Updates 2019-09-10

Hi, Folks!

Today is Patch Tuesday for September 2019 and it’s another big one.

The next build of Windows 10, version 1909, is scheduled to be released later this month. This version will be minor compared to other Windows 10 upgrades and should be nearly indistinguishable from 1903. Well, hopefully local search will work when Cortana Web Search is disabled, but indistinguishable otherwise.

Windows 7 will fall completely out of support in only 4 months. Don’t run out the clock. If you are running a licensed version of Windows 7 you can still upgrade to Windows 10 and have a supported version of Windows for the foreseeable future. Get it done before it’s too late. Don’t want to do it yourself? Call me!

Borderlands 3 will be released on Friday! If you haven’t pre-ordered yet, you can still get a hefty discount. It’ll available for preinstallation starting this evening.

This month we’ve had another series of security lessons.

The Jordan Peterson “deepfake” platform was just the tiniest recent example of how such technology would inevitably be abused. Even though it was removed, it was followed shortly by a custom deepfake that cost one company $243,000. Oops.

The most popular email server and web management platforms both had critical security issues allowing malicious third parties to take over the entire server.

Don’t trust your mobile. Apple iOS and Google Android vulnerabilities disclosed and abused this month can be used to take over your device. Patches are not yet available to resolve these recent exploits for either platform, though both have released patches for unrelelated security vulnerabilities. Google finally acknowledged a security issue in Google Calendar that has been exploited for at least 3 years and the Google Play Store has been publishing malicious apps.

Your “automated assistant” (Siri, Alexa, Cortana, and Hello Google) defaults to calling unrelated third parties since the numbers are pulled from search results, which are easily abused. Heck, the “vast majority” of new domain registrations and websites exist only for malicious purposes. Even if you don’t visit unknown websites, your information is exposed to others whenever you use automated assistants and sometimes even if you don’t intend to. The best solution is to use a privacy respecting browser, such as Vivaldi or Brave and disable any automation and voice controls.

You should always assume all hardware and software will eventually be hacked and maintain them religiously. From Ring to lightbulbs, it will happen. This month shows how entire platforms are being exploited remotely through their networking features.

When even Jack gets hacked you should assume that your information is out there somewhere. This is demonstrated with the latest in a too-frequent series of Facebook data leaks, this time including phone numbers for over 419 million users.

Finally, a friendly reminder that even if your data is “backed up” by a third party you should always back it up again yourself. Between unreliable third party services to the potential damage from ransomware and trojans, there’s no good reason not to pick up a cheap USB thumb drive and toss your important data on it, then toss it into your fireproof safe.

Now back to our regularly scheduled program. The typical computer should see roughly 2 GB in updates today. Let’s get started.

Microsoft released updates for Windows, .NET, Edge, Internet Explorer, Flash, and MSRT (~1.1 GB). This includes security updates. A reboot is required.

Apple released updates for macOS Mojave 10.14.6 Supplemental Update, iOS 12.4.1, tvOS 12.4.1, and watchOS 5.3.1. These are security updates. Use Apple Software Update to install the most current versions.

iOS 12.4.1 is a security update. Use Settings, General, Software Update to install the most current update.

watchOS 5.3.1 is a security update. Use the Watch app on your iPhone to install the most current version.

tvOS 12.4.1 is a security update. Use System, Software Update to install the most current version.

