Skype Targeted With Worm

Skype, the VoIP (Voice over Internet Protocol) is considerably less secure than traditional telephone lines. Many people have switched to using Skype because of the savings they can make, and many have abandoned their traditional telephone lines altogether.

Skype was founded in 2002 and was bought by ebay in 2005 for US$2.5 billion. It has seen a steady rise in the number of subscribers to its service.

However, it still has many pitfalls, including the latest Worm called ‘W32/Ramex.A’.

It spreads through the peer-to-peer instant chat utility and is activated when a user clicks on a link within an instant message asking recipients to download a file.

It is very cleverly disguised within a jpeg image of soap bubbles, one of Windows default built-in wallpapers which has been embedded with a malicious executable code.

This code installs Spyware that can easily steal passwords and other personal information. It may also block users from visiting certain websites and stop programs from running or responding. It also connects to a remote server to download additional malicious code.

It is often titled ‘really funny’ or ‘look at this crazy photo sent to me’ with a clickable link. Once clicked, users who continue to download the file then have the risk of their machine becoming infected, and it then uses Skype’s application program to access files on the infected machine. The worm then attempts to replicate itself and then send out messages to recipients on the users contact list.

Ensure your anti-virus is up-to-date, windows updates are downloaded and installed, especially The Windows Malicious Software Removal Tool, which was last updated September 11^th 2007. To remove the worm and its variants go to the link below and Download the file, save it to your Desktop (or location where you store downloaded files) and once the download is complete, select Run and the program will install.

You then have the option of a Quick Scan, Full Scan or Customized Scan.

Select Quick Scan and if any Malicious Software is found you will be prompted to run a Full Scan which may take several hours depending on your machines hard drive capacity but it’s worth it for the safety and security of your PC.

Download Here

Instant Messaging - Reducing The Risks

The internet has revolutionised the way in which we communicate with email replacing snail mail and the introduction of real-time Instant Messaging (IM).

The most popular and widely used IM services are MSN Messenger, Yahoo Messenger, AOL AIM, and ICQ. Regardless of which of these you may use, they all provide an interface for one-to-one communication or group conversations.

These programs however have opened up a whole new area for spammers and hackers to target. Using IM you can obtain the latest weather reports, movie listing etc, but you are dealing with a ‘chat robot’, also known as a ‘bot’. Now the software behind this can in some instances fool you into believing that the responses are from a real person, especially the more sophisticated versions used by hackers.

These IM programs are free to use, but are also extremely vulnerable to exploitation. They allow you to transfer files quite freely, which may already be infected with a destructive virus, Trojan horses or worms, and to have unencrypted chat sessions, which to many hackers is an open door. Some IM clients also allow peer-to-peer file sharing which potentially means that other users have access to the hard discs of other users.

Protecting yourself is a simple combination of common sense, vigilance and a few essential security tools, such as a firewall and real time anti-virus program.

Because IM is real-time, malicious attacks spread very quickly and can do an enormous amount of damage in a very short period of time.

The default security settings in IM programs are very low to make it easier to use, but this also leaves you more open to attacks. There’s also a new breed of IM worms. To your friends it appears as though they’re receiving a message from you, but the truth is the message is generated by a worm, and may contain a link to a Web site that automatically downloads another bit of malicious code.

IM is a prime target for online scams, identity theft and other predatory behavior.

These tips will help to make IM more secure:

Use a strong password and change it frequently.

Regularly update your IM software, operating system and security programs.

Do NOT enter any personal information.

Do NOT open any attachments or click on any web links sent to you by an unknown person.

If you know the identity of the person who sent you a link, hover your cursor over it to check that it is a legitimate link.

Be very careful of if a person on your allowed list starts sending odd messages, best advice is to shut down your IM program immediately.

Spim is spam sent over IM containing offensive language or links to web sites which cam also trigger an avalanche of pop-up ads, Spyware and Trojans.

There are ways to limit this, but the settings that enable you to do this mean that anyone not on your ‘buddy’ list will be blocked. This is a good thing, it protects you.

MSN Messenger: Once you’re logged in, click on Tools then Options, and select Privacy. Check mark the ‘Only people on my Allow List can see my status and send me messages’ box. The Privacy tab also allows you to add or remove people on the Allow List, as well as allowing you to see which other MSN users have added you to their contact list.

