Facebook friend added a new photo of you? Beware spammed-out malware attack

Facebook friend added a new photo of you? Beware spammed-out malware attack: Be wary of opening unsolicited email attachments - a malicious Trojan horse has been spammed out posing as a Facebook notification that you are featured in a newly uploaded photograph.

by Graham Cluley on August 28, 2012

Computer users are being warned to be careful about opening unsolicited email attachments, after a malicious Trojan horse was spammed out posing as a Facebook notification that the recipient is featured in a newly uploaded photograph.

The emails, which pretend to come from Facebook, look like the following (click here for a larger version of the image).

Subject: Your friend added a new photo with you to the album

Attached file:New_Photo_With_You_on_Facebook_PHOTOID[random].zip

Message body:

Greetings,

One of Your Friends added a new photo with you to the album.

You are receiving this email because you've been listed as a close friend.

[View photo with you in the attachment]

Of course, the emails don't really come from Facebook.

But there are surely many people who could be duped into believing that they have been tagged by one of their friends in a photograph, and want to see if they look overweight, unattractive or simply fabulous (delete as applicable).

Unfortunately, the attached ZIP file contains malware, designed to allow hackers to gain control over your Windows computer.

Sophos products intercept the malware asTroj/Agent-XNN.

Last month, experts at SophosLabs saw another malware campaign posing as a Facebook photo tag notification. On that occasion, the emails did not contain attachments but instead linked to compromised websites which aimed to attack visiting computers with the Blackhole exploit kit.

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can email Graham, subscribe to his updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.

http://www.facebook.com/GSPComputers

http://www.gspcomputers.net

(864) 498-0569

How to Protect Your Social Network Accounts from Hackers

A tech journalist learned a tough lesson recently. But using two-factor log-ons help guard your Google, Facebook, and Twitter accounts from being hijacked.

   Aug 12, 2012 3:41 pm

If you haven’t read about Wired reporter Mat Honan’s ordeal at the hands of malicious hackers, take some time and read it now. (I’ll wait.) His story about how a passel of juvenile hackers managed toget into his Apple account and wipe all the data off his iPhone, iPad, and Mac-- as well as hijack his Google, Twitter, and Amazon accounts – should be required reading for anyone who uses those services, and especially those of us who’ve blithely linked our social media accounts together using the same e-mail address.

Honan didn’t do anything to tick those hackers off. He was targeted simply because they coveted his@mat Twitter handle. Which means that the same thing could happen to you or me just as easily, and we wouldn’t know we’d been jobbed until far too late. (See also "Apple Temporarily Suspends Phone Password Resets."

One thing Honan notes with regret is his failure to turn on two-factor authentication for his Gmail account. If he’d done that, anyone who tried to access his e-mail would have also had to enter a six-digit PIN, which is randomly generated and sent via text message to his phone.

So your first order of business for today: Setting up two-factor authentication for Google. To do that, you’ll need to go into your Gmail Settings (it’s the icon that looks like a little gear in the upper right corner of your inbox). From there:

1. Select Settings, then Accounts and Import.
2. Under Change account settings select “Other Google Account settings”.
3. That will take you to a Web page for your Accounts. Select Security from the left-hand menu. You may be prompted for your password again.
4. Under “2-step verification” you’ll see “Status: OFF.” Click the Edit button next to that. That will take you to a Web page wizard that will walk you through the process of having a six-digit verification code sent to you via text or a robo-call.

Enter the code into the appropriate box, and you’re all set – for that device, anyway.

Admittedly, this is not as easy as simply using a password. You’ll have to do this for every device and every application that uses your Gmail logon, and every device and application doesn’t work exactly the same way. For example, I was able to log on to Gmail using a PIN on my desktop, laptop, and iPad, but not my Android tablet or Windows smartphone. For those, I had to set up separate one-time-use “subtokens” that look something like this: fztz dgpm oxfi uthb.

You’ll need to go back to the Accounts Security page and select the Edit button next to “Authorizing Applications and sites” to set up disposable passwords for each device and app. You can also use this tool to manage your list of trusted devices and applications, and revoke access to them at any time.

So that covers Google. What about Facebook? Here, too, you can beef up your security settings with two-factor authentication. This will prompt you to enter a similar SMS code whenever you log onto Facebook from a new device. The drill is remarkably similar:

1. Go to your Facebook Account Settings page (found under the down arrow next to the Home tab).
2. Select Security from the menu on the left.
3. Under “Login Approvals” click edit and put a check in the box that appears (see below). You may have to adjust your browser settings to accommodate the cookie that Facebook wants to deposit.

