Pre & Post RV Facts

Scam Alert Reminder of Email Scams to Be Aware of and Tips to Prevent them

9/19/2015

I am very diligent in keeping my computer secure and have a Top Notch Security Guy (Straight Talkin Mike) who handles my Computer Security, HOWEVER, he can NOT handle me clicking on BAD SCAM EMAILS - Only I can do that. I wanted to share that in the last 2 months I almost let my guard down and clicked on 2 emails that would have taken over my computer and possibly my identity. As my business is on-line I can't afford to lose anything.

Below is some information that may help you too. With Christmas coming up, it only gets worse.

I recd this email last night that looks pretty legitimate - purchase at Sears store where I live for $359.00 - since I was not at the store and dont go there very often I knew it was not us - so I was not sure whether someone was scamming me OR maybe they set up an account in my name and charged this. Mainly because my Business was a victim of Identity Theft (that is a whole story in itself) under the email address they sent to me. A good way to tell if your emails are scam is below

#1 NEVER CLICK ON ANY LINKS. CALL THEM DIRECTLY

#2 If you take your mouse and HOVER over one of the links and it is not who it is coming from IT IS A SCAM. In my case, since it was coming from Sears it should have been SEARS.COM
In the case below it is SEASR.RSYS4.NET Guys that is Russia
It is a total scam. Delete the email and do not click on anything.

This is a good video to watch for other ways to tell if they are scams but does not include my example above.

Scam Detectors

Receipt invoice scam
How the scam works:

(with video below) You receive an e-mail from a big chain store that you purchase groceries from on a regular basis (eg. Walmart, Superstore, etc). “We are now happy to offer online your last receipt. Please find it attached to this e-mail. Thank you for shopping with us”.

Most likely the attachment will be a Zip. file, that will contain a virus, keystroke logger, or malware. Look at the domain name of the sender’s e-mail. Is it the store’s name.com or does it have extra letters and numbers (bestbuy.com or bestbuy529a5.com)?

Wtach the video below to see en explanation of this scam, as featured in the news.

Receipts Sent by Email Scam Video Below
How to avoid:

Never open attachments from unknown senders.

Make your friends and family aware of this scam by sharing it.

Dont fall for email scams

Published on Apr 14, 2014
Phishing emails try to get you to click on links that take you to fake websites - or open attachments that will do bad things. Look out for the telltale signs of a scam email.

Lastly I have several Books on Computer Security but love the Computer Security for Dummies, ID theft for Dummies..... If you are interested, here is a link for some books.

Amazon Book Link for Computer Security

Hope that helps someone out there NOT lose everything on their computer.

Have an incredible day

Criminals Continue to Defraud and Extort Funds from Victims Using CryptoWall Ransomware Schemes

7/6/2015

June 23, 2015

Alert Number
I-062315-PSA

Criminals Continue to Defraud and Extort Funds from Victims Using CryptoWall Ransomware Schemes

Data from the FBI's Internet Crime Complaint Center (IC3) shows ransomware continues to spread and is infecting devices around the globe. Recent IC3 reporting identifies CryptoWall as the most current and significant ransomware threat targeting U.S. individuals and businesses.1 CryptoWall and its variants have been used actively to target U.S. victims since April 2014.

ALERT! Health insurer Anthem Blue Cross, Blue Shield hacked 80 Million Customers!

2/5/2015

ALERT! Health insurer Anthem Blue Cross, Blue Shield hacked 80 Million Customers!

Published on Feb 4, 2015

Health insurer Anthem hit by massive cybersecurity breach
By Supriya Kurane and Jim Finkle

Thu Feb 5, 2015 3:04pm EST

(Reuters) - Health insurer Anthem Inc (ANTM.N), which has nearly 40 million U.S. customers, said late on Wednesday that hackers had breached one of its IT systems and stolen personal information relating to current and former consumers and employees.

The No. 2 health insurer in the United States said the breach did not appear to involve medical information or financial details such as credit card or bank account numbers.

The information accessed during the "very sophisticated attack" did include names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data, the company said.

Anthem said that it immediately made every effort to close the security vulnerability and reported the attack to the FBI. Cybersecurity firm FireEye Inc FEYE. said it had been hired to help Anthem investigate the attack.

The company did not say how many customers and staff were affected, but the Wall Street Journal earlier reported it was suspected that records of tens of millions of people had been taken, which would likely make it the largest data breach involving a U.S. health insurer.

Anthem had 37.5 million medical members as of the end of December.

"This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information," U.S. Rep. Michael McCaul, a Republican from Texas and chairman of the Committee on Homeland Security, said in a statement late Wednesday.

The FBI had warned last August that healthcare industry companies were being targeted by hackers, publicizing the issue following an attack on U.S. hospital group Community Health Systems Inc (CYH.N) that resulted in the theft of millions of patient records.

Medical identity theft is often not immediately identified by patients or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.

Security experts say cyber criminals are increasingly targeting the $3 trillion U.S. healthcare industry, which has many companies still reliant on aging computer systems that do not use the latest security features.

Anthem said it would send a letter and email to everyone whose information was stored in the hacked database. It also set up an informational website, www.anthemfacts.com, and will offer to provide a credit-monitoring service.

(Reporting by Supriya Kurane in Bengaluru, Jim Finkle in Boston and Deena Beasley in Los Angeles; Editing by Ken Wills and Alex Richardson)

http://www.reuters.com/article/2015/02/05/us-anthem-cybersecurity-idUSKBN0L907J20150205

Thanks to Mr IQD for bringing this to my attention

How to Delete Yourself from the Internet

7/20/2014

How to Delete Yourself from the Internet

by Natasha Stokes on July 01, 2014

in Privacy, Computers and Software, Computer Safety & Support, Tips & How-Tos, Tech 101 :: 0 comments

Americans love the Internet, with 87% of us active online. We have accounts everywhere, letting us kill time at work on Facebook, check Twitter for the latest news, cruise Pinterest for inspirational moodboards and hit Amazon for great shopping deals. On top of that, most of us also have a pile of inactive accounts created for discounts or one-off purchases.

With our digital footprints expanding, we are relaying more personal data than ever to trackers, hackers and marketers with and without our consent. Are we sharing too much? Do we have the right not to be tracked? Is withdrawing from the Internet entirely to preserve your privacy even possible? Let's go over each of these issues.

Data dangers Creating profiles at sites you use regularly has many benefits such as ease of log-in and better suggestions for links or products you might like. But with growing concern over privacy terms that change at the drop of a hat, the sale of personal data by less scrupulous websites and the challenges of keeping stalker-y exes at bay, more and more Americans are deciding to reclaim and delete their personal data.