Yahoo Messenger: Click the Login menu and select Preferences. Select Privacy in the left pane of the Yahoo Messenger Preferences window, and tick the ‘Ignore anyone who is not on my Friend list’. To prevent spim through Yahoo, choose the ‘Do not allow users to see me online and contact me’ in the ‘When people see my ID on Yahoo Web sites’ section.

AOL Instant Messenger: Click My AIM, Edit Options, Edit Preferences to open the preferences window. Select Privacy in the left pane, and then tick the ‘Allow only users on my buddy list’ option under the ‘Who Can Contact Me’.

ICQ: Click the Main button, select Security and Privacy Permissions. Click Communication Events in the left pane, and then fill in the radio buttons under either the yellow check mark icon (this will limit these actions to users on your contact list) or the red X icon (which will prevent anyone from sending you these things). Click Spam Control in the left pane, fill in all the check boxes in the right pane, and select ‘All users’ next to the item labeled ‘Do not accept Multi Recipient Messages from’.

CoolWebSearch

This is a very nasty and insidious spyware/malware program. Spyware experts are now saying that the makers are borrowing code from other malicious programs to install rootkit like features on infected machines.

More recent versions of CWS spyware now have features similar to rootkits which allow the program writers to hide their files on Windows operating systems.

These new variants can hide their settings in the registry and also hide rootkit files in alternate data streams.

The software is usually installed on a machine by visits to malicious websites or emails using various ploys to get users to download and install the script.

Once installed, CoolWebSearch will hijack browsers and redirect users to some of the several bookmarks it imports. When you attempt to change your homepage back again it constantly overwrites it, it slows down general performance and causes Windows to freeze, crash or reboot, and can also make you victin to a Denial of Service (DOS) attack.

Getting rid of it is now much easier. TrendMicro have a free CoolWebSearch removal program

Use this utility to get rid of CoolWebSearch and it’s related programs.

Also download Spybot S&D and use its TeaTimer protection, which runs in the background and alerts you to any attempted registry changes.

If you are running Windows, also use Advanced Windows Care. Both of these programs will add a large number of changes to your Registry. This is nothing to be concerned about as the changes are necessary to stop any nasties from attching themselves to your pc and making changes you really don’t want.

Keep your anti-spyware up to date and if you click on any links that prompt you to download, read the EULA first.

Check for rootkits on your machine.

As with all programs, regular updates is essential to offer you greater protection.

Email Danger - Free Web Tools

Hot on the heels of the ‘Postcard From A Friend’, there is a new trend starting.

Below is a copy of an email I received - several copies of it too.

DO NOT open this email as it contains a Trojan Downloader, just Delete it
Virus Name: JS/Psyme also known as HTML/Mht@exp

Spreads through Web Browsing, Downloads Code from the internet, Exploits your system and/or Software vulnerabilities.

Ensure your anti-virus is up-to-date. I recommend AVG Anti-Virus (freeware)which catches these Trojans and opens a ‘Threat Detected’ window.

If you are infected with this update your virus definitions file and reboot into Safe Mode, scan with anti-virus and also scan with ad-aware.

Email will read similar to this, with some variations:

Welcome Member,
We are so happy you joined Free Web Tools.

Member Number: 6257277682314
Your Temp. Login ID: user3795
Your Password ID: eq708

Please Change your login and change your Login Information.

Use this link to change your Login info: Free Web Tools

Welcome,
Internet Support
Free Web Tools

Securing Windows XP

With its default configurations, Windows XP is not very secure. However, by making some simple changes,you can secure your system and data from attackers and viruses.

Automatic Updates
Keeping your system up-to-date is crucial to maintaining security. Microsoft releases security updates and makes them available for download on the Windows Update web site.
Using the Automatic Updates feature, Windows XP can be configured to download and install updates for you automatically at a time that suits you.

Scheduling this task is very simple. In Windows XP, use the following steps to enable this feature:
1. Right click My Computer and select Properties.
2. Click the Automatic Updates tab from the System Properties box.
3. Select the option to Automatically download the updates, and install them on the schedule that I specify.
4. Select the day and the time when you want the updates installed.
5. Click Ok.

