Category Archives: security

Almost fooled by the Facebook photo virus mail

Oh Yikes. this is a screenshot of an email I received…

image

I VERY nearly clicked on this link whilst triaging my email.

The only thing that alerted me to the fact that there might be an issue, was the wierd URL that popped up when I hovered over the link.

I was also curious about the port number 8887 so I checked online.  something dodgy seemed to be going on…

I also went to the URL http://sv001.facebook–security.com – which of course doesn’t resolve to anything.  Even more reason to be suspicious.

But for me, the worst thing is… I don’t know anyone called David Ross… and Facebook never send mail to that particular email address.  so why did I, still geeky, still technical, almost fall for it?

I’m kicking myself now for ‘almost’ clicking the link.  I was SO close…

But how many others have just clicked on it and suffered the consequences.. Grrr…

 

Eileen is a social business strategist and author of Working The Crowd: Social Media Marketing for Business. Contact her to find out how she can help your business extend its reach.

 

Technorati Tags: ,,,,

Facebook Timeline: Sharing more than you thought?

Since Facebook changed its User Interface to compete more effectively with Google+ there has been lots of reports concerning the interface.  86% seem to dislike the new interface according to Sodahead with women and teenagers being especially resistant to the Facebook changes.

The real time Ticker has been introduced onto the right hand side of your activity stream. This means that every post you make on a page will show up on all of your friends real time activity stream. Friends who weren’t aware that you’d liked a page can now see your interactions with the page.

The new timeline has brought significant changes in the way you can see information.  When you apply the Timeline mode, your profile gets a new look.

image

In Timeline view, all of your friends can see all of your posts and can move the slider on the right to see what interactions you’ve had right back to the date you joined Facebook.  The timeline also makes it possible to find out the exact time date you became friends with someone on Facebook.  Perhaps this is information you might not want to share. 

Friends can see all of your timeline information – even before you became their Facebook Friend.

Frictionless sharing now means that anything that you read online could potentially be shared with everyone in your time line – whether or not you explicitly share the content.  Imagine everything you read online going onto your Facebook page – and everything that others read online filtering down onto your Facebook page.  How on earth are you going to find what’s relevant amongst all of that noise?  Open Graph applications such as Spotify will automatically share what you’re listening to.  This “Ambient Intimacy” might suit some of us – but it doesn’t sit too well with those of us who feel the need to carefully manage our privacy.  Even Facebook cookies might cause further alarm as they track users’ activities even after they have logged out of Facebook.

But is this type of behaviour pushing the boundaries of online Privacy? Once you’ve authorised that application, the “set it and forget it” way are you going to go back and revisit the settings to check what’s being broadcast on your timeline?  Are you going to delete back posts and remove applications that you no longer use of do you trust that Facebook will do it for you? 

Or do you prefer to keep some things to yourself and your close friends?  If that’s the case, be very careful about what you post or have already posted onto Facebook…

Eileen is a social business strategist and author of Working The Crowd: Social Media Marketing for Business. Contact her to find out how she can help your business extend its reach.

 

What is the value of your digital life: Getting hacked

Here’s a great infographic from PC Mag showing the real cost of being hacked..

Trend Micro Digital Life

There are several ways to minimise your risks:

– Change your birthday.  If you adjust the birthday by a couple of days either way, then folks who know your name and birthdate can not steal your identity.  They will have the wrong person

– Clear your cookies and your internet cache regularly.  Yes, i know it’s a pain, retyping your passwords, but you’re less likely to have malware on your downloadable files if you clear the cache regularly

– Do backups.  Regularly.  Invest in something like Home Server or similar, set it up and forget about the backups. If you’re not to techy, you can rest assured that it’s all going on automatically.

