Malware Stealing Passwords from File-Sharing Sites

The threat in question has been described as malware which employs some password recovery instruments in order to steal passwords that its victims store in their browsers.

The company found out that a number of PASSTEAL malware versions use social engineering lures like variants disguised as key generators for paid apps. TrendMicro team identified “WebBrowserPassView” and “PasswordFox” as two of the password recovery instruments within PASSTEAL. In the meantime, security experts warn about the possibility that people who have developed PASSTEAL could also be using other recovery instruments.

Most people use the same password across various websites, which can certainly help them to remember it, but this still increases the risk of data theft. Of course, for better security, Internet users are recommended to use various login credentials for their accounts and create strong and easy-to-remember passwords. The experts also recommend users to use features offered by the browsers that can help protect private information. For instance, Mozilla Firefox has a master password feature which enables encryption in order to prevent password recovery instruments to easily access account data stored in browsers.

People who are recommended to especially watch out for password stealing malware like PASSTEAL are those who share passwords across many Internet accounts, and those who forget that password sharing is a bad idea.
 

Google Warns against Sophos Antivirus

Tavis Ormandy, one of Google’s security experts, claimed he revealed a few serious security vulnerabilities in Sophos Antivirus, so it shouldn’t be used at important computer systems. The security expert claims that Sophos makes easy mistakes and fails to issue patches quickly. He published a report where several flaws were mentioned that were caused by the company’s poor development practices and coding standards. Sophos didn’t respond fast enough to his warning, which only made things worse.

For instance, it turned out that Sophos’ on-access scanner could be used to launch a worm by targeting a firm receiving an attack email through Outlook. The vulnerabilities were all tested on a Mac, but the expert believes that wormable remote root can affect all platforms that run Sophos.

Tavis Ormandy made a conclusion that users who install Sophos Antivirus expose their computers to considerable risk. Unless Sophos doesn’t improve its security in the nearest future, its deployment may cause considerable risk to global networks and infrastructure. Ormandy pointed out that he gave Sophos 2 months to address the problem before he published the report.

Of course, Sophos was not happy about 30-pages report saying that it fails to do its job. It replied that lots of flaws had been fixed and the company hadn’t seen the fixed flaws being exploited in the wild. Sophos announced the release of further fixes in the end of November. However, Sophos believes it would take half a year to release a patch that fixes a single line of code, while Ormandy says two months. The security expert admits that the company is working with good intentions, but is still ill-equipped to address the flaws he alone revealed in his spare time.

Password Method That Chase Hackers Away

1. DISCARD THAT DICTIONARY : If your password can be found in a dictionary, you might as well not have one. Hackers will often test passwords from a dictionary or aggregated from breaches. If your password is not in that set, hackers will typically move on.

2. NEVER USE THE SAME PASSWORD TWICE:  We are all guilty of this, where we tend to use the same password across multiple sites, a fact hackers regularly exploit. While cracking into someone’s professional profile on LinkedIn might not have dire consequences, hackers will use thesame password to crack probably your e-mail or where more valuable financial and personal data is stored.

3. COME UP WITH A PASSPHRASE:  The longer your password, the longer it will take to crack. Ideally a password of at least 14 characters will make it uncrackable by an attacker in less than 24 hours. Because longer passwords tend to be harder to remember, consider a passphrase, such as a favorite movie quote, song lyric, or poem .

4. JAMMING ON YOUR KEYBOARD:  For sensitive accounts, you can randomly jam on your keyboard, intermittently hitting the Shift and Alt keys, and copy the result into a text file which he stores on an encrypted, password-protected USB drive.

5. STORE YOUR PASSWORDS SECURELY:  Do not store your passwords in your in-box or on your desktop. If malware infects your computer, you’re toast. You can store your password file or a password hint file on an encrypted USB drive for which would have a complex password to access. then you can copy and paste those passwords into accounts so that, in the event an attacker installs keystroke logging software on the computer, they cannot record the keystrokes to the password.Just try to keep it off the internet

6. A PASSWORD MANAGER: Password-protection software lets you store all your usernames and passwords in one place. Some programs will even create strong passwords for you and automatically log you in to sites as long as you provide one master password. LastPass, SplashDataand AgileBits offer password management software for Windows, Macs and mobile devices. But consider yourself warned:  it still lived on the computer itself. “If someone steals the computer, you’ve lost the passwords.

