It’s been a while; but just recently the spammers are back on top of the game with regard to email spam.

Have you had emails with subject lines such as

“re: Messages” and “re: 33% Discount!”

I know I’ve had quite a few of them just recently.

Of course; I didn’t  actually send any pharmaceutical company, or anyone else come to that, any email message entitled “Messages” or “33% Discount”, but I keep getting these emails that might appear to be replies appearing.

The content of these messages is just 2 words: “click here”. I have all the latest patches from Microsoft installed on both my comp running Windows XP Pro and my other comp Running Windows 7 Home Premium, so these words don’t appear to me to be linked. In their original format, however, they are linked, and will appear so to some computers that aren’t fully updated and patched.

Clicking on these linked words will immediately install malware on your computer as it browses to the spammer’s website, where your confirmed email address will be added to a list of live confirmed email addresses to be used in future spam-blitz campaigns and sold to other spammers. The malware will probably open up one of your ports and connect you to another spammer website which will download further software to make your machine a fully-functional part in a botnet operation.

- So, as always, my advice to you is that if you get any emails that look in any way suspect, delete them immediately without even bothering to open them. Also, ensure that your computer, no matter which operating system you use, is kept fully updated with the latest updates and patches from the operating system’s manufacturer.

If you can no longer get any updates, for instance if you’re running a copy of Win 9x, get a decent operating system that you can keep up to date – or one day you will be sorry you didn’t.

Have you been getting much email spam lately?

‘No pictures in this article: If you miss them, just imagine them into it. There are ads though; so do click and buy to your heart’s content.

Having been fighting malware all weekend; which pissed me off no end as I was trying to concentrate on Izeafest, chat in the Izeafest chatroom, and clean a computer, all at once (I’ve incidentally now eradicated the malware.) I thought it fitting to write something about it: -

Recently…

You see, I was infected by three very nasty bits of malware: -

Win32.Backdoor.Poison, which will open up remote access to the user’s computer. Welcome to the botnet.

Win32.TrojanPWSAgent, which is a keylogger which records keystrokes and passwords, transmitting them to a remote server.

and a generic W32.worm that spammed my contacts lists.

Fortunately I had my email program open at the time I was infected, and realised that something was wrong when a load of message undeliverable emails started to appear in my inbox. (My contacts list is cluttered with many no-longer-used email addresses from years ago.) I opened a couple of these, which made it clear that my comp was sending out spam emails: They contained a random passage from a book followed by a line along the lines of “Give her more pleasure…”.

That was an indication that I’d been infected by something. My antivirus (Avast!) hadn’t noticed it though; which was strange, as it usually gives false-positives rather than missing anything. A full-scan by Malwarebytes showed that not even Malwarebytes could see any problem either. Lavasoft’s Ad-Aware to the rescue: It found and quarantined the three pieces of malware listed above after a scan. Avast! also found the W32 Generic worm; but by the time it had finished scanning it was already dealt with.

Was there an upshot from being infected by these viruses? In this case I don’t think so. During the short amount of time the comp was infected whilst online I hardly used the keyboard at all, and I definitely didn’t enter any passwords in that period either, nor afterwards until the machine was clean. (I watched Izeafest on the other comp; the 64-bit Windows 7 comp. (Interestingly, Safari crashed twice in 64-bit Windows 7 that weekend. I used Safari to watch as it has a larger viewing area than FireFox, IE8, and K-Meleon: The other browsers I have installed.)) I don’t think the botnet server actually connected before the malware was eliminated.

Did that 64-bit comp get infected? Yes; kind of: Each comp backs itself up onto the other via the LAN at an appointed time. The infected file; which I’ll tell you more about later, was copied over, but it didn’t activate on the 64-bit comp as soon as it did on the 32-bit comp. – For reason’s I’m unclear on. – Therefore the 64-bit comp had the malware dropper package installed, but it hadn’t activated yet. AdAware found and quarantined the malware package.

Get on with it

I’ll be getting to the point in a minute. First I want to warn you about free Ebooks on Facebook that are distributed by users: Unfortunately free (ancient) Ebooks aren’t all you get; there’s a hidden bonus in one of the files: A dropper, which activates after a certain length of time and infects your machine as it did mine.

