Archive

Posts Tagged ‘computer security’

Your Computer is Infected, Call This Number (Scam)

Just a quick post as i received a call from a client saying that he had a message on his computer today “stating that his computer has a serious virus and then asked him to call 866-628-4936 or a UK number to remove the virus” which was a voice speaking to him!!

This is defiantly a SCAM “DO NOT CALL THE NUMBER”

If you require any help or support with this problem please don’t hesitate to contact us or visit our website Remote computer repair

Kind Regards

IT Solutions Site Support Team

PCs Come Pre-Installed With All Your Favorite Malware

Malware and viruses are bad, but so long as you’re careful, your PC will stay squeaky clean, right? Maybe not. Microsoft has found that many PCs from China are coming with malware pre-installed, as many as a fifth.

As if bloatware wasn’t bad enough, the four offending computers all run forged versions of  Windows, forged versions of Windows with all kinds of nasty functionality baked right in. Generally, the malware is designed to control the PCs for use in a botnet, In worse cases, the viruses could remotely engage cameras and microphones.

You’re probably safe; most of the computers that suffer from this come from relatively unregulated markets like China. Still, even if your laptop is clean having more infected computers out there isn’t going to be good for anyone. Microsoft has been trying to fix the problem with a lawsuit, but it’s a big problem to fix. For the time being, don’t buy a new computer in China if you can avoid it

12 Month Computer Maintenance Support £5.75 per month


You can now subscribe to our 12 Month Computer Maintenance Support direct from our website for just £5.75 a month for each computer.
Why have the 12 month maintenance support?
We will schedule Monthly health checks and make sure your computer is covered against threats and malicious software
All support via remote technician.
Call us anytime in 12 months for help and advice regarding your computer FREE
To buy PC Security Services & Health Check http://www.it-solutions-site.co.uk/Support.html

Kind Regards
IT Solutions Support Team

Carberp banking malware upgrades itself

A piece of banking malware that researchers have been keeping an eye on is adding more sophisticated capabilities to stay hidden on victims’ PCs, according to the vendor Seculert.

Carberp, which targets computers running Microsoft’s Windows operating system, was discovered last October by several security companies and noted for its ability to steal a range of data as well as disguise itself as legitimate Windows files and remove antivirus software. It has been billed as a rival to Zeus, another well-known piece of malware.

Carberp communicates with a command-and-controller (C&C) server using encrypted HTTP Web traffic. Previous versions of Carberp encrypted that traffic using RC4 encryption but always used the same encryption key.

Using the same key meant it was easier for intrusion protection systems to analyze traffic and pick out possible communication between the infected Carberp computers and the C&C servers, said Aviv Raff, CTO and co-founder of Seculert. Seculert runs a cloud-based service that alerts its customers to new malware, exploits and other cyberthreats.

A new version of Carberp is mixing it up, using a randomly different key when it makes an HTTP request, said Raff. When it uses the same key, there are some static patterns that can be detected. Even Zeus, which is begrudgingly respected for its high-quality engineering, uses the same key that is embedded in the malware.

“Most network based security solutions are using traffic signatures to detect bots trying to connect to the C&C,” Raff said. “This new feature is used to evade this type of detection and make it hard and almost impossible to create such signatures.”

Seculart has posted a writeup about Carberp.

Carberp has also expanded the scope of the victims it seeks to infect. The latest version is targeted users in Russian-speaking markets, Raff said. Previous versions targeted banks in the Netherlands and the U.S., he said.

Microsoft to boost security of Office 2003, 2007

Microsoft plugged 40 holes with 17 patches today and said it will improve the security of Office 2003 and Office 2007 by adding a feature to the older versions of its productivity software that opens files in Protected View.

Customers should focus on the two critical bulletins that are part of Microsoft’s monthly Patch Tuesday security update, says Jerry Bryant, group manager for response communications in Microsoft’s Trustworthy Computing Group. The first is MS10-090, a cumulative update for Internet Explorer. It fixes seven vulnerabilities in the browser and affects IE 6, 7 and 8. There have been attacks targeting IE 6 on Windows XP, Bryant said.

The other critical bulletin is MS10-091, which fixes several vulnerabilities in the Windows Open Type Font driver. It affects all versions of Windows, primarily on third-party browsers that natively render the Open Type Font, which IE does not, according to Bryant.

The other bulletins are not critical and “could potentially be put off until after Christmas,” he said in an interview with CNET. Windows (all supported versions), Office IE, SharePoint, and Exchange are affected by the bulletins. Details are in the security advisory here and in the Microsoft Security Response Center blog post.