- If you get a Twitter direct message from one of your friends with just a link, or a strange message asking you to click the link, respond to them asking them why.  Chances are they won’t know that they sent the message.image

- Be cautious.  All the time.  Even your friends could be victims…

And, as the infographic states, this could cost you a heck of a lot of time – and money to repair things…

Eileen is a social business strategist and author of Working The Crowd: Social Media Marketing for Business. Contact her to find out how she can help your business extend its reach.

 

Password security: Telling stories with passphrases

When we change passwords why do we choose passwords that are so complicated that we can never remember them?    Or we choose passwords with such poor security that they are easily cracked.  In our always connected online world, surely passphrases are easier to remember than these complicated passwords?

Here’s an infographic from Zonealarm showing the importance of having a strong password.  This segment is especially relevant

image

 

and a great cartoon from XKCD showing how easy it is to remember daft password phrases instead – and how hard it is for computers to crack them..

image

 

Off to change my password now – to another part of the limerick I’m memorising.  There was a collection of vicars…. Smile

Eileen is a social business strategist and author of Working The Crowd: Social Media Marketing for Business. Contact her to find out how she can help your business extend its reach.

Technorati Tags: ,

Stopping Spyware from installing

How easy it is to install spyware – especially for the unsuspecting person.  It almost happened to me yesterday.  I logged out of my account on scribd.com to take a screen shot of Scribd from a not logged in perspective and got a dialog box pop up saying that Windows needed to perform an urgent scan of my PC.  The dialog box just ‘didn’t look right’ Normally I get Security Essentials dialogue box would pop up and the box would be orange.  Then the next thing I saw is a new browser window pop up showing me the following:

imageest

A few things to note here:

  • System udgtrnbl – not a normal system volume name
  • The Shared Documents and Hard Drive folder were flashing warnings that there were 5 infections on each folder
  • This view of Control Panel is viewed through a browser window – not the normal control panel GUI
  • This view of Control Panel is an XP view – I’m running Windows 7 with a totally different look and feel for the dialog box
  • undefinedappmgmts.dll doesn’t exist
  • Windows doesn’t have a ‘Start Protection’ button

I closed the initial dialog box (the ‘urgent scan’ warning) and got the download box for AntiSpy2011.exe which is captured in the snip above.  This is the same spyware / worm / virus / trojan that paralysed my friends machine which now needs a total format and rebuild before I’ll be happy with it

A new process started – Companionuser.exe which is a valid process used by Windows Live but is often used by malware and other malicious programs

image

So how did I fix this?

  • I closed all editions of iexplore.exe using task manager.
  • I stopped the companionuser process
  • I and watched as it re-invoked itself… over and over again

Hmmm.

Every time I stopped the process, it started again… Damn thing.  And then I remembered where the virus was stored on my friends machine.  The virus / worm lived in the Temporary Internet files. C:\Users\%Username%\AppData\Local\Microsoft\Windows\Temporary Internet Files.  In Internet Explorer, I clicked on the View files button, sorted the files by time accessed, and deleted all of the files, images and cookies that had been accessed in the last hour.

Only then did the companionuser.exe process stop re-appearing in Task Manager.

But…

I can see how so many people install this worm.  It pops up unexpectedly – all I was doing was logging out – and I must have rolled the mouse over an advert or something.  Quick as anything, and to the unsuspecting person, worried about getting a virus or a worm, so simple to install. 

But i thought it was certainly worth highlighting so that others can back themselves out of this problem safely – or know who to call when they have a problem…  And delete cookie files regularly – just in case…

 

Technorati Tags: ,,,

Safety settings on Facebook

Another infographic – this one is worth bookmarking and telling your less social media savvy friends about .  This is how to navigate Facebooks Safety settings from Zone Alarm..

 

If in doubt – say no.  Deny instead of accept, restrict instead of open.  Then you will worry less Smile

Dealing with the ‘Your computer has malware’ call from ‘Microsoft’

image

 

 

I had an interesting phone call today from someone who told me that I had issues with my machine – ‘Right now’.  I was curious to find out the technique that they used to scam people so I acted dumb and asked him why he knew. 

