your birth, can’t be deleted).

After you hide or delete the “highlight” posts, you’ll need to click on each month and hide or delete all of those posts. This will take a long time, depending on how many posts you have, but it’s worth it. Occasionally items, such as friend acceptances, will be grouped together and you’ll have the option of hiding all of them at once.

Continue to hide/delete all of your posts — month by month, year by year, until you’ve gotten to 2012.

Delete Your Posts From Other People’s Timelines

Once you’ve successfully hidden or deleted all of your Timeline posts, it’s time to move onto other people. This is perhaps a more important step than deleting the posts on your Timeline, because you have no control over how other people protect their Facebook privacy (or don’t).

To remove your posts from someone else’s Timeline, go to your Timeline and click “Activity Log.” You can now see all of your posts — comments, likes, and events — organized by date. To see just your posts, click “All” in the upper right corner and choose “Your Posts”

Anytime you wrote on someone’s wall, you’ll be able to delete that post — not hide it, because it’s no longer on your Timeline, but delete it so that it won’t show up on their Timeline.

Good Luck

I know — at the moment this is a pretty time-consuming process, and there’s no way to quicken it up. If you hide a bunch of posts at once, Facebook may ask you if you want to hide all of the posts from that year. I clicked this earlier, however, and now I’m still seeing posts from that year pop up. So it’s better to just do it right the first time, and get rid of each post individually, than take the easy way out.

If you have a ton of posts from past years that you don’t want people to see, you may want to just consider getting rid of your Facebook account and starting from scratch.

Otherwise, I suggest manually going through your Timeline over a few days (or weeks), while watching old episodes of 30 Rock, because it can be pretty tedious. And be sure to check out how your Timeline looks by clicking the gear button and then “View As…” to see how your profile appears to strangers and friends.

avast! Free Mobile Security gets top AV-Test ranking for Android malware

Wed, 14 Mar 2012 01:00:05 +0800

“avast! Free Mobile Security is available for free, easy to use and has many features to protect your device. With its very good detection rate it is one of the best security products for your Android device,” stated Andreas Marx, CEO of AV-Test, in the report.

In a test that produced a wide range of detection results, avast! was one of only seven security apps out of the 41 tested which were able to stop more than 90% of the Androidmalware. A majority of the tested apps (24) detected less than 65% of the malicious malware.

“It’s an achievement to get a top rating from a professional organization such as AV-Test, it’s even better when this rating is supported by the experiences of thousands of users,” said Vince Steckler, CEO of AVAST Software.

avast! Free Mobile Security also has the single best user ranking on the official Android Market of the top malware-detecting apps. avast! scored a 4.7 star ranking out of a potential five out of the more than 19,400 user reviews submitted.

P.S. VITA, Will you buy it or not?

Tue, 13 Mar 2012 21:52:00 +0800

The Playstation Vita. the current awesome gaming console by Sony.

Just a Simple question? Will you buy this?

CPUARM: Cortex - A9 core (4 core)

GPUS: GX543MP4+

External Dimensions: Approx. 182.0 x 18.6 x 83.5mm (width x height x depth)

Screen: (Touch Screen) 5 inches (16:9), 960 x 544, Approx. 16 million colors, OLED multi touch screen (capacitive type)

Rear Touch Pad: Multi touch pad (capacitive type)

Cameras: front camera and rear camera

Sound: Built-in stereo speakers and built-in microphone

Sensors: Six-axis motion sensing system (three-axis gyroscope, three-axis accelerometer), three-axis electronic compass

Location: Built-in GPS, Wi-Fi location service support

Keys / Switches: Power button, directional buttons (up/down/right/left), actionbuttons(triangle, circle, cross, square), shoulder buttons (right/left), right stick, left stick, START button, SELECT button, volume buttons (+/-)

Wireless Communications: Mobile network connectivity (3G), IEEE 802.11b/g/n (n = 1×1) (Wi-Fi) (infrastructure mode/ad-hoc mode) and Bluetooth 2.1+EDR (A2DP/AVRCP/HSP)

Price: $300 (roughly) excluded the game and the memory card

Android you has no good Apps

Tue, 13 Mar 2012 21:30:24 +0800

Android you has no good Apps

Twitter buys mobile blogging startup Posterous

Tue, 13 Mar 2012 21:05:36 +0800

Twitter on Monday announced that it has bought mobile blogging startup Posterous and will put engineers behind the popular “lifestreaming” service to work on special projects.

“This team has built an innovative product that makes sharing across the Web and mobile devices simple — a goal we share,” San Francisco-based Twitter said in a blog post.

“Posterous engineers, product managers and others will join our teams working on several key initiatives that will make Twitter even better.”

Posterous launched in 2008 as a platform for blogging with an emphasis on letting people use smartphones to post pictures, videos, audio or other digital snippets and share them with groups in virtual “Spaces.”

The legions of Posterous fans have grown along with a “lifestreaming” trend in which moments are captured throughout the day and shared in online journals.

“The opportunities in front of Twitter are exciting,” Posterous founder and chief executive Sachin Agarwal said in a message at the freshly-acquired San Francisco startup’s website.

“We couldn’t be happier about bringing our team’s expertise to a product that reaches hundreds of millions of users around the globe.”

Posterous Spaces will continue to operate with users of the firm’s free application promised they would get plenty of notice of any changes to the service, according to Twitter.

Not Sure if your hacked or what??? // ]] // ]] // ]] // ]] //...

Mon, 06 Feb 2012 20:11:22 +0800

Not Sure if your hacked or what???

Data loss? Not always Means your Hacked

Mon, 06 Feb 2012 20:09:00 +0800

Recently UCLA announced 16,000 patients were potential victims of identity theft because a doctor’s home office was broken into and burglarized.

This is an unfortunate example of an employee taking home a laptop or storage device from the office resulting in a serious data breach.

The thief may have no idea what he has in his hands, but the damage is done, the data is breached.

UCLA had to send letters to all 16,000 plus affected warning that there is a possibility their identities could be stolen. On top of that they had to hire an identity theft protection firm to cover each breached record in the hopes the service will mitigate the loss.

Data loss like this may cost UCLA hundreds of thousands of dollars by the time the dust settles.

The documents stolen were birth certificates, home addresses, medical documents and numerical medical identifiers. The information breached did not include Social Security numbers or financial information.

Meanwhile reports state the data was encrypted, but the password to access the encrypted data was on a piece of paper near the laptop, which hasn’t been located either.

Based on the reports, an identity thief would have a hard time actually using the data stolen to commit new account fraud or account takeover. Nonetheless UCLA’s response has been comprehensive and designed to reduce risk in any capacity.

Data breaches cost big bucks. Smart data security practices if done right are inexpensive and cost effective. Encryption in this scenario failed due to a password on a sticky note near the laptop.

The lack of a home security system in the doctor’s home office contributed to the data loss. Putting layers of protection in both a business and home setting is an absolute must.