Infected Computers to loose website access in July 2012 (dcwg.org)

Did you get a message with a link to dcwg.org?  There was a malicious group that redirected infected computers to “their” DNS websites.  They were caught and the FBI directed dcwg.org to manage the DNS servers.

What is DNS?  A Domain Name Server (DNS) links the IP address (4 sets of numbers separated by periods) to the name of the website.  Could you remember 74.125.224.142 or is Google.com easier to remember?  Try opening your browser (i.e. Internet Explorer, Mozilla Firefox, Apple Safari, Opera, Google Chrome) and typing in 74.124.224.142 where you would normally type in a website address.  Yep, you end up at Google.com.  When you type in a website address, such as www.opendns.com, the DNS has a list of what IP address(es) are linked to what websites and you arrive at the expected website.  The authors of these DNS servers and the associated virus had plans to redirect the infected websites for some criminal purpose.  So, you type in the website name and possibly end up at a spoof website.

These next steps will show you how to check if you are a victim and either way you might consider changing the assigned DNS.  One reason to change is a slight increase in surfing speed, and the other is to protect against phishing websites.

To Check:

For Windows XP; Open a command Window, left-click START > run > type in “cmd” and press the ENTER key. In the command window (black with white letters) type in netsh interface ip show dns and then press the Enter key.

For Windows 7; Open a command Window, left-click START > type in cmd (cmd.exe should appear and be highlighted) press the ENTER key.  In the command window (black with white letters) type in netsh interface ip show dnsservers and then press the Enter key.

Is there are any “statically Configured DNS Server” matching one of these DNS servers that will be deactivated in July 2012 (?):

Starting IP           Ending IP                     CIDR
85.255.112.0    85.255.127.255        85.255.112.0/20
67.210.0.0        67.210.15.255          67.210.0.0/20
93.188.160.0    93.188.167.255       93.188.160.0/21
77.67.83.0        77.67.83.255           77.67.83.0/24
213.109.64.0    213.109.79.255       213.109.64.0/20
64.28.176.0      64.28.191.255           64.28.176.0/20

What would happen if yours are set to one of these and you did not make a change.  Well, in July when you typed in the name of a website it will not be accessible.

Most users use the DNS provided by their Internet Service Provider (ISP).  However, you can choose to use another DNS by changing the DNS setting.  Among many DNS there are:

Google‘s DNS (Preferred 8.8.8.8 & Alternate 8.8.4.4) that may increase your surfing speed.

And there is:

Opendns DNS (Preferred 208.67.222.222, Alternate 208.67.220.220) that may increase surfing speed and that blocks phishing websites.  This service (free for Home Users) can be further configured by creating a free Opendns account.

To Change the DNS setting:

Open the Network Card Control Panel (ncpa.cpl);

Windows XP users (Windows XP instructions with images):  click START -> Click Run -> Type in ncpa.cpl (wait until window opens)
Windows Vista (Windows Vista instructions with images) or Windows 7 users (Windows 7 instructions with images): click START -> type in ncpa.cpl (wait until window opens)

Next, for Windows XP, VISTA and Windows 7;

Look for the Local Area Connection and the Wireless Network Connection Icon and Right-Click on one of these and left-click on the Properties Window.   In the window that opens Left-Click the Networking Tab (Windows XP: General Tab) -> Left-Click on the (Windows XP) “Internet Protocol (TCP/IP)” (Vista/Windows 7) “Internet Protocol Version 4 (TCP/IPv4)” to highlight it and Left-Click on the Properties button-> on the General Tab check if “Use the following DNS server addresses” is selected.  If one of the soon to be “turned off” DNS IP addresses are listed (see previous list of DNS IP addresses to be deactivated in July, 2012) either click  ”Obtain DNS server address automatically” to use the one provided by your ISP or click “Use the following DNS server addresses” and type in the DNS service you would like such as the Google DNS (Preferred 8.8.8.8 & Alternate 8.8.4.4) or Opendns DNS (Preferred 208.67.222.222, Alternate 208.67.220.220)  When typing them in first type the number, press the PERIOD key, type next number set, press the PERIOD key until done.   Double check the numbers are correct. Click OK all the way out to set the new DNS.  Now, to see they are active use the “To Check” instructions above.

If you followed all this then more power to you!

Who is impersonating my Email?

