Tag Archive | "malware"

Beware of Fake Apple Invoices

It appears that fake Apple invoices are turning up in your inbox.

The invoices appear to be legitimate Apple “receipts” that iTunes users are familiar with seeing after purchasing music or apps. Most of us would be shocked by the price that appears to have been charged on our credit card. We will immediately want to click the link to view or report a problem – don’t. The links take you to fake IRS pages and ask you to download browsers (malware).

fake apple invoice

Fake Apple Invoice

Take a close look at the invoice and notice the mistakes and/or odd words/actions. A legitimate invoice will have your name/email and address listed, and should have the last 4 digits of your credit card in the upper right of the invoice.

Don’t click any links. Delete the message, or if you prefer, call Apple or your Credit Card company.

Source: Fake Apple invoices lead to Blackhole exploit kit that drains your bank account | Naked Security.

Posted in Featured, Information, Quick TipsComments (0)

Sources for Computer Virus News Alerts

If your concerned about security and need to know the latest information about possible virus and malware threats, then take a quick look at the following list.  The data from these sites is updated regularly and can help you keep ahead of an outbreak or attack.

McAfee Virus Information

See the latest virus information on McAfee’s virus alert page. Use the dropdown to select among malware, hoaxes, jokes, or view all.  You can also sign up for email alerts too.


Symantec/Norton’s Threat Explorer

Get a breakdown of vulnerabilities, threats, and risks at Symantec’s Threat Explorer.  Plus see what popular “applications” are currently vulnerable to attacks so you can get them patched.


Trend Micro’s Threat Encyclopedia

See the latest that Trend Micro has identified as a threat at the Threat Encyclopedia.


SophosLabs Blog

Read what the industry experts at Sophos have to say about what’s going on with recent threats at the SophosLabs Blog.  Subscribe to their RSS feed and signup for email notifications too.


Microsoft Security Bulletins

Only for those running Windows – get the latest on Microsoft vulnerabilities at their Security Bulletin Search page.  Don’t forget to signup for automatic security notifications.


Security Focus

The Security Focus Vulnerabilities page allows you to search for vulnerabilities by vendor. Get even more granular by drilling down into titles and software versions. Get your Security Focus newsletters too.


Computer Associates – Vulnerability Information Center

Find newly discovered vulnerabilities and alerts from the Vulnerability Information Center at CA. From there branch off to virus and spyware news.


I’m sure there are a few more reputable sources for this kind of information. Please post your favorites in the comments.

Posted in Anti-virus, InternetComments (1)

How To Do A Free Online Virus Scan

Use Free Tools Provided by Anti-virus Companies

Do you think your computer might have been compromised? No anti-virus, no problem. You can do an online virus, spyware, and malware scan using some free tools on the web.

Housecall – Mac, PC and Linux

housecall online virus scanner

Housecall from Trend Micro will do an online scan of your computer. Tell you what it found and makes recommendations for keeping your info private, like removing cookies and temporary Internet files. Housecall is also capable of spyware and malware detection and removal.

Kapersky Online Scanner – PC and Linux

kapersky online virus scanner

Kapersky’s scanner also scans for malware and spyware. Seems to be a bit slow as it needs to download about 52MB virus definition files before it actually starts the scan.

BitDefender Online Scanner – PC only and must use Internet Explorer


Bitdefender also detects spyware and malware on your computer.

All of the above do not prevent viruses, spyware, or malware from infecting your computer. They are tools used to detect and clean an infected machine.

Recommend running a full scan from different anti-virus companies just to be safe. Instead of buying a product, this online solution fits well.

Posted in Anti-virus, Internet, Software Tools, Web BrowsingComments (18)

Greeting Card Virus

A computer virus has been circulating as a “Greeting Card” email message. The message title contains the words “Greeting Card”, “E-Greeting”, “Christmas Card”, “Online Greeting”, “Greeting for you” or some variance thereof. When the link is followed to view the greeting card, the computer then becomes infected with a virus or trojan (see below for more about what this is) by running ecard.exe.

Please don’t click on any links one of these emails.  Especially if you do not know the person that supposedly sent you the greeting card.  Once again, if you receive an email that meets the above criteria, please delete it.


As a matter of principle, I don’t believe in sending E-Cards as they (the companies that provide the e-greeting service) can be used to collect and sell “valid” email addresses to other companies.  Please take a look at my 9 Tips to Less Spam post for more info on how to avoid getting spam like this.

