Security Fix Live

Network News

X Profile
View More Activity
Brian Krebs
Security Fix Blogger
Friday, June 19, 2009; 11:00 AM

Security Fix blogger Brian Krebs was online Friday, June 19, at 11 a.m. ET to answer your personal technology questions and offer ways to protect yourself from online security threats.

Brian, who considers himself a well-rounded geek, can also field queries about broader technical topics, such as mobile banking, online and location-based privacy, as well as social networking and tech policy issues.

____________________

Brian Krebs: Greetings, dear Security Fix readers, and welcome to Security Fix Live! Thanks for joining us, and for your questions and interest. Please remember to be as specific as possible in your queries, giving me as much information about your system and setup as possible, including the operating system version, your browser of choice, and any installed security software. With that, ONWARDS!

_______________________

Scranton, Pa.: If I receive an e-mail that I believe is "phishing" is there anywhere I can send it for further investigation?

Thank you,

Jim

Brian Krebs: Depends on what the scammers are after. For example, if it is phishing Paypal or eBay users, you can forward phishing emails to spoof@paypal.com. If the message spoofs a bank, you can usually just add the word "abuse" and then @financialinstitutionnamehere.com. Note that there is no guarantee anyone will read these messages, particularly those sent to abuse@ addresses, which typically get flooded with this type of crud.

If it's spoofing the IRS, you can forward to phishing@irs.gov.

The Federal Trade Commission also accepts spam (I think they still do this, anyway), at uce@ftc.gov. Pump and dump/stock spam you can forward to enforcement@sec.gov.

Also, groups like Phishtank love to get these. If you're really into helping the fight against phishing, go through their free registration, and then forward phishing emails to phish@phishtank.com. You can help others in the community determine whether an email or site is legit, too.

_______________________

Silver Spring, MD: Hello, I can run you tube under Firefox but when I try with IE I get "you need to install latest flash or javascript is missing". I installed the latest flash and checked settings in IE to allow javascripts. (I think I got them all) What else can I do? I need to have it under IE.

Brian Krebs: Flash is one of those plugins that is browser-specific and requires you to install it separately for different browsers. Which is what makes updating it a pain sometimes.

So to install the latest version of Flash for IE, you will need to visit the

Flash installation page

with IE, click "Agree and Install now," and then approve the ActiveX prompt that comes up next.

You can test whether you have Flash installed and which versio you have by visiting

this link

(again, you will need to do this with each browser you want to verify). The latest, most secure version of Flash is 10.0.22.87.

If you still have trouble, Adobe has a

Flash removal tool

that may be able to help you start over. If and when you use this removal tool, it's a good idea to reboot the system after removing the older version before trying to install the new ones. Good luck.

_______________________

Alexandria: I admit I haven't had a chance to look through previous chats to see if you've answered this. My own email address is now sending spam to myself. Is there a way to figure out how to stop this? I also seem to be sending spam to others so when I send a legit email, it's blocked.

Thanks.

Brian Krebs: I need more details. For example, what program do you use to send email? Is is Outlook or Thunderbird, or some application, or are we talking about Webmail, like Gmail or Yahoo or AOL?

It is not uncommon for spammers to spoof your email address so that it appears in the "from:" field of the spam message. Unfortunately, some mail servers are misconfigured so that they trust the information contained in the "from" field, instead of consulting the message headers, and will send a bounce notification back to you if they cannot deliver the message. This is called bounce-back spam. There is little or nothing you can do about this kind of spam other than delete it.

I also have written recently about a rash of people having their Webmail accounts hijacked and used to send spam to others. In many cases, the spammers also add some message in the "signature" field (below the body of the email), so that their spam message is sent out in every outgoing email. It's not clear how these accounts are being hijacked, but it's most likely because the victims fell for a phishing scam and gave away their email user name and password at a phishing Web site.

Fortunately for these latter folks, the fix for this is pretty easy. Change your password, and remove the signature.

See this post for a bit more detail on this latter scam. Hope this helps:

Spam from Hijacked Webmail Accounts

_______________________

Bristow, Va.: At first glance, Symantec wants to charge $80 for upgrading 360 Security version 2.0 to version 3.0, even if you are paying for automatic annual updates.