If you're among the roughly 23% of Americans who use a single password for a handful of accounts, deleting inactive accounts is an important security measure. If a hacker cracked that password, you could suffer a domino-effect hacking of your other accounts too, especially if they are linked via a common email address.

Aside from the accounts and profiles we willingly create, our data is also exposed as hundreds of people search websites that comb police records, courthouse records and other public records such as real estate transactions, making our personal data publicly available to anyone who look for it. Deleting this data isn't as easy you might expect — and many companies won't remove your personal details fully.

Deleting your online presence Tracking down all your data won't be easy. There is no one service that will trawl the Internet for pieces of you, so start by tearing down your social profiles.

Start with JustDelete.me A site called JustDelete.me provides an incredibly comprehensive list of email, social media, shopping and entertainment sites along with notes on how difficult it is to completely erase your account and links to actually get it done. This is a great resource to help you remember and find unused profiles as well as gauging how much effort you'll have to expend to shut it down.

Find other open accounts Next, review your email accounts, looking for marketing updates and newsletters, to get wind of other accounts you may still hold or companies that have bought your email address. Then go through your phone and check for apps that have required you to create accounts.

Once you've created a list of accounts you then should sort them according to how often you use them, if at all. Delete any you don't use. “Data is an asset to these companies,” says Jacqui Taylor, CEO of web science company Flying Binary. "Not only are these companies able to monetize you as their product, you aren't even receiving a service in exchange.”

Working off your list of accounts, head back to JustDelete.me and use it as a springboard to start deleting accounts.

Downloading and removing your content If there's data you'd like to keep — say, photos or contact lists — you may be able to download them before deleting your account. Facebook and Twitter data can be downloaded in the respective Settings tabs, while LinkedIn contacts can be exported via Contact Settings.

At many sites such as Evernote and Pinterest, you won't be able to delete your account. You can only deactivate it and then manually remove personal data. At sites such as Apple, this process includes a call to customer service.

Don't forget background checking sites To find out which background check websites have posted information about you, check out the list of popular sites on this Reddit thread. Then go to each and try searching for your name. See if you pop up in the first few pages of search results. If you do, the same Reddit thread has information on opting out, but get ready for a hassle: usually calling, faxing and sending in physical proof that you are who you say you are. After that, expect to wait anywhere from 10 working days to six weeks for information to disappear.

Sites that don’t allow complete withdrawal A large number of companies make it impossible to delete all traces of your accounts. According to JustDelete.me, this list includes Etsy, the online marketplace for home crafters, which retains your email address no matter what; Gawker Media, which retains the rights to all posts you made; and Netflix, which keeps your watch history and recommendations “just in case you want to come back.”

Then there's Twitter, which signed a deal with the Library of Congress in 2013 giving it the right to archive all public tweets from 2006 on. This means that anything you've posted publicly since then is owned by the government and will stay archived even if you delete your account.

To prevent future tweets from being saved, convert your settings to private so that only approved followers can read your tweets. (Go to the settings in the security and privacy section.)

Shut down your Facebook account by going to Settings, Security and then click “Deactivate my account.” You can download all of your posts and images first by going to Settings, General and then click “Download a copy of your Facebook data.”

However, you've already agreed to the social media giant’s terms and conditions, which state that Facebook has the right to keep traces of you in its monolithic servers, basically any information about you held by another Facebook user (such as conversations still in the other person's inbox or your email address if it's in a friend's contact list) will be preserved.

The divide between companies that make it easy to delete your data and the companies that make it difficult is clear. “If you're the product (on such free services as the social platforms), the company tends to make it difficult,” Taylor says. Monetizing your data is the basis of the business model for such companies.

For services like eBay and Paypal, Taylor adds, you aren't the product (both collect fees from sellers), making it easier to delete your account and associated data.

The right to be forgotten Being able to erase social and other online data is linked to a larger issue: the right to be forgotten online. In the European Union, a recent Court of Justice ruling gave EU residents the right to request that irrelevant, defamatory information be removed from search engine databases. However, no such service is available to the residents of United States.

“You should be able to say to any service provider that you want your data to be deleted,” Taylor says. “If someone leaves this earth, how can their data still be usable by all these companies?”

When erasure isn’t an option Much of our personal data online is hosted on social platforms that regularly update their terms of service to change how our data can be used. A privacy policy that you were comfortable with when you signed on could evolve to become something you don’t agree with at all.

“Your digital footprint is not under your control if you're using these free services,” Taylor says.

But in an increasingly connected, virtual age, it can seem inconceivable not to have a footprint at all. Most of us use a social account to log in to dozens of other sites. Some sites require that you do so: for example, Huffington Post requires a Facebook log-in, while YouTube commenters need a Google+ log-in.

Employers frequently perform background checks through Google or dedicated third-party social media checkers. In many professions, an online portfolio of work on the likes of WordPress or Tumblr is a necessity. It's becoming increasingly difficult to communicate socially without the aid of a Facebook or Twitter account.

Given the realities of our connected world today, not being online can be seen as a negative. The key, Taylor says, is to take ownership of your data. Control how much of your personal data is available online by pruning inactive accounts. Create new accounts selectively, and post with the understanding that within a single update to the terms of service, your data could become publicly shared or further monetized.

http://www.techlicious.com/tip/how-to-delete-yourself-from-the-internet/

How do I know if my computer has been hacked?

6/6/2014

From Straight Talkin Mike........Computer Security

How do I know if my computer has been hacked?

Tip: Most computer problems are not caused by computer hackers, it is more common for a computer to be hijacked then hacked. It can be difficult to detect a hacker on a computer because nothing changes to help disguise the hack. Below are the most common things that change after a computer is hacked.

New programs installed In some situations, you may see new programs or files to the computer. If you are the only user on the computer and new programs are installed, this could be an indication of a hacked computer. However, there are also several legitimate reasons why a new program may appear on the computer, as listed below.

Operating system or other program received updates that included new programs or files.
When installing a new program it may have installed other programs. For example, it is common for plugins and other free programs to have a check box asking if it is ok to install a new Toolbar or antivirus on your computer. If these boxes are checked, new programs are installed.
Any other person who logs on your computer could install new programs.

Below is a listing of programs that may indicate a hacker has been on the computer.

Backdoors and Trojans are by far the most common programs to be installed on the computer after it has been hacked. These programs allow the hacker to gain access to the computer.
IRC clients are another common way for a hacker to get into a computer or remotely control thousands of computers. If you have never participated in a IRC chat, your computer may have been hacked.
Spyware, rogue antivirus programs, and malware can be an indication of a hacker. However, are more commonly a sign that your computer has been hijacked while on the Internet.