Adobe Flash Player 32.0.0.255 is a security update.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

The now-current release of Windows 10 (1903) will cause your computer to feel unusually slow until it is installed. This is a side-effect of the Windows 10 upgrade cycle, which pushes out 3-6 GB through Windows update to get you to the latest Windows 10 release every 6 months. If you don’t let it finish and you’re on a slow connection, it will kill your Internet performance forever. If you don’t have the bandwidth to download the bits, I’m happy to provide loaner USB drives to our local clients, or, if you prefer to have me mail it to you please contact me for information.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need or use, reducing the attack surface.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

Intel Driver and Support Assistant 19.8.34 adds OEM links and improved hardware detection and installation. This is not a security update.
https://www.intel.com/p/en_US/support/detect

nVidia 436.30 resolves several bugs. This is not s security update.
https://www.nvidia.com/Download/index.aspx?lang=en-us

Display Driver Uninstaller 18.0.1.8 improves removal for Nvidia devices. This is not a security update. Be aware that DDU is now wallpapered in advertisements for crapware, so you should avoid it unless you know what you’re doing.
https://www.wagnardsoft.com/display-driver-uninstaller-ddu

Browser Updates

One or more of these are likely to be of interest to everyone.

Google Chrome 77.0.3865.75 is a security update. Use Menu, Help, About to install the most current version.

Firefox 69.0 is a security update. Use Menu, Help, About to install the most current version.

Firefox ESR 60.9.0 is a security update. Use Menu, Help, About to install the most current version.

Vivaldi 2.7.1628.33 is a security update. Use Menu, Help, About to install the most current version.
https://vivaldi.com/

Email Updates

One or more of these are likely to be of interest to everyone.

OutlookAttachView 3.26 resolves a bug when closed prematurely. This is not a security update.
https://www.nirsoft.net/utils/outlook_attachment.html

Internet Updates

One or more of these are likely to be of interest to everyone.

Trillian Mac 6.2.0.19 resolves several bugs. This is not a security update.
https://www.trillian.im/

FileZilla Client 3.44.2 resolves several bugs. This is not a security update.
https://filezilla-project.org/

MaxMind GeoIP 201909 is a data refresh.
https://dev.maxmind.com/geoip/

Npcap 0.9983 improves hardware detection, improves Loopback detection and support, and resolves several bugs. This is not a security update.
https://nmap.org/npcap/

ZeroNet 0.7.1 is a security update.
https://zeronet.io/

Media Updates

These are unlikely to be of interest to most people.

VLC Media Player 3.0.8 is a security update.
https://www.videolan.org/vlc/

FastStone Viewer 7.4 improves Clone and Heal, Pencil, Google Maps integration, and resolves several bugs. This is not a security update.
http://www.faststone.org/FSViewerDetail.htm

Game Updates

These are unlikely to be of interest to most people.

Steam 2019.08.26 is a security update.
https://www.steampowered.com/platform/update_history/index.php?skin=0&id=0

PlayStation PS3 4.85 improves performance. This is not a security update.
https://www.playstation.com/en-us/support/system-updates/ps3/

Office Updates

One or more of these are likely to be of interest to most people.

Atom 1.40.1 resolves a package integration update. This is not a security update.
https://atom.io/

Artweaver 7.0.1 resolves several bugs. This is not a security update.
http://www.artweaver.de/

Krita 4.2.6 resolves several bugs. This is not a security update.
https://krita.org/en/download/krita-desktop/

LibreOffice Fresh 6.3.1 is a security update.
https://www.libreoffice.org/

LibreOffice Still 6.2.7 is a security update.
https://www.libreoffice.org/

Adobe Reader DC Patch 19.012.20040 resolves a font-embedding bug. This is not a security update. Use Help, Check for updates to install the most current version.

Adobe Application Manager 2019.0 is a security update. AAM will be EOL very soon, so if you do not require it, you should remove it instead of updating to the latest version.
https://supportdownloads.adobe.com/detail.jsp?ftpID=4773

Adobe FrameMaker 2019.0.4 doesn’t provide a changelog so should be treated as a security update.
64-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=6739
32-bit: https://supportdownloads.adobe.com/detail.jsp?ftpID=6737

Security Software Updates

One or more of these is likely to be of interest to most people.

PureOS 9.0 is a major update to PureOS and signals that the Librem 5 release is likely just around the corner.
https://pureos.net/download/

Looking for a secure phone? Check out the Librem 5:
https://puri.sm/products/librem-5/

MSRT 5.76 updates detections. This is a security update.

