The recent flap over a Pennsylvania school district’s use of tracking software on schoolissued laptops, supposedly to locate those that were stolen, makes me wonder how much illegal snooping goes on everywhere, whether initially intended or not.

read the rest of the story here… http://www.pcmag.com/article2/0,2817,2364473,00.asp

In his recent white paper, entitled “Fraud Trends in 2010,” Rick Van Luvender, Director of First Data’s InfoSec Incident Response Center, has forever characterized this thriving underground economy as Fraud-as-a-Service, or FaaS.

Here, RRN.Com excerpts an overview of the threat from Van Luvender’s presentation, which may be downloaded in its entirety by clicking here.
“At the center of FaaS are the online fraud forums, where individuals, groups, and organizations active in the trade of fraudulent goods and services gather to collaborate, offer their skills, and buy and sell stolen goods,” Van Luvender writes. “A popular means of trading stolen information, web-based forums post advertisements that are visible to anyone visiting and often only require registration with a user name. In order to attract visitors, many forums even offer tutorials, how-to guides, or even specialized venues for goods from specific countries or regions.”

“In the FaaS model, the forums provide the opportunity for access to specialists who can help design methods for harvesting (or stealing) data such as malware, skimmers, and botnets,” Van Luvender continues. “Because no fraudulent act is finished until there is a cash-out on the stolen data, to help complete the transaction, ‘cashiers’ and ‘money mules’ are available for hire to act as intermediaries in converting information into true currency. These contractors will transfer funds from stolen accounts into legitimate currency for a commission on the amount transferred, or will help validate CVV2 numbers against their corresponding credit card number and expiration dates for nominal fees. Criminals can even request cashiers for specific locations, nationalities, or gender to match the identity of the victim in order to minimize suspicion when withdrawing funds.”

The alert, which was issued in error, caused computers running Windows XP Service Pack 3 to go into a continuous reboot cycle. Other users were met with blue screens, loss of network connectivity, and inability to use USB devices.

The company says it will reimburse “reasonable expenses” for service repairs. Users who have already incurred costs to repair their PC are also covered.

In the rare case a computer was rendered inoperable or severely impaired due to the faulty file release, McAfee (News – Alert) is offering the user a free, two-year extension of their existing McAfee subscription. The company said only a “small percentage” of its customers had permanent damage to their computers

Meanwhile the company urges users who are experiencing problems to contact its call center to see if technicians can resolve those issues remotely — before taking the computer to a repair center. If a technician is unable to solve the problem, McAfee said it will provide the necessary software, either via a download or express delivery.

As per a report on PC World, the problem began last Wednesday (April 21st) when a faulty signature update DAT file disrupted the svchost.exe file on “a subset of systems” using McAfee VirusScan Enterprise on Windows XP service pack 3. Users with VirusScan Enterprise 8.7 experienced more severe problems than those running version 8.5, McAfee said, “because of the different implementation of memory scanning within the products.”

McAfee said the problem occurred when a faulty DAT file got through the testing process. Apparently the DAT file recognized one of the Windows .exe files as a virus and continuously tried to remove it.

It appears McAfee will be offering reimbursement both to organizations whose IT departments had the resolve the issue on a computer-by-computer basis as well as individual users who brought their computers in for service. This could get expensive for McAfee: As one user wrote in the comments section of one article: “I’m a PC Tech at a major corporation. Not only is the direct costs very expensive, but the impact this has caused in the delay to address other IT issues is huge.”

Although the company has a special page posted to its website telling affected users what to do, and offering self-serve fixes, it has not yet posted any information posted concerning the process for getting reimbursed, saying that it will be posted “within a few days.”

Here is a link to their web site http://us.mcafee.com/en-us/landingpages/np5959.asp

Symantec published a report in October of 2009 reporting 40 million infected users worldwide. http://eval.symantec.com/mktginfo/enterprise/white_papers/b-symc_report_on_rogue_security_software_WP_20100385.en-us.pdf

As Scareware continues to proliferate via Facebook, with the deaths or misfortunes of celebrities, due to web site injections and drive-by downloads and the profitability of this scam, expect it to rise dramatically in 2010.

So what is a person and business to do?
I have discussed the details of these infections over the last 13 months more than I would like. Today I want to help you clean up your computer from an infection and give you a suggestion or two on preventing the fake anti-virus and fake infection warnings.

