Subscribe to the Techs-on-Call monthly mailing list E-mail Techs-on-Call

Category: Security

Aug 19 2010

Intel Purchases McAfee

Intel announced today (August 19, 2010) that they are purchasing McAfee, which produces antivirus software, for $7.68 billion pending FTC approval. On the surface, these seems like a strange combination. Why would Intel want to purchase an antivirus software vendor? However, if you examine deeper it does make sense.

Computer security is a critical issue. Hackers are always looking to make a lot of money for little work or just want to be mean. While most of the time hackers exploit a weakness is software, sometimes they exploit weaknesses in the hardware. CPU's are complex little machines; nobody can make a perfect design without any vulnerabilities. The same applies to operating systems such as Windows. Since there is going to be a vulnerability, wouldn't it be nice to have a system designed to detect what black-hat hackers do and block such attacks while being completely transparent to the end-user? Intel purchased McAfee to help implement security and defense in the hardware so that future attacks on computer systems will be harder.

Short term, don't expect anything to change. Long term, I would expect McAfee antivirus to become very much inferior to the competition because I suspect Intel will have the company focus less on the software and more on the hardware.

0 comments - Posted by Wade Burchette at 12:17 PM - Categories: News | Security

May 25 2010

Fake Antivirus Group Wants To Hire You

Need a job? Well, a fake antivirus group posted a job on freelancer.com. This is more proof that fake antivirus software is big business. And it shows how confident they have become that their business will continue. Or they are very stupid. Or maybe they are both. Probably both bold and stupid.

So how much does such a job pay? Between $30 to $250. But it appears the "company" hiring has a great rating. One reviewer said "Nice buyer, hope can work for him again in the future." Which, of course, has all a trait of being a bogus review because it is only glowing. Besides, how trustworthy can a company be if their main source of income involves scamming people? Be that as it may, the major fake antivirus players, of which this is not one, do pay people based on the number of computers they infect.

The biggest threat today is not viruses, but malicious software (malware). The biggest malware threat is fake antivirus. It is successful and it is very profitable. When you take down one, five more appear in its place. Few people will give up easy money without a fight.

For more information, and a snapshot of the listing, visit The Register's article about this.


By the way, 33 years ago today, the first Star Wars movie was released. And not coincidently, 27 years ago today, Star Wars: Return of the Jedi was released.

0 comments - Posted by Wade Burchette at 5:59 PM - Categories: News | Security

Mar 23 2010

DDoS Attacks Still Around

Without a doubt, the main motivation for cybercriminals is money. That is why fake antivirus scams and spam emails are so common, because they makes lots of money. But sometimes people are just jerks. That is why Distrubuted Denial Of Service attacks, or DDoS for short, are still around.

A DDoS attack is when a server is flooded with internet traffic from many computers so that the server is unable to handle legitimate traffic. When a company requires their webserver to be active to make money or do business, it can be a major problem. The main motivations behind a DDoS attack are revenge, extortion, jealousy, political, and to disrupt a rival business or organization. The extortion tactic doesn't work well, because once attacked, a server can easily take steps to block the attack.

Read more...

0 comments - Posted by Wade Burchette at 3:06 PM - Categories: Security

Mar 15 2010

Password Reset Questions Are Also Too Easy To Guess

One of the ways I've seen people get viruses and malware is when their social networking page (i.e. Facebook, My Space, Twitter) password is guessed and a cybercriminal plants viruses on their site. If you've taken my advice that I have given you in previous blogs and in person, you are using a good strong password. A good strong password is one that cannot be guessed by knowing anything about your life, uses letters and symbols if symbols are allowed, and uses a combination of upper-case and lower-case letter. For example, don't use your dog's name in your password.

Well all that is well and good, but if the password reset question is easy to guess, none of that will help. If someone can figure out your password reset question by reading you social networking page, that is just as bad as using a weak password. So make sure such questions are ones difficult to guess. Some of these password reset pages allow anyone who correctly guesses the question to change the password, and thus have full access to your page.

