Posts Tagged ‘Viruses’

I get a lot of email. A LOT. Between work and personal emails it is a wonder I find time to do anything other than answer or deal with emails.  All I know is, that on those days when something goes wrong with our email server, there is a lot more work getting done, although the urge to keep checking to see if it is back up and running does cause some stress.

Part of the curse that is email, is dealing with spam and junk emails. If you set your filter too strict you end up missing important emails, and if you don’t use any filtering you end up with so much crap to deal with you will be pulling your hair out.  Of late I’ve noticed an increased amount of utter crap coming in again.  Not sure why, seems to be a cyclical thing every few months, and I have to laugh at the horrific spelling and grammatical errors in the emails and wonder if they ever catch anyone in their webs with these?  Below is a perfect example of what i mean…

greencard

The nice thing is that the spelling and grammar mistakes usually make it easier to spot the spam. (‘appliance’ used when they meant ‘application’ for instance)

Another dead giveaway is the “actual” email address that the email is coming from or directing you to reply to (dontreply@perfectinput.org in the example).  More often than not, you will see a link that when you hover over it you can see the address which rarely matches the supposed subject (witoptions in this case does, but if you google it it doesn’t exist as a company and is fishy enough not to clink the link) and takes you to some ad website that will get you stuck in an endless loop of trying to close popups and pop-unders.  A good idea is to use a domain lookup site like “Whois” and check the domain name to see if it is even valid.  If it’s a real site, there will be info on it.  That doesn’t mean it is a valid website or email, just a better chance that it might be legit.

When spotting spam in the wild, there are tons of common phrases to look for.  Offering pills is big one of late, and I’m sure we’ve all seen at least one from some President of some foreign country offering to send us money if we give our banking info.  Many make vague statements about you and your previous involvement with their company, or offering you something for nothing.  Typically I find it best to toss any suspicious emails without even opening them just by previewing the subject line.  It used to be you could create a list of words to block, but even that is getting tougher since many bots or people substitute other letters or characters for some letters in words to sneak thru.  A bracket ‘(‘ for a capital ‘C’ for instance, or using the number ‘0’ for the letter ‘o’.

Remember, no bank is going to contact you via email and request info, or confirmation of any interactions you’ve had with them, so anything you get from any bank it is best to assume is fraudulent and follow-up with your bank directly.  I’ve even forwarded a few emails to my bank so they are aware and can warn others.

The old adage, “when in doubt throw it out” is never more on point than when dealing with email nowadays.  Thankfully the scammers and spammers are attacking in bulk and hoping they get one response out of the thousands they send out, and as such their attacks are easily spotted with a little vigilance.  Keep your eyes open and be careful what you click on or reply to.

“He is most free from danger, who, even when safe, is on his guard”. (Publilius Syrus)

-barkerp

Advertisements

When people hear “terminal” they immediately think of being at death’s door, which is why it confuses me why Apple calls their command-line program Terminal. It is not something to be hiding from. The command-line is something that can be very useful. For instance, seeing everything on your Mac can make it easier to perform certain functions, such as deleting the files associated with the FlashBack virus.

There are all kinds of stories about the FlashBack virus, and if you are concerned you may have it, go to github and download the checker app here.  It’s a small download and while it won’t remove the virus from your Mac, it will check to see if you are infected.  If you are infected, thankfully Apple has addressed the issue, although many people had already followed the directions to remove the virus manually, such as one of my coworkers.  It  is not that tough to do, but you do need to fire up the Terminal and get all command-liney with it.  If you want to do it the easy way, check out the Apple security update info here.

Getting back to the Terminal though, one thing that comes in handy as alluded to earlier, is the ability to see all the hidden files on your Mac.  Part of removing the virus manually requires you to get rid of a few hidden files buried deep in your library.  The easiest way to see the hidden files is with a third-party app like MainMenu (paid), TinkerTool (free) or Onyx (free).  But if you don’t have any of those already installed, don’t despair, Terminal is pre-installed on every Mac running any recent version of OS X.

Open it up and you are greeted with a screen that harkens back to the old DOS days of typing out commands.  At the command prompt type the following…

(NOTE:  all commands below are to be typed without the quotes.)

defaults write com.apple.finder AppleShowAllFiles TRUE

then return and type:

killall Finder”

You will now see all the hidden files in all directories and on your desktop.

and to change it back:

defaults write com.apple.finder AppleShowAllFiles FALSE”

again followed by:

killall Finder

The command is the same, just changing the last word which is the setting from TRUE, being on, to FALSE, being off.  A simple setting that gets repeated all over the place in any Unix based OS like OS X.   Many times commands are either on or off, true or false.  That is just one simple example of what can be done with just a few words and no need to install anything.

The Terminal is your friend.  Don’t be afraid, but do be cautious.  A spelling mistake can prove disastrous.  I hope it is not too late to mention, but remember to backup your Mac before you start deleting anything, even if cleaning off a virus.  There are no do-overs or undos when it comes to Terminal commands.

