| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

View
 

FEBRUARY 2011

Page history last edited by Donald Achim 8 years, 10 months ago

 

 

Elder Teckies Help Newsletter

 

Senior Computer Users of Greater Kansas City

Compiled and Edited by Don Achim  

 

A Not for Profit Organization - Helping Senior Citizens Develop Computer Skills in the 21st Century

        

 

February 2011

 

Windows 7 Tutorial..click here

 

Windows 7 Lesson Video..click here

 

Important information for BASIC computer users:

 

Email Worm Poses As Microsoft Update, Warns MS

 

Microsoft is today warning users of fake security alerts arriving via email. Microsoft is reminding users that it never sends out security alerts with attachments via email and that you should never open such an email if it arrives in your inbox.

 

Microsoft Email Security Updates Are a Scam

 

Cyber-criminals have been sending a so-called Microsoft updates that are actually viruses.

This scam in particular takes advantage of Microsoft's well-established schedule for monthly email updates. Potential victims receive an email purporting to be from Microsoft's Director of Security Assurance, Steve Lipner (who in fact does hold that role).

The recipient is then told to install the attached file, KB453396-ENU.exe (or a similar name), which is supposed to be the security update.

 

Worm, Virus Replicates Itself, Sends to Contact List

 

The email attachment (.EXE file) is actually a worm / virus, meaning that once it is installed on a users' PC, it will attempt to replicate itself by sending a copy of the infected attachment to all users on the host PC's contact list (address book).

The idea is to get the worm / virus on as many machines as possible in order to become part of a NetBot The botnet is then used to attack websites, corporate structures, and is even sold to other online criminals for their evil-doing.

 

Fake Alerts Contain Dubious Spelling, Dates

 

There are a variety of errors that reveal the message as a scam.

For example, the Microsoft update schedule is actually for the second Tuesday of the month, meaning the fake emails are a week early. More significantly, not only is the language of the email clearly not professional enough to be legitimate (suggesting it may be the work of people for whom English is not a first language), the writers have also misspelled the fake return address, writing no-reply@microsft.com rather than microsoft.com.

 

Microsoft Security Checklist: How to Avoid Email Scams

 

Still, the sheer number of people using Windows means it takes only a tiny proportion of users to be fooled by such attacks to do a serious amount of damage. As a result, Microsoft has once again drawn its attention to a checklist for making sure a security email from the company is legitimate.

The checklist notes that Microsoft never includes attachments in an email. It also points out that any information it includes in such messages be duplicated on the Microsoft security site, so users should double-check to confirm this. To avoid confusion, the information always goes on the website before emails are sent out.

The company also advises that users do not click on links in security-related emails, but rather cut and paste the address into their browser. It also says that for added security it may be safer to visit the known home page of the site and navigate to the required information. (Source: microsoft.com)

 

Important information for EXPERIENCED computer users:

 

Why am I receiving duplicate copies of email messages, and how do I stop it?


Possible reasons for receiving multiple copies of email messages include:

 

Mail forwarding loops

 

Symptoms

Most often, a mail forwarding loop prevents you from receiving any mail, causing mail sent to you to bounce back to the sender. However, if you receive many copies of every email message, a forwarding loop may be the cause.

Explanation

If you forward your email from one computer to another, it is possible to set up the forwarding in such a way that there is no final destination for your email messages.

For example, suppose you have accounts on two computers named Coffee and Tea. If you set mail forwarding on Coffee to forward mail to Tea, and set forwarding on Tea to forward mail to Coffee, you create a mail forwarding loop. Mail sent to Coffee would go to Tea instead, but when Tea got it, it would send it right back to Coffee. The mail would never have a final delivery location.

Solution

To fix this problem, change your mail forwarding so that all mail messages, no matter what address they are sent to, have a final destination.

 

Multiple subscriptions to a mailing list

 

If you are receiving duplicate messages from only a single mailing list, you might be subscribed to that list more than once.

 

Network and server problems

 

Symptoms

If you are receiving duplicates of only some of your mail, the cause may be technical difficulty along the delivery path. Either a network connection is having problems, or one of the computers along the route is very slow or having other system problems.

 

Explanation

 

Most mail delivery protocols and programs are conservative. If they are unsure whether a mail message was successfully passed along to the next computer on the network, the sender will try to send it again. If the message was passed along successfully the first time, the second attempt will produce a second copy of the same message, and you will likely receive both copies.

On large networks such as the Internet, a mail message must usually pass through several different computers before it reaches its final destination. This problem can potentially occur at any computer along the way.

A synchronization problem in the SMTP mail delivery protocol, which is used by most mail programs on the Internet, can make this error more likely.