A recent customer was surprised and upset to receive an email that said it came from the customer’s name.  (ex. sentfrom: insert your name here!).  That would mean a spoof email could be sent impersonating the customer even though they did not send it!  Can it be done, yes. So be warned and careful about links and especially attachments in emails even if sent from someone you know and communicate with regularly.

To check and confirm the emails origin via the email header see the instructions for your email service here:

Expanded List of Sites with instructions on finding email headers:

http://www.emailquestions.com/full-email-headers/

 http://spamcop.net/fom-serve/cache/19.html -

 http://www.haltabuse.org/help/headers/ –

When you see the actual email header there will likely be a series of “Received: From” listings so find the last one listed (lowest down on the Received:From list) and this is the originator of the email.

This may be frustrating news but it’s not new, remember USPS Mail!  Stay vigilant and stay safe.

Haitian Earthquake Relief and How to Avoid Fraud

Haitian Earthquake Relief Fraud Alert

[Fraud Reporting to IC3 via www.ic3.gov]
The FBI today reminds Internet users who receive appeals to donate money in the aftermath of Tuesday’s earthquake in Haiti to apply a critical eye and do their due diligence before responding to those requests. Past tragedies and natural disasters have prompted individuals with criminal intent to solicit contributions purportedly for a charitable organization and/or a good cause.

Therefore, before making a donation of any kind, consumers should adhere to certain guidelines, to include the following:

• Do not respond to any unsolicited (spam) incoming e-mails, including  clicking links contained within those messages.
• Be skeptical of individuals representing themselves as surviving victims  or officials asking for donations via e-mail or social networking sites.
• Verify the legitimacy of nonprofit organizations by utilizing various  Internet-based resources that may assist in confirming the group’s existence  and its nonprofit status rather than following a purported link to the site.
• Be cautious of e-mails that claim to show pictures of the disaster areas  in attached files because the files may contain viruses. Only open attachments  from known senders.
• Make contributions directly to known organizations rather than relying on  others to make the donation on your behalf to ensure contributions are  received and used for intended purposes.
• Do not give your personal or financial information to anyone who solicits  contributions: Providing such information may compromise your identity and  make you vulnerable to identity theft.

Anyone who has received an e-mail referencing the above information or anyone who may have been a victim of this or a similar incident should notify the IC3 via www.ic3.gov

For further information, please visit the FBI’s Web site:

http://www.fbi.gov/pressrel/pressrel10/earthquake011310.htm

Security Essentials from Microsoft, Free and Top Rated!

There is some great news for personal and business computer users surviving on a shoe-string budget.  Microsoft Security Essentials™ has rated as 1 of 3 top Anti-Malware (Anti-Virus) software in a pool of security software tested by AV-Comparatives (Independent Labs) in the November 2009 results.  This means that there is now a FREE active anti-malware software option available without any caveats except that the computer is a Windows based operating system.  This is a significant event since the previous Anti-Malware software tested from Microsoft™ only received the Standard rating.

What the POP-UP! Close it Safely!

Gmail, MSN-Hotmail (Windows Live), and Yahoo, to name several free email providers, have been in the news lately since a list of email addresses and their associated passwords were posted on the Internet!  Since the revelation the posted information has been removed and each company has forced password resets for the email accounts that were affected.  This means the user will be required to change their password the next time they access the email account.  [Note; if a password reset is required and you use POP3 email such as Microsoft Outlook or Express be sure to update the password for the email accounts here also.]

So how did this happen in this case?

The official word is that phishing and mimic websites are the hackers tool.  Here’s how it works:

1. An official looking email is sent to the user or the user visits a “hacked” website.
2. The user clicks on the link in the fake “official” looking email or the faked “official” looking pop-up box.
3. The user enters their Username and Password and Whoala!, you’ve been PHISHED!
4. Or, worse you’ve authorized the download of Malware / Spyware to your computer.

How to protect yourself?

1. Educate; locate the security tips for your email type. [Here are some quick links, Left-Click on the image: ,  , ]
2. Install a reliable Anti-Malware Software and Firewall [a list of free resources for home use is available via a free registration HERE.  Need help on how to install and use computer security software consider the BOOK or EBOOK]
3. Secure the Internet Browser and consider using an alternative Browser such as;

• Mozilla Firefox An established Internet Browser DOWNLOAD LINK
• a more recent entry DOWNLOAD LINK [winning awards for hacker proofing]

A now common trick for Phishers, especially, in trying to download Malware or Spyware is a faked POP-UP window.  If a suspicious window appears DO NOT click on it but close it by pressing and holding the “Ctrl” key followed by the “W” key.  This key combination will close the active Window.   If you end up in a fireball of windows, keep using this combination until all the Pop-Up Windows plus the Internet Browser are closed.  If internet style Pop-Ups occur even with the Internet Browser Closed it is likely there is Malware on the computer and it needs to be scanned and cleaned.

