TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Viruses

“Storm” Worm Makes Anti-Virus Programs Brain Dead

The ever-mutating, ever-stealthy Storm worm botnet is adding yet another trick to its vast repertoire: Instead of killing anti-virus products on systems, it’s now doing a modification to render them brain-dead.

The finding was made by Sophos and was mentioned by a security strategist for IBM Internet Security Systems. According to Sophos, the Storm botnet—Sophos calls it Dorf, and it’s also known as Ecard malware— makes programs that interact with Windows, tell the virus every time a new program is started.

The virus then checks the program that started to see if it was an anti-virus or anti-spyware program, and if it is, it will either stop the program from running, or modify the program so that it can’t detect the virus.

Then, when the anti-virus programs run, they simply tell the user everything is ok.

The strategy means that users won’t be alarmed by their anti-virus software not running.

The anti-virus is running but brain-dead, which is worse than shutting it off, since it then opens the door for all sorts of other virus and spyware programs to infect the system.

This new behavior the latest evidence of why Storm is the scariest and most substantial threat security researchers have ever seen. The Storm virus is patient, it’s resilient, it’s adaptive in that it can defeat anti-virus products in multiple ways. It changes its virus footprint automatically every 30 minutes.

It even has its own mythology: Composed of up to 50 million zombie PCs, it has as much power as a supercomputer, the stories go, with the brute strength to crack Department of Defense encryption schemes.

In reality, security researchers in the know peg the size of the peer-to-peer botnet at 6 million to 15 million PCs, and not on par with a supercomputer. And it can’t break encryption keys. Still, it is very dangerous.

“No Virus Wednesdays” A Huge Hit!

More Than 900 Virus And Malware Infections Eradicated Thanks To Tech Experts’ Free In-Shop Scanning Service.

More than 900 virus and malware infections have been eradicated as a result of Monroe-based IT services company Tech Experts’ “No Virus Wednesdays” war on computer viruses, spyware and junk e-mail.

We are incredibly pleased with our results so far!

We’ve had more than a dozen PC users bring in their computers to be examined, and have successfully removed dangerous infections on all of the affected machines.

In July, Tech Experts announced its “No Virus Wednesdays” program, offering computer users basic spyware and virus removal services at no charge each Wednesday in July, August and September.

Since Wednesday tends to be our slowest day of the week, we decided it would be better for our techs to be destroying viruses and spyware instead of sitting around twiddling their thumbs. That’s why we decided to give away this valuable scanning and disinfecting service for FREE on Wednesdays.

It’s clear that PC infections are on the rise, and in many cases, computer users aren’t aware they’ve got a problem.

Several computers we repaired were infected with trojan-horse type malware, which was tracking the users activity on the Internet.

One machine alone had 493 distinct infected files!

Of the computers we have examined, half either did not have anti-virus software installed, or the anti-virus software was disabled or expired.

We’re obviously very concerned about how safe computer users are when they’re on the Internet which is why we’re extending our “No Virus Wednesdays” program through the end of the year.

The Tech Experts “No Virus Wednesdays” program works like this: Users who would like their computers checked and cleaned of spyware call Tech Experts’ special “No Virus Hotline” at 734-243-1500 and set up an appointment to drop off the computer late Tuesday afternoon, or first thing Wednesday morning.

The computer will be evaluated, disinfected, and available for pickup as soon as it is ready, usually late Wednesday afternoon or Thursday morning.

Computers will be checked for over 1000 types of spyware, thousands of different viruses, as well as Trojans and keyloggers.

Any malicious software that is discovered will be removed, and a complete report provided to the client.

By having users pre-schedule their appointments, the company can plan for this work and provide the service at no charge, while still maintaining its normal weekly workload.

FAIR WARNING: This free service is scheduled on a first-come, first-served basis and limited to Wednesday appointments only. Call right now for your appointment!

Malicious Software Is Spreading Through Multiple Operating Systems

“A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux and Mac OS X systems,” according to a Symantec Security Response advisory. “Be cautious when handling OpenOffice files from unknown sources.”

Apple’s Mac OS is not a virus-free platform, said Jan Hruska, who co-founded antivirus firm Sophos.

“Viruses on the Mac are here and now. They are available, and they are moving around. It is not as though the Mac is in some miraculous way a virus-free environment,” Hruska said. “The number of viruses coming out for non-Mac platforms is higher. It gives a false impression that somehow, Apple Macs are all virus-free.”

Once opened, the OpenOffice file, called badbunny.odg, launches a macro that behaves in several different ways, depending on the user’s operating system.

On Windows systems, it drops a file called drop.bad, which is moved to the system.ini file in the user’s mIRC folder. It also executes the JavaScript virus badbunny.js, which replicates to other files in the folder. On Apple Mac systems, the worm drops one of two Ruby script viruses in files respectively called badbunny.rb and badbunnya.rb.

‘Surge’ In Hijacked PC Networks

The number of computers hijacked by malicious hackers to send out spam and viruses has grown almost 30% in the last year, according to a survey.

More than six million computers world wide are now part of a “bot network,” reported security firm Symantec.

Computer users typically do not know that their PC has been hijacked.

More than a third of all computer attacks in the second half of 2006 originated from PCs in the United States, the threat report said.

While the total number of bot-net PCs rose, the number of servers controlling them dropped by about 25% to 4,700, the twice-yearly report said.

Symantec researchers said the decrease showed that bot network owners were consolidating to expand their networks, creating a more centralised structure for launching attacks.

Ollie Whitehouse, senior consulting services director at Symantec, said: “This rise in the number of infected computers can certainly be attributed to the rise in the online population of countries like China and Spain, in Europe.”