However, if you download and install the 3.0 trial, the key for 2.0 will work just fine. Why don't these companies make it easy for users who are gladly paying the annual maintenance to get the latest version?

P.S. The upgrade is worth it in the speed of and features included in 3.0.

Brian Krebs: No idea, but hopefully by sharing your experience more folks will be saved the time and frustration you experienced here. Thanks for sharing.

_______________________

Joe Werner Pleasant Hill, Calif.: John D. Rockefeller is having hearings right now concerning the criminal practices of Verture Inc. What can consumers do that have been fraudulently charged "recurring" charges without their knowledge or authorization. Also, why aren't the credit card companies blocking these fraudulent charges?

Brian Krebs: Because it's not in their business model to police transactions, and maybe they perceive that doing so would open them up to more liability? That's the only answer I can come up with.

I've seen the same thing happening with rogue anti-virus products. We published research earlier this year showing that a single rogue antivirus affiliate program was processing millions of dollars in credit card payments each month based on a intrusive, misleading and destructive programs that frightened consumers into buying worthless security software that gave many peopel a false sense of security. And yet, even after months and months of this activity (and no doubt tons of chargebacks) the credit card companies went on processing the payments.

See:

Massive Profits Fueling Rogue Antivirus Market

_______________________

NYC, N.Y.: Hi Brian, Your hard drive caddy worked like a charm. Thanks. Due to lack of disk space, I copied files on to CD's and deleted the files from the hard drive. I always purchase a HP computer. The copies were made on ME and now I have XP on what I call a new computer. The computer will not read some of the CD's. Do you have a solution?

Brian Krebs: Always glad to hear previous advice helped. Re: your CD reading issues in XP, are you using any third-party CD reading/writing program, such as Nero? Or have you tried any to see if they can read said CDs?

Also, have you you installed all of the available Windows updates? By all available, I mean have you also checked the "optional" updates at Windows Update to see if there is a fix for your CD player/hardware? To do this, visit Windows Update, let it scan your system for available updates, and then when it's done look on the left hand side of the Windows Update page, under the "Software, Optional," and "Hardware, Optional," for any updates that look like they're for your CD player.

If you find nothing useful/relevant there, you might visit the Windows Control Panel, then "System," then "Device Properties," and find out the make and model of your CD player, then visit the manufacturer's Web site to see if they have an update for your hardware's drivers.

Good luck.

_______________________

Chicago: Hi Brian, thanks for taking my question. My fiance is happily playing with his new iPhone right now, and the old iPhone (the most recent generation before the new one) is no longer the favorite. I just switched from Verizon to AT&T so we can be on a family plan, and I don't have a phone yet. I don't text or surf the web with my phone, so I don't see any need of paying for a data plan. Is there any way we can disable data on the old iPhone so I can use it just as a regular phone (and play existing games he already downloaded on there)?

Brian Krebs: Someone please correct me if I am wrong here, but I don't believe you can get an iPhone plan that doesn't include a data plan.

_______________________

McConnelsville, Ohio: Hello - I like your columns.

I'm an Apple fan - new MiniMac, Intel OS5.7. I don't want to mess with all the "tech stuff". What program do I get that's the best for handing all this "phish" and "trojans" and "evil stuff" that's scaring me?

I want to just load it and forget it!

Thanks, Dennis

Brian Krebs: Hi Ohio, thanks for the kind words. Glad you find them valuable.

Unfortunately, the software you describe does not exist. We are long past the time when users could simply install some program and call themselves safe. As I state in my

About this Blog

template:

--

Not long ago, the average Internet user could rely on antivirus software and a firewall to keep their computer relatively safe from online scourges like e-mail viruses.

Current threats, however, are being built to defeat those defenses, and require users to make constant decisions about whom and what to trust online.

According to many security experts, computer users who fail to learn how to stay safe online will eventually cede control over their computers to unscrupulous and annoying marketers -- or worse yet -- identity thieves. Securing your computer can be confusing at first glance, but taking steps to remain informed about the latest online threats is good first step to protecting yourself.

