From Security Standpoint, You May Want To Forget a Windows 10 Upgrade

From Security Standpoint, You May Want To Forget a Windows 10 Upgrade

Hello all, Blogmaster here – who also has run a Community Free help site for malware removal and information etc since around 2005. Here and there, more and more seeing many writings about the new Windows 10 from a security standpoint – well for me it is forget it. I will probably never buy one and certainly will not upgrade. I would rather switch to Linux forever than go through what they have going on now.

There is a circumvention of security with a more or less full blown allowance to third party ad network type activities. A lot like downloading software with adware and spyware bundled secretly inside and installs. It is a thumbing of the nose at the public for dollar$ gained through this type of harvesting. When this began around 2001-2002 and 2003, all laws and softwares were created to make it illegal as well as block and detect and remove it from any PC. This is when and where adware and spyware were discovered.

One hand washes or shakes the other on the internet as far as trying to get money to pay bills through ads etc. Most of the innocent are actually welcomed across the board – an ad here there – but sometimes irritating. Depends if you are surfing or studying. The infection by adware creates the continual intermittent pop up annoying ads and can as well be leaking personal information to third parties. This is how legally antispyware companies were legally allowed to create antispyware and as well, publicly declare these as adware infections without libel suit.

So the whole point here is basically that with Windows 10 – the world wide web is returning to those days of allowance and naivete to those days immediately preceding the spyware category of threats being discovered. (I have noticed some security products do not block browser leaks as much as you would think.) They’re sticking it to the newbies again, in a reverse manner of trying to help with UAC being released in Vista forward and much else to make security as automatic as possible for novices (newbies). If you were around for those “XP Years” when this was the day, you’ll see and get this feel all over again in reading this great blogpost below describing security and Windows 10. (Emsisoft Antimalware is all I have recommended as top product for several years now – which indeed blocks any attempt of a browser leak with user choices as you can plainly see in a free trial).

Of course for veteran users who tweak security settings across the board in Windows – there is going to be a lot to turn off and block anywhere possible which may be the cure. Some services will obviously be forget it -don’t use it, just use Windows as it was still 7 or 8. But read this blog for sure, if new or experienced user, and get a good eye full of what Windows 10 is doing to computing security. I won’t doubt there may even be lawsuits for data breach causing ID Theft long the near future.

The truth about Windows 10 spying on almost everything you do
http://blog.emsisoft.com/2015/09/02/the-truth-about-windows-10-spying-on-almost-everything-you-do/
In Security Knowledge
by Carla September 2, 2015 |

You have probably heard the news by now: Microsoft has updated a controversial service agreement that lays out in scary detail how your personal data is being used and abused – at least, that’s what the major tech blogs are saying. But the reality is, even if you read the 12,000 word service agreement, it’s still confusing and vague at best. ….

…..”Cortana is your voice-activated personal assistant, much like Siri and Google Now. But in order for her to operate, Windows 10 collects your personal information to better serve you. This includes calendar events, contact information, alarm settings, what you view and purchase, your browsing history, emails and text messages… “and more”.” …..

….. “OneDrive is Microsoft’s cloud storage system, and it comes with the Windows 10 territory. You might think it’s great because there is no additional sign up or installment required and you can access it from any of your Microsoft devices. But this new convenience comes with a price.
Every time you are signed into your machine with your Microsoft account, your operating system immediately syncs your settings and other data to company’s servers. This includes browser behavior and history, as well as mobile hotspot and Wi-Fi network passwords.” …..

READ IN FULL:
http://blog.emsisoft.com/2015/09/02/the-truth-about-windows-10-spying-on-almost-everything-you-do/

REMEDY / FIX …..

O&O ShutUp10
Free antispy tool for Windows 10
O&O ShutUp10 means you have full control over which comfort functions under Windows 10 you wish to use, and you decide when the passing on of your data goes too far.
Using a very simple interface, you decide how Windows 10 should respect your privacy by deciding which unwanted functions should be deactivated.
O&O ShutUp10 is entirely free and does not have to be installed – it can be simply run directly and immediately on your PC. And it will not install or download retrospectively unwanted or unnecessary software, like so many other programs do these days!

IN FULL AND DOWNLOAD LINK…..
HAS BEEN RECOMMENDED HERE:
http://blog.emsisoft.com/2015/09/02/the-truth-about-windows-10-spying-on-almost-everything-you-do/
https://bluecollarpcwebs.wordpress.com/2015/09/09/from-security-standpoint-you-may-want-to-forget-a-windows-10-upgrade/

O&O ShutUp10
The telemetry components of Windows 10 and the way they affect the user’s privacy is a controversial topic ever since the release of the most recent iteration of Microsoft’s operating system. While many options can be tampered with during setup, there are applications out there specifically tailored to allow the manual tweaking of Windows 10’s security settings. One of them is O&O ShutUp10.
Various range of tweaks for Windows 10
Requiring no installation, O&O ShutUp10 provides users with a simple means of customizing the privacy options in Windows 10 and thus decide which data collection options will stay enabled and which should be blocked.
http://www.softpedia.com/get/Tweak/System-Tweak/O-O-ShutUp10.shtml


