tag:blogger.com,1999:blog-64803692379214464702024-02-07T10:17:53.597-08:00Click Computers, Utah's Onsite Computer Repair SpecialistsClick Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.comBlogger30125tag:blogger.com,1999:blog-6480369237921446470.post-35663877462399807072011-11-10T09:39:00.001-08:002011-11-10T09:39:43.890-08:003 Million Computers HijackedAn Eastern European pack of cyber thieves known as the Rove group hijacked at least four million computers in over 100 countries, including at least half a million computers in the U.S., to make off with $14 million in "illegitimate income" before they were caught, federal officials announced today.
The malware allegedly used in the "massive and sophisticated scheme" also managed to infect computers in U.S. government agencies including NASA and targeted the websites for major institutions like iTunes, Netflix and the IRS -- forcing users attempting to get to those sites to different websites entirely, according to a federal indictment unsealed in New York today.
The accused hackers, six Estonian nationals and a Russian national, rerouted the internet traffic illegally on the infected computers for the last four years in order to reap profits from internet advertisement deals, the indictment said. The FBI busted up the alleged international cyber ring after a two-year investigation called Operation Ghost Click.
"The global reach of these cyber thieves demonstrates that the criminal world is... flat," said Janice Fedarcyk, the FBI Assistant Director in charge of the New York field office. "The Internet is pervasive because it is such a useful tool, but it is a tool that can be exploited by those with bad intentions and a little know-how."
Though they operated out of their home countries, the alleged hackers used entities in the U.S. and all over the world -- including Estonia-based software company Rove Digital from which the group apparently gets its name -- to carry out the plot.
According to the indictment, the suspects entered into deals with various internet advertisers in which they would be paid for generating traffic to certain websites or advertisements. But instead of earning the money legitimately, the FBI said the defendants used malware to force infected computers to unwillingly visit the target sites or advertisements -- pumping up click results and, therefore, ill-gotten profits to the tune of $14 million.
The malware was also designed to prevent users from installing anti-virus software that may have been able to free the infected computers.
The six Estonian nationals have been arrested on cyber crime charges while the Russian national remains at large.
"Today, with the flip of a switch, the FBI and our partners dismantled the Rove criminal enterprise," Fedarcyk said. "Thanks to the collective effort across the U.S. and in Estonia, six leaders of the criminal enterprise have been arrested and numerous servers operated by the criminal organization have been disabled."
How the Fraud Worked, According to the FBI
The indictment describes several examples of alleged cyber fraud including two principle strategies: traffic redirection and ad replacement.
In the first case, if a user searched for the websites of major institutions like iTunes, Netflix or the IRS, the search results would return normally. However, if the user tried to click on the link to the websites, the malware on the computer would force a redirect to a different website where the criminals would profit in their advertisement deal.
In the second, when an infected computer visited a major website -- like Amazon.com -- the malware would be able to simply replace regular advertisements on that page with advertisements of their own making.
<a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com1tag:blogger.com,1999:blog-6480369237921446470.post-69112720051057275932011-05-16T22:02:00.000-07:002011-05-16T22:21:10.075-07:00Mac® OS X Threats in Review: from Rogue AV to Dedicated Malware KitsOS X security myths dismantled by the recent developments in the malware landscape.<br /><br />The past couple of weeks have mostly been about Mac threats. Once touted as being the crème de la crème of system security, the Mac OS X systems are now faced with an assortment of e-threats ranging from intelligently-crafted rogue antivirus utilities to highly advanced malware development tools. On top of that, the large number of 0-day exploits and flaws in both Apple software and third-party apps make it harder for the regular Mac OS X user.<br /> <br />MacDefender: classical Rogue AV with a twist<br /> <br />Rogue antiviruses may not be breaking news for the OS X user, since they have been around for a while, but the new contender called MacDefender takes the business to a whole new level. This classic example of truly efficient search engine poisoning paired with the “Open ‘Safe’ files after downloading” option in Safari made it easier for the crooks behind the MacDefender business to automate the extraction process of the malware from its archive and launch it without the user’s interaction.In order to get installed, the application still asks for the administrator’s password, but most inexperienced users will actually fall for this.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB3W3KZo83v_72SBYT2q8dy-80gUj4lFQOHxB2DA2FNr6TsprIlTnFYJpHAzg79oVdm89RVNw9IUDxX7gWs8-d2Y16mfNcd_g9cZFHUP5lsbDa4BYGBdWVUjdRTCt80WjUwe-E_72Dz5aI/s1600/1.png"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 200px; height: 112px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB3W3KZo83v_72SBYT2q8dy-80gUj4lFQOHxB2DA2FNr6TsprIlTnFYJpHAzg79oVdm89RVNw9IUDxX7gWs8-d2Y16mfNcd_g9cZFHUP5lsbDa4BYGBdWVUjdRTCt80WjUwe-E_72Dz5aI/s200/1.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5607547368523553106" /></a><br /><br />The MacDefender Rogue AV is hard at work<br /> <br />The installation process goes like this: the Mac user performs an image search query (such as lookups for pictures related to Osama Bin Laden’s death). When clicking on a poisoned link, a fake scanner pops-up on the screen, initializing a bogus scan that ends up triumphantly announcing the user that his system is swarming with malware. This is common practice in case of a rogue AV. At this point, the victim is hooked and ready to open his wallet in order to pay for a solution to this problem.<br /> <br />The fake scanner offers the answer: a not-yet-registered antimalware solution appears on the screen. The user only needs to download a .zip file with a filename like "BestMacAntivirus2011.mpkg.zip". It will start disinfection the moment the user pays a “small” fee that the victim perceives, under the circumstances, as a blessing. Apart from the sum of money, the cyber-crook has at this point the user’s credit card credentials as well.<br /> <br />This piece of malware has been originally discovered on May 2nd and ever since, new morphed variants are emerging under different names, such as MAC Defender, Mac Security and Mac Protector. <br /> <br />Heavy Duty malware kits<br /> <br />Next in line is a DIY crimeware kit we have got word of since last month. Known by now under the name of Weyland-Yutani, this malware creation tool is meant to grow a nice new botnet with the help of cybercriminal wannabes. The builder has been sold on the underground forums for a while now and lets less tech-savvy cyber-thugs create their own malware by simply filling in some info in its builder. The Weyland-Yutani kit is equipped with a builder, an admin panel and it can also support encryption. The resulting bots support web injects and form grabbing in Firefox and – judging by the claims of its author - both Chrome and Safari will soon follow. The web-injects templates are identical to the ones used in Zeus and SpyEye. It is true that there have been other attempts at creating Do-It-Yourself malware kits for Mac OS X users, such as the HellRaiser bundle, but the Weyland-Yutani bundle is much more sophisticated.<br /> <br />The good news is that its author does not sell the kit anymore to individuals, which means that there are only a few builders bought by now. The bad news is that we’ve seen this move back in the heyday of Zeus, when the original DIY kit was pulled off just to be improved and get sold as SpyEye.