1. In the dialog box that appears, click “Set up now.” You may be prompted again for your Facebook password and to add your mobile phone number if you haven’t provided one already.
2. Click Continue. If you’ve done this correctly you should receive a six-character PIN. Enter that and the name of your device into the dialog boxes that appear.

Like Google, this won’t work with every device or application Facebook supports (like the Xbox or Skype). So again you’ll have to generate a disposable app password, which you can do via the same Security Settings dialog box. If you have an android device, you can download a free Code Generator app that can produce usable passcodes without having to send you a text.

Twitter does not offer two-factor authentication at this time. But you can make it harder for attackers to reset your password by changing a setting in your profile that requires you to provide additional info, such as an e-mail address or phone number, when requesting a new password.

From your Twitter profile page, click Edit your profile. Then go into your Account settings, scroll to the bottom, and put a checkmark in the box next to “Require personal information to reset my password.”

The flaw in all of these schemes: If the attackers manage to get hold of your phone as well as your log-ons. Then, my friend, you’re totally screwed.

Got a question about social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter andFacebook.

Now read this:

Facebook's 'man in the middle' attack on our data

Making Facebook private won't protect you

For more computing news, visit ITworld. Story copyright © 2011 ITworld Inc. All rights reserved.

http://www.facebook.com/GSPComputers

http://www.gspcomputers.net

(864) 498-0569

How to Clear Your Data off a Device

By Preston Gralla, Computerworld

If you're recycling your computer, smartphone or tablet, there's one significant problem you may have ignored: If you don't wipe them clear of data, you could become a victim of identity theft. Merely deleting files using normal system tools won't really do the trick --- you need to do a much deeper cleaning. Here's how to do it.

Cleaning up cell phones, smartphones and tablets

Smartphones and tablets essentially pack your entire life into a small package, including your contacts, emails, records of incoming and outgoing phone numbers, social media information...and more. So you want to make sure that someone else can't get access to all that information.

You could try deleting individual apps and contacts, but the odds of doing that effectively are close to zero. Instead, you want to do a complete reset of your phone to wipe out its data and restore it to its factory settings.

How you do this varies from operating system to operating system, and sometimes even device to device. These are general instructions that should work with most devices; however, it's best to check with your manual or manufacturer just to make sure.

Android: For versions before Android 4.0, press the Menu key from the Home screen and select Settings/Privacy/Factory data reset. You'll get a warning screen. Scroll toward the bottom and tap "Reset phone." If you also have an SD card in the phone (and don't want to use the data in your next phone), also make sure to check the box next to "Erase SD card."

Image Credit: iFixItFor Android 4.0 or later, go to Settings and look for "Backup and reset." Tap that, and then, on the next screen, tap "Factory data reset." You'll get a warning screen along with a list of all the accounts you are currently signed into.

iOS: Go to Settings/General/Reset and then tap "Erase all Content and Settings." (This is specifically for Version 5; the process may differ slightly for other versions.)

Windows Phone 7: Go to the Home screen, then tap the Application Menu Key and select Settings/ System/About/ and tap the "Reset your phone" button.

BlackBerry: Head to Options/Security options/General settings, and then tap menu. Then select Wipe Handheld.

Wiping computer hard drives

Deleting files, folders and applications -- and clearing the data from the Recycle Bin -- won't do the trick if you're going to recycle your computer. Anyone can easily recreate that data using commonly available tools. Even if you reformat your hard disk, if someone really puts their mind to it they can recreate the deleted data.

This can be a serious problem. Back in 2003, two graduate students at MIT's Laboratory for Computer Science bought 158 used hard disks from eBay and other sources.

Only 12 of the drives had their data properly cleaned. Even though approximately 60% of the hard drives had been reformatted and about 45% had no files on them (the drives couldn't even be mounted on a computer), the students were still able to recover data from them, using a variety of special tools. They found over 5,000 credit card numbers, personal and corporate financial records, medical records and personal e-mails.

What can you do to keep your data safe? Get a disk-wiping program, preferably one that meets the U.S. Department of Defense's Media Sanitation Guidelines. These programs will overwrite your entire hard disk with data multiple times, ensuring that the original data can't be retrieved. If you use them, be patient, because it can take several hours to wipe the hard disk.

One well-known free application that meets the DoD's standards, according to Auburn University, is Darik's Boot and Nuke. The software creates a boot disk that wipes everything on the hard drive. It can also be used with floppy disks (remember those?), USB flash drives, CDs and DVDs.

Another free Windows utility that also meets the DoD's standards is Eraser.

If you've got a Mac, you can use Apple's built-in Disk Utility (it can be found in the Applications/Utility folder). You can also download a third-party application like Mireth Technology's ShredIt X ($25, free trial available), which lets you shred files (in other words, overwrite the contents of a file multiple times) as well as wipe your local hard drive, network hard drives and CD-RWs. (There's a Windows version as well.)