SENDER: gerald309 —
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005
MOBILES: http://pdamobilecafe.wordpress.com/
Alerts: pdamobilecafemobilealertlist-subscribe@yahoogroups.com
RSS: https://groups.google.com/forum/feed/pdamobilecafe-mobilealerts/msgs/rss.xml?num=15

Advertisements

Welcome all, archived blog installed

Welcome all, archived blog installed….. We have imported our archived blog posts from our original BlueCollarPC @ WordPress security blog. This is located at https://bluecollarpcwebs.wordpress.com/

We will keep the free version and continue to post to it, as has been linked for years. I am the original webmaster of the BlueCollarPC .Net and .Org and lastly .US . The BlueCollarPC .Net originally began about year 2005 as a help and information site dealing with spyware as main course. There were many video help tutorials for download in several formats. This became a huge site trafficking about 2,700 to 3,000 Visitors monthly, and tolled in at just over 6 million by 2009. Those kinds of numbers are usually seen at small business sites, but I had just a simple personal website !

Being able to help that many people who found our site as a primary or a main additional site for help and instruction in PC security and malware removal outweighed any personal pride or egotism in hits counters. That is what it was launched for, genuine informed help – not a personality contest. It was humbling to see those kinds of numbers though.

Push come to shove, our site was attacked and there were several behind the scenes personal attacks against myself and equipment – attempts at destroying computers and mobile computer. These attacks were sophisticated dreaded botnet payload attacks and another as attempting circumventing Vista technology and destruction. So, my site theme being “BlueCollarPC” as a spyware removal  site originally, now was upgraded to a full blown malware removal help and instruction site – all malware with heavy concentration into botnet detection and removal and restoration of damaged systems and I graduated through this all into Amateur Forensics (Computer Forensics). What did not kill us makes us stronger, and so it goes. All but the BlueCollarPC .US were closed with this new full malware removal site including information and help against all malware now as viruses, worms, trojans, rootkits, adware, spyware, botnets and bootkits. etc etc etc.

At the end of the decade (2000 to 2010) and into the new one, things seemed to be a ghost town at many help destinations as groups, forums, and lists, others. It seemed the whole “XP Generation” of  the “XP Years” (Windows XP) had graduated and learned it all or enough to carry them through. Of course I invested into a Vista PC which was the actual crown jewel of the decade in security software – unprecedented as an operating system itself being the best security software available. To this day Windows Users are unaware that viruses could not run on Vista and neither the dreaded rootkit malware. UAC User Account Control was just one of these new security technologies in Vista. First hand, no lie, two or three times I saw a virus execute to install on my Vista (drive by hit – bad website, tried to install scareware fake antivirus programs). Sure enough and word for word from Microsoft – “viruses are not able to write to the disk in Vista”. They the payloads were in Temporary Internet Files. All I had to do was close the browser with the settings I had clicked to “Delete All Temporary Internet Files” etc. I also use and ran CCleaner offering a little more clean up. That was it. The virus was gone ! I then scanned with high quality antimalware to prove it. Zero infection. The point  was, or joke, you did not even need antivirus with Vista – like “you’re kidding, you actually purchased antivirus for Vista ? What for ? ” Seeing is believing.

Windows 7 was the first time in history an operating system (Windows, Linux, Apple/Mac etc) was actually downgraded security wise. Users screamed about UAC. The security world kind of went with – what idiots, sorry to say. This did not make sense. It did not make sense worst, that Microsoft themselves accomadated them. LOL. You get what you pay for. They seemed to love no intrusion whatsoever on having a good time on the Net – utterly regardless of the dangers. It was like handing drunk teenagers the keys to the sports car. We all know how that ended. Many never made it home.

Enter Windows 8 with the new anti-rootkit / anti-bootkit technologies – the ‘secure boot’ Windows 8. Windows 8 is a gigantic leap forward from XP as blocking rootkits/bootkits from running before antimalware programs are able to boot to begin detecting malware attempting to run in the session. With XP, we all know if a rootkit was suspected it meant reinstalling Windows as the ONLY cure. The trouble was most anti-rootkit softwares were crap at detecting them and even worst at attempting to remove them. Enter Windows 8 new security technologies. THOSE DAYS are over with forever. Just before Windows 8 hit the streets there was hint at they could crack this. But as well there is new anti-malware softwares that can “cold boot” to detect this. Somewhat as being able to scan the system without even starting the computer and as it does start up. Bye bye, covered anyway.

Well back to re-launching BlueCollarPC.US – now in the WordPress format rather than the traditional website. Kind of all in one – blog and content, links. Spread the word – “We are back !” (StarTrekkies – Romulans and Enterprise Captain Picard in the Neutral Zone Confontation over Borg encroachments).

