| Bry, the computer guy... Two Computer Attacks In Our Area Represent Serious Threats There are two attacks that are now happening with such frequency that I feel the need to publish this alert. The number one "bad guy" attack is the banking trojan. The current banking trojans can steal your info and then start siphoning off your cash. Let me put it bluntly. I DO NOT RECOMMEND THAT YOU DO ANY ONLINE BANKING OR ANY ONLINE FINANCIAL ACTIVITIES!!! IT IS VERY DANGEROUS. If you have online banking, close that account. Do all banking via the telephone, personal visits and snail mail. I hate to write that. Online banking is so convenient. But the reality is that it is now dangerous. I have closed all online financial activity for myself and will be sending out emails to my clients suggesting that they do the same. If you don't believe me, please google the words "banking trojan" (without the quote marks). Read as many articles as it takes to scare you to death. It won't take long. The second attack is an infection that gets by every anti-virus and spyware protection that you have in place. It starts with a very safe sounding service - either "On-Line Safety Check" or "Windows Security System check" and it tells you with a pop-up on your screen that you have been infected with so many trojans, viruses, etc. If a window pops up while you are the computer warning you that you have infections, IMMEDIATELY TURN OFF YOUR COMPUTER. IF YOU HAVE A TOWER, UNPLUG THE POWER CABLE. IF YOU HAVE A LAPTOP, HOLD DOWN THE POWER BUTTON FOR TEN SECONDS. You don't have to smash the button. Just hold it down firmly for 7 - 10 seconds. If that doesn't turn it off, then unplug it and close the laptop. Turn it over and take out the battery. DO NOT TRY TO "X" OUT OF THE POPUP WINDOW. YOU MUST TURN OFF POWER AS SOON AS POSSIBLE. SECONDS MATTER. DO NOT WASTE TIME READING THE MESSAGE. If you don't get it turned off within seconds, you will be infected to the point that only a reformat and reinstall will get you back your computer. So far this attack does not apply to Mac's - only PC's. You should then call an expert because you want to restore the computer back in time to the previous day. Never try to restore the computer back in time beyond what is necessary. If you don't know how to do a restore, you can call me for directions. You should know which operating system you have - XP, VISTA or Windows 7. This is the worst "bad guy" I have ever seen in our area. I am getting calls every day about this attack. There are many variations so I haven't gone into very much detail because they are all related. A reformat and reinstall will cost in the area of $200 and should save your data. If you have no data to save, then the price should be more in the area of $145. I charge less than these amounts but I generally am less expensive than most. |
| BEST ANTI-VIRUS Currently, the best anti-virus is a free program called Avira. You can download it from here: http://www.free-av.com/en/download/index.html Download the free version. I do not recommend the premium or suite because you get stuff you don't need. It slows down your computer. The program is free BUT IT WILL HAVE AN AD POP-UP EVERY THREE DAYS. Just "X" out of the ad (top right corner) and it won't be back for three days (unless they change things). Here is a sample ad: But first, you should uninstall your current anti-virus program. That is the problem. They usually are not going to come off of your system that easily. If you have a problem, call me, Bry and just mention that you read this article. I will help you for free over the phone. |
NEW COMPUTER ATTACK AGAINST FIREFOX
A Russian security researcher on Thursday said he has released attack code that exploits a critical vulnerability in the latest version of Mozilla's Firefox browser.
The exploit - which allows attackers to remotely execute malicious code on end user PCs - triggers a heap corruption vulnerability in the popular open-source browser, said Evgeny Legerov, founder of Moscow-based Intevydis. He recently added it as a module to Vulndisco, an add-on to the Immunity Canvas automated exploitation system sold to security professionals.
"We've played a lot with it in our labs - it was very reliable," Legerov wrote in an email to The Reg. "Works against the default install of Firefox 3.6. We've tested it on XP and Vista."
A Russian security researcher on Thursday said he has released attack code that exploits a critical vulnerability in the latest version of Mozilla's Firefox browser.