RogueKiller 13.4.3 resolves several bugs and updates options. This is a security update.
https://www.adlice.com/softwares/roguekiller/

TinyWall 2.1.12 resolves a bug. This is not a security update.
http://tinywall.pados.hu/

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.14.5 resolves several bugs. This is not a security update.
https://12pd.com/click?makemkv

MKVToolnix 37.0.0 resolves several bugs. This is not a security update.
https://www.fosshub.com/MKVToolNix.html

DVDFab 11.0.4.8 adds support for new encodings, improves Meta Info detection, and resolves several bugs. This is not a security update.
https://www.dvdfab.cn/download.htm

FFmpeg 4.2.1 resolves several bugs. This is not a security update.
https://ffmpeg.org/ffmpeg.html

Utility Updates

These are unlikely to be of interest to most people.

Windows 10 Upgrade v1903 updates the installation package for the Windows 10 v1903 build in preparation for v1909.
https://www.microsoft.com/en-us/software-download/windows10

ControlMyMonitor 1.20 improves refresh and default monitor behavior. This is not a security update.
https://www.nirsoft.net/utils/control_my_monitor.html

CPU-Z Installer 1.90 adds support for newer hardware. This is not a security update.
http://www.cpuid.com/softwares/cpu-z.html

DesktopOK 6.56 improves portability, adds options for reporting and export analysis, window positions, and resolves several bugs. This is not a security update.
https://www.softwareok.com/?seite=Freeware/DesktopOK

DMDE 3.6.0 adds support for new filesystems, resolves several bugs. This is a security update.
https://dmde.com/

FolderChangesView 2.28 resolves a notification bug. This is not a security update.
https://www.nirsoft.net/utils/folder_changes_view.html

GoodSync 10.10.7 removes support for Amazon Cloud Drive, resolves several bugs. This is not a security update.
https://12pd.com/click?goodsync

HWMonitor 1.41 adds support for newer hardware. This is not a security update.
http://www.cpuid.com/softwares/hwmonitor.html

IsMyHdOK 1.84 improves compatibility. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/IsMyHdOK

NTLite 1.8.0.7115 adds support for Windows 10 v1909, resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

OSForensics 7.0.1003 resolves several bugs. This is not a security update.
http://www.osforensics.com/download.html

PointerStick 3.68 improves multi-monitor operation. This is not a security update.
https://www.softwareok.com/?seite=Freeware/PointerStick

Sysmon 10.4 adds nested rule support, improved conditions, and resolves several bugs. This is not a security update.
https://live.sysinternals.com/

Process Explorer 16.30 adds Shared Commit, and resolves several bugs. This is not a security update.
https://live.sysinternals.com/

Rufus 3.7 adds persistent partition support for Debian and Ubuntu flavored ISOs, reports SuperSpeed+ devices, resolves several bugs. This is not a security update.
https://rufus.ie/en_IE.html

SimpleWMIView 1.40 adds Case Sensitive option to Quick Filters. This is not a security update.
https://www.nirsoft.net/utils/simple_wmi_view.html

Synergy 1.10.3 resolves several bugs and updates the VC++ dependency to 2019. If you’re having problems with the update, install the VC++ 2019 runtime, reboot, then reinstall.
https://members.symless.com/synergy/downloads/list/s1

TaskSchedulerView 1.52 adds Case Sensitive option to Quick Filters. This is not a security update.
https://www.nirsoft.net/utils/task_scheduler_view.html

TraceRouteOK 1.51 updates language files and improves compatibility with Windows 10 v1909. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/TraceRouteOK

WinScan2PDF 4.94 adds page selection and improved compatibility with Windows 10 v1909. This is not a security update.
https://www.softwareok.com/?seite=Microsoft/WinScan2PDF

Developer Updates

These are unlikely to be of interest to most people.