From our alternate back up website at https://sites.google.com/site/pcsecurityhelper/

Welcome to the BlueCollarPC Security Helper!
SPECIAL NOTE: Our Main Domain BlueCollarPC.US is being closed June 2012.
For the record….. I began the BlueCollarPC Computing Security Community Website in 2005 at the original .Net website. I believe at that time, the .Com website was actually a PC Repair Shop which I was not connected with. Towards the end of 2009, the BlueCollarPC .Net created by me had enjoyed just over 6 Million Vistors/Users! – are proud to have been a part of it all and indeed actually had “discovery” in the security industry concerning the malware RASautodial registry entries discovered by Yours Truly. Never be afraid to ‘take a look under the hood’ of your PC ! You never know what you’ll find.

Unbelievable! – Windows 8 Boot Security Cracked already before released (Bootkit malware)

Unbelievable! – Windows 8 Boot Security Cracked already before released (Bootkit malware)

Windows 8 Boot Security Cracked
CRN
By Antone Gonsalves, CRN
An Austrian security analyst has built the first known bootkit that bypasses Windows 8’s defenses against installing malware while the operating system is booting.
Peter Kleissner, an independent programmer and recognized …
http://www.crn.com/news/security/231903295/windows-8-boot-security-cracked.htm;jsessionid=NZjzL4QedChUWf+VUz6Tyg**.ecappj02
( HATE TO BE I TOLD YOU SO BUT THE BLUECOLLARPC.US PREDICTED THIS THAT WINDOWS 8 BOOT UP SECURITY FEATURE WILL BE CRACKED AS FAST AS IT HITS THE STREETS….. LOOKS LIKE WE WERE A LITTLE OFF – IT HAS BEEN CRACKED EVEN BEFORE IT HIT THE STREETS ! ! ! …..LOL ) 

We can expect Windows 8 to be launched sometime in mid-late 2012, however, it’s too early to predict the Windows 8 release date, since it is still under development. Nevertheless, the only question that haunts each and every one of us – Will Windows 8 win the battle against Apple which it had lost several years back? SOURCE http://www.thetechlabs.com/tech-news/windows-8-features/

Bootkits
http://en.wikipedia.org/wiki/Bootkit#bootkit
A kernel-mode rootkit variant called a bootkit is used predominantly to attack full disk encryption systems, for example as in the “Evil Maid Attack”, in which a bootkit replaces the legitimate boot loader with one controlled by an attacker; typically the malware loader persists through the transition to protected mode when the kernel has loaded.[35][36][37][38] For example, the “Stoned Bootkit” subverts the system by using a compromised boot loader to intercept encryption keys and passwords.[39] More recently, the Alureon rootkit has successfully subverted the requirement for 64-bit kernel-mode driver signing in Windows 7 by modifying the master boot record.[40]

The only known defenses against bootkit attacks are the prevention of unauthorized physical access to the system—a problem for portable computers—or the use of a Trusted Platform Module configured to protect the boot path.[41]
HISTORY TO DATE…..
Windows 8 Spells Trouble for Linux, Hackintosh Users and Malware Victims
http://tech.groups.yahoo.com/group/LinuxDucks/messages/523
Windows 8 won’t dual-boot Linux?
http://tech.groups.yahoo.com/group/LinuxDucks/message/539
Microsoft, Red Hat Spar Over Secure Boot-loading Tech
http://tech.groups.yahoo.com/group/LinuxDucks/message/541
Windows 8 Dual Boot Possible If ‘Secure Boot’ Disabled
http://tech.groups.yahoo.com/group/LinuxDucks/message/544
How to change the boot order of a dual-boot Linux PC
http://tech.groups.yahoo.com/group/LinuxDucks/message/550
Linux Licensing in Conflict with Secure Boot Support
http://tech.groups.yahoo.com/group/LinuxDucks/message/565
FSF warns of Windows 8 Secure Boot (Sign Petition)
http://tech.groups.yahoo.com/group/LinuxDucks/message/626
Linux Foundation, Canonical and Red Hat Weigh In On Secure Boot
http://tech.groups.yahoo.com/group/LinuxDucks/message/650
The right to dual-boot: Linux groups plead case prior to Windows 8
http://tech.groups.yahoo.com/group/LinuxDucks/message/662
Linux Foundation: Secure Boot Need Not Be a Problem
http://tech.groups.yahoo.com/group/LinuxDucks/message/671
Linux Community Offers Secure Boot Ideas
http://tech.groups.yahoo.com/group/LinuxDucks/message/672
Leading PC makers confirm: no Windows 8 plot to lock out Linux
http://tech.groups.yahoo.com/group/LinuxDucks/message/673
Linux Advocates protest ‘Designed for Windows 8’ secure boot policy
http://tech.groups.yahoo.com/group/LinuxDucks/message/679
Linux Community Counters Microsoft’s Windows 8 Secure Boot Mandate
http://tech.groups.yahoo.com/group/LinuxDucks/message/696