No solution

 

Unfortunately, there is no real solution to this, except to wait until the problem on the network is resolved. If this problem is chronic and doesn't seem to be associated with a more general network or computer problem, the mail delivery software on the computer in question may be misconfigured. In this case, contact the administrator of the computer.

 

Important information for ELDER TECKIE computer users:

 

Virus Primer

 

This page highlights the types of malicious computer programs (MCP's). Please use is as a reference to the Antivirus Software Distribution page, which describes in detail Clemson University's license for antivirus software. If you need additional information about a specific virus, you can go to McAfee's web site. McAfee has an encyclopedia for viruses and hoaxes which is updated frequently.

 

Types of MCP's

There are four basic types of MCPs that are prevelent:

  • Viruses
  • Worms
  • Trojan Horses
  • Macro Viruses
  •  

Viruses

 

Examples: Bagle, MyDoom, Nimda

Computer Viruses are small programs which become imbedded in or "infect" files. Once infected, they either prohibit standard functions or execute functions which are malicious in nature. A virus primarily attacks executables or applications - so if an user runs an infected application, the virus program runs in addition to the normal operation, usually something unwanted. Data files may also be infected, although most traditional viruses require an executable to do damage (see Macro Viruses for exception to that rule).

Examples of virus effects are as follows:

  • Preventing the system from booting.
  • Erasing files or entire hard drives.
  • Preventing saving or printing of files.
  • Misusing system resources, causing slow performance or frequent system crashes.
  • Hundreds of other possibilities

Most viruses have code which allows them to propagate themselves to files on your computer or others. It is "infecting" code that gives the MCP the analogy to the biological viruses. Viruses can infect other computers by infected files being transferred by disks and other removable media, networked servers and unsecured sites on the Internet. They can reside in a computer's memory and lay dormant until a certain time or date.

There are software products, such as McAfee VirusScan, which provides some protection for most viruses. Note: new viruses are discovered almost daily, these products are as good as their last update. So updating virus protection is essential to remaining protected. If a virus is discovered on a computer, this software performs a "clean" of the virus, where it removes all traces of the virus and attempts to repair problems with the files.

 

Worms

 

Examples: BugBear, MSBlaster/Lovesan, Sasser

Worms are MCPs which are very similar to viruses and their results can be even more damaging. The difference is they don't alter programs directly, but rather replace a document or application with the worm's code file for a user's data file, and use that code replicates itself over a computer network or file system. They are usually transmitted through a payload which 'tricks" the user into unknowingly activating the worm. Where viruses can for the most part be cleaned, worms often replace files in process to replicate and thus the deleted files are not recoverable.

In May 2000, the Love Bug's payload was initially an email message. Happy.99 and ExploreZip were worms which infected campus computers in the last few years. However worm don';t have to be email-based. In august 2003, MSBlaster/Lovesan worm infected Windows computers which don't have the latest critical patch installed.

 

Trojan Horses

 

Examples: SDBot, Spybot

Trojan Horses are applications which perform malicious actions on a computer. They are named because they typically "disguise" themselves as useful programs in an attempt to trick a user into running them, (See Odyssey and Trojan War). Since they are applications, they are confined to certain platforms and only do harm unless they are executed. Trojan Horses are different from viruses and worms since they don't attempt to replicate on the computer. Some trojan horses can even provide access to the computer or its files to a remote user (BackOrifice) without the computer's owner knowing.

 

Macro Viruses

 

Examples: Concept, W97.Melissa.A

Macros are a set of commands which typically allow a user of a specific application to repeat actions with a key stroke or under conditions (i.e. when you save a file). They are written in Macro languages which can be very extensive, not just allowing the ability to control actions in the application, but also control other applications and the operating system on the computer. Useful macros can save time and effort by making repetitive tasks easier.

Macro Viruses are macros which are written for malicious purposes. Once considered a type of virus and relative minor threat, Macro viruses have grown in number from less than 10 in 1996 to thousands of variations in May 2000. They can have the same results as traditional viruses, depending how powerfully the macro language is. For example, if the Macro language allows a user to write and/or delete files, then a malicious person could write a macro virus to delete all documents.

Although many of early macros viruses affected Microsoft Office applications (Word, Excel and others), these viruses can strike any application with a macro language including some operating systems. Another added problem with macro viruses is since many applications with macro languages are cross platform, these viruses can "travel" from platform to platform; Windows to MacOS computers.

At first, since they are part of the standard format of the Word/Excel document, standard Antivirus software had no ability to find and remove them. Since then, they have been discovered and now many Antivirus applications now scan and remove them.

 

How can I prevent infections and attacks?