I’ve reported the group; although the Facebook reporting system appears to intentionally avoid any method of easily reporting a malware-distributor, for whatever reason. If you’ve joined this group yourself, and have downloaded the free-Ebooks zip file, then I suggest that you scan it with AdAware immediately, whether or not you’ve unzipped it. If you’ve distributed any Ebooks from it then you’re unknowingly aiding in the spread of malware.

That was a long introduction. if you’re still awake, then let’s get into the main point of this post: -

The Main Point:

Notice that the malware’s names all have the prefix Win32 or W32. That means that it’s a 32-bit virus that targets Windows.

“So if I have a 64-bit version of Windows it won’t be targeted, right?”

Wrong: In the same way that it’s easily possible to run 32-bit Windows applications in a 64-bit Windows environment, so its possible for 32-bit malware to execute in a 64-bit environment as far as it goes with Windows. In short the backwards-compatibility of a 64-bit Windows operating system is its downfall, as well as being very handy.

“Why, then, didn’t the malware execute in 64-bit Windows 7, in the case above, at the same time as it activated in 32-bit Windows XP?”

‘Good question. I’m not sure. Possibly it might have something to do with the extra security of Windows 7? If it had attempted to execute in Windows 7 then a prompt would have appeared asking me whether I wanted to allow the process to run anyway. – But it didn’t; so I am as foxed as you are on this one.

Ramble

Finally then; although 64-bit is no more secure than 32-bit against 32-bit malware in itself, it’s still a better idea to install the 64-bit version of Windows 7 on your system if possible. The only thing that should stop you doing so is the fact that your motherboard isn’t 64-bit compatible and/or is running a 32-bit processor. Other than in such a case it would be advantageous to install the 64-bit version.

“Why? – You just said it makes no difference as far as malware is concerned.”

Indeed I did; but it makes a lot of difference as far as the amount of RAM you can use is concerned: A 32-bit operating system can use up to 4GB RAM. Whilst 4 GB RAM is currently enough for most people in general; and is totally adequate for running Windows 7 alone, there are, nevertheless, applications such as games and professional-quality imaging programs, that would thank you for the extra RAM above 4GB by working better, more efficiently, and faster.

In the future at some point, as all apps become more sophisticated, they’ll also become more memory-hungry, and 4GB will become an insubstantial amount of RAM to run them efficiently.

Ten years ago, in the era of Windows 98 dominance, it was common to have 32MB PC100 RAM in a computer. – And that was considered standard. (Yes, in the days of the Socket 7 32-bit single-cored processors, when AGP graphics cards were plentiful and still just about the norm. – When an upgrade from the 4 or 8MB onboard graphics to a 16MB AGP graphics card was considered to be a big thing.) These days you could hardly run an operating system alone with only 32MB RAM. 8MB graphics will just about display the screen in XP. – Badly.

Ten years from now it’ll be the norm to have a 64-bit operating system with 32GBs (Gigabytes, rather than megabytes.) or more of (DDR5?) RAM, and at least 1GB graphics capability. – You wait and see.

Your thoughts? – Please do comment.

For those who aren’t aware; this coming Tuesday 10th March 2009 is Patch Tuesday: Patch Tuesday is the day when Microsoft release the month’s round of security patches for its Windows operating system(s).

Microsoft have today planned to ship three security bulletins for software vulnerabilities. One of these carries a “Critical” rating, affects all versions of Windows, and covers (a) flaw(s) that could be exploited to launch remote code execution attacks. Further details can be found in Microsoft’s advance notification.

Here I’m going to spout on about one of my favourite security; or should I say “lack of security”, subjects: That being running obsolete Windows operating systems: –

I, as others, currently refer to the obsolete operating systems as “Win 9x” : This list currently includes Windows 95, Windows 98 and 98SE, and Windows ME.

