Don’t Let Conficker Ruin Your April Fool’s Day

By now, hopefully EVERYONE has heard of “Conficker”. If not.. you have very little time to make sure you don’t become “The Fool” this April 1st.

Computers infected with the infamous Conficker worm will start scanning the Internet for instructions this April Fools’ Day, and the results might not leave you feeling like it was a funny joke.

CBS’s “60 Minutes” ran a piece on Conficker last night, and my phone has been ringing off the hook today from clients concerned about whether they should be concerned.

To that question I would answer, “Relax, but be vigilant.”

Some analysists estimate that 54% of the affected computers that already have the Conficker worm sitting there waiting to do whatever it is the creator has designed it to do, are machines in China, Russia, India, Brazil, and Argentina, where many people use unauthorized Windows knockoffs. (Microsoft doesn’t provide all its patches to unlicensed copies of Windows, leaving the vulnerable machines free to attack.)

If you have a legitimate copy of Windows, and you have installed the patch Microsoft released back in October 2008, you “should be” fine. Just to make sure, double check that you’ve got the patch installed on your machine. (MS08-067)

The update in question was probably installed in late October or November of last year; look for Security Update for Microsoft Windows (KB958644). If this patch isn’t installed, browse to Microsoft’s Download Center to retrieve and install it.

If your PC is blocked from visiting this site, use a noninfected PC to download the patch to a removable medium and install the update on the wormed PC from that device.

Next, run Microsoft’s Malicious Software Removal Tool (MSRT). The latest version of this Microsoft tool identifies and removes all of the Conficker variants I’ve heard about. The easiest way to get MSRT is through Windows Update, but if you can’t get through to that service on the infected PC, borrow a computer and download the tool from Microsoft’s site.

Another sure tipoff that your computer may already be infected is if you have trouble connecting to your Anti-Virus update site. One of the things Conflicker (and it’s variants) was programmed to do was to block you from accessing updates to your Anti-Virus program site.

If your PC is already infected and you can’t access your AV Update site, a technical trick might enable you to visit a site that Conficker is blocking. Instead of entering the site’s domain name in your browser’s address bar, enter the site’s dotted-decimal IP address instead, which Conficker doesn’t seem to interfere with.

One way to learn the IP address of a Web site: using an uninfected PC, open a Firefox window and install the Show IP browser extension. With this extension enabled, the IP address of whatever site you’re visiting shows up in the browser’s status bar.

Of course, if you navigate to a site using its IP address and then click a link, the site will probably use a spelled-out domain name in the link. Conficker would block the resulting page, which you’d have to replace manually with its dotted-decimal equivalent. A pain in the butt for sure, but a lot less painful than the alternatives if you are already infected.

Third-party applications, especially media players, are more likely to suffer from security holes than Windows itself is. The security firm Secunia.com offers a free scan, informing you when your PC is running an insecure version of an application that has a security patch available.

the Secunia Software Inspector offers three options: (a) a free online scan; (b) a free download for individual users; and (c) a LAN utility for IT adminstrators. (I use the free online scan).

I run Secunia Inspector every time they send me an email that something needs to be checked. They have an email sign up box after you do a scan the first time that will notify you automatically when updates need to be checked. I highly recommend everyone using this site.
http://secunia.com/vulnerability_scanning/

It’s best to strengthen your defenses before April 1st rather than waiting to see what bad things might happen.

Good luck on Wednesday!

Until Next Time… 

 

Ed

Don’t Fall for This Scam!

This is EXACTLY the kind of thing MX Logic will stop before you have a chance to click on it and self-inflict all sorts of damage on your computer!

 

If you get something like this… DO NOT OPEN IT!   DO NOT FALL FOR THIS!!!    DO NOT CLICK ON ANY LINKS BELOW THIS LINE IN THIS POST!!!

 

postcards.org

 
You have just received a virtual
postcard from a family member!
.
You can pick up your postcard at
the following web address:
.
http://www.postcards.org/?d21-sea-sunset
.
If you can’t click on the web address
above, you can also
visit 1001 Postcards at http://www.postcards.org/postcards/
and enter your pickup code, which is: d21-sea-sunset
.
(Your postcard will be available
for 60 days.)
.
We hope you enjoy your postcard, and if you do,
please take a moment
to send a few yourself!
You can do so by visiting this web address:
http://www2.postcards.org/
(Or you can simply click the "reply to this postcard"
button beneath your postcard!)
.
We hope you like the postcard !
.
Regards,
1001 Postcards
http://www.postcards.org/postcards/

 

Clciking on the postcard someone in your family SUPPOSEDLY sent you will unleash all sorts of havoc on your computer!  DON’T DO IT!

Check Here Monday for a VALUABLE RESOURCE you can use to speed your way through the Social Marketing Maze!!

 

Have a Great Weekend!