7. USE DIFFERENT BROWSERS: Use different Web browsers for different activities “Pick one browser for ‘promiscuous’ browsing: online forums, news sites, blogs — anything you don’t consider important,”. “When you’re online banking or checking e-mail, fire up a secondary Web browser, then shut it down.” That way, if your browser catches an infection when you accidentally stumble on an X-rated site, your bank account is not necessarily compromised. As for which browser to use for which activities, a study last year by Accuvant Labs of Web browsers — including Mozilla Firefox, Google Chrome and Microsoft Internet Explorer — found that Chrome was the least susceptible to attacks.

8. SHARE CAUTIOUSLY:   Whenever possible, never register for online accounts using your real e-mail address. You could use a “throwaway” e-mail address, like those offered by 10minutemail.com. Users register and confirm an online account, which self-destructs 10 minutes later.

Truth: “At some point, you will get hacked — it’s only a matter of time,” warned Mr. Grossman. “If that’s unacceptable to you, don’t put it online.”

Gotten from : Yahoo Business

Tools for a Safe PC

1. Microsoft EMET

 Enhanced Mitigation Experience Toolkit: a free tool from Microsoftwhich help Windows users enhance the security of commonly used applications, either third-party vendor or Microsoft's. EMET allows users to force applications to use one or both of two key security defenses built into Windows Vista and Windows 7 —  ASLR and  DEP.

- DEP (Data Execution Prevention) : is designed to make it harder to exploit security vulnerabilities on Windows

- ASLR(Address Space Layout Randomization):  makes it more difficult for exploits and malware to find the specific places in a system’s memory that they need to do their dirty work.

EMET can force individual applications to perform ASLR on every component they load, whether the program wants it or not. Please note that before you install EMET, you’ll need to have Microsoft’s .NET platform   at least a 4.0 .Net Framework should be installed. And while it does technically work on Windows XP (Service Pack 3 only), XP users cannot take advantage of mandatory ASLR and some of the other notable protections included in this tool.

To proceed with EMET, download the program and install it. To wrap EMET’s protection around a program i.e. Internet Explorer — launch EMET and click the “Configure Apps” button in the bottom right corner of the application window. Selecting the “Add” button in the next box that brings up a program selection prompt; browse to C:\Program Files\Internet Explorer, and then add the “iexplore.exe” file. It should be okay to accept all of the defaults that EMET adds for you.

While you’re at it, add the rest of your more commonly used, Internet-facing apps. But go slow with it, and avoid the temptation to make system-wide changes. Changing system defaults across the board – such as changing ASLR and DEP settings using the “configure system” tab – may cause stability, slowness and bootup problems which can cause the application to crash.

2. Sandbox 

If you’re looking to add extra layers or protection, consider purchasing a license to Sandboxie, which forces your programs to run in a protective sandbox that prevents said programs from making changes to the computer. This is effective when you are not sure of what you are abount to run or install. Avast Antivirus also provide a free form of sand-box which you can set certain applications, but it comes with the antivirus when installed.

3. Combofix is a malware removal tool that is extremely good at extracting difficult-to-banish malware and rootkits, malicious tools that attackers can use to burrow deep into an infected system. If a virus scan says you have some version of “TDSS” on your system, or you have an infection that comes back no matter what tools you use, try TDSSkiller. Other handy removal tools include Malwarebytes and Superantispyware. 

 4.OpenDNS : You can consider changing your router’s default DNS servers to those maintained by OpenDNS. The company’s free service filters out malicious Web page requests at the domain name system (DNS) level. DNS is responsible for translating human-friendly Web site names into numeric, machine-readable Internet addresses. Anytime you send an e-mail or browse a Web site, your machine is sending a DNS look-up request to your Internet service provider to help route the traffic.

Most Internet users use their ISP’s DNS servers for this task, either explicitly because the information was entered when signing up for service, or by default because the user hasn’t specified any external DNS servers. By creating a free account at OpenDNS.com, changing the DNS settings on your machine, and registering your Internet address with OpenDNS, the company will block your computer from communicating with known malware and phishing sites. OpenDNS also offers a fairly effective adult content filtering service that can be used to block porn sites on an entire household’s network. This will be discussed later explicitly.