Windows Firewall
Windows XP includes the Internet Connection Firewall service. In Windows XP Service Pack 2, the ICF is renamed to Windows Firewall and it is enabled by default. It is designed to protect your computer from intruders while it is connected to the Internet.

Note: if you are setting up a home network, do not enable Windows Firewall on your LAN (Local Area Network)connection. Only enable it on the Internet connection. If you enable it on your LAN connection, it will block File and Printer Sharing.

Important NoteIf you are using Zone Alarm Free Firewall DO NOT enable the Windows Firewall.

User Accounts
Windows XP includes various built-in user accounts. There are certain steps that you should take to ensure they are not compromised.

Disable the Guest Account. The guest account has always been a huge hacker hole and should remain disabled if it is not required.

Require passwords for all user accounts. Obviously, blank passwords are a bad idea if you care about security.Make sure you assign passwords to all accounts, especiallythe Administrator account and any accounts with Administrator privileges. All passwords should be a minimum of eight characters in length.

In Windows XP Home Edition all user accounts have administrative privileges and no password by default.Make sure you close this hole as soon as possible.

Rename the Administrator account. By renaming the administrator account hackers will have to guess the password and the name assigned to the account.

Don’t make it easy for hackers, renaming the Administrator account will stop some hackers in their tracks, and will deter the more determined ones. They won’t know what the group permissions are for an account, so they’ll try to hack any account they find and then try to hack other accounts toimprove their access. If you rename the Administrator account, try not to use the word Admin in its name. Pick something that won’t make it easy for others to guess.

Remote Desktop
Windows XP Professional’s Remote Desktop allows users to connect remotely to your computer.Although it can be useful for obtaining remote assist with troubleshooting problems, it is also an open door for intruders. Remote Desktop should always be disabled and only enabled when it is needed.
To disable Remote Desktop right click on My Computer, select properties then click on the Remote tab and untick the check box beside Allow Remote Assistance invitations to be sent from this computer.

Anti-virus Software
Anti-virus software is a program designed specifically to detect and remove viruses, making it an essential application to install. Once you install anti-virus software,it will scan your computer and clean any viruses it finds.

Some of the more popular antivirus software programs are listed below, though I refuse to pay for these as mentioned below you can get the same protection for free.
1. Trend Micro
2. McAfee
3. F-secure
4. Symantec
5. Computer Associates
6. Panda Software
Most anti-virus software must be purchased or it may be included with the purchase of a new computer for a limited time.

I highly recommend the use of AVG-AntiVirus available fromhttp://free.grisoft.com/doc/avg-anti-virus-free/lng/us/tpl/v5

I have covered this with a tutorial athttp://cotojo.wordpress.com/2007/04/27/avg-anti-virus-installation-guide/

Important note: DO NOT use more than ONE anti-virus program on your pc as this will cause conflicts.

I prefer to use AVG which scans daily and also runs in the background continuously. On a monthly basis I use Trend Micro housecall online.

Screensavers
Ok, so you are sitting at your desk, or left it for a while and suddenly, a nice image appears on your screen. Ok it’s your screensaver. However, screensavers can serve a much more important purpose other than providing us some cool images, and preventing screen burn.

Enabling a screensaver can increase the security on your computer.
Use a password protected screensaver, this stops others from accessing your computer.
You can configure a screensaver to start when your computer has been idle for a specific amount of time (eg: 5minutes). By password protecting the screensaver, the computer is locked when the screensaver starts. This is a simple idea for additional security. You will need to enter the correct password to resume using your pc.
So once a password protected screensaver has been enabled,you can walk away from your computer knowing thateverything is secure. In Windows XP, you can use the steps outlined below to enable a password protected screensaver.
1. Right click a blank area on your your desktop and click Properties.
2. From the Display Properties dialog box, select the Screensaver tab.
3. Use the drop down arrow to select your screensaver of choice.
4. Change the Wait value to specify how long the computer can remain idle before the screensaver is started.
5. Select the On resume, password protect option. If you do not select this option any activity will cause the desktop to appear.

Give your pc a quick tune-up at http://pcpitstop.com
Run the Full Tests from the menu on the left of the page after creating a user account and password.

Go to http://www.belarc.com/free_download.html
The Belarc Advisor builds a detailed profile of your installed software and hardware, missing Microsoft hotfixes,anti-virus status, CIS (Center for Internet Security) benchmarks,and displays the results in your Web browser. All of your PC profile information is kept private on your PC and is not sent to any web server. I would recommend that you print off the results page as it contains details of your Drivers and Software License Keys, useful if you have to perform a format.

