TechSmart TechBlog

{This text was sent to all of our TechAlert subscribers.  To get these messages from us automatically, subscribe to the list here}

Good Morning,

We thought we would let you know that Microsoft has released updates marked as critical:

According to Computerworld – ” Microsoft today patched 15 vulnerabilities in Windows, Windows Server, Excel and Word, including one that will probably be exploited quickly by hackers. None affect Windows 7, the company’s newest operating system.”

Of primary importance is MS Security Bulletin MS09-065 which addresses a vulnerability in the core when using Internet Explorer.

This update is very important because it has the potential to bypass some anti-virus scanning mechanisms, and because it is a ‘drive-by’ download.  A ‘drive-by’ download is when a web server is compromised, typically without the website’s knowledge.  When you access a website a component can be downloaded automatically without your knowledge or consent, which can then be used thru this security hole to install other programs.  Typically we’ve seen this in our shop as ’spyware defender’ or ‘anti-virus’ products that will ask you to ‘update your subscription’ or guide you to a phony page to attempt to get you to buy a product that doesn’t really exist.

Defending against these attacks:

1. Always run Microsoft updates, if possible automatically.  You can run updates manually right now by going to your Start Menu and finding “Microsoft Update” or “Windows Update” under Programs.
2. Always run an up-to date anti-malware program.  We recommend and use AVG (free for home use) or the more complete and powerful Norton from Symantec.  Other programs such as McAfee, TrendMicro and Kapersky work as well, but be very careful about antivirus products that look too good to be true, or are very pushy about sales.  If you are in doubt- give us a call at 970-498-0808
3. Consider using an alternate web browser if possible such as Mozilla Firefox or Google’s Chrome browser.  DJ has been using Firefox for 7 years without issues.
4. Stay away from websites with higher incidents of malware- this includes Porn, Cracker sites, ‘free’ music download sites and just about any site that asks you to install a ‘codec’ or other viewer.  Steer clear of Facebook applications and sites like Plaxo that will trick you into sharing your personal information.  Also, we do not recommend toolbars for Internet Explorer or Google other than MSN, Google or Yahoo.  Others have been known to be a portal for spyware and other things that can slow down your PC and leave it more vulnerable to attack.

As always, if you have any questions- please feel free to call or email us for help.

-TechSmart Solutions Group

Many users have been seeing a lot of emails apparently coming from msnbc or cnn, claiming to be breaking news stories, usually involving several pop-culture figures.

This represents one of the most well-crafted scams of all time, and it’s getting worse.

The link directs you to a website that will use a Windows Internet Explorer exploit to install what appears to be ‘anti-virus’ software, or to install a ‘codec’ to view a video.  One variant even tries to get you to install an unsigned ‘flash’ viewer.

Never before have we seen such a well crafted scam, and most basic ’spam filters’ will not do well with these types of emails because they seem to come from legit sources and don’t have the usual signs (spelling errors, profanity, etc) of Un-Solicited Email (UCE) or Spam.

Below I have a picture of what the email looks like in the msnbc variant.

There are a few things that give this away as spam. First off- look at the From address. Obviously not from where it claims to be from. Also, if you mouse over the links (DO NOT CLICK THEM, just hover your mouse over it), most email software will display the actual destination of the link. Notice that it’s very different than where it claims to go.

These are some of the basic ways you can tell. Obviously if you see these messages, just delete them.

If you use our Privacy Networks email filtering, you may see Privacy Posts that look like this:

You’ll notice that these messages will more than likely end up in your greybox, and some messages may even get thru- DON’T panic. The Greybox will empty itself eventually or you may log into your Privacy Networks account on our server and purge the messages yourself, but no interaction from you is required.

Getting Spam Filtering (that works)

We’ll be honest- we didn’t see this for what it was until pretty late, because our spam filters were catching this early. If you don’t have our privacy networks filtering, we highly suggest you call us about getting it! Call us at 970-498-0808 and ask us if we can help you reduce your spam and take back your inbox.

What to do if you are infected

This infection spreading is what causes more of the emails to go out. If you get messages that your antivirus filter has detected several thousand viruses, please give us a call at 970-498-0808. In many cases, we can resolve this issue with you over the phone using our exclusive Remote Support options- in most cases, you won’t even have to bring in your PC, we can help you right over the phone (all you need is an internet connection).

If you are a customer that is able to use our Customer Support Portal, we ask you to please log a ticket using that system as our phones are very busy as we deal with this issue.

Getting Anti-Virus Software

We always recommend having good antivirus software. For home users, we recommend Norton from Symantec or AVG (which is free for home users). In your office, please talk to us about installing Symantec Corporate edition, or a host of internet content filters that can help prevent these issues.

If you’d like us to answer any questions you have, please go to our website and click “contact us” to send us a message.  We’ll get back to you as soon as possible.