Whitehouse continued: “There is almost an educational curve that the users and service providers have to go through. Unfortunately when certain countries go through rapid increases in connectivity and availability of technology that curve is not always kept up.”

Alfred Huger, vice president of Symantec Security Response, said online criminals appeared to be adopting more sophisticated means of “self-policing.”

He added: “They’re launching denial-of-service attacks on rivals’ servers and posting pictures online of competitors’ faces.”

Huger concluded: “It’s ruthless, highly organised and highly evolved.”

The best defense against attacks? Never click on an unknown link, regardless of who sent it, and always run up to date anti-virus and anti-spyware software.

Nine Easy Steps To Protect Your Computer From Viruses, Trojans and Infections

Here are some helpful suggestions from the experts at TechExperts on how to protect your computer and network.

Step 1: Protect your personal information.
Be suspicious of any email with urgent requests for personal financial information, and never respond to unsolicited requests for confidential information.

Beware of phishing. Phishing is an Internet scam where a message is sent out via email asking you to provide or verify certain information.

Typically these requests are designed to look like they came from a bank or other service provider. Usually there is a link to the bank’s website. But in fact the link doesn’t go to the bank; it goes to a computer controlled by fraudsters. Once armed with your data, thieves take out cash advances from your accounts or may try to steal your identity.

Step 2: Use an anti-virus program and take steps minimize computer virus risks.
Make certain that good, commercial-quality anti-virus software has been installed on your computer. New viruses appear constantly and daily virus definition updating decreases the risk of computers becoming infected. Many free anti-virus programs don’t provide for automatic updating.

Your anti-virus software should be set to automatically update, and should always be running.

Step 3: Install anti-spyware software and enable Windows Firewall.
Spyware is software that is usually downloaded from the Internet, either intentionally under the guise of a service or utility, or without your knowledge as a result of browsing malicious Web sites. Spyware gathers information about how you use your computer, and poses a threat to your privacy.

A firewall is a piece of software or hardware that helps guard computers against hackers as well as many computer viruses and worms.

Windows XP has a built-in firewall product, but it may not be enabled. Give us a call for more information on how to enable Windows Firewall.

Step 4: Be careful with email attachments.
Attachments are files, such as a document or picture that can be sent along with an email. Viruses spread by hijacking an infected computer’s email address book. The virus sends copies of itself as email attachments to everyone in the victim’s email address book. This gives the appearance that your friend is emailing you a joke or a document, but it’s really the virus attempting to spread itself.

If you receive an unexpected email attachment, even if you know the sender, do not open the attachment.

Step 5: Use strong passwords, and change them often.
A strong password is one that is not obvious or easy to guess, it should be 8 – 12 characters long and include a combination of upper and lowercase letters, numbers, and symbols such as punctuation marks and special characters.

Step 6: Stay updated.
As flaws are discovered, software makers such as Microsoft release software updates. To ensure that your computer is secure, install the appropriate updates. There are a few circumstances where you might not want to, but generally, always enable Windows Update to automatically install updates to your system.

Step 7: Be careful about downloading.
Tons of no-cost programs are available with more becoming available each day. If a program is written with malicious intent, the author/intruder will not tell you that it will harm your system.

Many no-cost programs collect data about you and then sell that data to advertisers. These types of programs are called “spyware” (see step 3 above).

Step 8: Backup, backup, backup!
In case of emergencies, such as a hard drive crash, documents and data files stored only on your local hard drive need to be backed up and backups need to be periodically tested. If you are not sure if your files are being backed up, give us a call – we’ll be happy to help.

You may also want to consider encrypting and/or password-protecting files so that data will be unusable if stolen. Note that conventional passwords, such as Windows passwords, do not secure your data.

Step 9: Know where to go when you need help with your computer.
Keep our 24 hour computer emergency hotline telephone number available: (734) 240-0200. We’re always here to help with your computer problems!

‘Storm’ Trojan Hits 1.6 Million Computers; General Virus Activity at an All Time High

It is mission critical that you keep your antivirus subscription current and your software up to date. Many small business owners think that because they purchased the software one time, they’re protected.

Most anti-virus software requires an annual subscription. And, if you don’t renew, you’re not protected. Too many business owners are finding this out the hard way.

For example, the Trojan horse that began spreading during the last week of January has attacked at least 1.6 million PCs, with no signs of stopping. In addition, Windows Vista is also vulnerable to the attack.

Originally dubbed the “Storm worm” because one of the subject heads used by its e-mail touted Europe’s recent severe weather, the Trojan’s author is now spreading it using subjects such as “Love birds” and “Touched by Love.”

The Trojan, meanwhile, piggybacks on the spam as an executable file with names ranging from “postcard.exe” to “Flash Postcard.exe.”

If your computer’s anti-virus software is out of date, or if you’ve not renewed your anti-virus subscription, your system could easily get infected by a seemingly innocent e-mail.

By Symantec’s estimate, the Storm Worm is the most serious Internet threat in 20 months.

As with most large-scale Trojan attacks, the goal seems to be to acquire a large botnet, or collection of compromised PCs, that can be used to send traditional scam spams or for later identity mining.

Windows 2000 and Windows XP are vulnerable to all of the Storm Worm variations, but Windows Server 2003 is not; the Trojan’s creator specifically excluded that edition of Windows from the code. We presume the malware writers didn’t have time to test it on this operating system.

New computer viruses are discovered on a daily basis. In order to remain effective, your antivirus software needs to be regularly updated, generally once a week.

Make sure you know how to check your antivirus software for updates, and spot check automatic updates to make sure they are, in fact, updating.

If your version of anti-virus software doesn’t automatically update (many free or low cost programs do not), schedule reminders on your computer so updates are performed regularly.