The Anatomy of An Attack
In the âgood old daysâ of the Internet, virus writers were just out to make computers do silly things like play a song randomly or change the desktop background to something dirty. In recent years, virus writing has become a big (evil) business. Virus writers have gotten very smart and very tricky.
There are many different psychological angles virus writes can take when they attempt to infiltrate your computer. The following paragraph is only describing one of the MANY methods a virus can attack your computer. The attack I will describe below is what I would call a âhybrid phishingâ scheme.
I received this email early Sunday morning from an address I did not recognize (warning sign #1). My immediate suspicions were confirmed when I read the subject line âyour Adds have stopped running!â. I knew the email was a fake because the only online ads I run are through Google and Facebook, and this senderâs email matched neither.
You can read the email below. It uses poor spelling and says they have received a wire transfer of $25K from my company. The virus writer is asking what services the money was for and they suggested that the attached (infected) file included information about this wire transfer.
Kids, donât try this at homeâŚ
Knowing this was very likely a virus file, I VERY CAREFULLY downloaded the file and uploaded the file to an online virus scan service. I have pasted the results below that confirmed my suspicion; this is a brand new virus.
Only about 1/3 of the antivirus engines out there even know this virus exists. We call this a âZero Day Attackâ. Because the virus is released and spreads before the antivirus companies can catch on and release updates to protect you from infection.
How can you stay protected? Here are the basics:
1.) Keep your antivirus program up to date. If you have a business network, use a server-based managed antivirus solution. (contact me for details)
2.) Keep your operating system fully up to date through Windows Updates
3.) DELETE emails from people you donât know
4.) Be very cautious of email attachments, even from people you know and trust
5.) If you get an email that appears to be from your bank, paypal, facebook, or any other institutionâŚDO NOT CLICK a link in the email. Instead, go directly to the companyâs website by typing the address into your browser.
Itâs a dangerous world out there, folks. Call me for a FREE network analysis to make sure that your network has all of the protections it needs.
Brian Vance
President
PC TLC, Inc.
812-499-9587
The email I received is pasted here:
|
||||||||||||||||||||||||||
we have received an $25,122 wire transfer from your company. We have no ideea how this transfer was placed in our account but your email address was in the note for beneficiary section. Attached is a copy of the incomming transfer provided by our bank.Please reply and let us know for what services was the transfer sent to our account…
File Attached: ntkr.doc (virus)
Here are the results from the Online Virus Scan Service:
|
Version |
Last Update |
Result |
|
|
a-squared |
4.5.0.50 |
2010.03.29 |
Trojan-Dropper!IK |
|
AhnLab-V3 |
5.0.0.2 |
2010.03.29 |
- |
|
AntiVir |
7.10.5.247 |
2010.03.29 |
TR/Dropper.Gen |
|
Antiy-AVL |
2.0.3.7 |
2010.03.29 |
- |
|
Authentium |
5.2.0.5 |
2010.03.29 |
- |
|
Avast |
4.8.1351.0 |
2010.03.29 |
- |
|
Avast5 |
5.0.332.0 |
2010.03.29 |
- |
|
AVG |
9.0.0.787 |
2010.03.29 |
- |
|
BitDefender |
7.2 |
2010.03.29 |
Trojan.Downloader.JMZC |
|
CAT-QuickHeal |
10.00 |
2010.03.29 |
- |
|
ClamAV |
0.96.0.0-git |
2010.03.29 |
- |
|
Comodo |
4426 |
2010.03.29 |
- |
|
DrWeb |
5.0.2.03220 |
2010.03.29 |
- |
|
eSafe |
7.0.17.0 |
2010.03.28 |
- |
|
eTrust-Vet |
35.2.7394 |
2010.03.29 |
- |
|
F-Prot |
4.5.1.85 |
2010.03.29 |
- |
|
F-Secure |
9.0.15370.0 |
2010.03.29 |
Trojan-Dropper:W32/Agent.DIQH |
|
Fortinet |
4.0.14.0 |
2010.03.29 |
- |
|
GData |
19 |
2010.03.29 |
Trojan.Downloader.JMZC |
|
Ikarus |
T3.1.1.80.0 |
2010.03.29 |
Trojan-Dropper |
|
Jiangmin |
13.0.900 |
2010.03.29 |
- |
|
K7AntiVirus |
7.10.1004 |
2010.03.22 |
- |
|
Kaspersky |
7.0.0.125 |
2010.03.29 |
- |
|
McAfee |
5934 |
2010.03.28 |
- |
|
McAfee+Artemis |
5934 |
2010.03.28 |
Artemis!60DF604563A1 |
|
McAfee-GW-Edition |
6.8.5 |
2010.03.29 |
Trojan.Dropper.Gen |
April 1, 2010
Posted in: Computer Security News 
No Comments
PC TLC, Inc. Opens New Office in Huntingburg, IN
November 12, 2009
PC TLC, Inc.
