Win32/Dofoil (Trojan Removal)
11/27/11 - Win32/Dofoil is a Trojan downloader that is set to follow
control commands received
8:40 am est
from its remote server. In most of the cases, Dofoil is used for downloading spam capable
software or rogue security software, such as the latest family of fake defragmenters (including
System Fix and others). This
makes it obvious that this Trojan is created for commercial
objectives and, if not eliminated, it will compromise
its victims privacy.
Win32/Dofoil trojan infiltrates target computers through
spam campaigns based on fake letters
and malicious attachments. In most of the cases, victims are reporting finding such
attached to their emails:
Typically, the letter announces (example):
Your iTunes Gift Certificate
You have received an Itunes Gift Certificate in the amount of $50
find your certificate code in attachment below.
need to open iTunes. Once you verify your account,
$50 will be credited to your account.
So you can start
buying video, music, games right away.
Experts report over 13000 computers have been already found to have Win32/Dofoil
the last 30 days. If you have also received such or similar suspiciously looking email from
or other company, make sure you run a full system scan and remove
Win32/Dofoil Trojan with one of the automatic
removal tools listed below.
5:58 pm est
10:11 pm est
11/23/11 - Privacy Protector is another fraudulent application labeled as a security tool.
Privacy Protector is a malware; it infects computers using web browser vulnerabilities. Privacy
Protector loads pop-ups
disguised as Windows notifications. The fake alerts warns users of non-
existent system issues and privacy risks. PrivacyProtector
can also hijack desktop background
and load “Your privacy is in danger. Download privacy protection software now!”
of wallpaper. Do not trust this scam and delete Privacy Protector malware as soon as possible
one of the automatic removal tools listed below!
• Changes browser settings
• Shows commercial adverts
• Connects itself
to the internet
• Stays resident in background
So you got a new iPhone
5:46 am est
11/23/11 - The basic actions every iPhone user should immediately take to make the device
more secure (such as setting it to auto-lock after a specified period of time), and requiring a
passcode to unlock
it (both can be accessed within Settings -> General), but other functionality,
(such as managing your passwords
on the device, or implementing additional protection for
sensitive files) requires the installation of third-party
With hundreds of thousands of iPhone applications available in the App Store,
it can be a
challenge to find the right solution for a given issue. What follows is a look at some key areas in
apps can help improve iPhone security, and suggestions of some specific applications
that may be a perfect
fit for your needs.
Several iPhone apps are available to help users manage all of their online passwords securely in
one place. As
long as the data is well-protected, an iPhone can be an ideal place to store and
manage your passwords, since
you’re likely to have the device with you no matter where you
Many password management apps also offer users the ability
to generate random (and strong)
passwords, which is key to improving online security in general – and some also
with a PC-based solution, which serves both to back up your data and to make desktop
and more secure.
the wide range of options available, SplashData’s SplashID ($9.95) password manager
offers a particularly
comprehensive solution, including the ability to sync with the company’s
desktop software ($19.95). Key features
include AES and Blowfish encryption, a random
password generator, and a browser plug-in for quick sign-in on your
not an enormous amount to differentiate SplashID from competitors, such as
LastPass ($12.00/year, including cloud
storage and desktop software), 1Password ($6.99, plus
$39.95 for desktop software), among many others. Crucially, the
three options mentioned here
all offer free trials, allowing you to decide which interface you like the most.
Apple’s MobileMe service ($99.00/year) includes
a Find My iPhone feature, which offers users a
wide range of essential functionality if an iPhone is lost or stolen.
Users can view their iPhone’s l
location online, display a message on the iPhone, and remotely lock or wipe the
needed. While the Find My iPhone app (free) isn’t required, the service itself does have to be
enabled on the iPhone within Settings -> Mail, Contacts, Calendars.
Find My iPhone is by far the most complete theft protection solution available
for the device, and
it comes along with MobileMe’s mail, contacts and calendar syncing, as well as online
storage – but if you’re not using any of MobileMe’s other features, $99.00 can be a lot of money
to spend just for theft prevention.
Still, all other options for device recovery are limited by the fact that the iPhone doesn’t allow
applications to run in the background. One simple option is GadgetTrak (free), which
offers very basic device tracking
functionality, while a similar solution, TapTrace ($1.99), also
provides an interface for the user to send a message
to the lost or stolen iPhone offering
contact information and a reward.
Accessing e-mail on an iPhone can be frustrating if your
inbox is being flooded with spam. To
improve detection of spam and malware when downloading e-mail to the device,
Defense ($16.99/year) filters all incoming e-mail through its servers prior to delivery. The
updates its filters more than 100 times per day to maximize protection from spam,
phishing attacks and malware.
Spam Arrest ($49.95/year)
offers a more aggressive challenge/response solution – rather than
filtering for spam and malware, it requires
everyone who sends you an e-mail to respond to a
query in order to confirm their identity. The company’s iPhone
app offers users the ability to
create an account, manage incoming mail, and edit an approved senders list.
A third option is simply to set up a free Gmail account purely for iPhone use, then configure that
to read all incoming e-mail from your other POP or IMAP accounts. Gmail’s spam filters
will then clear spam prior
to delivery to your iPhone. It’s not the simplest or most comprehensive
option, but it is a free and reliable way
to ensure nearly spam-free mobile e-mail access.
If you need to carry sensitive files with you on your iPhone, it makes sense to add an extra level
in addition to password-locking the device itself. File protection apps, such as Folder
Lock ($3.99) or iDiscrete ($1.99)
are designed to safeguard a wide variety of file types – and both
Folder Lock and iDiscrete enable users to transfer
files to their iPhone from a PC or Mac via
Finally, as of June 2011, Intego's VirusBarrier iOS was
the only anti-virus solution approved for
the iPhone Os. It allows iPhone, iPad and iPod Touch users to manually scan
their devices and
"detect and eradicate all known malware affecting Windows or Mac OS X. while Apple hasn’t
approved any other iPhone anti-virus solutions, several security firms now offer apps that give you
the ability to
monitor threats on your iPhone in real time, including Symantec (free), Cisco SIO To
Go (free) and Threatpost (free).
These applications provide news feeds and alerts regarding
the latest vulnerabilities and security
threats – of the three, Cisco’s SIO To Go is targeted most specifically
at IT users, offering the
ability to customize incoming news and alerts to focus on specific threats that could impact
Smart Phone Security Apps
4:27 am est
11/21/11 - FREE Smart Phone Security Apps
Real Time Protection
Many users appreciate the web presence available to them when they connect to the
internet to read email or
surf their Choice of URL’s to download music, games, etc.
Before you leap, you should have some form of protection.
There are many excellent security
software programs for many different phones.
Check your Market Place Applications. Just understand that these smartphone
security apps are not as robust as the security programs used on PC's. Users
should use some restraint when surfing
the web using smartphones.
Go to… tablet, PC or your Smart Phone
Android Users - some say since Android is developed from the Linux system,
antivirus software is not required (this is a myth). Virus software can attach to the
Linux OS’, it is not likely
to attach to a Linux Live CD but any OS on a hard disk
is succeptable to Malware. For Smartphones (there is limited protection),
safe, there are a many free antivirus software programs available for phones that
operate with the Android
Iphone users) doesn't allow the device’s software development kit to BlackBerry - Lookout.com software operates on this platform
authorize programs to run out of its own
Sandbox. They also are not enthusiastic
about helping third party vendors in developing programs to get into the machine
Level. Some programs like Trend Smart Surfing & Lookout have limited
effectiveness with this platform.
WHAT 'THE VENDORS' ADVERTISE!
Free Android OS Antivirus
- AVG Mobilation - The most popular
antivirus for Android devices.
- Antivirus Free - Creative Apps - Fast and lightweight malicious app
protection for your phone.
- ALYac Android - Android OS-Optimized antivirus application featuring the
advanced security features of ALYac.
- NetQin Mobile Security - Designed to protect Android devices against
viruses and malware, while keeping your system running at optimum speed.
- Norton Mobile Security - Ranked #1
in protection and performance, Norton
lends its antimalware expertise to mobile.
