How To: Documentation for using Secunia's PSI

When I'm asked to clean up a machine that runs the Windows operating system, I normally install an application from Secunia called Personal Software Inspector (PSI). Below is the documentation that I give them on how to use PSI.

I have downloaded a program on your PC called Secunia Personal Software Inspector. It was downloaded from http://secunia.com/vulnerability_scanning/personal/ and it will help keep software on your PC up to date. This is important because vendors are always making security updates that will close vulnerabilities that hackers can use to take control of your PC. Many vendors have started to put an automated process similar to the Microsoft Automatic Updates in place because most people will never update their software on their own.

PSI will run when Windows starts up and initially will do a scan. Below is a screen shot of the PSI dashboard after scanning my PC. You will see in red the programs that are not current and in need of patching. In the “Solution” column, you can click on the blue icons and it will allow you to get the patch you need to be secure. Click all these icons to update your insecure software. After patching, PSI will rescan your system.


This is the screen showing your programs in need of patching. The Red bar in the graph shows you you need to take some action. Your goal is to have a Green bar that shows you are fully patched.


As you can see in the System Tray, if you hover your mouse over the PSI icon (the 3 red squiggly lines) it will tell you the status. Here it shows that you've just installed a more current version of a program.


Here is an example after you've clicked on the “Solution” icon, and it gives you a dialog box that allows you to get the patch you need and you can then install it.


After completing your patching, your scan should then show you that you have no insecure applications. This is your goal. It is just as easy as that. If you have any questions, just get a hold of me and I will try and help.

Heading to Las Vegas and DefCon

In a couple of days I'll be off to DefCon 17 in Las Vegas, NV. If you aren't sure what DefCon is, it's a hacker conference. I attended my first DefCon in 2007. Got hooked, and I'll try and hit everyone in the future. This year appears to be chocked full of fabulous talks. Since it is Black Hat/DefCon time (both events held in Vegas), there will be a ton of news coming out this week. I'll try and have one more post before I head out.

Here is a reminder to all my friends who use the Windows operating system, today Microsoft will be releasing a patch which is out-of-band which means, it is not the normal second Tuesday Pat Tuesday patch. MS has patches released on the second Tuesday of every month. Only when a serious security issue arises, do they have these out-of-band pathces. So, make sure your Windows box gets it's updates tonight when you get home.

Take care and stay safe. Have a fabulous Tuesday.

Microsoft to Issue Out-of-Band Patch

Next Tuesday, Microsoft has announced that they will be coming out with an out-of-band patch next week(072909). If you don't have updates downloaded automatically, you may want to start checking for update on Tuesday after you get home from work.

This will be only the third time that Microsoft has issued an out-of-band security patch in the past 25 months. This of course is due to the seriousness of the vulnerability that is currently being exploited by the bad guys out there in the Internet world. If you aren't familiar with Microsoft's schedule, they regularly schedule patches to be released on the second Tuesday of each month. This allows business to react, and prepare for their release.

Stay safe out there and have a fabulous weekend!!

Promise of Erin Andrews Video Leads to Malware

If you don't know who Erin Andrews is, she is a reporter for ESPN. She is very attractive and she has been captured in a video in the nude, and the video has been posted on the Internet. Erin and her lawyer have promised to sue whoever may be distributing the video so it isn't easy to find.

However, the cyber criminals know that men will be men and they have put up fake sites that purportedly host the infamous video of Erin Andrews. And it doesn't matter if you are surfing on a MAC or a Windows PC, you will be owned if you try and visit these sites. You won't get to see the video, and on top of that, you have malicious software downloaded to your PC so my advice to all men out there, don't go looking. This is like a broken record how the attack is done. You click, and a fake video player is needed to view the video Andrews naked.

So stay safe out there. Your behavior on the Internet has a lot to do with if you run into the nasty stuff the cyber criminals are offering. Play it smart. Don't go looking for the Erin Andrews video. If you do, you probably won't get what you are looking for. Happy Hump Day and take care.

Firefox 3.5.1 Has Serious Vulnerability

Well, Friday, the Firefox browser came out with a patch for a vulnerability that was announced last Monday. OK, I thought cool. They patch fast. Well, I mean the next day, it was announced that the newly released version of the Firefox browser has a serious vulnerability.

The Internet Storm Center has a write up on this you can read. Click here to read that post in the ISC Diary.

Hope your weekend was fabulous. Monday is just around the corner. Be on the watch for a patch for the Firefox browser soon. I'll let you know. Stay safe.

Another Reason to use Firefox Browser

Last week and this week, Microsoft has had two pretty serious 0-day vulnerabilities that allowed an attacker to get the ability to run code on the target PC. Now with Patch Tuesday being this week, Microsoft was able to correct the DirectShow fix on Tuesday. However, the new one that I wrote about in the previous post is not. One wonders how long it will be before a patch is in place.

Now, proof there is another reason you really should be using the Firefox browser as your primary browser. Early this week, it was announced that Firefox had a serious 0-day. I have stated in the past, there really isn't a browser out there that doesn't have problems with security vulnerabilities. However, the key is, how quickly do they get patched. The window of opportunity for bad guys to take advantage of 0-day vulnerabilities in Firefox are just smaller. Today, if you are a Firefox user, make sure you get the update 3.5.1 that will correct the current problem.

If you don't use Firefox, try it. It is free and has some great addon's that you can use to protect yourself more. I personally use Noscript which I recommend you do too.

OK, have a fabulous Friday and stay safe out there.

Microsoft Announces ANOTHER 0-Day

OK, the last post was an article on a 0-day vulnerability in the DirectShow ActiveX control. I pointed you to a work-around until they will patch the problem. Sounds like they will be patching it tomorrow (Patch Tuesday). On the heels of that announcement, Microsoft says there is another 0-day in their Office products. It works the same. Bad guys will compromise sites that re-direct you to their malicious site. If they can get you there, your PC will be compromised. Really bad stuff.

