“Hello, I’m calling from the Microsoft Anti-virus team. We have detected that your computer is infected with a virus.”

If you receive an unsolicited call which starts with a sentence similar to the above then this is an attempt by a scammer to capture your credit card details.

The scam

Their story seems semi-plausible, but is fake: they’re calling from Microsoft and have noticed some strange activity from your computer. To gain credibility, the phone scammer may give you easily discoverable information, such as your name, address, and phone number – all of which is readily available on the internet. Once they have your confidence they tell you to go to a legitimate folder or the Windows Event Viewer and say that if there’s a lot of files or entries in there (which there will be) that it’s very bad and your computer is infected. But fear not! It can all be solved for a reasonable price, plus they’ll continue to support your computer for a year. Just give them your credit card number to be charged a recurring fee and they’ll remotely fix your computer for you.

A remote connection to the computer is set up using legitimate third-party software and it looks like their technician is doing something important by running check disk, disk cleanup and deleting some temporary files. The “technician” then tells the victim that they have a lot of malicious files on their computer and gets them to sign up for a one year support contract to solve the issues. After receiving the credit card details in an insecure manner, as well the name, address, phone number, email address & email password the bad infection appears to be “removed” by deleting the innocent items from the Event Viewer and turning off event logging. Of course, with unrestricted access to the computer, the people behind these operations have the ability to install malicious software they claim to be removing.

This type of scam appears to be on the increase so be forewarned.

Microsoft Technical Support does not make unsolicited telephone calls offering you technical support. You always have to call Microsoft first.

If you do get this type of call keep your Credit Card in your pocket and save your money for when you really need technical support.

IT administrators are often so busy just trying to keep up with the obvious security threats that many more problems fly under the radar. Here are 10 security risks you may have in your organization that you are not aware of.

1: Your employees

Your own employees are your biggest source of security risks. Sometimes, it is deliberate; sometimes, it is not. Employees have the most access and the most time. We expend a lot of effort worrying about external threats, but in all honesty, all it takes is an employee bringing in a virus from a home PC on a USB drive to nullify all your forward-facing firewalls and measures. Disgruntled employees sometimes express their anger by hurting your computer systems. And of course, it is possible for a well-meaning employee to make a major mistake. Good governance, education, setting (and enforcing) policies, and knowing your employees are your best steps to closing the holes here.

2: Common coding mistakes

Certain mistakes in programming still get made despite years of warnings and education. Most common are SQL injection and cross-site scripting vulnerabilities. I still see these issues from time to time even in major software packages that you would think are trustworthy (WordPress is a good example). It’s hard to change software once you’ve installed it, so you need to keep these packages up to date even though it is quite a hassle.

3: Unauthorized machines

I’ve seen this one too many times. Someone decides to bring in an old PC and put it on the network to do something your existing infrastructure doesn’t allow them to do. They think that they are being helpful, working around the limitations of the IT department. After all, if IT won’t build a Web site for their group, it’s just “doing them a favor” to set up an old PC in the corner with a Web server on it, right? Wrong. The best way I’ve found to keep these rogue machines in line is with rigorous IP address audits and policies and scanning the network to create a list of machines. If machines can’t get IP addresses, they can’t do much harm.

4: Ancient “rock solid” servers

We all have them — that server buried deep in the data room that “just won’t quit.” Usually, it’s running some software package that is impossible to migrate to another machine. Sadly, these machines are often major security risks because they typically are no longer getting patches or we fail to patch them out of fear of breaking them. In addition, those older versions of operating systems often come with inherent security holes that no patching can fix. You need to replace these servers one way or the other. The best first step is to virtualize them. From there, it is a lot easier to try to update them.

5: Legacy applications

It’s not just the old servers that are big security risks; it is also the applications running on them, as well as other legacy applications you may have running. These applications would be a lot less problematic if they were current with their patches, but usually they aren’t. All too often, we miss a major version update because the upgrade is so difficult, and then we’re so far behind the ball that it’s impossible to catch up. Or perhaps the applications are completely discontinued. It’s painful to say it, but the best thing you can do is find a migration path to a recent version or another package entirely.

6: Local admins

We all know the dangers of allowing users to run with escalated privileges. Still, we occasionally end up with users being granted local admin rights inappropriately. In my experience, this often happens while troubleshooting a problem: We make the user a local admin to see if it fixes a problem and we forget to undo it. Regardless of how it occurs, it is a ticking time bomb for security. Use your central administration tools to make sure that the local admin list gets reset on a regular basis to the proper users and groups.

