ManhattanTechSupport.com Blog

There used to be the belief that if one stays away from “bad” Web sites, then malware is not a problem. That is not true, as a recent example with the New York Times illustrated. The popular news Web site was compromised, and the trusted site was serving up malicious ads:

The malicious ad took over the browsers of many people visiting the site, as their screens filled with an image that seemed to show a scan for computer viruses. The visitors were then told that they needed to buy antivirus software to fix a problem, but the software was more snake oil than a useful program.

Exploiting weaknesses in online ad systems is an increasingly common approach for computer criminals around the globe who hope to make a quick buck from the audiences of the sites they attack. Experts say the problem is likely to get worse as companies scramble to satiate a click-happy online culture.”

This is just one way in which criminals / hackers are becoming exceedingly creative in exploiting site visitors. No reputable software company would market products in this manner, but the criminals are relying on the trust that people have in the site.

There have been malware installations without the site visitors having to do anything. These are the so called ‘drive-by’ downloads, and just visiting the site puts one at risk. No click — or download — is necessary.

It is absolutely essential to be running an anti-virus and anti-spyware program.

The current crop of ‘Conficker.B ‘email warnings that are purporting to be from Microsoft are in fact a hoax that’s trying to infect computers with the fake ‘Antivirus 2010′ program.

This is just another example of the creative methods that are constantly being generated to trick folks into installing fake security software
onto their computer, which then coaxes them to purchase the ‘fix’ for a fake infection.

A recent study claimed that over 250 different types of ’scareware’ programs are in circulation and this is just the most recent attempt to get people to give up credit card information for a fake infection.

In general the subject line refers to a ‘Conficker.B Infection Alert’ and the body of the message reads:

Dear Microsoft Customer,

Starting 18/10/2009 the ‘Conficker’ worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected. To counteract further spread we advise removing the infection using an antispyware program. We are supplying all affected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,

Microsoft Windows Agent #2 (Hollis)

Microsoft Windows Computer Safety Division

The message is accompanied by a file attachment that has varying names, but usually has the .zip extension.

If you are paying attention, you should be able to spot many red flags from this message.

The first one is the date format (18/10/2009) which is not common in the U.S. and the second is the poor grammar (unusually rapidly).

What isn’t as obvious to non-technical users is that Microsoft would never be contacted by your Internet provider if your network was truly infected. If anything, your Internet provider would shut your connection down or disable your ability to send email if your system was infected with many of the silent malware programs that silently spew out spam.

Microsoft would never send a file attachment (they always use links back to their Web site) and you should never trust any .zip files (compressed files that could contain virtually anything inside) unless you are absolutely certain of the contents.

Finally, I have yet to see any official Microsoft email messages that had a salutation that started with ‘Regards’ and there is no such thing as the ‘Microsoft Windows Computer Safety Division.’

The only security warnings that you will ever get emailed to you from Microsoft would come as a result of you pro-actively signing-up for their ‘Security Bulletins’ and the format of the messages always starts with “Begin PGP Signed Message.”

A good practice for the future whenever you receive any suspicious email warnings is to copy the first paragraph and paste it into Google as a search. If the information is legit, you will find Web sites that will confirm the information and if it’s a fake, you will quickly get confirmation as well.

The easiest way to get apps.

1. Pick the apps you want.
2. Start your customized installer.
3. You’re done!

Ninite runs on Windows XP/Vista/7 and works
in the background 100% hands-free.

Ninite.com install apps with default settings and
says “no” to browser toolbars and other junk.

All they do is install the latest versions of the apps
you choose. Not even Ninite is installed.

When it was in private beta, Ninite was called Volery.

Create virtual networks via Homegroups

If you’ve ever used a house key, you know how to use Homegroups. OK, that’s Microsoft’s analogy, and the process isn’t quite that easy, but it’s close.

First, some background: The first time you connect a Vista PC to a network, you’re asked whether the network is Public, Work, or Home. If you dig deep into the bowels of Vista, however, you discover that there’s no real difference between a Work network and a Home network.