The Internet Storm Center has a great write up here on this problem and also gives a link for you to "Fix It" which is similar to the work-around for last week. If you use Internet Explorer you will really want to visit the ISC link and click on the "Fix It" link. Another work-around, is to use an alternative browser like FireFox. I recommend it.

Stay safe, and have a fabulous week. Happy Patch Tuesday for all you Microsoft users!

Microsoft Warning Users of Unpatched Flaw

The folks from Redmond, Washington (MS) are warning folks that cyber criminals are targeting a previously unknown security vulnerability in Windows XP and Server 2003 to compromise PC's. Microsoft has instructions on how to protect yourself from this flaw.

Microsoft said that the vulnerability can be used to install malware on the victim PC if they can get you to browse to a hacked or booby trapped Web site that the criminal controls. The Internet Storm Center is warning folks to take action now due to a report that thousands of newly compromised Web sites have been seeded with the exploit code for this vulnerability. The ISC is also reporting that the exploit code has been posted to numerous Web sites in China. Symantec is reporting that one site that is now seeding this attack is the Russian Embassy in DC.

The flaw is in Internet Explorer versions 6 or 7. Seems that Internet Explorer 8 is not vulnerable to this attack.

Microsoft says that the problem lies in the DirectShow ActiveX Control. They are reportedly working on this to get a patch released soon. The normal Microsoft patch cycle is due to be released on the second Tuesday of July. Not really sure that they will be able to get a patch ready by this date so they are recommending to folks that they should consider disabling the feature because there doesn't seem to be any by-design uses for this ActiveX control in IE (Internet Explorer). Most folks out there use IE as their default browser so this is VERY important. To enable the Microsoft work around, click here, then click on the "Fix This Problem" icon.

Microsoft is also saying that "while Windows Vista and Windows Server 2008 customers are not affected by this vulnerability, we recommend that they also implement the workarounds as a defense-in-depth measure." To read more information on this topic, click here to view the Internet Storm Center post.

Stay safe out there and if you are on the vulnerable systems, take this action now. Have a fabulous rest of the week.

Beware of any Independence Day Links

The folks over at the Internet Storm Center have some great suggestions.

• Celebrate
• Watch Fireworks
• Enjoy the cook out food (This is my suggestion)

What not to do?

• Don't click on links in e-mails
• Don't surf to sites with Fourth of July, Independence Day or Fireworks as keywords.

The security company Websense is reporting that the subjects listed above are being seen in the subject lines of spam e-mails. They contain links that are supposed to be videos, however all it leads you to is malware that attacks your PC.

Click here to visit the folks over at ISC. They do great work.

Small Organizations Lack Computer Security Training

It is becoming more apparent with stories like the Sisters of Charity Marian Clinic in Topeka, KS, and the Bullitt County, KY loss, that there is a huge hole where folks just don't know what to do or what not to do. Click here to read the Sisters of Charity story, and here to read the Bullitt County story. Combined, they have lost more than $500,000.

Smaller organizations don't have the funding to do much with Computer Security Awareness training and for sure they don't have the resources to watch for malicious activities on these networks. It is sad but true statement, and it is really taking a huge financial bite out of these organizations.

Computer security is not easy, but with some work, you can protect yourself from most of the malicious stuff out there on the Internet. Can you avoid it completely? Probably not. Especially if you use a PC with a Microsoft Windows operating system like XP, or Vista. I try and post helpful hints for those who don't have a lot of money to invest in computer security. Read through some of my past posts and watch for new content as I will continue to post new ideas to help you.

Stay safe this holiday weekend and have a FABULOUS celebration Saturday night.

Farrah and Michael Spam

With the news of Farrah Fawcett and Michael Jackson's deaths on the same day this week, the spam campaigns that have followed are leading people to getting their PC's compromised. The criminal attackers out there love to take advantage of current events to spread their malicious software. It's a social engineering trick that preys on people's curiousity to know as much as they can about the events.

Along with these spamming e-mail campaigns, you will also need to be VERY careful when going to web sites on the topic of these deaths. Malicious web sites have popped up and the bad guys are using black hat search engine optimazation (SEO) to raise their malicious site's Google ranking so that their sites will come up in the top 10 web sites when you do a Google search. Only go to trusted sites if you are wanting to read more information on these current events.

Stay safe and have a FABULOUS weekend.

Twitter Followers Lead to Porn

Here is the example of Twitter and the dangers that lie waiting in the Twitter world. Twitter, if you don't know, is a micro blogging site where you can post what you are doing in 140 characters or less. People can then follow what you do. Well since I'm in computer security, I follow several in the field of computer security. I logged on Saturday night, and noticed I had an additional follower. A closer look at this follower turned up interesting results.

First, here is the screen on Twitter showing who follows me. I see that this Ana Torres is following me. See the screen shot below.



So I clicked on the link on Ana's name. Here is what I saw.


Here you see that Ana states that if I want to see her pictures, I can click on the tinyurl listed above. So the curious guy that I am, I decided to check to see where that tinyurl led me to before actually going there. (Notice it says I must register first please, to see her pictures).

I did a preview of the tinyurl and found what the true url behind that tinyurl. I took that address and ran it through Trustedsource.org and found that the true web site behind the tinyurl is actually a porn site.


So be careful out there. Don't just click randomly on these url's trusting someone you do not know. In the next few days, Twitter will catch up with this follower of mine and they will be removed. So be aware that hot girls will not follow you if you are a computer security professional. LOL. Or any other type of Twitterer you are.

Have a great Sunday and stay safe.

