Tag Archives: Worm

Almost fooled by the Facebook photo virus mail

Oh Yikes. this is a screenshot of an email I received…

image

I VERY nearly clicked on this link whilst triaging my email.

The only thing that alerted me to the fact that there might be an issue, was the wierd URL that popped up when I hovered over the link.

I was also curious about the port number 8887 so I checked online.  something dodgy seemed to be going on…

I also went to the URL http://sv001.facebook–security.com – which of course doesn’t resolve to anything.  Even more reason to be suspicious.

But for me, the worst thing is… I don’t know anyone called David Ross… and Facebook never send mail to that particular email address.  so why did I, still geeky, still technical, almost fall for it?

I’m kicking myself now for ‘almost’ clicking the link.  I was SO close…

But how many others have just clicked on it and suffered the consequences.. Grrr…

 

Eileen is a social business strategist and author of Working The Crowd: Social Media Marketing for Business. Contact her to find out how she can help your business extend its reach.

 

Technorati Tags: ,,,,
Advertisements

What is the value of your digital life: Getting hacked

Here’s a great infographic from PC Mag showing the real cost of being hacked..

Trend Micro Digital Life

There are several ways to minimise your risks:

– Change your birthday.  If you adjust the birthday by a couple of days either way, then folks who know your name and birthdate can not steal your identity.  They will have the wrong person

– Clear your cookies and your internet cache regularly.  Yes, i know it’s a pain, retyping your passwords, but you’re less likely to have malware on your downloadable files if you clear the cache regularly

– Do backups.  Regularly.  Invest in something like Home Server or similar, set it up and forget about the backups. If you’re not to techy, you can rest assured that it’s all going on automatically.

– If you get a Twitter direct message from one of your friends with just a link, or a strange message asking you to click the link, respond to them asking them why.  Chances are they won’t know that they sent the message.image

– Be cautious.  All the time.  Even your friends could be victims…

And, as the infographic states, this could cost you a heck of a lot of time – and money to repair things…

Eileen is a social business strategist and author of Working The Crowd: Social Media Marketing for Business. Contact her to find out how she can help your business extend its reach.

 

Stopping Spyware from installing

How easy it is to install spyware – especially for the unsuspecting person.  It almost happened to me yesterday.  I logged out of my account on scribd.com to take a screen shot of Scribd from a not logged in perspective and got a dialog box pop up saying that Windows needed to perform an urgent scan of my PC.  The dialog box just ‘didn’t look right’ Normally I get Security Essentials dialogue box would pop up and the box would be orange.  Then the next thing I saw is a new browser window pop up showing me the following:

imageest

A few things to note here:

  • System udgtrnbl – not a normal system volume name
  • The Shared Documents and Hard Drive folder were flashing warnings that there were 5 infections on each folder
  • This view of Control Panel is viewed through a browser window – not the normal control panel GUI
  • This view of Control Panel is an XP view – I’m running Windows 7 with a totally different look and feel for the dialog box
  • undefinedappmgmts.dll doesn’t exist
  • Windows doesn’t have a ‘Start Protection’ button

I closed the initial dialog box (the ‘urgent scan’ warning) and got the download box for AntiSpy2011.exe which is captured in the snip above.  This is the same spyware / worm / virus / trojan that paralysed my friends machine which now needs a total format and rebuild before I’ll be happy with it

A new process started – Companionuser.exe which is a valid process used by Windows Live but is often used by malware and other malicious programs

image

So how did I fix this?

  • I closed all editions of iexplore.exe using task manager.
  • I stopped the companionuser process
  • I and watched as it re-invoked itself… over and over again

Hmmm.

Every time I stopped the process, it started again… Damn thing.  And then I remembered where the virus was stored on my friends machine.  The virus / worm lived in the Temporary Internet files. C:\Users\%Username%\AppData\Local\Microsoft\Windows\Temporary Internet Files.  In Internet Explorer, I clicked on the View files button, sorted the files by time accessed, and deleted all of the files, images and cookies that had been accessed in the last hour.

Only then did the companionuser.exe process stop re-appearing in Task Manager.

But…

I can see how so many people install this worm.  It pops up unexpectedly – all I was doing was logging out – and I must have rolled the mouse over an advert or something.  Quick as anything, and to the unsuspecting person, worried about getting a virus or a worm, so simple to install. 

But i thought it was certainly worth highlighting so that others can back themselves out of this problem safely – or know who to call when they have a problem…  And delete cookie files regularly – just in case…

 

Technorati Tags: ,,,