- My Mobile Security
- Comprehensive and award winning Android tablet &
Terminator -This safe software is the best antivirus and virus
safe.It can cure various mobile phone viruses, suck fee,
privacy steal, and other illegal procedure, real-time
interception, killing Android platform for the latest
virus, with root permissions
users can also offer senior bottom Android
security mechanism of antivirus
Antivirus -You are afraid that your on your phone will be installed
malicious application or your personal data will be stolen? Then, use
It protects your applications from malicious and spyware. Using
phone always be protected, it controls each application
install and notify
you if it is malicious.
- Zoner Antivirus Free - Zoner AntiVirus Free is a modern security and
anti-virus solution for your device. It provides protection against viruses,
dialers, trojans, worms and other malware as well as phone call and message
Security Standard - Super security provides cloud based antivirus
engine to help you get rid of malware. Provides strongbox to hide your
Antivirus Free - Aegislab Antivirus Free is an antivirus/mobile
security tool that is able to
(1)identify Spyware/Malware on current market.
(2)support advertisement detection, especially from Admob
(3)network/traffic statistic for both mobile/wifi interface and sort based
on applications' usage count.(help to find suspicious background
transmission that causes potential bills for users).
- MY Android Protection v1.5/1.6 - MYAndroid Protection is a fully featured
and comprehensive protection package providing Anti virus & Malware
Real-time monitor, Backup & Data recovery, Anti theft
against losses, phishing, trojans, spyware and
Credit Card & Identity
Mobile Protection 2.0+ -The best and most comprehensive Android Security
for maximum protection!
Bitdefender Mobile Security - Keeps your Android device safe on the move.
- ESET Mobile Security for Android
- ESET Mobile Security for Android
combines our proactive scanning engine
with antispam and antitheft solutions
to provide real-time smartphone protection
against known and emerging threat
s without impacting performance.
- Lookout Mobile Security - Just
as you protect your PC with antivirus, you
need to protect your phone from
malware and spyware. But unlike traditional
virus protection, Lookout is lightweight
and only consumes the amount of
battery power in one day as a 33 second phone
Web Antivirus Light - scans the file system of your Android device,
including the "hidden" area and user applications. Detected malicious
objects are moved to quarantine. A real-time file monitor automatically
applications being installed and all files written to the SD card.
Free IPhone Antivirus
- Trend Smart Surfing - a free iPhone 4GS and iPhone 4G anti virus that - Virus Barrier X5 - VirusBarrier X5 now offers the ability to scan files and
provides safer web surfing experiences during surfing the web using iPhone.
Trend Smart Surfing perhaps is the first secure browser to protect iPhone
user from Web pages with malicious intent.
applications on the iPhone and iPod touch in search of malware or files that
indicate that exploits have compromised the devices. Users connect an iPhone
or iPod touch to their Mac, then choose the device and scan it with
- McAfee VirusScan Mobile
provides proven anti-malware protection for mobile devices. Architected
mobile device platforms, McAfee VirusScan Mobile guards against
known and unknown virus
and malware threats, streamlines mobile security
management, and reduces operating costs.
Free Symbian OS Antivirus
- NetQin Mobile Antivirus - uses leading technology to protect
phone against all the latest mobile threats. A Combination of
real-time monitoring ensure your mobile device is safe and secure.
Optimized full scan and system management provide your mobile device
instant protection while simultaneously enhancing overall mobile
(Demo) - Protect your Symbian series 60 phone against viruses
Trojans, with this antivirus product. The file size is small, so it
t use up your phone storage space. Very fast scanning engine takes a
seconds to check your phone for viruses. Free to Try.
- Kaspersky Mobile Security - Symbian Series 9.X Series 60
3rd. The latest
technologies to keep your phone free from spam, viruses and
- Bit Defender Mobile Antivirus
2008 - for Nokia devices with Symbian OS.
Free Windows Mobile OS Antivirus
Mobile Security - For Windows Mobile 5.0, 6.0, 6.1, 6.5. The
technologies to keep your phone free from spam, viruses and other
Defender Mobile Antivirus 2008 2.1.132 - For Windows Mobile Smartphone 2
002 and higher. The product has two independent modules:
- BitDefender Mobile
Antivirus: the program that runs on the mobile device
- BitDefender Mobile
Antivirus Update Module: the program that runs on the
software installs and updates the BitDefender Mobile Antivirus
on your mbile device. (scroll the down the download webpage).
- (Demo) Windows Mobile Pocket PC (from Windows Mobile
2003, to Windows
- Airscan Mobile Antivirus v2.0 - Pocket PC 2002/2003 & ARM/XScale Processors.
- Spybot For Pocket PCs - Spybot-S&D
for Windows Mobile uses a lightweight
version of the detection engine of
Spybot-S&D for Windows to detect threats
for Windows Mobile and Symbian
Free Palm OS Antivirus
- F Secure Antivirus for Palm 2.0
- provides strong protection against any
known malware for the Palm platform.
F-Secure Anti-Virus for Palm OS is the
first anti-virus product offering on-device
protection with a continuous,
fully automatic update service and technical
Secure Antivirus for Palm 3.0 to 5.x - Version 1.03 Beta.
- Bit Defender Free Edition for Palm 1.0 - BitDefender for
Palm OS is an
effective anti-virus security solution that protects the PDA
through a home or business network or from sources outside
Micro PC Cillin for Palm - For Palm 3.1 to 4.1.
- Symantec Antivirus 2002 - For Palm 3.0 to 5.x.
- Symantec Antivirus 2004 - For
Palm 3.5 to 5.x, PPC 2002, PPC 2003.
Free Cross Platform Antivirus
- LookOut Antivirus/Firewall
- For Android, Blackberry, and Windows Mobile.
apps are advertised to provide users with protection when in fact, some of them
only provide limited protection while
giving users a feel for the app and its footprint on
the platform and others (even in full paid mode) are considered
useless by most IT
4:31 am est
11/18/11 - Perfect Keylogger is a complex
commercial keylogger with rich functionality. It records
all user keystrokes including passwords, takes screenshots,
tracks user activity in the Internet,
captures chat conversations and e-mail messages. Perfect Keylogger can be remotely
controlled. It can send gathered data to a configurable e-mail address or upload it on a
predefined FTP server. The
keylogger must be manually installed. It runs on every Windows
startup. Please remove this parasite with one of
the automatic removal tools listed below as
soon as possible.
Perfect Keylogger properties:
• Allows remote user connection
• Takes and sends
out screenshots of user activity
• Sends out logs by FTP or email
• Logs keystrokes
from the user
• Stays resident in background
6:48 am est
11/17/11 - I had been eyeballing the HTC Androids long before I got to ‘Phone upgrade
I like the Android operating system's support for multi-tasking (support for security
the fact that it enables a wide range of mobile security processes to run in the
background, including virus scanning
and automated backups. These are quality's which are
very important as we brace ourselves for the Holiday Season Malware
The extensive capabilities of the Androids and the connectivity of the program
require these smartphones to be locked down in order to protect your data.
Malware Holiday Rollout
NC State Researchers
have discovered a
new cyber threat – SMS Android Trojan that
attacks android systems
by representing itself as
Google Library. This threat is used to perform
various functions designed by its creators,
sending messages or initiating phone calls
premium numbers. Though illegal activity may sound
familiar for you, researchers claim that this
be called a version of Android Trojans
because it has no similarities to earlier released
and attempts to utilize Device Administration API.
It seems to be clear that this threat is completely good at masquerading and additionally using
personal information for illegal activities. Trying to get inside the system, a Trojan named
DroidLive uses a package that matches Google’s own package naming convention and installs
itself as a device administration app. In addition, investigation has revealed that this scamware
starts receiving commands from a Command and Control (C&C) server once it gets inside the
system and performs
Being infected with DroidLive may result in significantly large
phone bills because it is designed
to send text messages
or call only to premium numbers. In addition, this trojan also collects
personal information of the victim, so you can
also lose your credit card information or various
as well. It is highly recommended using only official sources when you download an
App because researchers have found
more than 10 infected Android Apps that have been spread
through alternative marketplaces, not the official Android Market.