Android Studio 3.5.0.21 integrates several automated improvements, performance optimizations, diagnostics, and resolves several bugs. This is not a security update.
https://developer.android.com/studio/index.html

Node.js 12.10.0 resolves many bugs, improves documentation, and updates dependencies. This is not a security update.
https://nodejs.org/en/

Visual Studio Code 1.38 improves search and replace, resolves several bugs, and adds new features. This is not a security update.
https://code.visualstudio.com/

Virtual Machine Updates

These are unlikely to be of interest to most people.

VirtualBox 6.0.12-133076 resolves several bugs. This is not a security update.
https://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

Adminer 4.7.3 improves performance and stability, resolves several bugs. This is not a security update.
https://www.adminer.org/en/

Drupal 8.7.7 resolves several bugs. This is not a security update.
https://drupal.org/download

Nextcloud Server 16.0.4 updates libraries and resolves several bugs. This should be treated as a security update.
https://nextcloud.com/

ScreenConnect 19.3.25270.7185 resolves bugs. This is not a security update.
https://www.connectwise.com/software/control/download

WordPress 5.2.3 is a security update.
https://wordpress.org/

myStickymenu 2.2.2 resolves a cosmetic bug. This is not a security update.

NextScripts Social Networks Auto-Poster 4.3.9 resolves several bugs, improves integration with Blogger, Reddit, Pinterest, and WordPress.com. This is not a security update.

Theme My Login 7.0.15 resolves update bug, adds two new filters. This is not a security update.

W3 Total Cache 0.10.0 resolves several bugs, adds support for new S3 regions, webp caching, and other improvements. This is not a security update.

WP Mail SMTP 1.6.2 improves reliability and resolves several bugs. This is not a security update.

Show IDs 1.1.3 improves compatibility. This is not a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Catphishing on the Rise

In the last week I’ve had three separate Facebook friends re-friend me using new accounts. A few months ago I even had a cousin re-friend me “after Facebook sent him a million dollars and he could finally afford to create a new account!” His words, not mine. He was, of course, not actually my cousin but an impostor trying to get me to click through a third party link to infect my computer. It was kinda cute. 🙂

Clients have reported that online friends they’ve known for years are now re-friending them and asking for money to bail them out of strange situations — everything from jail to “beta testing” to solar investment loans. In all cases, contacting the person directly with their (previously known) offline contact methods (phone, text, IRL) results in first surprise, then horror, as the person realizes what has been done in their name.

And that’s the real issue here. It’s not like you’re witnessing your friends falling for a scam from an anonymous Nigerian Prince. No, they’re friending you and you (in their mind) are responsible for anything that happens to them. From that moment forward, even long after they learn it was not really you, they’ll always associate you with this event. Some won’t talk to you anymore out of embarrassment. Some will blame you as though there were some way you could have prevented their folly. In any case, you’re both harmed by a total stranger using your name.

This phenomena is called catphishing: The process of creating a fake online persona based on someone else and using it to take advantage of the target’s friends. Impersonation through, quite literally, duplicity.

Here’s the problem

She was astonished to see how her grandmother looked.

She was astonished to see how her grandmother looked.

Online service providers, such as Facebook, Google, Yahoo, Microsoft and so on, don’t exactly perform DNA testing to ensure that the guy claiming to be your neighbor really is your neighbor. If they did, nobody would use their services. Since they don’t, it’s up to you to be able to identify whether it really is your neighbor.

They don’t make it easy.

These intelligent scammers will use just about any means possible to replicate the identity of the person they’re posing as. They’ll re-use the same or similar image as their personal photo. They might crop it differently than the original that they’ve harvested from the real person’s page, but it’ll be “real”. They’ll also migrate some content, mostly copied directly from the original account, onto the new catphishing page. They’ll also copy personal details, such as dates, employment or social history, possibly even replicating the victim’s relationships with additional accounts. All it really takes, when the information is already available only a click away, is the time to copy and paste.