--

There is no set-it-and-forget-it software to protect you from today's threats, most of which are designed to trick users into doing something ill-advised or dangerous, such as installing software or just plain giving away their information to cyber thieves.

For better or worse, remaining safe from cyber threats takes using your head and applying some street smarts:

If it looks/sounds too good to be true, it almost certainly is (this includes pirated software, especially).

If you didn't go looking for it, don't install it.

If you didn't request it, or don't know what it is, don't download it.

If you install a program, make sure you keep it up to date with the latest security patches (this includes things like Quicktime, Adobe Reader, Flash, etc). Don't put off installing operating system updates.

_______________________

Sheridan, Ore.: What is the best, affordable security system for your home computer? Is it only safe to open emails from people you know or are the emails coming from "known companies" safe? I have a PC and it is always going down due to viruses, trojan horses, etc. If you use a back up system like, Carbonite, etc. do they just copy the viruses etc. along with your data?

Brian Krebs: The best defense against viruses and trojans and the like is one I recommend in every chat, and that is to set up/use Windows with an account that has fewer privileges than the default account.

Windows XP and earlier operating systems shipped to consumers so that by default the accounts given to the user are all administrator accounts, meaning they can make any and all changes on the system -- including removing, modifying, destroying, etc. any and all files, directories, etc. on the system. The upshot of this is that if you as administrator run into a Web site that tries to sneakily install malware -- via a browser flaw or some other means -- it will usually succeed and do so without your knowledge if you are browsing the web as administrator.

Microsoft attempted to fix this massive security hole in Windows with "user account control," by changing the default behavior of Windows in Vista, so that users are prompted each time some component wants to make system-level changes to the operating system or install programs.

If you're running Windows XP, consider adopting either the

limited user approach

, or something like

drop my rights

. Using either one of these approaches is vital on shared systems where you are not the only one using the PC.

To answer your question about backups, of course: if your system is infected, and you back it up in the infected state, those backups also will be infected. That is why I recommend that Windows users invest in backup software *before* things go South. What I do and recommend others do is to set up your system exactly the way you want it, with all of the third party programs, patches, etc. installed, and then use a program like Acronis True Image (no, it's not free but it's worth every penny) to make a full disk image. This is basically a snapshot of the system -- an exact copy. Also, set Windows up so that your "My documents" folder (if that is where you store your important documents) points to another folder on that external drive. That way, if things go horribly wrong with your system, you can simply use the True Image program or whatever backup system you use to restore that known, good image, and your data will remain intact on the secondard drive.

Most of these backup programs allow and encourage you to also periodically and/or automatically create incremental backups of the main (C:\) drive that Windows is installed on, which is a good idea.

_______________________

Madison, WI: Another option for the NYC person with CDs that can't be read is to try to use the original CD burner drive the CDs were made on, if the drive is still available. If it is, try installing it in the new computer and see if it reads the CDs.

CDs originally made with data/CRC errors due to a bad burner or bad media may not be readable on any drive, unfortunately.

Brian Krebs: Ah, good idea, Madison, thank you. For some reason I was stuck on the idea that the reader had simply upgrade the existing hardware from ME to XP, but now that I re-read the question it looks like that was a faulty assumption.

NY, Madison's suggestion is a good one if you can find no additional drivers/updates from Windows Update that are specific to your CD drive.

_______________________

Wintersville: Brian, re CD reading issues could it be that some of these disks were burned and not finalized? That also can cause reading problems on other drives. If so he might try using the same software that the disk was created with to finalize it -- if that is even possible now.

Brian Krebs: More advice for the person from NY who has the unreadable CDs problem.

_______________________

Atlanta, Ga.: My old Dell is running slower and slower. Can I remove some of the older files downloaded in Microsoft security patches?

Brian Krebs: That is not the answer. Bad, bad, bad idea all around.

The only way I'd recommend removing patches is if you were to decide to wholesale backup all your data and re-install the operating system.