Computer passwords have changed Online passwords

Sometimes, after an online account is hacked the attacker changes the password to your account. Try using the forgot password feature to reset the password. If your e-mail address has changed or this feature does not work, contact the company who is providing the service, they are the only ones who can reset your account.

Local computer password

If your password to log into your computer has changed, it may have been hacked. There is no reason why a password would change on its own. Log into an administrator account to change your accounts password.

Lost or forgotten Windows password.

E-mail spam being sent When an e-mail account is hacked or taken over, the attacker almost always uses that account to spread spam and viruses. If your friends, family, or coworkers are receiving e-mail from you advertising something like Viagra your e-mail is compromised. Log into your e-mail and change your e-mail account password.

Tip: E-mail addresses can also be spoofed without hacking the e-mail account. After changing the e-mail password, if your friends continue to get e-mails you have not sent, it is likely someone is spoofing your e-mail address.

Getting bounce back e-mails from addresses I don't know.

Increased network activity For any attacker to take control of a computer, they must remotely connect to that computer. When someone is remotely connected to your computer, your Internet connection will be slower. Also, many times after the computer is hacked it becomes a zombie to attack other computers.

Installing a bandwidth monitor program on the computer can help determine what programs are using what bandwidth on your computer. Windows users can also use the netstat command to determine remote established network connections and open ports.

There are dozens of other legitimate reasons why your Internet connection may also be slow.

Why is my Internet connection so slow?

Unknown programs wanting access Computer security programs and firewalls help restrict access to programs on a network or Internet. If the computer prompts for access to programs you do not know, rogue programs may be installed, or it may have been hacked. If you do not know why a program needs access to the Internet, we recommend blocking access to that program. If you later discover these blocks cause problems, they can be removed.

Tip: A firewall prompting you for access may also just be someone trying to probe your network, looking for open or available ports in your network.

Security programs uninstalled If the computers antivirus, anti-malware program, or firewall that has been uninstalled or disabled this can also be an indication of a hacked computer. A hacker may disable these programs to help hide any warnings that would appear while they are on the computer.

Computer doing things by itself When someone is remotely connected to a computer they can remotely control any device. For example, a mouse cursor could be moved or something could be typed. If you see the computer doing something as if someone else was in control, this can be an indication of a hacked computer.

Modem users

If the computer is dialing the Internet on its own, it is an indication that a program needs to connect to the Internet. It is common for programs like e-mail clients to do this to check for new e-mail. However, if you cannot identify what program needs Internet access, this can also be an indication of a hacked computer.

Internet browser home page changed or new toolbar Internet browser changes such as your home page changing to a different web page, a new toolbar getting added, your search provider changing, web pages getting redirected are all signs of a browser getting hijacked and not a computer hacker.

My web browser has been hijacked.

Additional information

http://www.computerhope.com/issues/ch001296.htm

Changing password after "heartbleed" bug? Here's what you need to know

4/10/2014

From Our Computer Security Expert
STRAIGHT TALKIN MIKE

By Chenda Ngak
CBS News
April 10, 2014, 2:08 PM

Changing password after "heartbleed" bug? Here's what you need to know

The "heartbleed" bug may have put millions of passwords, credit card details and sensitive information in the hands of nefarious hackers. Before you change your passwords, security experts suggest making sure the website is now secure, and provide tips for creating stronger passwords.

Upgrade Your Life: 5 ways to make an easy-to-remember, ultra-secure password

12/5/2013

FROM STRAIGHT TALKIN MIKE.REPOSTED FROM 2011

Upgrade Your Life: 5 ways to make an easy-to-remember, ultra-secure password

01/22/2013

Upgrade Your Life: 5 ways to make an easy-to-remember, ultra-secure password

By Taylor Hatmaker, Tecca | Upgrade Your Life – Wed, Aug 24, 2011

2 million passwords have been stolen, compromising accounts at Facebook, Gmail, Twitter, Yahoo and ADP.

12/5/2013

2 million passwords have been stolen, compromising accounts at Facebook, Gmail, Twitter, Yahoo and ADP.
NEW YORK (CNNMoney)
Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week.

Hackers Compromise 2 Million Facebook, Twitter and Gmail Accounts

12/5/2013

Hackers Compromise 2 Million Facebook, Twitter and Gmail Accounts
More than 2 million accounts have been compromised from popular sites such as Google, Yahoo, Twitter, Facebook and LinkedIn after malware captured login credentials from users worldwide, according to a new report.

According to web security firm Trustwave, hackers have stolen login usernames and passwords across various sites in the past month with the help of Pony malware, a bit different than a typical breach.

See also: Get Lost in These 19 Fascinating Maps

If You're Using 'Password1,' Change It. Now.~~Repost from March 2012

12/5/2013

From Straight Talkin Mike...

If You're Using 'Password1,' Change It. Now.

CNNMoney.com

By Stacy Cowley | CNNMoney.com –

The number one way hackers get into protected systems isn't through a fancy technical exploit. It's by guessing the password.

That's not too hard when the most common password used on business systems is "Password1."

There's a technical reason for Password1's popularity: It's got an upper-case letter, a number and nine characters. That satisfies the complexity rules for many systems, including the default settings for Microsoft's widely used Active Directory identity management software.

Security services firm Trustwave spotlighted the "Password1" problem in its recently released "2012 Global Security Report,

CryptoLocker crooks launch new 'customer service' website for victims

11/16/2013

Herb Weisbaum NBC News contributor
Now here’s a first — crooks who realize the importance of customer service.

It’s the latest twist in the global CryptoLocker ransomware attack. This diabolically nasty malware locks up all of the victim’s personal files — and in some cases, backup files, too — with state-of-the-art encryption. The bad guys have the only decryption key and they demand $300 or two Bitcoins to get it.

Cryptolocker Ransomware: What You Need To Know

10/24/2013

Cryptolocker Ransomware: What You Need To Know

By Joshua Cannell
October 8, 2013
In Malware Analysis

Just last month, antivirus companies discovered a new ransomware known as Cryptolocker.

This ransomware is particularly nasty because infected users are in danger of losing their personal files forever.

