Loading....

Kids, This Is Why We Don’t Recommend Norton (Because It Doesn’t Work)

Let’s get right down to it – Symantec’s Norton Internet Security is horrible antivirus software and it flat-out does not work.  Let me repeat that – Norton Internet Security is horrible antivirus software and it flat-out does not work.

Want to see why?

Here’s a system with a current, updated version of Norton Internet Security – all seems well, right?

Norton Does Not Work

Yeah, not so much…

Norton Does Not Work

Oh, it’s probably just 494 “little” infections, right?  Ouch…

Norton Does Not Work

Now, I’m not here to just bash on Norton Internet Security, which is in fact terrible antivirus.  This isn’t a game – this is real life, real money, and real personal information here.  NO antivirus product is 100% guaranteed to prevent every possible virus, but there is absolutely no excuse for not catching nearly 500, current, documented infections.  This system was current on Windows Updates, all 3rd party software was updated (e.g. Java, Acrobat, Flash, etc.) and it’s on the latest Service Pack for XP (SP3):

Norton Does Not Work

There is just no other way to put it.  I can’t say it enough.  Norton Internet Security does not protect your system and it is a complete waste of money.  If you are using Norton Internet Security, we recommend replacing it with ESET Nod32 Antivirus.  We recommend Malwarebytes’ Anti-Malware Pro in conjunction with ESET Nod32.

To recap:

[checklist]

  • Don’t use Norton Internet Security – it doesn’t work and it itself, is an infection
  • Use ESET Nod32 Antivirus
  • Use Malwarebytes’ Anti-Malware Pro
  • Use common sense when browsing the web – e.g. don’t open attachments unless you are expecting to receive a file from someone, don’t click on random links, read what you’re about to click on before you click on it, etc..

[/checklist]

New Zeus Botnet Worm Posing As “FacebookPhoto_ADD_album.jpeg.exe”

BotnetCareful, folks, there’s a new Worm that is posing as a “Facebook Photo Album” executable.  A .zip file is being emailed and if you install the program within, you’re likely to infect your system.  Currently only 8% of antivirus scanners are detecting this worm, so this one is fresh.

You should never open any attachments from people you do not recognize.  Even if the message is from someone you recognize, think twice before opening a .zip or .exe file.  There really is absolutely no reason to install any software sent to you via email.  If a friend or family member are trying to tell you about a new program, they can send you

Now is also a good time to mention email providers.  We strongly recommend switching to Google Apps, which is free Gmail for businesses.  You are not going to see any messages get through with a .zip attachment while using Gmail.

As always, if anyone has any questions, just let us know!

ANOTHER Zero-Day Exploit for Internet Explorer

Please stop using Internet Explorer!THN is reporting yet another Zero-Day exploit for Internet Explorer.  This appears to only affect Windows XP SP3 with Internet Explorer 7 or 8.  Even with a fully-patched system, you are still vulnerable.

Remember though, last time it seemed like it was just IE9 and then it ended up being all versions of IE across all versions of Windows.

If you haven’t switched to Firefox or Chrome, switch today.  Firefox 16 is lightning fast and offers the recommended NoScript and AdBlock plugins.  Chrome is fast and safer than Internet Explorer.

Take this one seriously, folks.  I know a lot of you out there still run Windows XP and even systems in the last 3 years were shipping with XP.  Also, if you’re still utilizing the AOL Desktop Software, now is time to stop.  AOL’s browser is just Internet Explorer.  If you are running Windows XP and you are using the AOL Desktop Software, your system is ripe for the pickin’; even if it’s fully-patched and protected with antivirus.

If anyone has any questions, let us know!

Bad Apple

Over half a million infected Macs.  A week later and the only sign of removal tools were coming from independent developers.  At least Apple finally spoke up and admitted they have a malware problem.  That was only 3 days before a second threat (SabPab) was announced and as of today, there are still over 140,000 Macs out there infected with Flashback.

“But I thought Macs can’t get viruses?”

