Just in case you didn’t know Malvertising is the #1 way to get infected due to the numerous security holes found in:

Adobe Reader (acrobat)
Adobe Flash Player
Sun’s Java

Those are the top 3 applications being exploited right now.   You may be wondering how you got infected with a fake anti-virus program (for example) without ever clicking on any ad.  See the simple explanation below.

Here’s how Malvertising Works

1. A legit website like CNN.com sells advertising space because it has thousands of views every day. (again, this is just an example)
2. A malicious person or group purchases some of this advertising space and submits an ad that appears perfectly fine to the CNN.com advertising editors.
3. The ad goes live.
4. At some point the ad becomes malicious and starts scanning clients for outdated Adobe Reader, Adobe Flash or Java binaries.
5. Once an exploit is available the malicious ad injects malware into the clients PC.
6. The anti-virus may or may not detect it, it’s really just luck.  If the threat is old, then there’s a good chance it will.  If it’s just a few minutes old then there’s a good chance it won’t.
7. The ad may stay live for minutes, hours, days, etc until someone notifies the web master of that domain.

How can you stop these attacks?

1. Keep your Adobe Reader and Flash Updated.  This is not exactly an easy task since Adobe seems to find security holes every other week.  Open Adobe Reader and click help — check for updates (at the time of this writing I just discovered I had 2 waiting to be downloaded!).  Both programs do automatic update checking, however a lot of people just cancel the update.  Bad idea.
2. When Java alerts you that an update is available then yes…install it.  Lot’s of my clients never install this update.  It’s really important that you do.
3. Configure the Adobe Reader plugin in each of your web browsers not to load PDF’s automatically.
4. Browse the internet with Sandboxie as much as you can.  That goes for everyone who uses the computer.
5. Always download and install your Windows Updates.
6. Follow steps 1 – 5 and you’ll probably never experience the end result of a malicious ad.

Sadly adobe and sun products are constantly getting new updates and do not uninstall the old updates so the potential for re-infection can still happen. If you don’t need these applications or you do not use applications that require these updates then promptly remove them.

You have noticed that even Apple a large supporter of adobe has decided not to add flash or java to their latest OS updates.

Special thanks to the remove-malware.com people for the information.

The wild west was one of the most interesting frontiers that our crazy forefathers decided to conquer. Those who pursued wealth fame or the all mighty easy dollar where either successful and overcome by other evils or broke and tried to make a life in a desert (semi-arid) landscape west of the Rockies.

Now a days we have the frontier of our intellect (could be argued.) or the internet. We have special tools that allow us to copy and paste and to download *FREE* stuff (video, Music, Software, Virus’s). There’s Gold in them there internets! While its true you can download to your hearts content *FREE* stuff; beware its not all free and or Gold. Some might call it fools gold. Kind of reminds me of the old adage “you get what you pay for.”. Truth is most the free stuff you can consume (download) has got some code that will make your Windows, Apple OSX and Linux Operating systems crash and burn. Possibly incurring data loss that you cannot afford to lose. Yes I said Apple and Linux too. No one gets a free ride.

Some of the more well known ways of getting your *FREE* stuff is P2P types of programs:

Lime Wire: Has been the king of the P2P networks most recently. Funny enough it offers a paid for version to make you think the content you download is not illegal. Of course the paid for version does also unlock more bandwidth and more open connections. Interestingly enough some of the open source community came out with a better app that allows for the paid version tools called Frost Wire. 

Kazaa: Was the king of P2P sharing and still is around but the service has been under serious watch by the MPAA and RIAA.

WinMX: Now defunct. Was the Largest P2P up until 2005 and then was shutdown. Most likely due to pressure or lawsuits from various copyright owners.

BitTorrent:The New Sheriff in town. However harder to understand by most non-geek types. Very much harder to track but very open and determines how many others have the same file.

Usenet: A very old distribution network. Open mostly for discussions and trading ideas became a haven for file sharing and virus sharing.

IRC Chat: Another very old distribution network. Rumored to be the networks in which when your computer is infected with a virus. The virus (usually trojan horse) gets instructions from this network.

Truth be told all of these networks spread a ton of virus’s. Please make sure you are very careful when using these networks. They will bite.

So I have been in the business of building and rebuilding every type of personal and business computer (Laptop, Desktop, Workstations and Servers).