Besides, always read reviews
and ratings to avoid downloading this or other cyber threat.
the Android operating system allows for broader multitasking than that other popular
Android devices are able to support a wide range of mobile security processes
that run in the background on an ongoing basis.
F-Secure (FREE Trial, Anti Theft and Online Tools)
For the security of my system, I ran to 'The Union Jack' (The British) where F-Secure (at $40
per year) quickly
aided me in locating the most essential security provisions for my Android
device... It's easy to install. Provides
your personal and confidential content with real-time
protection from viruses and malware, Enables safe browsing
and safeguards your identity
online, Automatically retrieves
the newest malware definitions and updates, Locates your
or stolen device (or the person holding it), Protects your children from unsuitable web
content, Locates your children anywhere using their mobile device… (password-protecting
the device itself and setting it to auto-lock after a specified period of time, does not require
an app – both of those features can be accessed within Settings -> Location &
to my HTC
EVO, I really appreciated my Android’s multiple unlock options,
including a numeric PIN, a password or a graphical pattern (the last of which was recently
found to be easily compromised, according to researchers at the University of
Kaspersky Mobile Security 9 (Free Trial)
Looking good with Anti-Theft, Anti-Virus Protection, Anti-Spam Protection and Privacy
Security Suite comes in very affordable at $30 per year.
Malware and Theft Protection
In most cases, it’s not necessary to look for separate solutions for anti-virus
scanning and theft
protection, as several developers offer a wide range of security features within a single Android
app. Each product offers a slightly different range of functionality – and it’s worth keeping in
that since all of these apps are relatively new, their feature sets are likely to evolve, as
Lookout security suite (free) offers anti-virus protection,
data backup functionality (for
contacts, photos, video, e-mail and text messages), and a missing device locator, which
be used to show the device’s location on an online map, sound an alarm from the device itself,
remotely wipe all data on the device. All app functionality can be managed remotely from
the company’s Web-based
this point, Lookout (right) appears to be the most complete option available – though it’s safe
that its competitors’ functionality will likely grow to match or exceed Lookout’s over
Systems’ Security Shield app ($29.99) offers anti-virus scanning, a missing
locator, remote device lock, and remote device wipe. For SMB and enterprise users, SMobile
Systems also provides
a wide range of device management solutions for Android, Windows
Mobile, Symbian Series 60 and BlackBerry smartphones.
aptly named anti-virus (free) and anti-virus Pro
($9.99) provide background
WaveSecure ($19.90/year), which was recently acquired by McAfee, doesn’t offer anti-virus
protection at this
point, though it does provide backup and restore functionality, as well as the
ability to locate, lock or wipe a device
remotely. When locked remotely, the device can also be
triggered to display a customizable message, such as a phone number
to call if the device is
anti-virus scanning functionality – while an optional Findr
Chrome extension (free) adds the ability
to determine your device’s location using GPS, and to lock or wipe all
data on the device
space – it’s growing rapidly, with several new solutions currently in beta, including
Mobile Defense (closed beta), AppScan (free) and Norton Smartphone Security for Android (free).
To manage all of your passwords centrally, LastPass ($12.00/year) combines
an Android app
with a PC-based browser extension for Firefox, Safari, Chrome and Internet Explorer. A master
provides access to a cloud-based password vault, and the app and extension can fill
in site passwords for you automatically,
both on your PC and on your Android smartphone.
SplashID ($9.95) password manager application can be used to store passwords,
credit cards, PINs and more on an Android device, guarded with 256-bit Blowfish encryption.
Optional desktop software ($19.95) can be used to sync mobile data with a PC. As with
LastPass, the Android
app can be used to fill in passwords for you on a proprietary mobile
Callpod’s Keeper app ($29.99/year) offers military-grade encryption along
data backup, as well as Wi-Fi data sync to the company’s
desktop software – ultimately,
LastPass, SplashID and Keeper are similar enough that it’s worth downloading
a free trial of
each one to decide which interface you like best before making a purchase.
a far cheaper and fully functional option is KeePassDroid (free), an Android
the open source KeePass password manager, which uses the free
DropBox app to synchronize
If you want
to take your device’s password protection one step further, apps like
Pro ($1.99), Carrot App Lock Pro
($1.50), Seal ($3.45) and Android Protector
(free) also allow
you to password-protect applications on an individual basis.
And as with the security suites mentioned
above, several new offerings are also currently
available, including an Android app for Agile Web Solution’s popular
manager for Mac.
4:01 am est
7:09 pm est
11/10/11 - sychost.exe is a malicious process related to LEOX.B virus. It is a dangerous threat
your system and therefore should be removed immediately after detection. sychost.exe properties
• Allows remote user connection
• Connects itself to the internet
• Hides from the user
Stays resident in background
SpyEye Bot (kill Zeus Bot) - $500
9:45 pm est
11/09/11 - The Zeus crimeware toolkit has been around now for a while
and has grown over time to
be the most established crimeware toolkit in the underground economy. In late December 2009
new crimeware toolkit emanating from Russia—known as SpyEye V1.0— started to appear for sale
underground forums. Retailing at $500, it is actually taking a chunk out of the Zeus
crimeware toolkit market. Symantec
detects this threat as Trojan.Spyeye. It is now starting to
mature with newer modules like 'kill Zeus and Video
grabber' increasing spying activity. This
product is fast developing into the undergrounds 'king' of the crimeware
The SpyEye toolkit is similar to Zeus in a lot of ways.
It contains a builder module for creating the
Trojan bot executable with config file and a Web control panel for command
and control (C&C) of
a bot net. Some of the advertised features online are:
• Autofill credit card modules
• Daily email
• Encrypted config file
• Ftp protocol grabber
• Http basic access authorization grabber
* (NEW) Video Grabber
New revisions of SpyEye, with additional features, are
being released on a regular basis. The latest
version (V1.0.7) contains an interesting new feature called “Kill
Zeus” that we have yet to
substantiate. SpyEye hooks the same Wininet API (Wininet. dll) HttpSendRequestA as used
Zeus for communications. If a compromised system infected with SpyEye was also infected with
Zeus, this in turn
would allow SpyEye to grab and report on http requests sent to the Zeus C&C
An example of Zeus C&C server report taken from underground forum The new Kill Zeus feature is
during the Trojan build process, but it supposedly goes as far as allowing you to delete
Zeus from an infected system—meaning
only SpyEye should remain running on the compromised
system. If the use of SpyEye takes off, it could dent Zeus bot herds
and lead to retaliation from
the creators of the Zeus crimeware toolkit. This, in turn, could lead to another bot war
such as we
have seen in the past with Beagle, Netsky, and Mydoom.
An example of the SpyEye Trojan builder control panel Another feature of SpyEye is the ability to
additional threats onto infected SpyEye systems, by country, using the SpyEye control panel
GUI as shown below:
Symantec will continue to monitor the progression of this toolkit and update detection as necessary.
to keep your definitions up to date to ensure you have the best protection against new
6:36 pm est
11/06/11 - SpyEye is a trojan designed to infiltrate a computer and collect
information without the owner’s informed consent. It's a wide spread infection. This
capture network traffic, send and receive network packets in order to bypass application
the own process on injected processes, and most importantly - steal information
from Internet Explorer and Mozilla Firefox.
As the name suggests, SpyEye was designed to spy
on you and steal your sensitive information, credit card details,
passwords, etc. SpyEye, also
known as Win32/EyeStye, toolkit has several components, some of them are rather
the most import module utilizes a method known as "form grabbing". Other modules include bot
monitoring, full botnet statistics and tasks, virtest tool and some additional plugins.
There are five main "grabbers": BOA,
CC, Certificate, Email and FTP. As you can see, scammers
collect information that can be further used to steal money,
infect websites or compromise
accounts. All the other information is simply identified as "junk" and won't
be collected. SpyEye
trojan can download and install additional malware onto the infected computer. It can also
screenshots and send them to scammers. What is more, the newest builds have a video grabber
module. It can
record certain activities and send videos to scammers. The video is saved
in Matroska video format, good quality
and small in size. It goes without saying that you need to
remove SpyEye trojan from your computer as soon as possible.
Stolen login credentials can be
sold in underground markets or used for identity theft.