<br /> <br />Software flaws leading to remote code execution<br /> <br />Last month’s update pack coming from the Cupertino-based vendor has an impressive log. According to the Apple Security Bulletin for April, the company has delivered no less that 9 fixes for various types of attacks ranging from buffer overflows to memory corruption in multiple applications and libraries. All of these flaws allow arbitrary code execution when a malicious movie file or image is opened. To be more specific, when you open a movie or image from the web, someone may actually execute code (plant malware) on your OS X computer without your intervention. No administrator password required.<br /> <br />Other fixes address buffer overflow and memory corruption issues in font-handling components that also allow a remote attacker to install malware on the computer without the user’s interaction. Things go as simply as visiting a website containing a specially crafted embedded font. Privilege escalation is also present in the bulletin: “A privilege checking issue in the i386_set_ldt system can result in a local user being allowed to execute arbitrary code with system privileges,” quotes the document. This means that, in special circumstances, non-administrators are able to execute and install software, which makes social engineering a lot easier.<br /> <br />I’m not going discuss the other vulnerabilities in third-party software that can get your Mac-running machine owned, but it’s worth mentioning that Skype issued an advisory documenting a flaw that allows an attacker to take control of the system by simply sending a specially crafted message. That’s easy, eh?<br /> <br />Bottom line<br /> <br />Now that Mac OS X has gained well above 10 percent of market share, cyber-crooks seem to have taken the users into their crosshair. If you think that you still don’t need a security solution just because you’re running a Mac OS X, then you’d probably be shocked to learn that during the latest Pwn2Own conference a fully-patched Mac OS X 10.6.6 computer running Safari 5.0.3 was owned in less than 5 seconds, leaving it open to further attacks.<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com1tag:blogger.com,1999:blog-6480369237921446470.post-64251382449535493292011-05-08T07:57:00.000-07:002011-05-08T08:02:14.408-07:00Malware instead of Carnations for Mother’sSpam, phishing, malware are all thrown at you while you are busy looking for a nice gift for your wife, mother or sister on Mother’s Day <br />The International Mother’s Day has been celebrated, since 1910, with white and red carnations, appreciation letters replaced today by greeting cards, nice dinner in smart restaurants or jewelries especially created for such occasion. Unfortunately, this kind of events is not missed by cyber crooks who find this frenzy particularly convenient for their on-line scams. And with a bit of social engineering things can turn very ugly, should the enthusiastic buyer not exercise enough caution around this otherwise beautiful holiday.<br /><br /> First of all, many well-known online retailers are phished in order to mislead buyers into thinking that they are purchasing mother’s daygifts from their favorite virtual shop. The credit card credentials can this way fall into the hands of cyber-crooks and your savings can vanish in a heartbeat. If you are about to make such a purchase, it is highly recommended that you type in the whole address of the site you would like to visit and furthermore avoid clicking on links that land on your social networking wall or that reach your spam folder.<br /><br />Second, with holidays around the corner, fake shops arise each day on the Internet. These online locations advertise fictitious products and take your not-so-fictitious money without ever delivering your order. If you can’t tell an online shop from a trustworthy source, maybe you either should do some research on the particular site before using its services or choose shops you’ve already tried with other occasions.<br /><br />Third, spammers will also take a shot and try to trick people into accessing either certain sites advertising knock-off jewelry, accessories and pills or clicking links that will make the online shoppers land on various malicious sites where they can get a keylogger, a backdoor or a good old exploit from. And then all the critical data typed in may get into the wrong hands.<br /><br />Lately, spam bundles with malware seems to have a strong comeback: with a bit of social engineering, people are convinced to download and open attachments that at a fist glance appear to be plain Microsoft® Word® documents but are in fact executable files rigged with malware.<br /><br />For instance, these past days, a spam mail has circulated in which the message reads that you’ve just received your “order confirmation” from a purchase you made from a well-known online jewelry store that advertises amongst others custom made mother’s day rings. And if you happen to have searched for this kind of gifts, then you might fall for the trick and pay a considerable sum of money for the ring that will never be sent. Plus, all your credit card credentials will get into the malicious ill-intentioned hands.<br /><br />Spam message and its attached malware<br /><br />Malware-bundled greeting cards once again make it into the top five online threats around Mother’s Day. Spyeye, once known as Zbot or the notorious Koobface use every means and media to spread in search for your money. You may think that you have in your inbox a nice e-card, but in fact these bots use this beautiful disguise to send you attached malware. <br /><br />If you’re shopping for mother’s day gifts using a smartphone, make sure that you see the whole address of your webshop of choice. Since cyber-crooks know that the small display of the smartphones might hinder the user from seeing the entire URL of the requested webpage, they usually set up spoofed webpages resembling webshops or other commercial services and wait for you to enter your credit card details. You are therefore advised to type in the entire URL manually and check if the website’s SSL certificate is in place.<br /><br />In order to protect the integrity of your computer and data, make sure that you follow these safety guidelines:<br /><br />•Install and update a security solution that contains at least antimalware, antispam and antiphishing modules.<br />•Do not open attachments that come from unknown senders; if you really need to do so, make sure that you download the attachment and scan it with your locally installed antivirus solution.<br />•Never use public computers to perform e-banking transactions or other online purchases. These computers may be laden with keyloggers or banker Trojans.<br />•Avoid shopping online when using public WiFi hotspots such as those in airports, coffee shops or malls. Usually, data exchanged between you and the online shop of choice flows through an unencrypted channel and can easily be intercepted by an attacker.<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com1tag:blogger.com,1999:blog-6480369237921446470.post-44012407147488671772011-02-10T07:27:00.000-08:002011-02-10T07:32:15.406-08:00Scanned Documents Spreading ZBotMISCELLANEOUS Scanned Documents Spreading ZBot <br />Four PDF vulnerabilities exploited all in the “good” name of yet another Zbot spam campaign <br /> <br />You know printers. I know you do and you use them regularly if not daily. They sit in a corner of your office and spit pages whenever you make them. Some of these printers can also send scanned documents via e-mail, and I’ll bet that not all of you know something about this feature let alone use it. Well, cyber criminals do know about this and they even found a way to use it for their ill-intended actions.<br /><br />And here’s how: the malware writers took the e-mail template proprietary to office printers and scanners and used it to distribute…well…spam. More to the point, they “distribute” e-mails disguised as scanned documents sent by a Xerox® WorkCentre Pro scanner and containing a “malicious” attachment in the form of a harmless PDF file.<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRh74X0r8C7dY8QGlR-M6SKeZODEkXkZrzHpj_vnYVfTEM7AWpiKKmA1osx1qVSr1BVKJzSaq01QhyphenhyphenW2Ufq3OVHwd5GGX1rmCXOXAjT52IP-_KCp01qkgWax0CXGARSNBKHSZr2BPuCfG7/s1600/sshot-22-loredana.