308 E. Fourth St.
Huntingburg, Ind. 47542
brian@pctlc.com
Huntingburg native expands business to Fourth Street
HUNTINGBURG __ Brian Vance loves computers and wants you to love yours too. That’s why he’s expanded his Evansville-based company to Fourth Street.
“Computers can be an outstanding nuisance or an incredible blessing,” said Vance, owner of PC TLC, Inc. “We prefer the latter.”
Vance and his two trained technicians can help residential and business computer users in Dubois County solve common computer problems at their new location inside Hometown Music, opening Saturday.
“In our industry, there are a lot of geeks. We are just regular people who happen to be brilliant with computers,” Vance said. “We have the lowest prices around, and a long line of happy customers behind us to vouch that we are the best.”
Vance and his team of CompTia A+-certified technicians are passionate about computers.
“This passion, drive, and enthusiasm is what has grown our business during the last seven years,” Vance said. “As I hired technicians to support this growth, one of the primary things I looked for was a passion for technology.”
PC TLC, Inc. specializes in small business networking and helping those customers use their technology more efficiently.
“We love to come into a business and provide an evaluation of their network and infrastructure,” Vance said. “We compare their existing operations with the industry standards for security, stability, and speed. We let them know what they are doing right, and we use our expertise to pinpoint what can be improved. In almost every case, we help companies save money through lowering technology costs and increasing efficiency.”
Vance’s company, started in 2002, provides free computer repair evaluations on all makes and models of computers, including servers, laptops, desktops, and Windows and Apple operating systems. PC TLC, Inc. also provides the following services:
* Network design and administration
* Secure remote backup systems
* Web site hosting and custom development
* On-site and remote systems maintenance
* Secure e-mail hosting and spam blocking
* Data recovery on hard drives and memory sticks
Vance, who grew up in Huntingburg and lives in Evansville, is a graduate of Southridge High School, and holds degrees in computer information systems from Ivy Tech and the University of Southern Indiana. He is president of PC TLC, Inc.
“I keep my finger on the pulse of the local economy,” he said. “Recent national survey data shows that there are approximately 1.2 computers per household in the U.S.; Huntingburg is no different. With the opening of this new PC TLC, Inc. location, Huntingburg residents no longer have to take their computer all the way to Jasper or Evansville for repair.”
You can find PC TLC, Inc.:
online at www.pctlc.com
at 308 E. Fourth St. in Huntingburg
by calling (812) 683-0200
by e-mailing service@pctlc.com
November 12, 2009
Posted in: PC TLC, Inc. News No Comments
Evansville Data Recovery
Every day, companies and individuals just like you rely on PC TLC to provide fast and affordable Data Recovery Services here in the Evansville area.
We recover files from hard drives, removable media, floppy disks, optical disks, flash drives, and other types of media. We have a team of educated and certified technicians that provide quick, reliable emergency service to customers experiencing data loss due to hardware failure, software corruption, or natural disaster.
We have many customers come to us with SERIOUS data loss issues. These customer have lost their accounting database files from Peachtree, Quickbooks, or Microsoft Money programs. We have a 100% success rate of recovering accounting databases for customers.
Laptop Drives, Desktop Disks, RAID Systems, Flash Drives, we can perform our Recovery Services on any disk.
We have recovered data from computers in floods, user reformatted, virus infection, dropped from tables, had various substances spilled into them, and those disks that simply died from natural causes.
Time is of the essence. If you believe your hard drive is in trouble, power of the computer right away and call us for service.
(812)-488-9587
May 15, 2009
Tags: deleted file recovery, Drive failure, Evansville Data Recovery, flash drive recovery Posted in: Evansville Data Recovery No Comments
Windows Vista Evansville
Microsoft Windows Vista really got started on the wrong foot. When it was first released in 2007, the software was still full of problems. New computers came pre-installed with the software and users were not openly given the choice of another operating system like Windows XP.