SALE: DIY Cybercrime Kits
6:11 pm est
11/06/11 - Buy an individual virus or an entire cyber crime kit the choice is yours,
and its all on
It’s the kind of hi-tech sale crackers
really want to know about. Crackers are selling malware,
everything from an individual virus to entire kits that let
cyber thieves put together their own
The prices? A lot less than you might think. An individual virus can cost up to $35, while the
entire kit, such
as Mpack, goes for up to $1000. And some of the more expensive software
comes with 12 months of tech support so the programs
can exploit the latest vulnerabilities is
systems. There’s also a statistical package, letting users know how successful
has been and the location of infected computers.
They have been popping up left and right as sights offer downloadable cracking tools. The DIY's
are all the
rage these days. It’s the classic verticalization of a market as it starts to mature. It’s
almost a play-by-play
of good business practices of software marketing. When it comes to the
cracking industry and level of business acumen
there’s no limit to what your money can buy.
You can even find volume discounts and price reductions for regular
People are building musical instruments, beer keg-monitoring robots, baby rocking machines,
cars, and gaining the satisfaction of making something with their own
hands while saving a little cash. Bad news for
the Web browsing public however, the DIY fad
has spread to cybercrime and phishing scams.
The real money for the people selling them comes from discovering unknown
unpatched vulnerabilities in software; that information can go for thousands of dollars.
According to experts there are around 68,000 downloadable cracking/hacking
tools out in
cyberspace and those numbers are growing. The vast majority are free, requiring a good
computers to use. But others are for sale to those whose knowledge is far
know how to download music or a movie you have the necessary experience to
begin using one of these kits.
Thats right, the kits (which are largely responsible for the
explosion of malware and phishing
scams) are apparently so easy to use, that if you're tech savvy enough to download
an album or
a movie, you can use one to create a custom and convincing looking messages from UPS,
Microsoft. The messages usually contain links that install malware capable of
stealing banking information and turning
the victim's PC into a bot in the attacker's vast network
of controlled spam machines.
Indeed, newbie cybercrooks and veterans alike are using DIY
kits to carry out phishing
campaigns at an accelerated rate, security researchers say. They've been blasting out fake
mail messages crafted to look like official notices from UPS (UPS), FedEx (FDX), the IRS; or
from Vonage, Facebook or Microsoft Outlook (MSFT); or medical alerts about
the H1N1 flu virus, etc.
The faked messages invariably ask the recipient to click on
a Web link; doing so infects the PC
with a banking Trojan, a malicious program designed to steal financial account logons.
PC also gets turned into a "bot": The attacker silently takes control and uses it to send out more
The rapid development and aggressive marketing of DIY cybercrime kits has emerged as a big
possible that the people creating and selling these kits may be the same groups
already profiting from cybercrime, and
they could see this as yet another revenue stream," says
Marc Rossi, Symantec's (SYMC) manager of research and development.
Generally sold for $400
to $700, the kits come with everything you need to begin infecting PCs. Selling software is legal;
what you do with it can get you in trouble.
Most kits can be easily upgraded to customize phishing messages or bypass anti-virus
defenses. Purchasing the
latest kits requires spending time in Web forums populated by
cybercriminals, says Fred Touchette, senior researcher
at e-mail security firm App River.
The increased availability of such kits in the second half of 2009 correlates to an escalation of
over the same time period. The number of unique banking Trojans intercepted
by PandaLabs totaled 343,151 in 2009, up
from 194,233 in 2008, a 77% spike.
in the year, phishing campaigns flowed from familiar sources in a predictable pattern,
spreading from certain regions
in the world. But by October — with DIY kits coming into much
wider use — App River found itself blocking
10 times more phishing e-mails from hundreds of
sources all over the globe.
Touchette says he expects the use of DIY kits — and the infections they spread
— to persist.
"DIY kits make it too easy to get your malware out there," he says, "and it's so hard
11/03/11 - Security Defender is a rogue
anti-spyware program that is closely connected to
11:13 pm edt
win32/defmid trojan that usually comes undetected. In addition, after
being installed it uses fake
scan results and false security alerts as a method to make you think you are infected with
viruses. It impersonates Windows Defender which is a legitimate
anti-spyware program. The
rogue simulates a system scan and reports fake infections. It then prompts to pay for a full
version of the program to remove the threats. Actually, it just tricks you out of your money. If
you have paid
for the this program already then I suggest you contact your credit card company
and dispute the charges. Security Defender
is configured to start automatically when you login
to Windows. It detects non-existent or harmless files as malware
but does not allow you to
remove them until you purchase the full version of the program.
Security Defender properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background
Use one of the legitimate automatic removal tools to reradicate
this parasite from your system.
Rootkit.TDSS, TDL3 or Alureon
11/03/11 - Rootkit.TDSS,
TDL3 or Alureon [Microsoft] is a malware designed to hide the
11:06 pm edt
existence of any process on the infected machine
in order to perform malicious and dangerous
actions. TDSS may also replace essential system executable files, which
may then be used to
hide processes and files installed by the attackers. Rootkit.TDSS is installed without the
permission through the use of trojan viruses, whereas trojan virus can download and install
malware, adware or even rogue anti-spyware applications. This virus may also infect
MBR sector, which is executed
prior to windows boot. Rootkit.TDSS removal can be
complicated, but it is essential. When your computer is infected
with TDSS rootkit you may
encounter the following symptoms:
- Google (Bing, Yahoo) search result links will be redirected to various misleading sites
- that promote rogue products or display bogus advertisements.
- Security related websites will be blocked.
won't be able to launch legitimate anti-malware or anti-virus applications.
- You may find that web pages load slower.
use TDSS virus remover and remove it as soon as possible after detection. First of all,
download TDSSKiller. This tool was created to remove rootkits that belong to numerous malware
families, including TDSS. Run TDSSKiller and press the button Start scan for the utility to start
The scan won't take long, only a few minutes. After the scan, it will list maliciius files.
should be skipped and malicious, high risk objects should be deleted. After
clicking Next, the utility applies
selected actions and outputs the result. Select the correct
option and click Continue. A reboot might require
after disinfection, so just click Reboot. Now,
your computer should be TDSS rookit free. You can download TDSS
remover to remove
associated malware from the system.
• Hides from the user
• Stays resident in background
Q. How do I avoid rogue antispyware and antivirus software?
A. Make sure you 'Choose Industry Certified "Security Program"
If your PC is connected to
the internet, uses e-mail, has software of an unknown
installed and comes into contact with recordable media (jump drives, dvd's,
cd's, etc) Antispyware and Antivirus protection is a requirement. They help prevent
attacks through e-mail (and/or attachments sent with e-mail) and surfing the web.
They also help you eradicate infections which are the result
of security holes and
bugs in software. (The e-mail, web surfing
and software holes and bugs result in
the most serious internet
way to know you're purchasing a trustworthy application is to confirm that
you choose has earned certification from the leading labs.
from ICSA Labs, Virus Bulletin, West Coast Labs, the National
of Specialist Computer Retailers, and others all require antispyware/
antivirus programs to meet stringent requirements to receive certification.
Smartphone and Tablet
Tips to create a safe passcode.
Smartphones and tablets open the
door to your Work, friends, family, bank details, etc... No matter which device you use, follow these tips to keep your data secure.
1. Always use a passcode. If someone gets hold of your device, the person has immediate access to your apps and
2. Make your passcode difficult to guess. Codes such as 1234 or 2580 can be cracked in seconds. Go for something that’s
unique but easy for you to remember.
3. Longer is stronger. The longer the passcode, the harder it is to crack. Make yours a minimum of six
4. Mix numbers and letters. If your device allows, use a passcode that combines numbers, letters and punctuation. Avoid dictionary words and
choose a memorable combination.
5. Make it unique. Don’t use the same passcode for anything else, including other devices,
bank cards or online accounts. That way, if one passcode gets hacked the rest stay secure.
6. Be discreet. Look around and make sure no one is watching you enter your passcode, just as
you would protect your PIN at the ATM machine.
