CAUTION! Do Not Open These!

CAUTION:  DO NOT OPEN THESE!

 

If you get an email with the subject line:

 

Spyware Alert!,  Virus Alert!,  Worm Detected!, Trojan Alert!,  or some other warning notice of similar subject content, DELETE IT IMMEDIATELY and DO NOT Click the link in the email that recommends you to install a patch!

 

Here is what the email looks like:

===================================================

 

Dear Customer,

Our robot has detected an abnormal activity from your IP adress
on sending e-mails. Probably it is connected with the last epidemic
of a worm which does not have official patches at the moment.

We recommend you to install this patch to remove worm files
and stop email sending, otherwise your account will be blocked.

Customer Support Center Robot

 

======================================================

 

These emails could also be signed as “Support Team Robot”, “Postmaster”, “Abuse Team”, or any other signature that tries to make you think it was sent from someone in authority.

 

These are NOT coming from me.  Hopefully you already know this game well enough by now to know I would NEVER EVER send you an email notice like this.

 

So even if you THINK I sent you something of this nature…. think again.  I would never send you an update link embedded in an email… ESPECIALLY something like this.

 

Be diligent and cautious in opening ANY suspicious looking email right now.  There are a TON of bogus and spam/virus related email schemes circulating around the world right now.

 

Have a safe surfing day!!

 

ED
 

Greeting Cards

Hope everyone had a wonderful and safe 4th, and you’re going “Easy on the 5th”. 😉

 

I also hope that no one has been living in a closet to not know that the most prolific spam and virus monster to travel the Internet in quite some time is making it’s rounds disguised as a “Greeting Card from a Friend”…etc.

 

Here is a MODIFIED example of one of these email’s that LOOKS real… but careful analysis would tell you otherwise!  DO NOT click on the link in this example… just MOUSE OVER IT!
==========================================

 

Hi. School mate has sent you a postcard.

 

See your card as often as you wish during the next 15 days.

 

SEEING YOUR CARD
If your email software creates links to Web pages, click on your card’s direct www address below while you are connected to the Internet:

http://75.66.76.94/?c3a9ebeed435601e5ee71

Or copy and paste it into your browser’s “Location” box (where Internet addresses go).
  

PRIVACY
BlueMountain.Com honors your privacy. Our home page and Card Pick Up have links to our Privacy Policy.

 

TERMS OF USE
By accessing your card you agree we have no liability. If you don’t know the person sending the card or don’t wish to see the card, please disregard this Announcement.
We hope you enjoy your awesome card.

 

Wishing you the best,

 

Postmaster,

BlueMountain.Com

 

=============================================

Looks pretty legitimate, huh?  When you see only an IP address, this is a DEAD GIVEAWAY that a site is fake!  The legit BlueMountain.com website would NEVER do this.  NEVER!

 

This is exactly why I do NOT open even legitimate online Greeting Cards.  Those things are dangerous.. and now.. my long time preaching about why NOT to send electronic greeting cards to anyone is coming true!!

 

If you have opened even ONE online greeting card in the past month… I STRONGLY suggest you do a COMPLETE virus scan of your system and files.  One client called me this morning in complete distress over opening a greeting card he thought his daughter had sent him, only to find out it was a virus laden spoofed greeting card, and he just about lost his entire system!!

 

Folks…  be smart.  Stay the heck away from those things.. and DO NOT OPEN (or SEND anyone) an online greeting card, or a link from anyone saying they had sent you an online greeting card.

 

You have been warned!

 

Have a great Thursday!
Ed

 

 

Boiling Like Frogs

Since completing my recent whirl-wind conference schedule, I have been battling a severe throat infection that just won’t go away.  I could count on one hand the number of times I’ve been actually SICK in the past ten years, but this has been one of them!  Started today on a more potent antibiotic… so hopefully this will be short-lived now.

 

Wanted to (last week) send you this article… but just didn’t have the fortitude to type it all out… (still don’t to be perfectly honest)… but here goes anyway….  I will post a follow up to this article tomorrow… so please take the time to read both… as both go hand in hand for what I am recommending everyone take action on at this time.

 

You must have heard the story about the frog that sits in a pot of water that is gradually heated. The process is slow and the frog doesn’t notice as the temperature inches up, even when it gets quite hot. Finally, it is too late and the frog is boiled.  Well, we are all frogs in the computer security pot and it is getting awfully hot.