Happy command-lining,

tcg

 

Routines.  In day-to-day life they can be good. Taking away some of the stresses by getting into routines can make life easier.  I always put my wallet, iPhone and keys in the same place at night for instance, that way they are easy to find in the always-in-a-rush-why-didn’t-i-get-up-earlier mornings.

But routines can also be dangerous in that we sometimes become lazy when it comes to our maintenance of our computers and devices when it comes to security.  Which can be especially bad this time of year as we find ourselves with a bit more time on our hands to spend with family and friends, the last thing you want is to find your trusty computer bogged down with nasty malware, adware, or the latest threat, Scareware.

What is scareware you may ask.  It’s those popups and emails you get telling you that you may already be infected and need to update or install a new program to protect yourself.  Always with a cost involved.  These warnings are coming at you from every side now it seems, social networking sites warning you, emails, website popups, etc. all trying to get you to drop your guard and install the problem that you are being warned you already have.  Another strain of these is fake antivirus.  Fake antivirus is fake security software which pretends to find dangerous security threats—such as viruses—on your computer. The initial scan is free, but if you want to clean up the fraudulently- reported “threats,” you need to pay.  Don’t be thinking if you run a Mac you are free of this threat either.  Its a growing market and Macs are becoming a lucrative part of it, possibly because most Mac users have gotten used to thinking they are immune.

Many times these scareware programs take you to fake scanning pages, which then give you fake results in an attempt to scare you into purchasing their software to remove the threats.  More often than not these threats are fake and you end up causing more problems if you download and install the supposed fix.

These scams can be found in numerous formats and flavors lately ranging from fake movie download pages prompting you to download a supposed codec you need to play the video, or Email Account suspension scams telling you that you need to provide information in order to remove the suspension.  I’ve seen a bunch of these of late, each time slightly different from the last, but regardless all fake.  Even some supposed “ecard” sites telling you that you received an electronic greeting card from someone.  Make sure you check the sending address of any ecard  you receive, because this is an especially effective way to get you to download a virus.

These tricky little buggers also like to hide in temporary areas on your Pc once installed and have the ability to create random file names, and recreate the infection if you don’t clear it out completely by hiding its own installer in another spot on your computer (typically  C:Documents and Settings<user>Local Settings Application Data, or c:windowstemp).

Sure, windows users are more easily targeted and have been the most widely affected, but don’t think because you use a Mac you are immune, that’s just not true anymore.  The more of us there are out there, the bigger a target market for the nerdowells who would rather take your money than make their own legitimately. It’s not going to go away, there is too much money being made from the unsuspecting, so it is best to protect yourself by keeping your antivirus updated, some of which have anti-spam built-in.  If yours doesn’t you should find a solution that does.

As it is often said, the best defense is a good offense.  Or an ounce of prevention is worth a pound of cure.  Either way, what it boils down to is think before you click.  It only takes a second or two to check and make sure you are not just opening up a can or worms that is going to ruin your day, or your week & potentially destroy your personal data.

As Robert Bateman so aptly put it… “Creation is long and difficult, destruction is quick.”  So protect yourself and your data.  Scareware is one of those things that once you’ve made that one quick wrong click it can seem like forever undoing it.

tcg

You may have heard of MacKeeper, but have no idea what it does, or how it works, or if it’s right for you.  I’ll try to answer all that and also fill you in on a great way to use portions of it without shelling out the bucks if you are on a tight budget.

Most people have tons of programs on their Macs that are constantly being updated, and while some of them let you know when you start them up if they have updates available, not all do.  This is the reason other apps like MacKeeper have come into being. We all need an easy way to check and see what programs have updates available without having to open every program in our applications folder.

I used to use a dashboard widget but found the results to be more incorrect than anything.  Mostly to do with application names it seems.  It would report back available update for programs where there were none, and it got rather annoying.  So far from my limited usage of MacKeeper this has not been as much of a problem.  But I’m getting ahead of myself a bit.

3,700% installed? hmmm, that seems a little off.

MacKeeper is a program whose intention is to help keep your Mac clean, up to date and problem free.  For more info check out their website  http://mackeeper.zeobit.com/index  It’s a small download and simple install, only taking up about 17.3 meg of space.  The scanning however can take a little while longer – full scan on my MBP took about 20 mins.

It’s touted as being a fully functional download, which I suppose is correct as long as you don’t include actually fixing any problems as part of the functionality.  I had the program installed and running and getting test results before any mention of needing to pay for the program to actually do any cleaning or housekeeping.  When I went to fix a couple of errors automatically, thats when I was taken to the website and shown the cost of the program.  I toyed with buying it to see the full results of the automatic cleaning and the full functionality but I’m always looking for cheap or even Free ways to get things done for those people who are on a tight budget, so I decided to see if the info reported back could be used without buying the app.   Short answer: Yes.  Longer answer:  Read on.