SENDER:
Webmaster/malware removal help
Membership/Join List:
Free Malware Removal Help / A Community Website Since 2005

Microsoft Security Essentials (free antimalware program from Microsoft) Testings

Microsoft Security Essentials Struggles in New Antivirus Tests
PCWorld
In Q1 2011 Security Essentials 2.0 (MSE) performed well at the least demanding test,
that of spotting malware drawn from the industry-agreed Wildlist selection, scoring 100 percent. It also put in a good performance …
http://www.pcworld.com/article/227187/microsoft_security_essentials_struggles_in_new_antivirus_tests.html

“….In Q1 2011 Security Essentials 2.0 (MSE) performed well at the least demanding test, that of spotting malware drawn from the industry-agreed Wildlist selection, scoring 100 percent. It also put in a good performance against a large group of recent malware samples selected by AV-Test itself, with a creditable score of 97 percent detection.
 
However, the product’s performance deteriorated sharply when pitted against 107 recent zero-day malware web and email malware attacks, described by AV-Test as ‘real-world’ testing’, spotting only half. The product’s performance in ‘dynamic detection testing’ – noticing malware on or post-execution – was also modest at only 45 percent. …..”
FULL STORY;
http://www.pcworld.com/article/227187/microsoft_security_essentials_struggles_in_new_antivirus_tests.html
 
[NOTES….. I promote Microsoft Essentials as a quality product in the free stuff line. That is because they have won the VB100 Award (perfect scores all) and are West Coast Labs Certified. When considering non-quality products that have not achieved any certifications or these independent world lab awards (totally respected worldwide) – then you realize their detection rate is generally down around 55 to 85 percent detections. Anything a good deal above a 90 percent detection rate is considered a quality product and has achieved certifications either presently or in past days and ongoing – which certifications and awards are actually 100 percent scores. The idea goes, once a product has achieved these awards – they will continue in the excellence of the product ongoing – with that goal for the next sheduled or unsheduled test on them.
 
From the security stand point either from industry or community, the hardest thing is to get many users to even install and then use antivirus and antispyware programs. Those demanding state of the art protection know too well that 99 percent detection is just not cutting it. So on the one hand, Microsoft Essentials need continually be “promoted” as many users will refuse to pay for a product and others may try an antimalware program for the first time if it is free. Microsoft Essentials (formerly Windows OneCare shareware) has proven its colors twice, in the least, with perfect scores at VB100 and West Coast Labs. There is NO way to call it a crap program all of a sudden.
 
I believe this article reflects that it is Recession Times and there may have been some cutbacks temporarily (and since it is a free program) or in the over all picture that Microsoft is dragging heels here. The bottom line is you get what you pay for and that reflects on any irresponsible computer operator (user). I have never fathomed why someone will spend up to 2 or 3 thousand dollars on a desktop or laptop and then suddenly totally reject a simple 40 to 50 dollars a year to protect it. If “working” as a free helper in tech-help or malware removal help type forums and groups – you see that all too often.
 
The reason for my comments are that many, many – too many – users are not aware of the cyber criminal underground sharks out there that are going to talk many newbies into dumping Microsoft Essentials or any other quality free program such as Comodo (which has indeed just won the prestigious VB100 Award and is free) with some bullcrap line as “it is a piece of crap taking up valuable resources – I would dump it”. You also see that too many times in the community help areas. Nightmarish ! They actually go for it ! ….sheesh.

Surprise: Comodo Internet Security Earns the Prestigious VB100 Virus Certification

Comodo Internet Security Earns the Prestigious VB100 Virus Certification
HostReview.com (press release)
Jersey City, NJ, April 14, 2011
To earn the VB100 award a product must have been tested by Virus Bulletin and in those tests it must have demonstrated, in its default mode, 100 percent detection of In the Wild test samples and no false positives in a selection of clean files. …
http://www.hostreview.com/news/110414-comodo-internet-security-earns-prestigious-vb100-virus-certification
 
[This is great news. They have been a free community product service for a couple years (free Comodo Antivirus, Firewall) and already had a high detection rate, though could have been higher. We applaud their obvious intensive work and in winning the VB 100 Award ! ]

Posted in BlueCollarPC WordPress Blog. Tags: , , , , . Comments Off on Surprise: Comodo Internet Security Earns the Prestigious VB100 Virus Certification

What is Identity Theft – identity stolen? How? Defenses ?

What is Identity Theft – identity stolen? How? Defenses ?

Two prong… the old fashioned way of “dumpster diving” for account information, sifting your trash for statements etc. The other half is through your computer, generally via spyware threats and some viruses such as a ‘password stealing virus’ – hacking accounts, account break in, impersonation, phishing email threats. Just think of your PC as a great big database and you need to protect it as it moves around the Net in communicating.

