ComputerSecure Blog

photo credit: Zesmerelda

…are Very Nasty Trojan Horses.

What are these Trojans?

First, from Wikipedia:
‘Torpig, also known as Sinowal and Mebroot, is a type of Trojan horse which can affect computers using Microsoft Windows as their operating system. Torpig turns off anti-virus applications, allows others to access the computer, modifies data on the computer, steals confidential information (such as user passwords) and installs more malware on the victim’s computer. As of November 2008 it has been responsible for stealing the details of about 500,000 online bank accounts and credit and debit cards and is described as “one of the most advanced pieces of crimeware ever created”.’

That’s all from there. Just scratching the surface really.
The quote, by the way, “one of the most advanced pieces of crimeware ever created”, seems to come from a spokesperson at security company RSA, UK.

How nasty are they? Very. See this article at the BBC.

I mentioned these trojans in a previous post.

Then I began to think about readers here: they will want to know whether their PC is infected, and if so, what to do about it.

Are you infected with Torpig, Sinowal or Mebroot?

Firstly: if you DO have one of these trojans your PC is NOT SECURE. Do not do any banking, shopping or anything that involves using your passwords or private information.

This malware puts you at risk of identity theft. Here is some advice about what to do if you think you might have become a victim of identity theft.

How to Detect Torpig, Sinowal or Mebroot

The following programs seem to be able to reliably detect the presence of these trojans.

1. SpyBotS&D

Judging from various reports, I believe SpyBot, the free spyware tool, will tell you if you are infected.
That’s SpyBot-Search and Destroy aka ‘SpyBotS&D’.

SpyBot is free: you can download it from the link on our page.

2. Free online virus scan fom Kaspersky.

Also, Kaspersky Lab’s free online scan should detect these trojans.
This a thorough scan, performed via your internet connection, and will probably take some time.

3. A free trial of Kaspersky Anti-Virus.

Also, you could download the free trial of Kaspersky Anti-Virus.

In some countries outside the USA links to free trials may not operate as expected: if so, download the free trial of Kaspersky Anti-Virus 2009 from us here.

4. The free version of avast! antivirus.

See the link on our main anti-virus page.

5. Malwarebytes’ Anti-Malware

This is free to download and use. No payment is required unless you want to activate extra features later.
I don’t know to what extent Malwarebytes’ Anti-Malware can always detect Torpig, Sinowal and Mebroot. However, as you can see on this CastleCops thread about Mebroot help, the expert there definitely wanted to see what the Malwarebytes Anti-Malware scans reported about trojans and malware on the user’s system.

Remember, the worst trojans are often ‘combined threat’ malware: there is every chance that, once they have made their nest in your system, they will try to download more virus and spyware programs onto your PC. That alone is enough of a reason to have a quality tool like this that can check for malware on your PC.

You can download Malwarebytes Anti-Malware from us, it’s free.

Some important points to note about these trojans.

• These trojans like to hide: not every security program will find them.

• These trojans may attempt to turn off security software you have installed.

• These trojans have a reputation for coming back even after you have taken steps to remove them. (That’s what a rootkit can do to you.)

There might be variations an the exact names of the trojans, e.g. one is “Backdoor.Win32.Sinowal.ce”.

Now I hope to goodness you are not infected with any of these trojans.

But what if you are infected?

Firstly, remember that a main role of anti-virus and security software is to prevent this kind of thing from ever getting onto your PC. It is a lot easier to keep these things out than it is to repair a compromised system.

Read the rest of this entry »

photo credit: problemboard

I saw it, out of the corner my eye, on the TV news.
Then I saw it in the Washington Post. (Links are below.)
A web hosting company has been cut off. A company that (allegedly - nothing proved in court yet) has been helping to send millions of spam emails.
You will see, if you read the article, that some spam ‘watchdogs’ estimated that about 75% of all the current spam was connected to this company.
“Researchers have found that on any given day, about half of all spam sent through the top botnets are ads for male enhancement products and other knockoff designer drugs…”
Ah yes, I know the ones. I get those spams.
Flavour of the year for 2008 has been the suggestion that I might do better in “the bed games” or get help with my “men’s libido”.
Personally, I don’t like to filter spam emails. I prefer to get them all and read them all. That way I get an impression about how many there are, what they are trying to do and how they mean to do it.

