Your Daily Computer Security Tips

The distributed denial of service (DDOS) attack against Twitter, Facebook, Google and others that occurred last week, appears to have been quite a sophisticated operation. It seems to have involved a botnet, that launched simultaneous attacks against several social networking sites.

Why? Well, it looks to have been aimed at one particular person, a Georgian blogger named Cyxymi, whom the Russians do not like. That’s right, it is bound up in that Russia – Georgia regional conflict.

Twitter was knocked offline for a while, Facebook acted strangely, and even Google struggled to minimize the effects of the attack. All this was to keep Cyxymi from being seen or heard on the Web, which is quite disturbing when you think about it.

Do not allow your computer to become part of a botnet, and used for illegal or unethical purposes like this. Keep all your security programs up to date including Windows. Do your scans on a regular schedule. Follow safe surfing and email practices.

A Boston University graduate student has been fined $675,000 for illegally downloading and sharing 30 songs. He has to pay the cash to four record labels. Joel Tanenbaum, 25, admitted to the dastardly deed, and could have been fined millions of dollars. He also admitted on the witness stand that he had in fact downloaded and shared over 800 songs.

Tanenbaum’s lawyer has said he will appeal, because he was not allowed to argue a case based on the fair use provisions of copyright law. The Recording Industry Association of America (RIAA) is pleased with the verdict, although Tanenbaum said he will declare bankruptcy if the verdict stands.

I have always advised not to download and share files illegally, if for no other reason than the great risk you run of being infected with viruses, Trojans and worms.

Well, it did not take long. Hackers have cracked the Windows 7 activation just one week after the new operating system was certified for RTM, or Release To Manufacturing. The leaked product key apparently came from Lenovo, one of the big computer makers who are allowed to pre-activate Windows on their new PCs at the factory.

This saves us poor consumers the annoying hassle of the activation process. But Microsoft has to provide these OEM manufacturers with master keys for this purpose. That is what was hacked.

Windows 7 uses something called OEM Activation 2.1. The hack requires that you mess with the BIOS, and is definitely not for the faint of heart. Many users have had problems with it, although many others report success.

What not to do: If you are thinking of downloading Windows 7 from one of those peer-to-peer sites, I do not recommend it. Aside from the legal questions, you could very well get a boatload of malware along with the o/s. This past May, a copy of Windows 7 RC (Release Candidate) was available on a file-sharing site, and contained a Trojan horse.

Windows 7 will be released to the general public on Oct. 22, 2009. Subscribers of TechNet and MSDN services may be able to get a final, legal copy next week. You can still grab yourself a copy of the RC direct from Microsoft. It should be malware-free. However, this is for experienced users only. Go here: http://www.microsoft.com/windows/windows-7/get/download.aspx

Criminals in the Ukraine launched a complex, well-organized scheme against Bulitt County, Kentucky just the other day. They ultimately stole about $415,000 from the county’s bank accounts, with the help of some 25 individuals in the U.S. These persons received unauthorized wire transfers from the county’s bank, and were then instructed to wire the money (less a commission) to the Ukraine.

The attack apparently relied on a keylogger Trojan, which somehow got onto the county’s computers. The Trojan created a direct connection between the infected Windows computer and the attackers. In this way, the hackers were able to log into the county’s bank account over its own Internet connection.

This is important, because together with some other email trickery, it made the bank think the remote attacker’s computer was newly authorized to access the county’s bank accounts and conduct business.

The important point for us in this cautionary tale of woe is those 25 accomplices. They were initially recruited to edit text and correct grammar (sound familiar?). Then they were gradually led into the illegal money transfer scheme. Many are out thousands of dollars, as their banks froze their accounts and demanded the return of the money transfers.

Do not, repeat not, open or read spam emails. What exactly is spam? Good question. It is simply email you were not expecting, or where you do not recognize the From address. Never click on links in a spam email. You could end up on a malicious site that will damage your computer.

Do not get involved in these kinds of deals requiring money transfers. If in doubt, show the email to your bank.

Security companies Symantec and McAfee will pay the New York Attorney General $375,000 in fines as a settlement of charges that they automatically charged customers for subscription renewals without permission. In addition, the two companies promised to make it clearer what, when and how customers will be charged these renewal fees.

If you were automatically charged to renew your subscription to one of these companies, you can get a refund within 60 days.

Meanwhile Microsoft is getting closer to releasing its long-awaited free antivirus software for PCs. It is called Morro, supposedly after a beach in Brazil, and should provide basic protection against viruses, trojans, spyware, rootkits and other nasties.

A preliminary version is in use by Microsoft’s employees, and a public beta version is due “soon”. Symantec and McAfee profess to be unconcerned, saying they can compete with anyone.

If you are fed up paying for antivirus protection while waiting for Microsoft’s new program, get your protection for free right here.