These types of phishing accounts are usually short-lived. Within only a few days they’ll be identified by the targets friends as a phish, though in that time dozens or even hundreds of people may be victimized. This means the attacker will have to act fast. Once they’ve created the account they’ll quickly send out many friend requests to the targets existing friends. They’ll then add or contact many, and the few that answer quickly will then be social engineered.

First a little small talk, then mentioning some great event – like being mailed a million dollars by Mark Zuckerberg, or how they just saved a bunch of money by doing something different like taking advantage of a government program or loan gimmick. They won’t waste much time getting to the pitch, though they might not be able to respond to everyone all at once so it might be a day or two before they push. When you feign interest they’ll have a link at the ready to help you “research” their pitch. It might even be a personal page on a popular site or a typo-squatted version of a popular domain. They’ll seed the idea then send you a link to infect yourself or enable you to self-hijack by posting your account information at an untrustworthy site.

While you’re giving up your information, your real friend is completely oblivious to what is happening.

So how do you protect yourself?

First and foremost, don’t just friend everyone that asks. A very effective means of security (in most things) is to let other people be the guinea pig. This means you don’t respond to friend requests or new contacts immediately. Just wait. At least a couple days, but a week or more is ideal. By this time, there’s a good chance other people would have suffered at their hands if it’s a phish, and thus the account may have either been locked or shut down by the time you are prepared to accept the friend request. Patience really is it’s own reward.

Of course, if you suspect an account isn’t legitimate, report it. Most popular websites have tools to report various contacts and requests, and these are the tools you should be using. This allows the website owner (such as Facebook) to aggregate information about these attacks to block specific types of attacks or shut down entire networks of attackers all at once, and possibly prevent some of them in the future. It’s up to you to report it properly and fully, however. Simply blocking a user will not have any effect other than eliminating their unwelcome messages to you. If you want to stop it you have to be specific in how you report it.

On Facebook you can go to the fake user account page, click the account action button (…), select Report, Report this profile, then select “They’re pretending to be me or someone I know.” Then follow the prompts.

fb-report fb-report-profilefp-report-catphish

Don’t forget to tell the person they’re claiming to be, preferably through a previously known offline contact method.

What if they’re posing as me?!

Same thing. Report them quickly and warn your friends that may have succumbed to your fake friendship.

But wait, there’s more! In most states there are laws against phishing. Here in California the law is really written only to protect businesses, but you, as a victim, can sue an impostor for a half million dollars if they pose as your business.

It doesn’t hurt to regularly search social media for your own name, too. Not your account, mind you, just your name. This will return other accounts that are using your name so you can investigate them. Even a few minutes of effort once a month can save you and your friends from a lot of hurt down the road.

Another trick is to add a Google Alert to your name for social media. This bypasses your own social account (if configured correctly) and emails you whenever your name appears on a site. First go to Google Advanced Search and fill out the form to use a search phrase such as this:

“john t example” site:facebook.com -“johntexample”

This searches for his exact name, on Facebook, but excludes his Facebook slug/username. Now go to the Google Alerts page and search for the formula you composed above. “Show options” then set the alert to contact you once per day. It’s not a perfect solution, but it might catch a phish.

Good luck, and keep it clean out there,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

“Microsoft Technical Support” Scam

“Microsoft Technical Support” called me yesterday (on Independence Day!). They claimed to be receiving “errors and warnings” from my computer and were calling to “fix” it. Wow – can you imagine? They must have even better access to metadata than the NSA if they were able to somehow correlate my phone number with “my Windows computer,” since I’ve never used this number in relation to any of my Microsoft-related purchases in the past.

Gosh, could it be a scam?

Over the last couple years I’ve had several clients who fell for this scam, resulting in their computers being either inoperable, completely hijacked, or only seriously infected. A couple of them also ended up with a rather large credit-card bill. Hey, I love you guys, but I have to admit that I don’t understand how anyone could fall for this scam when the callers always have such thick accents. Maybe calling Dell & Gateway’s foreign tech support has left people with the impression that if someone has a foreign accent, they really do work in computer technical support? Or maybe it’s just that people expect to not understand their computer guy?