In the follow-on article we will address using certain Internet Browser Settings for Mozilla Firefox and Google Chrome to improve Internet Surfing security.

Stealing Bank Loggin Information and Creating False Bank Statements!

Malware that uses computer vulnerabilities to steal website login data and screen captures is not new but cybercrooks are introducing a new wiggle.  Once they obtain this information from poorly protected computers not only do they withdraw money, they provide falsified Financial Statements to the victim so they are unaware of the crime until they visit an ATM or BANK.  Read the full story HERE , check for BROWSER Hijacks HERE, and check your protection status HERE.

Recover from Anything! Take a picture of the Hard-Drive!

You can have a safety net in case anything ever happens to your computer.  In the next few weeks a new feature will be available at the Napa Valley Security Consulting Web-site.  This feature is software called  “Image for Windows (IFW) & Image for DOS (IFD)” that takes a “snapshot” of the hard-drive and a detailed step-by-step instructional guide that will make using this software easier.  So, ask yourself what would you do if any of the following happened to your computer?;

• A brand new Malware (Virus) slips through the security of the computer and corrupts a key operating file making the computer stop functioning.
• A Windows Update or new Software install interferes with a key piece of software and you have a deadline within 24 hours if not the same day.
• An important Software Application does an update and you do not like the change or it stops working.
• The Hard-Drive crashes.
• A Guest, your child, a co-worker or even yourself downloads a malicious file unknowingly, deletes a critical file, or other activity that ends up “destroying” or impairing the computer.
• You have your computer running “just right” and a new change makes it run like a rabbit through quicksand and you do not know what to do.
• OR, you wish you could save and return your computer to that “just right” state as needed.

One of the above may sound familiar and you can!  The solution is an ISO Image of the computer hard-drive.  To explain how it works, imagine you were living in New Orleans and you took a picture (image) of the city, in detail, right before Katrina hit.  And after the damage occurred you used this image overwriting everything and restoring the city to be as when the image was created.  This is what an ISO Image does for the computer by capturing a picture of the hard-drive at an instant in time.  It works because the computer is composed of ONES and ZEROS and as the computer changes these ONES and ZEROS are written to the hard-drive in different sequences.  Thus, if one of the above situations damages the computer’s operation, even to the point it will not boot up (start), this image can be restored to the original hard-drive or a new hard-drive completely erasing the damage!  And, if you need to extract individual or multiple files from the ISO Image, without restoring the total image to the hard-drive, no problem.

This can be for personal use and to a small business a life saver, time saver and money saver.  The process is first to create the image, store it and when the “glitch” occurs instead of tearing your hair out or paying for hours of computer services you just restore the image to the hard-drive.  You may have one question; “what happens to files that are created or modified after the ISO Image is created?”  Good question!  You have many options but here are two to start;

1. Create a differential backup ISO Image at regular intervals.  You can even set this up to work automatically and the neat thing is there is no need to remember what files have changed!  This procedure takes a previously generated FULL ISO Image and compares all changes from its time of creation and makes a “difference” or differential backup ISO Image.  Thus, any new files or modified files are recorded.  And, since each differential backup only looks at the original FULL ISO Image you’ll get versions of files.  This means you can either restore the differential ISO Image to have the computer operating as it was that day or extract a particular file to how it appeared on the date the differential backup occurred.  Overtime as more changes are made on the computer the size of each differential backup will grow.  Once, it gets too big, create a new FULL ISO Image for the reference and subsequent differential backup will be smaller in size.  [Note:  Differential backups rely on their original FULL ISO Image so be sure to keep these files together.]



2. Copy newly created files or modified files on a regular basis to a memory device such as a USB drive.  If you are not sure how to do this detailed instructions are provided in Section 4 of the Book.  As an example; let’s say you use a program called “Toy Management” everyday.  You can save its data via a Left-Click on File and a Left-Click on Backup allowing you to choose a location to create the backup file.  So, you save this backup file to a USB drive which you safely store.  At a future time if there is a computer glitch use the FULL ISO Image to recover the computer.  Next, you would start the “Toy Management” software, Left-Click File, Left-Click its restore to use the backup file of the data.  The computer is running again and the software you need has the latest data to use.