Let’s start with prevention.
The bulk of these infections come from “scripts” (which are part of the code that allows web sites to be seen on your browser) running on a web site or in a web based activity such as a game or download. The “warnings” are scareware and are usually only pop-ups disguised as real programs. When you click on the fake security program your computer is hijacked with ads and more crapware, this is more commonly being referred to as click jacking.

Internet Explorer 6 and 7 had various downloads that would allow an end user or computer administrator to block or allow more features, one of them being scripts. Unfortunately these were buggy for IE 6 and not easily understood or configured for IE 7. A Google search for IE8 script blockers or add-ons that blocks scripts delivers no useable results.

What is a person to do?
Unfortunately my best answer is “switch to Firefox, install ‘no-scripts’ (by Giorgio Maone) and Ad Blocker (by Dragos Ogean) you are partially there.

Install a real router; yes it is time to buy a SonicWall for your home, especially if you have more than one computer connecting to the internet. Businesses can be greatly helped with the blocking of sites and subjects that could get them sued as well as prevent employees from goofing off during work hours. Parents and home owners can benefit by blocking rouge scripts, web sites that they consider objectionable and allowing various security implementations based on wants and needs. You must also configure these to work properly. If you cannot or don’t have the time, call a professional and have it done right (IFix Computers at 417-337-7184 can do this for you).

Yes, these routers cost real money, no $39.99 routers here and they have annual fees to keep up the blocking. Yours truly, The Weekly Geek switched to one about a year ago for my home and I have not looked back since.

Oh, yeah, also, keep the latest Windows Critical updates installed, an up-to-date QUALITY anti-virus. Yes the anti-virus does cost money to, get ESET or from Kaspersky and configure them properly, again if you don’t have the time to configure them, contact IFix Computers at 417-337-7184, they can do most if not all the work remotely.

Repairing / Removing Scareware and Crapware from your computer

Ok, so my parents don’t understand why I drink. Well even though I don’t drink in public, sometimes I read the technology reports, blogs,  news et al and just say to myself “how do we beat or even win major battles in this war against ‘the bad guys’”. You see, I don’t get paid for these articles, I don’t sell anything. The links may have an affiliate code but to date, in the last 10 years I have not made enough to be sent “the check” from any company simply because I don’t push software. What does this have to do with the color of cheese? Well, the scareware and crapware people made $150 million from US “customers” last year and I made, well, I had the privilege of helping in the “war against crapware”. Anyway, I have been in the technology business one way or another since about 1982 or 1984 depending on your point of view (as Obi-Wan Kenobi told Luke about his father) and I have been fighting with malware (or writing malware / pointing out vulnerabilities) since 1991 and I am still broke!
Ok, enough with that tangent, on with the show!

To remove most of the current crapware / scareware, I contacted Mike Rosmis at IFix Computers for his remedy. Mike had been great at not only removing such “issues” but also making sure that they have not left junk in the registry or that pops up later.

First run Combo-Fix from http://www.combofix.org/download.php

Next if you have Windows XP, run Dial-a-fix, it can be downloaded from here http://www.softpedia.com/progDownload/Dial-a-fix-Download-27328.html

Next install, update and run Malware bytes. To be sure you get a good copy download it from here http://www.malwarebytes.org/

Then install, update and run Spybot Search and Destroy by running “Immunize” then under “Mode /Advanced” and selecting “Tools” from the left hand bar click on “Active X” and remove any non needed items, and repeating with “BHOs”, going to “Host File” and selecting “Add Spybot-S&D hosts list”, finally going back to “Spybot S&D on the left column and running “Check for problems”. http://www.safer-networking.org/en/download/index.html

Finally updating your anti-virus, running it in a thorough mode and rebooting.

That should take care of any nasty scareware you have.

Until we meet again, have a virus and scareware free week!

Open Adobe Acrobat, go to “Edit” on the menu bar (2nd from the left) select “Preferences” (at the bottom of the drop down menu).
A new menu will appear, on the left side select “JavaScript” and on the right side uncheck “Enable Acrobat JavaScript”.

Now that you are “safe” for now, here is a little information on the attack. The attach uses a malicious PDF file and the JavaScripts within Adobe to retrieve data off an infected machine. If you want more information on the attack go to ZDNet here.

My intention here is to work together and find a PDF reader alternative. I have a few I have played with over the years but would love the input from our readers. So post a comment below, what PDF reader do you actually use and why?

Until we meet again, have a virus free week!