Technically speaking, the Flashback infection hitting Mac users is actually a Trojan.  This infection takes advantage of a security hole in third party software (Java).  If you’re reading this on your Mac, please make sure you’ve installed the latest security updates from Apple.

Macs can in fact get viruses, it’s just that there hasn’t been much need to do so.  It all comes down to the biggest bang for their buck and 10 years ago, everyone was still running Windows 98, browsing the web with Internet Explorer, running no antivirus software.  That crowd of users has since migrated on over to Macs and now everyone and their grandmother has a Mac.  It seems everyone has a Facebook page too.  So you have a huge segment of users who never learned the basics about staying safe on the web, all using systems that “can’t get infected,” all using a common web page that anyone can post virtually anything to.  Hey, sounds like a crowd perfectly suited to point new infections at!

The approach to security I’ve seen many Mac users take is, well, no approach.  The common theme I see amongst many Mac users, is they were former Windows users.  They got tired of all the blue screens, viruses, and pop-ups.  They moved on to their new system that “can’t get viruses.”  What they didn’t know, was their problems would only follow them, no matter which system they used.

So now that you’re using a Mac and have a virus/Trojan/malware, what’s the plan?  Ditch your Mac and move to another platform?  Time to switch to Ubuntu?  See how silly of an idea it was to think that by simply buying a Mac, you wouldn’t have issues?  It’s almost as if the things we’ve been talking about for years @ anti-virus and best practices @ web safety, were right on target all along.  😉

Sitting back and waiting simply isn’t the best approach to security.  Security should be a mesh or layered approach.  We recommend the following for every day PC users, whether it be for home or business use:

[checklist]

  • A current, updated/patched operating system
  • Effective, yet user-/resource-friendly antivirus
  • Anti-malware protection
  • A safer internet browser, such as Firefox or Chrome
  • An ad-blocker for your internet browser (for added security, we recommend NoScript in addition to ad-blocking)
  • Common sense
  • Keep your computer(s) behind a hardware firewall

[/checklist]

There simply isn’t a silver-bullet when it comes to security.  Much like with cars, safety improves every year.  New features are added to keep drivers safe.  It’s not just one piece of the car that helps keep its passengers safe.  It’s everything from safety belts to air bags; new tires and anti-lock brakes to crumple zones.  No matter which safety features a vehicle has though, none of them trump a safe, alert driver.  Strap on all the safety belts you want, it’s not going to do much to help you if you intentionally drive your car off a cliff (please, don’t do that).

So Mac users, it’s time to make sure you’re running a proper antivirus program.  We recommend ESET CyberSecurity for Mac.  And try not to get too mad at me for talking down about your shiny Mac.  This isn’t about ad hominem attacks.  There’s a reality here that many have been ignoring and avoiding for years.  While it’s upsetting to realize you were wrong all those years, all we can do is learn from our mistakes and move forward.

[Warning] New Facebook Threat

Computer BugThere is a *new threat floating around Facebook.  It’s another one of those “See Who’s Viewing Your Profile” scams.  I’m not surprised so many people are dying to see who’s viewing their profile.

It’s such a common desire that the “bad guys” know they’ll be able to fool at least one person (well, clearly more) into falling for their trick.  This is akin to some scam artist trying to sell you something you don’t need.  Stop and think, “wait, is this REALLY going to show me who’s viewing my profile…and is it worth it?”  This is how you get viruses, get your personal information stolen, get your email hacked, etc.

This latest scam was around when MySpace was popular, so the actual tactic isn’t new.  The post that’s making its way through Facebook looks like this:

Facebook Stalker
Fake View My Profile Post | Click to Enlarge

Notice they’re using a URL shortening service (Bitly) to mask the true URL.  They’re trying to mask something from you, which should be the first clue.  If you’ll also notice this was posted via the Stalker-Viewer app.  Even ESET Nod32 Antivirus knew this was a potentially unwanted app and blocked it long before Facebook even knew about this rogue app:

ESET blocking rogue Facebook app
ESET blocking rogue Facebook app

ESET notifies that it has blocked the URL long before the website had a chance to harm your system:

ESET Nod32 blocking rogue Facebook app's site
ESET Nod32 blocking rogue Facebook app's site

The main thing to take from this article is that threats on Facebook are-a-plenty.  You want to use Facebook to help your consignment or resale store gain exposure.  Make sure you sit down and discuss this with your employees though.