By contrast, Windows 7’s Home networks are special, because they allow you to set up Homegroups. It doesn’t matter whether the network is really in your home, your home office, or a camouflaged Winnebago parked outside the Pentagon. Home networks get treated differently. (In Windows 7, Work networks and Public networks function pretty much the same way they do in Vista.)

If you identify a network as a Home network, Windows 7 reaches out to all the other Windows 7 computers on the network and asks whether they’re part of something called a Homegroup. If Windows 7 finds a Homegroup, it asks you to provide the password for the Homegroup. Enter the correct password and — boom! You’re suddenly attached and sharing all sorts of resources with other computers in the Homegroup.

There are no weird settings to decipher and none of Vista’s 20 questions about Network Discovery, File Sharing, and Password-Protected Sharing. Just a nice, simple network — and creating it requires only a password and a couple of clicks.

If there’s no pre-existing Homegroup, Windows 7 offers to set one up. Other Windows 7 computers on the network identify it as a “Home” network and can link to it simply by entering the Homegroup password. Easy — you know, the way it’s supposed to be (thanks, Crosby, Stills, Nash & Young).

By default, computers in a Homegroup share their Pictures, Music, and Video Libraries. Note: I’m talking about Libraries, not folders. The Homegroup members also share their printers by default. However, you’re asked whether you want to share your Documents Library; some people will want to, while others won’t, primarily for security purposes.

If Homegroups sound like precisely the kind of sharing you want for your small office, remember to tell Windows 7 that you’re on a “Home” network. The rest of the process is as easy as falling off a log.

Searching Libraries beats searching folders

Anyone who’s used Windows Media Player in XP or Vista has encountered the Libraries concept. WMP starts with your personal Music folder and your PC’s Public Music folder, then allows you to add other folders to this Library. For example, you can add a music folder on an external hard drive to WMP’s Library or link to music folders on other networked computers or connect with a music folder on a Windows Home Server.

When you add a folder to WMP’s Library, it doesn’t copy the music. Instead, the program provides easy access to all of the song files in the Library, tracks them, and lets you search and work with them as a group.

There are no limitations to the folders you can add to a WMP Library. As long as your computer can get at the folders — the external drive is plugged into the computer, say, or there are no security rules blocking access to the other computer — WMP treats the music in those folders more or less the same way they would be treated if the files were stored on your own PC.

Windows 7 brings the WMP concept of Libraries to the entire Windows file system. You start with four libraries: Documents, Music, Pictures, and Videos. As you would expect, the Pictures Library has your Pictures folder and the PC’s Public Pictures Folder, Documents has your Documents folder and Public Documents, and so on. Very simple hooks let you add more folders to those Libraries or create entirely new Libraries.

When Microsoft reworked Windows 7’s Library routines, the company also enhanced the OS’s search function. To put it bluntly, searching a Win7 Library just plain works. Vista’s search interface suffers from the late changes Microsoft made to the OS, which did away with some planned new features but retained vestiges that served only to bollix things up. By contrast, Win7’s search interface benefits from a ground-up design and is much less confusing.

Here’s the magical part: When an application running under Windows 7 looks for the Documents folder, Win7 hands it the entire Documents Library. If you start a graphics program and click File, Open, you don’t go to your Pictures folder. Instead, you open up the Pictures Library.

Why is this a big deal? Imagine that you have a folder on another computer containing documents you commonly use. When you add that folder to your Documents Library, every time you crank up Word and click File, Open, the contents of that remote folder are staring right at you. By the way, Windows Media Player in Win7 doesn’t need separate settings to handle Libraries, because Windows takes care of everything behind the scenes.

Think of Libraries as “Folders: The Next Generation.”

The ads served by Bing and Google along with your search results are linking more and more often to sites trying to infect your machine.

Neither Bing nor Google effectively prescreens these bogus advertisers, so it’s up to us to detect and avoid them.

