Thursday, June 17, 2010

Beware of ransomware

I spent an entire day grappling with the most perninious virus todate. It piggybacks into your computer on the back of legimate, trusted sites we probable all use at one time or another. If you find yourself affected, after my experience yesterday, I can help.

Here is the story about this new virus called ransomware or scareware disguised as a security suite. Diabolically brilliant!

AV Security Suite is a scareware and ransomware program from the same family as Antivirus Soft and AntiSpyware Soft. The developers of this program are distributing AV Security Suite through the use of hacked sites, spam, and Trojans that install it onto your computer without your permission. Once installed AV Security Suite will be configured to start automatically when your computer starts. Once started it will scan your computer and state that there are numerous infections, but will not let you remove any of them until you purchase the program. All of these scan results are fake and are only being shown to trick you into purchasing the program, which you should obviously not do.
If you are running older software, and not updating Windows, you may find that you will be able to remove this program, but then become infected again within a short period of time. This is because the malware developers are hacking legitimate sites or inserting malware ads that use vulnerabilities in common programs such as Adobe Reader, Flash, and Windows to install the malware onto your computer. If you do not update your programs to remove these security holes then the next time you visit a hacked site distributing this rogue, AV Security Suite will be installed on to your computer. A great tool that can be used to scan your computer for outdated and vulnerable programs is the free Secunia Online Software Inspector program. When you scan your computer with this program it will display a report showing all programs and Windows updates that should be installed in order to fix security holes and vulnerabilities. It is advised that all users scan their computer with this program in order to prevent your computer from being infected again after you clean it.
When AV Security Suite is running it will also block you from running normal tasks in order to make it harder to remove the program from your computer. First, it configures Windows to use a proxy server that points back 127.0.0.1:1041. A proxy server is a program that listens to requests from your web browser and then handles the request itself rather than your browser talking directly to a site. As AV Security Suite is set to be your proxy server, any time you browse the web using Internet Explorer it will intercept the request and display a fake security warning that states that the site you are visiting is infected. The message it will display is:
This website has been reported as unsafe
We recommend that you do not continue to this website. This website has been reported to Microsoft for containing threats to your computer that might reveal personal or financial information.
Once you disable the proxy server all web requests will go directly to the site you wish to go to and you will see the legitimate content. Please note, though, that the next time AV Security Suite is started it will configure your computer to use the proxy server again.
The second method that AV Security Suite protects itself is to block applications from running while stating that they are infected. It does this to stop you from running anti-virus programs that can be used to remove this malware. When you attempt to run a program you will instead see the following message:
Windows Security alert
Application cannot be executed. The file mbam.exe is infected.
Do you want to active your antivirus software now?
Spyware Alert
Application infected! The file rundll32.exe is infected. Do you want to ALLOW this application now?
When you see these infection alerts do not be concerned as your programs are not infected. It is only showing this to further scare you into thinking you have a computer security problem.
While started, AV Security Suite will also display fake security alerts that contain warnings that malware has been detected or that malware is attacking your computer. These messages are all fake as well and only being shown to further convince you that your computer is infected. The text of these messages are:
Windows Security alert
Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now.
Antivirus software alert
Infiltration Alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
Last, but not least the rogue will also display a fake Windows Security Center. This fake Security Center will look exactly like the original one except that it states that you should purchase AV Security Suite to protect yourself.
As you can see, AV Security Suite was created for one reason only; to scare you into thinking your computer has numerous infections so that you will then purchase the program. It goes without saying that you should definitely not purchase this program, and if you already have, please contact your credit card company and dispute the charges stating the program is a scam. Finally, to remove this infection please use the removal guide below to remove it for free.

The program actually hijacks your browser, resides in your registry so you can't find it to remove it, and prevents you from running your security program to remove it.

Thursday, June 3, 2010

The solution to pollution is in not going to be dilution.

Michio KaKu, a recent visitor on the Keith Olbermann show, likened the suggestion to controlling the oil spill in the gulf by exploding the well with a nuclear bomb, or any other kind of bomb, the equivalent of giving the Three Stooges nukes.

"We are in totally uncharted territory” he says. By exploding an underground bomb to contain this spill we could inadvertently cause multiple additional fissures, leading to multiple geysers, all needing top caps.

The truth of the whole scenario is that the most profit producing companies in the world, year after year, have been the oil companies. Their corporate largess, spread over Congress since the Valdez disaster, has prevented meaningful safety legislation from becoming law for over 20 years.

Now we have the largest man-made ecological disaster in the entire history of man. If no so today, it will be so tomorrow, or shortly thereafter, for monies sake.

Some pencil pushing fool determined the drilling project was falling behind schedule. He began putting on the pressure to drill faster. Later, when confronted with irrefutable evidence that a gasket designed to prevent explosive back pressure from unleashing was disintegrating, another manly genius spouted the most infamous directive in man-made ecological disaster history by saying -- -- drill on!

Yet another pencil pusher had previously decided to avoid spending a $500,000 to install a blow out preventer. This will ultimately be ridiculed as the stupidest cost saving mistake ever made by any single man in any business to date. He was probably thinking about his bonus. He may be the man responsible for single handedly bankrupting BP.

The poor citizens of the Gulf and soon to be Florida will pay for these egregious mistakes for decades. We cannot put a price on this disaster. Not now, and probably not for another 20 years.

But the drilling goes on.

As long as we allow people like Dick Cheney, unmitigated master of disaster in the Middle East (Bush was simply too ignorant to connect the dots between big government, big oil, and Cheney’s company Halliburton), to have sway, the planet, or more correctly the people on it, don't stand a chance.