In the last 3 weeks we have received more calls per day than we receive in a normal month from people who have pop-ups claiming they are infected or who actually clicked on the pop-up and became infected.

Hacker and @#^&*%$ heads are using news events to spread these fake alerts and infecting computers.

The wild fire stories, the Obama speech in schools, Ted (I can kill and get away with it) Kennedys death, all have sprouted a flurry of fake security warnings, infected e-mail (Phishing attacks), and fake web sites.

Without creating a 3 hour seminar, here are the basics…

1. Quit searching the internet for “fantastic” stories. Within hours of Michael Jackson’s death 212 new web sites that were infected with crap-ware popped up proposing to be Michael Jackson sites. There were also dozens of different emails with links to or pictures of his death, all which were fake.

2. Stop using My Space and Face Book! I know this is going to get me flamed and maybe even a note from one of these “businesses” but they are @$@#$ (I really do dislike using so many language referenced but this is ridiculous). Why are you telling strangers when and where you are going on vacation? To make it easier to rob you? Why are you telling the world about your 4 year old grandchild’s ability to ride his bike down the street? So the local pedophiles know where to pick him up for a little “play time”? Do you just like complaining about the cost of getting crap-ware and infections off your computer?

3. Just stop thinking the world owes you free anything. Free music, programs, data, cheese… in this age of ever expanding socialism in America, you must remember, nothing comes without a price. Limewire is a perfect example of what happens. Hackers get into or create all this “free” content management, take over your computer, infect your computer and more. That is how terrorist in Iran got plans to the presidential helicopter. Turn on the radio or go to your local radio stations web site, go to the local video store or Netflix to get a movie.

4. Stop forwarding junk emails. “Verified by Snopes” – what a crock. Almost daily I “reply all” to the sender of this type of stupidity and give actual links to Snopes and other  sources showing the hype and falsity of their fantasy. Just because you don’t like the current US President does not mean you can hope hatred or that he is not a US citizen will remove him from office. The Democratic Party may be the dumocrats to many but they certainly would not make that mistake, just quit forwarding the email.

If you received it in all capitals or with large colorful letters, underlines bolded et al please for the love of Jesus (I know the one who sent it to you told them Jesus asked them to forward it – He didn’t, I double-checked in person this morning) stop forwarding this junk.

5. Read what you are installing or updating and NEVER accept the defaults. People consistently ask me how they acquired 4, 5, 6 or more toolbars. Yes, you need the Adobe and JAVA updates but please pay attention, you should take the extra 30 seconds of your life and read each screen before selecting “Next”.

Now that I have offended most of you, what can you do if you have already been infected?

1. Update and run your PAID FOR, quality, properly configured anti-virus program (Kaspersky http://www.kaspersky.com and ESET http://www.eset.com).

2. Install, update, configure and run a real copy of Malware Bytes http://www.malwarebytes.org/ and Spybot Search and Destroy http://www.safer-networking.org

The above are excellent programs and many malicious people have created fake sites leading to crap-ware, USE the links I have provided.

There are numerous other good to excellent programs that can be used to clean up an infection, just be sure of the program and then the source where you are getting the program from.

There are several other security basics home users should have and many great hardware and software tools for Micro and Small businesses to use. Just search this site for the many articles on security your computers and network.

Until I cool off, have a virus free week!

Just nine short years ago, ok ten really, the media picked up on a “bug” in computer systems where the first two digit of the year were not used so, according to the “experts” the media contacted all computers will think it is 1900 and ATMs will crash, Wall Street will blip to all zeros and the CNN would start playing old Howdy Doody shows, non-stop. Ok, I made that last part up. In any way, the long of the short of it is that the Y2K “bug” was mainly just another panic and media scare.

Alas, we come to April 1^st 2009 and another “April Fools” worm/virus or attack was supposed to bring the World Wide Web to a standstill. Conficker, where are you? I know, hind-site is 20/20 and I should have written this in late March but my great excuse is that I was answering so many calls about the “imminent attack” that I did not have time to write. Yes, once again that is an exaggeration. I did not write about it because it was, in my opinion going to be another non-event, that was until March 30^th when a local television station ran with some sensationalism on this and then on the 31^st another station did to.