Cleanup Info

Symantec has some info on how to cleanup the trojan.  Basically disable system restore, update your virus definitions, do a full virus scan, and cleanup the registry.

Trojan Info

A trojan is a malicious program that collects information about your Internet activity and send that info to other websites where the information is collected.  Some are very sneaky and collect keystrokes, password and bank login information.  Bottom line is, don’t get a trojan.

Posted in Anti-virus, Internet, Software Tools, Web BrowsingComments (4)

Microsoft Plans to Give Away Anti-Virus Software

Free Core Protection Software to be Offered by Microsoft

Microsoft has recently announced their plans to release free software to protect against viruses, spyware, and malware.


The word from Microsoft’s press site:

Code-named “Morro,” this streamlined solution will be available in the second half of 2009 and will provide comprehensive protection from malware including viruses, spyware, rootkits and trojans. This new solution, to be offered at no charge to consumers, will be architected for a smaller footprint that will use fewer computing resources, making it ideal for low-bandwidth scenarios or less powerful PCs.

Microsoft has also stated that they will stop charging for their Microsoft Live OneCare Solution in favor of the free “Morro” solution. Beginning June 30, 2009 you will no longer be required to update your subscription to OneCare. You can read more about OneCare on the OneCare blog.

The “Morro” solution will be a downloadable package and will not be bundled with a new PC or OS purchase.

Will this mean doom for other anti-virus software vendors?

Probably not – Most vendors have both a business version of their anti-virus software and a home user version. Companies like Symantec and McAfee can continue to offer their products to enterprise clients. In fact, Microsoft will continue to charge for their business version of anti-virus software.

These vendors typically bundle additional “non” anti-virus services with their products that consumers feel is a value add. “Morro” will provide only core protection and won’t include some of these additional features.

Really Free?

Free anti-virus software is nothing new. The current home user can download free anti-virus programs from AVG, Avast, Avira, Trend Micro and others. Most free anti-virus programs will try to up-sell you additional products or have some functions disabled. “Morro” is free, and from all reports Microsoft won’t try to up-sell you products that can provide additional protection.

I like the fact that Microsoft is offering the software for free. It allows users who wouldn’t ordinarily be protected from malware and viruses to have at least a small level of protection. I think the average user will feel more comfortable opting-in to a service that is provided by Microsoft rather than some other third party.

Consumers will ultimately decide whether or not “Morro” will be of value. Will it detect malware or spyware as efficiently as other products on the market? Or will users simply continue to use their McAfee, Symantec, etc… subscriptions?

Posted in Anti-virus, Software ToolsComments (1)

USB Thumb Drives Can Pose a Threat To Your Machine

Have you ever found a USB stick in the lobby of a hotel?  Perhaps there are two or three in a pile or on a display that asks you to “take one”.  Maybe you work at a company and someone has dropped of a pamphlet or flier for a product and left a USB thumb drive behind with “literature” about the product.

Bad guys do this kind of thing all the time.  Security experts will tell you that it is an easy way to get infected with a virus, or have a trojan program spread to your or your company’s network.

This exploit works by utilizing the AutoRun feature that is triggered by inserting a thumb drive in an available USB port (Windows only).  Those drives that have programs on them are told to run via a configuration file that has been placed at the top level of the drive’s file system.OLYMPUS DIGITAL CAMERA

Let’s look at how this might work:

  • The executable program that the bad guys want to have run is placed on the thumb drive (say the file is called “install_bad_software.exe”).
  • A file is created called “Autorun.inf” with a few lines of text indicating which file to run.
  • The USB thumb drives are distributed in various ways – i.e. left at company or hotel lobbies.
  • Once you place the USB thumb drive into your PC, the file is executed and you are well on your way to installing malicious software.

Here is an example of an Autorun.inf file.  They can be quite simple.


Another trick that is used is to direct you to a website that will install a virus or trojan.



You can prevent AutoRun from kicking off any programs by simply holding down the <SHIFT> key while inserting the drive in your computer.

Just beware of those “free”, flashy looking USB drives that you may find lying around. They could be dangerous. Just remember to use the <SHIFT> key when inserting.

Photo by inya.