Anyhow, that's probably the best/most comprehensive (if most laborious) answer for an older machine that is exhibiting slowness. You will simultaneously improve the performance of the system and -- assuming you do a full wipe and reinstall (including a reisntall of all available updates -- Service Pack 3 for XP for example, + any patches released after that) that should destroy any malware on the system.

It is not uncommon even for Windows systems that have no malware to speak of become slower over time simply because of a cluttered registry and the detritus of program components left behind. But trying to improve system performance by removing older security patches is a bad idea, and one that will likely backfire.

_______________________

Rustburg, VA: Complaints sent to UCE@FTC.GOV are generally erased if the header information on the e-mail is not included with the complaint. Many years ago I sent hundreds of e-mails to this address with headers, and reverse tracing information so that the FTC could act on these requests. The more info you send them the easier it is to get a court order to shut a company down. Without the headers, the complaint is erased.

Brian Krebs: Good to know, thanks, Rustburg. Mind firing me off an email, at brian dot krebs at washingtonpost dot com? You asked another question that I wanted to respond to personally. Thanks.

_______________________

Nashville, TN: My Adobe Reader was too old to open a PDF doc recently (Windows XP) so I went to the Adobe site for an upgrade. I was struck by the size of the update file and remembered that someone (you perhaps?) had mentioned a different PDF reader. I searched for and downloaded Foxit, which works fine. Now my question is: why is one reader 10 times the size of another, and are there security issues involved? Is the large one simply bloatware, or is it more (or less) secure?

Brian Krebs: Ugh. This issue is one that is near and dear to my heart and pet-peeve button. IMHO, Adobe Reader is one of the biggest pieces of bloatware out there. Yes, it is free, but when you compare how quickly Adobe Reader a) starts up and b) loads a PDF document, to how how swiftly that same document loads under a third-party reader like Foxit, the results are staggering.

Adobe recently seems to improved the rendering time somewhat, and lessened the amount of system resources its program consumes, but this is my unscientific observation only. I still recommend people use Foxit over Adobe any day of the week.

_______________________

Rockville, MD: Other than putting a block on plaxo is there any way to keep from being contacted? I want nothing to do with this site and I am being contacted by people I don't know to be added to their list.

Brian Krebs: You might consider creating a custom e-mail filter for anything coming from Plaxo.com or wherever those invite emails come from. Unfortunately, there isn't a lot you can do about e-mail from these services that you have not signed up for but your friends and acquaintances have.

Somewhere along the way, it became acceptable for companies like this to ask for your username and password to various services so that they can check to see which of your contacts are already signed up for their service and hook you guys up. The problem of course, is that if you read the fine print, these services tell you that by providing your credentials you agree to allow them to spam all of your friends and contacts to get them to sign up. I'm constantly amazed at how many people don't think twice about giving this information away.

_______________________

Emerald Isle, NC 28594: I have last year's iPhone 3G. I love its many features but its battery runs out so fast I almost never have an effective phone when I need one unless I can recharge several times a day. I keep it on snooze all the time and the battery still want last through the day.

Brian Krebs: I kind of had that problem with my 3G iphone, and took it back for a replacement because it was still under warranty. In retrospect, I think maybe one of the things that contributed to the killing of the battery was that I often listened to streaming Internet music using the iPhone's 3g data/wireless connection while having the thing plugged in to a charger. That's probably a no-no in the manual somewhere.

At any rate, I recently purchased a Mophie Juice Pack which has saved my bacon a few times. For about $75, it doubles the life of your iPhone (it also adds some width and weight to the thing, but it's a tradeoff I find worth it in some cases).

_______________________

Denver, Colo: Dear Brian, We are a three laptop family and all travel a lot. We are wondering about one external drive and software that can backup all three of our computers. We each have about 40 gb's on our computers. Is anything like this available? Also, I had a computer repair guy tell me he sells a Toshiba external drive for $11,5 350 gb, that comes with really great software that backs things up constantly...does that sound like a good price?

Brian Krebs: Without much more information about the backup software, I can't really give you a good answer, except to say that there is a lot of backup software out there, but much of it isn't worth a penny. To the contrary, it can cost you a LOT more than what you paid for it if you rely on it to save you from a PC disaster and it fails to help out when the going gets tough.