Tips from Krebsecurity

DomainSite to Check the Status of WhoIsHosting

Have you tried find who is hosting your site, how fast your website load ( efficiency of your web host), to determine if a site is down,how many other website is hosted on thesame I.P or check the integrity of your site and many more information you seek about a particular site?

There are a number of sites to check for this information, but i will only be discussing five (5) site which i personally like using but it also depends on the information  seek . I will start my most often used ;

1. Intodns :
 This shows the status of a site especially effective when troubleshooting on a particular site. It displays three range of colours  ( Red: Error, Blue: Average but not too important, Green : OK ) to depict the status of a setting from MX Records, Missing Nameservers, Recursive Queries, NS records from your nameservers etc. Its free to use

2. yougetsignal : 
This is another beautiful site (huh). It has tools to check open ports on your site, identify external IP address, find out who is emailing you, reverse email and ip domain lookup. Its free also

3. blamestella : 
This site has some unique features and its interface is very attractive which is very unusually to other DNS tool site. The site show the response time of your site ( this can be used to determine the efficiency of your webhost) , Size of the homepage, Platform of Server, Website Content, Vendor and many more. Signup to get better features.

4. DomainTools : 

This is the most commonly used DNS Lookup Site,  It displays Domain Servers, Website owner Address, Contact mail,. It also has the ability to Registrar History, NS History:

IP History, Whois History, but to get the full information on this you need to have an account with them.

5. Whois :

 Not much information is displayed but its quite effective. It shows similar domains to the site, Expirztion date of registration for the site, Name servers and whois.

Other Informations;

1. SiteUpOrDown ; 
This an effective site to determine if a site is down or up.

2. SpamDistributor ; 
To determine if your IP is a registered spam distributor. funny thing is you may not be the culprit, your ISP is mostly responsible for this. so if any list comes with a red mark, then you need to start taking drastic steps by informing your ISP about this.

Tips to Speeding up Outlook

Is your Outlook configured as a Startup Application on your System? How long does it take to load it contents thereby slowing your work down.

Here are settings you can configure on your outlook, to speed up the boot time.

1: Repair with Scanpst

Scanpst is a effective tool that scans through your data file and look for data inconsistencies and errors. Scanpst comes mostly with the outlook during installation, locating it may be difficult, but searching through your C drive with the filename Scanpst.exe will make it easy. Before you run it ensure you backup your PST files because the tool can cause PST files to become unusable.

2: Download complete items

When you connect Outlook with either IMAP or POP3 (Messaging protocols), you should set your Outlook to download the complete message (instead of just the header). Doing this will prevent Outlook having to sync with the server every time you click on a new item (as it will already be in the data file.) On outlook 2007, you can do this from Tools - Send/Receive Settings - Define Send/Receive Group - Then click edit from the dialogue box that appears.

3: Reduce your published and shared calendars

The more you share, the more you drag the Outlook. The more data Outlook has to share and pull down from the Internet, the slower it will performs. Just know that the more data you have to push and pull, the slower your connection will be.

4: Archive your Inbox

Lots of people wait for their entire outlook to boot for mails 2 years ago to the current date, which can be time consuming and causing serious issues, especially when using PST files. Instead of just letting your Inbox grow out of proportions, set up an auto archiving so that your Inbox retains only a part of those mails. Better still leave only at most two month mail and archive the rest. Once you archive, you create a new data file, reducing the strain given to Outlook against the weight of an oversize PST or OST file.

5: Reduce add-ins or plugins

We install alot of programs, but what we do not know is that they end up installing other stuffs for other applications usage i.e Adobe or Foxit reader Plugins for Outlook. This can cause Outlook to slowdown. To find out what add-ins you have installed in Outlook 2007, go to tools - then Trust Center, on resulting window click on addins at the right side to list all add-ins available to Outlook. To disable , double click on the active plugins then click go below. From what comes up you can then decide which to disable by unchecking it.