Why worry about spam?

So we get some spam emails. That shouldn’t worry us too much. Should it?
What we should worry about is all the other associated nastiness, like botnets and Trojans.
Why? See our easy glossary of computer security terms - referring to botnets and zombies.
What is a Botnet?
What is a Zombie Computer?
In a nutshell, the spammers seem to find that it is a simple matter to invade and control the computers of other people such as users of the web, users of email, chat, social sites etc.
How do they DO that? With Trojans of course.
What’s a Trojan? See our page about viruses, worms and trojan horses.
The Washington Post article says: “…cyber criminals… push out new versions of the “Torpig,” or “Sinowal” Trojan horse program, which is widely considered one of the stealthiest and most sophisticated families of malicious software in existence today.”
And “…a single cyber crime group has used the Torpig Trojan to steal more than a half million bank, credit and debit card accounts from infected PCs over the past two-and-a-half years.”

Read the rest of this entry »

This blog got about 30 spam comments in the last day or two.

So, I have just installed Yawasp - “Yet Another WordPress Anti-spam Plugin”.

If it is working properly, readers and people commenting on the blog will never even know it’s there.

If it not workng properly, then if you post a comment you may be falsely identified as a spam bot. Please don’t take personally if that happens - it’s just something wrong at this end.

I tried Google’s new browser, ‘Chrome’, a few week ago.

It seemed to be very fast and has some interesting features.

Click for bigger image in separate window.

I normally use a Linux system: as of today Chrome is not available for Linux, but it will be some time soon. I tried it on a Windows machine just because I’m curious.

What is the Chrome Browser?

I won’t use much space here for a full description of Chrome and what it is aiming to do.
You can read all about that at Google, in comic book format
That’s a detailed description, 38 pages.

The short version: main points:

These days web users access a lot of web applications rather than static web pages, so it would be good to have a browser optimized for that kind of usage.

Some of the things Chrome developers want to achieve:

(Pop-up pages will be confined to the tab they originated from.)

Processes run with restricted rights - they cannot just read and write anywhere on your hard drive. Also Chrome will know a blacklist of bad websites so it can warn about potential threats.

In this mode Chrome does not record any of your browsing history or keep the cookies

_____________________________________

I see on the internet that people have a lot of questions and opinions about Chrome and what Google is doing.
For example:
What exactly is Google planning by way of a business strategy, and future applications?
Why do they really want to develop a browser?
Should Google even be getting into browsers?
How much control of the web does Google want?
Will there be another browser war?

Well, I can’t answer those questions.

What I have here are some notes and impressions about what it was like for an ordinary user to download, install, and give Chrome a quick trial.
_________________________________

Downloading and Installing Chrome

First, just a niggle: I didn’t like the look of the terms and conditions: there was something about keeping Google up-to-date with my personal details. But it’s not really any different from many other license agreements.

But there is something that this should remind us about: using the internet is increasingly a matter of connecting with other people. The biggest money and traffic on the web is at the social sites - the social web. This means places like Yahoo Groups, Gmail, FaceBook and so on. Places where people can become known, share their thoughts, preferences, bookmarks, pictures, news. If, like me, you are concerned about privacy and security on the web, then let’s face it - we belong to a different age. Privacy is not the default setting any more.

Also in the Google terms and conditions there was a suggestion that I might want to print the terms for later reference. Does anybody actually do that?

When I continued to download and install Chrome it did not ask for my details anyway. I suppose that would come if or when I actually want to “access services” that they mentioned.

The installer offered to import bookmarks, passwords (!!) and other settings from Firefox.
No Thanks.
I do not like keeping passwords in any browser’s password utility.
Here’s why: Page about password security at ComputerSecure.net.

So, in summary:
Installation: Fast and easy. Pretty much a one-click download, one-click installation.
Start-up of Chrome browser: Fast.

__________________________________

Configuration Options

Let’s check the options.

Click for bigger image in separate window.

Options in the ‘Under the Hood’ department.