Q. What steps need to be taken to secure
mobile devices (smartphones) for
personal/work phones and
A. Follow these steps to secure your mobile
1. Secure your device
Always lock it
b. Apply a complex passcode
c. Shield your passcode
d. Apply the latest patches
Prevent Malware Infections
Don't click on unsolicited links
b. Think before downloading apps
c. Don't "jailbreak" or "root" your mobile
Be data aware
Be careful what you share
b. Encrypt sensitive data
4. Stay compliant
a. Know and follow your organizations
Q. Do you have an example of an Organizational 'Mobile Device Security Policy'
A. Here is EZMobilePC's policy.
Mobile devices, such as smartphones and tablet computers, are important tools for the
organization and their use
is supported to achieve business goals.
However, mobile devices
also represent a significant risk to information security and
data security as, if the
appropriate security applications and procedures are not applied,
they can be a conduit for
unauthorized access to the organization’s data and IT
This can subsequently lead to data leakage and system infection.
EZMoblePC has a requirement to protect its information assets in order to safeguard
its customers, intellectual property and reputation. This document outlines a set of
practices and requirements for the safe use of mobile devices.
1. All mobile devices, whether owned by EZMoblePC or owned by employees, that have
access to corporate networks, data and systems, not including corporate IT-managed
laptops. This includes smartphones and
2. Exemptions: Where there is a business need to be exempted from this
(too costly, too complex, adversely impacting other business requirements) a risk
must be conducted being authorized by security management.
3. Policy - Technical Requirements
Devices must use the following Operating Systems: Android 2.2 or later,
iOS 4.x or later.
2. Devices must store all user-saved passwords in an encrypted password store.
3. Devices must be configured with a secure password that complies with EZMoblePC's
password policy. This password must not be the same as any other credentials used
within the organization.
With the exception of those devices managed by IT, devices are not allowed to be
connected directly to the internal corporate network.
3.1 User Requirements
Users must only load data essential to their role onto
their mobile device(s).
Users must report all lost or stolen devices to EZMoblePC
If a user suspects that unauthorized access to company
data has taken place
via a mobile device, they must report the incident in alignment
incident handling process.
4. Devices must not be “jailbroken”* or have any software/firmware installed
is designed to gain access to functionality not intended to be
exposed to the user.
Users must not load pirated software or illegal content
onto their devices.
Applications must only be installed from official platform-owner
Installation of code from un-trusted sources is forbidden.
If you are unsure if an
application is from an approved source contact EZMoblePC IT.
7. Devices must be kept up to date with manufacturer or network provided patches.
As a minimum patches should be checked for weekly
and applied at least once a month.
Devices must not be connected to a PC which does not
have up to date and enabled
anti-malware protection and which does not comply with corporate
Devices must be encrypted in line with EZMoblePC’s
Users may must be cautious about the merging of personal
and work email accounts on
their devices. They must take particular care
to ensure that company data is only sent
through the corporate email
system. If a user suspects that company data has been sent
from a personal email account, either in body text or as an attachment, they must notify
EZMoblePC IT immediately.
(If applicable to your organization) Users must not
use corporate workstations to backup
or synchronize device content such as media files, unless such content is required
legitimate business purposes.
*To jailbreak a mobile device is to remove the limitations imposed by the manufacturer.
This gives access to the operating system, thereby unlocking all its features and enabling
the installation of unauthorized software.
Q. What is the first thing I should
do when I turn on my computer.
A. Back up important files
If you follow these tips, you're more likely to be free of interference from
and spammers. But no system is completely secure. If you have important
files stored on your computer, copy them onto a removable disc or
drive, and store it in a safe place.
Q. How do I protect my password?
A. Protect your passwords
Keep your passwords in a secure place, and out of plain sight. Don't share them
on the Internet, over email, or on the phone. Your Internet Service Provider (ISP)
should never ask for your password. In addition, hackers
may try to figure out your
passwords to gain access to your computer. To make it tougher for
Use passwords that have at least eight characters and include numbers or symbols.
The longer the password,
the tougher it is to crack. A 12-character password is
stronger than one with eight characters.
Avoid common word: some hackers
use programs that can try every word in the
Don't use your personal information, your login name, or adjacent keys on the
keyboard as passwords.
Change your passwords regularly (at a minimum, every 90 days).
Don't use the same password for each online account you access.
Q. What steps need to be taken when
setting up Wireless Home Network Security.
1) Change Default Administrator Passwords (and Usernames)
Changing the default password is important because everyone
that purchases the same
Wireless access device, knows your password.
2) Turn on (Compatible) WPA / WEP Encryption
By default, your Wireless device comes
without the encryption enables. WPA / WEP are
security programs that forced your computer to provide
an encrypted password before
you are allowed access
to the wireless access point.
3) Change the Default SSID
SSID is the network name of your wireless network;
most people leave the default name,
such as, Linksys or NetGear. By changing the name, intruders have a more difficult time
identifying your system and use known vulnerabilities. (And
of course, use the unchanged
default password.) One
mistake people make is naming their home network their family
name and or address. When cruising a neighborhood of wireless devices, its always
scary to see Bobsnet444.
4) Disable SSID Broadcast
In Wi-Fi networking, the access point or router typically broadcasts
the network name
(SSID) over the air at
regular intervals. This feature was designed for businesses and
mobile hotspots where Wi-Fi clients may come and go. In the home, this feature is
it increases the likelihood an unwelcome neighbor or hacker will try
log in to your home network.
5) Assign Static IP Addresses to Devices
Most home networkers gravitate toward using dynamic IP addresses.
This means that
the IP Address, (the IP
Address is needed to participate on a network.) is typically
assigned automatically. A dynamic IP address on an unsecure system can also supply
a hacker with a IP Address.
6) Enable MAC Address Filtering
Each piece of Wi-Fi gear possesses a unique identifier called the "physical address"
or "MAC address." Access points and routers keep
track of the MAC addresses of all
devices that connect to them. Many such products offer the owner an option to key in the
MAC addresses of
their home equipment that restricts the network to only allow
connections from those devices. Do this, but also know that the feature is not so powerful
as it may seem. Hacker software programs
can fake MAC addresses easily.
7) Turn Off the Network During Extended Periods of Non-Use
The ultimate in security measures for any wireless network
is to shut down, or turn office
your wireless access point
when you are not using. You are the most vulnerable at work
or asleep, and mischief minded people know it.
8) Position the Router or Access Point Safely
Wi-Fi signals normally reach to the exterior of a home. A small amount
outdoors is not a problem,
but the further this signal reaches, the easier it is for others
to detect and exploit. Wi-Fi signals often reach across streets and through neighboring
homes. When installing a wireless home network, the position
of the access point or
router determines it's reach. Try to position these devices near the center of the home
rather than near windows to minimize
Q: What are the first security steps I should take before I connect my computer to the internet?
A: Practices Before You Connect a New Computer to the Internet
We advise home users to download and install software patches
as soon as possible after connecting a
new computer to the
Internet. However, since the background intruder scanning activity
is constant, it may not be possible for the user to complete the
download and installation of software
patches before the vulner-
abilities they are trying to fix are exploited. We recommend the
following actions 'before' connecting computers to the Internet
users can complete the patching process without incident.
Q. Where do I report
Hacking or Malware activity?
A. Here is where to report:
Hacking or a Computer Virus
Alert the appropriate authorities by contacting:
Your ISP and the hacker's ISP (if you can tell what it is). You can
usually find an ISP's email
address on its website. Include information on the
incident from your firewall's log file. By alerting the ISP to the
problem on its system,
you can help it prevent similar problems in the future. The FBI at www.ic3.gov. To
fight computer criminals, they need to hear from you.
Fraud If a scammer takes advantage of you through an
when you're shopping
online, or in any other way, report it to the Federal Trade
Commission, at ftc.gov. The FTC enters Internet, identity theft, and other fraud-related
complaints into Consumer Sentinel, a secure, online database available to hundreds
of civil and criminal law enforcement agencies in the U.S. and abroad.
Spam If you get deceptive spam, including email phishing
information, forward it
to firstname.lastname@example.org. Be sure to include the full header of the
email, including all routing information. You also may report phishing email to
of ISPs, security vendors, financial institutions and law enforcement agencies,
uses these reports to fight phishing.