If you're truly nervous, there are hardware devices available that let you sanitize your drives such as Drive eRazer Ultra. Or you can pull the disk from your PC and send it to a hard drive shredding service that will physically destroy the drive.

(For a more tongue-in-cheek view of how to cleanse a hard drive, check out this old-but-still-good story: Removing hard drive data -- the YouTube way.)

Once you've wiped your device clean, it's safe to sell, donate or recycle your equipment. Find out how to do it in our article How to recycle your phone, PC and other tech gear.

Preston Gralla is a contributing editor for Computerworld.com and the author of more than 35 books, including How the Internet Works (Que, 2006).

http://www.facebook.com/GSPComputers

http://www.gspcomputers.net

(864) 498-0569

How Can I Diagnose and Fix My Slow Computer?

Dear Lifehacker,
My computer's feeling a little sluggish lately and I want to boost its performance if possible. I see ads all the time for PC optimization programs, but they all look spammy. Are there any easy and reliable tools I can use to check my PC and tune it up?

Thanks,
Hoping for a Boost

Dear Hoping,
Getting top performance out of your computer is definitely a Lifehacker challenge. We've got some ideas for you that may help.

Perform Basic Maintenance

We guess that you're already doing basic maintenance for your computer. But just in case, here are our recommendations formaintaining your Windows PC, Mac, orLinux system. Performing those maintenance steps, such as keeping your operating system and applications up to date and cleaning out temporary files, should keep your system running well. Sometimes, just deleting bloatware can really make a big difference in your computer's performance (we recommend PC Decrapifier for the job). So definitely the first thing we'd recommend is to check the guide for your operating system.

Download and Run Diagnostic Tools Like Soluto to Identify Problems

If your computer is experiencing problems, however, like applications freezing or serious slowdowns, you can use computer diagnostic software to troubleshoot the problem.

Previously mentioned Soluto is a free Windows tool that shows you which applications may be slowing your system down. It's also a fantastic tool for magically solving application crashes before they happen and can report crash information based on other Soluto users' experiences.

For other diagnostic tools, you can find Lifehacker readers' five favorite diagnostic tools here. A tool that's not on that list but still may be a great option for you for its excellent interface and benchmarking tools is the previously mentioned free Windows program Fresh Diagnose.

Finally, if you're interested, doing a stress test of your hardware can help you troubleshoot any problems you're having.

Perform a Quick System Check Up Online with PC PitStop OverDrive

If you just want a quick PC health check, however, there's a free online tool calledOverDrive from PC PitStop you can use that will analyze your computer's hardware, software, security, and so on, and give you recommended fixes, if any. The site looks spammy, but the tool actually does a good job of analyzing your system and can also be used for benchmarking your computer. (Note: PC PitStop also offers PC Matic and other software downloads that can check your computer's performance, but you don'tneed to download and install any software to run the OverDrive tests.)

To use the Windows-only tool, you have to visit http://pcpitstop.com/betapit using Internet Explorer running in Administrator mode (right-click on IE and choose to run as Administrator). Allow the browser to install the Active-X object, and the site will start scanning your system.

When it's done scanning, OverDrive will suggest fixes like clearing your cache, updating any missing drivers, increasing security settings and so forth. Re-run the tests after making any suggested fixes and you should see your rank improve and your PC operating at least a bit better.

Good luck and have fun testing your system!

Sincerely,
Lifehacker

P.S. If you know of another great tool for this job, please let us know in the comments.

---

You can follow or contact Melanie Pinola, the author of this post, on Twitter.

http://www.facebook.com/GSPComputers

http://www.gspcomputers.net

(864) 498-0569

Fraud attempts in social networks – This is how scam on Facebook works

Fraud attempts in social networks
This is how scam on Facebook works

As of May 2012, the world’s largest social network Facebook can boast more than 842 million users – an impressive number considering there are 7 billion people on the planet. The more people connected on a centralized platform, the more interesting it becomes for Internet criminals, to everyone's dismay

Every year, there is more news about fraud attempts, identity theft, and hacker attacks on Facebook. It is no wonder, as these actions occur in real-time, and exciting news are spread at the speed of light thanks to activities in this network. Most attacks are based on scam, i.e. fraud that no anti-virus or anti-malware software is able to protect you from, as it is not always malicious software that is used. The authors rather rely on their victims' naivety or greed. This is reason enough for us to explain the general proceedings, so you can avoid scam more efficiently and use Facebook in a more secure manner in the future.

