05/10/2017

When Antivirus Software Fails You: How to Spot (and Defeat!) a Real Malware Attack


It isn't every day you get to see what a real Trojan attack looks like.

When you do, there's seldom time to even take screenshots: you just want to get the heck out of Dodge.

But, this time, in putting together material for our upcoming free workshop when I happened across a real attack I was able to record it.

If you've ever wondered what an attack looks like, here's your chance to see one.

Here's the best/worst part: nothing stopped it.

  • Not our Internet Security Software.
  • Not any of our browsers' built-in malware protection
  • Not even Windows 10 built-in security.

See for yourself how it happened and what you can do to stop it.

 



Be the first to know about
our upcoming free workshop!

We'll cover problems like this, plus free, easy-to-do PC optimization, and other useful, real-world PC help topics.

I promise you, it'll be some of the
best, most useful stuff you'll ever see.


Put in your details here to be the first notified.

[Click here to download the printable step-by-step companion "recipe" file.]
This file opens in a new tab / Window for you.


06/04/2012

Five Great Firefox Add-Ons You're Not Using... (But Should Be)

Like anything, some Firefox Add-Ons are great, some are meh, and some are crap.

What we've got here, my friends, is a list of the top five Add-Ons we like most (and use.)

In one way or another, the ones we've chosen are all geared towards improving your online privacy, security, or both.  Sure, some of our favorites are popular and used by a lot of people; chances are though that even most security conscious uber geeks haven't heard of all of 'em we list.

Have a look at our list and feel free to throw your own $.02 in if there are ones you know of we missed.

Five Great Firefox Add-Ons

(At Least Some of Which You've Never Heard Of)
Add-On Name / Link About The Add-On

Perspectives Project

Perspectives Project

Is that secure site really who it says it is?
The SSL system is imperfect. At its core are the Certificate Authorities (CAs). The first problem: it's possible to perform a Man-in-the-Middle (MiTM) attack against a CA.

The second problem: the CAs, while historically among the most secure organizations online, are also not impervious to attacks. Crackers have breached the gates and gotten into CAs.

In either case, all bets are off. That site you think is secure is anything but. Once a CA is compromised, any communcations you have with a "secure" site can be intercepted and read like it's on the front page of Yahoo.

The Perspectives Project solution is a system of public network notaries to monitor the world's SSL certificates and help ensure the certificates are legit.

Running the Firefox Add-on is a cinch, and once you've used it even for a few minutes, you'll likely have the same, "Oh!" feeling like we did when we first started running it.

ShareMeNot

ShareMeNot

The ubiquitous social media icons you see on just about every site (including ours), are tracking what we do and where we go online. How can you keep their functionality and lose Big Brother?
To web geeks, it's no surprise that these little icons are tracking our every move online. What may be a surprise? It's very easy to keep their functionality and ditch their privacy-invading tracking with ShareMeNot.

Aside from how easy to use it is, the best part is that even if you forget to log out of your Facebook, Twitter, LinkedIn, Google/GMail, or Digg account (among others), ShareMeNot has still got your back.

In fact, that's when it works best. You can stay logged into your Facebook or GMail account and keep the great functionality of the "Like" and "+1" buttons as you surf but don't let 'em track where you're going online or what you're doing.

NoScript

NoScript

Scripts are everywhere. Some are good; some are evil.
Tip the scale in your favor.

NoScript creator Giorgio Maone and the folks who develop NoScript take a unique approach to scripts: don't trust any. Until you do.

On every site you visit, Javascript, Java, Flash, and others are all prevented from loading 'til you explicitly grant them permission to load on a given web site.

And, interestingly, not only do most sites still work even when scripts are disabled, but enabling necessary scripts on sites you trust is a piece of cake.

All-in-all it's a beautiful piece of work.

Adblock Plus

Adblock Plus

Get the content, kill the ads.
Advertising is one thing. Intrusive, annoying ads are another.

Adblock plus is a great answer to the problem.

Sure, there's overlap between what NoScript and Adblock can do, but Adblock is geared more towards stopping ads than NoScript.

Another interesting feature is it lets you "collapse" (i.e. hide) sections of a web page. Great for getting the content you want and avoiding the seemingly unavoidable in-your-face ads.

Using it is easy, too--just start with any of the 50+ existing lists. Then if and when you want to customize it, you can do that, too.

BetterPrivacy

BetterPrivacy

There are cookies, and there are evil LSO cookies. Luckily, dealing with them isn't as hard as it once was.
Local Shared Object (LSOs) are a special, particularly evil type of cookie. Known as "Super Cookies," they're Flash, and they get placed onto your system's central folder. Thus, they're much, much more permanent than regular browser based cookies. Super Cookies go where you go, and you can't see or delete them with a garden variety "delete cookies."