Face to Face Computer Security Training

One of the things I enjoy about what I do is that I get to teach people about how to protect themselves from the dangers out there in the Internet world. Well I'm about to start a new program where I will have quarterly meetings where I live. It will be local and it gives you an opportunity to listen to the topic for the evening, then have a semi-short question and answer session afterwards. I say this because I've done these in the past and you can't seem to get to all the questions that want to be asked.

The inaugural topic will be "What would a criminal hacker want with my PC?". Click here to read a post I made back in 2008. A common question I get asked is why do people write these malicious programs that infect the majority of the population. The answer is easy. It is all financial. Just think of that famous line from the movie "Jerry McGuire". SHOW ME THE MONEY!!!!

So if you are local to the Topeka Kansas area and would be interested in some great information, stay tuned. I'll be publishing more details in the coming weeks. I'll get it on the calendar and we'll see how this works.

Hope all are having a great weekend. Stay safe.

How to Avoid Fake Anti-virus - DON'T CLICK

So have you been one who has been presented with a window that tells you that your PC is full of malware including worms, trojans, and keyloggers, OH MY!

This happens sometimes when you web searches using Google and Yahoo. Other instances, you may browse to a web site and BAM! you get that same message about malware infestations on your PC.

This appears to be a message window but it is actually an Internet Explorer window. You should not click on any button or the X to close this window. In this specific case, the criminal attacker disabled the user from going to the Start Bar and right clicking on the IE window to close it. However, you can just bring up the Task Manager and under the Applications tab, close the Internet Explorer application from there. Any other clicking on this window will get your PC infected.

Stay safe out there and the weekend is almost upon us. Have a fabulous weekend!!

Social Networking Sites - Be Careful

Have you signed up on a social networking site? If you have, you've joined literally millions of others who are on FaceBook, MySpace, LinkedIn, and Twitter just to name a few. If you've signed up for any of these networks, you have probably wondered if there are security risks involved in participating in them. There risks associated with them and they are all related in one way or another.

First, the one common thread in all social networking sites is that you can associate (network) with friends and family, or work associates and share information with them. There is an inherent trust built in that if I allow you to be in my network, I trust you that it is really you and if you post anything, I'm assuming that it is you. Criminal hackers take advantage of this trust that is built in and if they can steal your login credentials to your account, they can pose as you and send all the friends in your network a message with a link that leads to a malicious web site. If successful, your friend's PC will have malicious code installed on their PC and this allows the criminal hacker to continue to take advantage of others as this process is repeated over and over with each friend who clicks on the malicious link.

Another risk of these social networking sites is what you actually post on these sites. One of the things you can do is share pictures with family and friends. You need to think twice before publishing certain pictures. One rule of thumb you should remember before you post anything on any web site is not to post anything that you don't want everyone to see. Even if you have posted a picture as "private", there have been instances in the past where the actual site you post pictures to has vulnerability in their systems which allowed "private" pictures to be stolen.

When you sign up for these sites, you can fill out a profile of personal information that you should limit what is available. For instance, you can add your birthday and you may choose to only put the month and day and drop the year of your birthday. Your birth date is one personally identifiable piece of information used in many things and you may want to exclude sharing the year of your birth. It is also a good idea not to post your phone number or your full address.

This one is specific to Twitter. First, what is Twitter? Twitter is a micro blogging system that allows you to share your status with anyone who follows you. These are called "tweets". These tweets are limited to 140 characters. Some folks who use Twitter like to share links to web sites that give you more information on a topic. Since links to web sites can be long, they use services that take a long web address, and shorten it. There are services like Tiny URL that do this. Criminal attackers have hacked high profile accounts that include CNN, the Obama campaign, and celebrities such as Brittney Spears. With control of these accounts, they can then abuse the trust issue mentioned earlier in this article and send out malicious links.

What can you do to protect yourself? Here are a few things.

• Keep your home PC patched which includes Microsoft updates as well as Adobe, QuickTime, and iTunes, just to mention a few.

• Think twice before posting any picture. A good rule of thumb is not to post anything that you wouldn't want everyone to see.
  

• Limit what information you share in the profile section of social networking sites.
  

• Trust no one. If a friend sends you a link, treat it like you have been trained with phishing e-mails. Don't click on unsolicited links.

Criminal Attacker Blamed for Topeka Health Clinic Loss

I live in northeast Kansas. You read stories all the time of companies being the victims from some criminal attacker who is able to place a piece of malware on PC's and stealing money. Well, the headlines read that a Topeka health clinic, Sisters of Charity Marian Clinic, filed charges of a loss of $100,000 from their bank account. It is sad to read things like these, but in my line of work, it doesn't surprise me. Click here to read the Topeka newspaper story.

I'm sure that computer security awareness was not a part of the clinic's budget. They probably didn't have much of a budget at all for that matter for computer security. This could have happened a couple of different ways. It could have been an e-mail that came in that had either malicious links or attachments that someone from the clinic clicked on. This would be my guess as to how this happened. Or, it could have been just casual browsing on a legitimate website that had been hacked and malicious code injected that redirected them to a site which attacked the computer.

This computer was probably not patched. Probably Adobe Reader was an older version, or Microsoft patches that were not up to date. It doesn't matter what the vulnerable application was, it happened and it sucks that an organization that does what the Sisters of Charity Marian Clinic does, has to suffer such a loss.

Hopefully they can find out who was behind this, but the chances are, the responsible parties are located in a country that we have no way of getting to them. Possibly and eastern European country like Romania, or possibly Russia, or China will be where they were located. Hopefully the clinic will take computer security much more serious now. Knowing Topeka, there aren't a whole lot of options for the clinic to get the education they need so they will probably turn to the Geek Squad (I really hope not).

I guess the lesson learned is if you are doing financial transactions on a PC, you really need to make sure that patches are up to date, the machine is scanned often, and don't rely on just anti-virus alone. There are other options for you that will help protect these assets so things like this won't happen again also.