Posted in Hardware, Quick TipsComments (3)

AVG Anti-virus Kills Critical Windows XP User32.dll File

AVG anti-virus recently released an update to their virus definitions file which incorrectly detected a critical Windows file as being a Trojan horse program.

Both AVG 7.5 and 8.0 (free versions and pay versions) incorrectly identified “user32.dll” as being a malicious Trojan program called PSW.Banker4.APSA (according to their forum post).


AVG Forum Post

Depending on the configuration settings chosen for AVG, the detection could result in the removal of user32.dll and the inability to reboot the PC.  User32.dll is a critical file which allows for API calls to the Windows Graphical User Interface.  If the file is missing during  boot, the computer will Blue Screen.

We get the following from Computer World’s report:avg

AVG released a follow-up signature update to correct the problem, but that solution only worked if the user had not turned off his PC, or rebooted it, after installing the buggy update and then deleting user32.dll.

AVG’s support website has some details on how to recover user32.dll in their support section.

Posted in Anti-virus, Software ToolsComments (0)

Obama Virus

Hackers and phishers are taking advantage of your need for election news by using President-elect Barack Obama’s name to get you to click on links and run programs that will infect your machine with malware.

The latest deception involves sending email with a link to President-elect Obama’s victory speech.  The link will take you to a website that requires you to  install the Adobe Flash plug-in.  Not true.  The plug-in is really a Trojan horse that installs malware on the machine. obama_biden_logo

Here is an excerpt of the the email that has been going around:

From: “President election results”
Subject: A new president, a new congress …
Barack Obama Elected 44th President of United States

Barack Obama, unknown to most Americans just four years ago, will become the 44th president and the first African-American president of the United States.
Watch His amazing speech by clicking here

What does it do?

The Trojan’s main purpose is to steal passwords.  It runs in the background and looks for passwords, and can act as a keystroke logger.


You can remove the Trojan if you have your anti-virus software up to date.  In fact, if you do, your anti-virus will most likely stop you from getting infected, as it will identify the program as being a Trojan and prevent installation.  Don’t take any chances though.  Simply delete emails from sources you don’t know that ask you to click on links.

More Reading

McAfee Info

Posted in Email, InternetComments (0)

UPS Virus

A Computer Virus Warning
Click here for the latest updates, including other variants of the zip file…
A computer virus has been circulating as an email attachment. The “From” address indicates that the email came from a UPS representative. The virus is a zip file attachment with the names of “ups_invoice.zip” or “ups_tracking.zip”, or some variance thereof. The email is usually found to have the title of “UPS Tracking Number xxxxx” and states that a package you sent was not able to be delivered and that you are required to print the attached invoice to collect the package at your nearest UPS office.

virus_image If you receive email that meets the above description, please delete it. Do not attempt to open the attachment or forward the email to anybody.  Simply opening the attachment will release the virus and infect your machine.

UPS has issued the following statement regarding the email.

Attention Virus Warning


We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.

This e-mail attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.

UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.

Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the

unauthorized actions of third parties.

Once again, if you receive an email that meets the above criteria, please delete it. Do not attempt to open the attachment.

Even if you have just sent a package, and think the email could be relative to you, please go to the web site http://ups.com and check the status of your packages online.

Virus Removal

Both Symantec and McAfee have released new virus definitions which detect and remove the virus (per their web sites).

There are basically two steps to removal.

  • Stop/Suspend System Restore (WinXP)
  1. Click Start.
  2. Right-click My Computer, and then click Properties.
  3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
  4. If you do not see the System Restore tab, you are not logged on to Windows as an Administrator.
  5. Click Apply.
  6. When you see the confirmation message, click Yes.
  7. Click OK.
  • Download your latest virus definition and run a full scan.

Here is the info from McAfee and Symantec

McAfee Info

Symantec Info


9/1/2011- A new variant has surfaced with the subject of the email being “Your package has arrived”. There is no attachment, but instead a link to view the shipping invoice which contains malware.

7/24 – A new variant of this virus/trojan has been reported.  The email subject status “Your parcel is in the customs office” and the attachment name is “Tax_Invoice.zip”.

7/29 – Another variant is also in the wild now taking on the form of an “Airline” Invoice or e-ticket.  The attachment has the name: E-ticket_xxx.zip.

Photo Credit Nils Geylen

Posted in Anti-virus, Email, InternetComments (23)

Related Sites