TDSS/TDL4 has been a resilient and common rootkit used to infect computers, installing botkits, fake antivirus, and browser redirects. Just as it appeared development of the rootkit had stalled, some new variants have been appearing. Many antivirus programs are not detecting these new variants. They are detected by ESET as Win32/Olmasco, and BitDefender as MAXSS or Pihar. If not detected by antivirus, the most common symptoms are browser redirects and multiple Internet Explorer processes not started by the user that will respawn when terminated.

These variants have begun appearing in our malware removal forums. For example here and here. Due to changes in how they operate, these new variants require some new techniques to remove. Previously the MBR (Master Boot Record) was overwritten. The new version leaves the MBR untouched, but creates a hidden partition and marks it as boot. This means tools and techniques that scan the MBR for changes, or rewrite the MBR will no longer work, and may result in an unbootable system. Newer techniques and tools for removal are still being developed, but mostly involve booting offline, using a live Linux CD like gparted.

Read the rest of this entry »

McAfee recently released it’s threat predictions for 2011 (PDF). Among the forecast for 2011:

• Social Media including Facebook, Twitter and instant messaging will distribute more malware than email. Related are short URL service abuses, and personalized attacks that appear to originate from your friends. Think twice before clicking a short URL to open that video your Facebook friend sent you. If you’re required to install something to view the video, it’s almost certainly malware.
• Mobile malware has been predicted for some time. Could 2011 be the year mobile malware makes its presence felt? Smartphone use has exploded, for both personal and  business use. Rootkits and botnets are making their way onto these mobile devices. They are attractive targets. Not only are the devices used for banking and online access, but the camera and microphone can be hijacked as well. If malware has “root” access on your phone, chances are it has access to your email, Facebook, contacts, even GPS location.

Read the rest of this entry »

A recent Prevx blogpost details information on the new TDL3 rootkit, which they have deemed, “the first x64 compatible kernel mode rootkit infection in the wild.” Followed with more information in a post today.

While much of the information presented by Prevx is highly technical, there are some takeaways for the average user. Most importantly, this 64-bit infection requires administrator privileges. The best option is to run as a standard user, but it also won’t run if User Account Control (or UAC) is activated. I run as standard user, and there is really no reason for your account to run as administrator.

Read the rest of this entry »

Chances are you know the rules for creating a secure password. Don’t use a dictionary word. Use upper and lowercase letters. Use at least one special character. Unfortunately, most people don’t follow even these basic rules. Recently, advances in computational power have made them as obsolete as your AOL account. Say goodbye to the old rules, and the concept of a password. Hello passphrase.

How does an attacker crack a password? Two common methods are dictionary attack, and “brute force” attack. A dictionary attack uses a database of common words and likely character sequences to guess the password. A “brute force” attack tries every possible combination of the 95 characters on a keyboard until they find the right one. Obviously, a one character password would be easy to brute force attack, as it would require a maximum of 95 attempts. Adding a character makes it exponentially more difficult (by 95 times). For example, a two character password has 95 x 95, or 9,025 possible combinations. A 3 character password 9,025 x 95 (95^3), or  857,375 combinations. Read the rest of this entry »

Today Intel announced plans to buy McAfee for $7.7 billion dollars. Most people are asking, “Why?”. Why would a chip maker acquire a security company?

The answer may lie within Moore’s Law. Simply stated Moore’s Law states that the number of transistors on a chip will double every 2 years. Intel seems to have difficulty figuring out what to do with all those transistors. Most computer users don’t need a quad core CPU. Yet Intel continues to roll out more cores.

However, as anyone who has installed an antivirus program knows, it’s probably the single biggest resource hog on your system. Slowing everything from email and the Internet, to startup and shutdown. What if the major components of an antivirus program could be placed in a special section of the CPU, or even its own core? Whether you’re a gamer, enthusiast, or just an average user you’d enjoy the benefits of being able to run an AV without the associated system slowdown.

Have you ever removed an antivirus, or run a system without an antivirus because of performance issues? Need a free antivirus program, check out our recommendations.

Windows XP users are not very happy campers this week. Microsoft is busy investigating a multitude of reports that claim MS10-015, which was rolled out on Tuesday, is causing XP installations to blue-screen. Microsoft has acknowledged that this particular patch appears to be at fault, but are still unwilling to state that the issues are related solely to that. Instead, they are looking in to the situation further, trying to determine if this could possibly be the result of interoperability issues with another component, or even third-party software.

Read the rest of this entry »

Google CEO Eric Schmidt has set the Internet on fire with his latest speech. During his talk, he touched on privacy concerns of everyday users. Apparently, Google has grown so big that they have forgotten exactly what it was they set out to DO in the first place. Mr. Schmidt claims that only those who have done something wrong – or have something to hide – should ever be concerned about their privacy.

Read the rest of this entry »

It seems as though the entire world is abuzz with talk of Windows 7 being released today. Everywhere you look online, someone is discussing it. They talk about how fast it is, how cool some of the features are. However, you only really read about the security side of the new operating system if you look on the various tech sites. It’s as though the general population has forgotten about that important component… or have they simply written Microsoft off when it comes to security?

Read the rest of this entry »

The most popular forum in our message boards is Virus, Spyware and Trojan Removal. After we’ve helped someone remove one or more infection from their system, the most popular question is, “How can I keep it from happening again”?

One of our experts has authored a post, Preventing Malware and Safe Computing. It’s a wealth of knowledge, and people are often referred to it.