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 200px; height: 97px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRh74X0r8C7dY8QGlR-M6SKeZODEkXkZrzHpj_vnYVfTEM7AWpiKKmA1osx1qVSr1BVKJzSaq01QhyphenhyphenW2Ufq3OVHwd5GGX1rmCXOXAjT52IP-_KCp01qkgWax0CXGARSNBKHSZr2BPuCfG7/s200/sshot-22-loredana.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5572083362629018338" /></a><br /><br />And the attachment is a wolf in a sheep’s fur. The claimed Xerox WorkCentre Pro scanned document is in fact a malformed PDF file that exploits a bunch (more precisely 4) of Adobe® Acrobat Reader® vulnerabilities such as Collab.collectEmailInfo (CVE-2007-5659), Utilprintf (CVE-2008-2992), Collab.getIcon (CVE-2009-0927), mediaNewplayer (CVE-2009-4324) which are by now old – mostly related to remote code execution.<br /><br />This malformed PDF file is on a new mission these days: to spread the Zbot.<br /><br />Short reminder of ZBot operation style: Also known as Zeus, ZeusBot or WSNPoem, is a Trojan designed to steal sensitive information. It messes with certain processes and adds exceptions to the Microsoft® Windows® Firewall so as it is provided with both backdoor and server capabilities. On the one hand, ZBot ships out critical data gathered from the compromised computer, and on the other hand it waits at the gates of some “ports” further commands from remote attackers.<br /><br />The latest variants are also able to steal bank-related information, login data, history of the visited Web sites and other details the user inputs, while also capturing screenshots of the compromised machine's desktop<br /><br />Always keep your anti-virus product up to date to help protect you against this type of malicious spyware.<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com1tag:blogger.com,1999:blog-6480369237921446470.post-66350844081839683282011-01-26T18:13:00.000-08:002011-01-26T18:15:35.848-08:00Top 5 Malware for Mac OS XTop 5 Malware for Mac OS X Users Should Know About:<br /> <br />Why you need a Mac OS X Antivirus: an overview of the most aggressive pieces of malware targeting Mac OS X users <br />For quite a while now, Mac OS X systems have been touted to be safer and “smarter” than regular PCs using Windows operating systems. And so they were, since Mac OS X users represented a small fraction of the entire Internet user-base. However, as the number of users embracing Mac OS X increased, so did the interest of malware authors to have a bite from the shiny apple.<br /><br />At the moment, there are around 300 e-threats especially designed for the Mac OS X platform. Some of them are simple adware-based applications ready to cash on the unwary, but others are highly dangerous tools that can easily hijack e-banking sessions or that expose the entire computer to the attacker. Below we’d like to present you a couple of the most dangerous e-threats that you should know about if you’re using a Mac-based computer.<br /><br />Trojan.OSX.Jahlav.A & Trojan.OSX.Jahlav.A – The Fake Codec<br />The OSX.Jahlav family has been discovered in November 2008, when it started to be distributed as a fake codec. In order to lure users into downloading and installed the malicious DMG (Disk Image) file, the gang behind this scheme created a page claiming to feature an “unplayable” video. If the user installs this alleged codec, the malicious payload starts downloading additional Trojans from a remote web server.<br /><br />Trojan.OSX.RSPlug.A – Porn may get you phished even on a Mac<br />This is one of the most dangerous families of malware running on Mac OS X. The RSPlug Trojan also plays the missing codec card in order to persuade the user into downloading and installing the infected DMG. It is present particularly on websites with pornographic content. Once installed, the Trojan tampers with the DNS server entries in order to redirect traffic from legit addresses to copycat, spoofed domains set up by phishers to collect critical information about e-banking accounts, email and the like. <br /><br />This kind of attack is extremely difficult to tell, since the user will be redirected to the fake version of the website even when they manually type in the correct URL on when they access a bookmark that has worked in the past. The only hint would be the absence of the SSL certificate, but, since users hardly look for their presence, they probably won’t spot the trick.<br /><br />Other uses of the RSPlug Trojan are related to redirecting users’ requests towards pornography websites or to websites asking to install adware / malware or take surveys.<br /><br />Trojan.OSX.HellRTS.A – The Remote Access Tool<br />Trojan.OSX.HellRTS.A is more than a simple e-threat. It is a complex malware development kit that allows an attacker to create their own piece of malware for Mac OS X in no time. The pack contains a client-server application, where the server is the backdoor service running on the infected machine and the client application is used by the attacker to issue commands. Apart from the client and the server, the pack contains a Configurator - a config application that “fine tunes” essential aspects of the Trojan such as the listening port or connection password, as well as a SMTP grabber – used for routing ANY messages the victim receives to the attacker.<br /><br />If the system has been successfully infected, a remote attacker may perform a wide range of operations on the infected computer, ranging from annoying pranks (such as launching chat instances, playing voices or instruments, launching applications and web pages, or shutting the system down / logging the user out etc.) to extremely harmful operations (including the execution of binary code, fetching all the data available on the HDD or routing all the incoming mails to an attacker’s address). The attacker can also watch the user work without their knowledge via the Desktop View module.<br /><br />Trojan.OSX.OpinionSpy.A – Mac Screensavers reporting to the base<br />The OpinionSpy family of spyware is usually installed by a number of freely-distributed applications such as screen-savers and audio / video converters. The installer utility of these applications will fetch the spyware package, install it and run is with root privileges. Trojan.OSX.OpinionSpy.A poses as a marketing research tool, but it does more than collecting users’ browsing habits and preferences: it also opens backdoors and shuffles through a great number of documents found on both local and remote drives. The Trojan poses a great danger to the user’s privacy and to the security of the stored data.<br /><br />Trojan.OSX.Boonana.A – The Social Network Worm<br />Trojan.OSX.Boonana.A is a multi-platform e-threat that can run on Windows, Mac OS X and Linux altogether. This Java-based piece of malware downloads a couple of malicious files in the user’s home folder in an invisible folder called “.jnana”, then installs a local IRC- and web server, among others. The Boonana piece of malware will also attempt to change the DNS server settings in order to hijack requests to legit websites towards spoofed websites as part of an extremely efficient phishing scheme.<br /><br />In order to enjoy a safe surfing experience, we advise you to install a security solution for Mac OS X.<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com8tag:blogger.com,1999:blog-6480369237921446470.post-9022593334442573532011-01-07T07:19:00.000-08:002011-01-07T07:51:04.613-08:00Fake Anti-Viruses Always Ring Twice<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-4fjPbF0rmC3MmBKF9V3fNK9nrhbtmjLGbQu1vV_PkkLWzXG2-9yYXQa5oujzsFKxBAu0bpj3TCdh3eH_dmvdrjhh0nmLfQskG0VLHTio0JzjRktCOsPMGLmfIckw2ATq5FcPiVcX3V7Z/s1600/1.png"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 200px; height: 195px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-4fjPbF0rmC3MmBKF9V3fNK9nrhbtmjLGbQu1vV_PkkLWzXG2-9yYXQa5oujzsFKxBAu0bpj3TCdh3eH_dmvdrjhh0nmLfQskG0VLHTio0JzjRktCOsPMGLmfIckw2ATq5FcPiVcX3V7Z/s200/1.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5559464647750456210" /></a><br />As more and more users have become accustomed to the usual look of rogue or fake anti-viruses, cybercriminals thought that it would be a good idea to tweak the style of their progenies a bit. One of the latest new entries purports to pertain to none other than the Microsoft® defensive suite.