Install quality known high detection rated antivirus, antispyware (with Real Time Protection – only ! – free stuff does not do that), and a personal firewall. That is how to protect your computer system and files and communications from snoops. Pretty simple. There are some additional utilities and it is imperative now to finally upgrade to the latest version of Internet Explorer – versions 7, and latest 8, have the latest state of the art Microsoft anti-phishing technologies which block going to phishing sites that steal identities. Another to add is to check any accounts like the credit report scenario for new accounts being opened in your name and criminals maxxing out the account – the other half of stealing info, impersonation. That’s why they highly recommend monitoring all accounts and your name.

How on PC ? Spyware threats and certain crafted viruses as a “password stealing virus”. Spyware threats can add “keyloggers” which transmit everything you type and can add taking screenshots of anything you are looking at on the screen and is transmitted like when transacting, logging into accounts etc.

News … (scope) :
Identity theft costs a record $56.6 billion
http://www.identitytheftdaily.com/index.php/20090223506/Prevention/Identity-theft-costs-a-record-$56.6-billion.html
Identity Theft Daily – San Diego,CA,USA
Deloitte says that 51 percent of external attacks on financial institutions were
phishing followed by spyware at 48 percent. Recent laws in eight states let …MORE

Numbers are about even at 54 Billion a year in the USA – 3 years running ! – and went down to about 45 Billion last year, 2009. About 4 percent of Americans have become “un-people” (Orsin Wells book ? right author ?) as never being able to get credit ever again. These accounts/persons were not able to be fixed to satisfy or prove ID Theft etc. to repair their name and credit. It is a mess and highly scary. Keep diligence online to avoid infection (even with the best of quality security defense products) – dubbed “Safe Practices” (search). Try US CERT for some good help.

Here is a good link to become familiar with the actual threats (malware) that do this…..
Threats FAQs http://bluecollarpc.us/threatsfaq.php

Even more ways they do it are check washing and they have your blank check with signature. Banks, others, sell the anti-water washing checks that cost just a tad more. They even sell the special pens now that block that too, that deeply imprint writing that can’t be check washed. (Check washing is taken a check made out to anything and then put it in a special little tub of chemical that erases the hand written stuff only and then they fill it in again to some amount).

Another way even more are the “phisher emails” that are fake emails that look like any financial type communication but are actually fake and have some lead line like “your account needs to be updated, changed, new password reset, etc.” When you hit the link they provide to go to that (you’ve been phished) it generally leads to a data colecting site invisible to the eye. See Pharming too. Internet Explorer Version 7 and newest 8 both have the Microsoft anti-phishing technologies that block almost all of this to aid the community and is why it has always been mandatory to have the latest greatest version of any browser because the newest has the top tech available in browser security.

Always set all browsers to delete all “temporary internet files” every time you close it. These areas are hacked into by badware to retrieve info in. These show all the graphics of every where you go with the browser and also cookies so that they know what site you actually logged into. Java should be set to not store temporary internet files because it is the area trojans hack into to avoid detection. Various Java applications will reveal your browsing history as well. Access Java settings at Start / Control Panel / Java… and double click it or right click – open… click the “Do Not Store temporary files on computer”.

“Social Enginneering” means they hunt around social networking destinations and forums and boards for “chatty cathys” blabbering away about these sensitive personal things to figure out how to trick a User into clicking something to infect with the above mentioned crimewares and scenarios.
http://www.microsoft.com/protect/terms/socialengineering.aspx (Obviously Facebook is now the largest target with over 400 million users and is too, too public for this)

A plague right now has been the fake security products (scareware) which are actually the above infections doing the same but tricking into buying it from fake pop ups of “Your Computer is infefected with such and click here to buy this super duper malware removal to clean the infection” etc.

Keep Windows Updates on Automatic for all critical and important Updates issued every second Tuesday of the month dubbed “Patch Tuesday” and currents…..
http://www.networkworld.com/news/2010/060310-microsoft-plans-gigantic-patch-tuesday.html?source=nww_rss (Windows Updates is your computer “lifeline” for latest programming vernabilities Updates/Fixes – blocking enabling hackers and crimeware to snoop and take over the computer itself. As well, top optimization and “make overs”, Upgrades/Updates, Service Packs, additional driver updates, etc. are retrieved here and available for installation. Use the “Custom Scan” option for these.)
More …. (current threat)
http://www.us-cert.gov/current/index.html#adobe_releases_security_advisory_for2

Keep all software up to date fully patched and try popular recomended Secunia PSI (personal software inspector) from well known Secunia.com http://secunia.com/vulnerability_scanning/personal/ used by millions.