This is where BetterPrivacy comes in.

With it you can manually manage LSOs, or set it up to automatically delete 'em when anytime you close (or open) a browser. And you can keep the LSOs/Super Cookies where they belong... not on your system.

06/29/2010

Patches to Adobe Flash Player, Adobe Acrobat & Adobe Reader

Adobe issued a couple of critical patches this month to its Flash, Acrobat, and Adobe Reader products including one today for its Acrobat and Adobe Reader programs.

Adobe Acrobat & Adobe Reader Flaws and Upgrade/Patch

As for Adobe Reader as of the writing of this piece, the latest version of Adobe Reader is:

9.3.3

Here's how you can check your version and what you should see:



These security flaws in Acrobat and Reader--and Adobe's handling of it--has had fairly widespread discussion including coverage at Kaspersky's 'threatpost' security blog.

Kaspersky's Ryan Naraine in his piece about the Adobe security patches says,

The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file.

What's so important about this particular set of updates is the number of different types of systems that are affected, and while some antivirus software may be able to offset some of the threats posed by these security flaws in these programs, it's not worth the risk.

What's already clear is that there are security exploits in the wild that are taking advantage of these security holes, and if you're running Flash, Reader, or Acrobat (about 95% of the world is), your computer may be susceptible, regardless of what type of system you run--even a Mac.

Adobe Flash Player Flaws and Upgrade/Patch

The Flash Player (and the upgrade, of course) and Adobe Reader are free and only take a minute to install. (Adobe Acrobat isn't free but the security patch is.)

Here's the official Version Test for Adobe Flash Player.

On that page, you'll see what version of Flash Player you're running. As of the writing of this piece, the latest version for all systems is:

10.1.53.64

Don't take our word for it though, here's the official version information page for the Adobe Flash Player

Here's what the page looks like when it tests for your version of Flash Player (click the image below for a larger version plus our notes):



It's worth mentioning in our tests of the newest version of Flash Player, a reboot was sometimes recommended and other times not; regardless of whether or not you're prompted to reboot, it certainly won't hurt.



It's getting more commonplace for a bug to be a security issue on different computers--not just PCs--these days, but in these particular cases, just about every system was affected. Here's a breakdown of what the affected programs and systems looks like:

Program Affected Versions Affected Systems
Adobe Flash Player
  • 10.0.45.2
    (and earlier 10.0.x versions)
  • 9.0.262
    (and earlier 9.0.x versions)
  • Microsoft Windows
  • Apple Macintosh
  • Linux
  • Sun/Oracle Solaris
Adobe Reader
  • 9.3.2 (and earlier 9.x versions)
  • Microsoft Windows
  • Apple Macintosh
  • UNIX
Adobe Acrobat
  • 9.3.2 (and earlier 9.x versions)
  • Microsoft Windows
  • Apple Macintosh
  • UNIX

08/16/2009

More Warnings about Flash/Acrobat Reader Vulnerabilities

Ever read .PDFs or watch something in Flash?

Most people do. In fact, something like 99% of all computers have Flash installed likewise a huge portion of computers have Acrobat Reader, too.

As such, if you're in that 99% pool, you're probably vulnerable, as roughly 80% of all computers still are according to internet security firm Trusteer.

A couple of weeks ago, we covered the Flash / Acrobat Reader Security Advisory, and now there's more warning on WebProNews about the same Flash / Acrobat vulnerabilities.

In the posting there by Chris Crum he quotes Trusteer's CEO, Mickey Boodaei, as saying,

"Adobe is facing some major security challenges and one of its biggest hurdles is its software update mechanism.

"For some reason, it is not effective enough in distributing security patches to the field.

"Given the lack of attention this situation has received to date, it appears that few people understand the magnitude of the problem. We recommend that all enterprises and individuals install the latest Flash and Acrobat updates immediately.

[Editor's note: emphasis is mine.]

We originally covered this vulnerability two weeks ago saying,

"...there's an urgent update that Adobe has just made to Acrobat, Flash Player, and Adobe Reader."

So, now that there are others adding their voices to the chorus, and we're all saying this is a big deal, please visit this page on Adobe's site which covers the Acrobat/Flash security update.

If you're reading this article, please, stop what you're doing, go to that URL, *read* it, and follow Adobe's instructions.

Regardless of if the rest of your Windows OS is patched, regardless of whether or not you have a software firewall running, and regardless of whether or not you've installed the best antivirus software or an Internet security suite, you still need to do this. 

Acrobat and Flash live outside of the normal Windows Update mechanism, and thus, they can not be upgraded via Windows Update and are best upgraded manually, (i.e. don't rely on the Adobe autoupdater.)

In our humble opinion, this vulnerability has every bit the potential to be even bigger than the Conficker worm from early April this year because of the enormous install base Acrobat and Flash have.