I have seen my share of virus/spyware infections from easy to kill to so nasty it requires a full rebuild of a said computer. One thing I have been noticing as of late is the the Virus that gets installed and acts as a Antivirus Application. These are the most annoying Virus/Spyware applications. I have seen these applications download more and more Virus’s as well as a plethora of spyware in so much as over loading the Operating System and basically shutting down the computer.

Please if you get one of these type of virus’s or you get a pop up asking you to download it to kill the virus’s. This is a bad idea. Please do not download these type of applications. First they want you to pay for them even sometimes to the point they ask for a large subscription payment. They disable any and all antivirus application.

These applications are essentially evil please stay clear.

Update: This Virus is spreading quickly among many even very protected machines (updated antivirus and antispyware) If you encounter any of these types of Viri please unplug your network cable (commonly called ethernet or data cable).

Common Names I have encountered:

Personal Antivirus (Hardest of them to remove)

Antivirus 2008

Antivirus 2010

WinPC Antivirus

there may be more….

Here is a run down on how to clean. Feel free to contact me if you are unsure how to do this.

1. Download Malwarebytes’ Anti-Malware, or MBAM, from the following location and save it to your desktop:

   Malwarebytes’ Anti-Malware Download Link

2. Once downloaded, close all programs and Windows on your computer, including this one.
3. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
4. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and  Launch Malwarebytes’ Anti-Malwarechecked. Then click on the Finish button.
5. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for Personal Antivirus related files.

MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below

.You should click on the OK button to close the message box and continue with the PersonalAntivirus removal process.

You will now be back at the main Scanner screen. At this point you should click on the Show Results button.

A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

2. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
3. You can now exit the MBAM program.

Your computer should now be free of the PersonalAntivirus program. If your current anti-virus solution let this infection through, you may want to considerpurchasing the PRO version of Malwarebytes’ Anti-Malware to protect against these types of threats in the future.

A large issue with all versions of Windows is by default the Operating system is installed to not show your file extension.

So why is this a problem? Well since Virus developers and Script kiddies learned of this they would mask the virus file as a jpeg. So please what ever version of windows you are using please uncheck Hide extensions for known file types.

If you notice in the diagram on the left I would and do the following on every install of any Windows version I install.

-Uncheck Automatically search for network folders and printers

-Check: Do not cache thumbnails

-Bullet: Show hidden files and folders

Click apply and then Apply to all folders. Windows will prompt you to make sure. Click ok.

Now when you download a file or someone sends you a file you know what the true extension of the file.

18.4% – Theft by employees
18% – Hackers
14% – Lost or stolen media
11.6% – Personal data inadvertently exposed

Kind of drives home the importance or proper access control, doesn’t it?

Be careful with your data/information.

Source:
http://voices.washingtonpost.com/securityfix/2009/06/malicious_attacks_blamed_for_m.html?wprss=securityfix

Minimize the Chances of an Online Predator Victimizing a Child

• Warn your children about potentially dangerous people who may try to befriend them online.
• Keep the computer in a public space in your house, not a bedroom.
• Don’t allow children to use a screen name profile or to give out personal information online.  (not even what school they go to or city they live in)
• Use parental controls provided by your service provider or blocking software.
• Monitor or discourage all chat room usage.
• Insist children never agree to meet someone they’ve met online without permission.

Types of Children Predators Target and Prey Upon

• Children with lower self-esteem
• Children who divulge too much personal information online.
• Children who frequent chat rooms

Signs Your Child Might Be at Risk Online

• Your child spends large amounts of time online, especially at night.
• You find pornography on your child’s computer.
• Your child receives phone calls from people you don’t know or is making calls to numbers you don’t recognize.
• Your child turns the computer off or quickly changes the screen on the monitor when you come into the room.
• You child becomes withdrawn from the family.  Offenders try to drive wedges between a child and their family, trying to accentuate any minor problems at home a child may have.
• You child is using an online account belonging to someone else.  Offenders will sometimes provide potential victims with a computer account for communications with them.

Monitor not only computer activity but also cell phone activity. Examine cell phone bills for suspicious activity.

Learn about text messaging or “sexting”. Taking revealing pictures of themselves is becoming a trend.  Pictures are then sent to classmates via email or cell phone and end up online and in the hands of predators.  Learn the technology and learn the language.