Anyway…they called, and I answered. This is, in fact, the third time within the last couple months that they’ve called my home number. I was really hoping they’d call back again “when I was ready” so I could collect some data about how they operate. The first time I tried trolling them but had actually just gotten home from a client’s house who had been backdoored by them, so I wasn’t exactly in a very good mood. It still took them over ten minutes to finally hang up on me. The second time I trolled them I immediately asked if they would mind if I recorded the conversation so I could share it with the police later. They didn’t even answer – just hang up. Hmm. I wonder why?

It’s a Tough Sell

This time the call came from “Name Not Found” at the number 1-000-000-0000. With a number like that I just knew it had to be a scam! I was just giddy with anticipation. In fact, I was so excited I was afraid that he would hear it in my voice as I tried so hard to sound like a complete computer novice.

Like most marketers, they use your ignorance against you as part of their sales pitch. Their first step is to convince you that you have a problem. They have you run msconfig (a Windows startup configuration tool) so they can tell you that all the “disabled” and “not running” Microsoft processes means that you’re seriously infected with a virus. This isn’t remotely true, but it does make for great theater.

Next they have you open eventvwr (Microsoft Event Viewer) so they can have you tell them the “number of events” under the Administrative Events view. They claim this number is how many “problems” exist on your computer (even though it’s likely only a handful of the same common non-serious errors repeated many times). They claim this number means it’s “seriously infected and broken,” of course.

He explained (did I mention the very thick accent) that all of this was “very bad,” but that since he “works for Microsoft” it’s not that big of a deal to fix it. And as a “free bonus” he would provide a 5 year license for a “real” antivirus program that would completely prevent this in the future. Dear reader, any time someone promises that something will completely prevent your security risks it’s a red flag that they’re lying to you.

Back to the story. So, now that they’ve convinced you that you’ve got a problem, it’s time for a “tune up.”

The Tune-Up

The first step of “fixing” the computer is to provide them with complete and total remote control access, of course. Again they have you open a ‘Run’ dialog and type in one of several websites that provide remote control software. Either ammyy.com, teamviewer.com or logmein123.com. Each of these is a legitimate service that’s being abused by the scammer, so while you shouldn’t hate on TeamViewer or LogMeIn – you should definitely be aware that the ability to login to your computer remotely not only exists, it’s common and only requires sharing a little bit of information with the attacker and can result in a very long-term hijack.

teamviewer-free-trial

In this instance the scammer chose to use TeamViewer, and as you can see in the screenshot above, the software even indicated that he (the  “technician”) was using a “free trial version.” I asked about that and, ready with the answers, the scammer told me that it was my computer that was using a trial version, not his. People fall for this? Sigh.

I’m familiar with TeamViewer so I loaded it up on a spare computer and immediately after the connection was established I toggled the ‘allow remote control’ option for the session. This ensured that he wasn’t actually able to do anything directly to my computer.

At this point, almost the same second as the connection went live, he said that the he was “having problems with the phone connection,” and would call me “right back.” Click. He hung up the phone. I was just positive he thought he already had all the control he needed so he didn’t need me for anything else. Tsk. I waited patiently anyway. A few minutes later he did call back again.

Escalation

This time it was from “Out of area” with no number. After Symond (did I mention his name showed up in the TeamViewer logs?), the original caller, reconnected via the new phone number he passed me off to “a more experienced technician,” who refused to identify himself.