No matter which antivirus or security software you have, there should never be a sense of “I can click whatever I want.”  Those that switched to Macs years ago because they thought they could do just that, are finding out the hard ware that malware exists on Mac OS and phishing/stealing login information can happen on ANY computing platform.

You wouldn’t send your friends into an unknown city and tell them to go walking down the back alleys in the middle of the night.  The same is true with the Internet.  You want to empower your employees with information so they can be informed while browsing the web.  Make sure you view our additional articles in our blog that discuss other Facebook threats, ESET, Malwarebytes and NoScript.

Malwarebytes’ Anti-Malware Pro

Malwarebytes' LogoWe’ve utilized a variety of antivirus and anti-malware tools over the years.  ESET Nod32 Antivirus is the only antivirus product we recommend.  We’ve even given Avira, G-Data and Microsoft Security Essentials a shot, just to test the options on the market.  No antivirus software compares to ESET Nod32, especially for systems running hi-demand database applications such as consignment software.

Antivirus alone is no longer enough though.  Threats come in all shapes and sizes and “virus” no longer covers the gamut of threats out there.  Once a system is compromised, it can be very difficult to regain control over.  The most effective tool in regaining control over a compromised system, in our experience, is Malwarebytes’ Anti-Malware Pro.  Malwarebytes was released in 2008 and its free version is great at removing infections.  The paid Pro version runs in real-time, actively protecting your system against unwanted applications and threats.

Why do I need Malwarebytes?  I thought you only recommend ESET Nod32.

A few years ago, prior to Facebook being so widely utilized, viruses seemed to only show up by “obvious” methods.  e.g. An email with an attachment, a disc or external drive that is infected, etc.  That’s not to say obscure threats didn’t exist back then, but less people were exposed since they weren’t congregating in online forums and sites such as Facebook.

Since both businesses and individuals are utilizing Facebook on a daily basis, it’s almost like shooting fish in a barrel.  If you post one malicious link, by sheer statistics alone you’re going to get a large amount of people who fall for the trick and <click> away.

In addition to Facebook there is Google and Google Image search results.  Many consignment and resale stores will search for items on Google to verify anything from authenticity to current market value.  The people writing and deploying these malicious applications know that people are searching Google for a variety of keywords.  They do everything they can to get their websites and poisoned images into the top results on Google.  One <click> and wham, you’re infected.

The best response I have found @”Why Malwarebytes?” is on MBAM’s Facebook page @ http://www.facebook.com/Malwarebytes:

Malwarebytes Anti-Malware is a complementary program and defined as an anti-malware program which detects and removes malware; malicious programs and files, such as viruses, worms, trojans, rootkits, dialers, spyware, and rogue applications that some antivirus software doesn’t detect or can’t fully remove. With that said, Malwarebytes Anti-Malware works well and should run alongside antivirus software without conflicts, though exclusions may need to be set in your antivirus for Malwarebytes’ Anti-Malware’s exe’s to get the best possible system performance.

In a PC Magazine article, Malwarebytes’ COO Marcus Chung provides a great analogy for Malwarebytes:

“My favorite analogy,” said Marcus “relates to seatbelts. People used to think seatbelts were enough, but then airbags came along. It’s a solution from a different direction, not competing with the seatbelt. We are the airbag!”

So Malwarebytes is not an antivirus replacement.  Don’t let anyone try and tell you that Malwarebytes is the only security program you need.  It is intended to provide a mesh approach to security and is intended to compliment your existing antivirus software.

Malwarebytes’ Anti-Malware Pro is completely compatible with all of the major consignment software programs on the market.  We’ve tested Malwarebytes’ Anti-Malware Pro with the following consignment software programs:

  • ConsignmentTill
  • Consignment Success | Consignment Ease | Best Consignment Software
  • ConsignPro
  • Liberty
  • SBS

Unlike other security programs that have done everything from block Liberty from communicating with Microsoft SQL Server, to deleting files that ConsignPro requires in order to run, Malwarebytes has done a perfect job of helping consignment software programs continue to run as intended.