<br /><br /><br />Primary fake alert<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJOPJl2s-2J94TgBLeCIzTj3F1LwhEVkTu2RHeIrKGUdj9pSYMI21ZRblA1d10QobJkGF5LujpsF7XUDyKY4QF1AuzFFy6gpJn9Rp9GnIORE0uf1_0Y-M3-7_cMi0rK-rGb8m5A2n0CE8Q/s1600/2.png"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 200px; height: 104px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJOPJl2s-2J94TgBLeCIzTj3F1LwhEVkTu2RHeIrKGUdj9pSYMI21ZRblA1d10QobJkGF5LujpsF7XUDyKY4QF1AuzFFy6gpJn9Rp9GnIORE0uf1_0Y-M3-7_cMi0rK-rGb8m5A2n0CE8Q/s200/2.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5559465130607083074" /></a><br /><br /><br />Trojan.FakeAV.LHS attempts to dupe the user into installing it as a legitimate application. Once onto the unprotected machine, it creates and launches its clone from the current user’s Application Data folder and deletes the initial file that infected the computer. Moreover, it scrounges the registry settings under HKCU\Software\Microsoft\Windows NT\Winlogon\Shell, in order to be launched before the explorer.exe process.<br /><br />Additionally, FakeAV.LHS mimics a system scan and issues multiple annoying warnings about a gazillion of imaginary infections and other e-threats, while also requiring the gullible user to install a so-called “Windows Optimization Center" for maintenance and disinfection purposes, as depicted in the following screenshot.<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgajx_3X8g6DmNAuajmXpJ2UXI4fEgOaT6dzz6jXyKKdaos3JcipondHuMrXJxMI6evXV9rxiTZom-jIkF29tBCD-hkkaKHousKp6PDm-chSUtw431xyFJmm7BGxIh5hStqU6Z1pk9UI7aJ/s1600/3.png"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 200px; height: 140px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgajx_3X8g6DmNAuajmXpJ2UXI4fEgOaT6dzz6jXyKKdaos3JcipondHuMrXJxMI6evXV9rxiTZom-jIkF29tBCD-hkkaKHousKp6PDm-chSUtw431xyFJmm7BGxIh5hStqU6Z1pk9UI7aJ/s200/3.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5559465766057604434" /></a><br /><br /><br />Secondary fake alert<br /><br /><br /><br />FakeAV.LHS unleashing the annoying “optimization center”<br /><br />After the installation of the malicious center, the rogue continuously bugs the user to purchase a so-called license that will complete the disinfection process. To be even more credible, the Trojan kills any process/application that the user launches/opens, reminding him or her to buy that useless license.<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTDJhINUUa-ZrfuQoMjLJCp2pZv5VTXFmBUzVkdeyKAnYOy8njy6y5OTgDQ8_ka5Kep0_aaNQiBAWkApxptC-IqK4GL0-DnDGvNWaZUoRrIbDE5-FL-vm9l2G4Go56LkrzQDIlYD2Rvm1L/s1600/4.png"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 200px; height: 148px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTDJhINUUa-ZrfuQoMjLJCp2pZv5VTXFmBUzVkdeyKAnYOy8njy6y5OTgDQ8_ka5Kep0_aaNQiBAWkApxptC-IqK4GL0-DnDGvNWaZUoRrIbDE5-FL-vm9l2G4Go56LkrzQDIlYD2Rvm1L/s200/4.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5559466077391922066" /></a><br /><br /><br />Inciting warning to throw money out the bogus anti-virus’ window<br /><br />To make sure that you are not the victim of this kind of e-threats and that you are actually protecting your system and data, install a reliable (please do read “real”) and certified anti-malware suite.<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-90999928380410580352010-10-29T16:04:00.000-07:002010-10-29T16:07:02.444-07:00Linkshare2If your contacts are receiveing a message from you that you did not send with the web address of linkshare2.com your email account has been compromised. Your system may have a virus, or it may be as simple as changing your email password. Click Computers recommends changing your password to your email account.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com1tag:blogger.com,1999:blog-6480369237921446470.post-4830786837386297722010-07-06T07:04:00.000-07:002010-07-06T07:05:21.845-07:00Trojan.Spy.Banker.ABGSWhile in operation, the virus searches for the presence of a running Internet Explorer instance which uses DDE (Dynamic Data Exchange). If such instance is found, the spy-banker checks for banking URLs it has been instructed to monitor and displays a fake web browser window that looks identical to the bank’s login system. Of course, if the user logs in, his/her credentials will actually land in the attacker’s inbox.<br /><br />It is no secret that banker-Trojans spring mostly from Brazil and Trojan.Spy.Banker.ABGS is no exception to the rule.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-37144284162559312562010-06-10T07:04:00.000-07:002010-06-10T07:05:36.823-07:00Tab napping' - a new online scamWatch out for this new online phishing scam which uses 'tab napping' to attack your computer - and your finances...<br /><br />As internet users we’re all vulnerable to online scams. Unluckily for us, as soon as we become pretty good as spotting one type of attack, another more sophisticated version comes along in its place. In fact, technology company Mozilla - which developed the Firefox web browser - has recently warned against a possible threat from a new scam known as ‘tap napping’ which takes phishing one step further. <br /><br />What is tab napping?<br /><br />Tab napping is essentially a new kind of phishing scam. Until now phishing has involved sending hoax emails in an attempt to steal your usernames, passwords and bank details. Often the sender will claim to be from your bank and will ask you to verify your bank details by clicking on a link contained in the email.<br /><br />The link actually directs you to a fake website which looks just like your bank's own website. Once you have typed in your login details they can be accessed by the criminals who set the fake site up.<br /><br />But we’re beginning to wise up to phishing attacks like this, and many of us know we should be very wary of clicking URLs even if they appear to be in a legitimate email.<br /><br />With awareness of phishing on the up, making it more difficult for scammers to succeed, tab napping could be the scam to watch out for next.<br /><br />How does tab napping work?<br /><br />Tab napping is more sophisticated than the phishing scams we’ve seen so far, and it no longer relies on persuading you to click on a dodgy link. Instead it targets internet users who open lots of tabs on their browser at the same time (for example, by pressing CTRL + T).<br /><br />How does it work? By replacing an inactive browser tab with a fake page set up specifically to obtain your personal data - without you even realising it has happened.<br /><br />Believe it or not, fraudsters can actually detect when a tab has been left inactive for a while, and spy on your browser history to find out which websites you regularly visit, and therefore which pages to fake.<br /><br />So don't assume that after you have opened a new tab and visited a web page, that web page will stay the same even if you don’t return to it for a time while you use other windows and tabs. Malicious code can replace the web page you opened with a fake version which looks virtually identical to the legitimate page you originally visited.<br /><br />How might tab napping work in practice?<br /><br />Imagine you open the login page for your online bank account, but then you open a new tab to visit another website for a few minutes, leaving the first tab unattended. When you return to your bank’s site the login page looks exactly how you left it. What you haven’t realised is that a fake page has taken its place, so when you type in your username and password, you have inadvertently given the fraudster easy access to your account.<br /><br />Even if you have already logged into your bank account before opening another tab, when you return you might find you’re being asked to login again. This may not necessarily rouse any suspicion since you might simply assume your bank has logged you out because you left your account inactive for too long. You probably won’t even think twice before logging in for a second time. But this time round you have accidently inputted your security details into a fraudster’s fake page which have been sent back to their server.<br /><br />Once you have done so, you can then be easily redirected to your bank’s genuine website since you never actually logged out in the first place, giving you the impression that all is well.