You may recently have used either Google or Microsoft’s new Bing search engine to find the popular Malwarebytes Anti-Malware utility. If so, chances are good that the sponsored ads alongside your search results contained links to the very malware that the security tool is designed to remove.

The three largest search sites — Google, Yahoo, and Bing — regularly sell security-related keywords to criminals looking to trick you into downloading and installing fake anti-malware products. The crooks then steal your personal information or hold your system for ransom before letting you remove their malware from your machine.

The search providers have been aware of this for years. To their discredit, they’ve done little to end the practice, even though it’s in their power to do so. The reason? They’re making money hand over fist from those sponsored text ads and don’t want to kill the goose that lays the golden eggs.

Case in point: A Windows Secrets reader searched Bing for Malwarebytes Anti-Malware. He clicked the first link displayed and ended up on a site that installed a rogue antivirus program on his PC. (See Figure 1.)

Figure 1. Malicious sponsored ads are interspersed with links to legitimate companies when you query search engines for the Malwarebytes security program.

Rather than getting a tool to clean up a friend’s infected computer, this Web surfer ended up having to disinfect his own. He and several other people I’ve heard from recently were hit with the result of search services’ selling sponsored links without validating those links’ legitimacy.

As search terms become popular, scammers jump at the chance to have their bogus ads appear among the results. To get their deceptive ads into these highly visible search results, these criminals simply buy these high-traffic terms from the search engines.

Big-name sites still serving up malicious ads

Another form of dangerous Web ads appears on otherwise legitimate sites.

WS contributing editor Scott Dunn described a year and a half ago in an April 17, 2008, Top Story infectious Flash ads that achieved space on well-known sites. I also reported on drive-by malware downloads in the June 11, 2009, Top Story. In the most-recent case, NYTimes.com and other established sites hosted malware-infested ads. The New York Times described the attack in a Sept. 14 article.

When malicious ads — or “malvertisements” — enter the rotation on these sites, your system may become infected if you merely view the page. This is especially true if your versions of media players based on Java, Flash, or QuickTime are out-of-date.

It’s getting so bad that even top officials at Google acknowledge the problem, though they haven’t yet taken steps to halt it. Eric Davis, head of anti-malvertising at Google, stated at the 2009 Virus Bulletin Conference that the industry needs to work together to combat this problem.

As reported by Dennis Fisher on Kaspersky Lab’s Threat Post site, Davis called for the creation of an industry clearinghouse that would certify ad servers. Such an organization would allow all search vendors and other sites to use online-ad agencies without fear that a malicious ad would insert itself into rotation.

Microsoft has decided to use the courts as a weapon against malicious advertisers. A Sept. 18 Associated Press article posted on the MSNBC site states that the company is attempting to go after several suspicious ad vendors.

Even using Yahoo or a smaller search index won’t prevent such attacks, because second-tier engines have been hit with malicious ads, too, as a Sept. 25 story by Deborah Hale on Incidents.org reported.

Ways to fight back against online attack ads

Following my investigation of the malicious ads on Bing, I contacted the Microsoft Security Response Center, which can be reached via secure at microsoft.com. Within a few days, the offensive ads were removed.

However, searching on the term malwarebytes combined with such words as virus and antivirus continued to return dubious destinations in Bing’s sponsored-links section.

The same type of ads appears among Google results when you search on similar terms. Depending on the location you search from, you may see a link to Cyberdefender.com among the results. This company is listed on the hpHosts site as selling fraudulent software.

I reported this site to Google via a Web form on the Google site. But to date, no action has been taken to remove this and related malicious links.

Unfortunately, balancing the scales of justice takes time. What can you do in the meantime to help protect yourself from these malicious ads?

Don’t expect flawless protection from your Web browser of choice. Internet Explorer, Firefox, and other browsers now support bad-sites lists, but every malicious ad server may not be known. Nor are browser security add-ons perfect. McAfee SiteAdvisor, for instance, may include results that are up to one year old, as WS contributing editor Mark Edwards reported on Feb. 12, 2009.