As you can see this ability will bring tremendous piece of mind.  If you find this helpful please pass this on to anyone else who could benefit from it.

Denial-of-Service Attack, steps to prevent

If you arrived at this post directly please check out the EzineArticle on this that explains how this type of attack works.   Here are several steps to take.

1. Firewall; since there are multiple ways to disable and stop a Firewall from doing its job it is important to have a robust firewall installed on the computer.  There are at least three 3rd party firewalls, free for use on a personal computer, that meet this requirement.  We have quick links available; to reach them please create a free user account via the sign-in page and locate the Firewall Button to access information on each one and to download.  [For reference; the 3rd Section of the C.A.L.M. Manual has detailed instructions on how to install this Software.]
2. Testing; once the new Software is installed you can test how well your computer ports are protected.  These are the doorways into your computer from the Internet.  Log-in with your newly created user account and click on the Firewall Testing button for detailed instructions.

Be sure the Windows Firewall is disabled once the new Firewall is installed.  To verify go to the Control Panel.  Windows XP; Left-Click on Start, Left-Click on and when it opens Left-Click on .   If not already set, select the OFF (Not Recommended) option, not to worry since the 3rd Party Firewall is now serving this roll.  And to verify this close all these windows and locate the Firewall Icon in the Systray at the bottom right of the computer.  Double-Left-Click on it or Right-Click on it and Left-Click its control panel from to the pop-up menu to open.  This new window should give the current status of the Firewall.  Windows Vista; Left-Click on  and type in Security Center, press ENTER.  Left-Click on Windows Firewall and choose the option and ignore any warnings that appear.  [See the Firewall 3rd Section in the Manual for more detail.]

Detail Firewall Testing instructions are available in the free-to-register portion of the website.  The 3rd Party Software is included since it is free for home use, enjoys a strong user approval and has tested top of its class in defeated outside kill tests.

A future article to be posted will discuss the other necessary step of checking the modem settings if you have a DSL or cable modem.

XP Limited User Account, Start the Safety Net

Here is the Windows XP Security Check-off list.  If you are not using all of these and using email or the Internet the probability of Malware (A Software Virus) on the computer is nearly sure:

1. A 3rd Party Firewall (the default Windows Firewall is not sufficient).
2. An Anti-Malware Software with current Malware Signature.
3. An Anti-Spyware Software with current detection Signature.
4. Normally using an Administrator User Account when opening email or accessing the Internet.

Maybe the first 3 were covered but what about the 4th.  The top Anti-Malware software has detection rates at about 97% for known Malware and about 70% for new threats not on the current Malware Signature database.  This means there is a chance of Malware executing or being installed onto the computer!  With a Windows XP computer where the current user has Administrative Privileges the secondary protection is not existent.  The malware has access to the critical Registry and core system files.  A Root-Kit Malware is free to bury and hide itself in the computer.  To remedy this situation the Limited User Account is the key.  To access a series of articles that talks more about the benefits and how to implement a Limited User account follow me at Ezines.  As an analogy, if a locked and protected room has your important documents, you would not want to give the key to anybody.  So, when leaving the house you place the key to this room in an unknown location.  This way if pick-pocketed someone might get the key for the house but the documents in this room are safe.  Using a Limited User Account for Windows XP works like that.

[Stay tuned; for using Internet Browsers to increase safety on the Internet.]

Windows XP support to End?

If you are one of the estimated current 60% of Windows Computer Users with Windows XP do not be alarmed by the announcement of Windows ending mainstream support.   Laurence Painell, Windows marketing manager at Microsoft UK  states, “We will provide critical security fixes via Windows Update for all editions of XP until 2014.”  This means that the automatic Critical Updates feature of Windows XP will continue for many more years.

What this does mean is Software Developers will become focused on the Windows 7 edition that is soon to be the newest Windows Operating System.  So, as time progresses, new features that you might need or require will be on Software that is designed to work on the Windows 7 edition.

From a Security Standpoint upgrading to either Vista or Windows 7 is a good bet if you are not using a Limited User Account as a rule in Windows XP.  Especially, in a business situation.  No Anti-Malware Software is 100% in detection and protection so having a Operating System configuration that naturally protects against changes to the Registry or Key System files is essential to blocking Root-Kits from buring themselves on to the computer.

[Please pass this news along! From http://blog.napavalleysecurityconsulting.com]