Personal Information If you believe you have mistakenly
personal information to
a fraudster, file a complaint at ftc.gov, and then visit the Federal Trade
Commission's Identity Theft website at ftc.gov/idtheft to learn how
to minimize your risk
of damage from a potential theft of your identity.
Parents Parents sometimes can feel outpaced by their technologically savvy
kids. Technology aside, there are lessons that parents can teach to help kids
stay safer as they socialize online. Most ISPs provide parental
controls, or you
can buy separate
software. But no software can substitute for parental supervision.
Talk to your kids about safe computing practices, as well as the things they're
seeing and doing online.
Sites Many adults, teens, and tweens use social networking
sites to exchange information about themselves, share pictures and
use blogs and private
messaging to communicate with friends, others who share
interests, and sometimes even the world-at-large. Here are some tips for parents
who want their kids to use these sites safely:
Use privacy settings to restrict who can access and post on your
child's website. Some social networking sites have strong privacy
your child how to
use these settings to limit who can view their online profile, and
explain to them why this is important.
Encourage your child to think about the language used in a blog,
and to think before posting pictures and videos. Employers, college
officers, team coaches,
and teachers may view your child's postings. Even a kid's
screen name could make a difference. Encourage teens to think about the
impression that screen names could make.
Remind your kids that once they post information online, they can't
take it back. Even if they delete the information from a site, older
exist on other people's
computers and be circulated online.
Talk to your kids about bullying. Online bullying can take many forms,
from spreading rumors online and posting or forwarding private messages
the sender's OK, to sending
threatening messages. Tell your kids that the words
they type and the images they post can have real-world consequences. They can
make the target of the bullying feel bad, make the sender look bad
— and, some-
times, can bring
on punishment from the authorities. Encourage your kids to talk to
you if they feel targeted by a bully.
Talk to your kids about avoiding sex talk online. Recent research
shows that teens who don't talk about sex with strangers online
are less likely to
come in contact
with a predator.
Tell your kids to trust their instincts if they have suspicions. If they feel threatened by
someone or uncomfortable because of something online, encourage
them to tell you.
You can then help
them report concerns to the police and to the social networking
site. Most sites have links where users can immediately report abusive, suspicious,
or inappropriate activity.
Q. What is the best way to keep malware
Try to minimize the threat.
the Effects of Malware on Your Computer
Malware is short for “malicious software;” it includes viruses —
programs that copy
themselves without your permission — and spyware, programs installed without
your consent to monitor or control your
computer activity. Criminals are hard at work
thinking up creative ways to get malware on your computer. They create appealing
web sites, desirable downloads, and compelling
stories to lure you to links that will
download malware, especially on computers that don’t use adequate security
software. Then, they use the malware to
steal personal information, send spam,
and commit fraud.It doesn’t have to be that way.
So says a website with tips from
the federal government and the technology industry that is helping consumers be on
guard against Internet fraud, secure their
computers, and protect their personal
malware can wreak, and reclaim their computers and their electronic information.
Computers may be infected with malware if they:
slow down, malfunction, or display repeated error messages;
- wont shut down or restart;
serve up a lot of pop-up ads, or display them when youre not surfing
display web pages or programs you didnt intend to use, or send emails
If you suspect malware
is on your computer
If you suspect malware is lurking on your computer, stop shopping, banking, and
other online activities that involve user names, passwords, or other
Malware on your computer could be sending your personal information to
Then, confirm that your security software is active and current:
at a minimum, your
should have anti-virus and anti-spyware software, and a firewall. You can
buy stand-alone programs for each element or a security suite that
from a variety of sources, including commercial vendors or from your
Internet Service Provider. Security software that comes pre-installed on a computer
for a short time unless you pay a subscription fee to keep it in effect.
In any case, security software protects against the newest threats
only if it is up-to-
Thats why it is critical to set your security software and operating system (like
Windows or Apples OS) to update automatically.
Some scam artists distribute malware disguised as anti-spyware software. Resist
buying software in response to unexpected pop-up messages or emails,
that claim to have scanned your computer and detected malware. Thats a tactic
scammers have used to spread malware, and that has attracted the attention
Trade Commission, the nations consumer protection agency, as well as a
security tools from legitimate security vendors selected by GetNetWise, a project
Once you confirm that
your security software is up-to-date, run it to scan your compu-
ter for viruses and spyware. Delete everything the program identifies as a problem.
may have to restart your computer for the changes to take effect.If you suspect
that your computer still is infected, you may want to run a second anti-spyware
program. Some computer security experts recommend installing one
program for real-time protection, and another for periodic scans of your machine
way to stop malware that might have slipped past the first program.
Finally, if the problem persists after you exhaust your own ability to diagnose and
treat it, you might want to call for professional
help. If your computer is covered by a
warranty that offers free tech support, contact the manufacturer. Before you call,
write down the model and serial number of
your computer, the name of any software
you’ve installed, and a short description of the problem. Your notes will help you give
an accurate description to the technician.If you need professional help, if your
machine isn’t covered by a warranty, or if your security software isn’t
doing the job
properly, you may need to pay for technical support. Many companies — including
some affiliated with retail stores —
offer tech support via the phone, online, at their
store, or in your home. Telephone or online help generally are the least expensive
to access support services — especially if there’s a toll-free helpline — but you
may have to do some of the work yourself.
Taking your computer to a store usually is
less expensive than hiring a technician or repair person to come into your home.
Once your computer is back
up and running, think about how malware could have
been downloaded to your machine, and what you could do to avoid it in the future. If
your security software or operating system was
out-of-date, download the newest
version and set it to update automatically. Use the opportunity to back up important
files by copying them onto a removable disc. Other
ways to minimize the chances
of a malware download in the future:
Don’t click on a link in an email or open an attachment unless you
know who sent it and what it is. Links in email can send you to sites
that automatically download malware to your machine. Opening
attachments — even those that appear to come from a friend or
co-worker — also can install malware on your computer.
Download and install software only from websites you know and trust.
Downloading free games, file-sharing programs, and customized
toolbars may sound appealing, but free software can come with
Talk about safe computing. Tell your kids that some online activity
put a computer at risk: clicking on pop-ups, downloading free games or
programs, or posting personal information.
Finally, monitor your computer
for unusual behavior. If you suspect your machine
has been exposed to malware, take action immediately. Report problems with
malware to your ISP so it can try to prevent similar problems and
Q. What Should Parents know about Social
A. Social Networking
"It's 10 p.m. Do you know where your
"Remember that phrase from your own childhood? It's still a valid question, but now, it comes with a twist:
"Do you know where your kids are — and who they're chatting with online?
"Social networking sites have morphed into
a mainstream medium for teens and adults. These sites
encourage and enable people to exchange information
about themselves, share pictures and videos,
use blogs and private messaging to communicate with friends,
others who share interests, and
even the world-at-large. And that's why it's important
to be aware of the possible pitfalls that
with networking online.
Some social networking
sites attract pre-teens – even kids as young as 5 or 6. These younger-focused
sites don't allow the same kinds of communication
that teens and adults have, but there are still things
that parents can do to help young kids socialize
safely online. In fact, when it comes to young kids, the
law provides some protections – and gives parents some control over the type of information that
children can disclose online. For sites directed to children under age 13, and for general audience sites
they're dealing with kids younger than 13, there's the Children's Online Privacy Protection Act
(COPPA). It requires
these sites to get parental consent before they collect, maintain, or use kids'
Information. COPPA also allows parents to review their child's online profiles and blog pages.
Parents sometimes can feel outpaced by their technologically savvy kids.
Technology aside, there are
lessons that parents
can teach to help kids stay safer as they socialize online.
Help Kids Socialize Safely OnlineOnGuard Online shares these tips for safe social networking:
your kids understand what information should be private. Tell them why it's important to
keep some things – about themselves, family members and friends
– to themselves.
Information like their full name, Social Security number, street address, phone number,
family financial information — like bank or credit card Account numbers
— is private and
should stay that way. Tell them not to choose a screen name that gives away too
Use privacy settings to restrict who can access and post on your child's website. Some
social networking sites have strong privacy settings.