This time I was uncertain about how to respond, not to the threat, after all, Microsoft had created a patch 6 months prior that would have been installed with it critical updates and the top anti-virus companies had hardened their systems against this threat at the same time (I can only speak for those I researched such as ESET and Kaspersky).

My concern was how a local computer / technology company was going to respond to the questioning. Since I have been interviewed by the local media and am a little on the paranoid side as it is, I worried about the way thing would be presented. I do feel a little hype was injected by thankfully no hysteria message from the technology company to the effect “quick, bring in your PC for the $99.99 checkup…”

In the end, what happened? Well on my end so far (as of April 7^th) not a single customer has been infected and we have not received a single call that would lead us to believe a potential client was infected.

Does this mean no-one was infected? I doubt that, the worm was supposed to activate on the 1st so the threat is not over. Update your computer via Windows Critical updates, install and properly configure a current anti-virus and anti-malware program. If you are not sure how to do these steps, contact your local computer repair shop and then take a class from you local community college or from any of the great usergroups around almost every town.

So I ask again, where is Bigfoot, where is the Y2K bug and where is the Conficker?

This particular program and attempt to get on your computers has been around for a while, however the most recent incarnation that started a week or two ago seems to be evading several anti-viruses. I have found it on machines with current up-to-date versions of Norton, ESET, AVG (free) and Computer Associates. I have read of others with Trend Micro as well as Panda Anti-virus getting infected.

Usually this particular nasty only infects people who visit sites with infected video codecs (normally, but not always “adult” sites). This time around it seems to be using some vulnerability and hacking “good” web sites and or servers and injecting them with the infection. Once they are infected you (or in one case your child) goes to the site / server and wham bam no thank-you man, you are infected.

Once infected the program tries to prevent your current security from updating or running properly.

The first thing that needs to be done is to disable System Restore and reboot.
Next you need to kill AV2009.exe via Task Manager.
Now navigate to “Program Files” and under the folder “AV2009” delete AV2009.exe (I just deleted the whole folder the first time but then security programs did not find the program and thus a pop up still occurred)
At this point I have been able to manually run a thorough anti-virus scan which has caught and paused other AV2009 files.
The next thing, I downloaded, updated and ran Spybot Search and Destroy 1.6 from Safer-networking (be aware there is a crap-ware and malware program masquerading as this program). Spybot S&D seems to have finalized the destruction of AV2009 but just in case I also have run Combo Fix.
Finally I suggest that you remove all temporary internet files for all your browsers (many of you use Firefox or Opera but still have Internet Explorer to remember). That should finish removing this program. All that is left is to turn System Restore back on and reboot.

I hope this helps many of you out. Until we meet again, have a virus free week.

Back in July I started on how to secure you computer (Basic Security Tips) and I have been working on Intermediate and Advanced tips ever since then, today I wanted to release a quick checklist.

Securing Your Computers, Network and Servers

Things to do:

1. Turn on Windows Critical Updates – Schedule Auto Update.
2. Install and configure for automatic update (hourly) a current anti-virus program (less than 1 years old).
3. Install a Hardware firewall (router) and update it (quarterly).
4. Install a new Software firewall (XP’s, Zone Alarm, Kerio) and update it (weekly).
5. Configure you e-mail client (Outlook, Eudora, Pegasus) for security.

Configure your browser (Internet Explorer, Opera, Netscape) for security.

6. Install a Pop up blocker.
7. Install and configure a Spam filter.
8. Install update and run a current Anti-Trojan program.
9. Constantly run a Cookie watching program.
10. Install update and run a current anti-spyware tool or two.
11. Properly secure your wireless network or hire someone to do it for you.
12. Install HOST file.

