Worms

Halloween is all about tricks, treats and pretending to be something your not. Scareware must think every day is Halloween.

Computer experts are reporting that scareware is on the rise. Scareware - a sneaky hacker technique used to steal personal information and spread viruses - is being found in more and more places online and even on trusted sites, like the New York Times.

"The recent scareware attacks are cropping up everywhere and can be found on even the most trusted Web sites online," said Alison Southwick, BBB spokesperson. "The threat of scareware undermines consumer trust in compromised Web sites, and on the Internet in general, but there are steps computer users can take to protect themselves."

How Scareware Tricks and Treats

Scareware usually presents itself as a pop up window on your computer that looks like it is from your computer. It gives some message that your computer has been infected with a virus that needs to be removed. Often the message tells you to go to the link provided to purchase and download anti-virus software. Once the software is purchased the download begins. Unfortunately, it is not anti-virus software that is being downloaded, but more viruses and malware.

If that weren't bad enough, now the hackers have your credit card information too.

This senario is playing out all over the internet. It was in mid-September that visitors to the New York Times web site started getting the infected pop up window. The New York Times traced the infected window back to an unauthorized ad. They later found out that the ad space was sold to hackers posing as Vonage.

But The New York Times is not the only site being affected and pop up windows are only half the story with scareware. According to Computer World Magazine, hackers are also "poisoning Google search results." Hackers monitor popular search topics and then create infected web pages with related content. They work to get those to the top of Google search results and when someone clicks a link in the search results - the infamous pop up window appears.

How to Protect Your Computer

Fortunately there are steps that you can take to protect your computer from scareware:

• Never let your guard down. It is a fact that scareware can show up on even the most trusted sites, Google, Twitter, The New York Times, etc.
• Protect your computer. Keep your operating system updated and install a good quality anti-virus program. We recommend the following packages: Norton 360 (includes backup and other features), Norton Internet Security 2010 (good all around option), or avast! (free and good), and keep it up to date. Also make sure that all security patches and updates are installed for your webrowser and programs like Adobe Flash Player.
• Take immediate action during an attack. If a scareware window opens up, force close it using the task manager and then run your trusted anti-virus software.

If you clicked on the link and have downloaded the software all is not lost, but things aren't good. The Washington Post offers advice on their Security Fix blog of how to rid your computer of the viruses and malware. But if you aren't computer savvy, you may think about calling a professional to clean up the mess.

UPDATE: An article from Wired magazine's Threat Level blog sheds more light on how web sites are being targeted for malware distribution:

Web ads have become much more advanced over the years and many now include scripts that provide data tracking and other functions. Because of this, crooks are working to have their "ads" run on popular websites. Their ads also contain scripts, but the code displays scareware instead of tracking clicks or views.

In the article, Gawker Media - a major blog network of sites like Gizmodo, LifeHacker, Jalopnik and others - was targeted for ad placement, but fortunately Gawker has a team of geeks that digs into the code of any ad and confirms that it contains no malicious code. I'm guessing the NY Times now is enforcing a similar policy (yep, it is now).

Heaven help us when we visit sites that have no such team of geeks to protect us from malicious ads...

A recent article by Kevin Poulsen on Wired.com made a sobering observation: software hackers are becoming as sophisticated in their programming as the software they're trying to attack. Where hacking used to be something of a harmless, if annoying prank by bright, restless kids before they went off and got regular jobs, hackers are increasingly well-funded and making use of state-of-the art technology to design the trojans, viruses and spyware that attempt to get into your computer.

Today, the best hackers have the skill and discipline of the best legitimate programmers and security gurus. They're using mind-bending obfuscation techniques to deliver malicious code from hacked websites undetected. They're writing malware for mobile phones and PDAs.

The Case of the Clever Conficker

Poulsen cited the the worst case of computer infection in recent years, the Downadup worm , also known as the Conficker worm (see “Latest Worm Infect 9 Million PCs”). One reason the Conficker worm spread so quickly was that it was the first widely-released program—good or bad—to incorporate M6, a state-of-the-art cryptographic algorithm developed at MIT. When crypto expert Phillip Porras first dug into Conficker's code, M6 was available only from the websites of MIT and the U.S. National Institute of Standards and Technologies—and no one even recognized M6 at first. When it came to implementing M6 the bad guys had beat the good guys to the punch!

