Monday, November 22, 2010

Rogue Security Software

We continue to see a high incidence of PCs infected with Rogue Security programs so we thought it might be useful to provide some detail about this form of malware for our readers (inforation courtesy of WikiPedia).

Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware, or that installs other malware. Rogue security software, in recent years (2008-2010), has become a growing and serious security threat in desktop computing.
Rogue security software mainly relies on social engineering (fraud) in order to defeat the security built into modern operating system and browser software and install itself onto victims' computers.A website may for example display a fictitious warning dialog stating that someone's machine is infected, and encouraging them through social engineering to install or purchase scareware.

Propagation

Most have a Trojan horse component, which users are misled into installing. The Trojan may be disguised as:
  • A browser plug-in or extension (typically toolbar)
  • An image, screensaver or archive file attached to an e-mail message
  • Multimedia codec required to play a certain video clip
  • Software shared on peer-to-peer networks
  • A free online malware scanning service
Some rogue security software, however, propagate onto users computers as drive-by downloads which exploit security vulnerabilities in web browsers, pdf viewers, or e-mail clients to install themselves without any manual interaction.[3][5]
More recently, malware distributors have been utilizing SEO poisoning techniques by pushing infected URLs to the top of search engine results about recent news events. People looking for articles on such events on a search engine may encounter results that, upon being clicked, are instead redirected through a series of sites before arriving at a landing page that says that their machine is infected and pushes a download to a "trial" of the rogue program. A 2010 study by Google found 11,000 domains hosting fake anti-virus software, accounting for 50% of all malware deliverd via internet advertising.


Operation

Alerting the user with the fake or simulated detection of malware or pornography.Once installed, the rogue security software may then attempt to entice the user into purchasing a service or additional software by:
  • Displaying an animation simulating a system crash and reboot.
  • Selectively disabling parts of the system to prevent the user from uninstalling them. Some may also prevent anti-malware programs from running, disable automatic system software updates and block access to websites of anti-malware vendors.
  • Installing actual malware onto the computer, then alerting the user after "detecting" them. This method is less common as the malware is likely to be detected by legitimate anti-malware programs.
  • Altering system registries and security settings, then "alerting" the user.
Developers of rogue security software may also entice people into purchasing their product by claiming to give a portion of their sales to a charitable cause. The rogue Green antivirus, for example, claims to donate $2 to an environmental care program for each sale made.
Some rogue security software overlaps in function with scareware by also:
  • Presenting offers to fix urgent performance problems or perform essential housekeeping on the computer.
  • Scaring the user by presenting authentic-looking pop-up warnings and security alerts, which may mimic actual system notices. These are intended to leverage the trust of the user in vendors of legitimate security software.
Sanction by the FTC and the increasing effectiveness of anti-malware tools since 2006 have made it difficult for spyware and adware distribution networks—already complex to begin with—to operate profitably. Malware vendors have turned instead to the simpler, more profitable business model of rogue security software, which is targeted directly at users of desktop computers.
Rogue security software is often distributed through highly-lucrative affiliate networks, in which affiliates supplied with Trojan kits for the software are paid a fee for every successful installation, and a commission from any resulting purchases. The affiliates then become responsible for setting up infection vectors and distribution infrastructure for the software. An investigation by security researchers into the Antivirus XP 2008 rogue security software found just such an affiliate network, in which members were grossing commissions upwards of $USD150,000 from tens of thousands of successful installations per month.

Friday, November 19, 2010

A problematic Dell

Once in a while we get a machine into the workshop for repair that turns out to be a real head scratcher. One such unit was collected from a customer last week and it has taken a while to get to the bottom of it. It was a Dell Inspiron 530 that failed to post when powered up. The fans would spin and the power light would remain steady amber indicating a problem with either the power supply unit or motherboard.

We first swapped out the PSU for a known good one, but the symptoms remained the same. Since the PC was 2 1/2 years old the customer and the customer did not want to spend much on the repair we figured that a replacement motherboard would be outside the customer's spend. Just to be on the safe side we checked the warranty status with Dell by entering the unit's service tag number in their support site and we were pleasantly surprised (as was the customer) to find that there were 155 days remaining of a three year warranty. So we called in Dell to do the repair.

A Dell contract technician arrived with a replacement motherboard, swapped the old one for the new one and, voila, the same symptoms persisted. The technician contacted Dell again and it was deemed that the problem was a faulty input/output panel switch which was duly ordered. The next day the technician reappeared with the part, fitted it and, again no change in the symptoms. At this stage he started to suspect the power supply but I told him that we had already checked with a known good PSU. He asked if I had a good PSU we could try so we hooked one up and, lo and behold, the unit posted. So the technician concluded that both the original PSU and motherboard had failed simultaneously - a reasonable conclusion under the circumstances.

To update service tag number associated with the new motherboard the technician needed to reboot the unit and enter the BIOS. Unfortunately, as soon as he rebooted the original symptoms returned. A this point he surmised that the PSUs were blowing due to a possible short in the motherboard/case. However, I brought the PSU that was connected and the original PSU still in the case and mounted them in a Dell Dimension on the work bench - in both cases the unit booted without problems, ruling out the PSU as a problem.

At this point there was, understandably, much head scratching going on and DELL HQ was again contacted by the technician. The conclusion was that another new motherboard and a new PSU would be dispatched in an attempt to resolve the problem. And they duly arrived this morning along with Tony the technician who replaced the parts and, much to his dismay, the same problem arose. The only thing that hasn't been changed at this point is the processor. So Tony (we're on first name terms now) called in again to Dell and the next step is they are taking it in to their repair facility next Monday for a 6-8 day stay. I'll take  the hard drive out before they collect it to make sure the customer's data stays intact. Will keep you posted on progress.

Thursday, November 18, 2010

Speaking of Harvey Norman...

We have a regular customer who recently needed a new all-in-one printer with fax and went to Harvey Norman in Nutgrove where they came away with a HP model that cost in the region of €250. They got PC Medic to install it which only took half an hour and all seemed fine. A few days later they called us to say that the printer was mysteriously going offline at random times. After much digging about we found that this was a documented problem with this model of printer and that while a few different solutions were proposed, none of them worked in our case.

So the printer was packed up and brought back to Harvey Norman and the manager there had no hesitation in replacing it for a slightly dearer Brother model at no extra cost. It was great to see a retailer taking their responsibilities to consumers seriously when a problem arises with goods. Needless to say we now point our customers to Harvey Norman's for printers and such like when the opportunity arises. Go Harvey Norman Go!

Wednesday, November 17, 2010

Great value printer

We came across Brother's DCP-195C all-in-one printer in Harvey Norman's in The Park, Carrickmines a few days back and bought one fo a customer who needed a new low cost printer. For €75.00 this was a real bargain. Easy to install, quiet and includes scan and copy functions, PictBridge to allow printing directly from a camera and memory card slots - this is a bargain. Not the fastest printer in the world but good quality output and a small footprint. We like it.

Tuesday, November 16, 2010

Dropbox - Simple Data Backup and Synchronisation

If there is one thing that customers tend to put on the long finger it's data backup. Time and again we've come across cases of lost data through crashed hard drives where the user has an external hard drive for six months that they just never got around to setting up. Now we've spoken before of how we like to use Cobian Backup with our external hard drives to automate our backup. But if your backup requirements are simple consider Dropbox.

Dropbox is an internet file back up/sharing system that gives you 2.0GB of backup storage for free - over that amount and you have to pay for it at a reasonable price. The mechanics of using it are simple.

1. Create a Dropbox account
2. Download and install the Dropbox installer
3. Copy the files you want to back up to the Dropbox folder created by the installer.

And that's it. Files copied to your Dropbox folder are uploaded automatically to Dropbox's servers for safe storage. But there's more. If you have a second desktop or laptop you can synchronise the files between your two PCs. Simply run the Dropbox installer on your second PC, login to your drop box account and the files in your first PC will appear in the Dropbox folder on your second PC. Thereafter, files added to either Dropbox folder will automatically replicate to the other, keeping your files synchronised between the two PCs.

Not recommended for backing up your 30GB music or photo collection, but if you want to keep those important Word and Excel files safe you'll be hard pressed to find a simpler solution.