Just like Windows, all other outdated unpatched softwares can be hacked into by these crimewares – the new “soft target” for crimeware entry (crimeware – viruses and worms are illegal and spyware according to laws). PSI will scan fast all software and presents the links for the free updates issued by the software companies and makers – many times also posted at their product website. Many newer softwares have an Update button (not talking about buying Upgrades – but updates) and can be set to check for updates like daily, weekly monthly. This is how you know you have a higher quality software, and security attended, as opposed to some free do-dad thingy somewhere from off some download destination and become outdated and dangerous in this manner – spring clean ! Dump old outdated unattended softwares not used often or ever (forgotten installation) if you can live without it, as is an unattended potentially dangerous entry point. For instance, it may be a utility of software from way back in the decade and is completely dangerous as obsolete in current threats – the product coding security-wise was not even invented yet and is an easy target for break in and even take over the computer system eventually.

Happy and Safe Computing !
Webmaster, http://www.bluecollarpc.org/

SOURCES..
http://en.wikipedia.org/wiki/Rogue_security_software
http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://www.lavasoft.com/mylavasoft/rogues/latest
http://www.us-cert.gov/current/index.html#fbi_releases_warning_about_scareware

From our New Project ….
PC Security Helper
https://sites.google.com/site/pcsecurityhelper/
Posted by PC Security Helper Blog
http://pcsecurityhelper.blogspot.com/
Posted by BlueCollarPC.Org BlogCasts at 6/10/2010 4:22 AM
Categories: BlueCollarPC.Org Blog
Tags: riskware BlueCollarPC.Org Blog Windows Updates temporary internet files scareware stolen identity Security cyber crime crimeware ID Theft

AmatuerForensics-Mobile: USB stick MP3 Player (apparent cross infection)

AmatuerForensics-Mobile: USB stick MP3 Player (apparent cross infection – PC /Mobile PC)……

NOTE this threat installation had tell tale signs of perhaps even the first
Windows Mobile mobile botnet. It was successfully blocked from establishing connection and detected before ever causing any damages and safely removed.

Mobile Threat: FlashMates_(v1[1].0.4)_Setup.exe / which is identified as
Email-Worm.Win32.Apbost!IK [Ikarus antivirus = IK]

PDA Mobile Cafe’s Blog
Mobile PC and everything wireless – cell, pda, laptop
——————————————————————————–

USB stick MP3 Player labled Nextar (apparent cross infection – PC / Mobile PC) July 24, 2009 by pdamobilecafe
http://pdamobilecafe.wordpress.com/2009/07/24/usb-stick-mp3-player-labled-nextar-apparent-cross-infection-pc-mobile-pc/ 
A USB stick MP3 Player labled Nextar (apparent cross infection – PC / Mobile PC)

Funny thing happened when plugging in (to desktop pc) a USB stick MP3 Player labled Nextar (cross infection) from a friend. Read on.

Possibly a black market relabled fake and there are apparent even criminal
“clone” or “phisher” or “pharmer” sites around emusic.com. Suddenly, an apparent “cross infection” ocuured in the Pocket PC Windows Mobile – a mass emailing worm ! Isn’t that fun (sarcasm).

eMusic – Wikipedia, the free encyclopedia eMusic is an online music store that operates by subscription. It is headquartered in New York City and owned by Dimensional Associates, LLC. … http://en.wikipedia.org/wiki/EMusic

Press Releases – Mi5 Networks Secure Web Gateway Feb 2, 2009 … Detailed reports enable eMusic to quickly identify infected machines on the network, understand the specific types of malware involved and …
http://www.mi5networks.com/news/press/2009_0202-eMusic.com-Selects-Mi5-Networks-in-Favor-of-Solo-Web-Security-Products.htm 

Apparent Open Source Project: eMusic/J 0.25
http://mac.softpedia.com/get/Multimedia/eMusic-J.shtml

Uh Oh…….

Name: Adware.Win32.eMusic Toolbar
http://www.emsisoft.com/en/malware/?Adware.Win32.eMusic+Toolbar

FORENSICS:

FILES Detected…. (apparently instantly – inserting USB MP3 Player)

DESKTOP: (windows xp home)

#emusic.oem

#emusiclogo.gif

#Trys to connect to “malicious host” emusic.com / apparent back door threat ? Blocked. USB Stick removed. Still attempts to connect after PC restarted or using media player(s). Seems a registry hook possible ? Scanned, not found. Looking manually.

SYMPTOMOLGY:

Stick in and out (on desktop). The continuing attempt to re-connect to
“emusic.com” indicates either a registry hook of some sort or worst is a rootkit as not visual in the registry. See the Sony Rootkit nightmare.