 

With so many variants of MCPs on in the Internet, prevention or at least taking prudent steps is important to avoid attacks and infections from worms, viruses, and trojan horses. Here are some steps users can follow to minimize their risk:

  • VERIFY before you open any data files or attachments even when you know the sender. It never hurts to send a reply message or even call the person to double-check if an attachment is valid. Many infections such as Bugbear and SoBig Worms, the worm substituted itself in disguised graphic files with ".vbs", "pif", ".scr" , "exe" or "bat" suffix. Note that opening the attachment can cause the MCP to start, just reading an email message WILL NOT start a threat. Exception: You using email application which automatically opens attachment files, like Outlook. (If you are using Outlook, turn off the feature that "auto-opens" attachments).
  • UPDATE your antivirus protection software regularly (DAILY) and make sure you are using the latest version of the product. Clemson has a site license for McAfee VirusScan and it is available from our Share Netware server and Software Archive
  • Once your have the Antivirus software (McAfee's VirusScan or Virex) updated, SCAN your local drive for potential problems at least once a MONTH. It is not necessary to scan network servers since they already have virus protection software which scans files.
  • STRENGTHEN your Windows User an Administrator Passwords. Many threats are using “weak” passwords (.i.e. “123”, “abc”, your birth date, or last name) to access and then infect computers. Replace vowels with numbers, capitalize letter within words, and avoiding common words are good tips when creating a strong password.
  • Run Microsoft Critical Updates to PATCH security holes, used to infected computers. Many Threats, such as the recent Sasser worm, will infect unpatched computers. For Windows computers, you can download the latest patches from www.windowsupdate.com (you must have Internet Explorer to run the update features).
  • Remember to take normal steps to BACKUP your data. Copy critical departmental data to your group server, and personal data to your "U:" drive (Netware data server). This is not really preventive but it may save your data in case you are infected. 

 

This month's free software pick:

   Immunet Protect Free 

 

 

An antivirus security suite that offers additional protection that is fast and lightweight. Immunet Protect Free is also compatible with existing security products. This antivirus protection program has been continuously gaining popularity because satisfied members are recommending it to their relatives and friends. It can be installed in minutes and it scans your system faster than its competitors. Additionally, it is great for protecting the system from malware attacks. Immunet Protect Free provides support 24/7.

Immunet is very easy to use. All you need to do is install the program, and it runs each time the system is started. With Immunet Protect Free, there is no need to configure the settings since everything is already set up for the user. However, if you need extra protection, blocking mode may also be turned on.

________________________________________________________________________________________________________________________________________

 

Breaking News:

 

Social Networking Security Threats Taken Too Lightly

There's a gap between reports of malware generated from social networking sites and the potential threat businesses perceive, according to results of Sophos' s "Security Threat Report 2011".

 

By Tim Greene

 

 Network World — There's a gap between reports of malware generated from social networking sites and the potential threat businesses perceive, according to results of Sophos' s "Security Threat Report 2011".

Facebook photos: Opt-out or tag, you're it

The December 2010 survey says that reports of malware from social networking sites are on the rise. Malware from the sites hit 40% of users, up from 21.2% in April 2009 and 36% in December of 2009. Phishing is also on the rise, reaching 43% of social networking users in December 2010, up from 21% in April 2009 and 30% in December 2009, the report says.

Seven Deadly Sins of Social Networking Security

Still, more than half the companies surveyed for the report allow unlimited access to Facebook, Twitter and Linked In, and 59% of businesses surveyed think that employee behavior on social networks could endanger corporate security.

Addressing Facebook's application system, the report notes that any member can write any application - possibly malicious - and install it on their page where it can spread to other users. The problem could be addressed by walling off Facebook and allowing only approved apps or granting users the ability to ban all but vetted apps from their pages.

Of those surveyed only 4.49% opposed walling off the site from any but approved apps, the report says.

The Sophos report recommends that social networks force privacy decisions onto their users by having them determine who would be able to see data they upload to their pages on the sites. "Such an approach would drastically improve the security of potentially sensitive information," the report says.

Privacy is a worry for social-site users, with 16% saying they have quit Facebook over privacy issues and another 30% saying they are highly likely to. Sophos says in the report that taking steps now rather than waiting for laws to define them would increase user trust in the networks.

In another area, the report says that perfectly legitimate Web sites are compromised at a rapid clip. With 30,000 new malicious URLs being found every day and 70% of malicious URLs belonging to hacked legitimate sites, the problem is growing.

The main threat is that these sites perform driveby downloads that compromise the computers used by visitors to the sites. Popular malware seizes files on victim machines and holds them for ransom until users pay to unlock them with passwords, the report says. The lion's share - 39.39% - of sites distributing malicious malware are hosted in the U.S., with France (10%) and Russia (8.72%) coming in second and third.  

 

The Mac Cult

 

 

 

Comments (0)

You don't have permission to comment on this page.