The Computer Peeps recommend (and if we could, we’d require it) that any computer connected to the Internet run ESET Nod32 Antivirus + Malwarebytes’ Anti-Malware Pro.  There are just too many threats and variants out there today and even with the best antivirus software out there (ESET Nod32), unwanted programs can still sneak by.

People think viruses have to be these big, bad programs that delete files, cause pop-ups, etc.  Not so.  Any software that is considered unwanted and any program that was brought onto the system without your knowledge or doing, can be considered a virus.

Malwarebytes can be purchased for $25 and it’s a lifetime license.  We strongly recommend downloading Malwarebytes and letting it run a QuickScan.  The Pro trial lasts for 14 days, but do yourself a favor and pay the one-time fee for a lifetime license.  Their developers and testers deserve every penny of it.

As always, if you have any questions or if you need any assistance, don’t hesitate to ask!

Spiders, oh my!

Well, I thought it was just my ‘friends’ on Facebook that were clicking the spider link, so I just left them to their own devices (I’ve warned them a million times about this sort of stuff and they choose to ignore the warnings).  I’ve seen a bunch more people click that link though, so I figured I’d put up a blog post about it.

The spider link on Facebook isn’t going to show you any videos of *disgusting* stuff.  You’re not going to see baby spiders coming out of someone’s bellybutton.  Why the hell would you want to see that anyway!?  😀  If you or any of your Facebook friends have clicked on the bogus link, chances are your system is infected.  In case you don’t know what the link looks like, here it is:

Fake Facebook Spider Post
Fake Facebook Spider Post | Click to Enlarge

While we’re on the subject, you might want to *avoid* the Free iPad Facebook posts, along with the naked chicks.

If you want to click on these types of links, let us know.  We can configure your system so that you’re protected once you click links like this and realize they are completely fake and do nothing but invite viruses onto your system.

[Warning] Virus via Fake Justin Bieber Facebook Post

The Biebs.  The Biebs.  We all love her.  This latest social engineering attack comes by way of Justin Bieber and a “video that ends his career for good.”  I guess these sorts of links are irresistible too.  It’s the guys clicking this one!  😀

Justin Bieber Facebook Malware Removal
Fake Justin Bieber Post | Click to Enlarge

We’re *all adults, so I’m not going to blur out the middle finger.  😀  Ok, so I have to give *them* some credit on this one.  In Facebook posts, they always show the domain name – e.g. in this case, linkedin.com.  If you hover your cursor above the link though, it reveals the following:

Linkedin Redirect URL
Linkedin Redirect URL | Click to Enlarge

The LinkedIn domain name is completely legitimate!  There’s actually a *flaw* of sorts in LinkedIn’s code.  The redirect?url= variable accepts any URL, as long as it begins with www.  So I’m able to enter http://www.linkedin.com/redirect?url=www.thecomputerpeeps.com and it will take you to our website.

Someone noticed this and realized, “hey, Facebook only shows the domain name.”  They take you off to their site and launch a screen shot of a Justin Bieber video, re-post to your Facebook wall and write a virus to your hard disk…

Fake Justin Bieber Video
Fake Justin Bieber Video | Click to Enlarge

Well, since LinkedIn is a legit site, Facebook is going to let it slide.  Yikes!  So really, this issue begins with LinkedIn’s system.

When you see this post, mark it as SPAM…

Report scam Facebook posts as SPAM
Report scam Facebook posts as SPAM | Click to Enlarge

Not even a week from our Social Media Frenzy workshop in Dallas and we see a new, smarter malware post.  I was discussing this with Kate Holmes and a good way to explain this, is to equate it to the flu shot.  Without people poking around and finding all of these flaws, systems would remain insecure and vulnerable to attack.

