Your Daily Computer Security Tips

Boo! Happy Halloween everyone. (Are ya scared yet?)

Before going out Trick or Treating, be sure to watch this silly yet instructional video:

http://www.youtube.com/watch?v=bVnfyradCPY

Have a good Halloween and weekend,

Syd

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

A malicious program has resurfaced, that attempts to do an end run around Facebook security filters. The crooks are hosting videos that look like YouTube videos on sites like Google Reader and Picasa. Then they use Facebook accounts to encourage users to visit the sites and see the videos.

The links appear safe because they go to well-known sites. But once there, you are asked to click on a link. Suddenly you get a warning that you need to install special software to view the video. That software contains a Trojan.

The current attacks use Facebook messages to get users to go to the videos. The messages are often misspelled, or contain bad grammar, perhaps in an attempt to outfox security filters.

If this sounds familiar, it should. A similar attack was going around in July.

Facebook and Google are working to fix the problem. Facebook has more than 110 million users.

Security company Trend Micro is warning about an email scam making the rounds of your inboxes. The emails appear to be airline invoices. A boarding pass is also included.

The message says your credit card has been charged, usually for almost $1,000. A zip file is attached. Out of annoyance or curiosity, you may be tempted to open that file.

If you do, your computer will be infected with a worm. It will install attack code on your PC. Then all sorts of bad things will start to happen to your computer. Just delete these emails without opening them.

Similar attacks have been sent out before. Watch for this email, or variations thereof.

Three weeks ago, security company Symantec issued a free tool to repair computers that were damaged by that Windows XP Service Pack 3 (SP3) update a few months ago. Users running Norton software lost their Internet connection, among other snafus. This affected both landline and wireless hookups.

Now Microsoft has also come up with a fix to solve these problems. You can get it here.
Read the support document before applying the fix.

Symantec first blamed Microsoft entirely for the difficulties, but later acknowledged it was partly responsible. Microsoft, for its part, said “some antivirus applications” may have caused the problems. The software giant then went on to mention Symantec by name as one of the culprits.

Microsoft may have begun to serve up Windows XP SP3 via the Windows Update Automatic Update feature. If you have not installed SP3 yet, you might as well go ahead and do it. The problems have largely been solved now – unless you have an AMD processor.

In that case, do not install SP3; it will cause your computer to reboot endlessly.

Microsoft appears to be blocking SP3 from PCs that have an AMD processor anyway, and may do the same to systems that have vulnerable antivirus software. If you do not get SP3 for whatever reason, just continue to apply all patches as they become available, and you should be OK.

When I first saw this I thought, you have got to be kidding. Just how many ways are there to spy on you and steal your information? A great many, it seems. Two doctorate students in Switzerland used four different methods to capture what was typed on a keyboard.

The idea is to detect the small electromagnetic radiation given off, when a key is pressed. A simple cable can pick this up from a meter away. A larger antenna picked up keystrokes through a wall.

The various tests showed that keystrokes could be detected from as far away as 20 meters, or about 60 feet.

The students noted that they used rather inexpensive equipment. Someone using better gear could monitor your keystrokes and typing from even farther away. They also criticized keyboard manufacturers for not making their keyboards more secure.

It has long been known that keyboards were vulnerable to this type of monitoring, at least in theory. But this is the first time it has been clearly shown to work, and using simple equipment at that.

What should you do, if anything? About all you can do is avoid public computers, and watch around you for any suspicious behavior.

You have no doubt heard for years now about the need to protect your computer with antivirus and antispyware programs. But this is just the minimum equipment you need for safe surfing. You also need a good firewall. Plus, you may have heard about rootkits from time to time, so let’s take a closer look at what they are and what they do.

Rootkits are a very stealthy form of malware that hide in the root or kernel of Windows, hence the name. You may have read that they are a new tool that hackers are using to penetrate your computer. In fact, rootkits have been around since the olden days – which in computer terms means since before the bad old days of DOS! If the name sounds vaguely familiar, it may be because some years ago, Sony included a rootkit on a music CD, to prevent copying. A storm of outrage followed, and Sony removed it.

A rootkit will bury itself so deeply in Windows that your regular security programs usually cannot find it. It can hide in the microprocessor, and reinstall itself if you should succeed in removing it. It can also modify its code regularly, to avoid detection by your antivirus program. It can sometimes be found within another program or application.

This is one more reason to avoid unnecessary downloads. When you do download something from the Internet, make sure it is from a known, trusted source. Train your kids to ask permission before downloading stuff, especially games.

Once your computer is infected with a rootkit, it can be used to send out a flood of spam. Or a keylogger might be installed to record your every keystroke, including passwords and credit card numbers. Other malware such as a Trojan can be installed. Perhaps your PC will be added to the hacker’s botnet, and used to infect other computers. All of this happens, of course, without your being aware of anything wrong.

