My analysis showed that approximately three percent of my spam messages contained malware during the period of February 2 to date. That tracks with Kaspersky’s Securelist’s figures for January 2013:

January in figures

• The percentage of spam in email traffic was down 7.7 percentage points compared with December and averaged 58.3%
• The percentage of phishing emails halved compared with December, falling to 0.003%
• In January, malicious files were found in 3% of all emails, a decrease of 0.15 percentage points

The biggest source of malware in my spam filter was the fake FedEx Tracking Service message, but I’ve seen a variety along the way.

Well, yeah, but I still recommend it to friends, family and students as one of the best free AV tools. It maintains the VB100 rating. Besides, absolutely NOTHING prevents against malware installing on the PCs of those ID-10-T users who click on links and agree to be infected.

Me, I don’t even run AV on any of my personal computers at home and haven’t for at least 5 years. I have had zero infections of any kind. On the other hand, I have cleaned PCs that were positively toxic with malware and were members of every known botnet despite their running fully updated versions of commercial AV software.

Naturally, I question the efficacy of AV software for the savvy amongst us.

What do YOU think? Hit the comments and let me know.

Internet users are receiving emails claiming to contain a changelog – but the files attached are really designed to infect computers.

Here’s what a typical email looks like, although the precise wording can vary.

Subject: Re: Your Changelog

Message body:
Good day,
as promised chnglog attached (Open with Internet Explorer)

The subject lines and attachment names can also be different from email to email – here’s a small selection.

Make sure your anti-malware software is up to date and you should be OK. Just don’t click the link (but you already knew that, eh?)

Downloading Tools and Tips.

 

Google is my best friend.  Everything I do, I Google it and try to get an idea of what is going on.  Disastrous cooking experiments aside, Google has helped me identify a lot of sites and programs that are not safe for use. There are several ways to check the legitimacy and security of certain sites.

 

Here is an example site: http://www.avgthreatlabs.com/sitereports/ It has a place where people can like or comment about sites and they also have reviews for them as well.  Even if this site says the website you are checking is safe, read the comments also.  I checked some sites and it said they were good but the comments said otherwise.

 

http://www.malwarebytes.org/ here you can find Malwarebytes for free.  Malwarebytes will search your computer for malware and remove it for you. (Some Malware is tricky, and Malwarebytes may not always be able to remove it.)

 

Install a respected antivirus.  If you have a school laptop, we have installed Symantec Endpoint Protection so your computer already has protection.  That being said, it is your responsibility to scan for viruses regularly to make sure that your computer is still safe.  It is also important to note that just because your computer has antivirus doesn’t mean it can’t be infected.  Hackers are constantly catching on and changing codes for viruses to get past these protections.

 

Some examples of respected antivirus programs:

 

http://windows.microsoft.com/en-US/windows/products/security-essentials

http://www.avast.com/en-us/index

http://www.avg.com/us-en/homepage

http://www.zonealarm.com/

 

 I know this is a long read, but believe me; everything I said may save you from your computer being infected by viruses or malware.  Any other questions you may have just catch me in the hallway or the IT office and I will try to help you as best as I possibly can.    If you can’t find me, see Mr. Gundelach [Hattiesburg Net Admin] or Kim [Net Admin Assistant].

 

Take Care,

Hunter

I want to thank Hunter again for giving me permission to post his excellent summary. He is going to be a valuable addition to our tech community.

FrostWire/LimeWire/Share bear etc. are not safe ways to download free stuff!!!

 

I’m sure all of us have downloaded a free song, game, or what not.  I’m guilty of it as well, but the longer I was interacting with these kinds of sites, the more I was opening my computer to viruses and other nasty programs.  The thing is that you have to trust that what you are downloading is exactly what it says it is.  I personally would love to trust these people who upload these songs and such, but sadly, I’ve seen too many computers fall victim to the same fate.  You are downloading at your own risk every time you use these programs.  These files aren’t checked before you download them so anyone could add anything they want to the download link such as viruses and malware.  They also may have access to your IP address, meaning they could possibly access your computer if they had the right software.

 

Here are some articles, but again, these go into some pretty deep IT stuff, so I will try to break it down.

http://www.symantec.com/avcenter/reference/malicious.threats.pdf This one gets really deep into the threats of P2P (Peer to Peer) networking,

http://www.techrepublic.com/article/take-precautions-against-peer-to-peer-threats/1048032 This one is a little bit easier to read but deals with more of the legal issue P2P networks pose for companies in which employees use P2P programs to download illegally.

Hey everybody, Hunter here and I am the IT work-study guy.  I’ve noticed a pattern with some of the computers that I have been working on, here and off campus.  Many are infected with fake programs being pitched as antiviruses or computer optimizers.  One example I’ve recently run into is the PC Optimizer Pro virus/malware.