<br /><br />How can you protect yourself against tab napping?<br /><br />This is pretty scary stuff but thankfully tab napping should be relatively easy to avoid. Here are five simple ways you can prevent yourself from falling victim:<br /><br />•Make sure you always check the URL in the browser address page is correct before you enter any login details. A fake tabbed page will have a different URL to the website you think you’re using.<br />•Always check the URL has a secure https:// address even if you don’t have tabs open on the browser.<br />•If the URL looks suspicious in any way, close the tab and reopen it by entering the correct URL again.<br />•Avoid leaving tabs open which require you to type in secure login details. Don't open any tabs while doing online banking - open new windows instead (CTL + N).<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-89034994836415952532010-06-03T07:25:00.000-07:002010-06-03T07:29:15.195-07:00iPad Phishing Scheme Advertised on Facebook<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjveaeKxLUYAVjT5igE7dJJXMxVsN5Uj7hAFqsV_vjTbDZWPE2C-zGVh9lOhKvWiip0G4YJhtdZUDyIOaZXTIKP9Yk3_9YWhWeSCV1ntzacd8Fh3My4pcj0jEUgsAFUHF6xb4_PwclmvKCI/s1600/sshot-47.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 200px; height: 110px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjveaeKxLUYAVjT5igE7dJJXMxVsN5Uj7hAFqsV_vjTbDZWPE2C-zGVh9lOhKvWiip0G4YJhtdZUDyIOaZXTIKP9Yk3_9YWhWeSCV1ntzacd8Fh3My4pcj0jEUgsAFUHF6xb4_PwclmvKCI/s200/sshot-47.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5478554055549904210" /></a><br />Social networking is so good even for illegitimate marketing campaigns<br /><br />How would you like to get one of the much-anticipated iPad gizmos in exchange of simply filling up a mere survey? Well, the offer sounds pretty good – in fact, it sounds too good to be true and that’s what it is.<br /><br />The scheme is massively advertised on a Facebook Events page where about 2500 people signed up for the event and – probably – fell victim to the phishing attack. The idea behind it is extremely simple: you sign up for “reviewing” an iPad device, get the product and a questionnaire you need to fill in and return to the company. Needless to say that you get to keep the reviewed item without any commitment on your side<br /><br />Concealed by a short URL, the target phishing page initially asks for some pretty reasonable info such as the first name and the email address, and culminates with requiring a full set of details, including the full name, home address and phone numbers, as shown below. In order to make the whole deal look legit, the attackers have thrown in logos belonging to high-profile media outlets, although the mentioned institutions have no clue about this initiative.<br /><br />After all the data has been collected, the attacker asks the user to undergo a last security check and provide their Facebook username and password. Please note that our experiment is carried in a contained environment and we do not encourage you to type in your account credentials on any website except for the genuine one.<br /><br />To add insult to injury and to maximize the damage, the unwary user whose account has just been phished would be required to download and install an adware application (a browser toolbar) that hijacks the browser’s start page and swaps the default search engine, among others.<br /><br />Needless to mention that, after filling in the personal details, getting phished and installing the toolbar you’ll never get the iPad, nor will you hear from the attackers again.<br /><br />The scheme is based on a common practice amongst product creators, namely sending sample units for reviewing. However, it’s not everybody who can receive a testing unit, as the offer is mostly pointed at opinion influencers, high-profile bloggers and – most of all – specialized review websites. Even that way, journalism ethics urge that the reviewer returns the tested unit to the provider after the process has completed. Now, repeat after me: if something looks too good to be true, then it probably is and you’ll end up hurting yourself.<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-79689721173022214852010-06-02T06:43:00.000-07:002010-06-02T06:44:31.764-07:00The Unwary Facebook® User Might Accidentally “Like” Clickjacking WormA documented feature in Facebook became a security breach these days: a transparent iFrame placed exactly on the “like” button redirects users to various Web pages hosted on the blogspot.com free blogging platform. This attack uses a technique widely known under the name clickjack. <br /><br /> <br /><br />Clickjacking is an old method that (as its name stands for) hijacks user’s mouse clicks on a page in order to force ill-intentioned web activities. A hidden or transparent iframe is placed on top of a legitimate button which is most likely known by users. Once they click what they know to be there - usually a message box - they are immediately redirected to a different page and asked to fill in forms, confirm their credentials, answer some questions or further click other links. Of course, this page looks legit and trustworthy so that the unwary Internet user has no idea what happened.<br /><br />Social networking platforms are mostly targeted by this kind of attacks. The explanation is simple: a lot of people use them for socialization reason; hence their popularity. Moreover, the extensive database of such a community lures a significant number of cybercriminals inciting their ill-intentioned creativity. <br /><br />The most recent Facebook clickjacker blends the documented feature of registering an anonymous "like" button without adding extra security checks with highly enticing comments, such as those depicted below:.<br /><br />"LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.", "This man takes a picture of himself EVERYDAY for 8 YEARS!!", "The Prom Dress That Got This Girl Suspended From School.""This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"<br /><br />Upon clicking the infamous “like” button, users access transparent iframe which sends them towards various blogspot.com-hosted web pages. In some cases, they reach an apparently blank page with a “click here to continue” message or they are asked to fill in a questionnaire. Due to Facebook’s popularity and their extensive user base, this social networking service has become not only a preferred target of information harvesters, but also the favorite playground for commercial purposes (such as disseminating adware, making users click on ads or filling in forms). Now imagine that each form filled by the unwary Facebook user brings the hijacker a specific revenue times the number of lured users and you’ll see why clickjacking is that popular.<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-32932336743412506292010-05-26T07:50:00.000-07:002010-05-26T07:53:53.677-07:00Facebook Video Promosie to Bare All - But Bear Malware InsteadInvitations to salacious or funny videos could lead to adware<br /><br /> <br /><br />Just a week after hackers offered Facebook users the "Sexiest Video Ever" -- a promise that led to some nasty adware -- a new "video" has appeared, luring users to view "Distracting Beach Babes."<br /><br />According to a blog by Sophos researcher Graham Cluley, this is the second straight weekend in which Facebook users have been broadly targeted with malware disguised as humorous or titillating video, apparently sent by friends or associates on the social networking site.<br /><br />"The 'Distracting Beach Babes' scam appears to be the latest incarnation of the widespread 'Sexiest Video Ever' assault we saw spreading on Facebook last weekend, installing adware onto victims' computers, which can make money for the hackers behind the attack," Cluley blogged.<br /><br />"Clicking on the 'video' link takes you to a rogue Facebook application. If you agree to give it permission to run [in your feverish desire to watch the video], then it will display a bogus message advising that you need to update your FLV player, and direct you to download adware to your computer. Meanwhile, the application has just forwarded the video in your name to all of your Facebook pals."