If you or anyone you know clicked on that link out there in the Facebook Feed, your system is infected (if it didn’t pop-up a quarantine notification right away).  You know the drill -> http://mycp.biz/thecomputerpeeps_eset.

Don’t forget to read our other posts that show other types of Facebook social engineering attacks.

[Warning] ANOTHER Bogus Facebook Link

This one just popped-up in the Feed a few minutes ago.  Its title is “Yeahh!! It happens on Live Television!”  Ironically enough, it’s women that are clicking on this post too, not men.  😀

Fake video post on Facebook | Click to Enlarge

This one redirects you to a fake Facebook page…

Fake Facebook Page
Fake Facebook Page | Click to Enlarge

It then asks you to “Click Jaa twice to confirm”…

Click Jaa twice
"Click Jaa twice" - Are you kidding me? 😀 | Click to Enlarge

I mean, you should’ve already been able to tell this was a bogus post right away.  The website weebly[.]com lets anyone create a website, so someone signed up for videovideo1[.]weebly[.]com.  It’ just like anyone can sign up at BlogSpot or WordPress.  Asking people to click ‘Jaa’ not once, but twice – are you joking?  Is that some form of new security measure – click twice?  Sadly enough, it works for X amount of people.

You know the story…install Firefox, install NoScript, use ESET Nod32 Antivirus, blah, blah, blah.  😀

I must sound like a broken record!

========================================================================

UPDATE 6/23/2011

It looks like they’ve moved their crappy little pages over to a different site.  The same scam post from yesterday, is showing up with a new URL…

Bogus Facebook Link
Bogus Facebook Link | Click to Enlarge

Same virus as yesterday, same bogus picture, just a new URL and a new title.

[Warning] Latest Facebook Malware Link – “r0ller c0aster”

Shocker.  The ‘0rgasm’ post on Facebook leads to a virus (Trojan).  Funny enough, it hasn’t been men that have been clicking on the link in the feed.  🙂

Here’s what the latest scam/virus/fake link looks like…

Facebook malware virus trojan scam social engineering

They’re trying to circumvent Facebook’s detection algorithm by tossing in zeros (0) for the O’s…

Trying to trick Facebook's algorithms

I don’t really feel too bad for those who clicked this (come on, isn’t this one just obvious?), but we still have to bring it to everyone’s attention.  The very nature of Facebook’s “social – proof” feedback leads to people almost unconsciously clicking random links in the Facebook feed.  “Oh, I bet this is funny, it can’t be too bad.”  All it takes is one click and your system is infected.

Well, this one is a Javascript loader that pushes a Trojan onto your PC…

ESET Nod32 Blocks Javascript Loader Trojan

If you clicked the ‘r0ller c0aster’ link in the Facebook Feed and you didn’t see a notification from your antivirus software instantly, then you are infected, 100%, no doubt.  You should be running ESET Nod32.  What if an employee clicked on that link while at your store?  Your consignment software would be rendered useless until the infection was removed.  How many minutes can you go without your systems?  How many hours?  What if your backups stopped working two days ago, but you didn’t know?  Now your systems are down and you might’ve lost the last few days’ worth of data.  See how quickly one little *click* could turn into a disaster?

The interesting thing is, ESET’s database knew about this threat and Facebook didn’t.  Now, Facebook isn’t security software (not primarily), but it does perform security tasks.  They do parse new posts for known-bad URLs and will either toss up a CAPTCHA or if it’s a known-threat (according to Facebook, that is), then they’ll block the post altogether.  Maybe Facebook could/will eventually get to the point where they utilize a global threat database.

This is one of the topics we’ll be discussing this Saturday at the 2011 NARTS Conference in Dallas, TX.  There is no silver bullet.  Sure, this is technology and security programs exist, but social engineering and people trying to scam you isn’t unique to technology.  We’ll continue to show the types of posts used to dupe you into installing malware.  Just stop and look at the URL before you click.  Make sure it’s a trusted URL.  And no matter what, just start using ESET Nod32, please?  How many times are you going to see someone get infected or you yourself, end up with an infected system?

Back To Top