 

 

Here’s a link describing it: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Program%3AWin32/PCOptimizerPro

 

PC Optimizer Pro is software written by hackers and played off as a legitimate computer program that cleans your registry and makes your PC more efficient.  However, this is not the case, and once the software is installed it flashes fake warnings about infections on your computer.  It then asks you to pay a certain fee for their special antivirus to clear the infections for you.  For those that do pay, it opens up their computer to more malware and spyware to infect the computer.

 

 

Once your computer is compromised, it is almost impossible to know exactly what has been modified, which makes it that much harder to actually remove the virus.  In most cases, your computer will need to have Windows reloaded onto it.  The Tech Squad here fixes these kinds of problems for a $25 dollar flat fee.  (However, if we have to order any parts for your computer, we will have to charge you for the parts.)  This is really cheap compared to Best Buy and any other computer repair medium as most of them charge $50 to $100 just to look at your computer.

 

I would also like to add that PC Optimizer Pro is not the only fake program out there that can compromise your computer’s security.  There are many different types of programs and websites that are not safe.

 

We must be careful about what we do on the internet!!!

 

I know we all like to believe that everyone on the internet has the best intentions.  Sadly, this is not the case at all.  There are many people out there trying to steal identities and financial information. The easiest way to do this is through the internet.   I wanted to find out what a word meant one time, googled it, and chose one of the first sites I saw.  Turns out, the second I clicked an “Encyclopedia” site, a fake antivirus popup started searching my computer.  Even by the time I had stopped it, it had already disabled my internet and my antivirus.  FUN!!  I wasn’t even downloading anything  and my computer pretty much became an expensive paperweight, all because I didn’t double check exactly where I was getting my information.

 

We also have friends or family that like to use our computers as well.  It is good to keep an eye from time to time as you never know what they are adding to your computer.

Coming in Part 2: “FrostWire/LimeWire/Share bear etc. are not safe ways to download free stuff!!!”

You need to make sure your PC is not infected. You can do that by checking websites created by the DNS Changer Working Group (DCWG), a cross-industry team of experts. The list is posted here.

Sophos also provided an informative video:How not to lose your internet connection

The vulnerability that Flashback exploits is a known vulnerability in Java. Apple has issued a patch and Kaspersky has an online detection and removal tool available.

According to Dark Reading, This is a good example of why Mac users are an APT (Advanced Persistent Threat) attacker’s dream come true:

[Mac users might not have a lot of exploits to worry about, but their lack of security worries makes them an APT attacker's dream come true. See Anatomy Of A Mac APT Attack. ]

At the college where I am Net Admin, we have posted notices to all Mac users to protect themselves against this threat. We have also patched our 75+ iMacs in the Graphics Design and Photography labs.

With the growing popularity of Macs in the enterprise and with many consumers moving to “all Apple” technology — probably spurred on by the popularity of the iPhone and iPad — it’s no surprise that attackers have begun to zero in on the Mac.

Fortunately, there is free protection available to Mac users: ClamXav is available on ClamXav’s download page or in the Mac App Store.

Source: FortBendNow.com

I have been getting a deluge of spam comments to my various posts on this blog from a one Glory Johnson who goes by various nicknames. The most common nickname is “Glory39,” but the number is a moving target; “she” has posted as Glory342, Glory50, Glory34, and Glory38 among others. Well over 50 comments just today and they are still coming in. This is obviously a come-on for a scam, I’m just not sure what kind. I doubt that “Glory Johnson” is actually a female, nor does she have amorous intentions.
See what you think about the text of the comments. They are all identical, regardless of which version of “Glory” is posting them:

Hello
My name is glory johnson
i saw your profile today techtarget.com) and
became intrested in you,i will also like to know you the more,and i
want you to send an email to my email address so i can give you my picture for you to know whom i am.Here is my email address ( gloryjohnson001 at yahoo.com)
I believe we can move from here!I am waiting for your mail to my email address above.
glory.
(Remeber the distance or colour does not matter but love matters alot in life)
please contact me here ( gloryjohnson001 at yahoo.com)

I decided to play along and use one of my anonymous email addresses to appear to take the bait. Here’s what I sent to “her” email address:

Subject: I will like to know you the more
From:xxxxxxx
8:09 PM (16 minutes ago)
To: gloryjohnson001@yahoo.com
Hello,

You sent me this. I am wanting picture.

Hello
My name is glory johnson
i saw your profile today(techtarget.com) and
became intrested in you,i will also like to know you the more,and i
want you to send an email to my email address so i can give you my picture for you to know whom i am.Here is my email address (gloryjohnson001@yahoo.com)
I believe we can move from here!I am waiting for your mail to my email address above.
glory.
(Remeber the distance or colour does not matter but love matters alot in life)
please contact me here (gloryjohnson001@yahoo.com)

Unless this post has just tipped off the scammers, I’ll keep you posted on what transpires.