This is how the fraudsters proceed

The criminals' goal is to arouse as many people's interest as possible to have as many potential victims as possible. This is mostly based on spectacular news. It is often a world-famous person; for example, they used Whitney Houston's or Steve Jobs's death for their financial goals. In both cases, there was apparently red hot news about one of the celebrities, such as a video showing the diva shortly before her tragic death. But also less spectacular news are used to raise your interest.

Once the fraudster has managed to raise tthe victim's interest, he is already halfway there. It is traditionally about clicking on an external link or liking a Facebook app that will take you to the spectacular content. One can very clearly see what this fraud is about of course, this piece of news is just fake. It is a psychological trick, as when faced with sensational news, we tend to ignore the voice of reason and act just like the scammers want us to.

The fraudster now has several options. Sometimes links to YouTube videos or websites are created in order to increase the number of clicks. Other common ways are forcing you to take surveys, which the fraudster gets money for, or phishing attempts and spreading malware. As this is a considerable risk to your private data and your wallet, you should be careful and not fall for the scammers' methods.

Facebook Scam in real life

Enough on the theory, let us have a look at real scam campaigns.

Example 1: Amy Winehouse

Amy Winehouse was found dead in her apartment in July 2011. Thanks to active public interest, the first scam attempts did not take long to appear. The most successful one promised a shocking video showing the deceased singer shortly before her death.

There was of course no such video. In reality, you were directed to the following page:

You were then asked to first spread the link in order to reach as many Facebook users as possible. Not only that, but there was also a survey to take in order to win an iPad 2. That is when the victim started wondering why nothing else happened and saw merely a trivial video or none at all. The hacker achieved what he was out for: The alluring message has been spread, and he had earned money with the survey taken.

Example 2: Steve Jobs

The Apple founder's death was also abused by online fraudsters. Within no time several Facebook pages were created, partially supposedly by Apple, partially simply by "a company". The content, however, was always the same:

A considerable amount of iPads was to be raffled off in memory of the recently deceased. This amount varied between 50 and 500 pieces. The scammers' intentions were different as well; apart from asking the victims to take surveys, some versions redirected them the victims to online casino websites. This example clearly shows how many people fell for such tricks and spread the message.

Example 3: Fake apps

The authors of fake apps followed a slightly different path from the aforementioned ones.

This is an application that pretends to show how many people visit your profile. The message is traditionally spread over your friends' walls.

Once your interest has been aroused, the application requests permission to acces all your Facebook data and functions. This ensures the fake app spreading further. The collected data can be used to send spam or is sold off to commercial mail senders.

The aforementioned surveys are used as well – an easy way of earning for the scammer. Such scam apps are of course deleted by Facebook as soon as they find out about them. The authors, however, never stop, though, creating new applications with alternating names.

Example 4: Fake friend requests

The aforementioned fraud attempts relied on Facebook as a means of communication. The fraudsters also send fake e-mails supposedly sent by Facebook such as the following friend request.

The link will not take you to Facebook, but to a fake copy of the site. This site pretends you need to update Macromedia Flash.

Clicking on the link and launching updateflash.exe is fatal: It is the well-known trojan called Zeus or Zbot. As if this were not enough already, there is an exploit kit on the website if the victim does not launch the fake update.

This will put your personal data and the security of your PC at high rish!

How to protect yourself

All scam attempts would have no success if the recipients did not fall for the alluring message. Please keep the following points in mind:

• Be skeptical!
  Exciting news is not only spread over Facebook, but also over regular websites as well as radio and TV stations. If there is no news about this topic, it is very likely to be scam. Question raffles – why would anyone give away iPads in honor of Steve Jobs, and what's more, why would they do so on Facebook?
  Hint: Google corresponding keywords such as "Amy Winehouse Video". This will often give you hints about fraud attempts.
• Be vigilant on who sends you mails and how they address you.
  When receiving friend requests or other e-mails, please check the language. If you are using Facebook in English, Facebook sends you messages in English. Plus, you will be addressed with the name you are registered with.
• Check links!
  Do links contained really take you to the original company website? You can see where the link takes to by hovering over the link with the cursor. If the URL looks cryptic: Hands off!
• Do not trust your Facebook friends blindly!
  Spreading of scam is usually based on pyramid schemes. Break the chain by not buying into messages and status messages of your Facebook friends.
• Use anti-virus software with real-time protection!
  Even if you have fallen for a scam attempt, it does not necessarily mean your PC has been infected with malicious software. Emsisoft Anti-Malware offers, for instance, triple protection by blocking malware through its powerful dual-engine scanner or behavior analysis before it is launched. In addition, surf protection warns you about many phishing websites when trying to access them.

Have a nice (malware-free) day!

http://www.facebook.com/GSPComputers

http://www.gspcomputers.net

(864) 498-0569