$115 seems a bit pricey for a 350gb external drive these days. If you go on Newegg, you can find reliable 1 TB (nearly 3x the size of the drive you're asking about) for less. In fact,

here's one

that got pretty good reviews, for $74.99 after a $20 mail-in rebate.

Newegg rocks. I've given them thousands of dollars of repeat business, and have nothing but positive experiences with them and the few times returning things I've been unhappy with. Toss in a copy of Acronis True Image for $33 and you're all set for a very good backup system.

_______________________

Rockville, MD: Brian, what does malware bytes anti-malware do that super anti spyware doesn't? Also, for spyware protetion, I believe you recommend to run only one program - so super anti spyware or spybot search & destroy. This is for a new HP system I'm setting up for home use (pictures, video, e-mail, light word processing, etc).

Also, what are your thoughts on using open office instead of paying for microsoft?

Thanks,

Brian Krebs: Both of those programs are anti-spyware programs on steroids, in that they will sometimes also will flag and remove more nefarious threats, such as those often classified as worms and viruses. It's difficult to say what one does that the other doesn't, just that I've found in recommending both that it usually kills whatever is ailing users' systems, or at least gets rid of the worst nasties enough so that the user can then regain control of their system needed to evict the rest of the unwanted guests.

If I had to choose between Spybot S&D and Super Antispyware, I'd go with the latter.

I really like the idea of people using OpenOffice.org in place of Microsoft Office. First off, MS Office is expensive. It's also the source of a huge number of security flaws. Not saying OO doesn't have security flaws that need patching from time to time, but it's somehow an easier pill to swallow when you don't also have to pay for the package you're updating.

I would say take the time to get to know OpenOffice.org, play with it a while, and decide whether you really need MS Office.

_______________________

Re: My old Dell is running slower and slower: Make sure that the hard drive has at least 20% free space. Also, defragment the drive. Those two things made a big difference in maybe 80% of the systems I've looked at. Also, run the Microsoft Safety Scanner. This is free "one stop shopping" for a computer tune-up. It will do a virus scan, a registry clean-up scan, and other useful checks.

Brian Krebs: More advice for the guy with the slow computer.

_______________________

don't believe you can get an iPhone plan that doesn't include a data plan.: I believe that's correct.

Brian Krebs: Pshew! Good to know. Tx

_______________________

Harrisburg, PA: I just upgraded to a Samsung Omnia smartphone with all the bells and whistles, but also Windows Mobile 6.1. As a Mac person, do I have to worry about any viruses on my phone?

Brian Krebs: I am not aware of any real malware threats that should be a cause for concern for mobile users yet, Windows Mobile based or otherwise.

_______________________

Alexandria, VA: My brother recently got something called the nine-ball trojan on his machine despite having both AVG and Spybot S&D up-to-date. Googling turns up nada for removing it, just reports of it being a relatively new thing. Any clue about anything he can do short of reinstalling Windows? Our efforts have failed so far.

Brian Krebs: Nine-ball I believe refers to the malware left behind on some 40,000 Web sites that were recently hacked and seeded with exploit code. Those hacked sites generally try a kitchen sink worth of browser exploits to drop malware on your machine when you visit one of these sites. If your brother's system got infected with Nine-ball, chances are very good that he visited one of these hacked sites and was not keeping third-party software (Adobe Flash/Reader/Quicktime, etc.) up to date with the latest patches, and/or he was behind on Windows updates.

You might send him over to the

ESET/NOD32 free online scanner

to see if that can find and remove the infection.

_______________________

Fairmont, WV: I had the same problem NYC is having. Isobuster worked for me in most cases.

Brian Krebs: Oh man, I'd forgotten about that program. Thanks, Fairmont!

_______________________

Harrisburg, PA: My home computer (which I do not have access to at this time) is a Dell desktop with Microsoft XP installed. Recently, every time a close out Internet Explorer myself (or an IE window), I get an error message that says that Windows has shut down unexpectedly, and would I like to report this error. Now, this doesn't affect me getting back onto the net, but it is annoying. Any suggestions?