• A place for a proxy setting.
• Option for DNS pre-fetching for fast browsing.
• Phishing and Malware protection.
• SSL settings.
• Cookie Settings.
• Something about “Gears”.

Read the rest of this entry »

Visit CastleCops for help with security problems

Ever since I started this site I have been intending to tell visitors about another site. That is, Castle Cops.

It’s nice to see that there are other sites offering to help with computer security. Especially when, like Castle Cops, they provide help for free.

When I started this site I had some anxiety: what I would do if visitors came here and emailed me about detailed, technical questions relating to a stubborn spyware or virus that had made its home on their computer?

I made a page pointing to free help with virus emergencies: free and online virus scanners and removers.

But I still think: what if somebody asked me about some very stubborn malware they could not remove?
What if they said “I tried some of the free online tools on your site, but this thing is still in my PC. Help!”

And the solution is…

Read the rest of this entry »

As I mentioned in a previous reply to a post, I had more to say about WOT than I managed to include in one post.

For one thing, I wanted to mention that the blog at WOT currently has a lot of discussion about keeping safe when shopping online.

That’s a thing to be aware about at this time of year.

And another thing was that the news page at WOT is very informative about what kinds of threats are out there on the interwebs.

Here is an exerpt from WOT’s news: my reasons for mentioning it are below.

____________________

Epidemic of Fake Anti-malware Products Threatens Internet Users

The latest trend of security threats against Internet users employs software products which pretend to be security tools that help rid your computer of spyware. In a new video series, WOT shows what can happen to your computer if you visit a risky or dangerous site. In the first of these video presentations, you will see examples of online scams and malware threats in action, satisfying your curiosity while keeping your computer safe.

New York, NY September 17, 2008
Fake anti-malware software, marketed under hundreds of different names, scares users by giving false spyware alarms and then tries to deceive them into paying for removal of non-existing malware. The goal of these criminal software makers is to make people pay for the “full” version of their bogus anti-malware product and to collect financial information that can be used for phishing.

The fake security product often installs malicious software to download itself or executes other unwanted actions. The user is shown fake messages such as, “Warning! Your computer is infected with spyware”, followed by a promise that the chargeable version of the tool will remove this non-existing threat. These tools are promoted using hundreds of different names, such as XP Antivirus 2008 and XP Antivirus 2009.

“Web of Trust offers Internet users a common platform for sharing their experience with websites and companies, making Web 2.0 work for a safer Internet,” said CEO Esa Suurio, from the Web 2.0 Expo in New York City this week.

How to get protection from these threats:

WOT, Web of Trust, provides Internet users with preventive protection against online threats. The WOT security add-on warns users about dangerous and suspicious websites to help them avoid spyware, browser hijacking, identity theft, phishing and other Internet scams. Website rating information is updated continuously by the user community and numerous trusted sources, such as listings of malware and phishing sites. The free security add-on works with Internet Explorer and Firefox browsers and can be downloaded at www.mywot.com.

More articles are on the news page at WOT.
____________________

Now there was something about this that got my interest.

This is a bit round-about, but just bear with me for a moment.

I occasionally do some ‘keyword research’ about internet security and computer security. (That’s what we website owners do when we want to know what people are searching for on the internet.)
A couple of years ago I made my first pages here about spyware and anti-spyware software.
My keyword research showed me that a lot of people search using terms like ‘best antispyware’, ‘top antispyware’ and so on.

Nobody was searching for the terms that occurred naturally to me: e.g. ‘quality antispyware’, ‘reputable antispyware brands’, trusted antispyware software’.

Now this is all very well: people don’t want to spend all day evaluating different software and comparing lists of features just so they can get some protection from spyware.

So people think ‘Okay, I’d better get that spyware protection issue sorted out: just tell me, Favourite Search Site, which is the Best One.’

But, in reality, searching for the ‘best antispyware’ or ‘best antivirus’ is not necessarily going to lead anybody to a trustworthy piece of security software.

Read the rest of this entry »

WOT (Web Of Trust) is a free site advisor service you can use.

And what is a ’site advisor’?

The purpose of a site advisor is to alert you about bad websites. That includes websites that are known to engage in suspicious activity, to harbour spyware, to spread malware or are known to be in bad internet neighbourhoods.