To Read More and see Visuals of what they do Click Below:

http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

IDrive 5GB FREE "On Line Back Up" Recommended by Straight Talkin Mike

3/19/2013

As Recommended by Straight Talkin Mike - I Drive
5GB FREE Universal On Line Back Up
Back up your computer FREE

The IQD TeamWords of WarningAnatomy of Con Men Tiers and More

3/5/2013

The IQD Team....Straight Talkin Mike

Words of Warning ~~ The Anatomy of Con Men, Tiers, and so much more

641-715-3900 Pin 354332# 7 Minutes
July 17, 2012 or
http://download3.freeconferencepro.com/rec/1264699943-20120718214725-25252525.wav

641-715-3900 Pin 180911# 15 minutes
July 19, 2012 or

http://download3.freeconferencepro.com/rec/1264699943-20120720225847-52523698.wav

Spokeo~~Instructions on How to Remove Your Information

3/3/2013

SPOKEO
Instructions on How to Remove Your Information

http://www.spokeo.com/

Enter Name OR Phone # or email address (don't forget to check your cell, your home, etc)

IF it shows up....click on the link address at the top of the page and copy it

Go to the bottom of the page and Click on Privacy or click here http://www.spokeo.com/privacy

Scroll to the bottom of the page and insert the url you copied

Then enter your email address (make sure it is NOT your main email address or this will just happen again)

Then enter Code

Click on Remove Listing

Go to your email for further instructions....you must click on the link to finish the process

ABOUT SPOKEO

Spokeo is a leading people search engine. We aggregate vast quantities of public data and organize the information into attractive and easy-to-follow profiles.

You can search for anyone using: Unlike other people search sites, Spokeo merges “real life” information (address, email address, marital status, etc.) with social network data (Facebook profiles, Twitter feeds, etc.) providing you with a profile that is among the most comprehensive profiles available on the Web.

Spokeo was founded in 2006 by Harrison Tang and a couple of his classmates at Stanford University. Working out of their parents’ basement, they developed a technology to better keep up with their friends online. Spokeo has since grown to become a leading solution to America’s connectivity needs. Our mission is to help people find, learn about, and connect with others more easily than ever.

Spokeo Privacy – Get the Scoop from the Source
http://www.spokeo.com/blog/2011/01/spokeo-privacy-get-scoop-from-source/

2013 Predictions For Computer Security Threats And Cyber Warfare

1/1/2013

2013 Predictions For Computer Security Threats And Cyber Warfare

Posted: December 29, 2012

Some 2013 predictions have computer security becoming increasingly difficult in the new year. Cyber warfare is also of concern, with the real potential of nations like Iran and North Korea attempting to lash out at the world with increasingly sophisticated viruses and malware.

As previously reported by The Inquisitr, many of the top 2013 predictions involve new security threats and scams related to smartphones and tablets. Social media and web applications on the Cloud may also be a newer source of threats. Wade Baker, principal author of the Verizon Data Breach Investigations Report (DBIR), told DarkReading that the biggest data threat in 2013 is likely to be “low-and-slow attacks” involving popular web apps:

“The most likely threats involve authentication attacks and failures, continued espionage and hacktivism attacks, Web application exploits and social engineering. … Organizations that choose to take their chances and ignore secure application development and assessment practices in 2013 are asking for trouble.”

Cyber security is not just a threat to the average person, even nations are under the gun when it comes “key national security threats.” According to the National Journal, the United States Department of Defense feels that internet-based warfare warrants being number three in the top list of threats:

“Defense Secretary Leon Panetta recently outlined new warfare terrain: the Internet. Cybersecurity concerns do not simply include hackers and criminals. Panetta said the greater danger is a cyberattack carried out by nation states or extremist groups that could be as destructive as the terrorist attack on Sept. 11, 2001, and ‘virtually paralyze the nation’.”

If you will recall, cyber warfare is already being implemented in the Middle East, with an implanted virus slowing Iran’s efforts to produce nuclear power plants and possibly nuclear weapons. The Flame virus – which takes over local wireless networks and uses laptops and smartphones to spy on and record information — is apparently based upon an earlier version of Stuxnet from 2010 and was so sophisticated that Cyber experts widely believe Stuxnet, and thus presumably Flame and miniFlame, are American projects.

The computer security company Sophos predicts the following “five trends will factor into the IT security landscape in 2013” in their Security Threat Report 2013:

More of the same such as SQL injection hacks of web servers and databases.
Since 2012 saw a surge of “ransomware malware which encrypts your data and holds it for ransom,” expect to see more “irreversible malware.”
Cybercrooks will develop more toolkits like the Blackhole exploit kit that will have even more premium features.
There might be better exploit mitigation, so vulnerability exploits may decrease as social engineering attacks sharply increase.
As mobile devices and applications like social media, or NFC and GPS become more integrated, expect cybercrooks to find “increasingly creative” ways to compromise our security or privacy.

These 2013 predictions are probably not the ones you want to hear, but these threats are real. What do you plan on doing differently in 2013 to keep your computer and smart devices safe?

Read more at http://www.inquisitr.com/459178/2013-predictions-for-computer-security-threats-and-cyber-warfare/#dA4y5qBmMGBFiGGq.99

Worm spreading on Skype IM installs ransomware

10/8/2012

Worm spreading on Skype IM installs ransomware

Malware is downloaded onto users' machines after they click on the message "lol is this your new profile pic?"

by Steven Musil

October 8, 2012 4:37 PM PDT

The Skype worm attempts to entice users with this socially-engineered instant message.

(Credit: GFI )

A malicious worm spreading through Skype instant messages threatens to take control of a victim's machine and hold its contents for ransom.

The issue, which was first brought to light Friday by GFI, tricks users into downloading a ZIP file by displaying the socially-engineered message, "lol is this your new profile pic?" along with a link that also spreads the message to other Skype users. The ZIP filed contains an executable file that installs a variant of the Dorkbot worm and creating a backdoor via "Blackhole," an exploit kit used by criminals to infect computers through security holes.

The backdoor allows a remote attacker to take control of the machine and install the ransomware, a malicious application that locks the user out of the computer via password or encryption and demands a payment, or ransom, in exchange for its contents. This particular strain demands a payment of $200 within 48 hours or risk having their files deleted.

PC users are also presented with a screen (see below) that claims the computer has been used to visit sites of a nefarious nature, including the downloading of MP3s, illegal pornography, gambling, and illegal drugs, and threatens to send that information to the "special Department of US government" via a program called "System Cleaner," which it claims was developed by the U.S. government "to prevent crime and illegal activity on the Internet."

Click to enlarge.

(Credit: GFI )

The malware also employs click fraud, imitating legitimate user behavior by clicking on ads to generate revenue for its authors. And it's not a few clicks; GFI said in a 10-minute span it recorded 2,259 transmissions.

Skype said it is investigating the matter and recommends upgrading Skype versions and making sure the machine's security software is up to date.