Since the release of Vista, we have sold hundreds of computers and NOT ONE person has requested Windows Vista. Everyone seems to want Windows XP because they have heard all of the fuss about Vista being terrible.
Well a couple of years have passed and Microsoft has released countless updates to the Vista software via the Windows Update Service.
A couple of months ago, I built a new office computer and I used Microsoft Windows Vista Ultimate 64bit. I must say I have been VERY impressed by it. One issue with Vista is that it runs slowly on computers with inadequate hardware. A Dual Core Processor and at LEAST 2GB of System Memory (RAM) are needed for Vista to perform at an acceptable level.
On my system I used a fast AMD Dual Core Processor and 8GB of RAM. Overkill, for sure…but RAM is cheap so I went ahead and maxed out the motherboard with memory.
If your Vista computer is running slow and having problems, we can help make your computer run FAST and reliably. Call us today to schedule a service call. Or bring your computer into our shop any day M-F from 8-5. We offer SAME DAY service and FREE diagnostics.
So far, so good. A couple of our technicians are experimenting with the new Windows 7 RC (Release Candidate). Windows 7 is due out this Christmas or early 2010 http://ecommerce.ulitzer.com/node/964871
Hopefully Windows 7 will have a better first couple of years than Windows Vista had.
In any case, the brilliant technicians here at PC TLC, Inc. are here to help.
Whether you have Windows 2000, XP, Vista, MAC, Linux, we can help.
May 15, 2009
Tags: Evansville Computer Repair, Operating System Help, Vista slow, Windows Vista Posted in: Technology Information No Comments
I think my hard drive is crashing
If you think your hard drive has crashed or is failing, the first thing you need to do is POWER OFF and unplug your computer. The longer a failing hard drive is running in its bad condition, the more your precious files will continue to deteriorate.
Why do hard drives fail?
A hard drive is the hardest working piece of equipment in a computer. Modern hard drives are small boxes inside your computer. Inside these drives are a stack of metalic disks that spin at very high speed. They can spin anywhere from 4000-15,000 revolutions per minute, which equals nearly 170 miles per hour ! When things are moving that quickly, the smallest of internal errors or malfunction can mean disaster for your data.
Some common signs of a failing hard drive are:
- Disappearing files
- Very long wait when opening files
- Errors about “file corruption”
- Reoccuring error messages when moving/copying files
- A grinding, clicking, or buzzing type sound (this is VERY bad!! Power down your computer and bring it to us right away)
If any of the above events are happening, it is imperitave that you bring in your computer as quickly as possible. We are the area experts in data recovery. We can use our specialized software and equipment to recovery your data and restore your computer to perfect running condition.
March 3, 2009
Posted in: Computer Help No Comments
I have a business, and our computers could use some help
Computers greatly improve business productivity. However, when computers start acting up…your employees cannot get their work done and tempers can run high as productivity runs low.
GOOD NEWS. We are here to help. Our experienced, educated, and certified technicians are trained to identify the major issues with your computer or network and resolve those issues as quickly and cost effectively as possible. We are the best in the business, and your business deserves the best.
We may be able to save your company thousands of dollars per month in unnecessary labor, equipment, and software costs just by applying some TLC to your PCs
Call us today for a FREE consultation. We will gladly take a look at your computer network at no charge and make recommendations on how to improve your office communications. (812) 499-9587
February 4, 2009
Posted in: Computer Help No Comments
‘Amazing’ worm attack infects 9 million PCs
Article from ComputerWorld.com at this link
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126205
January 16, 2009 (Computerworld) Calling the scope of the attack “amazing,” security researchers at F-Secure Corp. today said that 6.5 million Windows PCs have been infected by the “Downadup” worm in the last four days, and that nearly 9 million have been compromised in just over two weeks.
Early Friday, the Finnish firm revised its estimate of the number of computers that had fallen victim to the worm, and explained how it came to the figure. “The number of Downadup infections [is] skyrocketing,” Toni Koivunen, an F-Secure researcher, said in an entry to the company’s Security Lab blog. “From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That’s just amazing.”On Tuesday, Koivunen put the number of infected systems at 2.4 million, then updated the estimate Wednesday to 3.5 million, an increase of 1.1 million in just 24 hours.