6: Use Cached Exchange Mode

If you use Cached Exchange Mode in Outlook, you effectively take the data file from the server (PST) and cache it on your local machine (OST). This can go a long way toward speeding up your Outlook experience because Outlook doesn’t have to read its data file across a network. Instead, all it has to do is read the locally stored data file. This option only available when connecting Outlook with an Exchange server.

7. Regular Update of Windows

Make sure you allow Windows update even though updates for Microsoft Office are also hidden. Allowing the updates to happen can resolve issue with a patch to Outlook in resolving speed issue or security holes.

8: Compressing your PST file

Doing this will keep the size of that file under control.. One of the issues is that even when you delete email from your Inbox, the size of the PST file may remain the same. If you’re using Outlook 2007, goto Tools - Account Settings - Click on Data Folders - Then Settings, a dialogue box opens then click on compact now. The size of your data file, depends on how long the process can take .

9: Disable RSS

By default, Outlook will sync RSS feeds from Internet Explorer to the RSS reader in Outlook. If you have a lot of RSS feeds bookmarked in IE, that syncing could easily bring Outlook to slowdown. Disable this feature.On outlook 2007, goto Tools - Option - Other - Advance Option, look for Sync RSS feed on the list, then uncheck it.


Tips from TechRepublic

Portable Security Applications

Portable apps makes the work easier for Network Admins on the move, which are saved into your flash.  Below are some apps i consider a must have in my opinion;

1. Omziff : This is an encryption utility that can encrypt, split, and securely delete files (according to DOD standards), create file hashes, and generate random passwords. 

2. RemoveFakeAntiVirus: As the name implies removes any fake antivirus. This particular tool can be run as a portable app or, with the help of some scripting, can be saved on a drive and run on schedule or at bootup. Wonder why the designer choose a more obvious name?

3. Eraser portable: is a secure data removal tool that can remove data from a drive with multiple wipes, pattern writing, and you can instruct to shutdown or reboot a system.

4. Smaniff:   enables you to capture TCP/IP packets traveling on a network adapter and view the packets between source and destination making it easier for to troubleshoot the network but of course on every host individually.

5.Startup Lite: A very effective tool to disable apps that automatically runs once your syatem comes up.

6. BleachBit : for freeing up hard disk space and guarding privacy. This tool works effortlessly to free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard various types of junk you may not have known was on a system.

 7. Kaspersky rescue-disk:  The is my best rescue CD. This is downloaded as an ISO image, but you can install it to flash drive to boot from USB.  

This is just my list, but you can make suggestions on what can be added.

No-Script (Security as you surf the Internet)

This happens to be my best Add-on, guess its the reason why i would never leave firefox for now. Most infected site are script hijacker either through java, xss or plugins. This is where No-Script( a highly regarded security add-on) comes in, by keeping you safe if better managed and updated regularly. 

According to the creator (Giorgio Maone), it was first created in 2005 within three hours to disable JavaScript, Flash, Java, and other active content i.e plug-ins.

Among the web-based attacks NoScript prevents — even with scripting enabled — are:

• XSS: “Injection Checker” prevents malicious web pages from injecting their scripts inside other sites.
• Clickjacking: The ClearClick feature is the only effective client-side protection against this attack so far.
• CSRF: The ABE module intercepts by default any cross-zone HTTP payload.
• MITM: NoScript can make sure HTTPS is used if it is available, preventing this type of attack.

 NoScript helps by showing the script sources a web page attempts to load, letting you control them individually — even trusted websites may link third-party scripts which may not deserve the same level of trust. Also, if you don’t know who a certain script belongs to or if you can’t figure out the script’s role, middle click or shift click the NoScript menu entry to obtain information about it.But if you are contemplating uninstalling NoScript, it is better to use the Allow scripts globally command. 

Maone has released NoScript for Firefox Mobile in 2011, offering Android users a safer browsing experience. 

No-Script can be downloaded either b searching from the add-on search on Firefox or click noscript.

E-Mail Phishing

Google warned on that hackers were launching targeted phishing attacks against hundreds of Gmail account users. Google says "the goal of this effort seems to have been to monitor the contents of targeted users emails", with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings. Gmail enables you to forward your emails automatically, as well as grant others access to your account, this may be the most useful aspect of  using Gmail but Google also took this opportunity to remind users about the value of enabling 2-step verification.