Today, I came across Diane Wilson’s comment at Ed Bott’s blog. I like it. Concise, no-nonsense advice. I  agree with most everything. It mostly mirrors my philosophy, and current configuration:

1. Stay behind a router. NAS is a great filter for many attacks.
2. Use a firewall. Windows firewall works well enough.
3. Keep your OS up to date, not just in updates, but in versions. I’m already running Win 7 RC as my primary system at home, and I’ll be on Win 7 for good as soon as it goes RTM. Remember (or learn) that security must be pro-active, and that Vista and Win7 took huge steps in this direction. Address space randomization. Array and string range-checking to limit buffer overruns. And more.
4. UAC. Live with it. It’s your friend.
5. 64-bit. Required driver signing is your friend.
6. IE protected mode.
7. Data Execution Protection, turned on for everything. No exceptions.
8. Windows Defender.
9. Oh, one more thing. Anti-virus software.

I think the first suggestion contains a typo. It refers to a NAS, or Network Attached Storage. While they have become inexpensive, and easy to configure. They offer limited security protection. However, they can help protect your data. Most likely she meant NAT, or Network Address Translation. NAT hides your system’s IP address behind another IP (the router’s). Another advantage to a wireless router is that almost all of them now contain a hardware firewall.

Read the rest of this entry »

With wireless internet taking over our lives, internet cables have become a rare sight. Today, what has been a breakthrough, cutting edge discovery just several years ago, is being utilized by most of us every day. It’s called Wireless LAN (otherwise referred to as WiFi, or WLAN) and while it did bring about a revolution in the way we access the internet, it doesn’t come without drawbacks.

Unlike a traditional, wired internet connection, Wireless LAN is transmitted through the air – and thus, anyone with the proper equipment can intercept it. In the best case scenario, someone steals your internet connection. But in the worst case, sensitive data may be intercepted and stolen.

So, just how do you make your wireless internet activity safer? How do you secure your connection? Here’s how.

Secure your wireless connection

If you connect to the internet wirelessly, you have a router. This device allows several wireless connections at a time. There are several methods to secure your home or business connection. They can be used separately or best –  together, for ultimate protection. Note: Refer to your router’s user manual to determine the exact procedures needed to change the various settings mentioned in this article. They may vary from router to router.

MAC filtering

MAC, not to confuse with Apple’s operating system, is an acronym which stands for Media Access Control. A unique MAC address is assigned to network adapters, in our case, in order to identify the computer. Most routers allow filtering MAC addresses, so only specific addresses can connect to the network. This is a rather simple method, which has several drawbacks. First, even a not particularly seasoned hacker can spoof a MAC address and gain access to the router. Second, this system proves to be inefficient over time, as any device or computer you might want to add to the trusted list, needs to be manually entered into the system.

To find out your network adapter’s MAC address in Windows, you first need to open a command prompt – in Windows 98/2000/XP, click Start > Run > type “cmd” (without the quotes) then hit OK. In Windows Vista, click Start > All Programs > Accessories > Command Prompt. In the window that appears, type “ipconfig/all” (without the quotes) and hit Enter. You will see a plethora of information on the screen – we’re looking for Physical Address under Ethernet Adapter.

After you’ve found out the relevant MAC address, open up your router’s interface through a browser (see the manual). You will then need to look for an option called MAC Filtering or similar. There, enable MAC filtering and add the address we’ve just found to the list. Note that you will need to do the same procedure for every additional computer, as well as when changing network adapters.

Secret Access Point name

Every wireless connection – or Access Point -– has a Service Set Identifier (SSID), which translates to the name of the wireless network you’re connecting to. By default, the SSID will automatically show when one searches for a wireless network.  However, most routers allow you to hide the SSID, so it’s only possible to connect to the network by entering the exact SSID. This is where you come in – you can give the connection a particularly nasty or long name, essentially serving as a password. The major disadvantage here, like with MAC filtering, is that any average hacker will be able to sniff out a hidden SSID’s name, and effortlessly connect to your network if it’s not encrypted.

To make a hidden SSID, search for this option in the router’s menu – it can usually be found under Wireless Setup or similar. After this, you will need to enter the exact SSID when connecting to this network.

Encryption

This is by far the most popular and secure method of protecting your wireless connection. Wireless Network encryption means that you have to enter a password to gain access to  a WLAN or the information streamed through the connection.

There are two main encryption protocols in use today. The first is called WEP – which stands for Wired Equivalent Protection. WEP is an aged technology, having been developed in the early days of WLAN. Therefore, although it still remains a very popular encryption method, it is the most insecure – it’s very easy to crack this encryption protocol with no technical knowledge and simply with a few minutes to spare. WEP is offered in several degrees of complexity: 64, 128 and 256 bits, which directly influence the encryption key’s length. The more complex the cipher is, the better.

To answer the disadvantages of WEP, a new protocol – called WPA (WiFi Protected Access) – was developed by the Wi-Fi Alliance. It utilizes a more complex algorithm which is far more secure than WEP. Unfortunately, WPA and WPA2 – the newest iteration of the protocol – are not readily available on all routers on sale today, so if you’re shopping for a router in the lower price range, make sure it supports WPA for ultimate security. The encryption key, in WPA’s case, can be entered as 8-63 characters – but generally speaking, a random, 13 character WPA key is nearly impossible to crack.

Which protocol to use is your decision – however, using WPA is highly recommended, as it provides a much better layer of security than WEP. Whichever you choose, remember to use a random combination of letters and numbers as your password – if your router has a ‘Generate Password’ feature, use it.

To set up encryption, enter your router’s menu and look for Wireless Security. Choose the appropriate protocol and follow the instructions.

Additional tips on wireless security

• When using public wireless networks, like in a café or  restaurant, pay extra attention to online security. Avoid entering your banking information, or credit card number, while connected in public networks, as it’s very easy for hackers to intercept this information and steal it.