This vulnerability, mentioned and rated “critical” by Microsoft, affects ALL versions of Windows, including Win 9x: The problem is that, since all of Win 9x are now obsolete; Microsoft aren’t supporting or providing critical updates for Win 9x. Therefore if you’re hanging on to any Win 9x version and using it as the main operating system on your computer, you’ll be an open target for the malware masters, and if they choose to run code on your unprotected computer then there’s nothing you can do about it.

Maybe, just maybe, it hasn’t happened yet, and you’ve got away with it so far; or at least you think that you have. More than likely, though, you don’t realise that your computer that’s running Win 9x is working in a botnet, relaying spam, porn, and lots of other nasties, infecting other people’s computers, and under the control of criminals.

Yes it may well be that you don’t see why you should have to fork out for a new operating system, and maybe a new computer too that’s capable of running the new operating system; but think carefully: Even if you’re not the least bit concerned on the effect that your spam/virus relay is having on the rest of the internet community, and even if you never entered your bank account details into the computer so that they can be harvested and used by villains, remember that your ISP is probably watching your internet traffic: So whether or not you realise that you’re relaying spam, child pornography, and malware; your ISP is aware and you may be hearing from them and other legal authorities fairly soon.

Maybe you’re so far totally innocent and unaware that you’re allowing your box to be involved in criminal activities? Maybe you’ll end up having to prove that to your ISP and the authorities? Maybe you’ll end up on the wrong side of the law? It’s a high price to pay for saving a few groats right now; wouldn’t you agree?

Penultimately, I’ll mention that there’s something of importance that the softies have either forgotten to include in their patches this coming Tuesday, or haven’t yet developed; and that’s a fix for a vulnerability where a rigged Excel file can execute code via Microsoft Office. This vulnerability is already being exploited, and could do with patching fast. See this article.

And finally; for those who are still living dangerously in the past without adequate protection due to their tight-fistedness and refusal to purchase a supported operating system; Windows 7 is going to be released soon. I suggest that you run the free release candidate for now, if you can, and then purchase the RTM when it’s released. Yes it may well mean that you need to purchase or build a new computer; but is it really worth the risks involved in running Win 9x?

Addendum: While we’re on the subject of the March Patch Tuesday; I’ll throw in the URL to this article for your further reading.

In short – Everyone needs them – That includes YOU!

I have seen people using an old computer running Windows ME without any firewall, antivirus, antispyware; totally unpatched. I was so shocked that I commented out loud about having found the local computer virus maternity unit: The owner, who was in the nextdoor room, came scurrying in with a look of puzzlement combined with anger on her face.

This person had been merrily using a totally unprotected computer for years and spreading viruses to all and sundry across the internet for years; totally unaware of any threat to herself or others.

"Oh but I only use it online about an hour a day." She exclaimed.

– How thoughtful of you. NOT!

Some computer users I’ve encountered have no idea what a firewall is. Others have said that they think they don’t need antivirus software because they only have a dialup connection. Still others have antivirus software but didn’t realise that it had to be updated. And yet others even have complained to me that the security bug fix that "Microsoft" emailed to them didn’t do anything but slow their machine down.

The worst instance was a person who had had their machine "upgraded"- Allegedly from a single-core to a dual-core processor, and had supposedly moved from a 32-bit to a 64-bit installation of Windows XP, which they’d paid a sizable amount of money for the privilege of having carried out. On my examination the operating system disk packaging didn’t shed any light on the question of exactly what this person was running, as there was only a clear case with a home-recorded CD inside it. The contents of this CD included a virus that had been rewritten to defeat the Microsoft Genuine Advantage software and reported a legitimate key. It soon became clear that this was an unprotected, non-updated, unpatched pirated copy of Windows Vista, which was being run on a machine that was hardly capable of running it:

The "upgraded" "dual-core" processor was a 2.2GHz AMD Athlon 64 single-core processor and the RAM it was using was still the old DDR rather than DDR2. The motherboard was a rather ancient Asus board made to run the early 1st generation Athlon 64s, which was what it was still doing. The system was riddled with viruses and malware: In fact I was surprised that it was still running. The operating system was totally unprotected and all the software that they were running was pirated also.