Meanwhile, the company will be porting Office File Validation, which is currently in Office 2010, to Office 2003 and Office 2007 by the first quarter of next year, Bryant said. It will be an optional update.

The move will help protect customers from attacks that target about 80 percent of the Office vulnerabilities, Bryant said. Attackers typically create a document that uses an exploit and e-mail the maliciously crafted document to potential victims or host it on a Web site and prompt people to open it.

Office File Validation checks the file-format binary schema, such as .doc or .xls, and opens the file in a protected view if it detects a problem. “If the user wants to edit or continue to open the document then there are severe warnings about what that might mean” and that it could be dangerous.

 

Microsoft: virus-infected computers should be quarantined

Virus-infected computers should be blocked from the internet and kept in quarantine until they are given a “health certificate”, a top Microsoft security researcher suggested on Thursday.

Under the proposed security regime, put forward by the technology giant’s trustworthy computing team, an individual’s internet connection would be “throttled” to prevent the virus spreading to other computers. But security experts today warned that cutting people off from the internet could be a drastic step too far – and that the question of who would issue and verify the “health certificate” was troubling.

Millions of computers around the world running versions of Microsoft’s Windows operating system are infected by viruses without their user’s knowledge and used to generate billions of spam emails and attacks against websites, such as that used against a British law company earlier this month.

The infected computers are often marshalled by virus writers into “botnets” which are hired out for criminal use. Microsoft, internet service providers, banks and web companies have fought long but so far unsuccessful battles against botnets. Earlier this year Microsoft took its fight to the US courts after a group of infected computers sent more than 650m spam emails to its Hotmail accounts. The spread of computer viruses has, however, continued unabated.

The new proposal, Microsoft claimed, is built on the lessons of public health. Scott Charney, corporate vice president of Microsoft’s trustworthy computing team, wrote on the company’s blog: “Just as when an individual who is not vaccinated puts others’ health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society.”

But Ram Herkanaidu, a global researcher at computer security firm Kaspersky Lab, told the Guardian that cutting people off from the internet was a wrongheaded solution. He said: “This would be a bad idea in practice. Just say your machine was infected – if you could not access the internet, how would you be able to update your anti-virus and also apply any software patches required? Technically, though, an ISP could give limited access to a safe area so that they could get the relevant updates but this would be done by individual ISPs themselves.”

Charney countered that “In the physical world, international, national, and local health organisations identify, track and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others. Simply put, we need to improve and maintain the health of consumer devices connected to the internet in order to avoid greater societal risk.”

Many of the infected computers are in the far east in countries such as South Korea and China, where pirated versions of Windows are common, though the US still accounts for a substantial number of machines in botnets.

US and European ISPs have periodically considered blocking virus-infected machines from internet access and diverting users to cleanup pages. But they have shied away from it on the basis that it would be costly, while bringing them little direct benefit, as most infected machines would be on other networks.

Presenting his suggestion to the International Security Solutions Europe conference in Berlin, Germany, Charney said computers should be required to have a clean “health certificate” before being allowed to connect to the internet. If a fix is available, the computer would be prompted to download a solution or to update its anti-virus settings.

“If the problem is more serious – say, the machine is spewing out malicious packets [of data], or if the user refuses to produce a health certificate in the first instance, other remedies such as throttling the bandwidth of the potentially infected device, might be appropriate,” Charney said, adding that the spread of computer viruses had continued unrelenting despite the best efforts of software companies.

He conceded that abolishing an individual’s internet connection “could well have damaging consequences”, proposing that machines have an emergency function whereby users could perform certain activities – much like mobile phones and the emergency services safeguard.

Herkanaidu said that there were flaws in the approach. “Stopping an infected machine from accessing the internet so that it cannot be used in for malicious purposes like sending out spam on the face of it seems sensible,” he said. “However, it does raise a lot of important questions like: who would issue the proposed health certificates? What would be the criteria? How often should it be updated? But, more importantly, would it work? At Kaspersky we see over 30,000 new pieces of malware everyday – it’s difficult to see how we could have a general scheme that would be able to cope with this.”

Alan Bentley, a senior vice president at business computer security firm Lumension, welcomed the idea in principle, but had reservations on how it would work in practice for corporations using Microsoft machines and software. “Suggesting that infected PCs should be quarantined until a clean-up job is complete is an interesting proposal,” Bentley told the Guardian. “However, the health check seems to be simply repeating a process which most people try to adhere to now.

“Most consumers and businesses run anti-virus [software]. But a lot of them don’t even know their computers are infected. So the important question to ask here is: who would be responsible for turning off their internet and how would that be legal? This is a great philosophical idea, but totally impractical when using anti-virus software.”

Need Help with a virus or not sure if you have one? Contact us today…