Here are a few simple tips that can help you avoid becoming the next victim of these attack methods:

• Keep your software up-to-date. Legitimate, high-traffic Web sites get hacked all the time and seeded with exploit kits. Take advantage of programs like Secunia’s Personal Software Inspector or Filehippo’s Update Checker to stay abreast of the latest security updates.
• Be extremely judicious about clicking links in emails. Try to avoid responding to invites by clicking links in emails. I notice that Twitter has now started sending emails when someone re-tweets your posts: Avoid clicking on those as well. It’s safest to manage these accounts by visiting the sites manually, preferably using a bookmark as opposed to typing these site names into a browser address bar.
• Pay close attention to what’s in the address bar: Checking this area can prevent many email-based attacks. Staying vigilant here can also block far more stealthy attacks, such as tabnabbing( Where a URL is opened to a new tab, which later reloads changing the URL address and yet displaying the true content of the page) .
• Consider using an email client, such as Mozilla’s Thunderbird, to handle your messages. It’s a good idea to have emails displayed in plain text instead of allowing HTML code to be displayed in emails by default.

Antivirus for Mobile users

Do you really need antivirus on your mobile? My answer is always no and will always be no. But this is true, only if you follow this guidelines;

"If you did not go looking for it, don’t install it!”  If you intend to install it, make sure you have researched about its authenticity. Security software should never be viewed as a substitute for common sense and simple precaution. Anti-malware software is and always has been reactive, meaning it usually only detects a threat after some subset of customers have already been successfully compromised by it. 

“If you installed it, update it.” Yes, keeping the operating system current with the latest patches is important, but maintaining a secure computer also requires care and feeding for the applications that run on top of the operating system. Bad guys are constantly attacking flaws in widely-installed software products, such as Java, Adobe PDF Reader, Flash and QuickTime.

“If you no longer need it, remove it.” Clutter is the nemesis of a speedy computer. Unfortunately, many computer makers ship machines with gobs of bloatware that most customers never use even once. On top of the direct-from-manufacturer junk software, the average user tends to install dozens of programs and add-ons over the course of months and years. In the aggregate, these items can take their toll on the performance of your computer. Many programs add themselves to the list of items that start up whenever the computer is rebooted, which can make restarting the computer a bit like watching paint dry. 

CyberCrimes on Facebook

Now that Facebook is IPO, this wont stop the cyber crimes on the internet. Rather it has create a way for criminals on live on stakeholders by investing their tactics on social media users. Through various kinds of identity theft, linkjacking spammers send messages containing false ads or even viruses to the victims, pretending to be a Facebook friend. Hackers get malware on your machine and get tens if not hundreds of thousands of these machines under their control and then they rent them out to spammers and others to monetize the personal information they steal. These rented accounts can then be used to advertise products illicitly or to request money from unsuspecting friends.

Here are ways criminals use Facebook;

1). Commandeering Accounts: commandeering occurs when the criminal logs on to an existing user account using an illegally obtained ID and password. Once they are online, they have the victim’s entire friend list at their disposal and a trusted cyber-identity. The impostor can use this identity for a variety of confidence schemes, including the popular, London scam in which the fraudster claims to be stranded overseas and in need of money to make it home.

2). Profile Cloning: Profile cloning is the act of using unprotected images and information to create a Facebook account with the same name and details of an existing user. The cloner will then send friend requests to all of the victim’s contacts. These contacts will likely accept the cloner as a friend since the request appears to be from someone they’re familiar with. Once accepted, the crook has access to the target’s personal information, which they can use to clone other profiles or to commit fraud. Hacking acumen is unnecessary to clone a profile; the criminal simply needs a registered account.

3). Phishing: Phishing on Facebook involves a hacker posing as a respected individual or organization and asking for personal data, usually via a wall post or direct message. Once clicked, the link infects the users’ computers with malware or directs them to a website that offers a compelling reason to divulge sensitive information. A classic example would be a site that congratulates the victims for having won $1,000 and prompts them to fill out a form with certain information to be confidential. 

