Techs-on-Call Computer Blog

Security researchers were able to trick 8,000 people into downloading a program that could contain malware onto their smart phone. The bait was a seemingly innocent weather application. This study was meant to bring to light how cybercriminals trick people into downloading their malware. The program itself was clean, but the creators had a version that was a trojan horse program. The fact is, the weakest part of any computer security is the end-user.

Once again, one of the best ways to fight viruses and malware is to never assume everyone on the internet is your friend. Just because it is free does not mean it is safe. A common way for malware to install is to trick the user into installing something else because that bypasses all security. In fact, the two most common ways to distrubute viruses and malware is through social engineering tricks (like this one) and by poisoning websites. Social engineering tricks are very common with email where the user is tricked into clicking on a link. But tricking people into downloading a program is also heavily used.

Links related to this study:

• New Scientist: Sneaky app shows potential for smartphone botnets
• Dark Reading: Smartphone Weather App Builds A Mobile Botnet
• Sophos: 8000 iPhone and Android users duped into joining smartphone botnet

Good news today. The owners of one of the largest botnets were arrested, effectively shutting it down. When cybercriminals want to do their dirty work, they use a botnet. For those that don't know, a botnet is a collection of computers that have a small program on it called a bot (which is short for robot) whose sole purpose is to carry out instructions of the owner of the botnet. This allows cybercriminals to cover their tracks while at the same time increase the scope of their attacks. The really nasty ones clean your computer of viruses and malware and keep it clean so that you never know you are infected. Botnets send spam, carry out internet attacks, steal financial details by various methods, or a combination of those three. On March 2, the three owners of this botnet were arrested in Spain.

This botnet was called Mariposa, which is butterfly in English. They had an estimated 12.7 million PC's infected. This botnet was used to steal credit card information and banking credientals. The three unidentified botnet owners kept a low profile. But they made a few careless mistakes that enabled police to track them down. The key that led to their downfall was revenge. The botnet was partially blocked and one of the cybercriminals used his personal internet connection to stage a counter-attack.

Read more...

Suppose you were browsing the internet of your cell phone as you are walking down a street. As you pass a store, the ad you see on your phone is for that store you just passed. Such technology is already available, but on February 23, 2010 Google was awarded the patent for the idea. It is patent number 7668832.

The paranoid out there may wish to avoid such ads. You can. Many cell phones today have GPS built-in. You can turn the GPS off. Your general location can be determined using the location of the nearest cell phone tower. But the only thing that will be known is that you are somewhere in range of that tower. An exact location is impossible. A cell phone's location can be computer using triangulation, but is not something a cell phone can do. You need at least 3 towers for that, but a cell phone locks in to one tower. So if you turn off your phone's GPS antenna, you will not get ads targeted to where you are at right now, such as in the situation above.

Your general location can also be determined by the information that is required for the internet to work. This cannot be connected to the physical location of the internet connection without your ISP's permission. That is likely not to happen. Still, ads can at least know a general location. I've already seen ads that talked about deals in Raleigh (although Raleigh is 45 minutes away). With this patent, all such ads will now have to pay royalties to Google or stop determining your general location. There is really little you can do about that.

This is a problem I have seen a lot of the past few days. It has affected Windows Vista and Windows XP; however, with Windows Vista it is able to repair itself with the built-in startup repair tool. Windows XP users have to call somebody like me to fix it. The security update is labeled as MS10-015 and listed under the Microsoft knowledge base article 977165. To repair it, you'll need a Windows CD or DVD.

If you happen to have a Windows XP CD, follow these instructions:

• Boot from the CD.
• When prompted to set up Windows XP, press R to start the repair command prompt. After a few seconds, choose one of the Windows installations listed, ideally the one which is on the hard drive of your Windows XP installation which is usually C:\Windows. Enter your Administrator password which, for most people, is blank.
• Type "CD $ntuninstallkb977165$" (it does not matter if you use upper-case or lower-case).
• Type "CD spuninst".
• Type "batch spuninst.txt"
• Type "exit" to reboot and that should fix you up.

If you happen to have a Windows Vista or Windows 7 DVD and want to repair Windows XP, follow these instructions.

• Boot from the DVD.
• When prompted to set up Windows, click on the recovery tools listed at the bottom on the window. Follow the on-screen prompts until you see a window with several options, the last being a Command Prompt. You want to click on the Command Prompt option.
• Type the hard drive letter with the Windows XP installation on it and press enter. It is probably C: but it may be any letter at all. If in doubt, keep trying successive letters from C:
• Type "CD \Windows".
• Type "CD $ntuninstallkb977165$".
• Type "CD spuninst".
• Type "copy spuninst.txt spuninst.bat".
• Type "spuninst.bat".
• And reboot your computer.

If you have Windows Vista or Windows 7, just use the built-in startup repair to fix this problem.

Google just announced that they are going to run fiber optic cables to people's homes and offer internet service. The plan is 1 gigabits per second internet, which is much faster than what most internet providers can offer. For examples, most high speed internet connections range from 1.5 megabits per sercond to 15 megabits per second. Even Verizon FiOS and AT&T U-Verse, which both deliver cable TV over the internet, isn't that fast. Neither is the city of Wilson's Greenlight internet. Google's internet is 1 gigabit, or 1000 megabits, per second.

Is this a good idea? In my opinion, no. First, those who do everything do nothing well. Google is branching out too far from its roots, and as result they cannot focus. I still use Google for my search because I can always find what I need faster on Google. Which is related to me my second objection: Google isn't doing this to help America. The official blog post may sound like they are, but Google is a for-profit company. And Google profits off data-mining, which tracking what people do on the internet. Do you really want to give a company whose main source of income is data mining control on how you access the internet? I don't. You would be naive to think Google will not find some way to monitor the behavoir of the people who use their service and sell it to advertisers. I would rather have a slower internet than a monitored internet.