<br /><br />The exchange of such videos is common among friends on Facebook, and since the malware appears to be coming from trusted contacts, users can be easily taken in, Cluley said.<br /><br />"If you have been hit, you should delete the offending message from your page, scan your computer with an up-to-date antivirus, change your passwords, [and] review your Facebook application settings [to ensure you have blocked the rogue application]," he said<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-16010060078922305592010-05-03T21:27:00.001-07:002010-05-03T21:38:28.382-07:00New Microsoft Connector Outlook ProblemA new version of the Microsoft Outlook Connector has caused some problems. The way to remedy this is to uninstall the Microsoft Outlook Connector in Control Panel -> Add/Remove Programs (Vista & Windows 7 under Programs and Features). <br /><br />This is only for 32 bit operating systems, however if you have Windows XP you probably have a 32 bit operating system. Before you begin, close Outlook, then uninstall the Outlook Connector. Click on the following link to install the new Outlook Connector update: <br /><br /><a target="_Blank" href=http://www.microsoft.com/downloads/details.aspx?FamilyID=39db2b89-af2e-41f9-a175-f93e1377959f&displaylang=en>Outlook Connector Update</a><br /><br />Follow the onscreen instructions.<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-85944124767288069452010-04-27T07:04:00.000-07:002010-04-27T07:08:05.111-07:00iPad Users Targeted by Backdoor Dissembled as iTunes Update<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFHpJwPNMN3vjm5DsopzSG2FfxTuD-AUsabq6aFPzuojGe6MTXM_A-Wn04yBsCsssH3sndAyKdpB0mOVrlhp3lV3maEFC4LiyOb2GE4vo3jgoG8nBvEJ1a8bw6m_j9WZtcFNjeSqS5d3Mp/s1600/phishing%2520apple%2520itunes%2520download_final.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 200px; height: 119px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFHpJwPNMN3vjm5DsopzSG2FfxTuD-AUsabq6aFPzuojGe6MTXM_A-Wn04yBsCsssH3sndAyKdpB0mOVrlhp3lV3maEFC4LiyOb2GE4vo3jgoG8nBvEJ1a8bw6m_j9WZtcFNjeSqS5d3Mp/s200/phishing%2520apple%2520itunes%2520download_final.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5464818333858262386" /></a><br />An e-mail invitation to an iTunes update gets iPad users’ PCs into backdoor trouble. <br /><br />Success stories are cybercriminals’ go to sources of victims and the iPad craze couldn’t have been left out of this picture. According to some reports, Apple sold 150.000 iPads in the first 60 hours of presale availability, with almost 100.000 of these coveted devices being pre-ordered in the first 10 hours. The figures make it clear as daylight why malware creators were so keen on crashing this promising party.<br /><br />The invitation to the “contagious fiesta” comes via the e-mail: an unsolicited message instructs iPad users to download on their PCs the latest version of the iTunes software as a preliminary step to an update of their iPad software.<br /><br />To carry conviction, the e-mail emphasizes that users should keep their iPad software updated “for best performance, newer features and security”.<br /><br />It goes on to clarify the multi-step procedure by pointing out that in order for the update to be performed the latest version of iTunes should first be downloaded from the Internet. A direct link to the download location is conveniently provided. As a proof of cybercrime finesse, the webpage the users are directed to is a perfect imitation of the one they would use for legitimate iTunes software downloads.<br /><br />Unfortunately for these users, following the malicious link means opening up a direct line to their sensitive data as instead of the promised iTunes update they get malware on their systems.<br /><br />Identified by BitDefender as Backdoor.Bifrose.AADY,the piece of malicious code inadvertently downloaded injects itself in to the explorer.exe processand opens up a backdoor that allows unauthorized access to and control over the affected system.<br /><br />Moreover, Backdoor.Bifrose.AADYattempts to read the keys and serial numbers of the various software installed on the affected computer, while also logging the passwords to the victim’s ICQ, Messenger, POP3 mail accounts, and protected storage.<br /><br />It is important to say that Mac users remain unaffected by this piece of malware.<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-86655607275899804372010-04-23T22:29:00.000-07:002010-04-23T22:37:52.095-07:00Facebook Application Spreading Adware<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJFjlYUVDG1X9Itnp4b-Vq6JTS_BNRgwziLmRqwAzdnBJ9B_PboUAEb_15fjnQWnNV1w1TMtgjn9REfza5jwpg8f8wW9t2vdkbWjhtyxrC1zUS-byMsq1TFsFXX3nNB3btTPF-0SYZ-7Xu/s1600/sshot-3.jpg"><img style="float:right; margin:0 0 10px 10px;cursor:pointer; cursor:hand;width: 200px; height: 50px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJFjlYUVDG1X9Itnp4b-Vq6JTS_BNRgwziLmRqwAzdnBJ9B_PboUAEb_15fjnQWnNV1w1TMtgjn9REfza5jwpg8f8wW9t2vdkbWjhtyxrC1zUS-byMsq1TFsFXX3nNB3btTPF-0SYZ-7Xu/s200/sshot-3.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5463572532491876610" /></a><br />BitDefender researchers today have uncovered a new scheme that allows cyber-criminals to monetize on unwary users by leading them into installing adware applications. Rather than using hidden vulnerabilities in the social networking platform, this novel approach relies on social engineering in order to trick users into interacting with the attacker.<br /><br />Chapter I: The Application<br />The central element of the scheme is the Dance Class Video, application, a third-party extension of Facebook that has neither been developed, nor approved by the social network. The application’s page has been artificially populated with content and friends to increase the victim’s confidence. The application’s main purpose is to send specifically crafted messages and to continue recruiting new victims, as described below.<br /><br />Chapter II: The Bait<br />The infection vector is simple yet efficient. Compromised accounts send spammy messages that impersonate a Facebook video: “[victim’s name], this video is from the dance academy i went to last week.. what do u think?”. As soon as the victim follows the link, the application would ask for confirmation to pull out personal data, to send message on users’ behalf, as well as permission to always send these messages without any further confirmations.<br /><br />Chapter III: The Payload<br />After all the necessary confirmations have been pulled from the victim, they would be redirected to the application’s page that displays a fake video player (which is in fact a JPEG image hosted outside of Facebook), prompting them to update their FLV player in order to be able to see the video.<br /><br />The download page even contains an End-User License Agreement and the small provision that the SB 140 Alaska rule expressly forbids an application to engage in deceptive acts or practices described in this subsection using spyware by causing a pop-up advertisement to be shown on the computer screen of a user by means of a spyware program”. The page also triggers the automatic download of a binary file called FLVDirect.exe.<br /><br />Once downloaded and installed, the binary file would hijack the browser’s start page and search settings without the user’s consent.<br /><br />Apart from all the trouble a piece of adware may inflict to the average computer user, please remember that your social networking profile may hold sensitive information and granting third parties access to it or to act on your profile may have extremely dangerous repercussions on your privacy.<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-55764717417346303442010-04-23T00:26:00.000-07:002010-04-23T00:28:40.396-07:00McAfee Update Sends Windows XP Machines into Reboot Loop<a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.<br /><br />McAfee perfectly illustrated today why you're supposed to thoroughly test software updates before pushing them out to the general public. Consumers and IT support personnel around the country found themselves in a nightmare situation this afternoon; at best, their Windows XP-based machines simply couldn't connect to a network, but more often than not were stuck in an endless loop of reboots.