When “Logout” does not work…OddJob Keeps Online Banking Sessions Open

Today Windows 7 News
and Tips web blog at http://www.windows7news.com posted some
interesting information concerning a new attack method being used to take
control of online banking sessions. Although this is not currently wide spread
and no solution has been formulated as of today, experts are working on the
problem and more information will follow soon. For now I thought it would be
good to make you aware of the problem so you can keep an eye on your accounts.

Below is a repost of the Windows 7 post:

You go online and connect to your bank. You do your transactions, and then you logout. Or so you think.

There is a new type of financial malware program that has started to make the rounds with the ability to hijack a customers’ online banking sessions in real time using their session ID tokens. This program, called OddJob, keeps sessions open after customers think they have “logged off.” This enables criminals to extract money and commit fraud unnoticed, they are in, and you think you’re out…but you’re not.

New Attack Methodology

This malware attack pushes the hacking envelope through the evolution of existing attack methods. Hackers, who are curious sort can side-step many commercial IT security applications traditionally used to defend users’ digital – and online monetary – assets.

Security firms have been monitoring OddJob for a few months, but have not been able to report on its activities until now due to ongoing investigations by law enforcement agencies. These have just been completed.

A work in progress

While it appears to be a new approach to attack users, it appears to be a work in progress, Trusteer has noted differences in functions in recent days and weeks, as well as the way the Command & Control (C&C) protocols operate. It is their contention that these functions and protocols will continue to evolve in the near future, and that the analysis of the malware’s functionality may not be 100 per cent complete as the code writers continue to refine it.

Where the weakness is

OddJob’s most pernicious characteristic is that it is designed to intercept user communications through the browser. It steals and injects information and terminate user sessions inside Internet Explorer and Firefox. This program is different from conventional hacking because the hackers do not need to log into the online banking computers – they simply ride on the existing and authenticated session. So when a user “logsout” the event does not occur, even though the user thinks he/she has terminated the banking session. But the hacker, is now in.

Windows 7 Upgrade Confusion

The term “upgrade” is used by Microsoft in three
different instances and this seems to be causing a lot of confusion. I will try to clear this up for you.

First, let’s talk about the version of Windows 7 that you
need. Microsoft has four versions of
Windows 7 available and each includes different features. There is Starter, Home Premium, Professional,
and Ultimate editions. The Starter addition is only available preinstalled on
new computers. Now for the confusing
part, each one is available in a full
version and an upgrade version. The upgrade
is substantially less expensive, but you have to currently own Windows XP or
Vista for it to work. Yes I did say XP.
This is where the confusion starts.

Upgrading from Vista is just that, an upgrade. You are able to save all of your current
programs and simply move up to a like version of Windows 7. Upgrading from XP is a different
story. Because of the difference in the
base operating system, upgrading from anything prior to
Vista is not possible. You can, however,
use the upgrade version of Windows 7 at the reduced price. Are you confused yet? Microsoft has allowed
users to skip Vista and go directly from XP to 7 and save money. To do so you have to do a full installation
and then reinstall programs, if they are compatible, after you are done. Microsoft has many resources to check your
programs compatibility prior to deciding if you will move up to Windows 7 and
some versions of 7 also have a compatibility mode which will allow you to run
your older programs in the OS mode they were written for. Another tool provided by Microsoft to ease
your worries is the “Windows Easy Transfer” tool. This tool will copy all of
your settings and files from your XP computer and then after your installation
of 7, load them into the new OS. I still recommend a full backup to prevent
loss, but this tool works very nicely.

To add to the upgrade confusion, all Windows 7
operating systems come with the Anytime Upgrade option. In other words, if
you buy the Home Premium version and later find that you would like to have the
features of the Professional version, all you have to do is purchase a key,
input it into your OS, and you are done. No installation is required.

I hope I didn’t add to the confusion and in some small way
helped you to understand the many meanings of “upgrade.” I know it all
sounds confusing and even scary, but after using Windows 7 for over a year now,
I would have to say that it is all worth it.
In my opinion, Windows 7 is the best and most user friendly OS bar none.
If you are thinking about upgrading, Microsoft is now offering
a “family pack” which makes it more affordable than ever. I am always available to help you with any
questions you may have and even do the “upgrade” for you if you wish.