#SCANNED – FOUND: MOBILE PC (Windows CE 3.0 / Pocket PC 2002)

Installs apparent mass emailing worm as possible part of “cross infection”:

#FlashMates_(v1[1].0.4)_Setup.exe / which is identified as
Email-Worm.Win32.Apbost!IK [Ikarus antivirus = IK]

SEE Analyzing the Crossover Virus: The First PC to Windows Handheld
Cross-infector http://www.informit.com/articles/article.asp?p=458169&rl=1

NOTES: Adding more if found

The Exercise ? Watch out you didn’t get the real product

—-

SCAN RESULTS:

SCAN RESULTS….

a-squared Anti-Malware v. 4.5.0.19
(C) 2003-2009 Emsi Software GmbH –

ID Object
0 C:\Program Files\Uniblue\System Tweaker\System Tweaker.exe
Backdoor.Win32.Wootbot!IK
1 C:\Documents and
Settings\cbgerry\MyDocuments\POCKETPC-DOXX\FlashMates_(v1[1].0.4)_Setup.exe
Email-Worm.Win32.Apbost!IK

NOTES: The “Email-Worm.Win32.Apbost!IK” is the worm and file name is
“FlashMates_(v1[1].0.4)_Setup.exe”.
(location “POCKETPC-DOXX” caught in dummy folder. It takes two to play games. IK is symbol for Ikarus antivirus)

—-
NOTES: ……
New start up after quarantine and emusic connect attempt blocked again
(antimalware program). A registry hook (originally suspected as cause) generally is involved with one entity (unless multiple), here media players, that is easily detected and deleted. This did show files in two media players (with premium features) and now has jumped to Windows Media Player – which symptomology is as a self replicating worm does, but apparently here – as indeed a rootkit does – is as like a matrix that continually can give various commands (more powerful than a trojan and can continually install more software) and is best best guess of the symptoms experienced. The activity shows the “matrix” (several) commands severally or mutiple times after deletions which is almost as the self replicating worm does when deleted and is reinstalled elsewhere but finally gets deleted by antivirus. This indicates the rootkit activity as quite posible and the infection.

[THESE ARE ALL CLOSED OCT 2009]…..

Visit: PDA Mobile Cafe Homepage
http://www.pdamobilecafe.bluecollarpc.net/index.html
Mobile Portal: http://mysite.verizon.net/gerald_309/id16.html
Forums: http://pdamobilecafe.freeforums.org/

Posted in PDAMobileCafe Blog Alerts, PDAMobileCafe Blog Announcements,
PDAMobileCafe BlogPosts

—-

PDA Antivirus solutions available – shop!
By pdamobilecafe
Security Software: PDA Antivirus solutions available….. shop !

Try a trialware of the products where available. The Mobile Computer is now NO different then the Desktop – all the same threats are now out here. Symbian gets slammed.

PDA ANTI-VIRUS SOLUTIONS :

Security Software: PDA Antivirus solutions available….. shop !

Try a trialware of the products where available. The Mobile Computer is now NO different then the Desktop – all the same threats are now out here. Symbian gets slammed.

PDA ANTI-VIRUS SOLUTIONS :

Air Scanner.com AntiVirus (Free/Private Use, and Company/Corporate License)
http://www.airscanner.com (Also sells PDA Firewall ! )
Online Updates through Active Sync ! From the company that wrote the
best-selling technical book Maximum Wireless Security comes a professional strength virus scanner for the Pocket PC.

BullGuard Mobile for PPC
http://www.bullguard.com/mobile/
Protect yourself against malware when online with your PPC.

ExoVirusStop 1.0.4
http://www.exosyphen.com/
http://downloads-zdnet.com.com/ExoVirusStop/3000-11138_2-10358960.html
http://www.download.com/ExoVirusStop/3000-11138_4-10358960.html
Protect your Symbian series 60 phone against viruses and Trojans, with this
antivirus product. ExoVirusStop brings some new and innovative features, which make this software unique. The file size is small, so it won’t use up your phone’s storage space. Very fast scanning engine takes a few seconds to check your phone for viruses. Virus dictionary allows you to read useful information and details on the viruses that exist for the Symbian OS. Known viruses and their variants: Caribe, Skulls, Mosquitos, Gavno.

F-Secure.com (Pocket PC, Pocket PC 2002, Windows Mobile and PocketPC 2003)
http://www.f-secure.com/wireless/
F-Secure is the forerunner in creating security applications that are optimized for wireless devices and offer reliable and automatic on-device protection. F-Secure Anti-Virus ensures complete protection for your handheld devices. F-Secure also offers security solutions for mobile operators and service providers. Microsoft ActiveSync 3.5 or later to install. The virus definitions of F-Secure Anti-Virus for Pocket PC can also be updated over a wireless connection, such as GSM/GPRS phone, WLAN or Bluetooth connectivity.

ESET Mobile Antivirus for Smartphones
http://www.eset.com/products/
(Eset makes the famed NOD32 Antivirus for PCs)
Mobile devices like Smartphones and PocketPCs are exploding in numbers. Malware that targets them is bound to follow. Detecting and disabling these emerging threats requires sophistication beyond signature-based antivirus. ESET’s heuristics engine is the best protection for individuals and businesses that depend on mobile communication. Fast and thorough scanning keeps your files free of malware and our SMS spam filter keeps your text message folder uncluttered.