 

The manufacture and application of malware is no longer the province of script kiddies, thrill-seeking hackers, and occasional malcontents. It has passed into the hands of professionals who are in it for the same reason as bank robbers- money. These people are in the full-time business of removing your wallet. They are located all over the world and are almost impossible to prosecute (if they are ever caught). Not only do they use sophisticated programming but like other types of con men they are masters of psychology and social engineering.

 

It isn’t just individuals who seem to be ignoring the rising heat. Institutions like banks have been shameful in their neglect of basic security practices. It’s the old story of human behavior when faced with an unpleasant prospect. They hope it’ll go away and they won’t have to actually confront the situation. Security is too much work. Security is inconvenient. Security is unpleasant. Security costs too much.

 

Well, the problem is not going away. It’s only going to get worse; there are too many easy pickings for the international gangs.  The statistics that get reported are very discouraging. There’s no way of knowing the true numbers but various studies show that maybe 10 to 20 percent of PCs (or more) contain malware. Much of this is some form of Trojan horse that makes the unwitting owners of the infected zombie computer part of “botnet” rings. Even a small number of infected machines is a problem. The Internet is like a giant organism with low resistance and a few infected machines rapidly multiply their numbers.

 

In my opinion, this is a situation that is rapidly getting out-of-hand. It’s a mess that gets more complicated by the day. You are supposed to have a vast collection of software to guard you. You need a firewall. You need anti-virus, anti-Trojan, anti-spam, anti-phishing, anti-spyware. And of course, all of these programs don’t always play well together. Yes, you can get suites but so far there is no suite without at least one or more inferior components. All these things running in the background result in a big hit to system performance. Next, you need constant security updates for all of this. And you also need security fixes for all kinds of other applications. You need to update Windows. You need to update your browser. You need to update Microsoft Office. You need to update Flash, You need to update Java. And so on. Then there is the problem that not everybody bothers to update. The software companies are trying to make the updating as automatic as they can but the statistics on the results are not good.

 

Everyone gets “patch fatigue”. We’re numbed by the constant drumbeat about new malware. Even businesses with full-time IT staff have a hard time keeping up. The fact is, even with constant updating, systems are still vulnerable to so-called “zero-day” and undocumented exploits.

 

Moreover, it’s not just the PC that is a problem. People are becoming more and more connected. Cell phones, iPods, Blackberrys, and other similar instruments are ubiquitous. The criminals are not neglecting these fresh pastures.

 

I could go on and on with the lamentations and hand-wringing but all that becomes a bit boring.  Let’s look at possible answers.  We have to begin with the sad fact that our fellow human beings are not to be trusted. Most of us are basically decent and responsible people who do not steal or enjoy vandalizing other people’s computers. We would prefer to be able to use the Internet in a spirit of community and trust. Unfortunately, there are always hoodlums, charlatans and sociopaths waiting to take advantage of our trust. So we have to stop believing everything we read on the Internet. We have to treat all emails as possibly suspicious and never click on any links they contain. We have to regard unfamiliar Websites as potentially dangerous. We must test anything we download before we install it to see if it is malware. We have to trust less and verify more!

 

Also, there is no getting around the fact we must give up a lot of convenience. There is a clear trade-off between ease-of-use and security. Locked doors are less convenient to use than open doors. For example, online operations like banking will have to involve longer procedures. Security can be tedious but we must learn to live with computers that are harder to use. Reports on the Web about the annoyances of the new security features in Windows upcoming release of Vista illustrate that point.

 

Some people (usually officials who want headlines) suggest that more laws are the answer to the security problem so they urge or pass laws against Internet fraud. These efforts are so pathetic that I have to wonder how seriously the law-makers really take them. There are plenty of laws against fraud already. Does anyone really believe they are going to deter the gangs in places like Uzbekistan, and Iran, and Russia? However, if the legislators want to pass laws, there is a very important way they could help. Let them make fiduciary institutions like banks more responsible for security breaches. At present these institutions are woefully inadequate in guarding your personal data or in guarding against phishing. (There are some exceptions like Bank of America and Vanguard.)

 

If your identity is stolen, the burden is on you, not the bank. Let the legislators pass laws making the banks, stock brokers, etc. responsible for losses due to identity theft. Make them responsible for safeguarding your personal information. Make the institutions liable and then you’ll see a lot more security. Of course, this will cost money and make things like online banking less convenient but it has to be done. As long as it is really easy to steal somebody’s account information, thieves will thrive. As of now, institutions haven’t the incentive to do much about it.