"We are aware of this malicious activity and are working quickly to mitigate its impact," the company said in a statement. "We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links -- even when from your contacts -- that look strange or are unexpected is not advisable.

http://news.cnet.com/8301-1009_3-57528353-83/worm-spreading-on-skype-im-installs-ransomware/

Straight Talkin Mike~~Cyber bank robbers attempt billion-dollar heist, targeting your money

6/27/2012

MORE FROM STRAIGHT TALKIN MIKE...

Cyber bank robbers attempt billion-dollar heist, targeting your money

By John R. Quain

Personal Tech

Published June 26, 2012

FoxNews.com

The next Internet billionaires won’t be pushing social-networking apps. They’ll be breaking into your bank accounts.

An organized global cyber crimewave has been underway for months, according to a report released today from security firms McAfee and Guardian Analytics, attacking banks in Columbia, Germany, Italy, the Netherlands, the United Kingdom and the U.S.

A total of roughly $78 million was successfully siphoned out of bank accounts, according to researchers, with a potential total of $2 billion attempted. (Banks are understandably loathe to reveal losses and due to additional security concerns have not been identified.)

Analysts at the firms report that these thefts represent a new generation of attacks running off of hijacked servers that can be frequently changed to avoid detection and completely automated so that thousands of customer accounts can be broken into without even raising the owners’ suspicion.

By adapting two types of malware designed to steal passwords — known as Zeus and SpyEye — hackers can now invisibly record login information and add additional requests for information on what appear to be valid online banking pages. They can even intercept secondary, one-time only passwords, and then put the user on hold while they login and transfer funds to criminal accounts. After the transfer is complete, the software can even post false balances so that the victim is unaware of the theft until it is too late.

What is different about these new attacks is their high level of automation. It allows organized cyberattacks that can drain just a few dollars from multiple accounts without any intervention by the crooks. Furthermore, according to McAfee, the criminals look for large account balances — hence the researchers dubbed the crime spree “Operation High Roller.” In at least one case, the criminals made off with $130,000 from a single account.

The moral of this latest cyberscare story is that you cannot rely on your bank or financial institution to protect your money. In many cases, the financial institution’s profits are sufficiently high and the investment in additional computer security measures considered too expensive to prevent many of these attacks. As some analysts have told me, it’s considered part of the cost of doing business. Just make sure it isn’t your cost of doing business online.

First, you have to run some sort of anti-virus software. There are free basic versions out there from the likes of Avast, AVG, and BitDefender. Many of these monitor new threats and will warn you about suspicious Web pages.

Second, never, ever, ever open a link in an “official” e-mail message you receive. This is the primary way criminals lead thousands of users astray every day. If you get a message from your bank, open a separate browser and type in the URL that you usually use. It’s the only way to avoid being led astray.

Third, update your software: in particular the Web browser you’re using and Sun’s Java and Adobe’s Reader software (for opening PDFs). These programs are the favorite targets of hackers and new exploits are uncovered every week. Keeping them updated can often prevent so-called iFrame hacks that may compromise legitimate Web sites and secretly install malware on your computer. So instead of watching that Tree Girl video, check for updates whenever you have a spare moment

The computer security threats are clearly endemic, prompting the head of Britain’s spy agency, Jonathan Evans of MI5, to coincidentally come out this week to warn that the level of cyber attacks is now “astonishing.” Evans warned that the scale of such threats has now reached “industrial-scale” proportions.

So it’s no longer a matter of paranoia to check your software and Web surfing habits. It’s a matter of common sense.

SOURCE

http://www.thestraighttalkexpress.com/1/post/2012/06/cyber-bank-robbers-attempt-billion-dollar-heist-targeting-your-money1.html

Straight Talkin MikeAlertFraud Ring In Hacking Attack On 60 Banks

6/27/2012

From Straight Talkin Mike....ALERT

Fraud Ring In Hacking Attack On 60 Banks

Some 60m euro is stolen from bank accounts in a massive cyber raid, after fraudsters raid dozens of banks around the world.

7:16am UK, Wednesday 27 June 2012 Video: McAfee: Biggest Cyber Bank Robbery In History

By Pete Norman, Sky News Online

Sixty million euro has been stolen from bank accounts in a massive cyber bank raid after fraudsters raided dozens of financial institutions around the world.

According to a joint report by software security firm McAfee and Guardian Analytics, more than 60 firms have suffered from what it has called an "insider level of understanding".

"The fraudsters' objective in these attacks is to siphon large amounts from high balance accounts, hence the name chosen for this research - Operation High Roller," the report said.

"If all of the attempted fraud campaigns were as successful as the Netherlands example we describe in this report, the total attempted fraud could be as high as 2bn euro (£1.6bn)."

The automated malicious software programme was discovered to use servers to process thousands of attempted thefts from both commercial firms and private individuals.

The stolen money was then sent to so-called mule accounts in caches of a few hundreds and 100,000 euro (£80,000) at a time.

Credit unions, large multinational banks and regional banks have all been attacked.

Sky News defence and security editor Sam Kiley said: "It does include British financial institutions and has jumped over to North America and South America.

"What they have done differently from routine attacks is that they have got into the bank servers and constructed software that is automated.

"It can get around some of the mechanisms that alert the banking system to abnormal activity."

The details of the global fraud come just a day after the MI5 boss warned of the new cyber security threat to UK business.

McAfee researchers have been able to track the global fraud, which still continues, across countries and continents.

"They have identified 60 different servers, many of them in Russia, and they have identified one alone that has been used to steal 60m euro," Kiley said.

"There are dozens of servers still grinding away at this fraud – in effect stealing money."

http://www.thestraighttalkexpress.com/1/post/2012/06/-fraud-ring-in-hacking-attack-on-60-banks.html

SOURCE

Straight Talkin Mike~~How many seconds would it take to break your password?

6/9/2012

How many seconds would it take to break your password?

'Strong' isn't a detailed password-rating; go for a quintillions possible combos, then add a symbol

By Kevin Fogarty 56 comments

June 07, 2012, 8:00 PM —

Security breaches of mind-numbing size like those at LinkedIn and EHarmony.com set crypto- and security geeks to chattering about weak passwords and lazy users and the importance of non-alphanumeric characters to security.

And insisting on a particular number of characters in a password is just pointless security-fetish control freakishness, right?

Nope. The number and type of characters make a big difference.

[ Stupid security mistakes: Things you missed while doing the hard stuff ]

How big? Adding a symbol eliminates the possibility of a straight dictionary attack (using, literally, words from a dictionary. Adding a symbol, especially an unusual one, makes it much harder to crack even using rainbow tables (collections of alphanumeric combinations, only some of which include symbols).