<br /><br />The update, labeled 5958, causes McAfee to misidentify svchost.exe (an essential Windows system file) as a piece of malware and delete it. The official statement from McAfee indicates that the flaw only effects Windows XP machines with SP3, and results in "moderate to significant performance issues." Of course, reports from around the Web indicate this affects systems that are only up to SP2. And calling an endless cycle of reboots a "performance issue" is a bit of an understatement.<br /><br />There are unconfirmed reports that the flaw has taken out banks of systems at Intel and Dish Network, and the New York Times is reporting that dozens of PCs at the Illinois State University in Normal were taken out as well.<br /><br />McAfee has released a "fix" for the problem that really only suppresses the issue and doesn't directly address the false-positive issue. The fix also requires that a technician individually visit and repair any affected system, meaning that it may be a long night for support staff at companies and institutions who turn to McAfee for their virus protection.<br /><br /><strong>Click Computers Can Help. Facebook Fans flat fee $49.00</strong>Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-27189451887976125152010-04-17T14:12:00.001-07:002010-04-18T11:20:56.368-07:00Click Computers Mini Notebook Special<a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.<br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPhyphenhyphen-thHoc6lRl2VJFSS2EmRZJtkJgrE88Z5Hg1iiMboJQM-rxUdSbNHiNfLioplHwoEyc6wYNdIeBnzahaqq7Km3tOf_YRggPUf4f9ZWOYxeglaC1HC9fxMOKOwgKuEivwnSd4975PsmU/s1600/0088496282977_215X215.jpg"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 200px; height: 200px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPhyphenhyphen-thHoc6lRl2VJFSS2EmRZJtkJgrE88Z5Hg1iiMboJQM-rxUdSbNHiNfLioplHwoEyc6wYNdIeBnzahaqq7Km3tOf_YRggPUf4f9ZWOYxeglaC1HC9fxMOKOwgKuEivwnSd4975PsmU/s200/0088496282977_215X215.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5461231048912853330" /></a><br />Through the month of April, Click Computers has on special the Hewlett Packard HP Pavilion 210-1030NR Mini Notebook PC. Retail price is $349.99. This month only <strong>$289.99</strong>. <br /><br />Click Computers will optimize the system if you prefer at no extra charge. Remove all unnecessary trail version programs, install Open Office, and install an anti-virus, anti-spyware product absolutely free. For a fee of $37.50, Click Computers will come to your home or business and connect your printer and wifi. Click Computers can also transfer your data from your existing computer to this wonderful HP net book. <br /><br />Small, slim and stylish, the HP Mini 210 lets you surf the web, stay connected, and be entertained wherever you go. Amp up the fun by playing videos and music or showing off your photos. Exclusive, integrated software keeps you in sync with your life by letting you e-mail, chat, and instantly access your files from anywhere. With bottom case cover that conceals component access points and matches the top cover, the HP Mini 210 looks great from every angle and is protected by world-class support.<br /><br /><strong>SPECS:</strong><br /><br />•1.66 GHz Intel Atom N450 Processor<br /><br />•1GB DDR3 Memory<br /><br />•160GB SATA Hard Drive<br /><br />*10.1" Active Matrix TFT Color LCD with 1366x768 Resolution<br /><br />•6 Cell Battery<br /><br />•Integrated Intel GMA 3150 (256MB Graphics Memory)<br /><br />•Integrated 802.11b/g Wifi<br /><br />•Integrated 10/100 BaseTX LAN<br /><br />•5-in-1 Multi-memory Card Slot (SD,MMC,MemoryStick,MemoryStick PRO,xD-Picture Card)<br /><br />•Microsoft Windows 7 Starter<br /><br />•1 Year Manufacturer's Limited WarrantyClick Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-76856269287782929192010-03-19T07:27:00.000-07:002010-03-19T07:32:25.845-07:00Facebook Password: T_R_O_J_A_N<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzJf6ttfIMEyeNQQKBTpa9PrbfF0wdtfRBI-Q4u7m2Fhj5pe9PASBIpMOZHuOod3tmQfrJkv8bPiAV9I4Pw1fznh2fG0PWH_CTFUBOTwCHItaxfnqWYn6mnyix99t7-INa5ySWIViRBwVI/s1600-h/fecebook%2520spam%2520message_FINAL.png"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 200px; height: 148px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzJf6ttfIMEyeNQQKBTpa9PrbfF0wdtfRBI-Q4u7m2Fhj5pe9PASBIpMOZHuOod3tmQfrJkv8bPiAV9I4Pw1fznh2fG0PWH_CTFUBOTwCHItaxfnqWYn6mnyix99t7-INa5ySWIViRBwVI/s200/fecebook%2520spam%2520message_FINAL.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5450352424177885714" /></a><br />A deceptive password change message sent on behalf of Facebook® is used in a Trojan-spreading scheme <br /><br />Yesterday evening, a malware distribution campaign using Facebook® as bait made some pretty nasty waves. Apparently legitimate e-mails notified Facebook® users that the passwords to their accounts have been changed due to security reasons. The recipients of this fake notification were supposed to open an attached .zip file in order to find out their new allocated password.<br /><br />Instead of a new password, the zip file hides Trojan.Dropper.Oficla.G. As its name suggests – Trojan Dropper- this piece of malware contains malicious or potentially unwanted software which it ‘drops’ and installs on the system. Frequently, the dropper installs a backdoor which allows remote, clandestine access to the infected system. This backdoor may then be used by cybercriminals to upload and install additional malicious or potentially unwanted software on the system.<br /><br />Infection rates are expected to boom because the social engineering behind this mechanism proves to be efficient. Facebook® is a highly popular social network and accessing it for discussions or for its popular applications has become a daily habit for very many people. No matter why they access the social network, the e-mail informing them about the alleged password change is likely to drive them towards the same result: open the file to take a look inside and ultimately… get infected.<br /><br />In order to stay safe, BitDefender recommends you to never open the attachments coming from unknown contacts as well as to install and update a complete antimalware software solution.<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and BusinessClick Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-76938729423845672882010-02-26T07:53:00.001-08:002010-02-26T07:53:28.412-08:00KSL.COM Virus WarningAfter receiving reports of a computer virus related to this website, the problem has been identified and it is now safe to browse KSL.com. The virus came through a third party network used to distribute ads on the site, but it has been stopped and measures are being taken to boost security.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-28989445204800832112010-02-22T06:26:00.000-08:002010-02-22T06:27:32.124-08:00Microsoft Hotmail Privacy BreachA statement issued by Microsoft revealed that the company is looking into reports that some users of its Hotmail service were accidentally shown other users' inboxes when attempting to access their mail through their mobile phone. <br /><br />The Windows Live sign-in service was down for an hour yesterday; whether the two events are related is as-yet unknown. The sign-in downtime was purportedly due to a server failure, and left many unable to log in to any Microsoft service dependent on Windows Live IDs, including both Hotmail and Windows Live Messenger. <br />In its statement, the software giant said, "Microsoft takes customers' privacy seriously, and immediately upon learning of these reports, we started an investigation. We will take appropriate action once we have completed the investigation."<br /><br />Reports of the nature of the security breach suggest that it did indeed coincide with the sign-in service failure. Users with the problem describe being presented with an inbox that was not their own; subsequent logins presented a different inbox each time.<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-45628225410818587102010-02-22T06:22:00.001-08:002010-02-22T06:22:44.635-08:00Social networking, govt sites hacked in global attackA new type of computer virus is known to have breached almost 75,000 computers in 2,500 organizations around the world, including user accounts of popular social network websites, according Internet security firm NetWitness.