Scan for any viruses at http://housecall.trendmicro.com/

Check to see if your ports are Open, Closed or in Stealth mode athttps://www.grc.com/x/ne.dll?bh0bkyd2

Check your internet connection speed at
http://www.abeltronica.com/velocimetro/pt/?idioma=uk&newlang=uk
Click the green arrow beside the flag on the top right of the header and select your language. Scroll down to Speedometer and click on Test Now.

Remember to always back-up your system or create a restore point before making any changes.

Safe surfing everyone
cotojo

Using Spybot S&D - Tutorial included

Spybot - Search and Destroy is an adware and Spyware detection and removal tool.
It includes removal of certain advertising components,which may gather statistics as well as detecting various keylogging and other spy utilities.

It securely removes PC and Internet usage tracks, including your browser history, temporary pages, cookies (giving you the option to keep selected cookies) and more.The program interface is easy to use and multi-lingual.

SpyBot-S&D allows you to exclude selected cookies, programs or extensions from being reported, allowing you to prevent false positive messages for items that you dont want to be alerted of every time.

It can even scan your download directory for files that have been downloaded, but not yet installed, allowing you to detect unwanted programs before you even install them.

SpyBot produces a detailed and easy to understand report before it deletes any files and allows you to deselect any item that you do not want to be processed.

It also incorporates a recovery feature allows you to restore your settings if you need to which can be very useful.

The site is multi-lingual and I recommend that you look at:
http://www.safer-networking.org/en/tutorial/index.html

Spybot S&D can be downloaded from:
http://www.safer-networking.org/en/mirrors/index.html
Simply select your language and download from one of thesites provided.


Media Player Tutorial:
http://www.a1-ebooks.co.uk/tutorials/Spybot.wmv

Securing Your Computer System

Today, more and more people are using their computers for
everything from communication to online banking and
investing to shopping. As we do these things on a more
regular basis, we open ourselves up to potential hackers,
attackers and crackers. While some may be looking to phish
your personal information and identity for resale, others
simply just want to use your computer as a platform from
which to attack other unknowing targets. Below are a few
easy, cost-effective steps you can take to make your
computer more secure.

1. Always make backups of important information and store
in a safe place separate from your computer.

2. Update and patch your operating system, web browser and
software frequently. If you have a Windows operating
system, start by going to www.windowsupdate.microsoft.com
and running the update wizard. This program will help you
find the latest patches for your Windows computer. Also go
to www.officeupdate.microsoft.com to locate possible
patches for your Office programs.

3. Install a firewall. Without a good firewall, viruses,
worms, Trojans, malware and adware can all easily access
your computer from the Internet. Consideration should be
given to the benefits and differences between hardware and
software based firewall programs.

4. Review your browser and email settings for optimum
security. Why should you do this? Active-X and JavaScript
are often used by hackers to plant malicious programs into
your computers. While cookies are relatively harmless in
terms of security concerns, they do still track your
movements on the Internet to build a profile of you. At a
minimum set your security setting for the “internet zone”
to High, and your “trusted sites zone” to Medium Low.

5. Install antivirus software and set for automatic
updates so that you receive the most current versions.

6. Do not open unknown email attachments. It is simply
not enough that you may recognize the address from which it
originates because many viruses can spread from a familiar
address.

7. Do not run programs from unknown origins. Also, do not
send these types of programs to friends and coworkers
because they contain funny or amusing stories or jokes.
They may contain a Trojans horse waiting to infect a
computer.

8. Disable hidden filename extensions. By default, the
Windows operating system is set to “hide file extensions
for known file types”. Disable this option so that file
extensions display in Windows. Some file extensions will,
by default, continue to remain hidden, but you are more
likely to see any unusual file extensions that do not
belong.

9. Turn off your computer and disconnect from the network
when not using the computer. A hacker can not attack your
computer when you are disconnected from the network or the
computer is off.

10. Consider making a boot disk on a floppy disk in case
your computer is damaged or compromised by a malicious
program. Obviously, you need to take this step before you
experience a hostile breach of your system.

To your safety and security online

cotojo