Techs-on-Call Computer Blog

There is a virus circulating the internet that infects, not your computer, but your router. The advantage of infecting a router is that every computer connected through that router can be attacked. In one scenario, when you browse the internet, the virus in the router redirects that request to a site loaded with viruses and malware in an attempt to infect that computer. A virus in the router can also carry out remote attacks without a computer and thus someone becomes unknowingly becomes part of a botnet. A botnet is a collection of devices connected to the internet which is used to carry out the requests of the botnet owner. These requests are usually to make a coordinated attack on other computers or to send out massive amounts of spam. A botnet is created to make it harder to prosecute someone.

The current virus circulating is called the Chuck Norris virus. It is called this because the code of the virus has a comment in it that says "in the name of Chuck Norris", but in Italian. This virus attacks routers that are based on Linux, such as the Linksys WRT54GL. What it does is attempt to guess the password. This virus can also infect certain D-Link routers. Another router virus is called Psyb0t.

So how do you get rid of this virus? The fix is amazingly simple. Unplug your router and plug it back in. Problem solved. This Chuck Norris virus cannot modify the software used by the routers, so it has to reside in the router's memory. Unplugging the router clears the memory and thus clears the virus. However, expect future router viruses to be able to modify the router's software. In that case, a factory reset should clear the virus. In the worst case scenario, you will have to connect a computer directly to your cable, DSL, or satellite modem and download the latest firmware for the router. Then you will need to connect back to the router and install the firmware. In all situations, the fix is a lot quicker than on a computer.

To protect yourself from such attacks, always change your router's password and never use a simple password. Always secure your Wi-Fi connection with a password. Never assume you are safe. Test your password with Microsoft's strong password checker.

This is from McAfee labs about a new technique computer viruses are using. This one embeds itself in a help file. I've seen viruses in executable files (.exe) and in library files (.dll). Now viruses have another place to hide: help files.

A computer virus is a bit of code that is embedded into a file and when that file is executed, the virus executes some code and often spreads itself. In this case, once the infected help file is viewed, the virus installs some malicious program. The malicious program is just an encoded file with a file extension of .hlp to make it look like a help file. The purpose of this is to foil anti-malware programs.

All of this just illustrates the point that malicious software will always change tactics to stay two steps ahead of the cleanup programs. Fortunately for you, the motivation behind most malware is profit. This means that most malware is not this complex because that is too much work. These cyber-criminals want as much as they can as fast as they can. Complex malware like this take a long time. Still, never assume you are safe. I've said it before in other blog posts, not even Macs are safe. About 80% of the malware I see is a simple scam, the fake antivirus stuff. And that is relatively easy (for me anyway) to remove. Just always be alert. Being alert can foil most of the cyber attacks.

If you like more information on this new virus tactic, McAfee has a blog entry about it: Be careful on help file.

Recently, an article appeared on the Financial Times website entitled "Bank firewalls cracked by cyberhackers". The title of the article makes it seem like the bank was compromised when, in fact, they had not. The title is misleading, as the rest of the article shows how cyber-criminals use sophisticated malware to steal funds from people. A person may naturally wonder how safe his or her bank really is. The fact is, bank websites are very secure. Inter-bank transactions are also very secure. So secure that the easiest way to bypass security is to install malware on a person's computer.

Read more...

Sometimes, a virus or malware will modify the registry so that when you log in, a malicious file is processed instead of the standard windows file. There are several types of viruses that do this. Fortunately, the fix for all is the same.

When Windows logs in, a file listed in the registry is processed first. (More on this in the fix.) If that file is not there or is corrupt, then Windows logs out right away. What happens is a virus changes the file which Windows looks for when logging in, and then something else deletes or renames that file. The result is the log in, log out routine. This is something found on Windows NT, Windows 2000, Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2008, and Windows Home Server. The file that should be loaded is the userinit.exe file. However, even that file may be replaced with a malicious one.

Read more...

Imagine if you were able to obtain a $1500 piece of software for free. Sounds good, right? The problem is, the software has been hacked and modified and when you download it, it is not with the permission of the company who made it. Software piracy is a big problem for companies. One thing you can add to that is pirated software may have more than you bargained for. Pirated software, music, and movies may contain a viruses or something worse. The simple fact is, except in a rare few cases, getting something that costs money for free or a greatly reduced price is probably illegal in some way and if it is a computer file it has a good chance of containing a virus.

Read more...