Malware

Microsoft have steadily improved the security of Windows over the past few years, making it much harder for Virus and other Malware producers to exploit weaknesses in it. As a result, many of the bad guys have been focussing their attacks on the addon programs that most of us have installed on our computers. For example, if you want to watch Youtube, you need Flash installed. Many online banking services require Java and if you want to read many documents on the web, you’ll need Adobe Reader. As a result these free applications (Java, Flash, Reader and many others) have become very common and have been softer targets in recent years for Malware.
I was over at the Information Security Conference in London a couple of weeks ago and was interested to see a presentation by Qualys who were presenting a new, free service that allows you to check all the addons in your internet browser for security status. I’d encourage all of you to take a look at it. It’s located at http://browsercheck.qualys.com/ and is well worth a look. In a single stroke it will allow you to assess which addons you need to update and provides a link to the update. The results page looks like the picture below. Just click on anything that isn’t showing “Green” status to get the updated version. Very neat.

Over the last few weeks, online security providers such as Trusteer and Sophos have given warnings about a new breed of malware that hijack the connection to your online banking and other secure sites and can stay connected, even after you log out. Nicknamed “Oddjob”, the malware once installed on your machine hijacks the secure browser session that you are using to view your bank account, nests itself in the browser and waits until you have made a secure connection with the banks website to attack. By hijacking this session, the malware keeps the session open and can edit the pages so it can display fake versions of what looks like your account while accessing your information and even using you bank account without your knowledge in the background.

There are steps you can take though to prevent this new strain of viral software from infecting your machine :

• Update your anti-virus or renew old versions (Norton, AVG, McAfee, Sophos)
• Install all the latest Windows Updates and Service Packs for your version of Windows
• Update Java, Adobe Reader and Adobe Flash Player (these can sometimes be used as a backdoor for viruses and malware on older versions)

If you have any problems with these steps or any other problems please don’t hesitate to call one of our qualified engineers and technicians and we will be delighted to perform the required steps to deal with your problem.

| Lo-Call 1890 219 219 (Ireland) | Freefone 0808-CALHELP (UK) |

| Business Hours: Monday – Friday 9:45 to 6:30 & Saturday 9:00 to 12:00

If you have a PC, it’s almost certain that you have Adobe Reader and Adobe Flash installed on your PC. Adobe Reader is used to open documents such as the manuals you get with digital camera, printers, MP3 players and pretty much everything else. Adobe Flash is used for webpage animations and for video – for example, you can’t see the video on YouTube and many other websites if you don’t have Adobe Flash installed.

Unfortunately, that fact these two products are so ubiquitous means that they have become a major target for virus and malware creators world wide. On June 6th, Adobe announced that a critical problem had been found with both Reader and Flash which allowed the bad guys to exploit these programs to run other programs of their choosing (click here for more details). The fix to this critical problem has now been released in the past few days and we”d encourage you to get updated as quickly as possible.

Updating Adobe Reader

In order to update Adobe Reader, click on Start -> All Programs and then click Adobe Reader, which is normally near the top of the programs list. Once Adobe Reader has started click on Help and then click on “Check for Updates…” as highlighted by the red ring in the picture below.

Updating Adobe Flash

Adobe Flash should update automatically. To manually update it, you can do the following.

1. Go to http://www.adobe.com/support/flashplayer/downloads.html

2. Click on “Get the Latest Version” and follow the prompts.

We recommend that you don’t delay – do it now – it might save you from a costly virus infection.

If you have any problems with these steps or any other problems please don’t hesitate to call one of our qualified engineers and technicians and we will be delighted to perform the required steps to deal with your problem.

| Lo-Call 1890 219 219 (Ireland) | Freefone 0808-CALHELP (UK) |

| Business Hours: Monday – Friday 9:45 to 6:30 & Saturday 9:00 to 12:00

Please be aware of the facebook email going around at the moment. It will come from support@facebook.com and will have a .zip file  attached claming to be a new password change when in fact it is malware to infect your computer. Please delete this email as soon as   you recieve it.

If you have any problems with these steps or any other problems please don’t hesitate to call one of our qualified engineers and technicians and we will be delighted to perform the required steps to deal with your problem.

| Lo-Call 1890 219 219 (Ireland) | Freefone 0808-CALHELP (UK) |

| Business Hours: Monday – Friday 9:45 to 6:30 & Saturday 9:00 to 12:00

There has been a report this week claiming that there are now over quarter of a million malicious posts on Facebook. The latest report from Infosecurity.com (click here) details how fan pages of celebrities such as Justin Timberlake are being used to trick the unsuspecting into downloading virus and malware infected files onto their system.  Links are also spreading into individuals pages.