 

Ed

 

 

Updates Without Your Permission

Holy cow!  One of the two monsters of the Internet is at it again.  For all of our newer clients who have not followed my thought processes over the years as to the “Two Monsters” I so lovingly refer to, they are “Google” and “Microsoft”.

 

Microsoft has begun patching files on Windows XP and Vista without users’ knowledge, even when the users have turned off auto-updates!

 

In recent days, Windows Update (WU) started altering files on users’ systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC.

 

It’s surprising that these files can be changed without the user’s knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft’s latest stealth move, updates to the WU executables seem to be installed regardless of the settings — without notifying users.

 

When users launch Windows Update, Microsoft’s online service can check the version of its executables on the PC and update them if necessary. What’s unusual is that people are reporting changes in these files although WU wasn’t authorized to install anything.

 

For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn’t need permission to patch Windows Updates files, even if you’ve set your preferences to require it.

 

To make matters even stranger, when I search on Microsoft’s Web site, there is no information at all on the stealth updates.  Let’s say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system.  You’d be hard-pressed to find the updated files in order to download them.  As of this writing, you either get a stealth install or nothing.

 

Microsoft appears to have no malicious intent in patching them. However, writing files to a user’s PC without notice (when auto-updating has been turned off) is behavior that’s usually associated with hacker Web sites.  The question being raised in discussion forums is, “Why is Microsoft operating in this way?”

 

It’s important to note that there’s seems to be nothing harmful about the updated files themselves.  There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches).  My biggest gripe is the mechanism Microsoft is using to perform its patching, and how this mechanism might be used by the software giant in the future.

 

On another note pertaining to Microsoft and their updates, Microsoft patched four vulnerabilities this month, but you’re still not entirely safe.

 

There’s a dangerous unpatched vulnerability, and the bad guys are actively exploiting it.  Until Microsoft releases a fix for the severe vulnerability involving Visual Basic, guard your systems against files that have a .vbp (Visual Basic Project) extension.

 

We considered putting a server-wide block on incoming email that contained a .vbp file attachment, but taking that step would keep you from running any legitimate VB projects.  So instead, I’m just sending you a MAJOR CAUTION FLAG to NOT open any attachments that may find their way to your in-box that has a .vbp extension unless you are absolutely, positively, without any shadow of a doubt, sure of who sent it to you, and that whomever sent it is free of any infections in their Visual Basic programming.

 

Finally… some readers last week expressed concerns about the recommended resource I referred you to (Secunia) to scan your system for outdated files, wondering about it’s safety.  Let me emphasize, the scan is safe, it is free, and can take you a couple of steps further along in the “Protect Your PC and Data at All Costs” goal.

 

Since their privacy policy seems to be hidden on their site, I did a little digging and found it (for those who even care)… and it can be found here:

https://psi.secunia.com/?page=privacy

 

If you had problems running the scan on your system for some reason (a few select users apparently encountered errors), it may be due to you either having major system files out of date, cookies disabled, or a couple of other things that I am not going to get in to in this post.  My only suggestion is, try it again, and also sign up for their software update reminder service.  It too is free, and they will not spam you or sell your address to any third parties.

 

I ran my system through their scanners again yesterday, (only a week after updating everything the first time) and found two more outdated applications that need to be updated to prevent vulnerabilities.  So again, I encourage you to bookmark their site, and make it a weekly part of your PC Maintenance to scan your system for outdated applications.

http://secunia.com/software_inspector/

 

That’s it for today!  Be safe, and have a great weekend.

 

Ed

Unpatched Software Could Be Hazordous to Your Wealth

Keeping your computer safe from security flaws is important, but many people haven’t patched their media players and other run-time software: Java, Flash, QuickTime, Adobe Reader, and RealPlayer.  This exposes you to infected media files.

 

Here is a service that scans PCs for applications that lack available security patches.  I highly recommend you run this test on all of your computers.

 

Secunia.com provides you with aggregate counts of the number of products installed and the percentage that are unpatched.
http://secunia.com/software_inspector/

 

I ran the full system scan on my computer and found 2 of 11 of my applications were not up to date.  You should run this on your machine to make sure you don’t have applications running that may be vulnerable to security or attack.

 

When you get to the main page, just click on Start Now.  You’ll be asked if you want to enable the Inspector to search for software installed in non-default locations.  Since it’s the first time running this… I’d recommend you check the little box and just let it scan your entire computer and external devices attached.  On my system with two external hard drives and a ton of files and software, it took about 15 minutes to complete the entire computer scan.  Just grab your favorite beverage and let Secunia do it’s thing.

 

Once finished, it will show you how many of your applications are NOT up to date…and a link to get them updated.  After doing any recommended updates, there will be an option to allow Secunia to notify you upon any releases or updates being available to you.  Go ahead and sign up for the automatic email notifications.  That way… you don’t forget to perform this system-wide scan (at least monthly) for any recommended updates.

 

If you have to update any applications, be sure to do a system re-start to enable those applications to fully install the updates and remove any vulnerable versions that may still be sitting on your hard drives.