Show your child how to use these settings to limit who can view their online profile,
explain to them why this is important.
Explain that kids should post only information that you — and they — are comfortable
with others seeing. Even If privacy settings are turned on, some — or even all
— of your
child's profile may be seen by a broader audience Than you're comfortable with.
Encourage your child to think about the language used in a blog, and to think before
Posting pictures and videos. Employers, college admissions officers, team coaches,
and teachers may view your child's postings.
Even a kid's screen name could make a difference. Encourage teens to think about the
impression that screen names could make.
Remind your kids that once they post information online, they can't take it back.
Even if they delete the Information from a site, older versions may exist on other
people's computers and be circulated online.
Know how your kids are getting online. More and more, kids are accessing the Internet
through their cell phones.
Find out about what limits you can place on your child's cell phone. Some cellular
companies have plans that limit downloads, Internet access, and texting; other plans
allow kids to use those features only at certain times of day.
Talk to your kids about bullying. Online bullying can take many forms, from spreading
rumors online and posting or forwarding private messages without the sender's
sending threatening messages. Tell your kids that the words they type and the
they post can have real-world consequences. They can make the target of the
bullying feel bad, make the sender look bad – and, sometimes, can bring on
punishment from the authorities.
Encourage your kids to talk to you if they feel targeted by a bully.
Talk to your kids about avoiding sex talk online. Recent research shows that teens who
don't talk about sex with strangers online are less likely to come in contact with
predator.If you're concerned that your child is engaging in risky online behavior,
search the blog sites they visit to see whatinformation they're posting. Try searching
by their name, nickname, school, hobbies, grade, or area where you live.
Tell your kids to trust their gut if they have suspicions. If they feel threatened by someone
or uncomfortable because of something online, encourage them to tell you. You
help them report concerns to the police and to the social networking site. Most
links where users can immediately report abusive, suspicious, or inappropriate
parent sections to Understand its features and privacy controls. The site should
your rights as a parent to review and delete your child's profile if your child
A Few More Tips to Protect Pre-TeensMany of the tips above apply for pre-teens, but
parents of younger children also can:
extra steps to protect younger kids. Keep the computer in an open area like the
kitchen or family room, so you can keep an eye on what your kids are doing online.
Use the Internet with them to help develop safe surfing habits.
Consider taking advantage of parental control features on some operating systems
that let you manage your kids' computer use, including what sites they can visit,
whether they can download items, or what time of day they can be online.
Go where your kids go online. Sign up for – and use – the social networking spaces
that your kids visit. Let them know that you're there, and help teach them how to act
as they socialize online.
Review your child's friends list. You may want to limit your child's online “friends” to
people your child actually knows and is friendly with in real life.
Understand sites' privacy policies. Sites should spell out your rights as a parent to
review and delete your child's profile if your child is younger than 13.
For More InformationTo learn more about staying safe online, visit the websites of the following organizations:
Federal Trade Commission — www.OnGuardOnline.gov The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business
practices in the marketplace and toprovide information to help consumers spot, stop, and avoid them.
To file a complaint or to get free information onconsumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP
(1-877-382-4357); TTY: 1-866-653-4261.The FTC manages OnGuardOnline.gov, which provides practical tips
from the federal government and the technologyindustry to help you be on guard against Internet fraud,
secure your computer, and protect your personal information. ConnectSafely — www.connectsafely.org ConnectSafely is a forum for parents, teens, educators, and advocates designed
to give teens and parents a voice in thepublic discussion about youth online safety, and has tips, as
well as other resources, for safe blogging and socialnetworking. Along with NetFamilyNews.org, it is
a project of the non- profit Tech Parenting Group. Cyberbully411 — www.cyberbully411.org Cyberbully411 provides resources and opportunities for discussion and sharing
for youth - and their parents - who havequestions about or may have been targeted by online harassment.
The website was created by the non-profit Internet Solutions for Kids, Inc., with funding from the Community
Technology Foundation of California. GetNetWise — www.getnetwise.org
GetNetWise is a public service sponsored by Internet industry corporations and
public interest organizations to helpensure that Internet users have safe, constructive, and educational
or entertaining online experiences. The GetNetWise coalition works to provide Internet users with the
resources they need to make informed decisions about their and theirfamily's use of the Internet.
iKeepSafe.org is a coalition of 49 governors/first spouses, law enforcement,
the American Medical Association, the American Academy of Pediatrics, and other associations dedicated
to helping parents, educators, and caregivers byproviding tools and guidelines to promote safe Internet
and technology use among children.
NCMEC is a private, non-profit organization that helps prevent child abduction
and sexual exploitation; helps find missingchildren; and assists victims of child abduction and sexual
exploitation, their families, and the professionals who serve them. staysafe —
staysafe.org is an educational site intended to help
consumers understand both the positive aspects of the Internet aswell as how to manage a variety of
safety and security issues that exist online.
WiredSafety.org is an Internet safety and help group. WiredSafety.org provides
education, assistance, and awareness on cybercrime and abuse, privacy, security, and responsible technology
use. It is also the parent group of Teenangels.org, FBI-trained teens and preteens who promote Internet
safety. See also: Social Networking Sites: Safety Tips for Tweens and Teens
What to Do if There's a ProblemTrust your gut if you have
suspicions. If you feel threatened by someone or uncomfortable because of something online,Tell an adult
you trust, and report it to the police and the social networking site.The Children's Online Privacy
Protection Act (COPPA) requires websites to obtain parental consent before collecting, using,or disclosing
personal information from children under age 13.
Q. What are
Nigerian con-men or internet scams?
Phony Lotteries, Nigerian 419s, Advanced Fee Fraud, and Scams
While you're online:
Know who you're
In any electronic transaction, independently confirm the other party's name, street
address, and telephone number.
Resist the urge to enter foreign lotteries. These solicitations are phony
Delete requests that claim to be from foreign nationals
asking you to help transfer their money through your bank account. They're fraudulent.
emails that request your money, credit card or account numbers, or other personal information.
If you are selling something over the Internet, don't accept a potential buyer's offer to send you a check
for more than the purchase price, no matter how tempting the plea or convincing the story. End the transaction immediately
if someone insists that you wire back funds.The Internet gives buyers access to a world of goods and services, and gives sellers access to a world of customers.
Unfortunately, the Internet also gives con artists the very same access. But being on guard online can help you maximize the
global benefits of electronic commerce and minimize your chance of being defrauded. OnGuard Online wants you to know how to
spot some cross-border scams — including foreign lotteries, money offers, and check overpayment schemes — and
report them to the appropriate authorities.
For years, scam operators have used the telephone and direct mail to entice U.S. consumers into buying chances in supposedly
high-stakes foreign lotteries. Now they're using email, too — either to sell tickets or suggest that a large cash prize
has your name on it. No matter what country's name is used to promote a lottery, the pitch follows a pattern: you should send
money to pay for taxes, insurance, or processing or customs fees. The amount may seem small at first, but as long as you keep
paying, the requests for funds will keep coming — for higher and higher amounts. Some victims have lost thousands of
dollars.Most scam operators never buy the lottery tickets on your behalf. Others buy some tickets, but keep the "winnings"
for themselves. In any case, lottery hustlers generally try to get you to share your bank account or credit card numbers,
so they can make unauthorized withdrawals.If you're thinking about responding to a foreign lottery, OnGuard Online wants you to remember:
a foreign lottery is against the law.
There are no secret systems for winning foreign lotteries. Your chances of getting any money back are
slim to none.
If you buy even one foreign lottery ticket, you can expect many more bogus offers
for lottery or investment "opportunities." Your name will be placed on "sucker lists" that fraudsters
buy and sell.
credit card and bank account numbers to yourself. Scam artists often ask for them during an unsolicited sales pitch. Once
they get your account numbers, they may use them to commit identity theft.Resist solicitations for foreign lottery promotions. Report them to the appropriate government officials, then hit delete.View a sample fraudulent foreign lottery solicitation.