Brian Krebs: I would say there is probably something seriously wrong with your system if you receive this message all the time.

That said, if you just want to remove the symptom (i.e., the annoying messages), you can simply turn off error reporting in Windows. Go to Control Panel, System, then under Startup and Recovery, click the "Error Reporting" tab. From there, if you uncheck the checked boxes, that should prevent the error from reappearing (you may need to reboot for these changed settings to take effect).

_______________________

Antwerpen, Belgium: Hi Brian, thanks for your time. I got Windows XP home SP3, 2gig RAM. Clean & well maintained PC. A few times a day on my taskbar i see the icon that a usb hardware is plugged in when actually none is. I click on icon to remove but keeps coming back. Any ideas? Have nice weekend

Brian Krebs: Hrm. I seem to recall having this problem on a machine I built a while back. If I remember correctly, the problem was with the USB slots in the front of the system, and removing and then reattaching (replacing?) the cable connecting those to the motherboard fixed the problem somehow. Obviously, you never want to monkey with these things while the system is on or otherwise connected to external power sources.

Other than that, I assume you have checked Device Manager from the ControlPanel/System settings to see if all of the correct hardware drivers are installed?

Are you by chance using any kind of USB hub? Anyone else have ideas?

_______________________

Floyd, Va.: I download from youtube the MIT and Yale classroom videos... and I save them on my hard drive.

Is the level of confidence that such files will not contain virus code pretty high? Should I save those files, instead, to an external hard drive?

Brian Krebs: Good for you. I've been meaning to do the same for some of those myself. Thanks for the reminder.

At some point, you have to decide whether you trust a site to deliver safe downloads. At a very mininum, you should make it a habit of scanning files you download, if your AV product doesn't do it automatically for you. But beyond that, just watch out for any video files you download that then ask you to install or download some "codec" or driver in order to view the movie. Run, don't walk, away from those types of media files: They are almost always bad news.

_______________________

Los Angeles: this senior needs your advise on dotnetfx35.exe which was added to download when I used your link to fix .net Microsoft added to Firefox. do I need? only use computer w/vista to e-mail, read newspapers and searches. thank you

Brian Krebs: As I wrote in a follow-up post, Microsoft published a fix that allows users to uninstall this unauthorized Firefox add-on.

Microsoft's Fix for the Firefox Add-on Snafu

_______________________

Harrisburg, Pa: Error message poster: Thanks for the quick reply. Two things to add (if it means anything):

1) I meant to say the error message says that "Explorer" has shut down unexpectedly, not Windows.

2) I am current on all Microsoft updates (SP3, IE8, etc.) and run my computer on a limited user profile (as per your suggestion)

Brian Krebs: I'd say there is some Windows system file (maybe even the Explorer.exe Windows shell) that is corrupted, and Windows is shutting down and restarting Explorer to overwrite the corrupted file with a known good copy. It may be malware related, or it may not. Hard to know without more information.

More information may be available in the Windows Error logs.

Go to Start, Control Panel, Administrative Tools, then Event Viewer. Error logs under application viewer and security settings may reveal more information (you want to look at alerts with red exclamations! indicating an error or program crash/malfunction.

_______________________

Bowie, Md.: I have Norton 360 3.0. But I am having problems with its backup function. I am wondering if I would be better off using Verizon's package of security offerings, or the package included with Windows. Or, going with AVG etc.

Brian Krebs: Have you tried getting answers to your questions or advice about what maybe you can do to get it to work before abandoning the product? Norton360 does have what looks to be a fairly active user community here.

_______________________

Brian Krebs: I know there were several more questions in the queue, but I simply am out of time for today. Thanks to all who dropped by to chat or just to read, and thanks for the great questions. We'll host another Security Fix Live in a couple of weeks. Until then, please consider making the Security Fix Blog a regular stop on your daily Web browsing route. Thanks again, and be safe out there!

_______________________

Editor's Note: washingtonpost.com moderators retain editorial control over Discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions. washingtonpost.com is not responsible for any content posted by third parties.


© 2009 The Washington Post Company

Network News

X My Profile
View More Activity