As with most marketers, the first guy was just the “pitch guy” and the second guy is the “closer.” He tried for a few minutes to gain access to the computer through the session-limited account, clicking on window close buttons and the start button – without effect. I figure he would have figured out sooner that he didn’t actually have the ‘remote control’ privilege in TeamViewer. He was even dumber than I had originally thought. I tried to play stupid for a while and asked how long it was going to take to fix it. As a workaround to the rights he didn’t have, he made excuses about the performance of TeamViewer – saying the computer was probably “just too infected” for TeamViewer to work [A clean install of Windows XP MCE? Not likely.], and finally suggested we try another application (Ammyy). Darn.

I hedged a little, suggesting that maybe I could do the keyboarding stuff and he could just tell me what to type. He was pretty frustrated and when I said that I couldn’t figure out how to use Ammyy he finally cracked, screamed vulgarities at me and hung up. Sigh.

End Game

Needless to say, I didn’t get to experience the infection or harvest more than a bit of information from them before they wanted to stop playing. I was able to collect a couple TeamViewer ID codes: 845-085-890 (Symond..00775..) and 859-765-863 (Microsoft TechGroup=ms0125). They connected via 115.119.175.108, which is a broadband connection service provided by TATA in India. The StopForumSpam link identifies the IP address as having been used by “pcwebwork,” which could indeed be a business alias they’re actually operating under.

Even if it’s someone you do have a relationship with already, please consider calling them back at a “known good” number before allowing them access to your computer. After all, would you give someone your banking information just because they called “from Wal-Mart” and said that your recent transaction failed? This is no less severe.

Keep it clean out there,

Shawn

Updates 2012-01-10

Hi, Folks!

Microsoft released 8 updates addressing vulnerabilities in Microsoft Windows, Windows Media Player, Media Center, developer tools, MSRT, and junk mail filters (under 20mb). This includes security updates. Multiple reboots are required. Unlike a normal monthly Windows Update cycle, this month requires two reboots for most systems – visit Windows Update, check for updates, install all of them, reboot, return to Windows Update, check for updates, install all of them, and reboot again. On some systems the second reboot may not be required.
http://update.microsoft.com/

Adobe Reader and Acrobat updates were released today for all current supported versions (70-205mb). This is a security update. A reboot is required. Use Help, Check for Updates within each Reader/Acrobat application to get the current version.

Don’t make it “easier”, make it “easy”.

I read that in an article last month, and it really spoke to me. My clients have repeatedly asked me to make the update process “easier.”

Easier isn’t good enough.

Throughout any given month I remove malware and viruses from dozens of computers. In every single case the malware used either a known software exploit (for which a patch was available, but not installed) or used a common social engineering tactic that the user could have easily been trained to avoid.

These infections take anywhere from a few minutes to several hours to remove, often costing clients upwards of $200 labor per event. But that’s only the direct costs, there are indirect costs, too. When your computer is infected, chances are it’s by a trojan that has shared your activity, usernames and passwords with the author of the malware. Your email, Facebook, MySpace, and Google accounts are compromised. And chances are, your files have been accessed and possibly shared as well. This all adds up to a total invasion of your privacy, added liability and an increased risk of exploitation.

You’ve no doubt received an email from a close friend or family member that’s been “stranded in London” or needs an “immediate cash transfer” to avoid a default judgment? Perhaps you were called by “Microsoft” who has told you that you’ve got a virus, and all you need to do to let them fix it is visit a website and type in a code…and just days later discover thousands of dollars missing from your bank accounts or fraudulent credit card transactions. It happens…and far more often than you might think.

I post these update notifications regularly – at least one or two per month – and many of my clients look at the list of updates and are simply afraid to go below the top section, so most of the updates that apply to their system are never installed. They often don’t even know what software has been installed on their computers.

I want to fix that. And it’s going to be “easy”!

Don't worry, dude, Shawn's got your back.Now that broadband access is far more widely available in Tuolumne County (and much of the rest of the world, so don’t be shy if you’re not local), I’m expanding my online update services and lowering prices! For the low price of $40/month I will now perform all updates for any single personal computer throughout the month. Additional computers are only $15/month. If that’s not a sweet enough offer: If you do get a virus while a subscriber to this service, I’ll discount the monthly subscription cost from my virus removal services. You’ll still come out ahead – and more secure.

