Skip to main content

Security Shenanigans – May 2010

I’ve noticed a few irritating trends in the virus/spam/spyware world recently.  Here are some things to watch out for:

Web Nasties
  • Steer clear of downloading screensavers, they can often be infected with viruses
  • Steer clear of apparently free tools that contain irritating adware, e.g. freeripmp3 which contains “Adware.ADON”
  • Be very careful of Online Poker sites.  These often require the downloading of software or a browser add-on which could be infected.
  • If you are browsing the web and are informed that your computer has a virus or infection treat this message with a healthy degree of scepticism.  Has the message popped up from your security software?  This should be fairly obvious.
    • Here, for example is what a security pop-up from ESET Smart Security looks like:
    • image
    • E.g. here is what a security pop-up from Norton Internet Security looks like:
    • image
    • It’s very common for spyware to infiltrate your PC by pretending to be legitimate software which tells you that you have a security problem on your PC which can magically be fixed by downloading a product such as AntiVirus 2010.  When this software is unwittingly downloaded it can really get medieval on your computer!  Here are some examples:
    • image
    • image
    • image
    • So, look at the title of the warning pop-up message.  Is it coming from your security software?  You do have security software (AKA anti-virus) yes?  Is the message popping up as window in your web browser?  If so then shut down all web browser windows.  Can’t close them all?  Try using the Alt+F4 keyboard combination.  Failing that, save any changes to any documents you might have open elsewhere and restart your computer.
Email Nasties

As always, be really careful with email attachments.  It’s amazing how often we can forget this.  Do you know the sender?  If not I’m inclined to just delete the email if it has the attachment.  If you know the sender then ask yourself if this is expected.  If not, email them and ask them if they meant to send you an attachment.  If they say yes, even then it pays to be cautious…

  • Email from security@facebook.com
    • Subject is: Facebook Password Reset Confirmation!
    • Contains Kyrptik.BKR trojan
  • Email from invitations@twitter.com
    • Subject is: Your friend invited you to Twitter
    • Contains Merond.AA worm
    • You are asked to look at an attachment (Invitation Card.zip)
    • You have to ask why you would need to do this and not just click a link to go to their website?
  • Email from greetingcard.org
    • Subject is: You have Received a Greeting Card
    • Contains Kyrptik.CEJ trojan
  • Email from various different addresses
    • Subject is: UPS Delivery Problem Number...
    • Contains Wigon.KQ trojan (rather nasty)
  • Email from various different addresses claiming to be DHL
    • Subject "Please get your parcel NR..."
    • Contains TrojanDownloader.Bredolab.AN trojan (rather nasty)
  • Email from Facebook Team
    • Subject "updated account agreement"
    • Contains an attachment such as “Facebook_Password_4cf91.zip”
    • Contains TrojanDownloader.Bredolab.AN trojan (rather nasty)
  • Email from Microsoft Team
    • Subject is: "Conflicker.B Infection Alert"
    • Contains Kryptik.CJT trojan

Comments

Post a Comment

Popular posts from this blog

Where are SCANPST.EXE and/or SCANOST.EXE?

I sometimes have to deal with customer computers whose Outlook PST or OST files have become corrupted.  Very often the fix is to run SCANPST.EXE on the offending PST/OST file.   However, every time I go to do this I forget where the two executable files are.  Here is where they are on a Vista machine running Office 2007: C:\Program Files\Microsoft Office\Office12 I hope this helps.
11 comments
Read more

Resolve WSUS Server issue that gives "Cannot save configuration because the server is still processing"

This is a pretty infuriating error and can sometimes crop up as a result of running a "wsusutil reset" command. First of all, give the server some time, and then a bit more...  but you've probably already done this. These steps may help to resolve the situation: - Install Microsoft SQL Management Studio (free download) - Run SQL Management Studio and start to connect to the WSUS database - Enter this in the "Server Name" box:  \\.\pipe\MICROSOFT##WID\tsql\query - Expand the "Databases" tree - Right-click on "SUSDB" and choose "New Query" - Paste this query in:     UPDATE tbSingletonData     SET ResetStateMachineNeeded = 0 - You should see a message like "1 row affected", which is good - Quit SQL Management Studio - Open "Services" and restart the "WSUS Service" - Now, open WSUS
Post a Comment
Read more

Logon Scripts in Group Policy not running

Problem  Was having difficulty with a logon script I had created and was deploying to users via Group Policy. The script was to customise printer settings for certain users. But it just wasn't running when the users would logon to their PCs. The GPO was applying properly, and I could run the script manually without issue. Cause It turns out that it was happening because, by default, logon scripts don't run for 5 mins after logon occurs on a Windows client PC. Solution This can be adjusted by setting the "Configure Logon Script Delay policy" to "Enabled" and then configuring a better delay. Note: if this policy is set to disabled or not configured, the default delay of 5 mins will apply. I initially set this delay to "0" but found that wasn't successful.  Perhaps the script needed a small delay. So I set it to "1" (1 minute) and it worked nicely. I must also note that during the troubleshooting process, I read many recommendations to e...
Post a Comment
Read more