PDF Exploits and how to prevent them

Now we know that there are PDF Exploits being used more and more to fake anti virus software. I am here to discuss how to make it harder for these exploits to happen in the first. So I will be walking you through using Firefox as the browser, so if you haven’t downloaded Firefox. I would recommend downloading it, it is much safer than using Internet Explorer.

In Firefox, Click Tools, and then Options:

AdobePDFprevent

You will look for anything that says Adobe in the Applications tab and select either Always ask or Save file.   I recommend setting it to “Always Ask” for the one reason you will know if you have visited a site that uses PDF’s, it gives you a warning of when some website tries to uses Adobes PDF reader.

I also go into Adobe Reader:

Click Edit>Preferences

AdobePDFprevent1

Disabling Javascript will help prevent some of the more common exploits in Adobe, and anyway I do not need Javascript enabled to read a PDF because I hate flashing stuff while I am trying to read.

AdobePDFprevent2

This will prevent it from using your web browser you will have to use Adobe Reader to read this.   From my understanding if you use Adobe Reader in your browser they can put redirects in internet explorer and have some control over what you browser does when you load it up.   This prevents any exploit from taking over IE, or Firefox because now they work alone and not together.   While you at it with Firefox, I would go into the Addons Section.   Click Tools>Addons and Disable the Adobe Reader Addon to be even more safer on the internet.

Now this won’t protect you a 100% but will greatly make it harder for those invisible Iframes to infect your system.   I also have Free AVG running and [intlink id=”3884″ type=”post”]SUPERAntiSpyware Pro[/intlink] running all the time to better protect my system.   You may need to download the PDF to be able to read it.  You can change the Firefox options above to save it instead of asking what you want to do.

Malware sites for July 30, 2009

I just got some news about a few sites:

personalantivirus3

  • husger.info (Scareware, Rogue Antivirus)
  • antivirus-quickscanv5.com ([intlink id=”3607″ type=”post”]Personal Antivirus[/intlink])
  • safe-online-scanner.com ([intlink id=”3607″ type=”post”]Personal Antivirus[/intlink])

These sites are either claiming you have a virus and are considered either URL Redirects or URL Hijackers.   If these sites keep appearing on your web browsing maybe it is time to do a complete system scan and get that spyware off your system.   Some of these Rogue Antiviruses  may even have a security adviser claiming random sites are infected with viruses or Trojans and claiming they are unsafe.  These sites are either wanting you to isntall the software or trying to sell you the fake product, which will do nothing but harm your system.

Threat to System : Moderate

[rating:4/5]

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware.

I recommend :

[ad#SUPERAntiSpyware]

Computer Security : important caveat not all websites are safe

Everyday we’ve seen people get infections on there systems and most don’t understand that they’ve been duped and have installed the software themselves.

In this article we will talk about how most people will willingly install these Trojans and virus themselves for several different reasons.

ineluctable truth about Human Nature

These malware authors know all about how people think.    It usually happens when people think they are seeing something provocative and something you can watch in your private homes.   There are several different ways to do this:

  • News stories —  Alas this is always being used to spread malware.   For example Erin Andrews Peephole malware.
  • Fake photos files — This is also a very common ploy, to make people think it is a Photo but in reality it is an Executable.  Example : MichealJackson.JPG.EXE
  • Fake Codecs — You visit what you think is a popular movie and it says you need to install a codec.  This is another way for people to get infected with a Trojan, or a Virus.   For example : [intlink id=”3739″ type=”post”]Harry Potter and the Half Blood Prince malware[/intlink].
  • Fake PDF’s —  There have been known exploits in the Adobe Reader and Adobe where a malware author can take control over the pc and install whatever they want into the system.  Example : Attackers Target New Adobe Flash/Reader Flaw

As you can see these are just a few but have been used in the past so it doesn’t mean they won’t be used in the future.   The Malware authors will also use Social sites to infect your pc, Here are a few common ones:

  • You get a message that states “[intlink id=”3662″ type=”post”]Look at this[/intlink]” Most of the twitter users were very curious and had not seen alot of malware on twitter and was very trusting, so they would willingly go to these sites not expecting to get a trojan or virus.
  • You get a message in face book “You look just awesome in this video.”  You try to go to the URL and it says You have to update your flash player.   This is another common way to get the user to install a trojan or virus and think it is a legitimate update.
  • Twitter Spambots —  You get a message about a Registry cleaner but it is a rogue Antivurs.  You down load this software and without thinking run it and your infected.   Twitter and facebook users are to relax to see just how dangerous links can be.

Most or all can be used as email also so you don’t have to be on any site to recieved an attached file with something similar to that you see up there.   You must never download anything you know nothing about and if in doubt scan it with several virus scanners by uploading it to Virustotal that is a good site to see if some well known vendors consider this program or file to be a virus. These were just a few, I am sure I have missed several and will probably hear about this from the users. I encourage people to discuss this and talk about other ways this can happen.