Stay safe out there, and have a great rest of the weekend.

June's Patch Tuesday

It's patch Tuesday for all you Microsoft users. That accounts for most computer users. If you don't have your computer set to download your patches automatically, you ought to go do that right now. This month is a busy Patch Tuesday. Also today is the start of Adobe pushing out regular updates to their software. We'll see how this goes. Adobe has a horrible reputation at this point when it comes to having vulnerable software (Adobe Reader, Acrobat, etc.) that the bad guys are using regularly. Hopefully this is a start to making a bad situation better.

Have a great week!

Lessons Learned - Do Not Share Passwords

Passwords are an amazing thing. They are the key to many things in our lives. To our bank accounts, retirement accounts, e-mail, FaceBook, LinkedIn, and Twitter just to name a few. Today I have a story about my son and his ex-girlfriend who just so happened to know his password to his gmail account and his FaceBook passwords. I didn't ask, but I'm assuming that they were probably the same.

Lessons Learned

• Don't share passwords with anyone!

• Don't use the same password for multiple accounts.

• Don't rely on FaceBook to respond too quickly. Hacked accounts are common.

Today our lives are out there on the Internet with all the social networks. When accounts can be taken over by someone, things can start to go wrong quickly. Sometimes hackers take control of these accounts when they are able to compromise your PC due to you not keeping your PC software up to date. Or worse, some you know and loved but now you've parted ways. Sometimes not on the best of terms. That is when things can turn bad quickly. So protect yourself, my recommendation is not to share these passwords at all. Don't re-use the same password. Once a hacker steals your login credentials, they probably have many more of your accounts because if you are like most, you use the same user ID and password for multiple accounts.

OK, well have a super fabulous Saturday night and to the rest of the weekend also. Stay safe out there.

Trust No One - A Twitter Example

I don't hide the fact that I'm a Kansas University Jayhawk fan. And after reading an article from the Lawrence Journal World where someone purporting to be Xavier Henry who opened a Twitter account. Last weekend, whoever this person was, posted a tweet about Carl Henry said something about having second thoughts about Xavier and CJ Henry coming to KU next year.

Well, father Carl contacted rivals.com and confirmed that both Xavier and CJ were enrolled at KU and will be attending KU in the Fall. Of course some took this to be gospel and so the Henry's are probably not big Twitter fans.

This should be a lesson about social networking sites like Twitter, FaceBook, etc, that you really don't know who is behind those accounts. Take my advice, trust no one.

Be careful out there and stay safe.

Apple Refuses to Patch Java

So there was this Java issue that was reported to Sun. They fixed it back in December of 2008. Well the most recent security updates released by Apple for Mac users did not include this fix. So why? All the talk about Mac users being more secure in the commercials seems to have gone by the way side.

Apple has been asked and they are pulling that "Apple attitude" and it is coming out strong. So Mac users beware! You are vulnerable to this simple drive-by exploit. And so a researcher who has gotten fed up with the lack of cooperation from Apple, decided to post proof of concept code to Milw0rm last week. If they already haven't started, they are sure to show up soon. So what can Mac users do? Disable Java at this point until Apple decides to take security serious. Apple sucks for not fixing this problem like all the other vendors have.

Stay safe and have a happy Sunday.

Twitter Credentials Being Stolen

So recently, some Twitter users were offered a link to Twittercut to gain more followers. It appeared to be coming from a known contact, and they promised you to accumulate more and more followers.

It seems that TwitterCut appeared to be the real Twitter login page. A phishing site for sure.

If a person were tricked into entering their login credentials, Twittercut continued to send the same message you got to all of your contacts. At this point, it appears that no malware is being installed on victim's PCs.

For sure, Twittercut has the login credentials to many Twitter accounts. Twittercut has been listed on services that blacklist malicious sites but was still active just a couple of days ago.

This attack takes advantage of the trust that is built on networks like Twitter, as well as FaceBook, MySpace, LinkedIn, and other social networks. Always beware of messages that are unsolicited. My motto is "trust no one".

Stay safe and have a fabulous rest of the weekend.

FaceBook Porn Star Name App - Be Careful

So have you seen the application on FaceBook where you can figure out your porn star name? They way it works is you take your first pet's name, along with your mother's maiden name. I've not personally used this application, but I've also heard that another piece of the puzzle is the street you grew up on.

Now lets ask ourselves some questions. When you are setting up an account online, there are ways that you can recover your password if you forget it by setting up certain security questions. These security questions just happen to be your first pet's name, mother's maiden name, and the street you grew up on. So you have to ask the question, was this application written to harvest information that could possibly be used to break in to people's accounts? I can't be sure, but this shows us that you need to be very careful of information that you put out there on the Internet.

I would suggest that when you set up an online account, and they ask security questions, it is OK to lie. You would also definitely want to write these answers down so you would remember them. Now I know some accounts that are tied to financial accounts have started using other security questions that do not include the peices of information that apps like "what is your porn star name". If not, LIE!!! Just a little more information that will keep yourself more secure with online accounts that have this password recovery system in place.

Hope everyone is having a great Memorial Day holiday. Stay safe.

Facebook Links - Trust Them or Not?

So you new to computers in general, or new to social networks like FaceBook? If so, listen up. One of the ways the bad guys take advantage of people is to take advantage of the trust factor that is built up with social networks.

How can this happen? Let's just say you happen to go to a website....say usatoday.com. And lets say you just happen to be unlucky and an ad that flashes up on the usatoday.com site happens to be one that the criminal bad guy has taken advantage of and planted a redirect that takes you to a site that runs the latest and greatest attacks on your computer. Could be a malformed PDF, Word, or Excel document. Next thing you know, your PC is being watched by the bad guy.