Mike
Bodenhafer-Your Computer Guy

PMCreation -
Computer Repair and Sales

mailto:mike@pmcreation.us

www.PMCreation.us

Hotmail and other sending random email

I have had many reports of a Hotmail problem and now I
am seeing the same thing in Yahoo accounts.
This leads me to believe that the problem is not isolated and may be
happening to any web based email account.



The problem is that Hotmail is sending out apparently random emails to everyone
in your Hotmail address book or at least everyone that you have included in a
single mailing at one time. The one thing that I am seeing in common is that
the list seems to have been used at one time in the CC field. I say random
because of the timing of these email cannot be pinned to a time or day or even
to a time that the computer is turned on. This tells me that the problem is
most likely not in the computer but is a matter of a hijacked password at the
account level.



The emails only contain a link to one web site and although these sites do not
seem to be promoting any malware or virus, they are trying to sell products. So
far these have been the links that have been reported to me:



• healthwellnessnetwork.com

• pillsiterx.net

• greatwitcheryworld.com

• witcherysource.com

• pillsourcemedsguide.net/Colesburg

Solution:

So far the best solution to this problem is to change
your password. You will also have to change your secret question because
whoever stole the password most likely also got the answer to your question so
they can also get your new password if you do not change both. If the problem does not go away after this fix, please contact me and we can dig deeper. 260-349-3497

Prevent Future Problems:

In almost all cases this problem began after someone
sent out a mass mailing and placed all the names in the To: field or used the
CC: (Carbon Copy) field. If you send out any mass mailings be it a joke, an invitation
or anything else, please make it a habit to use the Bcc: (Blind Carbon Copy)
field for all but one name (you have to have something in the To: field). The
name and address to have in the To: field should be your own. This will not only protect you from this type
of attack but your friends name and address will not be spread around and if
they have privacy concerns they will be respected. Along these same lines, if
you ever forward any jokes or other email, please cut off the past recipients
addresses out of respect. Spammers love to collect names and addresses this
way.

I hope this helped and if you have any questions or concerns please feel free to contact me.

Mike Bodenhafer-Your
Computer Guy

PMCreation- Computer Repair and Sales

mailto:mike@pmcreation.us

www.PMCreation.us
260-349-3497

It's A Trap

Have you ever been surfing the web and have this happen? A pop up appears on your screen informing you that they have found suspicious activity.

Wow, isn't that nice of them, they are going to help you out by "performing a fast and safe scan" on your system. More like a "SCAM" if you ask me. If at this point you click "OK" or even click the red "X", you are taken to another screen that looks like you are getting a safe scan. It has the Windows Security logo so it must be safe, right?

This page does not look like a web page. In fact, it looks like you in the Windows "My Computer" screen. Look closely, it is not your computer. This scan is so good that I would bet you that it will find problems that your own antivirus could not find. It always does.

By now I am sure you have figured out that I am being sarcastic and this is not a good thing that someone has randomly contacted you to help save you from a virus and in fact this is a process to try and infect your system with malware. The problem with this trap is that it looks so much like it is your own Windows Security jumping in to save you. If you are fooled at this point and you click on the "remove all" link a major malware will attempt to load onto your computer and it will start a very frustrating problem. You will have pop ups appearing one after another and so often that it will render you system unusable. Then you get a message that if you want it to stop you can send them $24.95 or some amount and they will remove the problem. Truth is, all they remove is the money from your account.

The good news is that most good antivirus programs will save you and stop this before it can load. Even if you make a big OOPS and click on the link, your antivirus should save you.

BUT, WHAT IF IT DOES GET PAST?

The process of removing this malware is very elaborate and there is not any easy fix that I have found. In fact, the malware is written to block you from removing it by not allowing access to the files. I have even see some cases where it will replicate and fill your hard drive completely. My recommendation is to shut your system down and have a professional fix the problem. Of course I recommend me, http://www.pmcreation.us but it is important that you call someone you trust and do not use the computer until it is clean.

To prevent this or any malware from infecting your system you should always surf smart and never click on questionable links. Also, you should NEVER surf without a good trusted antivirus. I do have antivirus programs I recommend and others I would steer you away from. If you have any questions you are welcome to call me (Mike 260-349-3497) or email me mike@pmcreation.us and I will be happy to help.

