Another Day, Another Bug

Image source: https://stixproject.github.io/documentation/idioms/maec-malware/

An article I posted on Facebook a few years back led me to Ars Technica, where I found this report. Where they are simultaneously lauding Microsoft’s Windows 10 and detailing how this bug works, they cite reports by McAfee and FireEye.

Quoting the article on McAfee:

We strongly suggest Office users take the following actions to protect or mitigate against this zero-day attack before Microsoft issues an official patch. We notified the Microsoft Security Response Center as soon as we found the suspicious samples, and we will continue to work with them to protect Office users.

  •  Do not open any Office files obtained from untrusted locations.
  •  According to our tests, this active attack cannot bypass the Office Protected View, so we suggest everyone ensure that Office Protected View is enabled.

Here is a link to the full article. Question for you techies, Will McAfee ever live down its reputation? Now that Intel owns this security software, is it legit?

And from the post on FireEye:

FireEye email and network products detect the malicious documents as: Malware.Binary.Rtf.

Attack Scenario

The attack involves a threat actor emailing a Microsoft Word document to a targeted user with an embedded OLE2link object. When the user opens the document, winword.exe issues a HTTP request to a remote server to retrieve a malicious .hta file, which appears as a fake RTF file. The Microsoft HTA application loads and executes the malicious script. In both observed documents the malicious script terminated the winword.exe process, downloaded additional payload(s), and loaded a decoy document for the user to see. The original winword.exe process is terminated in order to hide a user prompt generated by the OLE2link.

The vulnerability is bypassing most mitigations; however, as noted above, FireEye email and network products detect the malicious documents. Microsoft Office users are recommended to apply the patch as soon as it is available.

Before Windows 10, Clean Up

Maintenance tasks you can do for yourself, which will improve things on your computer, whether you do or don’t upgrade to Windows 10. Here are the first three:
1. Check for malware and clean up junk.
2. Download and run Ccleaner.
3. Run Disk Cleanup and be sure to clean system files.

1. Go to bleepingcomputer.com and download rkill, adwcleaner (AWC), and junkware removal tool (JRT). Run Rkill, to see if you have malware processes running. If it finds none, proceed with running JRT and AWC, in that order. If Rkill does find malware processes running, especially if it finds anything followed by (HEUR), you are going to need to do a bit more work to remove viruses, before you move on. The scope of this article will not cover virus removal tasks.

2. Go to filehippo.com and download Ccleaner. Install it and run it. Here’s an article that will help you with those details.

3. You can run Disk Cleanup (a built in windows utility) by simply pressing the Windows key and typing Disk Cleanup. Click OK and after the first pass, run it again and click on Clean up system files. This will take a few minutes to complete, so be patient.

File-Explorer-Fail-Windows-10If you are reading this last paragraph, please TAKE NOTE! There is no compelling reason to upgrade to Windows 10 and most people who provide computer support will tell you to wait. Several months from now, most of the bugs will have been found and squashed. If you have some time off around the holidays, that might be a good time to get this done. Or, if you are up for something a little scary, upgrade on Halloween!

Thanks, again, Kim!

virus[1]

Image from Kim’s website, click for the original article.

Will full attribution to “America’s Digital Goddess”
– I say, “Thank you, so much!” Kim Komando has been at this a lot longer than I have…

After you read the referenced article (on KimKomando.com), you may find a deeper appreciation for the tech guys and gals who can actually work through all of the steps suggested by her advice!

My advice differs, quite a bit, actually. There are several tools we use to restore your computer to working order. If you want to spend a couple of days learning about malware and what it takes to remove it, I suggest: Bleeping Computer or Malwarebytes websites. The punchline is; right there on the home page of Bleeping Computer:

There are 1018 Virus Removal Guides.

But seriously, folks… If you should find yourself at Kim’s last step (of the 3 simple steps…), where the only solution is to wipe your drive clean and re-install your operating system, I really wish you had called me sooner! Also, if you are not backing up your data, we really need to talk.

3. WHEN ALL ELSE FAILS
When a virus won’t go away, or has damaged your computer software past the point of repair, there’s only one solution left. You have to wipe the hard drive and reinstall your operating system.

My next post should be about your second computer. What?
Did you just say you don’t have one? NO-OH-OH! Cringe, heavy sigh.

At Mousehelp, we provide compassionate care for people with computers.
Yes, you can simply search for Palm Desert Computer Repair.
Need help with your online presence? We do SEO, websites and blogs, too!

Whatever you do, DON’T click!

This advice is directly from Kim Komando – in this article. <- This link is safe!

Here’s the first line from page 2… Listen to Kim

The easiest way to protect yourself is to simply not click the link.

See where it says; “Listen to Kim”? Well, listen to me, too! I’m telling you; do not update or install any player from a popup or any link provided on a website. If you need to update Adobe products, figure out how to get on Adobe’s website and find the thing you need for yourself. You’ll probably save time and money, and avoid frustration.
Or, you can call me and I’ll help you do these things.

If you’ve already clicked the link and now have malware on your computer, call me. Mousehelp at Rouzell dot com – I’ll be there as soon as I can.

One Last Thing

header dataBefore I turn in tonight, I’m going to post. Since I made time this afternoon to record another video for my YouTube channel, I thought I should write a bit to promote it.

This new video will show you how to examine the header data of an email message in Outlook. It’s a bit technical, but that’s easily ignored. Confirming your suspicions is what counts!

 

IE Exploit and Windows XP

Here’s my grateful shout out to Dominique Fruchtman, of Desert Cow Computers, for alerting me to this new exploit!