 

I also believe the current notion that the PC should be an all-purpose machine with the same basic type being used by everybody from grannies doing email to big businesses with large applications is fatally flawed. Microsoft, Intel and Dell have a big investment in this model so we are probably stuck with it for a while but it makes no sense. A whole lot of the people who use computers at home simply don’t need the power and flexibility of the current PC and they are completely unprepared to do many of the security measures that these systems require. I deal with a lot of ordinary people who have little understanding of Windows and no interest in learning details about how a PC operates. They want something that works like their other appliances. They want to turn the PC on, do some email, surf a little and that’s it. The needs of this large section of the PC users could easily be met with a machine that is a lot safer and easier to use than the present PC type. It would also be cheaper and that’s the rub; there’s no money in selling a box with limited functions. Unfortunately, these average users are the very people who are the biggest security problem.

 

What about the defenses right there on our own PC? Can we improve them? Previously, I’ve written about “Do We Need a Paradigm Shift in Anti-Virus and Anti-Spyware Protection?”, where I suggested that the reactive approach with anti-everything software was clearly not working. The solutions mentioned in the previous article included using virtual machines and I think that may be the best practical solution.

 

There are various ways to configure your Internet browser to make your computer safer but that’s a subject that involves technical details and will have to wait for another time. Meanwhile, don’t let the scalawags out there ruin your enjoyment of the wonderful world of the Internet.

 

Tomorrow… I will continue this thread with a suggestive measure you can take now to help with your spam dilemma, which in turn will solve many other dilemmas for you as well.

 

Until then….

 

Ed

 

Care to comment on this article?  Your comments are welcomed below….

 

 

Dealing with Digital Disease

Dealing with Digital Disease

A virus is a program that replicates itself. It cannot exist on its own so it attaches to another program, usually an executable one. A worm is like a virus—it also replicates itself. However, it can stand on its own and does not need another program to run. It usually infects your computer’s networking features, which includes its internet connection.

Spyware and adware go hand-in-hand. Spyware is a kind of program which gathers information, specifically browsing habits. It tracks down what kind of sites you visit, and the adware will generate ads that fit with your interest which the spyware based on information it gathered in the first place.

Malware is malicious software. It’s any program that is useless, or worse, destructive. A Trojan a program pretending to be good but once it’s deep in your system it proves to be quite the opposite.

In spite of all their differences, they have one thing in common: they are out to give you headaches by rendering your computer unusable.

To protect your computer as much as possible from being infected, here are four dangerous activities that you should avoid, or at least minimize:

• Opening email attachments
Do not open any email attachments if they aren’t scanned by antivirus software. Worms can spread through email, so even a friend can unwittingly send you one by way of an attachment.

 

• Internet File-sharing
In file-sharing via the internet, your computer is exposed and open to others it is communicating with. If other computers’ files can be transferred to yours, the same thing can be said about a virus, if the others are infected.
 

• Downloading free software of questionable origins
Free software is free for a reason. If you bothered to read the End User License Agreement (EULA) of a software you are installing—which you probably didn’t—you most likely will come upon a short and tiny clause saying that if you agree to the terms, you are allowing advertisements to pop up on your screen, or other software to be installed in your system. So be careful with what you download. Read product reviews and find out if other people got headaches from using it.

 

• Visiting ad-heavy sites
If you visit a site and you’re immediately bombarded with pop-up ads, leave immediately. You might click on an ad that activates an automatic download of malicious software to your computer.

Here is a list of activities which you should be doing instead:

• Invest in good antivirus software. Going online without the protection of antivirus software is like going out naked in the snow. That’s just how vulnerable an unprotected computer is.

• Most antivirus software packages include an internet security program (also known as firewall). A firewall acts as a barricade between you and unwanted content from the internet. When buying antivirus software, it’s better to shell out for the internet security as well.

• Once antivirus software is installed in your computer, keep it updated always so it can recognize and remove newly released viruses.

• Whatever browser you are using, check that its security settings are all in default unless you really know what you are doing.

• Periodically delete files that you no longer use.

• Download spyware- and adware-removal tools and run them at least once a week. Be warned that many of these removal programs are a scam, so make sure that what you download is reliable. You can easily search for product reviews to check if the program is legitimate or otherwise.

• Back up all your important files all the time.

• If possible, have two computers at home. One will be used to connect to the internet, and the other should not be connected at all. The second computer will act as storage of all your important files so that even if the first one crashes, your life won’t be in ruins.

Don’t be dependent on removal tools and antivirus software packages, though. A bit of prevention is always worth a megabyte of cure.

Have a great weekend!

Ed