4). Fake Facebook: A common form of phishing is the fake Facebook scam. The scammers direct users via some sort of clickable enticement, to a spurious Facebook log-in page designed to look like the real thing. When the victims enter their usernames and passwords, they are collected in a database, which the scammer often will sell. Once scammers have purchased a user’s information, they can take advantage of their assumed identity through apps like Facebook Marketplace and buy and sell a laundry list of goods and services. Posing as a reputable user lets the scammer capitalize on the trust that person has earned by selling fake goods and services or promoting brands they have been paid to advertise. 

5). Mining Unprotected Info: Few sites provide an easier source of basic personal information than Facebook. While it is possible to keep all personal information on Facebook private, users frequently reveal their emails, phone numbers, addresses, birth dates and other pieces of private data. As security experts and hackers know, this kind of information is often used as passwords or as answers to secret security questions. While the majority of unprotected information is mined for targeted advertising, it can be a means to more pernicious ends such as profile cloning and, ultimately, identity theft.

6).Spam: Not all spam — the mass sending of advertisements to users’ personal accounts — is against the law. However, the existence of Facebook and other social sites has allowed for a new kind of spam called clickjacking. The process of clickjacking, which is illegal, involves the hacking of a personal account using an advertisement for a viral video or article. Once the user clicks on this, the program sends an advertisement to the person’s friends through their account without their knowledge. 

So in a nutshell, be wary before you click on any link, like a post or comment or fill in information from a link redirected from Facebook. Always think security not about yourself but those of your friends.

Network Vulnerabilities for Small Business

Most of the known network attacks are internally either deliberate or unintentional by the culprit. Most of the holes used by an attacker are security flaws we take for granted either as an end user or as an Administrator of a network. Large organisations prefer to outsource their network management or use other forms of network security like Novell, Solarwind or Active Directory. So what about small businesses who must think about cost before the implementation of a network security update or hiring an expert to manage their network. Here few security tips you can implement on your network on your network and at the user end.

1. Printer : if you are using a network printer , change the default IP and admin password of the printer after setup. If you are not using a network printer, probably a shared printer across the network, ensure that anyone that comes into your network cannot easily access your shared printer or folder. This can be done by assigning a network password before access to a shared network.

2.Shared Document: Access to the shared document must be through a network password as i said earlier, but you can also add the right to only view not edit to guest or other users except admin users.

3. Network Devices: This can be your Routers, Switches or Repeaters. Physical access to this devices must denied to anyone, except the administrator .All default password to this devices must be changed and remote access for configuration should be disabled. Ensure you use WPA2 as your wireless security because of its 128bits encryption. and if possible its adviced you make use of static IP address over DHCP .

4. Laptop or Desktop: Most Operating System from Windows Vista upward has applications that has the ability to encrpt your Hard Disk i.e Bitlocker, Truecrypt. Ensure your browser is set not to store passwords and Block reported malicious website. The boot option should be set only to Hard Drive while all other boot options should be disabled and after this a bios password should be set.

5. USB Ports: This can help prevent users or outsiders from maliciously stealing data or to simply prevent users from using external storage due to the data theft issue. For instance to block new USB storage devices from installing, deny access of these two files to the desired users or groups by modifying their file permissions through groupedit, from the BIOS or using 3rd Party Softwares ie DeviceLock , USB PortLock

6. Softwares : A very good anti-virus should be used most especially an internet security ant-virus. Always allow Install Microsoft Updates to fix holes through its patches. There is one other thing if using a genuine Microsoft Operating System, install Microsoft Security Essentials

Preparing for the Internet Outage?

Are you prepared for the July 9, 2012 deadline that the FBI has set to shut down temporary “clean” servers.This is when hundreds of thousands of computers will be unable to access the Internet because of actions by the FBI.How prepared are you or your organization before the deadline approaches.

Last November, the FBI announced the successful shutdown of a major click-jacking fraud ring in a joint investigation with Estonian authorities and other organizations, including anti-malware company Trend Micro. Seven individuals, including six Estonians and one Russian, were charged with wire fraud and computer intrusion crimes. The investigation, dubbed, “Operation Ghost Click“, included the takedown of a botnet comprising nearly 4 million infected computers. Authorities raided datacenters located in New York and Chicago, removing nearly 100 servers. The computers that were members of that botnet were infected with the malware known as DNS Changer that has been in circulation since 2007. So is your PC a member of the botnet?

