Ransom-ware
June 3, 2008
There is a recent outbreak of something called ransom-ware, which is exactly as it sounds: a program is installed without your consent, and takes control of your computer. It gives you a persistent warning and claiming that your computer is infected and the only way to solve the problem is to pay $35 by Credit Card, to disinfect your computer. It is obvious that the company claiming to remove it is the same group that developed the bug, itself. Behind this Ransomware technology are people who have been convicted in the past, in other countries (I live in the US), who have been tried and convicted previously for various phone fraud / extortion schemes.
If you think that this is not profitable, think again. According to a recent article in the San Jose Mercury, these kinds of schemes are bringing in over 10,000 orders a day to remove this ‘bug’.
As of the writing of this post, the current incarnation of this bug is called the Backdoor.Win32.Delf.ctk Trojan, but the behavior and name can and will vary slowly over time. The scheme will remain the same; a program forces its way on to your windows machine, pesters the computer user, and eventually freezes the computer, BUT it gives you the option to buy special software to make it all go away.
The best way to avoid future problems is to simply completely restore your machine to ‘factory state’ (First, back up your important files – like the entire My Documents directory for each Windows user, backup the Microsoft Outlook calendar, contacts and mail, and any Quicken / Quick Books files, then reinstall Windows:
- once Windows is reinstalled to the ‘factory state’, then smart preventative web surfing behaviors should be enforced.
- Immediately install a popular brand-name Cable/DSL Router on your network (a piece of hardware between $29 – $200, depending on features, etc),
- Update your computer, (using Internet Explorer, click on this link the Windows Update Website or copy it inside of Firefox and paste it — right-click the link and choose to Copy Link Location from the popup menu, then paste it into the address bar of Internet Explorer).
- Purchase and install an anti-virus like Nod32 (ESet Nod32 Anti-Virus for Home) , AVG or Kaspersky.
- Install and update Microsoft Office if it was originally on your computer. If you no longer can find the installation disk, you can download a free version Open Office from OpenOffice.org
- Install Adobe Acrobat Reader
- install iTunes on the computer, but do not let the install ‘find’ music on your machine right now. This needs to be done later
- create a second account (Control Panel – User Accounts – Create new account) called Family and place a password on this account to control computer access of your kids,
- login to the Family account and make sure FireFox, Microsoft Office or Open Office programs, as well as Acrobat Reader will all launch
- Logoff this account by selecting Start – Log Off , and then login to the other account on the machine: (This account, too, should have a password and should only be used by parents.) Control Panel – User Accounts – select the non-Family account icon at the bottom of this user account section, and then click on the link above that says something about adding a password. Close out of these User Account windows entirely.
- Change the Family account type so that the users of the machine in the Family account cannot install anything – including the unintentional installation of bugs (Control Panel – User Accounts – click on the Family account icon, change the account type to limited).
If a program needs to be updated in a Windows limited account, there should be no problems. All additional program installations in limited accounts should be performed by downloading the program in the parent account, and installing it, or downloading it on the limited account desktop and then right-clicking the installation file and selecting the “Run As…” option. Change your user name to the parent account and use the parent account password and then begin the installation.
For more details, please feel free to contact me or drop a comment in the post.
Security Warnings on Windows
June 3, 2008
Microsoft has been built on a foundation that is very vulnerable to viruses, worms, Trrojans and rootkits. All of these fancy terms, means that their machine can be crippled or wrecked, and will require a complete reinstall of Windows, instead of a particular fix. (It costs more to try and fix it than to reinstall.)
Instead of waiting for these problems to show up, the best way to not have an issue with them is to prevent them from jumping on your computer. Prevention is practiced a number of ways, but the single biggest method of ‘getting safe’ is by using Firefox.
The WAYS that these bugs can get on your computer is through a variety of ‘web surfing’ behaviors. Some include:
- the regular use of Internet Explorer instead of Firefox,
- someone looking at a pornography site,
- using most on line gambling sites,
- accidentally viewing a fake email that includes curious subject lines like:
“I Love You“,
“Re: Your Resume“,
“Need Your Help“, or
“System Administrator; Failed Delivery“
- clicking on popups that say you HAVE to do something immediately or pay for removal (see my Ransom-ware posting).
- installing and using free music download software like limewire, bareshare, etc.
- letting anti-virus software expire ignoring warnings of it being turned off
- looking at MySpace.com
This is not a complete list, but a start to changing the way a person uses a computer, and prevents some of the worst kinds of bugs on a machine.
As I post things on this blog, I will try and present helpful and accurate methods to deal with these problems, but there is no ONE SOLUTION to dealing with these issues on a Windows machine.
Use ActiveX? Consider Disabling or Just Use Firefox
June 1, 2008
A lot of my clients are now complaining about a bug that tells you that Windows has been infected, and to give them your credit card to remove this bug. There are many names for this, but it is extortion. The developers of this device have moved their servers and business off shore, so they are immune to US Law. There is no point in trying to give them money. Having a bug on your machine is hard enough, no need to ahnd over your credit card information and identity in addition to having to rebuild your machine.
If you are opposed to installing Firefox (don’t forget to include Java Runtime Envinronment and Flash player – so that most of the web works properly in Firefox), then consider shutting off ActiveX. Do do so, follow these steps:
Select Tools (or press the keys Alt T ) — Then select Internet Options
Select the Security tab – press the Custom level… button
In the bottom area of this tab area, Under Reset customer settings, Reset to: select the down arrow in the pull down list and choose High, and press the OK button and then OK again.
What you are turning off here is the ability of your computer to get infected using Internet Explorer.
In general, many of the bugs that jump on your windows computer are relying on ActiveX to be turned on. If you were using Linux, Mac OS X, or FireFox you will not have this problem.
