Friday, November 28, 2008

Beware nasty Mebroot trojan

Beware of malware called Sinowal (also as Mebroot) captures bank and similar data. A gang of Internet criminals have been using this and even morphing the malware to temporarily fool antivirus software.

Windows Secrets contributing editor Woody Leonhard likens Mebroot to "a parasitic operating system that runs inside Windows". [Disclaimer: I subscribe to the paid version of "Windows Secrets" newsletter. Prior to that subscribed for years to the paid version of Fred Langa's "LangaList" newsletter, which is now integrated into Brian Livingston's "Windows Secrets" newsletter. I highly recommend Windows Secrets anyone concerned about or interested in PCs.]

Leonhard says that his experience is that a lot of systems get infected with Mebroot (Sinowal) because the owners did not keep up with Adobe Reader, Adobe Flash, or Apple Quicktime security patches. You can manually check for such patches, set the apps to automatically check for updates, or (even better), install the free Secunia Personal Software Inspector (PSI) and scan for programs that need updating.

In October 2008 Brian Krebs, Washington Post, alerted readers to the "virtual heist" going on. Mebroot infects the Master Boot Record (MBR) of your PC and sends personal data to its "owners". Krebs says that the criminals have stolen over half a million credit and debit card account in the past few years.

While Symantec lists the malware's risk as low, if your data gets stolen, it won't be a little thing to you. Here are some actions Symantec and I recommend to reduce your risk of malware infections:

  • Use a firewall
  • Enforce complex passwords for all users of your computer
  • Use the lowest level access privileges.
  • Never use an Administrator-level login account as your normal one. Always login as a lower level account and then "Runas" or login as the Administrator level only as needed. Vista security is a big advance in making this type security easier. Yes, you get pop-ups to login as Administrator, but that's much better than manually running a "runas" command and you don't need to know the runas command line syntax.
  • Disable Auto-play
  • Turn off "File Sharing"
  • Turn off and remove unnecessary system services
  • Always keep your programs patched (You can use the free Secunia PSI to monitor patch status)
  • Don't open email attachments unless you were expecting them. Contact the sender separately (not by a "Reply") and see if they really did send you that email and attachment.
  • Turn off Bluetooth via Windows Control Panel if you are not using it.
  • If you really need to use Bluetooth, make sure every Bluetooth device's visibility is set to "Hidden".

Wednesday, November 26, 2008

Secunia PSI now in final form

Secunia Personal Software Inspector (PSI) is now officially out of beta and at version 1.0 (well, OK ... version 1.0.0.1). I have used versions prior to 1.0 and found them excellent. I'll be downloading, installing, and running PSI 1.0 today. I encourage you to do the same. This free software checks your programs for any updates.

While Microsoft Update (or the lesser Windows Update) does a great job, they naturally only deal with Microsoft products. Your computer has tons more programs, each of which may need a security patch, bug fix, or enhancement. Why check them all manually? Let PSI check for you. Try it; you'll like it.

To really stay on top of patches, I also use Driver Detective (not free, but very worth having).

Tuesday, November 11, 2008

Patch Adobe Reader, Acrobat!

If you use Adobe Reader 8.12 or earlier or Adobe Acrobat 8.12 or earlier, update them now! Adobe has released security updates to critical vulnerabilities.

Better yet, for Adobe Reader, upgrade to the version 9 -- it's free.

Both programs come configured to automatically check for updates, but some people turn that off. Leave the auto-check on -- protect yourself.