After a PC is has been infected with malicious software (Malware), some of the things bad guys try and steal are e-mail accounts, social network accounts, etc. Along with these of course, they also are looking for banking credentials, credit card credentials too. Now what? The bad guy has to keep spreading his malicious software around and take over more and more computers. This is how they continue to exist. Computers get cleaned from time to time so they are always looking to take advantage of people and tricking them to go places they really shouldn't go and take control of new computers.

With someone else's Facebook signon credentials, they can now send a message to all of your contacts with a link to a malicious website. Your friends trust you, so your friends click and BAM! They are now under the control of the bad guy and this scenario just continues to roll along. So, my advice to you is this when it comes to links sent from friends. DON'T CLICK ON THEM!!

Hang in there. Have fun, but be safe. Have a great weekend!

Friend's E-mail Account Hacked

The other day, I received an e-mail from a friend with a subject line of "Look". The body of the e-mail was short and sweet. It said "* Hi! Click the link, there is something funny for you" followed by a link that looked innocent enough to me. The computer security person in me thought this was a bit strange so I did a little checking on the site that was referenced in my friends e-mail.

After some checking, I found that the site was considered malicious and was hosted in China. I responded back to my friend and said that the computer security person in me wondered if he really had sent this. No response. Another few days and I get another e-mail from him with the same link. At this point, I contact him and he says no he didn't send me or any of the other contacts he had in his address book that were included on this e-mail.

Lesson, my friend had his e-mail account hijacked. The attacker who had control was trying to take advantage of the trust between my friend and his contacts in his address book. I sent a response to all the others who received the e-mail warning them of the malicious link. I never heard back from anyone but I had done my part.

Be careful when you receive an e-mail from a friend with a link, and this is also true of the other social networks like FaceBook, MySpace, and LinkedIn. My motto in computer security is to trust no one. Don't just randomly click on links just because one of your friends sends you a link. Hijacked accounts will send out messagse with malicious links and take advantage of the trust that is built up on these types of networks.

Be careful out there and stay safe. Happy Tuesday!

Patch Tuesday Happens - Make Sure You Patch

Well this past Tuesday, Microsoft pushed out 8 security patches that corrected at least 23 security vulnerabilities in Access, Word, Internet Explorer just to name a few. With all the talk in the national media about the April 1, Conficker Worm, this should make people check and verify that your updates have worked.

It is very important that patches happen, and the Conficker Worm should be your example. Microsoft came out late in October of 2008 with a patch (MS08-067). Many folks didn't update with this patch. Actually, millions of PC's didn't have the patch. So this allowed the criminal element behind Conficker to spread itself so fast and so successful.

So this is your reminder that patching is extremely important. Make sure your PC is set to download your Microsoft updates automatically. You can either select to install them automatically or notify you when updates are needing to be applied.

Another weekend is drawing to an end so lets get ready for the new week. Stay safe and be careful out there.

A Conficker Update

I wrote on March 31 about my thoughts on what would happen on April 1 when the Conficker Worm was supposed to come to life and melt the Internet as we know it. All the major media outlets running stories on this major outbreak of malware on the Internet...like it just started. I say to this, welcome major media outlets. The Internet has been infected for a long time. Taking steps to protect yourself should be done in order to not have personal information about you stolen by cyber criminals.

Why all the hype? Probably the main responsibility for spreading the hype was all the security vendors such as AV vendors, and other companies dealing in computer security. Nothing really happened April 1. Now on Thursday of this past week, the Conficker Worm started to push payloads to the infected hosts out there on the Internet. Things that were seen included keyloggers, rootkit functionality, and rogue anti-virus or fake AV which has been common in the past 6 to 9 months.

If you patched your Windows OS when they came out with updates in October of 2008, and use strong passwords, and disable autorun, you are probably just fine. You must always be on the lookout for new attack vectors. The bad guys are out there and they want to gain financially at your expense. Learn to protect yourself. I have many posts in the past that should help you in taking the steps to stay safe.

Stay safe, hope your weekend was fabulous and bring on the new week!

Media Hype about Conficker

The major media outlets are shouting from the mountain top about this horrible virus that will ruin the Internet as we know it. In my opinion, not much will happen April 1. Actually the USA only accounts for 5.8 % of all machines that are compromised. I don't normally watch CBS's 60 Minutes but I stopped when I heard the story about Conficker. If you saw the examples they showed, it is all true. You can get malware on your PC even if you have a firewall and AV.

What people should worry about is what happens after April 1. The criminals behind Conficker don't want the Internet to meltdown. This is how they make their money. And where are these attackers from? Most likely China, Russia, or some other Eastern European country.

Microsoft issued an out of band patch back on 10/23/08 that closed this vulnerability. Do you patch? If not, I preach it. Look up prior posts that I've written about on ways to make you more up to date with security patches. I recommend that you go to Secunia and download their client that helps you keep up to date on Microsoft, Adobe, and many other vendor software.

So when you wake up tomorrow, I'm sure that the Internet will still be there. You will be able to check your FaceBook, Twitter, etc. Not much will change. Just realize that the Internet is full of malware. They really know how to evade security software by morphing so that security vendors can't get a good signature of the virus. The Internet is already full of malware today. It will be full of it tomorrow. Learn to be more secure. Realize that it is a risk to be on the Internet. Learn to accept the risk and have fun.

Stay safe and have a fabulous April Fool's Day.

Holding Your Documents for Ransom

Well we've talked several times over the recent past of the evolution of the rogue anti-virus malware that has been working like a charm. It basically is malware that says your PC has malware and you need to buy their product to clean them. Well those behind these types of attacks have now started a nasty twist. It isn't the first time. This has been done in the past.

They take all your documents in the "My Documents" folder (default doc folder for Windows) and encrypts the files. And for a fee, say $50 they will let you have your documents back. Pretty nasty trick I'd say.