If you’re not sure, verify the URL. Microsoft and Google have large payrolls, but the search giants don’t employ literal armies to review ad submissions. If you’re at all suspicious of an ad’s legitimacy, check the URL via a service such as hpHosts, which tracks domain names that researchers have reported as malicious.

Help vendors by reporting malicious advertisers. To report bogus ads on Google, e-mail security at google.com. This is likely to be more effective than reporting the site via the search giant’s online form. If you discover malware purveyors advertising in Bing’s results, e-mail secure at microsoft.com. Yahoo, however, offers only a Security Phishing Report Form.

I do hope that Google, Microsoft, and Yahoo can put their differences aside and correct this situation. In the meantime, be careful when you search and be suspicious of sponsored links. Too many of them are fictitious these days — and dangerous.

Basically, anything that is executable (able to run). You’re generally safe with picture files, text files, and the like. However, it still pays to scan first.

Here’s a very short list of the most common to watch out for: 

exe, zip, scr, vbs, bat, com, pif, asp, doc, xls

 The above file extensions are the most common; don’t misinterpret this to mean that if you get one of these files it’s automatically a virus. A “.zip” file may be nothing more than a set of compressed files your friend sent you to look at. A “doc” or “xls” file may simply be an MS Office file. It’s just that these type of files could also be viruses.

A couple other virus tricks you need to be aware of are :

First, MS Office files can contain what are called “Macro Viruses”. These files can run a “macro” (a macro is a mini-program run from within another program) that can be as destructive as any “regular” virus. So, do not open MS Office attachments unless you are expecting them. If they just show up, verify with the sender first.

The other trick you need to look out for is an extra extension added to an attached file. For example, you may have something like “mypicture.jpg.vbs”. In fact, if you don’t have your computer set to view file extensions, it may just look like “mypicture.jpg” and omit that last “vbs” part.

This may appear to be a jpg picture file, but it’s actually a vbs (Visual Basic Script) file. If executed, it will happily infect your computer with a virus.

Get your system ready for a Windows 7 upgrade

By Scott Spanbauer

Removing unneeded applications and making sure your hardware devices will work with Windows 7 are good things to do before you purchase and install the new operating system.

A merciless approach — ruthlessly excising software clutter prior to the OS upgrade — will help ensure that the process goes smoothly.

With Windows 7’s official release to consumers just weeks away, you may be champing at the bit to upgrade your existing system. If you choose to install Win7 on an old Vista machine, however, a wise precaution is to clear out some of the clutter the machine has collected over the years.

First, determine which version of Windows 7 is best for your needs. In his July 16 Top Story, WS contributing editor Woody Leonhard examines the various Win7 editions. He concludes that, for most people, the less-expensive Home Premium version is a better choice than either Windows 7 Professional or Ultimate.

(Note that Windows 7 Starter Edition is available only preinstalled on netbooks. Woody’s June 4 Top Story discusses the design limitations Microsoft is placing on netbooks running Windows 7 Starter.)

Once you’ve selected a Windows 7 version, download and run the beta of Microsoft’s Windows 7 Upgrade Advisor, which you’ll find on the company’s Get Windows 7 page. The utility will indicate whether there are known Windows 7 compatibility problems with any devices on your PC. If so, the advisor may even suggest how to resolve the problem.

Microsoft’s page states that systems running Vista will usually have no problem moving to Windows 7. Conversely, if you’re currently using XP or any other operating system, the company says you should “experience Windows 7 on a new PC.” That may be good advice, but I’m the kind of guy who likes to find out for myself rather than take Microsoft’s word for it.

To be sure, many (most?) Windows 7 hardware and software incompatibilities won’t become known until after the OS ships on Oct. 22. This means you should take the advisor’s results at this point with a grain of salt.