(edit: as I was about to post this entry, I checked the MacKeeper webpage and see that they are now stating it is a fully functioning 15 day trial, although my install tells me my trial is up without me ever getting a chance to use any of the features)

scanning in progress

results have easy to see sizes for each problem

programs in need of updating. maybe.

there is a lot of power packed in there

If you are wondering if the app is worth the money, that’s been dealt with numerous times by numerous people (as a matter of fact as I was writing this post i saw MacLife posted a story about the app) and I’m not going to regurgitate their comments, my take on this app is how can someone with a few problems fix it for themselves without shelling out the big bucks because lets face it, sometimes the easiest solution is not financially viable. (students read that as more beer money remaining in your pocket)

One thing to note.  As mentioned earlier, some of what it reports as outdated is incorrect.  I had this same problem with version tracker.  It used to drive me nuts so I stopped using it.  It would appear to be just par for the course with this type of program, for instance, with MacKeeper  I’m told Skype is outdated.  Not so.  Ran Skype, checked for updates, and was told I have the most current.  Same thing happened with a few other apps, so take the results with a grain of salt, sometimes the updates are just available Betas.

Little things like “Cache Cleaning” are easy for you to do yourself with freeware programs you may already have, or even restarting your Mac will clean out a lot of that clutter.

Languages” is one area I’m a little hesitant to start messing with so do so at your own peril.  I used another app a few years back to “localize” my install and it ended up screwing up a few of my programs and had to restore a number of files from my Time Machine backup.

Logs” are another great way to clean up some space fairly easily since the app reports back the locations of all of them for you if you want to hunt and delete on your own.

Duplicate Finder” is another great list that may be helpful to you, but again, use it with a grain of salt.  Not all of the duplicates found are necessarily ones you want to delete.  Email attachments show up as duplicates for instance, and for me blowing them away out of folders would mean I’d have a bugger of a time finding them again buried in those emails if I needed them.  Like most of the components in MacKeeper – this is a very powerful and should be used carefully.  Which is why I’m always hesitant to let apps do any quick cleaning themselves.

I’ve only touched on a couple of the features of this program, as you can see from the screenshot above, there are many parts to this app that allow the average user to control and view all sorts of information.  As always, be prepared before you start tweaking anything and ensure you have a fully functioning backup of everything.

As to whether you should buy the full-blown app, I’d say if you are having any issues beyond the updating of software then it might be a good way to consolidate all your maintenance into one place.  You can do much of the same fixing and tweaking using other freeware programs (search “cache cleaner for mac” in google for instance and see how many free programs there are) or by doing them manually by yourself using the tools already installed on your Mac, but sometimes it is easier to get help and save yourself the headaches.  Especially when it comes to antivirus on a Mac.  If you are one of those people who doesn’t check embedded web links before proceeding to them, or sometimes opens zip files without first checking to see who or where they are from, then you probably need an antivirus program (there are even free antivirus programs out there for Mac OS X if you feel so inclined).

Sometimes just seeing what all the clutter and mess is, is enough and you can deal with it yourself .  Other times you need some help cleaning it out.  If the latter is true, then MacKeeper could be your virtual housekeeper, just be careful not to give it the keys to the house without watching over what it’s doing or you could find your silverware missing.

tcg

I got an email from NACHA, or at least that is who they were pretending to be.   It seemed a little fishy to me, or should I say “phishy”.

Here’s a screen grab of the original email:

looks like the real thing, but it is a clever fake

I should start by saying that Yes, NACHA is a real organization, but just because its real doesn’t mean you should trust an email to be from them.  There has been a glut of PayPal and banking scams over the past few years, and in general, phishing attacks are becoming more and more clever.

A couple of things tipped me off, or at least caused me pause.  First:  The email mentioned a recent payment from my checking account.  I knew I hadn’t made any payments from my checking account (that spelling drives the Canadian and Brit in me nuts – its chequing, but I digress) recently that were not pre-authorized and recurring.  Second:  The “report” they referred to was an attached “.exe” file of a PDF.  Yeah, riiigght.  No one in their right mind would ever send an “.exe” these days and expect it to be opened, they just scream VIRUS.

A couple of quick things you can check (not cheque) if you are doubting the authenticity of an email.  Check the headers and return path of the email.  (On a Mac in mail, go to View and down to Message > Raw Source.  On a Windows PC running Outlook, you go to View and down to Options and will see the internet headers.)  Typically the first line is the return path, unless its from a mailer daemon, then its buried further in.  In this case it was a “gmail.com” address.  That is always a good indication something is not right.  Another thing was the supposed report file, that infamous “.exe”.  The path to where it was stored is a blogspot address.  I’m fairly certain that if indeed NACHA had some info I needed to see it wouldn’t be storing the file on a blogspot server or using a Gmail address to send info.

Another good indicator was the fact there is a notice on NACHA’s website homepage about a phishing scam.  I forwarded the email I had received to their “abuse” email address and got the following response which reinforced my suspicions:

this one is real

The moral?  When in doubt, be a Doubting Thomas.  Its better to confirm with the alleged sender before trusting them than to try and fix the problem after the fact.

Phishing attacks and the subsequent identify theft or malicious software being installed because of them has become just an everyday part of the potential dangers of being connected, but don’t run and hide, just take some time and think before you click.  Use that as a motto in all things you do on a computer or any connected device, Think before you Click.  It can save you from numerous harmful attacks and problems, as well as maybe stopping you from sending a flame to someone you will regret later, but that’s another story for another time.

tcg