Both the cases I’ve written about lived within 15 miles of me, and are just two worst-case examples of the many similar cases I’ve seen that close in proximity to where I live: The possibilities from those statistics frighten me no end. I would estimate that there are nearly a million internet-connected users in England alone who are not using any online protection and whose computers are virus and botnet nurseries.

On the basis of that estimate alone it should be fairly obvious to you why a computer needs protection.

In general I think that most computer users are too lax don’t take security seriously enough.

I am fairly certain that the number of machines that are still unprotected by any kind of firewall is fairly big.

I am fairly certain that the percentage of machines unprotected by any kind of anti-virus and anti-spyware software is quite high: Higher than you’d imagine.

I am fairly certain that the number of people who have anti-virus and anti-virus software installed, but whose databases have never been updated is quite colossal.

I am fairly certain that the percentage of machines that have not once taken any update to Windows or Windows components is probably in the twenties.

I am also fairly certain that there are a number of people who’ll click on links or open attachments from unknown sources without giving it a second thought.

Owning a computer could be likened to owning a car: Both require maintenance, both need attention, both need care when using them. When you drive a car you don’t just get in and drive off taking any route that you fancy. There are do’s and don’ts; there are things you can do and things you shouldn’t do:

For instance if you don’t stick to the roads and drive cross-country you’re likely to end up stuck in a rut or broken down in the middle of nowhere. If you try to drive through tree trunks you’ll end up with a busted car. (I know this: I didn’t try to drive through a tree, but I lost it on a corner and hit one once. In that instance I discovered that evolution fashioned trees in a stronger design than Ford fashioned cars.) If you drive recklessly you’ll end up hurting yourself financially and/or physically. Maybe you’ll end up hurting others too.

The same is true when using a computer: if you don’t bother to maintain it and just "drive" it in any old fashion you’ll get reputation and you’ll end up with a computer that’s slow, faulty, and full of malware. That malware will spread from your computer to other users because that is what it is made to do. If a person doesn’t use anti-virus then their computer will become a virus nursery and infect other computers: That is carelessness and selfishness on their part. likewise with anti-spyware, firewall, etc.

People do exactly that though: they don’t bother, they don’t care. They might not mind having a machine full of malware; but other people don’t want that. As a result, we have botnets, spam, and constant virus and spyware attacks.

My advice to every computer user – Whether they run Windows, Linux, or Mac; but especially if they run Windows, is:

Windows is a targeted operating system; but other operating systems are by no means immune to attack.

Everyone needs education: That includes computer users. What do YOU think?

Twitter, the No.1 micro blogging site, has been targeted in the same kind of attack that befell MySpace and Facebook yesterday. A bogus Twitter profile with a malicious payload has been spotted by security firm Kaspersky.

The link; which says that it is a link to a pornographic video, downloads the dodgy version of Adobe Flash Player; the file “codecsetup.exe”; just as with the occurrences reported yesterday: http://kkomp.com/archives/827 And exactly the same result too: You’re suddenly a part of a botnet, sending span, phishing attacks, and DOS attacks.

Variants of the worms are already appearing according to security firm Kaspersky; who spotted this and yesterday’s two attacks also.

The attack appears to originate in Brazil, a conclusion based upon the use of the Portuguese language, the location of the servers that download the trojans, and the email addresses used also.

Once again only Windows users are vulnerable to these worms etc; so therefore would it be logical to conclude that the perpetrator is a South-American Linux zealot with an axe to grind?

No anti-spyware? – Then you need

XoftSpySE Anti-Spyware .

Designed to scan the user’s complete computer system to detect spyware parasites and quarantine the infected files for immediate protection, XoftSpySE is your fast, dependable anti-spyware defence.

§ Complete PC scanning, including running processes, registry entries, files and folders

§ Detects and removes: adware, spyware, pop-Up generators, keyloggers, trojans, hijackers, and malware

§ One of the largest spyware definition databases in the industry

§ Automatic definition and feature updates

§ Fast, powerful, and easy to use

§ Comprehensive customer technical support

§ Protects against identity and credit card theft

To discover more and get a FREE scan Click Here!