Your Daily Computer Security Tips

Next week, there will be a Black Hat computer security conference in Las Vegas. Researchers will talk about and demonstrate all sorts of evil, unethical or borderline software and techniques.

One such new program is a GIFAR, or hybrid file. It is a combination of a GIF (graphics interchange format) and a JAR (Java Archive).

When you open such a file, it will allow the attacker to run code in your browser, and therefore steal your login credentials from any account you log in to. The attack would work on any site that allows you to upload files.

Java is a programming language made by Sun Microsystems. Sun is expected to issue a patch for Java shortly after the conference, to prevent this attack. In fact, it would be a good idea to check if you have the latest version now.

Go to http://java.com and click on “Do I have Java?” Follow the instructions.

The researchers claim that there may be many ways to mount this attack, and other types of attacks are possible. They say browser security needs to be much improved.

They may well be right, but here’s my question: Why do legitimate researchers spend their time thinking up attacks like this? Don’t they have anything better to do? Like thinking up new applications and improvements??

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Do you have a Vista computer, and long for the good ol’ days of Windows XP? Maybe you have some old programs that won’t run under Vista. Or perhaps you are just used to XP. Well, take heart. There are several things you can do. Ummm, well, two anyway. First, visit Microsoft’s Vista compatibility site to see if you can work out your problems. Go here: http://www.microsoft.com/windows/compatibility/

No luck? Then the other thing to do is run XP virtually, within Vista. To do this, you should have 2GB of RAM in the PC, and a fairly good processor. You will also need a legal copy of XP, and the original disks. Now download and install the free Virtual PC 2007 from Microsoft here:
http://www.microsoft.com/windows/products/winfamily/virtualpc/default.mspx

Launch the program and click Action, New Virtual Machine Wizard. This will guide you through the installation of XP. You will be asked how much RAM you want to allocate to XP. The minimum should be 512MB. Go through the steps; it is similar to a regular XP installation, and will take about an hour.

Finally, you will probably want to install some extras, so you can move files between the two operating systems, which don’t forget are running simultaneously. Launch XP, and click Action, Install or Update Virtual Machine Additions.

There are two iPods in my family, and we get our music from Apple’s iTunes Store. I have resisted the call of free music from those Peer to Peer (P2P) networks, partly out of concern for viruses and other malware. Sure enough, security company McAfee recently reported that up to half a million of its subscribers were infected with a Trojan disguised as an MP3 file.

The malware was mostly picked up from file-sharing sites such as eDonkey and Limewire (as of this writing, the eDonkey site is not available). A Trojan, generally speaking, is a program which you expect to perform a certain action, but which actually does something else entirely, usually malicious – remember your Greek mythology!

This latest Trojan is known as Downloader-UA.h, and can have many different file names. The MP3 or media file containing the malware is worthless, and has no music or video. When you try to play it, the file PLAY_MP3.exe is downloaded to your computer.

If you try to run or install it, you will be greeted with a long, tiresome End User License Agreement (EULA). When you read it (and most people don’t, unfortunately), you will see a line saying that Third Party Software will/may be installed.

Any time you see that in an EULA, it is time to head for the exits quick, and delete the whole mess. But note that some versions of this malicious file contain no EULA at all. Once infected, your computer will throw ads at you. The Trojan also instructs some media players to go to a certain URL, often fastmp3player.com, which appears to be the actual adware installer.

If you have fallen victim to this type of malware, your security programs should now be able to clean it right up. Update your antivirus and antispyware programs, and then run them all, one at a time of course. If problems persist, reboot Windows into Safe Mode, and run all the scans again. Safe Mode is Windows in its bare bones, minimalist state, so it will look odd. But it therefore leaves malware more vulnerable to attack and cleaning. Having trouble getting into Safe Mode in Windows XP? Read my blog post here: http://mypcsecurityblog.com/featured/safe-mode-revisited

Ultimately, where you get your music from is up to you. At least, be aware of the dangers free music can bring you.

Syd Tash is a noted computer security consultant and author of How to Protect Your Computer Online. He has been keeping Internet surfers safe and secure since the last century. Find out how he does it; protect your own computer with five layers of protection right here: = > http://MyPCSecuritySite.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

Here’s one more in a seemingly endless supply of IRS phishing scams. You get an email, supposedly from the Internal Revenue Service. It asks you to click on a link to an IRS site so you can fill out a form to get a tax refund. Of course it is a phishing scam, designed to steal your personal information.

But watch out for unexpected twists and unusual variations. One such email had a link promising you a downloadable IRS report on your employer. If you click on it, you will sure enough download something. But it will be malware, not a report.

Remember, the IRS does not send out emails advising people of tax refunds.

Meanwhile, in Quebec, Canada, the Government is warning people to avoid those online offers for foreign exchange trading. The emails, blogs, Web sites, etc. offer to teach you how to make big profits from forex trading. You can even sign up others under you and earn a commission, in an apparent pyramid scheme.

Foreign exchange trading is very risky. Big companies have lost millions, sometimes even billions, dabbling in this area. Since it appears to be a pyramid scheme, which are illegal in most places, you could be breaking the law if you sign up or sponsor someone else. Steer very clear of these schemes.