Take your pick of sources on this report. It is, as the title suggests, a major security hole in Microsoft’s web browser, made worse by their discontinuing support for XP.exploit IE

So long ago, I wrote an article where I recommend a simple solution: Stop using IE. Standards based browsers (Chrome or Firefox) are simply better for users and programmers. Recently one of my clients showed me an online application they use that will not run in other browsers. This application will only run in IE 10, with compatibility enabled! Why anyone would program anything to run with IE in the first place is a mystery to me.

Back to the subject problem…. Using IE on Windows XP is not enough to cause you to get infected or hacked; you have to actually go to a website that hosts the malicious code, or open an email attachment or link that produces the same result. The problem is; you won’t know something is wrong until it’s too late! The same rules apply as always, don’t talk to strangers, know who sends you email, and watch for obvious signs of spam and scam email messages. Here’s something I wrote four years ago now, about how easy it is to get a virus. A brief update to that piece would be; don’t allow anyone from “Windows Support” to remotely access your computer.

One last word: You really should be leaving XP and moving on to Windows 7 (or 8, if you must), so you can get Windows Updates from Microsoft. The majority of their updates are created to plug security holes. Without their updates, you are left to wonder and worry about the vulnerability of your computer. Also, switch to Google Chrome or Mozilla Firefox, avoid IE as a rule.

Call your local computer support professional and upgrade to a new computer.

OK, seriously, the last word: Here’s a link to a cheeky article from the register, with a catchy title and a dire warning.

Avoiding Scams

Talk to someone you trust. MouseHelp_BC_300If you get a phone call from someone claiming to be from Microsoft (or “Windows”), ask yourself one question: “What is the likelihood of Microsoft ever calling you for any reason?” Then call someone you trust to check your computer for malware. The image below is from Malwarebytes.org, where they’ve posted several articles that do a much better job of illustrating my point. This one is really good!

If you’d like to do the research yourself, here are links to pages from Microsoft, the FTC, and the Better Business Bureau. Each will tell you this is a scam.

Orange Man Telemarketing or Phone Support

The bottom line is this; nobody will call you from Microsoft, or from “Windows”, to help you with your computer. They want your money and they want you to give them access to your computer, so they can install their malware on it, which will allow them to further extort money from you.

You’ve heard it said before; “Just say no!” Save yourself the grief, the money, the aggravation, and the potential for digital disaster. Call me and I’ll help you by cleaning up your computer and by providing a bit of training, so you can keep it clean yourself.

American Greed – Innovative Marketing

One of my favorite programs, American Greed, is explaining how a company named Innovative Marketing created and deployed a fake virus so they could sell their fake antivirus software. How fun!

CNBC on YouTubeHere’s a link to their YouTube site on the same subject.

Over $160,000,000 in profit, generated by scaring people into thinking they have a virus. Perhaps I’ll replay this episode to get more details on the dates. What I’m wondering is how long these scams have been going around.

These days, most of my clients know if they see a bunch of pop-ups on screen, they should just pick up the phone and call me.

So, if you’ve come this far, take that advice. If you see a bunch of pop-ups on your computer telling you that you are infected with a virus, chances are, it’s a scam. Call your local computer expert and pay someone to help you remove the malware. You’ll save yourself some grief, you may prevent someone from stealing your credit card information, or your identity – which they can use to do more serious financial damage.

Prevention probably sounds like something you already know. Don’t go to strange websites and don’t open email from strangers. Porn sites and gaming sites are notorious for being sources of this kind of malware. Spammers definitely hope to trick you into opening something that will allow them to compromise the security on your computer. That’s all I’m going to say about this, lest I start going uber-pedantic on you here!

Yes, that’s the first time I’ve ever used the term, “uber-pedantic” – my sense of humor is an acquired taste.

Spoiler alert – this American Greed episode end’s with, “If you’re going to be a fugitive, are you going to choose the Ukraine or Brazil?”

You can’t make this stuff up – it’s just too real.

Two Things You Can Do To Keep Your Computer Clean

CCandADWAlmost every time I work on a computer, I’ll use Ccleaner and AdwCleaner.

These are free utilities, downloadable from Filehippo and Bleepingcomputer, respectively.
Watch carefully when you search, and if you see the word Conduit anywhere on your computer, you probably have fallen victim to adware.
Your searches are taking you to sites that may not be best for you and your browser may be taking you to websites you should not visit.
I’m going to put myself out of business telling you this for free, but this is what’s on my mind.
On the other hand, think of it as one of the rewards that come from following this blog.

If you need help with your computer, or feel that tune-ups and malware removal should be left to an expert, you are welcome to contact me via my website at Rouzell.mousehelp.com – and, thank you!

Enjoy!

BR

Truth, Knowledge, Power – Past, Present, and Future

Image from Personal Branding
The Past:

Stagnant Truth

“Do not mistake acquirement of mere knowledge for power. Like food, these things must be digested and assimilated to become life or force. Learning is not wisdom; knowledge is not necessarily vital energy. more…. (will take you to my personal blog, for the rest of this sentiment.)
–J. E. Dinger (Lyte, Clyde Francis., ed. Leaves of Gold. Coslett Publishing, 1948. pg 59)

The Present:

With nearly 30 years of experience helping people with computers, I still cannot tell you how you got that virus. Wisdom is the ability to inject humor into the situation with: “I would have had to have been watching your every move, to know what you did to get that bug.”

The Future:

There are tools I may have to learn, if I am to become part of the force that would protect us from cyber threats.
https://www.hex-rays.com/products/ida/ida-executive.pdf
Found that while looking for a job with FireEye – a company based in Milpitas, CA.