Posted 11/04/09 at 02:45:45 PM by The Maximum PC Staff

PC MightyMax 2009 was included with the purchase of my new HP a6827c with Windows Vista. After trying out MightyMax I decided I didn’t want it due to its obscene costs. I obtained the instructions for removal—go to the Start menu, go to the PC MightyMax folder, and hit the uninstall button, but the software does not fully uninstall. Help! —Shannon Swank

Doctor, I managed to get two computers infected with AntiVirus2009, simply by following a link to a video review online. Both machines run Windows XP Professional SP3. One is a Dell Vostro laptop, the other is a desktop I built about three years ago.

I’ve run Malwarebytes’ Anti-Malware, which removed a bunch of copies, Rogue Remover, SuperAntiSpyware, ThreatFire, and ZoneAlarm Internet Security, but every so often a new browser window will suddenly open and try to access AntiVirus2009.com. I’ve looked at every website on the Internet (well almost) and nothing I’ve tried will get rid of it on either computer. The only way I’ve been able to keep using the computers is to manually block antivirus200*.* in ZoneAlarm. Every time I check the log, there’s entry after entry where it tried to send an ICMP ping to that website or tried to open Firefox to access it. I’m at the end of my rope. I don’t know what else to do and I’m sure that there are other people out there having much the same problem as I am. Is my only hope to re-install Windows? —Steve Rugg

Read our advice for both Shannon and Steve after the jump.

Read More

Posted 11/02/09 at 12:35:03 PM by Paul Lilly

Phishing and worms go together like, well, fishing and worms. But unlike the latter, you're the prey, and it can be particularly dangerous swimming in social networking waters, suggests a new report by Microsoft and McAfee.

The two software makers noted a sizable spike in phishing attacks during the months of May and June, driven in large part by hackers concentrating their efforts on social networking sites. Other popular targets included gaming sites, banking portals, and e-commerce.

While Trojans still topped the charts, Microsoft noted that worms are becoming much more prevalent, rising from fifth place in the second half of last year to now being the second most prevalent category of threats. Much of the rise can attributed to Conficker, which still has most security experts puzzled.

For those still clinging to XP, Microsoft noted that infection rates for Vista were significantly lower than for XP.

Read More

Posted 10/29/09 at 02:33:59 PM by Bart Salisbury

There’s creepy things afoot on the web, and what’s better to combat them than something crawly? Internet security company Kaspersky Lab has introduced the “Krab Krawler”, an anti-malware tool that can make your Twitter-hungry lifestyle a little bit safer.

Krab Crawler examines every public post that appears on Twitter. The posts are parsed for URLs which, if present, are traced to their origin. (Even shortened URLs are recognized.) The site is then checked for any creepy things, such as the Koobface virus, that might make your day less tweety.

Costin Raiu, a senior malware analyst at Kaspersky Lab, says the Krab Krawler pulls out about half a million new, unique URLs from Twitter posts each day. In these Krab Krawler finds between a hundred and a thousand linked to malware attacks. Raiu also notes that about 26 percent of these URLs link to spam sites, so even if a URL doesn’t pose a deadly threat, there’s a one-in-four chance it leads to an annoyance.

Krab Krawler works on top of Twitter’s own filtering system. The extra layer is useful because of malware’s propensity to undergo code changes to avoid detection. Raiu estimates it takes two to 12 hours to pick up on such changes and properly identify a new malware strain.

In addition to Kaspersky Lab, Trend Micro also monitors Twitter posts for malware. And Finjan offers a free browser plug-in, SecureTwitter, that warns users of URLs of dubious character.

Read More

Posted 10/29/09 at 12:15:44 PM by David Murphy

What a wonderful world that open and closed platforms have created on the World Wide Web. I can have an untold number of features and applications inserted into my Web browser without having to lift much more than a finger to access them. I can take my favorite Web platforms and expand their usefulness by linking them to other Web-based services. I can even download a variant of my Web browser of choice that bridges the best of two worlds under one new roof: new innovations mixed with standard familiarity.

So, what happens when these architectures fight back?

It's a stupid thing to say on its face, because I don't believe that it's up to a particular program or application to breach your defenses and fight its way into your cyber-life. Most, if not all instances of malware, spoofing, and hijacking (to name a few) can be directly traced to user stupidity in some fashion. Either a person leaves the ol' back door unlocked, fails to frisk the guests as they enter the home, or actively invites a heap of trouble to come on over for a party.

Simplified examples, perhaps, but the underlying fact remains a constant: You are the gatekeeper for your PC. Unfortunately, as we begin to adopt an "everyone's allowed" mindset for Web integration, we're only making it easier for the bad guys to do what they do best. Unfriendly, if not downright hostile bits of malware can be pushed back with but a few simple changes in behavior--are you as security-focused as you should be in today's cross-platform world?