"Nigerian" Foreign Money Offers
The "Nigerian" scam got its name from emails that supposedly came
from Nigerian "officials" who needed your help getting at their money — which was tied up due to strife in
their country. Today, people claiming to be officials, businesspeople, or the surviving relatives of former government honchos
in countries around the world send countless offers via email to transfer thousands of dollars into your bank account if you
will just pay a fee or "taxes" to help them access their money. If you respond to the initial offer, you may receive
documents that look "official." But then, you will get more email asking you to send more money to cover transaction
and transfer costs, attorney's fees, blank letterhead, and your bank account numbers, among other information. Subsequent
emails will encourage you to travel to another country to complete the transaction. Some fraudsters have even produced trunks
of dyed or stamped money to verify their claims.The emails are from crooks trying to steal your money or commit identity
theft. Victims of this scam report that emergencies arise that require more money and delay the "transfer" of funds;
in the end, you lose your money, and the scam artist vanishes. According to the U.S. State Department, people who have responded
to these solicitations have been beaten, subjected to threats and extortion, and in some cases, murdered.If you receive an
email from someone claiming to need your help getting money out of another country, don't respond. After all, why would a stranger from another country pick you out at random to share thousands of
dollars? Report the solicitation to the appropriate government officials, and then hit delete.View a sample fraudulent foreign money offer.
Check Overpayment Schemes
no to a check for more than your selling price, no matter how tempting the plea or convincing the story. Check overpayment
schemes generally target people who have posted an item for sale online. The con artist, posing as a potential buyer from
a foreign country (or a distant part of the U.S.), emails the seller and offers to buy the item with a cashier's check, money
order, personal check, or corporate check. Or the scammer may pretend to be a business owner from a foreign country, needing
"financial agents" to process payments for their U.S. orders; in exchange, they promise a commission.Regardless of the cover, here's what happens:
The scammer sends you a check that looks authentic — complete with watermarks — made payable for more money than
you expected. They ask you to deposit it in your bank account, and then wire-transfer some portion of the funds to a foreign
account. They provide convincing reasons why the check is for more than the necessary amount, and why the funds must be transferred
quickly. Sometimes, the counterfeit checks fool a bank teller, but be aware that the check still can bounce. The scammer vanishes
with the money you wired from your own account and you are on the hook for the entire amount of the worthless check. In addition,
a scammer who has your bank account number is likely to use it to withdraw more money from your account.
Reporting a Cross-Border Scam
If you think you may have responded to a cross-border scam, file a complaint at www.econsumer.gov, a project of 20 countries of the International Consumer Protection and Enforcement
Network. Then visit the FTC's identity theft website at www.ftc.gov/idtheft. While you can't completely control whether you will become a victim
of identity theft, you can take some steps to minimize your risk.If you've responded to a "Nigerian" scheme, contact your
local Secret Service field office using contact information from the Blue Pages of your telephone directory, or from www.secretservice.gov/field_offices.shtml.In addition, report telemarketing fraud and check overpayment scams to your state
Attorney General, using contact information at www.naag.org.Report unsolicited email offers to email@example.com — including offers inviting you to participate in a foreign
lottery, looking for help getting money out of a foreign country, or asking you to wire back extra funds from a check you
received.If you receive what looks like lottery material from a foreign country through the postal mail, give it to your local
For More InformationForeign Lottery Scams
U.S. Federal Trade Commission — The FTC works for the consumer to prevent fraudulent, deceptive,
and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them.
To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261.
The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure,
online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.Competition Bureau in Canada — The Competition Bureau is an independent law enforcement agency
in Canada that investigates anti-competitive practices and promotes compliance with the
laws under its jurisdiction. To file a complaint or to get free information, visit www.competitionbureau.gc.ca or call toll-free, 1-800-348-5358. The Bureau has the ability to refer criminal matters to the Attorney General of Canada,
who then decides whether to prosecute before the courts.United Kingdom's Office of Fair Trading — The United Kingdom's
Office of Fair Trading is responsible for making markets work well for consumers. They protect and promote consumer interests
throughout the United Kingdom, while ensuring that businesses are fair and competitive. To file a complaint or to get free information,
visit www.oft.gov.uk or send an email to firstname.lastname@example.org.Australian Competition and Consumer Commission — The Australian Competition and Consumer Commission encourages vigorous
competition in the marketplace and enforces consumer protection and fair trading laws. To file a complaint or to get more
information, visit www.accc.gov.au. The ACCC advocates consultation and negotiation as the first and
best option to settle disputes, but once the ACCC pursues legal action any sort of mediation becomes less likely.
"Nigerian" Advance-Fee Scams
U.S. Secret Service — The Secret Service investigates violations of laws relating to financial
crimes, including access device fraud, financial institution fraud, identity theft, and computer fraud. To file a complaint
or to get free information, visit www.secretservice.gov or call 202-406-5708.U.S. Department of State — The Department of State's mission is to create a more secure, democratic,
and prosperous world for the benefit of the American people and the international community. As part of that mission, the
Department of State seeks to minimize the impact of international crime, including cross-border internet scams, on the United States and its citizens. To get free information, visit www.state.gov.
Q. What should I do prior to disposing of an old computer?
A. Computer Disposal
Once you have a “clean” computer,
consider recycling, donating, or reselling it – and keep the environment in mind when
disposing of your computer.If you want to get rid of your old computer, options include recycling,
reselling, and donating.
you log off for thelast time, there are important
things to do to prepare it for disposal. Computers
personal and financial
information, including passwords, account numbers, license keys or registration numbers for software
programs, addresses and phone numbers, medical and prescription information, tax returns, and other personal documents.
Before getting rid of your old computer, it’s a good idea to use software to “wipe”the hard drive clean. If you don’t, consider
your old hard drive a 21st century treasure chest for identity thieves
and information pirates. The Federal Trade Commission
(FTC), the nation’s consumer
protection agency, says you can deter identity theft and information piracy by taking a few
Understanding Hard Drives
A computer’s hard
drive stores data, and maintains an index of files. When you save a file, especially a large one, it is
scattered around the hard drive in bits and
pieces. Files also are automatically created by browsers
systems. When you open a file, the hard drive checks the index, then gathers
the bits and pieces and reconstructs them.
delete a file, the links between the index and the file disappear, signaling to your system that the file isn’t needed
any longer and that hard drive space
can be overwritten. But the bits and pieces of the deleted file stay on your computer
until they’re overwritten, and they can be retrieved with a data recovery program.
To remove data from your hard drive
it needs to be wiped clean.
Cleaning Hard Dives
Before you clean your hard
drive, save the files that are important to you on an external storage device – for example,
a USB drive, a CDRom, or an external
hard drive – or transfer them to a new computer. Check your owner’s manual, the
manufacturer’s website, or its customer support line for information on how to
save data and transfer it to a new
computer. Utility programs to wipe your hard drive are available both online and in stores where computers are
They’re generally inexpensive; some are available on the Internet for free. Wipe utility
programs vary in their capabilities:
erase the entire disk, while others allow you
to select files or folders to erase. They also vary in their effectiveness:
programs that overwrite
or wipe the hard drive many times are very effective; those that overwrite or wipe the drive only once
may not prevent information being wiped from being recovered later.
If your old computer contains sensitive information
that would be valuable to an identity
thief, consider using a program that overwrites or wipes the hard drive many times. Or,
remove the hard
drive, and physically destroy it. One more thing to keep in mind: If you use your home or personal
for business purposes, check with your employer about how to manage information on your computer that’s business-related.
The law requires businesses to follow
data security and disposal requirements for certain information that’s related to
Once you have a “clean”
computer, here’s how to dispose of it:
Recycle it. Many computer manufacturers have programs to recycle computers
and components. Check their
websites or call their toll-free numbers
for more information. The Environmental Protection Agency (EPA) has
information on electronic product recycling
program. Check with your county or local government,
including the local landfill office for regulations.
Donate it. Many organizations collect old computers and donate them to charities.
Resell it. Some people and organizations buy old computers.
Check online. Keep
the environment in mind when disposing of your computer.
Most computer equipment contains hazardous materialsthat don’t belong in a landfill.
For example, many computers have heavy metals that can contaminate the earth.
The EPA recommends that you check with your local health and sanitation agencies for ways to dispose
of electronics safely.