The current beta version of the advisor is available only in English. Also, using the page requires that you share information about your system with Microsoft, though the company promises that “no information will be used to identify or contact you.”

Dump the applications you no longer use

Uninstalling unused applications not only frees disk space, it also returns precious system memory to Windows and applications, shortening their start-up times. If you’re planning an upgrade to Windows 7, moreover, removing nonessential programs reduces the odds that you’ll encounter incompatibilities during the upgrade process.

We’re often our own worst enemies when it comes to unnecessary software installations. A program catches our eye, we give it a spin or two, and then we promptly forget all about it. In addition to wasting disk space and cluttering the Start menu, the software can become a security threat as it ages and goes unpatched.

If you plan to use a program infrequently in the future, it may be best to install it only long enough to use it and then uninstall it until the next time you need it. A side benefit of this approach is that you may be more likely to try alternative applications — possibly smaller and faster ones — instead of sticking with whatever program’s already on the system.

Another option is to exile some programs from your computer’s hard drive to removable media. Firefox, OpenOffice.org, 7-Zip, Java, and other popular Windows apps and utilities are now available in portable versions you can install on a USB drive. This keeps them handy without adding them to the Registry or Start menu.

WS senior editor Gizmo Richards reported on how to choose and use portable applications in his June 18 and July 2 Best Software columns (paid content).

Free utilities make system cleanup a breeze

The problem with the uninstall utilities that ship with most apps is that they tend to leave behind files, folders, shortcuts, and Registry entries.

Gizmo’s Sept. 17 Best Software column (paid content) describes two free uninstall utilities that do a more-thorough job of excising applications from your system: ZSoft Uninstaller and Revo Uninstaller. You’ll find links to download the former on the ZSoft Software site and the latter on the VS Revo Group site.

Also, in today’s Best Software column, Gizmo covers the manual approach to removing programs when an uninstall routine is unavailable.

After dumping all but the essential programs on your system, take a moment to jettison other superfluous files. Right-click the Recycle Bin icon on the desktop and choose Empty Recycle Bin to really delete those deleted files. Next, right-click your hard drive’s icon in Windows Explorer or any folder window and choose Properties, Disk Cleanup.

Finally, defragment your hard disk. You can start Windows’ built-in disk defragmenter from the drive’s Properties dialog box by choosing the Tools tab and clicking Defragment Now. However, a third-party tool such as J.C. Kessels’ free MyDefrag (formerly JKDefrag) is faster and more thorough. You’ll find a download link for the program on the MyDefrag site.

Once in a while, you’ll run into a program that just can’t be pried loose from your Windows installation by using Windows’ own tools. WS editor-at-large Fred Langa presents his favorite uninstall tools, including Microsoft’s free Windows Installer CleanUp Utility and jv16 PowerTools, in his March 26 LangaList Plus column, “Clean up the mess left by incomplete uninstalls” (paid content).

Prepare your PC for the big Win7 migration

There are three more steps to take prior to beginning the upgrade.

First, use Windows’ free, built-in Backup utility or another backup program to copy your data files to a removable medium. You’ll find instructions for using Windows Backup in Microsoft Knowledge Base article 308422. Gizmo reviewed third-party backup programs on Sept. 4 and Sept. 18, 2008 (paid content).

Second, gather the installation discs and serial numbers for your applications. If you do a clean install of Windows 7, you’ll need the discs and software license numbers to reinstall the programs once the upgrade is finished. Also, be prepared to download and install any patches and security updates for the programs from the vendors’ sites.

Third, be prepared for any unexpected hardware glitches. Visit the download section of your PC vendor’s site to find the Windows 7 drivers for your specific video and network adapters. Save the Win7 version of the drivers for your system’s adapters on a USB drive or other removable medium. If something goes wrong with your upgrade, installing the new drivers you’ve saved in this way may solve the problem.

There’s no reason to start your Windows 7 sojourn with a poky PC. By banishing the bloat beforehand, you’ll spend more time working (or playing) and much less time watching the Windows hourglass.