So WOT is a tool that you can install. (It is, to be specific, a browser add-on.)
Then while you are browsing the web WOT will alert you to sites that are known to be unsafe. For example when you search at Google WOT will alert you if any sites among the search results are known to be unsafe.

But don’t bother reading a long-winded explanation from me about how it works in your browser: you can just watch their demo video.

WOT gets information about suspicious websites from a variety of sources, the kinds of services that monitor the internet and keep lists of sites where there is spyware or viruses, or that are associated with phishing, spam or fraud. (These watchdog services include PhishTank, TRUSTe, hpHosts, DNS-BH Malware Domain list and Artists Against 419.)

But, in addition to that, WOT is also a “community-driven” security tool. This means that WOT users constantly report back to WOT about bad websites they encounter.

WOT is completely free to use.

The WOT project itself is a big endeavour and there are people, including the government of Finland, investing money to make it happen. No doubt they expect their investment will pay off eventually. But they are not asking users to pay for the service.

See www.mywot.com.

Read the rest of this entry »

Well how about that: There is A Month for computer security.

StaySafeOnline.org has declared October to be the month of cyber security.
I am happy to send some link-love to people who fill up web sites with helpful information about keeping safe online.

Also they produced this handy article that sums up the basics for staying safe on the internet.
Here it is: I have added links to relevant pages on computersecure.net.

Top Ten Ways to Stay Safe Online

The Internet is supposed to make our lives better, and for most of us, that’s exactly what it does. But the Internet has a dark side, and unless we take the proper precautions, this wonderful tool can end up causing us more harm than good.

October is National Cyber Security Awareness Month, and it’s a good time to take a hard look how our online behaviors may be putting us in harm’s way.

You don’t have to be a computer genius to protect yourself online and you don’t have to spend a lot of money. By following a few common sense tips, you can make the most out of your Internet experience, while protecting you and your family from online threats.

1) Protect your computer:

The best thing you can do to keep the bad guys out of your computer is to use three inexpensive technologies: anti-virus software, anti-spyware software and a firewall. Some security companies provide all three in one easy-to-use package.

2) Protect your identity:

On the Internet, your personal data (social security number, birth date, etc.) is extremely valuable and can be used against you. Keep it protected.

See information on this site about identity theft.

Read the rest of this entry »

photo credit: The Jamoker

by Jim DeSantis

Identity theft is one of the fastest growing crimes in America. Every day thousands of people suffer immediate financial hardship and long-term difficulty because their personal information has been compromised. But there are free steps you can take to protect yourself.

For the seventh straight year, the Federal Trade Commission says identity theft is the largest consumer complaint and the fastest growing crime in America. In 2007, the FBI reported that identity theft affected 9.91 million Americans. There are probably many more cases that went unreported. It accounted for $52,600,000,000 (billion) in losses in 2007.

In a way we can thank the U.S. Congress for the increase in identity theft. Congressionally-mandated use of the Social Security number as an identifier facilitates the horrendous crime of identity theft. Thanks to Congress, an unscrupulous person may simply obtain someone’s Social Security number in order to access that person’s bank accounts, credit cards, and other financial assets. Many Americans have lost their life savings and had their credit destroyed as a result of identity theft. Yet the federal government continues to encourage such crimes by mandating use of the Social Security number as a uniform ID!

Read the rest of this entry »

photo credit: gruntzooki

by Paul McIndoe

More Details at: http://www.barclays.co.uk/online-saving.html

April 2008 saw the arrival of the Infosec Show in London, where top IT security companies came together to discuss the hot topics in the information security industry. One of the hottest of the hot topics discussed at the 2008 show was the increase in phishing (or Internet fraud) and related fraud attacks over the previous year. Mark Bowerman, spokesperson for card payment agency Apacs, said that the Internet provided an extra area for fraud scams and warned that if people weren’t careful, they could potentially become victims of credit card and other types of fraud and identity theft.

Bowerman also reflected, however, that despite warnings over the security risks inherent in Internet shopping and Internet banking in particular, the number of people banking online was increasing - proving that, for many people, the benefits of managing your finances through the Internet were clearly outweighing the risks.
Read the rest of this entry »