<br /><br />The latest virus -- known as "Kneber botnet" -- gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information back to hackers, NetWitness said in a statement.<br /><br />A botnet is an army of infected computers that hackers can control from a central machine."<br /><br />The company said the attack was first discovered in January during a routine deployment of NetWitness software.<br /><br />Further investigation by the Herndon, Virginia-based software security firm revealed that many commercial and government systems were compromised, including 68,000 corporate login credentials and access to email systems, online banking sites, Yahoo, Hotmail and social networks such as Facebook.<br /><br />"Conventional malware protection and signature-based intrusion detection systems are, by definition, inadequate for addressing Kneber or most other advanced threats," Chief Executive Amit Yoran said in a statementClick Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-5955991819222836332010-02-07T13:20:00.000-08:002010-02-07T13:24:56.257-08:00Social Networks: SOS<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyrfrMPIKiho4DhJ4x2qgjMLQFxcS0laPBYUlQofl3ouoaf-iXtqJpjcZytpWdrWzGZ6tGP0qd_Z56fEqOmqg__upkRrjdHXshLdsN1chL-_EamGPKUyRFD4XAYGjGPi9dqkw5hj9mqFoJ/s1600-h/koobface-captcha.png"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 200px; height: 136px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyrfrMPIKiho4DhJ4x2qgjMLQFxcS0laPBYUlQofl3ouoaf-iXtqJpjcZytpWdrWzGZ6tGP0qd_Z56fEqOmqg__upkRrjdHXshLdsN1chL-_EamGPKUyRFD4XAYGjGPi9dqkw5hj9mqFoJ/s200/koobface-captcha.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5435615454817565346" /></a><br />Don’t chat with worms as you would do with your friend<br /><br />As some of the fastest-growing communities in the cyberspace, social networks are also the favorite playground for malware distributors. One of the most targeted networks of its kind is Facebook, the keeper of a huge database of personal information acting like a magnet to cyber-criminals.<br /><br />The infamous Koobface worm made a comeback as Win32.Worm.Koobface.AOJ. Once installed on the local machine, the worm looks for cookies belonging to well-known social networks, such as Facebook®, Twitter®, Hi5TM, Friendster® and MySpaceTM, among others. However, there's more in Koobface than the eye meets: each new iteration of the worm brings additional surprises to build on its previous features: CAPTCHA breakers, locally-installed HTTP servers, keylogger and ftp file uploader components, as well as a rogue DNS changer and an advertisement pusher. <br /><br />In order to spread from one infected account to another, Win32.Worm.Koobface.AOJ sends messages on the behalf of the compromised users to all their friends. Since Facebook® is extremely restrictive with large numbers of messages originating from the same account in a short time span, the worm forces the infected user to solve the CAPTCHA dialog for it. After the CAPTCHA has been successfully "defeated", it would post a link to a fake YoutubeTM video concealed with a URL shortening service (usually bit.ly). Unwary users clicking on the malicious link will subsequently asked to install a codec, which ultimately turns out to be the very downloader that drops, installs and "configures" the Koobface worm.<br /><br />The Koobface family is one of the most advanced e-threats related to social networks. Its ability to compromise a large choice of social networks and its extremely advanced infection mechanisms makes it the ultimate war machine ready to siege your social network accounts.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-23053111610355003802010-02-04T18:06:00.000-08:002010-02-04T18:11:38.179-08:00Worm Crawling the IM NetworkCalled Win32.Worm.IM.J, this malicious code spreads via links sent as instant messages on Yahoo! ® Messenger on behalf of infected users. The message uses social engineering tricks in order to make people believe they are in a very delicate situation and action should be taken immediately, especially since the embedded link ends with the Yahoo!® Messenger username of the victim.<br /><br />The infected messages display two questions asking the victim whether he / she has pictures or a profile on a compromising site; a link towards the alleged site is, of course, provided after the informative note. <br /><br />Once the users access the randomly-provided link, they are redirected towards fake Web page containing some ads and a blank space where the alleged photos should have been. A spoofed active content bar (that is not displayed under the hyperlink, but under the first row of ads) advises the victim to install Adobe Shockwave Player in order to be able to watch the pictures.<br /><br />The worm would remove the locally-stored credentials from the infected computer in order to force the user to re-type them. The log-in information will be stored in Windows Registry under the key HKEY_LOCAL_MACHINE\SOFTWARE\first and would use them to stealthily authenticate and send these infected links to the victim's contact list.<br /><br />Last, but not least, the worm also features a downloader component that would install additional malware on the infected system.<br /><br />Win32.Worm.IM.J is built with Borland Delphi® and seems to have its roots in Romania, since the messages it sends are written in Romanian: "cine ti-a pus pozele aici?"(who posted your pictures here?) and "tu ti-ai facut profilu asta?"(was it you who created a profile here?).<br /><br />In order to avoid infections, we recommend that you install and regularly update a complete antimalware suite with antivirus, antispam, antiphishing and firewall modules.<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-33727340246633633442010-02-02T06:46:00.000-08:002010-02-02T06:47:16.098-08:00Adobe Warns of of PDF Phishing ScamA new phishing scam is trying to fool people into thinking it comes from Adobe<br /><br /> A new phishing scam is trying to fool people into thinking it comes from Adobe, announcing a new version of PDF Reader/Writer.The message is making its way into e-mail boxes now, and the real Adobe urged any recipients to simply delete it.<br /><br />The phishing scam has a subject line "download and upgrade Adobe PDF Reader – Writer for Windows," includes a fake version of Adobe's logo and provides links that would lead to malicious code or other trouble if a victim clicked on them. The e-mail appears to come from Adobe newsletter@pdf-adobe.org, which is part of the scam.<br /><br />"It has come to Adobe's attention that e-mail messages purporting to offer a download of the Adobe Reader have been sent by entities claiming to be Adobe," the company said in a statement warning about it. "Many of these e-mails are signed as 'Adobe PDF' (or similar), and in some instances require recipients to register and/or provide personal information. Please be aware that these e-mails are phishing scams and have not been sent by Adobe or on Adobe's behalf."<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0tag:blogger.com,1999:blog-6480369237921446470.post-16758184636486205362010-02-01T21:59:00.001-08:002010-02-01T22:09:53.458-08:00Former Iomega VP Chooses Click Computers<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkLy3ZVRzOltTtGyaVnLLX0C8ZfsmxtvrAkbSoNnlDiG835TYaK9z2jo9gDbY8gr_hE1D52dI1aMkRGAlw6d_nJHGzXbyW1eh5LkoIZG4VzwqUKWWLCDqnc5sA9CI5nVv34QqAkyNxmZpu/s1600-h/IMGP0385.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 200px; height: 150px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkLy3ZVRzOltTtGyaVnLLX0C8ZfsmxtvrAkbSoNnlDiG835TYaK9z2jo9gDbY8gr_hE1D52dI1aMkRGAlw6d_nJHGzXbyW1eh5LkoIZG4VzwqUKWWLCDqnc5sA9CI5nVv34QqAkyNxmZpu/s200/IMGP0385.JPG" border="0" alt=""id="BLOGGER_PHOTO_ID_5433522998970309330" /></a><br />Former Iomega Vice President Leon Staciokas chose Click Computers for his home personal computer. Mr. Staciokas marveled at the speed, quality, and local prompt service. Mr. Staciokas is a pioneer in the industry of personal portable storage devices.<br /><br /><a href=http://www.clickpcrx.com title=”Computer Repair Utah”><b>Click Computers – Computer Repair Utah</b></a><br>Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.Click Computershttp://www.blogger.com/profile/15063925936779282245noreply@blogger.com0