Affected users then would be directed to sites that served malware, spam or large advertisements when they tried to go to popular websites such as Amazon, iTunes and Netflix. Additionally, some variants of the malware blocked access to anti-malware and operating system update sites to prevent its removal.

So how do you check if you are infected? Below are steps to follow:

1. Manually check OS computers for infection; Click start , then click run but if you are using vista or windows 7( type run) then enter. Once is up type ipconfig/all, then check from the list display the DNS Server IP. Essentially, if your DNS servers IP listed include one or more of the addresses in the following list, your computer might have been infected:

    85.255.112.0 through 85.255.127.255
    67.210.0.0 through 67.210.15.255
    93.188.160.0 through 93.188.167.255
    77.67.83.0 through 77.67.83.255
    213.109.64.0 through 213.109.79.255
    64.28.176.0 through 64.28.191.255

Also note you need to check your router SOHO settings of DNS.

2. Going to the any of the following sites below.

a. http://www.dns-ok.us/ : This site will display an image with a red background if the machine or router is infected. On a clean machine, it will be a green background. There are other sites you can visit, depending on your language or locality.

Site                               Language                          

www.dns-ok.us             English                              

www.dns-ok.de            German                             

www.dns-ok.ca            English/French                   

dns-ok.gov.au               English                               

dns-changer.eu            German, Spanish, English 

3. The FBI also provides a form where you can enter the IP address of the DNS server configured on the machine:

Now that i may be infected what do i do next?

Below are some steps to follow:

a). The first thing you want to do is make a backup of all of your important files.  You might go to a computer store or shop online for a portable hard drive and copy all of your files onto that drive.

 b). Either you or a computer professional that you rely upon and trust should follow the “self help” malware clean up guides listed below.  The goal is to remove the malware and recover your PC from the control of the criminals that distributed it.  If you were already thinking of upgrading to a new computer, now may be a good time to make the switch. If not, then a full reinstall of the operating system will ensure a successful repair or using some removal tools available i.e:

i) Hitman Pro

ii). Kaspersky Lab TDSSKiller

iii). McAfee Stinger

iv).Microsoft Windows Defender Offline

v). Microsoft Safety Scanner

vi). Norton Power Eraser

vi). Trend Micro Housecall

vii). MacScan

viii). Avira

c).Once you have a clean PC, follow instructions for ensuring that your DNS settings are correct.  If you’re not using a new PC, you’ll want to check that your computer’s DNS settings are not still using the DNS Changer DNS servers.  We hope to have some of our own instructions soon. You also have the option to return to using your ISP-provided automatic settings by choosing the “automatically” option (Windows) or deleting any DNS servers listed (MacOS).
 

d).After you have fixed your computer, you will want to look at any home router you’re using and make sure they automatically use DNS settings provided by the ISP.  We’ll have a document for this soon.

Changing DNS is only one of the functions of the malware kits.  The malware could have been used for capturing keystrokes or acting as a proxy for traffic to sensitive sites like bank accounts or social media.  It would be a good idea to check your bank statements and credit reports as well as change passwords on any online accounts especially saved passwords from your applications or web browsers.
 

What to consider when buying a Laptop

1. CPU(Processor): This is very important when purchasing a PC, because the speed in which your processor calculates and process instruction given determines how quick its response time will be. It is usually in GHz, when buying so the higher the frequency(Hz) the better the performance. Examples;

Intel Processor

32 bit order of low to high: Celeron> Pentium M > Celeron M > Intel Core .> Dual Core

64 bit order of low to high: Xeon> Pentium Dual Core> Celeron M> Intel Pentium(Core i3,i5,i7)

AMD Processor

a. AMD sempron is a 32 bit processor, which has only one processor core. It supports the HyperTransport technology. .

b. AMD Athlon 64 x 2 dual core can be used to run 32 bit applications and 64 bit applications. It is equipped with two cores. One of the processing cores is located in the chip. It has a faster speed compare to AMD sempron. Because it offers faster speed, it can handle multiple open programs efficiently.

c. AMD opteron provides the capability to perform 32 bit computing and 64 bit computing. AMD Opteron is built based on the Direct Connect Architecture. AMD Opteron is originally designed to run 32 bit applications. It is used in 1 way – 8 ways server and workstations.