Harmful Internet Scams

Many of you know about these scams, but still, many people are taken every day. There are hundreds of scams on the Internet. If they did not work they would dry up fast, but the fact is, they do. Here are five classic viral scams that have tricked many people over the years:



SCAM #1: A wealthy Nigerian needs your help to move millions of dollars from accounts out of his country. In return for your help, you will receive a percentage of the money. You send your bank account info, and at some point a small problem will arise and the Nigerian will need you to send a few thousand dollars to fix the problem. You would think that anyone would know that this is a scam, but the potential to get millions moved into your bank account is a very tempting to some people. There are many variations of this scam, originating from other locales. The one thing they all have in common is that the money will be moving out of your account, not in.



SCAM #2: A friend is stranded overseas and needs you to send them money. This is more targeted to people with a large number of close friends and is much easier to check for legitimacy. Still, if a hacker compromises an email or Facebook account, he/she can then access the address books and friend lists. Inbox messages appear as a desperate plea from your “friend” claiming they are traveling overseas, have been mugged on a deserted island and lost everything. They plead with you to send money immediately. Come to find out, your real friend is safe and sound. This hoax is especially tricky because it looks like it came from someone you know, not a stranger. These could arguably be the worst scams because they are coming from a known sender. Call your friend. If you cannot get through, call someone else who would know where they are. Last resort, email them back and ask for some information that only they would know. Never blindly send money.



SCAM #3: Online rental properties are another target for scammers. Con artists use real listings, changing the contact information. When they ask the victim for the deposit check, the scammer will say that they are out of the country on business or doing volunteer work, so the money needs to be sent overseas. Once discovered, it is very difficult to track down the scammer or your money. This one is becoming more and more active every day.



SCAM #4: Online dating scams are particularly cruel. Con artists use the sites to look for victims. If they do everything right, the victim becomes love struck. Cons take their time, reeling in the victim over weeks or months. Then comes the request; money for a small emergency or so they can travel to meet you. After the victim sends the money suddenly another emergency arises and this will keep going as long as the victim will send more money. People have lost everything to this con, so be careful. Victims can lose not only their money, but their hearts as well.



SCAM #5: You receive an email or a phone message from a bank that says your PIN or other information has been compromised or needs to be updated. You are supposed to respond, giving them certain information. Never do this! The senders are phishing for information which they will then use to try to steal your identity and money. Banks do not send messages asking for information. If you have any questions, contact your bank directly. This con is used to get your other passwords as well. As a rule, if asked for any information via email, NEVER reply or use the links contained in said email. Either call or use a known safe email address.

The bottom line is, if in doubt, check it out. There are many legitimate sites on the internet that you can contact. I would start with your antivirus protection provider. If you have questions and do not know where to turn, please ask me at mike@pmcreation.us and I will do my best to help.

Antispyware Soft or Anti-Spyware Soft

Antispyware Soft or Anti-Spyware Soft is a typical rogue anti-spyware which was noticed to be circulating on the internet in the middle of April. As computer experts say, Anti-Spyware Soft, just like Antivirus Soft or Antivirus Suite, spreads itself via Trojan viruses that infiltrate computers through security vulnerabilities found. After this secret infiltration, the same Trojans change Computer’s Registry and make this program launched every time computer boots up.


Malicious activity of Antispyware Soft involves generating fabricated popup alerts and free system scanners just after this malware is installed. As soon as people log on, it always reports about dangerous cyber threats detected during its existence on the machine. Antispyware Soft totally bombards its victims with tons of fake alerts and warnings that will be accompanied by annoying pop-up ads also telling spyware on their machines. Finally, messages offering to purchase the “full” version of Anti-spyware Soft appear on the PCs desktop in order to make people think that they will be able to get rid of all their problems only in this way. Antispyware Soft is claimed to be a completely trustworthy and powerful tool which is capable to remove all the types of viruses. Some of these alerts look like that:


Windows Security alert

Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan you computer. Your system might be at risk now.


Antivirus software alert

Infiltration Alert

Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan – dropper or similar.

Details

Attack from: IP Address, port 39096

Attacked Port: 30516

Threat: Win32/Nuqel.E
Just bear in mind that purchasing Antispyware Soft’s “licensed” version is nothing but a support of its creators. Anti-Spyware Soft imitates searching your computer for viruses and detects the invented ones trying to make you concerned about your machine. After paying for its “full” version, your computer will get vulnerable to other viruses and it will start malfunctioning as well. So, have no doubt about this program and if you notice any trace of it, delete Antispyware Soft. Do this in the shortest period. For help contact me at http://www.pmcreation.us/

Adobe Products authplay.dll Remote Code Execution Vulnerability

A vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems.

This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix.

http://www.pmcreation.us/