Some of the things we've talked about in the past to combat these is to keep your applications such as your Windows updates current as well as RealPlayer, WinZip, WinAmp, QuickTime, Adobe Reader and Flash, as well as iTunes. Keeping these up to date will not allow the criminal attacker the ability to run code remotely on your PC. Check back on some of my previous posts that help you keep you PC humming along.

Posting this on Sunday and my KU Jayhawks rolled into the Sweet 16 in this year's March Madness tourney. Good luck next weekend guys and lets keep it rolling! ROCK CHALK JAYHAWK!!!

Bad Guys Use March Madness as Bait

Leave it to the dirty rotten scoundrels who take advantage of people with current events. In the USA, March Madness is going on and many of you fill out brackets in the office pools. Not knowing all the teams that have been selected, you end up researching on the Internet. Showing up in some of the top Google searches as well as ASK.com are some malicious sites. These booby trapped sites will attack your PC by running exploits against vulnerable applications like PDF, Excel, flash, etc.

The folks over at Websense have the details posted on their site that you need to check out. Just click here to read that story. Trust no one. Be careful what you click on. It may not be what it appears to be.

Adobe Patches Version 9

Adobe has released a patch for the Adobe Reader/Acrobat for their version 9 of the software. Coming soon are patches for versions 7 and 8. If you have version 9, go patch. Stay safe.

Why is MyWindows PC Slow?

I'm often approached by friends and family that they have a PC that is running sluggish. So I thought I would publish a story that explains some of the reasons why this happens.

1) Probably the number one reason a Windows PC starts running slower is because some type of malware (malicious software) has been installed. More than likely you the user does not know this has happened. This is probably the top reason why Windows PC's start to run slower.

2) Another reason Windows PC's start to run slower is because when you purchased the PC, the amount of memory that was installed was not enough and as you purchase more applications to run, it just starts running slower due to lack of memory. You may want to visit www.crucial.com and see about purchasing more memory.

3) Many programs when you install them, have a service that starts up at boot up time. Many times they are not needed and you may want to review those applications that start up at boot time. Adobe, RealPlayer, and others can be eliminated from the start up. You can click this link I wrote on CCleaner. It has a handy tool that shows you what applications start up and gives you an easy way of deleting them.

4) As time goes by, you've installed and uninstalled many applications and sometimes the Windows Registry can get sort of frapped up. Once again, my previous reference to CCleaner, it has a tool that cleans up your registry. Click here for that posting.

5) Another reason that Windows PC's perform sluggish is due to a too intrusive of an Anti-Virus application. OK, I believe that Symantec's AV product is too labor intensive for home users. I personally use AVG's AV. Not as labor intense.

These are just a few reasons that slow Windows PC's. There are others but I consider these as the top ones that you can conentrate on. Stay safe and have a great rest of the week.

Obama Has My E-mail Address!

OK, it really isn't the real President Obama. It is the work of social engineers who are trying to entice you into clicking on links that promise you money from the stimulus bill that was recently signed in to law. Here is my friendly reminder to NEVER click on unsolicited links or attachments. Don't be a fool.

Spammers are always trying to figure out ways to get people to click on there tricks. I actually have 3 identical e-mails from someone purporting to be the president and he has money for me.

Hope your week has started off good and I hear the warm weather is coming! Stay safe.

ID Theft Up in 2008

That headline shouldn't be much of a shocker. The FTC has gathered statistical information on complaints received. Click here for the link to the original story from CNET. You can see each year it increases.

With data breaches like Heartland Payment Systems will add to those numbers in 2009 so protect yourself as much as you possibly can.

Kansas University Jayhawks put it the big hurt on the Missouri Tigers today. ROCK CHALK JAYHAWK!!!

Stay safe and have a great week this week!

Adobe, Microsoft, Facebook

Well this week has been all about the Adobe Reader/Acrobat 0day vulnerability, but Adobe did release updates to Flash this week. Along with the 0day that Adobe has, word comes out that Microsoft has their own 0day vulnerability that is being seen in only targeted attacks.

Really the best defense against these types of attacks is YOU. You have to decide if you are going to click on either a link that takes you to a document either through e-mail or a web site. Trust no one is my best advice.

Now turning to Facebook. This past week there have been a couple of apps that folks fall for. Both attacks are types of social engineering that try to get you to enter your login credentials. Folks, if you are already logged on to Facebook or whatever other site you are on and you click something that prompts you to login, DON'T DO IT!! Something is wrong with that scenario.

OK, hope you all are having a fabulous weekend and snow sucks. Stay safe and Rock Chalk Jayhawk!!

Adobe Reader and Acrobat Being Exploited

Thursday, the folks at Adobe announced that there was a vulnerability that is currently being exploited in all version 9 and earlier. The security group over at Shadowserver.org has been seeing targeted attacks that exploit this vulnerability that allows an attacker remote code execution. That sucks.

Brian Krebs from SecurityFix blog has a write up that you can read more details. Brian does a fabulous job keeping folks informed of computer security issues. Click here to read his post about the Adobe vulnerability. Adobe has a write up on their site too and you can click here to read that post.

As always you should never click on attachments or links in unsolicited e-mails. Stay safe and have a fabulous weekend.

More Scareware, Rogue Security Software

The folks over at Silent Noise indicated there is yet another version of the fake anti-virus that has been plaguing folks for many months now. This version isn't being recognized by anti-virus very well at all at this point. It is called AntispyKnight. Click here to read about Silent Noise's write-up on this new.

Great game today by the Kansas University Jayhawks. They beat those nasty KSU Wildcats. Stay safe and have a fabulous rest of the weekend.

Spammers Ready to use Stimulus as Bait

OK folks. I'm not going to bring politics into too much of my blog, but this stimulus bill absolutely sucks. Spending money we don't have. Well beware, spammers are already sending out spam for people to click here to get YOUR STIMULUS CHECK. OMG!!! Don't do it! But you know some will. If you are a reader of mine, just dump this just like you do the other spam that arrives in your e-mail inbox.