The links can potentially be to any piece of malware but the following guidelines are a good way of minimising the risks: continue

We had a case last week where Norton 360 (version 3) repeatedly got into a hang while removing tracking cookies that it claimed to have found. On closer inspection of the Temporary Internet Files folder, the number of Cookies that Norton was claiming to have found was larger than the number of cookies that actually existed. So my conclusion was that Norton was hanging while trying to remove the non-existent cookies.

In any case, nothing seemed to fix this without a full removal of Norton 360. Even uninstalling Norton 360 appeared insufficient and in the end, we called upon the Norton Removal Tool (found here) to fully remove Norton 360. After full removal and re-installation, the application worked perfectly again.

If you have any problems with these steps or any other problems please don’t hesitate to call one of our qualified engineers and technicians and we will be delighted to perform the required steps to deal with your problem.

| Lo-Call 1890 219 219 (Ireland) | Freefone 0808-CALHELP (UK) |

| Business Hours: Monday – Friday 9:45 to 6:30 & Saturday 9:00 to 12:00 |

We’ve had a few machines in the past few days with the same rogue anti-virus. This one is called AntiVir 2010 and it comes the usual professional looking interface which misleads the unwary into believing that they have a series of virus infections. It then looks for your credit card to buy a “licence” to clean these phantom viruses.

Here are some screenshots in case you see this rogue antivirus:

The virus blocks all the startup programs that it can and also prevents most applications from running. If you try to run an application, it will darken the screen and report the application as infected as below.

It also puts  up fake blue screen errors to panic users. These appear to be part of a screensaver and so moving the mouse gets rid of them.

A final touch is the fake Windows Security Center. Those of you with an eye for detail will notice the incorrect icon on the top left of the window and the slightly oversize nature of the firewall, updates and security icons but it is more than good enough to fool most of us.

If you can get applications to run, we have found that a combination of Malwarebytes and Spybot Search and Destroy  deals quite effectively with this rouge antivirus in most cases. However in some cases, these tools alone are not sufficient and more advanced removal techniques are required. If this is the case, we advise you to contact us directly.

In some cases, we have seen AntiVir 2010 appear on the same machine as another Rogue Antivirus called “Personal Security”. At this point we do not know if these are the same infection or different infections.

 If you have any problems with these steps or any other problems please don’t hesitate to call one of our qualified engineers and technicians and we will be delighted to perform the required steps to deal with your problem.

| Lo-Call 1890 219 219 (Ireland) | Freefone 0808-CALHELP (UK) |

| Business Hours: Monday – Friday 9:45 to 6:30 & Saturday 9:00 to 12:00 |

Kneber Botnet

A new type of virus, known as Kneber, is estimated to have created a 75,000 machine strong botnet before being discovered by Netwitness last week. The Kneber botnet aims to gather login details for social and corporate networks. It is estimated that over 3,500 Facebook accounts were compromised as well as over 2,500 Yahoo accounts.

The discovery has led to much speculation on the increasing occurance of under the radar botnets, particularly within Corporate computing environments. It is also further evidence of the increased organisation behind cyber-criminals.

The key lesson of all this though seems to be that there are still a lot of companies and people playing fast and loose with their computer security. The botnet relies on the Zeus Trojan among others. Zeus has been detectable by many internet security packages for over a year so the key lesson here is to have a good anti-virus package and keep it up to date.

In the last few weeks we have seen a sudden, marked increase in the number of calls we’ve been receiving about virus infections. There seems to be one main culprit – Internet Security 2010, a rogue anti-virus programme which appears more invasive than normal. We haven’t been able to work out a source yet. The bad news appears to be that many of the off the shelf internet security packages damage critical system files during their repair, often leaving the use facing a blank, un-responsive desktop when they log in.
For those who have been infected and still have a working desktop, we recommend using a combination of rkill.com, a command file and malwarebytes as the first steps in a clean up.

If you have a blank desktop left, specialist assistance will be required and you should contact Home Helptech who can arrange nationwide pickup, cleanup and delivery.

If you have any problems with these steps or any other problems please don’t hesitate to call one of our qualified engineers and technicians and we will be delighted to perform the required steps to deal with your problem.

| Lo-Call 1890 219 219 (Ireland) | Freefone 0808-CALHELP (UK) |

| Business Hours: Monday – Friday 9:45 to 6:30 & Saturday 9:00 to 12:00 |