As with a lot of malware, rootkits tend to become more sophisticated, harder to detect and more dangerous with time. So as you can see by now, a specific rootkit detector and remover should be part of your defenses.

Rather than look for telltale virus signatures, these latest antirootkit scanners usually work by comparing what Windows thinks your system looks like, with what is actually on your hard disk. They will also search for hidden files and suspicious registry keys. If any discrepancies are found, you might have a rootkit on your system.

You can get a good, free rootkit remover from security company F-Secure. It is called Blacklight. Go here: http://www.f-secure.com/security_center/ Scroll down to the bottom of the page. Under Downloads, click on Blacklight. Download the file called fsbl.exe and install it. Run it once or twice a month, or more often if you think your computer is behaving strangely.

This antirootkit scanner, like most others, simply removes the cloaking from any rootkits found on your PC, but does not actually remove the malware itself. So if it ever does find such an infection, follow up immediately with your full antivirus and antispyware scans.

Syd Tash is a longtime computer security consultant, author, and founder of
The SaferSurfing Project. He has been keeping Web surfers like you safe and secure since the last century. Find out how to keep yourself safe online and do your part for a more secure Internet. Join the SaferSurfing Project here
=> http://SaferSurfingProject.com

You may include these Tips in your Web sites and publications provided they remain unchanged and include the above paragraph, with the author’s name and Web site. You can also get a direct URL to this post. Click the title, then copy the URL in the browser address bar.

Microsoft just issued an emergency patch for Windows. It repairs a critical flaw that is already being exploited by the hackers in limited attacks. It works by allowing a worm to infect your computer. If successful, the criminal could gain control of your PC. He could then install programs, change or delete data, etc.

The bug is in the Windows Server service, which connects file and printer servers on a network. Malicious messages could be sent to a PC running Windows Server, allowing the attacker to take control of the computer.

Corporate networks are most at risk. Firewalls should prevent or limit the spread of this bug on the Internet. Even so, users of Windows 2000, XP and Windows Server 2003 should update immediately, or check that their PC updated itself automatically.

Windows Vista and Server 2008 are less at risk, but these users should check for updates as well.

Microsoft has issued a warning about email messages supposedly coming from the software giant. The messages claim to contain a critical security patch, or update, as an attachment.

You know better than to open an attachment in an unsolicited and unexpected email, right? Because if you open this attachment, you will get yourself a keylogger installed on your computer.

A keylogger is a program that records your every keystroke, including credit card numbers and passwords. It then sends the data to a hacker over your Internet connection.

The emails say something to the effect that they are part of an “experimental private” update service. Microsoft never sends out updates by email. Nor do any other reputable companies. This is spam. Just delete it.

It is easy to fake or forge the return address on an email. If an unexpected email seems to come from a large, well-known company, you should be more, not less, suspicious.

If you are a regular reader of these Tips, you know I have often advised you never to reveal the three critical pieces of personal information unless you really have to. These are, your Social Insurance/Security Number, date of birth and mother’s maiden name. And of course you should guard all your personal data well.

So why is identity theft the top consumer fraud crime for the past seven years in a row?

The U.S. Government Accountability Office has just released a study of 247 counties across the country, looking at how they handle sensitive info such as Social Security Numbers, birth dates, land and marriage records, bank and credit card numbers, etc. once they have posted this stuff online.

Here are some startling results of that study:

* only some 16% of the counties have any control at all over who can access the records;

* just 23% of counties make any effort to verify the identity of persons or companies requesting the info.

Businesses can obtain these records in bulk, and use or resell them as they see fit. There appears to be no law prohibiting or controlling the posting and access of personal data online. Several such laws are pending in Congress now.

Awareness of the problem is growing, and government agencies are making some efforts to reduce their use of Social Security Numbers. That’s a good thing.

It may sometimes seem futile to continue making the effort to protect your sensitive data. Let’s all do it anyway, and hope the situation improves soon.

No, it’s not a Halloween site. It’s a batch of emails that have been circulating for a while now, which contain links to fake YouTube sites. If you click the link, you are taken to a site that looks so much like the real thing, it’s downright scary.

Then when you try and watch a video, you get a message saying you need to install some software first.

If you accept the software, you also get a virus. After your computer is infected, you are redirected to a real YouTube page, to cover up the crime.

What to do? First, of course, do not open or read spam email. Above all, do not click on any links in such emails. Slide your mouse over the link, and look at the bottom left corner of your screen. You will either see nothing, or a Web address which does not match YouTube’s real address.

Either way, it indicates trouble ahead. Do not click that link! And never accept unsolicited or unexpected software downloads or installations. That is one of the scariest things you can do.