Hope all is well with everyone and all of you remember those you love on Valentine's Day. Rock Chalk Jayhawk. Hope we kick some Wildcat tail.

Heartland Payment Systems Breach Growing

I wrote about the Heartland Payment Systems breach that was announced on January 20, 2009. Financial institutions all across North America have been contacting their customers in the past few weeks informing them that their credit card or debit card has been compromised due to this large breach. I personally know many folks affected where I live in the great Mid-west. They’ve got their letters telling them a new card is on its way.

I believe this breach will surpass the breach that TJMaxx had. Their final total was around 94 million cards that were compromised. This one, I believe, will surpass the 100 million total. There is a site that has been reporting what banks have contacted them stating that they have been affected by this breach. It is far from complete. Click here to see an update from the site bankinfosecurity.com.

Hope you have all had a great week. Friday is just around the corner. Have a fabulous weekend. And of course, Rock Chalk Jayhawk…Let’s kick the Wildcats behind Saturday!!

CCleaner A Good Tool for Your Toolbox

OK, I have a tool for you to check out if you are a Windows user. The tool is called CCleaner. Click here for additional information. I'm going to give you some things I like about it. First of all, it is a free tool. I recommend you download it use it on a regular scheduled basis.

It combines a system cleaner that cleans your PC of unused temporary files from your PC. On top of that, it also has a great registry cleaner too. The reason you want to run this is that it allows you to keep your Windows system running faster and it also frees up hard drive space. It also has a nice section that helps you clean up all those tasks that happen when your system starts up. Seems like every application that you install with the default setup will always start up at boot time. You don't need to do this and this can slow your PC when your system tray is full of all these started applications.

Hope you all had a great weekend and of course ROCK CHALK JAYHAWK!!

Best Buy West Palm Beach - Breach

Sucks to be a customer of the Best Buy store in West Palm Beach. Sounds like a former employee was skimming credit cards from Best Buy customers. Best Buy has an announcement on their website. They believe that approximately 4,000 people could be affected. The time frame of this breach was in November and December of 2008

Click here for Best Buy's announcement on their website.

Injection Attacks Continue - Update iwdown

Well the Super Bowl is going to be starting in an hour and I'm ready to check those commercials out. I've watched the number of sites showing up that have been affected by hxxp://iwdown.com/inc/e.js that is hosted in China. A few days ago when I wrote my first post on this injection attack, the Google search results showed roughly 135,000 sites that been affected. Today, it is roughly 430,000. Now realize these numbers aren't exact, but it gives you an idea how things are progressing.

Hope your team wins tonight in the Super Bowl and hope your weekend has been great.

February = Malicious E-cards for Valentine's Day

February is here and with it, love is in the air. As February 14 nears, expect to see some fake e-cards from people you don't know to show up in your inbox. They are already being seen by some security research companies. All you have to do is remember this easy statement. NEVER click on any attachments or links in unsolicited e-mails. Anymore today, you can't even trust e-mail from those you know because if they are hacked, expect everyone in their contact list to get malicious spam e-mails also.

Have a happy Super Bowl Day today. I'm cheering for the Cards. Always hanging with the underdogs. Stay safe.

Injection Attacks Continue

In my line of work I come across websites that have been hacked and code is injected leading to a website loaded with malware ready to take advantage of people who don't patch their PC's. Today was the website executivehomemaker.com. Hidden inside this legitimate site is a redirect to hxxp://iwdown.com/inc/e.js. A site hosted in China.

This is just another in a long line of sites with vulnerabilities that allow the bad guys to take advantage of the casual surfers. They don't patch, they probably click on links in spam e-mails and on and on. My last search on the iwdown site shows 135,000 sites with these injections. Click here an see the search results.

Stay safe and have a fabulous weekend and ROCK CHALK JAYHAWK!

Asprox Botnet is Back!!

The Asprox botnet has come back to life with malicious injections into legitimate websites. Click here to see the Google search on the malicious injection. The site hosting the malicious code is h!!p://www.wmpd.ru. Now let me warn you, DO NOT CLICK ON THESE LINKS!!! These websites in this search have a vulnerability that allows attackers to inject this code. They need to close the vulnerability or they will continue to have possible attacks on their websites.

It is a good idea to avoid these sites. If your PC is not patched with all the software you have installed, then your PC can fall victim to the attackers and your PC can then be in control of the attacker and their botnet.

Hope everyone is having a safe weekend and I hope it is warmer where you are than here in the state of Kansas.

Monster.com/USAJobs.gov sites Compromised

Read on Internet Storm Center's website that Monster.com and USAJobs.gov had their databases compromised. Click here to read the details from ISC. Information from these databases was stolen. USAJobs.gov's database is administered by Monster. Click here for USAJobs.gov post detailing the information they know. Click here for Monster.com's post detailing the information they know.

So what are the dangers? Thing targeted spear phishing attacks to follow on the heels of this compromise. Those on Monster and USAJobs will now be in the cross hairs of malicious attackers. From the press releases, login credentials were also taken so if you are one of those who likes to use the same password for many things, as Joel Esler states in the ISC Diary posting, might be a good time to go change that password on yourbankhere.com. We've talked about not using the same password for everything, especially financial accounts.

Heartland Payment Systems - Data Breach

This week on Tuesday, the busiest news day here in the United States, an
announcement was made by Heartland Payment Systems that they uncovered
malicious software in their processing system. They ONLY process about 100
million transactions each month so surely this isn't that big of a deal.

It is early on in the investigation, but this data breach may even
de-throne TJX and their 94 million cards compromised back in 2006-2007.
This company serves more than 250,000 businesses ranging from restaurants,
retailers, convenience stores including pay-at-the-pump, to payroll
systems.