7: Incorrect share/file permissions

File permissions are tricky things, and most users are not even aware of how to set them. So what happens? Users create sensitive files in their usual networked location and those files get the default permissions, which are “collaboration friendly” to say the least. The next thing you know, everyone can read the documents, which are supposed to be confidential. Your best weapon is to pre- establish a share and file structure with the correct permissions. For example, give everyone a home directory for personal documents and create shares or directories around roles, projects, and teams with the appropriate permissions. The hard part is then educating them to use the correct locations — but that is much easier than trying to teach them permissions.

8: Hidden servers within applications

I have seen more and more applications lately that use a local Web server as an administration console. Sometimes, these applications are installed by users without permission. But occasionally, the IT department just does not realize what comes with an application. While these servers can be locked down so that they are not a risk (and with luck, they get installed like that), you need to verify that the applications are secured properly before allowing them to be installed on users’ machines.

9: VPN clients

Some users figure out how to set up VPN access on their personal machines. For a power user, it isn’t too hard to do. But you have no control over that machine, and once it is on the VPN, problems with the unauthorized machine can easily spill over onto the VPN. One thing you can do is audit the VPN systems to see who is connecting from what PCs and compare it to your list of authorized systems. Also, you can put additional firewalls around VPN clients to quarantine them. Finally, there are various systems to ensure that the clients connecting are on a preapproved list.

10: Disabled security software

Security software often puts up roadblocks to getting work done, so the “logical response” from many users is to find a way to work around it. For example, I’ve seen people set up anonymizers at home to sidestep IT policies. Power users (especially developers and system administrators) often know how to circumvent security tools. They may also be local administrators because of a technical need, which makes disabling software and changing settings even easier.

Combatting this is tough because these users often assume that they are “too smart” to be a security risk. What they fail to realize is that the modern crop of security threats do not require the user to make a mistake, like going to an obviously suspect Web site or downloading pirated software. Every Acrobat file, for example, is a potential plague rat at this point. Start looking for unusual trends, like large amounts of consistent traffic to an IP address and use centralized tools to ensure that settings are at the right levels and are reset periodically. Also, take any unnecessary local administration rights and firewall entire groups onto their own network segment to limit damage if those groups have a legitimate need for lower security.

Original article by Justin James for Tech Republic

Strong passwords are important protections to help you have safer online transactions.

Keys to password strength: length and complexity

An ideal password is long and has letters, punctuation, symbols, and numbers.

• Whenever possible, use eight characters or more.
• Don’t use the same password for everything. Cybercriminals steal passwords on websites with very little security, and then they try to use that same password and user name in more secure environments, such as banking websites.
• Change your passwords often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.
• The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing “and” to “&” or “to” to “2.”
• Use the entire keyboard, not just the letters and characters you use or see most often.

Create a strong password you can remember

There are many ways to create a long, complex password.

Here are some suggestions that might help you remember it easily:

What to do – Example

Start with a sentence or two – Complex passwords are safer
Remove the spaces between the words in the sentence – Complexpasswordsaresafer
Turn words into shorthand or intentionally misspell a word – ComplekspasswordsRsafer
Add length with numbers. Put numbers that are meaningful to you after the sentence – ComplekspasswordsRsafer2011

Test your password with a password checker

A password checker evaluates your password’s strength automatically. Try Microsoft’s secure password checker.

Protect your passwords from prying eyes

The easiest way to “remember” passwords is to write them down. It is okay to write passwords down, but keep the written passwords in a secure place.

Common password pitfalls to avoid

Cyber criminals use sophisticated tools that can rapidly decipher passwords.

Avoid creating passwords that use:

• Dictionary words in any language.
• Words spelled backwards, common misspellings, and abbreviations.
• Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
• Personal information. Your name, birthday, driver’s license, passport number, or similar information.

This article can be found in Microsoft’s Safety & Security Centre by clicking on the link below:

Change Passwords | Create Strong Passwords

I recently received the Virus Bulletin Reactive And Proactive (RAP) test results and thought I’d share them with you.

Virus Bulletin measures antivirus products’ reactive and proactive detection abilities against the most recent malware that has emerged around the world.