How big a difference to length and character make?

Look below and pick which password-cracking jobs you'd want to take on if you were a computer. The examples come from the Interactive Brute Force Password Search Space Calculator: at GRC.com, the love child of from former InfoWorld columnist and freeware contributor Steve Gibson

How long would it take to crack my password: (Includes letters and numbers, no upper- or lower-case and no symbols)

6 characters: 2.25 billion possible combinations

Cracking online using web app hitting a target site with one thousand guesses per second: 3.7 weeks.
Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 0.0224 seconds
Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 0.0000224 seconds
10 characters: 3.76 quadrillion possible combinations

Cracking online using web app hitting a target site with one thousand guesses per second: 3.7 weeks.
Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 10.45 hours
Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 37.61 seconds.
Add a symbol, make the crack several orders of magnitude more difficult:

6 characters: 7.6 trillion possible combinations

Cracking online using web app hitting a target site with one thousand guesses per second: 2.4 centuries.
Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 1.26 minutes
Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 0.0756 seconds
10 characters: Possible combinations: 171.3 sextillion (171,269,557,687,901,638,419; 1.71 x 1020)

Cracking online using web app hitting a target site with one thousand guesses per second: 54.46 million centuries.
Cracking offline using high-powered servers or desktops (one hundred billion guesses/second) 54.46 years
Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 2.83 weeks.
Take Steve's advice: go for 10 characters, then add a symbol.

SOURCE

Straight Talkin Mike~~LinkedIn users targeted in phishing scam after hack

6/7/2012

7 June 2012

LinkedIn users targeted in phishing scam after hack

Convincingly-designed emails like these have been sent to LinkedIn users

LinkedIn users have been targeted by email scams after hackers leaked more than six million user passwords online.

Emails designed to look like they were sent by the social-network website asked users to "confirm" their email address by clicking a link.

However, the link took unsuspecting recipients to a site selling counterfeit drugs.

Dating website e-Harmony has also admitted that a "small fraction" of its users' passwords have been leaked.

Approximately 1.5 million passwords from the US-based relationship site were posted online, reported Ars Technica.

The company said on its blog that it had reset the passwords of the affected users, who would receive an email with instructions on how to set new passwords.

On Wednesday it was revealed that 6.4 million passwords from LinkedIn had been posted on a Russian web forum, along with a message encouraging other hackers to help decrypt the "hashed" data.

Affected LinkedIn users have been told they will receive instructions in an email - but not with a link - on how to change their details.

HOW TO CHANGE YOUR LINKEDIN PASSWORD

Security experts have advised users to change their passwords on LinkedIn. Here's how: First, visit www.linkedin.com, and log in with your details

"Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid," said LinkedIn director Vicente Silveira, confirming that a breach had occurred.

He added: "These members will also receive an email from LinkedIn with instructions on how to reset their passwords.

"These affected members will receive a second email from our customer support team providing a bit more context on this situation and why they are being asked to change their passwords."

However, Ant Allen, from analyst firm Gartner, said LinkedIn must do more to inform their members about the situation.

"I'd really like to see a clearer statement from them on their front page," he told the BBC.

"A statement that they were taking steps to minimise the risks of passwords being exposed in the future and the risks to users if passwords were exposed would do a lot to reassure people. Simply saying, 'we need you to reset your password as a security precaution' is not enough."

Final tally 'higher' Security analyst Imperva said it believed the breach was larger than had been acknowledged, as the list did not duplicate individual passwords, even though many were likely to have been used by more than one user.

"The list doesn't reveal how many times a password was used by the consumers," the company said.

"This means that a single entry in this list can be used by more than one person. For reference, in the [social network] RockYou hack the 5,000 most popular passwords were used by a share of 20% of the users. We believe that to be the case here as well, another indicator that the breach size exceeds 6.5m."

The password breach came just hours after the company admitted it had updated its mobile apps due to a privacy flaw.

In a blog post, Skycure Security said the the mobile app was sending unencrypted calendar entries to LinkedIn servers without users' knowledge.

In response LinkedIn said it would "no longer send data from the meeting notes section of your calendar".

Source

Straight Talkin Mike~Using Public Wi-Fi to Pay Bills & Shop Can Be Very Dangerous

5/20/2012

Great advice from Straight Talkin Mike....

USING PUBLIC WI-FI TO PAY BILLS AND SHOP CAN BE VERY DANGEROUS

Have you ever gone to the local hotspot at the McDonalds to browse the internet, have a cup of coffee and pay bills?

Well did you know you are at risk having your password and Identity stolen... Surprised?

Most people are...We have a false sense of privacy on the internet today and it can be damaging to you and your personal information. The nature of Public Wi-Fi is that it is open and Free....The word Public should be a clue as to how safe you really are on the network. Public Wi-Fi is an open network and all your information is open to anyone on the network to see and copy and use.

Ok....take a deep breath, now we can continue....Try this one day when you are traveling at the airport when connected to the Wi-Fi..click on your network neighborhood icon and you can see all the information from other peoples computers.

If you are paying bills any one can glean passwords and logons and you have given your information to them freely.

So how do you stop this?

First make sure your computer is up to date, all of the security patches are installed, you have a virus program and a Fire Wall running.
NEXT MAKE SURE YOU TURN OFF FILE AND PRINTER SHARING , so that others cannot see what you are broadcasting for others to share.
Remember it is possible to connect to any computer on the network.
Remember the internet is one big network and any one on that network can access your computer if you don’t take precautions.

Windows 7 has the most secure features to protect you. When you enter a new network it pops up a screen to ask you what type of network your are on, Public , home and work. Each network applies different security policies to protect your computer and disallow things like sharing. The most vulnerable operating system to expose to the network is Windows XP, so make sure at a minimum you are using Windows firewall to protect your computer from others.

Remember, and let me make it clear, on a public network it is never safe to do banking or shopping on a public Wi-Fi, because your data is never safe. If you need to do banking on the road, you should remote into your home machine via LogMeIn, Team View, etc.... this lets you securely use your home computer to do banking on a safe network.

Straight Talkin Mike

I have included a link and the News Article that will let you explore this further below:

Is It Safe To Bank On Public Wi-Fi? How Not To Get Hacked!

By Becky Worley | Upgrade Your Life – Wed, Feb 8, 2012

LINK TO VIDEO
http://news.yahoo.com/video/us-15749625/28233096

Online banking has grown in huge numbers, and mobile banking is on an even faster rise. But accessing your sensitive financial data via computer can be dangerous. One well known computer virus that steals banking logons and passwords is thought to have infected over 3 million computers in the US alone, siphoning at least $70 million dollars from consumers. So how can you access your bank account safely?