Syd Tash is a noted computer security consultant and author of How to Protect Your Computer Online. He has been keeping Internet surfers safe and secure since the last century. Find out how he does it; protect your own computer with five layers of protection right here:
= > http://MyPCSecuritySite.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

Hackers have recently released software code that could be used to exploit that serious flaw in the Domain Name System (DNS). The DNS is used to route traffic on the Internet, making sure it gets to the right computer.

Using this bug, a hacker could launch a phishing attack that is nearly impossible to detect. The only way to prevent such attacks is for your ISP to install the latest DNS server updates. This takes time.

The bug was accidentally disclosed earlier this month. But it had been known for months, as the big DNS software houses worked to fix it. These include Microsoft, Cisco and the Internet Systems Consortium (ISC).

There is not much you can so to protect yourself against this type of attack, except to be vigilant. Examine a site closely before giving sensitive info, and make sure it is secure. Minimize your use of online banking, for now. I’ll keep you posted.

Ever since that Windows XP Service Pack 3 was released by Microsoft a couple of months ago, I have been advising you not to install it just yet, but to wait until all the bugs and problems were worked out.

Those problems have indeed been largely resolved, and you might as well go ahead and install SP3 now. I installed it on my XP machine with no problems.

But first, back up all your important files. Also, make a Restore Point by clicking Start, All Programs, Accessories, System Tools, System Restore. Click “Create a Restore point”. Call it something like “Before XP SP3”.

Then go to the Microsoft Update site and download and install Service Pack 3. It will take about one hour.

A 23-year-old man in Oregon got himself four years in prison for selling illegal copies of software on eBay. Along the way, he was also convicted of ID theft for using some 40 eBay and PayPal accounts to make the sales.

J.J. Mondello reaped more than $400,000 from his unlawful activities, but had to pay back $225,000 in fines and do 450 hours of community service when he gets out of prison. He got his victims’ names and information from keylogger programs, then sold software from Symantec, Adobe and Intuit.

The Software and Information Industry Association (SIIA) brought the complaint against Mondello, and has 32 other cases pending against eBay sellers who may be selling pirated or counterfeit software.

We all get endless offers to buy software. It is all over the Internet. Unless it is from a reputable source, it can contain viruses, keylogger programs, or other malware. Be on guard.

You have no doubt heard of those Nigerian email scams promising you millions in commissions. All you have to do is open a bank account, and help with the transfer of the cash. And pay some fees and taxes. And bribes. And more fees… etc. etc.

I’m sure you have gotten plenty of these emails yourself. Well, MSNBC decided to try and find the people behind this fraud. Watch this fascinating video: http://youtube.com/watch?v=2-wFhy0ouzI

After watching the clip, you will see links to other, followup videos. Watch them too, if you like, and send the above link to your friends. It could save you a lot of money and grief.

I have often repeated that you must keep your antivirus program up to date (as well as all your other security programs of course). But what if your antivirus software finds a virus or other malware?

The program will delete or quarantine the nasty stuff, or present you with options to fix the problem. But that is not the end of the story. It is a good idea to then delete all your Restore Points.

Restore Points are complete system snapshots that Windows takes from time to time, or you can make one yourself anytime, say before installing new software. If you have a problem with your computer, you can roll it back to one of these Restore Points, when all was well.

The problem is that some Restore Points may have been made while your computer was infected with a virus. Going back to that Point will re-infect your computer. Viruses love to hide in Restore Points, because antivirus programs cannot usually find them there.

So to delete all your Restore Points, click Start, Control Panel, System, System Restore tab. Check the box next to “Turn off System Restore”. Click Apply and wait. Click OK. Reboot your computer.

Now you must turn System Restore back on. Click Start, Control Panel, System, System Restore tab. Clear the check mark beside “Turn off System Restore”. Click Apply. Click OK.

Way back in 2006, the University of Michigan conducted a study of 214 banking sites. A few details of the study have just been released, with the full findings to come on Friday, July 25.

The study found that more than 75% of the sites had design flaws that could allow login credentials or other confidential data to be stolen. These are vulnerabilities that cannot be fixed with a software patch.

For example, nearly half the sites didn’t use SSL (secure sockets layer) to encrypt login pages. This makes it easier for a hacker to steal your login info, without you even knowing it. Another problem was putting sensitive or confidential information on insecure pages.

In some cases, users were allowed to choose weak IDs and passwords. Some banks emailed passwords and statements, which is risky since email is not secure.

Although the study was done in 2006, many of the problems are believed to still affect banking sites. If you do your banking online, at least make sure that every page you enter data on, is secure. It must begin with https://… and you must see that little gold padlock in the upper or lower part of your screen.

For more on Internet banking, read this post from last January:
http://mypcsecurityblog.com/alerts/do-you-do-your-banking-online-read-this

Syd Tash is a noted computer security consultant and author of How to Protect Your Computer Online. He has been keeping Internet surfers safe and secure since the last century. Find out how he does it; protect your own computer with five layers of protection right here: = > http://MyPCSecuritySite.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.