Tuesday, January 20, 2009

Malware at SMU

From Fritz Speck:

XP Antivirus 2008/2009, the nastiest piece of spyware I've seen in a long time. I'm starting to get several infections of it a week at work -- and these include computers with up-to-date antivirus where people don't have admin rights.

If you hit an infected web page, it will warn you of having thousands of viruses and insist you download the software to scan for it. The software "scans" and tells you that you need to buy their cleaner. They then have your credit card number and you still have the virus. The New York Times estimated that they make about $5 million a year through these tactics.

I've seen these warnings on thin clients (which are so locked down no virus could be on them), and they wouldn't go away until you restarted. I've seen it turn off automatic updates and hide from antivirus software. I've seen it put icons on your desktop even if you don't actually download the software (click on them and you will). It puts rootkits on your computer.

Nasty stuff. The best cleaner is Malwarebytes from http://malwarebytes.org. So far, that's always cleaned it up.

The obvious advice: If you hit a web site that warns you that you have viruses, don't download anything from there. Get out of there and scan your system with something you have reason to trust. I don't know anything about Malwarebytes.org

Note that if you try to get of the scam it will scream at you that you're about to ruin your computer. The safest way to get out of there is ctl-alt-delete and us taskmaster to close down the browser.

Several SFWA members seem to have been infected from the LOCUS web site. Be careful out there!

Francis "Fritz" Speck

Weekly PDA Training

Koobface Worm Targets Facebook Users

If you're on Facebook, be aware that a fast-spreading worm called Koobface is targeting users and trying to steal personal information such as credit card details. The Koobface worm sends a message to the Facebook user, supposedly from a friend, that says things like "you look funny in this new video" or "is it u there?" After clicking on the video link, the user is asked to download the latest version of Adobe Flash Player. Only after the user clicks on the fraudulent Flash update is the Koobface worm installed.

Take a look at an example of a Koobface message below:


This malware can then quickly seize credit card details in two ways - either by waiting for the user to buy something online and remembering the details, or by searching the computer for cookies from past online purchases.

With dozens of Koobface variants known to exist, security leader McAfee warns that the situation may get worse before it gets better. Should your PC be infected with the Koobface worm, Facebook suggests resetting your password and running updated antivirus software to purge the worm from your system. To learn more about security tips for Facebook users, go to http://www.facebook.com/security.

It's important to note that Koobface attacked MySpace users before moving to Facebook, and has also jumped to the social networking site Bebo. All users of such sites would be well advised to stay alert for suspicious messages.

What's new in Excel 2007?

Follow the links to the items listed below to learn more:

Results-oriented user interface
More rows and columns, and other new limits
Office themes and Excel styles
Rich conditional formatting
Easy formula writing
New OLAP formulas and cube functions
Improved sorting and filtering
Excel table enhancements
New look for charts
Shared charting
Easy-to-use PivotTables
Quick connections to external data
New file formats
Better printing experience
New ways to share your work
Quick access to more templates