Things NOT to do:

1. Don’t pirate software, music or anything – Software, Music and Video swap sites.
2. Don’t let your kids (grandkids) steal/pirate.
3. Don’t use any file sharing or peer-to-peer internet networks.
4. Do not open “strange” e-mails (My Naked Wife, Anna Kournikova, The IRS wants you, The FBI noticed you). They are infections looking to happen.
5. Never respond to a pop up ad, not even the warnings
6. Never respond to an unsolicited email (SPAM) not to remove or win $2 million.
7. Don’t browse adult or questionable sites – drive by downloads are commonplace in those types of sites.
8. Don’t install a “toolbar” unless you:
1. Know what a tool bar is.
2. Know exactly who made the toolbar.
3. Know what you are going to use the toolbar for.

If you want to be an extremist about security and flaw, buy an Apple computer or laptop and do not use any Microsoft products on it.

Another option is to use Linux as your operating system and once again not use any Microsoft products.

Instead of Microsoft Office use 602 Pro, Easy Office, Open Office or Corel WordPerfect Office.

Instead of using Outlook Express for your e-mail or Outlook for your personal information manager and e-mail, you can use one provided in the above suites, or integrated with Mozilla browser or Opera browser. You can even use Eudora or Pegasus e-mail client programs. Don’t forget about web based programs like Yahoo, Hotmail or the one provided by your internet service provider.

When connecting to the internet don’t use Internet Explorer, some good alternatives I have used are Opera and Firefox there are several others out there also.

Below are some definitions of security terms that you might want to know.

A virus is a program, script or macro that is designed to destroy, modify or damage computer hardware and or software. Viruses are self replicating and commonly spread by e-mail messages, shareware sites (Napster, and KaZzA are the two worst), Instant messengers (chat room software) and pirated software. To reproduce a virus will copy itself on disks put into an infected computer (hard drives, zip drives and floppies). They also go into your e-mail and address book and send themselves to the names listed. Like the influenza some viruses are so complex they morph themselves as needed to continue their spreading. Viruses can hide on a hard drive, in memory or even the BIOS. The newest viruses can be attached to an e-mail that is sent to you and you do not need to even open it, just the act of retrieving your e-mail can activate it. This is why an up to date anti-virus program is so important.

Anti-virus programs are designed to protect a computer or group of computers (a network) from viruses. They are usually reactionary thus they do not prevent viruses, they just catch them before (hopefully) they infect you or your network. Anti-virus programs should always run in the background and always be running on your system.

Trojans (also known as a Trojan horse) are false programs or a program hidden in a “good” program that when activated (by running the “good” program) will open up “doors” (ports) on your computer to allow others (hackers) the ability to access your computer and view, change or add data. Trojans are usually designed to make your computer a Zombie.

Anti-Trojan programs are just that, programs that search for and remove and or prevent trojans. Anti-virus companies are adding more anti-trojan capabilities to their programs however, a separate anti-trojan program is recommended.

A Zombie is a computer that has been taken over to do the dirty work of another program or user. The Blaster worm made zombies of Windows 2000 and XP machines and had them “attack” Microsoft’s update web site. This type of attack is referred to as a Denial of Service (DoS) attack and is intended to block, crash or destroy another computer or network. There are good reason’s you don’t want to become a Zombie.

Malware (malicious software) refers to programs scripts and macros that are designed to do harm. Worms, viruses and trojans are all forms of malware.

Spyware is referred to as software that tracks computer users’ activities with or without the users’ full (or even partial) knowledge of their being tracked. Normally used by advertising agencies to target advertise to the end user, hackers are starting to use this method to steal identities and create targeting worms and viruses. Spyware is installed on a user’s machine when installing free programs such as free music sharing programs (KaZzA), visiting web pages such as adult oriented web pages (drive by downloads that you do not necessarily “voluntarily” accept) and through other downloads and browser add-ons on the Internet. If you have any of them simply delete it per the instructions provided or run a spyware removing tool.

Crapware is a program that lies to you. Normally a crapware program will present itself as a security program that may or may not work but in reality it give you false alerts, tries to convince you to buy more security programs. Most crapware could also fall under Malware.