We've enlisted the help of noted hacking researcher Darren Kitchen to find out:
• Is it safe to bank on a public computer, like at a library or in a school?
• Can you safely check your bank balance in a Wi-Fi café on your own laptop?
• How safe is it to check your bank account from your home computer?
• Is it OK to bank on your phone?

I've known Darren Kitchen for years. He hosts a podcast about hacking called Hak5 and has been interviewed by ABC News, the New York Times and Wired Magazine on various hacking topics. In short, he's the real deal, and he sat down with me to answer the following questions and demo what a hacker could do if you log on to the wrong Wi-Fi.

Is it safe to bank on a public computer?
Answer: No
Public computers in libraries, schools, and hotels are completely unsafe for any sensitive web browsing. You have no idea if they are secure or if a criminal has installed a key-logger that tracks every username and password you enter.

Can you safely bank online at a Wi-Fi café on your own computer
Answer: Probably not
Darren and I set up an experiment. With my own laptop, I logged onto the free Wi-Fi in a café while Darren sat across from me. I went to my bank site and entered my username and password. In real time, Darren intercepted the logon info. If that had been my real info he could have immediately logged onto my bank account (NOTE: I gave Darren expressed permission to hack my browsing — I need to say this for legal reasons. ALSO - I am a blond, but what you see in the video is not my real banking info.)

How did he hack my connection?
Darren brought his own router into the coffee shop. He can set it up to provide an open connection that is labeled "Internet" or "free Wi-Fi" or even includes the name of the café, something like "Cuppa Joe Wi-Fi." Simply put, he pretends to be the Internet access provided by the café. The scenario: you turn on your computer and log on to what you think is the Wi-Fi provided by the business. Even more deviously, Darren can create a Wi-Fi signal called Linksys, TMobile, ATT Wireless or GogoInflight. If your computer has ever connected to those legitimate networks in the past, it will be fooled into thinking it already has permission to connect — and does so through Darren's router.

"Once you're on my router, I am the Internet. I'm the man in the middle, so I can see everything," said Darren. "I'm essentially your Internet service provider, and inherently, I can eavesdrop and even change data on the fly. And when I see you're going to a bank, I can serve up my own [site] that looks and feels in every way like the bank's site."

And that's how he got my info. I thought I was going to a legitimate bank, but really it was Darren serving up an easily faked version of the site. It looked exactly the same as the real bank's site.

Bottom-line: if you must do sensitive web browsing over a Wi-Fi network in a public place you should be very sure you know that the Wi-Fi is actually provided by the business and being passed through their router. It should be encrypted so you need a password to log on. And finally, do you trust the business and its employees? There are enough risks that when I ask Darren if he would log on to his bank this way he says "Absolutely not."

How safe is it to check your bank account from home?
Answer: Safe, but be sure your computer is virus free
If you are connecting to the Internet at home over a Wi-Fi router that's encrypted with WPA2 security, you should be safe to log on to your bank.

BUT… big caveat! Are you sure your computer is virus free? Computer viruses are getting more devious about specifically targeting online banking information. The Zeus botnet has resulted in hundreds of millions of dollars funneled out of consumer bank accounts. If you have any doubt about the security of your home computer, it may be time to get serious about disinfecting it and protecting it with an antivirus program if you want to bank online without anxiety.

Is it okay to bank on your phone?
Answer: Yes, but…
Phones using Wi-Fi to connect to the Internet are susceptible to hacks just like the Wi-Fi café hack Darren exhibited. But phones using cellular data networks for their connection are MUCH harder to fool. It's not impossible. As Darren points out, he replicated the café's Wi-Fi with off-the-shelf router equipment. It's much harder to replicate a cell phone tower.

The biggest caveat for checking your bank account on your phone is to consider what would happen if the phone fell into the wrong hands. The financial and identity information on your phone has now become more valuable than the hardware itself, so thieves are getting much more sophisticated about mining bank and personal data from mobile devices. So keep a password screen lock on the phone and have a remote wipe program so you can delete all data if your phone is lost or stolen.

SOURCE

FBI: Beware Of Malware Installed Via Hotel Networks The Federal Bureau of Investigation is warning travelers to be in the lookout for fake software updates booby trapped

5/14/2012

The Federal Bureau of Investigation is warning travelers to be on the lookout for fake software updates booby trapped with malware that are being pushed through hotel internet connections.

FBI: Beware Of Malware Installed Via Hotel Networks The Federal Bureau of Investigation is warning travelers to be in the lookout for fake software updates booby trapped with malware that are being pushed through hotel internet connections.

The Seal of the United States Federal Bureau of Investigation. (Photo credit: Wikipedia)

According to the FBI, there has been an increase in instances of travelers’ notebooks being infected with malicious software while using hotel internet connections. While attempting to set up the internet connection in the room, some users have been presented with a pop-up notifying them of an update a widely-used software product.

Accepting the update resulted in malicious software being installed on the notebook.

The FBI’s Internet Crime Complaint Center (ISC3) has offered up some good advice for travelers, including:

Carry out all software updates before traveling.
Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor.
Download software updates direct from the vendor’s website.

In addition to this, I would recommend that all important information — including, but not limited to, emails, documents, IMs and web logins — is sent over secure HTTP or a VPN.

This advisory from the FBI follows a report by Bloomberg which claims that Chinese hackers have stolen private data from as many as 760 firms by hacking into the iBahn broadband and entertainment service offered to guests of hotel chains such as Marriott International Inc.

Firms compromised in this attack are believed to include Research in Motion Ltd. and Boston Scientific Corp., as well as some of the largest corporations and niche innovators in sectors such as aerospace, semiconductors, pharmaceuticals and biotechnology.

By breaking into iBahn’s networks, hackers may have had access to millions of confidential e-mails, even encrypted ones.

Last month, software engineer Justin Watt noticed during a stay at a Marriott International hotel in the U.S. that code was being injected into websites visited via the hotel WiFi in order to push third-party advertisement to users. According to an official statement from Marriott International, this was done “unbeknownst to the hotel”.

While the advertisements served were harmless, it can’t be reassuring to visitors to find that Marriott International didn’t know what was going on with its own network.

SOURCE

THANKS VW

Straight Talkin Mike~~How can you detect if your computer has been violated and infected with DNS Changer?

5/5/2012

How can you detect if your computer has been violated and infected with DNS Changer?

An industry wide team has developed easy “are you infected” web sites. They are a quick way to determine if you are infected with DNS Changer. Each site is designed for any normal computer user to browse to a link, follow the instructions, and see if they might be infected. Each site has instructions in their local languages on the next steps to clean up possible infections.