 

The caller – and the delay on the line  – sounded like I was talking to someone from India.  He said his name was Michael and he was calling from the Windows Service Centre and worked on behalf of Microsoft.  Pah!!

He assured me that this was a British company with offices in Manchester.  He gave me the phone number too: 0161 4085 067.  Hmmm…

 

He stated several times that if I called the company, then it would prove he was legitimate.  He then asked me if I was sitting in front of the computer and asked me to do a few things for him…

 

 

He asked me to access the Start button and type in Run, then cmd

He then told me to type ‘assoc’ and hit enter, told me not to worry about all of the text scrolling down on my screen, but as proof that my computer had sent him a message, he read out the line at the bottom of the screen

image

He quickly read out: CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} – whilst I tried to slow him down, pretending to write everything down… He said that the number proved that he knew it was my machine (actually this number exists on EVERY Windows machine!)

Then he asked me to type EVENTVWR and asked me what appeared Smile

He took me into the Application log in Event Viewer and told me that all of the application information messages were being sent to him so he knew that there was malware on my machine, quoting the errors and warnings on the screen. He asked me how many entries I had, and I told him 763!  He said.  That’s how many times your computer has been messaging us with this information.

Unfortunately, my dumb act must have made him a little bit suspicious. I asked him if he worked for Microsoft, which division, and how he knew it was my machine ‘sending him messages’.  I spent a little bit too long grilling him on how this relationship with Microsoft worked.  I was rumbled,  so I never got to the URL part of the script. 

Of course this is a telemarketing scam, which has been reported on several times,  where the scammer tries to gain access to your machine to run a script and gain access to your machine.  But so often, people fall victim to the scam.

Microsoft have a page dedicated to common scams stating that they NEVER call anyone to help them fix their computer (they’re busy enough on the forums and dedicated support lines)

image

I kept him chatting for as long as he could – my reasoning is that the longer I kept him talking, the less calls he’d be able to make that day, but I think I was rumbled.  Unfortunately, a search of the web shows that too many people fall for this type of scam…

Sure, he asked me if I had a PC, and if it was a Windows machine.

But he didn’t ask me if I was actually connected to the Internet… Oh Drat… Hopefully I’ll be able to get the punch line out next time..  Smile

Be careful of the Christmas worm

I just noticed this on one of the newswires.  There’s a worm propagating around the Instant Messaging services pretending to redirect you to a Xmas site.  Here’s what IMLogic have to say about it:

This worm broadcasts a URL out over IM clients which downloads an executable file, often named gift.com. When this file is executed, it hides itself and scans the registry, file system, and internet cache. By operating as a rootkit, the process is hidden from all tools and anti-virus software. It also attempts to shut down anti-virus software and makes several networking calls. Also it does keystroke logging and may attempt to propagate itself over IM clients.

So warn your users not to click on any message containing a URL from one of their buddies without confirming that this is valid.  Of course, (shameless plug here) If you were running Live Communications Server 2005 SP1 and Office Communicator in your business environment then URL propagation is disabled by default…

Wow – that was easy – I could get a job in marketing!… Only joking Allister...

New trojan – won’t let you see “adult” sites

I don’t normally blog about virus alerts, worms and trojans (Steve normally blogs about these) but this one this morning has caught my eye.  There’s a new Trojan out there which won’t let you visit sites with sex or exhibition in the title bar of the browser. It actually blocks access to the site itself and displays a warning message that if you ignore it, forces you to log out….  This could make it a bit difficult to book tickets for a concert  then if you had this trojan.

Very bizarre. 

Windows mobile platform security drilldown

Here’s quite a nice webcast wth an overview of  the security featres in Windows mobile. It’s an on demand webcast, so you’l have to register for it though.

Dave is a good speaker and has delivered these slides at MEDC, TechED, and for TechNet too.  Worth a viewing to see all of the good stuff that’s on it’s way…