2.Sockets: Ensure your laptop has enough USB, firewire or other ports(parallel, serial, s-video) depending on your needs.

3. Screen-size: Depending on what you want to use it for, you can choose from a variety of screen size which is measured in inches (12", 15", 17", 21" ).

4. Hard Drive: If you are the type that deals with software and Data, then you need a huge storage space. For a standard user a 160GB HDD is ok or you could decide you want more.

5. RAM: The more the RAM, the better the PC can handle more task in conjunction with the processor. For someone who work on softwares which requires Graphics, will suggest you go for at least 4GB RAM on a windows 7. If you have a lesser RAM, and your PC requires more RAM to run an Application then it will start eating up into the HardDisk to form a Virtual Memory. This has its down size, because you will be over working the HDD. So its better you get another higher RAM.

6. Battery Life: If battery life is very important to you, then check if the manufacturer offers a long battery life.

7. Peripherals: Those the laptop has Bluetooth, wireless, webcam, Optical Drive etc.

Reset your BIOS Password

There are lots of tools to reset your BIOS password, but will recommend the following haven used it. They are as follows;

1. PC CMOS Cleaner:  a tool to recover, delete, decode and display the superior passwords stored in BIOS whatever the brand is. Most types of BIOS such as AWARD, AMI, Compaq, Phoenix, Samsung, IBM, Compaq, DTK, Thinkpad, Sony, Toshiba are supported. It’s an bootable CD that runs on x86 and x86_64 computers. It can display the superior passwords of the BIOS, remove BIOS password(will set the BIOS to default status, need reset date).

2. !Bios:  developed for a brute, blunt removal of passwords from BIOSes. !Bios can decrypt the passwords used in some most common BIOS (including various bioses/versions by IBM, American Megatrends Inc, Award and Phoenix). !Bios can do crude, brutal attacks which remove password from a lot of Bioses.

 NB: a very dangerous tool which can give unexpected and unwanted results.

3.CmosPassword:  Designed by CGsecurity, it decrypts password stored in cmos used to access BIOS SETUP. It works with the following BIOSes: ACER/IBM BIOS, AMI BIOS, AMI WinBIOS 2.5, Award 4.5x/4.6x/6.0, Compaq (1992), Compaq (New version), IBM (PS/2, Activa, Thinkpad), Packard Bell, Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107, Phoenix 4 release 6 (User), Gateway Solo – Phoenix 4.0 release 6, Toshiba and Zenith AMI. With CmosPwd, you can also backup, restore and erase/kill cmos. You will have to logged in as administrator, run 

c:\cmos>ioperm -i

then run

c:\cmos>cmospwd_win.exe

4. Default Passwords:

AMI Backdoor or Default BIOS Passwords
A.M.I.
AAMMMIII
AMI
AMI SW
AMI?SW
AMI_SW
BIOS
CONDO
HEWITT RAND
LKWPETER
MI
Oder
PASSWORD

Phoenix Backdoor or Default BIOS Passwords
phoenix

  

Tango vacancies

Exciting vacancies for programmers, software designers etc

For the URL, click Tango  . 

Enjoy your stay on this site

Securing Your Browser

Surfing the net can be dangerous, but do know you can give yourself what i can call a "FirstAid Kit" against malicious sites.

I will talk about this on the most used browsers. First i will discuss Securing your Firefox Browser.

 

Mozilla: Being the most used browser, with the largest add-on app. Add-ons are like extension to the browser, which are installed into the Mozilla. So what are the types of add-on that can protect you when surfing the net.

1.  HTTPS Finder: Its detects and enforces HTTPS connections when available on a site.

2. HTTPS Everywhere : Ensure that every search on our browser sent are encrypted and at the same time, encrypt most or all of the browser's communications with some other sites:

3. No Script : Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.

4. Secure Login : Protect against phishing, malicious JavaScript code to automatically steal your login data, Websites requiring JavaScript for the login process can be added to an exception list.

5. Webutation : shows you the reputation of a site with a simple green/yellow/red icon and scans websites against virus and bad user feedback

  6.Ghostery : Protect your privacy. See who's tracking your web browsing and block them with Ghostery.