For example, the http://www.dns-ok.us/ will state if you are or are not infected (see below).

No Software is Downloaded! The tools do not need to to load any software on your computer to perform the check.
No changes are performed on your computer! Nothing is changed on your computer when you use sites like http://www.dns-ok.us/.
No scanning! The “are you infected with DNS Changer” tool does not need to scan your computer.

If you are not affected by DNS Changer then do nothing.

If you think your computer is infected with DNS Changer or any other malware, please refer to the security guides from your operating system or the self -help references from our fix page (http://www.dcwg.org/fix).

Read More

Source

Straight Talkin Mike~~DNSChanger is not the end of the world

5/5/2012

DNSChanger is not the end of the world

By Woody Leonhard on May 2, 2012 in Top Story

DNSChanger virus spells ‘Internet Doomsday’ … The end is nigh, according to the FBI … ‘Internet doomsday’ will strike us all on July 9 …

That’s what a couple of popular websites had to say about the DNSChanger virus. What a crock!

I’ve been writing about viruses for about two decades, and I don’t think I’ve ever seen headlines that ridiculous from sources that should know better.

DNSChanger is a real piece of malware — it’s a variant of the TDSS/Alureon family of Trojans — and it was a real problem until taken down Nov. 8, 2011, in a joint FBI–Estonian police action code-named “Operation Ghost Click” (FBI site).

Since then, it seems, DNSChanger has hit headline after headline — with dire warnings. Even local TV news programs have covered it in breathless terms, as if it were the worst thing to ever infect your computer.

Lemme tell ya. It’s easy to write scary headlines such as “New Mac Trojan makes your clicking finger fall off!” (no doubt because Mac mice have only one button) or “Log on to Windows and lose your life savings!” It’s not so easy to examine the threat, digest it, translate it into terms we can all understand, and make a few simple recommendations.

That’s the goal for this column. Is it true that, as a Huffington Post U.K. headline put it, “The end is nigh, according to the FBI!”? I don’t think so.

Exactly what does DNSChanger do? With an estimated four million infected computers — 500,000 in the U.S. alone — DNSChanger was one of the largest botnets ever disassembled. However, despite what you may have read, this botnet wasn’t designed to steal your credit-card numbers or bank-account passwords. DNSChanger rerouted your browser to websites that mostly sold little blue pills, antivirus products that didn’t work, and other scummy stuff.

The people behind DNSChanger received commissions from these fake pharmaceutical companies, rogue antivirus sites, and other unsavory cyber characters. The FBI avers that these “commissions” amounted to more than $14 million.

Typically, DNSChanger infected systems by posing as a codec needed for viewing videos streamed from adult sites. When you clicked to view these bogus videos, Windows Media Player would complain that it didn’t have the right codec. Users then downloaded the codec from the site, gave permission to install the codec, and — well, there you go.

(Given the amount of unauthorized Web surfing on business PCs, it should not be surprising that half of the Fortune 500 companies and roughly half of all U.S. government agencies now have one or more PCs infected with DNSChanger.)

As befits a TDSS/Alureon variant, the infection is a nasty one — full rootkit behavior that’s hard to detect and even harder to clean.

On Windows, the infection changes your computer’s DNS server, usually by hacking the Registry. (If you aren’t familiar with Domain Name Servers — the White Pages of the Internet — check out Susan Bradley’s April 5 Top Story.) With a subverted DNS server, you might type www.google.com into your browser — any browser — and end up at www.buyonlinepharmaceuticalsifyoudare.com. The bad guys set up several DNS servers that did exactly that.

Naturally, if you tried to go to common Web addresses that offer antivirus help, AV scans, patches, advice, or even news about DNSChanger, you were rerouted. Effectively, your browser belonged to DNSChanger.

DNSChanger meets its match on two continents As scary as that DNSChanger sounds, you no longer need fret over it — you no longer have to worry about DNSChanger changing your PC’s DNS server. The FBI and many other organizations — in the U.S. and in Estonia — took DNSChanger down. You might still get an Alureon infection, but it won’t be DNSChanger.

Although it took years, the FBI succeeded in identifying the people directly involved in the scam — six men in Estonia. The agencies also found the IP addresses of the DNSChanger servers: all were located within the U.S.

In a complex, well-coordinated action, Estonian police arrested most of the bad guys, who are now facing extradition to the U.S. To minimize Internet service disruptions to those four million infected PCs, the FBI and Internet Systems Consortium (the nonprofit company that maintains the ubiquitous DNS server software, Binds) pulled off an amazing technical feat: they quickly replaced the malicious servers with legitimate DNS servers. (Many PC users might still not know they’re infected. But at least they’re getting to their intended websites.)

Operation of the DNS server farm was given to a new organization called the DNSChanger Working Group, which consists of representatives from the computer industry and law enforcement. That left the FBI in the position of running a DNS server farm — and also left a nagging question.

The take-down aftermath, and what you can do For those four million PCs, what’s the smarter move: leave users unaware that they’re infected and maintain the servers indefinitely, or gradually shut down the servers and cut off small numbers of users at a time?

It’s a tough choice. There’s no right or wrong answer, from my point of view. The FBI and BINDS could perhaps try to intercept a handful of webpages and put up warnings on them. But that might scare the daylights out of a lot of people and leave them with the task of changing to another DNS server on their own.

The FBI and the DNSChanger Working Group originally had court permission to keep the server farm running until March 8. As the deadline approached, people fretted that shutting off the remaining infected machines (still millions of them, at that point) would cause a lot of panic. So they sought, and received, a court extension to July 9.

Will the DNSChanger Working Group look for another extension after July 9? I think it’s highly likely that they’ll ask for — and receive — an extention. Remember, though, somebody has to pay for running the temporary server farm.

So while we wait for an Internet Armageddon that will never come (at least not from DNSChanger), here’s something you can do (and have all your friends do, as well). Go to the DNSChanger Working Group Detect site and click the link at the bottom for your language or country. (Because you’re reading this in English, you’ll most likely click through to the main DCWG test page.) When you get to the DNS Changer Check-Up page, you’ll see a large graphic — if it’s green, you’re fine; if it’s red, you’re infected.

There are lots of DNSChanger-fixing programs out there. I’ve not run across any infected machines yet; but if I do, my first choice for cleaning them would be Windows Defender Offline, which I wrote about in my Jan. 5 Top Story.

Yep, this is one of the tests even your Aunt Martha needs to take.

Source

<<Previous

From Straight Talkin Mike........Computer Security

Categories