“We haven’t seen outbreaks of this scale in many years,” said Mikko Hypponen, chief research officer at F-Secure, in an e-mail reply to questions. “[It] reminds me of the old Loveletter/Melissa/Sasser/Blaster cases size-wise,” he added, ticking off some of history’s biggest malware attacks.
Downadup — which also goes by the name “Conficker” — exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. Although Microsoft fixed the flaw with one of its rare “out of cycle” updates in late October, about a third of all PCs have not yet been patched, according to Qualys Inc., another security company. Those PCs are the ones being hijacked by the worm.
In his Friday blog post, F-Secure’s Koivunen also provided some background on the company’s estimate, in part because some people had expressed disbelief in the number. According to Koivunen, F-Secure came to its 8.9 million-machine estimate by spying on the worm’s communication with hacker-controlled servers.
Once it’s gotten onto a PC, Downadup generates a list of possible domains, selects one, then uses that URL to reach a malicious server from which it downloads additional malware to install on the hijacked computer. F-Secure, however, has registered some of those domains, and has been able to monitor traffic through those URLs.
By examining logs of connection attempts to the domains, F-Secure discovered several hundred thousand different IP addresses — over 350,000 as of today — as well as a counter embedded in each that spells out the number of additional PCs that the infected machine has compromised.
“So this number tells us how many other computers this machine has exploited since it was last restarted,” explained Koivunen. A sample log provided by F-Secure showed 12 Downadup-infected PCs, which collectively had infected 186 additional systems. Just one of the originally infected computers successfully attacked 116 other machines.
“We wrote a program that parses the logs, extracting the highest value for the IP/User-Agent pairs … then added together to get our figures,” said Koivunen. “As you can see now, they are very conservative.”
Earlier this week, the already-high number of Downadup infections prompted Microsoft to add detection for the worm to its Malicious Software Removal Tool (MSRT), the anti-malware utility that the company updates and redistributes each month to Windows machines. Microsoft released the latest edition of the MSRT with anti-Downadup capabilities last Tuesday.
Like other security researchers, those from Microsoft have put some of the blame on users slow to patch their PCs. “Either Security Update MS08-067 was not installed at all or was not installed on all the computers,” a pair of security researchers who work at Microsoft said Tuesday.
Microsoft has recommended that Windows users install the emergency update, then run the January edition of the MSRT to scrub the worm from compromised computers.
February 4, 2009
Posted in: Technology Information No Comments
November 2008 Newsletter
|
|||||||||||||
|
|||||||||||||
|
|||||||||||||
|
|||||||||||||
|
|||||||||||||
February 4, 2009
Posted in: PC TLC, Inc. News No Comments
My computer is running very slowly.
The older a computer gets, the slower it runs.
Why?
There are several reasons why a computer slows down over time. Here are a few reasons:
1. The hard drive gets fragmented from daily use, and this causes it to run inefficiently.
2. There are unnecessary programs in the Startup menu that are opening automatically when the computer starts. These programs use your system memory even when you aren’t using them, thus slowing down your system.
3. Your computer may have a small or large virus/malware infection causing everything to run slowly.
4. Lack of System Memory (RAM): Computer software is constantly becoming more demanding on hardware. If you bought a computer that ran fast 4 years ago but have loaded some newer software onto that computer, it runs slower because the newer software is placing a heavier load on the older hardware. The result is everything still works…slowly.
We offer FREE diagnostics on your computer. All you need to do is drop off your computer tower to 650 E. Diamond Ave Evansville, IN. We will check over the entire system and give you a quote for what it will take to get it running quickly and reliably again. OR call us to schedule an on-site service call. 812-499-9587
February 4, 2009
Posted in: Computer Help No Comments
I think I have a virus
There are over 1 million computer viruses in circulation. Many of them are programmed to have little virus babies and copy themselves onto every computer possible.
An infected computer can do all sorts of scary things like: record all of the keys you press and send the virus writer a copy of everything that you type (including emails, chat, passwords, websites, etc.) A virus can also destroy your data can cause your computer to not start again after you reboot.
How can you stay protected?
While no single software package will protect you 100%, we set up out customers with a suite of free protection utilities that will rid you computer of viruses as well as protect your computer in the future. Don’t spends hundreds of dollars on antivirus and antispyware programs, we use FREE software at PC TLC, Inc.
We are your local experts on computer virus removal and protection. Call us today, or bring your computer tower in for immediate service.
February 4, 2009
Posted in: Computer Help No Comments