Interested? Call or email now.
209-565-1273
shawn@12pointdesign.com

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Driver Updates

If you’re using this hardware – these updates are for you.

BullZip PDF Printer 7.2.0.1338 adds support for both Microsoft.NET Framework 2.0 and 4.0, and several minor tweaks. This is not a security update.
http://www.bullzip.com/products/pdf/info.php#download

Internet Updates

One or more of these are likely to be of interest to everyone.

FileZilla 3.5.3 fixes several non-security bugs, and adds a keyboard shortcut for comparison options. This is not a security update.
http://filezilla-project.org/

Codec Updates

One or more of these are likely to be of interest to everyone.

Win7 Codec Package 3.3.8 updates included codecs. To install the update, you must uninstall and reinstall the application. This is not a security update.
http://shark007.net/win7codecs.html

Win x64 Codec Support 3.3.8 updates included codecs. This update applies only to 64-bit computers, and requires either the Win7 Codec Package or the Windows Vista Codec package. This is not a security update.
http://shark007.net/x64components.html

Media Updates

These are unlikely to be of interest to most people.

CDBurnerXP 4.4.0.2905 corrects several bugs and adds a command line option. This is a security update.
http://cdburnerxp.se/

Picasa 3.9.1.535 fixes various bugs. This should be treated as a security update. Use Help, Check for Updates, or download the updated installer from:
http://picasa.google.com/

Office Updates

One or more of these are likely to be of interest to most people.

Artweaver 3.0.2 fixes a couple minor bugs. This is not a security update.
http://www.artweaver.de/

Notepad++ 5.9.8 is a security update to the plugin loader and plugin manager. This is a security update.
http://notepad-plus-plus.org/

Utility Updates

These are unlikely to be of interest to most people.

RoboForm 7.6.9 fixes a Chrome integration bug. This is not a security update.
https://12pd.com/click?rfe

Goodsync 9.0.0.2 fixes a handful of non-security bugs. This is not a security update.
https://12pd.com/click?goodsync

Windows Image Writer 0.4 improves large drive support, and corrects a number of bugs. This is not a security update.
https://launchpad.net/win32-image-writer/

Intel SSD Toolbox 3.0.2 corrects several SMART, drive compression and hardware compatibility issues. This is not a security update.
http://www.intel.com/support/go/ssdtoolbox/index.htm

Web Package Updates

These are likely to be of interest only to web developers.

WordPress 3.3.1 is a security update to the 3.3 branch. If you’re using WP 3.3, you MUST update to this version. This version also includes more than a dozen other changes, including corrections to menu, encoding and multisite upload capacity determination. This is a security update. Use the WP updater, or download the current version here:
http://wordpress.org/

PHP 5.3.9 is a security update. This build corrects multiple issues including significant security issues. This is a security update.

BuddyPress 1.5.3.1 corrects several non-security bugs, including several server and theme compatibility changes. This is not a security update.
http://wordpress.org/extend/plugins/buddypress/

Dada Mail 4.9.1 adds Amazon SES support, and provides several templating bugfixes. This is not a security update.
http://dadamailproject.com/download/

Coppermine Gallery 1.5.18 is a security update. If you use Coppermine on your site, update immediately. This is a security update.
http://coppermine-gallery.net/

Email Log 0.5 corrects a deprecated function call. This is not a security update.
http://wordpress.org/extend/plugins/email-log/

Really Simple CAPTCHA 1.4 corrects a security bug in the recent 1.3 release (plain text answer file). This is a security update.
http://wordpress.org/extend/plugins/really-simple-captcha/

WPtouch 1.9.37 corrects several display issues and improves CSS for certain browsers. This is not a security update.
http://wordpress.org/extend/plugins/wptouch/

That’s all for now folks. Keep it clean out there.

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/