Kaspersky Security for PDAs (Palm, PocketPC)
http://www.kaspersky.com/homeuser?chapter=4157432
Today, most of us own not only PCs and laptops, but handhelds as well. They
provide convenient, portable data storage. But this convenience may come at a price. The down side is that handhelds are just as subject to virus infections and data theft as PCs and laptops. They also offer viruses entry to home and business networks alike.

SMobileSystems (FB-4 Virus Guard)
Formerly, FB-4 Virus Guard http://www.fb-4.com
SMobileSystems
http://secure.smobilesystems.com/main/home/index.php
About SMobile Systems….
SMobile is the world leader in providing comprehensive software
security solutions for all major mobile device platforms, including
BlackBerry,Windows Mobile, Symbian, Palm, iPhone and Android.

Avira AntiVir Mobile
Professional virus and malware defense for Pocket PCs and smartphones
http://www.avira.com/en/products/avira_antivir_mobile_3.html
Operating systems: Windows Mobile 2003 for Pocket PC, Windows Mobile
2003 Second Edition, Windows Mobile 5 and Windows Mobile 6.1 (Classic
and Professional Edition) Processors: ARM or Intel x86
MORE:
Nokia 3230, 6260, 6600, 6620, 6630, 6670, 6680, 6681, 6682, 7610, N70 and N72 Panasonic X700 and X800 Samsung SGH-Z600, SGH-D720 and SGH-D730 Nokia Communicator 9300 and 9500

PC-cillin Virus Protection (Full Services- All Downloads ARM,etc.)
http://download.com.com/3000-2239-9649107.html
WebClip: ” Protect your computer and PDA from viruses at home or on the go with PC-Cillin 2003. PC-Cillin combines advanced virus detection and cleaning with an integrated firewall to safeguard your system from hackers and malicious code threats in e-mail and instant messaging and while surfing the Internet. New features such as Wi-Fi protection help secure your computer when connecting to a wireless LAN network, and Outbreak Alert gives you early warning about new viruses.”

PC-cillin Virus/ Wireless2.0 – PalmOS 3.1-up [32k]
Freeware version. Scans all files and identifies any infected. Log report
http://download.com.com/3000-2363-10179689.html?tag=lst-0-1

PC-cillin Virus/ Wireless2.0[MIPS]Windows3.0 [612k]
Freeware version. Scans all files and identifies any infected. Log report (1k,
each scan, deleteable) includes Virus list.
http://download.com.com/3000-2178-10179705.html?tag=lst-0-3

PC-cillin Virus/ Wireless2.0[SH3] Windows3.0[561k]
Freeware version. Scans all files and identifies any infected. Log report (1k,
each scan, deleteable) includes Virus list.
http://download.com.com/3000-2178-10179701.html?tag=lst-0-4

PC-cillinVirus/ Wireless2.0[ARM] Windows3.0 [535k] (PocketPC)
Freeware version. Scans all files and identifies any infected. Log report (1k,
each scan, deleteable) includes Virus list.
http://download.com.com/3000-2178-10179699.html?tag=lst-0-2

Symantec AntiVirusT for Handhelds – Norton
http://www.symantec.com/
Annual subscription anti-virus protection with live Updates for PDA /Palm and PocketPC, others, versions. Works through Sync (HotSync , ActiveSync, etc.). Protects Device and also over wireless internet like WiFi 802.11. Check out Live Updates downloads wirelessly as well. Protects Beam Infrared!

Anti-virus for Symbian Series 60 – now free (ExoVirusStop.com) !!!
Current IT news from heise online – London,UK
Exosyphen Studios has made it’s ExoVirusStop anti-virus software for Symbian Series 60 mobiles
running variants of S60 1st and 2nd Edition free to download. …
http://www.heise-online.co.uk/security/Anti-virus-for-Symbian-Series-60-now-free/news/112439
Anti-virus for Symbian Series 60 – now free
Exosyphen Studios has made it’s ExoVirusStop anti-virus software for Symbian Series 60 mobiles running variants of S60 1st and 2nd Edition free to download –
http://www.exovirusstop.com/
The older S60 1st and 2nd Edition phones include those up to the Nokia N70 and N90. According to the companies blog “there are no strings attached and no catches.”… FULL STORY

————————————

[THESE ARE ALL CLOSED OCT 2009]…..

PDA Mobile Cafe Members Area:
http://www.pdamobilecafe.bluecollarpc.net/members1.html
PDA Mobile Cafe AvantGo Channel (view online):
http://mysite.verizon.net/gerald_309/id16.html
Wireless Help Links:
PDA Mobile Café
http://www.pdamobilecafe.bluecollarpc.net/pdawireless.html
Vista: http://www.bluecollarpc.net/myvistapc.html
BlueCollarPC.Net: http://www.bluecollarpc.net/allwireless1.html
Philly-WiFi Philadelphia Wireless Club:
http://tech.groups.yahoo.com/group/Philly-WiFi/
Yahoo! Groups Links

Tags: airborne, mobile antimalware, mobile antivirus, mobile malware, mobile security

%d bloggers like this: