PC – SOS

An Internet Security Blog

Archive for the ‘Uncategorized’ Category

PC-SOS is now on a co.cc domain with WordPress.org!

Posted by Bob Zenith on January 21, 2011

You may have noticed a lack of updates on PC-SOS recently. Not to fear; PC-SOS isn’t ending; it’s entering in a new phase 🙂

The reason for the lack of updates is due to the work of transferring PC-SOS over to a co.cc domain with WordPress.org. Can you guess the URL?

http://personalcomputersos.co.cc/wordpress/

There were a number of reasons for this change, and they are all explained on the first post on the new domain.

Posted in Uncategorized | 1 Comment »

MalwareBytes Seal – Am I missing something?

Posted by Bob Zenith on October 28, 2010

First of all, let me state that I consider MalwareBytes Anti-Malware to be one of the best (if not the best) anti-malware products available, and I frequently use and recommend the free version. However, yesterday I noticed something odd:

I was browsing through the MalwareBytes online store, just to see the price of the Pro version, and I noticed that the page had 3 security seals on it. One from Comodo, one from McAfee, and one generic SSL-Secured seal.

The seal from Comodo is legitimate and clickable.

The generic “SSL-Secured” seal is not clickable (I didn’t expect it to be), but it is true; MalwareBytes’s online store is SSL secured, so there’s no problem there.

However, the McAfee Seal is NOT clickable. Odd, I thought, since a McAfee seal needs to be clickable in order to be legitimate. At first, I thought one of my security add-ons was causing issues (NoScript, RequestPolicy, etc.). So, I disabled all my add-ons and restarted Firefox, returning to the page. Alas, the seal was not clickable.

At this point, I still was giving MalwareBytes the benefit of the doubt, and I believed something was causing issues with my Firefox and the seal. So, I tried the test in Internet Explorer; same result – the seal was not clickable.

Furthermore, I went to MalwareByte’s SiteAdvisor page. If the seal is legitimate, then the scorecard will have a McAfee Secure logo on it, such as siteadvisor.com’s scorecard. Nope – MalwareBytes.org’s scorecard does not have a McAfee Secure logo on it. Neither does store.malwarebytes.org’s scorecard.

Looking at the “seal” at store.malwarebytes.org more closely, I discovered that it doesn’t share similar characteristics with legitimate McAfee seals. Normally, when you attempt to right-click a McAfee seal, you receive a warning message:

Copying Prohibited by Law – McAfee Secure is a Trademark of McAfee, Inc.

Try it yourself – right-click the McAfee seal in the top right hand corner of the site. It’ll pop-up a window. You can also try it here, except the seal is at the bottom of the page.

This does not happen with MalwareBytes’s seal…. the seal allows you to right click it, and potentially, copy the image.

…So, what gives?

\Update: MalwareBytes has removed the seal from their site until a clear policy about the seal from McAfee can be put in place.

Posted in Uncategorized | 7 Comments »

sURL

Posted by Bob Zenith on October 27, 2010

Steven over at hosts-file.net and it-mate.co.uk has created his own URL Shortening / Redirection service (ok, it’s been there awhile, I just haven’t gotten time to check it out until yesterday).

A unique service, sURL allows you to enter a link and create a short URL, long URL, huge URL, and an “ARE YOU NUTS???” URL.

For example, “https://personalcomputersos.wordpress.com” has a short URL of http://surl.co.uk/?9917. When you click on the link, you are directed to an sURL page offering details of the target URL, to make sure you really want to go there (ie: is not malicious). After determining the target link is probably safe, you can click the link and enter the site.

This will be my new URL Shortening / Redirection service of choice on Twitter, and I encourage others to use it also.

 

Posted in Uncategorized | Tagged: , , , , , , , | Leave a Comment »

Accepted into GeekU!

Posted by Bob Zenith on October 13, 2010

Alright, here’s some exciting news (well, maybe not for you, but for me it is): I’ve been accepted into the GeekU Malware Removal Training School! 🙂
If you haven’t already, I recommend getting yourself GeekU certified in removing malware by graduating from their Malware Removal School

-Off Topic-

Opera 10.63 was released yesterday; check it out!

Posted in Uncategorized | Tagged: , | 3 Comments »

Passwords are getting easier to crack

Posted by Bob Zenith on August 16, 2010

New research shows that passwords that are 8 digits or less are inadequate and very easy to crack; a 12-digit password is the new minimum.

“Eight-character passwords are inadequate now … If eight characters is all you use, and if you restrict your characters to only alphabetic letters, it can be cracked in minutes,” said Richard Boyd, a senior researcher at GTRI.

Unfortunately, even a password of 12 random characters may soon become too weak to provide adequate protection. Computers will soon reach the power needed to crack 12 character random passwords, and certain kinds of computer viruses that monitors data directly from the keyboard can break a password of any size and complexity.

“If you have a Trojan that records keystrokes, you’re screwed,” Davis said.
Not if you use KeyScrambler Personal (add-on for Firefox). It will provide an additional layer of protection.

Each passing day, month, and year provides more powerful software to hackers. It used to be that a 6 digit password is adequate. Now, 8 digits are inadequate, and 12 is recommended. Within a year or too, even 12 digit passwords will need to be lengthened. Here’s a guide to making a strong password:
1. Think of a sentence that you live by or agree with. It can be anything from “My favorite video game is Halo 3” to “Internet security grows more complex every day” – as long as it is 6+ words and you remember it, you can use it.
2. Take the first letter from each of the words in the sentence (for this purpose, I will use the sentence “My favorite video game is Halo 3”): MFVGIH3
3. Vary each of the letters from upper to lower case: MfVgIh3
4. Change any letters that look like numbers to numbers (e.g. “I” looks like “1” ): MfVg1h3
5. Add 2 asterisks before and after your password, and enter / close it with a symbol of your choice (perhaps “[” and “]” ): **[MfVg1h3]**
6. You’re done – your password now has at least 13 seemingly random characters, but you should be able to remember it easily due to your sentence!
*Note: the longer your original sentence, the more characters the password will be, therefore the more difficult it will be to crack*

Posted in Uncategorized | Tagged: , | 1 Comment »

The “Zeus” Botnet / Trojan

Posted by Bob Zenith on August 10, 2010

The “Zeus” Botnet / Trojan Horse (Also called “Zbot”) has been making a lot of new recently, and none of it is good.

Just some background, first:

A “Zeus” or “Zbot” is a type of Trojan Horse and Botnet that steals personal information by using a technique called Keystroke Logging, similar to a Keylogger. It was first identified in July 2007 when it was being used to steal information from the U.S. Department of Transportation.

Since then, the use of the Zeus Trojan has exploded – mostly due to the availability of malicious toolkits. Recently, Zeus has been making headlines in the U.K. by secretly compromising thousands of computers and transferring $1 million dollars from bank accounts.

The scary thing about a Zeus is that once it gets on your computer (usually by clicking a phishing link or a scripting exploit), it can even get the information you type on a secured network with encryption (like SSL). A Zeus can do this by grabbing the information right before it is encrypted, or right after it is decrypted.

Worse, up-to-date anti virus software rarely detect Zeus trojans (about 23% of the time), let alone remove them completely.

So… How do you protect yourself?
Well, here are some obvious answers:
* Keep your anti-virus up-to-date. Even though anti-viruses rarely catch Zeus trojans, letting them fall behind in their definitions will not help.
* Beware of phishing or other malicious links / scripts. Beware of the links with WOT, beware of the scripts with NoScript

Here’s some answers for tech-savy users:
* A Zeus trojan will commonly use names like NTOS.EXE, LD08.EXE, LD12.EXE, PP06.EXE, PP08.EXE, LDnn.EXE and PPnn.EXE etc, so search your PCs for files with names like this. The Zeus Trojan will typically be between 40KBytes and 150K bytes in size.
* Also look for a folder with the name WSNPOEM, this is also a common sign of infection for the Zeus Trojan.
* Finally, check the Registry looking for RUN keys referencing any of these names.

Here are the places known variants of the Zeus trojan are installed:

Variant 1

* C:\WINDOWS\system32\ntos.exe
* C:\WINDOWS\system32\wsnpoem\audio.dll
* C:\WINDOWS\system32\wsnpoem\video.dll

Variant 2

* C:\WINDOWS\system32\oembios.exe
* C:\WINDOWS\system32\sysproc64\sysproc86.sys
* C:\WINDOWS\system32\sysproc64\sysproc32.sys

Variant 3

* C:\WINDOWS\system32\twext.exe
* C:\WINDOWS\system32\twain_32\local.ds
* C:\WINDOWS\system32\twain_32\user.ds

Variant 4

* C:\WINDOWS\system32\sdra64.exe
* C:\WINDOWS\system32\lowsec\local.ds
* C:\WINDOWS\system32\lowsec\user.ds

For more help removing a Zeus, go here:
http://www.malwarehelp.org/find-and-remove-zeus-zbot-banking-trojan-2009.html

Posted in Uncategorized | 1 Comment »

SocialVibe Widget

Posted by Bob Zenith on August 8, 2010

So, I added a new widget to this blog, it’s called Social Vibe. It’s an optional (and free) way to help the blog earn carbon offsets and raise money to help various charities that are involved with helping the environment. It’s on the left sidebar (close to the bottom).

However, this widget does add 2 web bugs to the blog’s homepage (Google Analytics and Facebook Connect). The amount of normal cookies you get from this blog has not been changed. Don’t forget, you can easily detect and block web bugs with the add-on Ghostery (for Firefox)

I haven’t decided if I’ll keep the widget or not… I’ll wait a couple of days and see. (Feel free to comment with any opinions). However, in the meantime, I’ll update the cookies page and the privacy policy.

Posted in Uncategorized | Leave a Comment »

ShopAtHome.com

Posted by Bob Zenith on August 4, 2010

ShopAtHome.com is a coupon site offering coupons for download. The only way to access those coupons is through downloading a toolbar.

* The toolbar is infested with adware.
* The site is listed in hpHosts.
* The site has a fake McAfee Secure Seal.
* The toolbar’s download is listed as adware by 5 different anti-viruses.

I urge anyone reading this to leave a comment and rating on a reputation service, such as WOT, explaining this scam site.

Edit: there has been an ongoing discussion about this site (shopathome.com) on the WOT Forum. The McAfee Seal is now legitimate and clickable, and thus I have deleted my rating but kept my comment, because the toolbar is still adware. Personally, I hope the site never gets a trust seal, because IMO, it’s not a trustworthy site. So, it’s up to anyone reading this whether or not to rate red or green, or abstain, as I have done.

Edit (2): The above issues have been largely dealt with, and my opinion of the site is no longer poor. (In fact, now I’ve rated the site green)
See here: http://www.mywot.com/en/forum/7196-shopathome-com-wants-you (read the whole topic – especially the end)

Posted in Uncategorized | 4 Comments »

Hushmail

Posted by Bob Zenith on August 3, 2010

Looking for an alternative to Gmail? Well, Hushmail may be for you:
https://www.hushmail.com

Hushmail is a secure web-based mail server. It uses High Grade AES-256 bit encryption to keep the contents of your emails secure. All emails are sent through encryption and scanned for viruses. Also has built-in spam protection.

Hushmail also gives you an option to “digitally sign” your email; this prevents things like email forgery.

However, if you use the email client for illegal purposes, Hushmail will fully comply with the law (of British Columbia) and attempt to give any user information that it can to the authorities; but, this should mean nothing to the average user, because as long as you don’t do anything illegal, you have nothing to be worried about.

So, if you want a email provider with a little more security than Hotmail or Gmail, give Hushmail a try.

Learn More

Posted in Uncategorized | Leave a Comment »

Don’t put all your eggs in one basket…

Posted by Bob Zenith on August 1, 2010

Hopefully you all use an Anti-Virus program, that is a must. However, we all know (or should know) that no matter which program we use, it is not possible to catch every infection, mostly because new malware is made faster than it can be caught.

Therefore, in order to increase your chances of finding that nasty infection, or to decrease your chance of getting an infection, you should run separate Anti-Virus, Anti-Malware, and Anti-Spyware (and possibly an Anti-Keylogger) programs on your computer. (Note: Do not run more than one Anti-Virus program, that will cause issues with your computer). Here’s what I mean:

Use:
Anti Virus (ex: Norton Security Suite) + Anti-Malware (ex: MalwareBytes) + Anti Spyware (ex: SUPERAntiSpyware)

Do Not use:
Anti Virus (ex: Norton Security Suite) + Anti Virus (ex: NOD 32) + Anti Virus (ex: McAfee); they will conflict with one another.

By using multiple programs you’re not putting “all your eggs in one basket”, there by increasing your chance of either finding the nasty piece of malware or preventing your computer from getting it.

Posted in Uncategorized | Tagged: , , | Leave a Comment »