Other portions of Conficker were equally impressive: the way it doggedly hunts for anti-virus software on a victim's machine, and disables it; or the peer-to-peer mechanism. "There were points where it was pretty clear that certain major threads inside Conficker C seemed to be written by different people," Porras says. "It left us feeling that we had a more organized team that brought different skills to bear.... They aren't people who have day jobs.

Another reason the Conficker worm wriggled its way into so many computers was the flexibility and responsiveness of its software engineers. Just like legitimate software engineering teams, when the authors of Conficker discovered a security hole in the first release of their program they stayed up nights and patched their code within just a few weeks. Experts are observing new malware coming out as quickly as a couple of days after a new vulnerability is announced.

What You Can Do?

• Be proactive. Now. Believe that you're computers connected to the Internet are at risk and it's up to you to fortify them.
• If your anti-malware software doesn't run automatically get in the habit of running it daily. If you haven't updated your anti-malware software lately, do it today.
• Make sure your operating software is updated regularly. The best method is to let it download and update automatically. Software vendors will update their software as quickly as possible after a serious weakness is discovered.

More Info

Read the article - Future of Cyber Security: Hackers Have Grown Up.

The Worst Outbreak in Years

Using a flaw in the Windows Server service that was detected and patched months ago, a single worm has managed to infect nearly 9 million PCs in just over two weeks — and the rate of infection is increasing by the day. In just four days, the "Downadup" worm (which is also sometimes referred to as "Conficker,") spread from an estimated 2.4 million computers to 8.9 million. It has been described by many security experts as the worst outbreak of malicious software in years.

In October, Microsoft sent out a rare emergency security update for all of its operating systems, including Vista, XP, and Windows 2000. Unfortunately, this update seems to have been ignored by a large portion of PC users, leaving millions vulnerable to Downadup.

Full Dangers Still Unknown

Right now the intentions of developers responsible for the malicious software remains unclear. For the time being, the hackers have only bothered to send out a fake security security program, which creates pop-ups designed to annoy users into paying for a worthless program. But Downadup could potentially hijack millions of computers and use them as bots capable of carrying out whatever commands the hackers send them.

That the whole problem could have been averted if users had just bothered installing a patch Microsoft issued long ago, underscores the importance of setting your operating system to automatically download and install security updates. Those with infected computers undoubtedly let the patch languish for months in an update queue, alongside much less essential software updates.

How to Update Windows Automatically

Windows XP

To set your PC to update automatically in Windows XP, simply access the Control Panel in the start menu, click "Automatic Updates," and choose "Automatic."

Windows Vista

For Vista, open Windows Update in the start menu, select "Change Settings," and then select "Install updates automatically."

How to Remove the Worm

Your computer might not be showing any signs of infection or you may have seen some odd behavior.

From Microsoft:

If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms:

• Account lockout policies are being tripped.

• Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
• Domain controllers respond slowly to client requests.
• The network is congested.
• Various security-related Web sites cannot be accessed.

If your PC has already been infected by Downadup, first install the emergency update, then run the latest edition of Microsoft's Malicious Software Removal Tool to remove the worm from your computer.

More information about the worm is available from Microsoft. You can also read more on Computerworld.

The Sober worm we talked about earlier will possibly start clogging email inboxes on January 6 or even January 5.

If you aren't running anti-virus software (huh?) or haven't updated your definitions file recently, you'll want to so in the next day or so. If not, you could be one of the computers spreading more Nazi propoganda.

So where can you scan your computer for free? Here are a few ideas:

- http://housecall.trendmicro.com/

- http://us.mcafee.com/root/mfs/default.asp

- http://www.pandasoftware.com/products/ActiveScan.htm

These services will allow you to scan for free, but you'll probably have to pay a small fee to remove anything they find. In either case, it's best to know if you're clean (or not).