The following chart shows the RAP results obtained over the last four tests, with average reactive scores plotted against average proactive scores for each product. (The detection figures from any test during which a product generated false positives are omitted (for that product) from the average calculations.) This chart is updated on a bimonthly basis (click to view larger image).

The test measures products’ detection rates across four distinct sets of malware samples. The first three test sets comprise malware first seen in each of the three weeks prior to product submission. These measure how quickly product developers and labs react to the steady flood of new malware emerging every day across the world. A fourth test set consists of malware samples first seen in the week after product submission. This test set is used to gauge products’ ability to detect new and unknown samples proactively, using heuristic and generic techniques.
A full description of the RAP testing methodology and explanation of how to interpret the results graphs can be read here:

VB RAP Testing

Take a look at the chart above and see how your anti-virus solution of choice compares to other products available today.

I hope the results are not too surprising!!

Microsoft has revealed that Internet Explorer 9 will include features to combat the tracking of online user behaviour by web sites, following the endorsement of some form of ‘Do Not Track’ mechanism by the US Federal Trade Commission.

An excerpt from the MSDN Blog is given below as an outline of the new privacy protection which will be available in Internet Explorer 9.

______________________________________________________________

Today, people share information with more websites than the ones they see in the address bar in their browser. This is inherent in the design of the web and simply how the web works, and it has potentially unintended consequences. As people visit one site, many other sites receive information about their activities. This situation results from how modern websites are built; typically a website today might bring together content from many other websites, leaving the impression that the website appears to be its own entity. When the browser calls any other website to request anything (an image, a cookie, HTML, a script that can execute), the browser explicitly provides information in order to get information. By limiting data requests to these sites, it is possible to limit the data available to these sites for collection and tracking.

A Tracking Protection List (TPL) contains web addresses that the browser will visit (or “call”) only if the user visits them directly by clicking on a link or typing their address. By limiting the calls to these websites and resources from other web pages, the TPL limits the information these other sites can collect.

You can look at this as a translation of the “Do Not Call” list from the telephone to the browser and web. It complements many of the other approaches being discussed for browser controls of Do Not Track.

What we describe here is providing a new browser mechanism for people to opt-in and exercise more control over their browsing information. By default the Tracking Protection List is empty, and the browser operates just as it does today. The list is empty by default for two reasons:

• Controlling this aspect of the browser’s behavior is up to the user. The browser vendor provides the functionality and respects the consumer’s choices here.
• Restricting content from external sites can make some functionality in sites stop working along with the other web mechanisms (cookies, web beacons, and the like) that might be essential to how the sites operate.

Anyone or any organization can create a TPL (it is just a file that can be placed on a website) and people can add and remove lists as they see fit, having more than one if they wish. To keep everyone’s experience up to date, the browser will automatically check for updates to lists on a regular basis. One change from similar features in IE8 is that once someone has added a list, Tracking Protection remains enabled across browsing sessions until it is turned off.

In addition to “Do Not Call” entries that prevent information requests to some web addresses, lists can include “OK to Call” entries that permit calls to specific addresses. In this way, a user can make exceptions to restrictions on one list easily by adding another list that includes “OK to Call” overrides for particular addresses.

We designed this feature so that users have a clear, straight forward, opt-in mechanism to enable a higher degree of control over sharing their browsing information AND websites can provide easy to use lists to manage their privacy as well as experience full-featured sites.

This is an extract of information found on the MSDN blog at the following location:

Basic protection for surfing, searching and social networking

Millions of people around the world use AVG Anti-Virus Free for their basic online activities. Whether it’s surfing the Internet, conducting web searches, or simply keeping up with friends on Facebook, AVG Anti-Virus Free has got you covered.

AVG Anti-Virus Free Edition 2011 allows you to:

• Surf and search with confidence AVG LinkScanner’s® real-time protection
• Stay protected on social networks with AVG Social Networking Protection
• Enjoy a faster running PC AVG Smart Scanning works while you’re away and runs in low-priority mode when you return
• Stay up-to-date with the latest threat information from the AVG Community Protection Network and AVG Protective Cloud Technology

You can download AVG Free 2011 directly from AVG.com by clicking the image below:

Complete protection for everything you do

We know when you go online you want to be able to surf, search, download, bank, and shop safely. With AVG Internet Security, AVG’s most advanced protection, you get a worry-free online experience every time. AVG Internet Security’s multiple layers of protection mean you don’t have to worry about identity theft, spam or viruses and it even prevents you from accidentally visiting harmful sites.