I recommend:
[ad#SUPERAntiSpyware]

Updated list of scareware Sites 7/24/09

As you have read in my Previous post:

  • [intlink id=”4002″ type=”post”]More Fake Antivirus Sites Pop up[/intlink]
  • [intlink id=”3990″ type=”post”]Don’t Take it Personal, It’s just Fake Antivirus[/intlink]
  • [intlink id=”3964″ type=”post”]More Personal Antivirus Fake or Scareware sites[/intlink]

I figured we would update those list with some more that came out yesterday or Wednesday.   I will probably be keeping this up. This will help people find out domains that should be avoided.

personalantivirus3

So here are a few that I’ve found:

  1. personalfolderscanv2.com
  2. onlineantispywarescanv6.com
  3. onlinevirusscanv9.com
  4. privatevirusscannerv2.com
  5. Windowssecurityinfo.com

All those are [intlink id=”3607″ type=”post”]Personal Antivirus scareware sites[/intlink] that try to convince you that you have a virus and tries to get you to buy a registered copy of this fake Antivirus which does nothing.  They make money by not doing anything.  These sites might also try to get you to install the fake software which in reality is a Trojan, Virus, Or just Malware all together.  You should never install software from sites you don’t know anything about.

Threat to System :Moderate

[rating:4/5]

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware.

I recommend :

[ad#SUPERAntiSpyware]

Why you can’t run Antivirus or Taskmanager!

Photo by : Kristi Evans Photo by : Kristi Evans

As you know there has been more and more virus writers and scammers who don’t want you to interfere with the ultimate plan.   You see the two major plans these people have are:

  1. [intlink id=”2811″ type=”post”]To use your computer as a Botnet[/intlink] —  This is most common because the Command and Control server is where they tell these other computers what to do weather send spam or do a denial of Service attack on a website.  Although this is the most common it isn’t however the easiest to get rid of rid.   Far be it from being easy these virus writers want to keep a foot hold on your system.   This is like the SG-1 the “Foothold” Situation, they try to look like there is nothing wrong.
  2. [intlink id=”3805″ type=”post”]Fake Antivirus software[/intlink] — This is the other common reason why you can’t load up Taskmanager or SUPERantispyware/Malwarebytes.   It could even prevent AVG,  Norton Antivirus, and Other Antivirus software from being loaded at boot up.  Because most Antivirus software can detect this type of scareware.   The scammers want to make as much money as they can so they don’t want the End user to be able to stop the program from scaring you into buying the fake product.  It could also have a [intlink id=”3872″ type=”post”]Scareware Adviser[/intlink] trying to get you to buy the fake product!

As you can see these are what I call the Prime “2” reasons why you can’t run your Antivirus software, although there is a way around this.   I have found loading up in Safe Mode to be the easiest way to run antivirus scans on an infected system.   Although this can be difficult to do it, however it helps prevent these programs from loading up in more ways then one.  If you can go download the Antivirus programs from another computer and have them to install once you load up in safe mode.   You should also think about installing other software like a [intlink id=”2205″ type=”page”]Firewall even the Free firewalls[/intlink] are the better than Microsoft’s Firewall.

[ad]The other options for those tech savy people who know what a hard drive is and how to remove it, is to mount it onto another system as a slave and then run your antivirus software on the hard drive in question.   This however shouldn’t be done unless two conditions are met:

  1. You Know what you doing —  Again if you don’t know what your doing please don’t try this.  It could hurt your system far more than you can know.   If you don’t know how to do this you should take it to a professional and let them do the work for you.
  2. Out of Warranty — Yep that is right if this has a 2 year or longer warranty and you open up the hardware you automatically void the warranty on anything to do with your system.  So it is best to have someone who is qualified warranty specialist to open it up.  This way you still have your warranty on the system and if something does go wrong in the shop, they can fix it easier than a novice.

If you know what your doing this can be an easy process or it can be a hard process it only depends on how knowledgeable you are and how far you are willing to go.   Although there are [intlink id=”2955″ type=”post”]some viruses that require you to just start over[/intlink].  This is because they have embedded so deeplyinto the system that removing them will ruin your Windows system and prevent it from booting in the first place.  This is the last option, if you have a system who has been overrun with virus and spyware it might be time to reinstall the Operating system.  This is what I call the end all way to get rid of the Virus, Trojan, Or spyware on your system.   If you do this you will need to make sure to install all the Microsoft updates before you do anything else.  Also you will need to [intlink id=”2205″ type=”page”]re-install any Firewalls and Antivirus[/intlink] software to better protect your system from having the virus in the first place.