Read More

Posted 10/27/09 at 07:17:40 PM by Jason Barry

Security firm Dasient has compiled some interesting numbers regarding the slums of the internet, in particular the number of pages hosting malware. Combined with numbers released earlier this year by Microsoft and Google it leads to a disturbing and messy forecast.

According to the study an estimated 5.8 million pages within 640,000 websites were infected with code designed to impregnate visitors’’ computers with malware. Microsoft released numbers back in April regarding this same statistic claiming only 3 million pages were infected. In approximately 6 to 7 months, the internet garbage pile has close to doubled. During a similar period, Google doubled its blocked site metric to just fewer than 350,000.

The cleaning process isn’t easy because sites are getting re-infected just as quickly as they are getting clean. In fact, 39.6 percent of compromised sites have been compromised in the past and were cleaned up.

Old versions of common programs such as Adobe Flash and Acrobat provide easy targets for exploiting large numbers of clients all at once. "Hackers are starting to see some success from these attacks and whenever they see success, they continue to invest more," said Ameet Ranadive co-founder of Dasient.

Read More

Posted 10/21/09 at 08:55:36 AM by Paul Lilly

Yikes - it was discovered that a vulnerability in a Time Warner cable modem and WiFi router being used by 65,000 customers makes it possible for a hacker to remotely access the device's administrative menu and wreak havoc, To deal with the problem, Time Warner said it hopes to have updated firmware from the router manufacture to push out to customers soon.

"We were aware of the problem last week and have been working on it since," said Time Warner spokesman Alex Dudley.

The security snafu affects Time Warner's SMC014 series combo modem/WiFi router and was discovered by blogger David Chen, who writes for chenosaurus.com. Chen said he was trying to help a friend change the settings on his cable model when he discovered Time Warner had hidden some admin functions using JavaScript code. All he had to do was disable JavaScript in his browser and he could see those functions, including a tool to dump the router's config file displaying the admin login and password.

"From within your own network, an intruder can eavesdrop on sensitive data being sent over the Internet and even worse, they can manipulate the DNS address to point trusted sites to malicious servers to perform man-in-the-middle attacks," Chen wrote on his blog. "Someone skilled enough can possibly even modify and install a new firmware onto the router, which can then automatically scan and infect other routers automatically."

Time Warner said it is working to find out if the same or a similar vulnerability also affects other models.

Read More

Posted 10/13/09 at 09:06:29 PM by Ryan Whitwam

You probably encounter more shortened URLs these days. These links, while convenient, are also a great way to hide a link to a malicious site. You can blame Twitter for their proliferation. With only 140 characters, tweeting a full link is impractical. Now AVG is stepping up to the plate to offer a method of protection.

AVG’s LinkScanner security product now fully supports shortened URLs. AVG says the LinkScanner system is more reliable than other methods because it tests links in real time. Whether or not it's the best, it is free.

The free malware scanner, Ad-Aware, has also added new features. The new enhancements are aimed at detecting and removing rootkits. A rootkit is a piece of malware that specializes in getting deep into the operating system to avoid detection. Ad-Aware uses heuristic detection to search for these nasty bits of software. It is also able to stop certain types of malware from restoring themselves after a reboot. Ad-Aware is a free download [warning, attempted upsell],  and well worth having a look at.

Read More

Posted 09/30/09 at 11:15:27 AM by Paul Lilly

Have you checked your bank account balance online lately? If so, you may want to consider verifying the numbers with a paper statement, because what you see on your computer screen might not be indicative of banking activity that's occurring right under your nose, according to a new security report.

Hackers have a new piece of malware to play with, one which not only picks your online pocket, but also hides the evidence of any wrong doing by rewriting online bank statements on the fly. Once the Trojan horse infiltrates a user's PC, it goes to work by altering the HTML coding before it's displayed in the victim's browser, making sure to erase any evidence of money transfers or other unauthorized transactions.

"The Trojan is hooked into your browser and dynamically modifies the text in the HTML," said Yuval Ben-Itzhak, CTO of computer security firm Finjan. "It's a very sophisticated technique."

A gang targeting customers of leading German banks first began employing the ruse in August and managed to steal Euro 300,000 (about $440,000 USD) in just three weeks. Finjan estimates that the gang using the scheme could potentially steal about $7.3 million annually.

While so far relegated to German banks, Ben-Itzhak warned that this technique is likely to spread to other countries.

Cybercrime Intelligence Report, Issue No. 3, 2009 (PDF)

Read More