The exploit - which allows attackers to remotely execute malicious code on end user PCs - triggers a heap corruption vulnerability in the popular open-source browser, said Evgeny Legerov, founder of Moscow-based Intevydis. He recently added it as a module to Vulndisco, an add-on to the Immunity Canvas automated exploitation system sold to security professionals.
"We've played a lot with it in our labs - it was very reliable," Legerov wrote in an email to The Reg. "Works against the default install of Firefox 3.6. We've tested it on XP and Vista."
"CHANGE YOUR MODEM AND ROUTER LOGON ID AND PASSWORDS - NOW!!!" - Bry
IDG News Service - If you haven't changed the default password on your home router, you may be in for an unwanted visit from Chuck Norris -- the Chuck Norris botnet, that is.
Discovered by Czech researchers, the botnet has been spreading by taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University's Institute of Computer Science in Brno, Czech Republic.
The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: "in nome di Chuck Norris," which means "in the name of Chuck Norris." Norris is a U.S. actor best known for his martial arts films such as "The Way of the Dragon" and "Missing in Action."
Security experts say that various types of botnets have infected millions of computers worldwide to date, but Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs.
It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access. It also exploits a known vulnerability in D-Link Systems devices, Vykopal said in an e-mail interview.
A D-Link spokesman said he was not aware of the botnet, and the company did not immediately have any comment on the issue.
Like an earlier router-infecting botnet called Psyb0t, Chuck Norris can infect an MIPS-based device running the Linux operating system if its administration interface has a weak username and password, he said. This MIPS/Linux combination is widely used in routers and DSL modems, but the botnet also attacks satellite TV receivers.
RELATED PODCAST
Chuck Norris hacks his way into broadband routers
Vykopal doesn't know how big the Chuck Norris botnet is, but says he has evidence that the hacked machines "are spread around the world: from South America through Europe to Asia. The botnet aims at many networks of ISP [Internet service provider] and telco operators," he said.
Right now Chuck Norris-infected machines can be used to attack other systems on the Internet, in what are known as distributed denial of service attacks. The botnet can launch a password-guessing dictionary attack on another computer, and it can also change the DNS (Domain Name System) settings in the router. With this attack, victims on the router's network who think they are connecting to Facebook or Google end up redirected to a malicious Web page that then tries to install a virus on their computers.
Once installed in the router's memory, the bot blocks remote communication ports and begins to scan the network for other vulnerable machines. It is controlled via IRC.
IDG News Service - If you haven't changed the default password on your home router, you may be in for an unwanted visit from Chuck Norris -- the Chuck Norris botnet, that is.
Discovered by Czech researchers, the botnet has been spreading by taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University's Institute of Computer Science in Brno, Czech Republic.
The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: "in nome di Chuck Norris," which means "in the name of Chuck Norris." Norris is a U.S. actor best known for his martial arts films such as "The Way of the Dragon" and "Missing in Action."
Security experts say that various types of botnets have infected millions of computers worldwide to date, but Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs.
It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access. It also exploits a known vulnerability in D-Link Systems devices, Vykopal said in an e-mail interview.
A D-Link spokesman said he was not aware of the botnet, and the company did not immediately have any comment on the issue.
Like an earlier router-infecting botnet called Psyb0t, Chuck Norris can infect an MIPS-based device running the Linux operating system if its administration interface has a weak username and password, he said. This MIPS/Linux combination is widely used in routers and DSL modems, but the botnet also attacks satellite TV receivers.
RELATED PODCAST
Chuck Norris hacks his way into broadband routers
Vykopal doesn't know how big the Chuck Norris botnet is, but says he has evidence that the hacked machines "are spread around the world: from South America through Europe to Asia. The botnet aims at many networks of ISP [Internet service provider] and telco operators," he said.
Right now Chuck Norris-infected machines can be used to attack other systems on the Internet, in what are known as distributed denial of service attacks. The botnet can launch a password-guessing dictionary attack on another computer, and it can also change the DNS (Domain Name System) settings in the router. With this attack, victims on the router's network who think they are connecting to Facebook or Google end up redirected to a malicious Web page that then tries to install a virus on their computers.
Once installed in the router's memory, the bot blocks remote communication ports and begins to scan the network for other vulnerable machines. It is controlled via IRC.