According to the New York Times, the malicious code was introduced into the Heartland Payment System's infrastructure as early asMay 2008. And Heartland didn't actually take the matter seriously until late Fall of 2008. They were contacted by VISA and MasterCard twice before they took this seriously. Then they chose inauguration day to make its announcement. Precious!

I would suggest to everyone to monitor closely your credit card statements and bank accounts if you like to use your debit card. Report any fraudulent charges immediately to your card issuer. Just a couple of weeks ago, there was a report of small charges, as little as .25 cents run through many credit card accounts. Some theorize someone is trying to find out if illegally obtained credit card numbers will work before making larger charges.

From Heartland's own special website www.2008breach.com, they are saying that this may be the result of widespread global cyber fraud operation and that the US Secret Service and the US Department of Justice are involved in the investigation.

UPDATE: I do know that banks are currently contacting customers who may have had a credit or debit card compromised in this data breach.

Fake Antivirus Scenario

So you do a search in your favorite search engine like Google, Yahoo, or others. You search on a topic of interest, then you click the link to see if it is something you were researching on.


But when you click on the link it does not take you to the site. It pops up a message that looks like this. It's kind of a scary message that says hey you have some bad stuff on your machine.

Now if you get this message, I would advise you not click on the OK or the Cancel buttons. Wouldn't even click on the X. Interesting thing is the bad guy has disabled the ability to go down to the START bar in Windows and right click the Windows Internet Explorer to close it. So here is my advice to close that Explorer window. Bring up the Task List (Cntl + Alt + Dlt) and then kill it from there.

Stay safe out there and Rock Chalk Jayhawk!!!!!

Huge Botnet Being Built by Downadup

A huge number of PC's are being compromised because they lack the patch for MS08-067. This was one of those out of band patches Microsoft came out with in the 4th quarter of 2008. Patching your Windows PC is so very important. F-Secure, a security research firm has been tracking this over the past week. I'm linking you to a story out of ComputerWorld.com. Click here to read how this botnet is growing super fast.

Might want to check out the patches that are installed on your PC. Make sure that you have MS08-067 installed. Run your Microsoft update to see if you are up to date.

Hope you all are having a great weekend. Stay safe.

Twitter Security Does Not Equal 'happiness'

If you have listened to the news lately, and you are a user of Twitter you have heard about a phishing attack that happened a few days ago, and then shortly after that. The story goes, there was an employee of Twitter who had a weak password and the 18 year old hacker used a dictionary attack on some Twitter accounts and just so happened to crack the password. Once the hacker knew what account they actually hacked, he realized that he was able to take control of anyone's Twitter account.

So, Bill O'Reilly, Brittney Spears, Barrack Obama, just to name a few, all had their Twitter account passwords reset and then they were under control of the bad guy. To make a long story short, the Twitter account that was hacked had a password that was a word from a dictionary. It happened to be 'happiness'. Any word that can be found in the dictionary is considered a weak password. So here is my lesson on creating passwords.

Steps in creating a strong password are as follows.
1) Make a passphrase that is more than 10 characters.
2) Use a combination of upper and lower case letters as well as numbers and special characters.
3) Don't use the same password for multiple accounts, especially financial accounts.

So you want examples? What about your favorite vacation spot? So you love to travel to Rocky Mountain National Park. So you could create a password that incorporates special characters, numbers, and upper and lower case letters. How is this for a password. iL0v3therock1es. There is a 15 character password that isn't too hard to remember. You can use all kinds of things like this to create you a strong password.

Don't be a twit. Use strong passwords. Have a great Friday tomorrow and I'm planning on a fabulous weekend!

Phone Scamming Bastards!

I just got a call that when I answered was a recorded message that said something like "your warranty on your new vehicle is about to expire. Push 1 to talk to a warranty specialist, or push 2 to close your warranty out." So just for fun, I pushed 1. Then I get this real operator on the line who asks me the year and model of my car. So being a suspicious person, I said he should know what year and model my car is because he has the file in front of him. Then total silence....then I was disconnected.

The moral of this story is, ALWAYS be careful what you give out over the phone. I'm not really sure what type of information they were wanting or what they were wanting to sell me but the call was cut pretty short. It just so happens that I do have a car that is under warranty so it made me just a bit curious. Never give out information on the phone, especially to people claiming to be from your financial institution. If you question the caller, always hang up and call your institution.

Have a great week!

Cyber Attacks a Part of Arsenal

I'm sure you've heard about the violence between Israel and Hamas. Cyber attacks are a part of a Hamas response. Websites in Israel have been attacked using defacements of websites and has escalated to denial of service attacks and more. If you remember last year, attacks using military and cyber warfare was used against Georgia also. Seems as this is becoming just another part of attacks on your enemies. Not only with military strikes, but also with cyber attacks.

Click here to read a short update from the guys and gals at the Internet Storm Center. They do a fabulous job and are a great resource to keep up with what is going on in computer security.

Rock Chalk Jayhawk! Go KU! The guys from Kansas University put it to the Volunteers of Tennesse today in Allen Field House.

Bot Activity Blocks Me from Computer Security Page

Well this evening I was going through stories listed on one of my favorite sites for computer security news. I keep up daily on what is going on as a part of my job. Tonight, I find that they have blocked me because there has been too much "bot activity" and "script kiddie activity" from my IP range. Well, I'm in northeast Kansas near Kansas City and my service provider is Cox Communications. What does this tell me, well it tells me that there are a lot of folks here in my area within my IP range have compromised PC's.

Hey folks! Read my blog and maybe you can keep yourself better protected than you are right now. Here is a picture of the screen I get. Actually pretty funny because it is animated but it ticks me off that I am blocked. Wishing people would be more responsible. Well I'm out for now. Hopefully you all had a fabulous New Year and I've got to go to work tomorrow.