My number one rule on the internet is never assume everyone is good. Always think about the bad guys out there. Cybercriminals are making easy money, they aren't going to give that up without a fight.

0 comments - Posted by Wade Burchette at 9:25 AM - Categories: Security

Mar 1 2010

Not Even Routers Are Safe From Viruses

There is a virus circulating the internet that infects, not your computer, but your router. The advantage of infecting a router is that every computer connected through that router can be attacked. In one scenario, when you browse the internet, the virus in the router redirects that request to a site loaded with viruses and malware in an attempt to infect that computer. A virus in the router can also carry out remote attacks without a computer and thus someone becomes unknowingly becomes part of a botnet. A botnet is a collection of devices connected to the internet which is used to carry out the requests of the botnet owner. These requests are usually to make a coordinated attack on other computers or to send out massive amounts of spam. A botnet is created to make it harder to prosecute someone.

The current virus circulating is called the Chuck Norris virus. It is called this because the code of the virus has a comment in it that says "in the name of Chuck Norris", but in Italian. This virus attacks routers that are based on Linux, such as the Linksys WRT54GL. What it does is attempt to guess the password. This virus can also infect certain D-Link routers. Another router virus is called Psyb0t.

So how do you get rid of this virus? The fix is amazingly simple. Unplug your router and plug it back in. Problem solved. This Chuck Norris virus cannot modify the software used by the routers, so it has to reside in the router's memory. Unplugging the router clears the memory and thus clears the virus. However, expect future router viruses to be able to modify the router's software. In that case, a factory reset should clear the virus. In the worst case scenario, you will have to connect a computer directly to your cable, DSL, or satellite modem and download the latest firmware for the router. Then you will need to connect back to the router and install the firmware. In all situations, the fix is a lot quicker than on a computer.

To protect yourself from such attacks, always change your router's password and never use a simple password. Always secure your Wi-Fi connection with a password. Never assume you are safe. Test your password with Microsoft's strong password checker.

0 comments - Posted by Wade Burchette at 8:38 AM - Categories: Security

Feb 3 2010

Another Tactic of Viruses

This is from McAfee labs about a new technique computer viruses are using. This one embeds itself in a help file. I've seen viruses in executable files (.exe) and in library files (.dll). Now viruses have another place to hide: help files.

A computer virus is a bit of code that is embedded into a file and when that file is executed, the virus executes some code and often spreads itself. In this case, once the infected help file is viewed, the virus installs some malicious program. The malicious program is just an encoded file with a file extension of .hlp to make it look like a help file. The purpose of this is to foil anti-malware programs.

All of this just illustrates the point that malicious software will always change tactics to stay two steps ahead of the cleanup programs. Fortunately for you, the motivation behind most malware is profit. This means that most malware is not this complex because that is too much work. These cyber-criminals want as much as they can as fast as they can. Complex malware like this take a long time. Still, never assume you are safe. I've said it before in other blog posts, not even Macs are safe. About 80% of the malware I see is a simple scam, the fake antivirus stuff. And that is relatively easy (for me anyway) to remove. Just always be alert. Being alert can foil most of the cyber attacks.

If you like more information on this new virus tactic, McAfee has a blog entry about it: Be careful on help file.

0 comments - Posted by Wade Burchette at 7:17 PM - Categories: Malware | News | Security

Dec 13 2009

How Safe Is Your Bank?

Recently, an article appeared on the Financial Times website entitled "Bank firewalls cracked by cyberhackers". The title of the article makes it seem like the bank was compromised when, in fact, they had not. The title is misleading, as the rest of the article shows how cyber-criminals use sophisticated malware to steal funds from people. A person may naturally wonder how safe his or her bank really is. The fact is, bank websites are very secure. Inter-bank transactions are also very secure. So secure that the easiest way to bypass security is to install malware on a person's computer.

Read more...

0 comments - Posted by Wade Burchette at 8:19 PM - Categories: Security