Paul Doherty’s Notebook

Looking back over the last year, some things have changed in the world of PCs, but many problems remain pretty much the same!

Malware — viruses, trojans, spyware and the like — continues to be a big problem. I still see a lot of PCs infected with various trojans designed steal information or money from the unwary. The writers of this stuff are very professional, so I assume there is big money behind it.  The most common still seem to be the sort that tells you that tour PC is “at risk”and invites you to download some software to cure it. Invariably the software “finds” lots of things that aren’t really there, and then invited you to register if for about $49.95 to enable it to remove them.  If you ignore it, it will get ever more persistent, until the PC becomes unusable.

Sometimes these types of software claim to find viruses or other infections, sometime “memry problems”, “registry errors” and so on.  Of course, there are quite genuine and very useful products that do all these tasks, so it’s hard for the normal person to tell the genuine and useful from the fake and harmful. Sometime these fake products every have professional-looking websites (but almost always without traceable addresses or contact details).

An example of a fake product is here.

A simple tip: before you download any software, search for its name on Google.  Ignore any sponsored links, and if almost all you find in the search results is people asking how to remove the product, and reputable sites (such as bleepingcomputer.com and techguy.com) offering removal instructions, then tread very carefully!

A new development in 2010: three of my customers who had infected PCs received a phone call to the home numbers from the “Windows Support Group” telling them their PC was infected and offering to remove the infection at a price. It wasn’t clear how their phone number had been obtained (all had their phone numbers in at least one document on their PC, though), who the caller was or who he represented, or how much this “service” would cost. Very suspicious indeed.

Everyone should have a good and up-to-date antivirus program. Two good ones (both free) are the free versions of AVG 2011 from here or (my current favourite) Microsoft Security Essentials from here.

Happy new year to all.

I’ve had a couple of MSN messages recently which consist simply of a link.  On going to the link, I see something like this:

I suspect my MSN friends fell for this scam; once they have told the site their MSN username and password, it can impersonate them and send messages to their friends — me in this case.

Anyone who has fallen for this scam should immediately change their MSN password. See instructions on the MSN website here.

This scam has been around for a long time in different guises. Sometimes it says you have won a prize (typically a free iPod or a free iPhone) and you should type in your username and password to “validate your identity” and claim your prize.

Never type your username and password into a website you don’t know!

I’ve added a permanent page on this subject.

I’m seeing a lot of spam today with titles like Customs - We have received a parcel for you or Customs, please read. There was a lot yesterday about undelivered parcels from UPS.

These have a zipped attachment which is infected with a virus. Typical text of the e-mail is:

Good day,

We have received a parcel for you, sent from France on July 9. Please fill out the customs declaration attached to this message and send it to us by mail or fax. The address and the fax number are at the bottom of the declaration form.

Kind regards,
Grover Sterling
Your Customs Service

or

Dear Sirs,

We have received a parcel for you, sent from France on July 9. Please fill out the customs declaration attached to this message and send it to us by mail or fax. The address and the fax number are at the bottom of the declaration form.

Kind regards,
Casey Rhoades
Your Customs Service

The giveaway, as always, is that they are not addressed to you by name, and they come from unlikely e-mail addresses (typically harvested from infected computers). The two above came from Customs Service <lvsgjjo@bluegrassgroup.com> and Customs Service <cwq@blmbuilders.com> but each one will be different.

At the time of writing, these were not detected as malicious by AVG 8.0 (and nor by Symantec, Norton, McAfee, Avast, Ewido, F-Prot, Kaspersky or Panda). Just delete them.

If you have run the attachment (by double-clicking the contents of the zip file, typically) you’ll soon start getting warnings that “Your computer is infected” and inviting you to download software to clear it. The warnings are part of the infection, and the software it wants you to download will makes matters much worse. Don’t download anything, and contact someone who can help you remove the infection.

PS: I’m seeing a lot of fake airline ticket sales today (20 August). They typically start:

Hello,
Thank you for using our new service “Buy flight ticket Online” on our website.
Your account has been created:

and then go on to give login details for a website whose address is not stated (!) and say your credit card has been charged for some amount (usually about $650). A “ticket” is attached.

The usual things give it away: not addressed to a specific person; dodgy attachment (this one is called Ticket_N141-SK.zip and contains a file called Ticket_N141-SK.exe — a file ending in .exe is a program, and this one is instantly detected by AVG 8.0 as containing trojan Pakes.AFL).

Be careful not to run Ticket_N141-SK.exe, and just delete the e-mail and its attachment.

(Aug 23)  Sophos reports yet another variant, “Statement of Fees 2008/09″, whose attachment is sneakily named “Fees_2008-2009.doc______________.exe”.   They hope you’ll think it’s a Word document (.doc) not a program (.exe).   As Sophos says, “Don’t let curiosity get the better of you - don’t open the attachment if you didn’t order the package, or the tickets, or the contract, or the accommodation … or whatever else they’ll come up with next.”

I’ve added a reference page about phishing spam. This is spam that tries to fool you into logging into a fake website which is pretending to be your bank.

Easy enough to avoid once you know the signs.