Bloatware programs may be good but the eat so much of the computers resources that they slow the entire system or parts of the system to a crawl. They are not intentionally malicious but do cause you a pain in the wallet by requiring more RAM, a faster CPU or removing them and buying another valid program. Symantec and McAfee security programs are two examples.

A Firewall can come in two forms, hardware and software. These days you can get hardware that has the software equivalent in it. Originally hardware firewalls kept hackers out. Software firewalls kept information in. To give you an idea, the Blaster worm spread (one way) by searching the internet for certain addresses (like the address on a house) and then checking for open ports (like a burglar checking the doors and windows to see if they are open). A hardware firewall looks for this “sniffing” about and blocks it. On the other hand, if you downloaded a program that had a trojan horse the hardware firewall might miss it because:

1. You initiated the download.
2. The Trojan horse program was not active yet.

A software firewall program would detect that something was trying to access the internet from your computer and block the program and ask you if you knew what was going on. For these reason’s I highly recommend both a hardware and software firewall.

Worm’s, like viruses are malicious programs that gain access to a computer or network through a variety of methods and cause intentional harm to them. Usually a worm will spread through know holes in software programs.

Bug’s in this sense are tracking objects and usually are found in cookies.

A cookie is a small file that is placed on your computer by a web site, or more recently by e-mails, that identifies the computer and user information in a way that can be used to track or identify a person by storing passwords and usernames. In most cases cookies are put to good use, however, some sites, advertisers and hackers use them to study a person and their habits or to retrieve personal information off of a computer system.

Today the threats listed above are not stand alone and are rarely only one of the threats. The vast majority are blended, a Trojan horse that not only has Spyware but also a worm that is set to disable your firewall.

Spyware is simply a program that will track your computer activity. It can include everything from your keystrokes (to find out your passwords) to what programs you use (the RIAA is attempting to use this to track and find pirated music) to where you go on the internet.

Spyware programs usually sneak onto your system by hiding in the details of a program that you purposefully want. Gator e-wallet and Comet cursor are two such programs. Gator offers to keep your internet logon information, passwords and automatically fill out forms (things that Windows and Internet Explorer can do by the way). Comet cursor gives you different options (themes) for your mouse as well as wallpaper (backgrounds). All of the Peer-to-peer file swapping programs install Spyware and Adware programs on your machine.

Anti-virus and anti-trojan programs are not designed to find and remove Spyware because these programs are purposefully downloaded and run by you, just as your photo editing or word processing programs are.

Here is where things get a little “grey”. People need money to pay bills yet these items are free. As part of the user license agreement you are allowing Spyware to be placed on your computer. This information is then sold to the people who provide you with those ever so friendly pop up and banner ads. Some programs install Spyware completely without your knowledge.

Privacy groups and myself have problems with Spyware. I do not want to be tracked. In addition, hackers have developed Spyware and use it for illegal means, stealing logon and password information, your credit card and social security numbers and much more. Another factor is computer usage by children, if Spyware is tracking your computers every move and your child is on the computer then in effect you have a child being stalked. Now this may seem a little overboard but the possibilities are real, not imagined or even a “maybe” issue, it is a in your face happening to you as we speak issue.

The question now is how do you tell if you have Spyware on your computer and how do you remove it? There are dozens of ways, the most obvious is to remove any programs that are know to have Spyware such as IncrediMail, Go!Zilla, Bonzi Buddy, GoHip! And the others listed previously. This is not a complete list so don’t be overconfident if you do not have these listed in your “Programs”. Uninstalling some of these types of programs will still leave the Spyware on your system. For a thorough cleaning use a program designed specifically for that task.

SpyBot Search and Destroy by PepiMK Software is an excellent free tool. Ad-Aware by Lavasoft is another program that will remove most known Spyware. AVG’s Anti-Spyware (formerly Ewido) is a great tool in fighting off these infections, even Zone Alarm (famous for their firewall programs) has jumped into the arena with their own anti-spyware. These are not the only programs available, just some of the ones I have used. Remember that when you use a removal tool to get rid of Spyware, the program that was attached to the Spyware may no longer work either.

Until we meet again, then as Red Green from the Red Green show says “Keep your stick on the ice.”