It’s faster, smarter security that won’t slow your computer down.

Safely bank and shop online without fear of identity theft thanks to AVG’s new Identity Protection technology

Surf, and search with confidence, with LinkScanner® checking web pages at the only time that matters – right before you click that link.

Get AVG Internet Security for Free

Security problems surrounding protocol handling and Web browsers have surfaced again — this time with Google Chrome and Microsoft’s Internet Explorer.

According to an advisory from the Google Chrome team, there’s an error in handling URLs with the a chromehtml: protocol that could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions.

[ SEE: Command injection flaw found in IE: Or is it Firefox? ]

The skinny:

• If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker’s choice.

The “high severity” vulnerability affects Google Chrome versions 1.0.154.55 and earlier.

It can be exploited by malicious hackers to launch universal cross-site scripting (UXSS) attacks without user interaction under certain conditions.

[ SEE: Mozilla caught napping on URL protocol handling flaw ]

IBM’s Roi Saltzman, the researcher credited with finding and reporting the issue to Google, has released an advisory (word .doc) to explain the attack vectors and impact.

He warns that the flaw opens the door to two major attack vectors:

• Bypass the Same Origin Policy restrictions for any site (this has the same impact as Universal XSS)
• Enumerate victim’s local files and directories

“It is important to note that the way Internet Explorer processes URL protocol handlers is a known Achilles’ heel and has been widely used previously to attack other various applications,” Saltzman said.  Proof-of-concept code for this issue is publicly available.

Microsoft maintains the problems are not related to vulnerabilities in its code.

Experts are warning that hackers have yet to activate the payload of the Conficker virus.

The worm is spreading through low security networks, memory sticks, and PCs without current security updates. The malicious program – also known as Downadup or Kido – was first discovered in October 2008. Although the spread of the worm appears to be levelling off, there are fears someone could easily take control of any and all of the 9.5m infected PCs.

Speaking to the BBC, F-Secure’s chief research officer, Mikko Hypponen, said there was still a real risk to users. “Total infections appear to be peaking. That said, a full count is hard, because we also don’t know how many machines are being cleaned. But we estimate there are still more than 9m infected PCs world wide. It is scary thinking about how much control they [a hacker] could have over all these computers. They would have access to millions of machines with full administrator rights. But they haven’t done that yet, maybe they’re scared. That’s good news. But there is also the scenario that someone else figures out how to activate this worm. That is a worrying prospect.”

Experts say users should have up-to-date anti-virus software and install Microsoft’s MS08-067 patch. The patch is known as KB958644.

Speaking to the BBC, Graham Cluley, senior technology consultant with anti-virus firm Sophos, said the outbreak was of a scale they had not seen for some time.

“Microsoft did a good job of updating people’s home computers, but the virus continues to infect business who have ignored the patch update. A shortage of IT staff during the holiday break didn’t help and rolling out a patch over a large number of computers isn’t easy.” “What’s more, if your users are using weak passwords – 12345, QWERTY, etc – then the virus can crack them in short order,” he added. But as the virus can be spread with USB memory sticks, even having the Windows patch won’t keep you safe. You need anti-virus software for that.”

Method

According to Microsoft, the worm works by searching for a Windows executable file called “services.exe” and then becomes part of that code.

It then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.

Once the worm is up and running, it creates an HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site.

Most malware uses one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down.

But Conficker does things differently.

Anti-virus firm F-Secure says that the worm uses a complicated algorithm to generate hundreds of different domain names every day, such as mphtfrxs.net, imctaef.cc, and hcweu.org. Only one of these will actually be the site used to download the hackers’ files. On the face of it, tracing this one site is almost impossible.

Variant

Speaking to the BBC, Kaspersky Lab’s security analyst Eddy Willems said that a new strain of the worm was complicating matters.

“There was a new variant released less than two weeks ago and that’s the one causing most of the problems,” said Mr Willems “The replication methods are quite good. It’s using multiple mechanisms, including USB sticks, so if someone got an infection from one company and then takes his USB stick to another firm, it could infect that network too. It also downloads lots of content and creating new variants though this mechanism. Of course, the real problem is that people haven’t patched their software,” he added.

Microsoft says that the malware has infected computers in many different parts of the world, with machines in China, Brazil, Russia, and India having the highest number of victims.

Original Article

McAfee Info