As you can see in the screenshot from Sophos, this specific scam advertises “One Free Amazon.com Gift Card (limited time only)“. The link comes with one of several Amazon icons, one of which implies that the offered gift card is for the outrageous amount of $500. If this is not suspicious enough, the link also states that “Amazon is currently giving away gift cards to all Facebook users” and urges you to click it to get yours.

According to Sophos, if you do click the link, you will be asked to first share it with all your friends, and then be redirected to another webpage where you will be tempted with some premium rates mobile phone service, and will also be asked to complete a service. All of this will serve the people behind this scam nicely, as it will bring hits to various webpages, and may cause some people to part with some money. But there will not be a gift card in sight.

$500 from Amazon sure is tempting, so if you’ve fallen for this or if you’ve seen this post on a friend’s wall, be sure to erase, unlike and evoke any permission from apps you don’t know. To remove apps from your Facebook account, go to Privacy Settings, scroll all the way down to Apps and Websites and click on Edit Settings. You can then remove apps from Apps you use by clicking Edit Settings again.

What do you think about scams like this? Should it be Facebook’s responsibility to get rid of them, or should people simply be more alert?

Source: Sophos Naked Security

There are a lot of things you can do to protect yourself. You can educate yourself on new potential threats, read on how to keep your computer secure, and what security software doesn’t protect, and obtain the best tools for the job, whether they are anti-virus programs or extensions.

Here, I’ll be taking a look at ClamWin, an open-source anti-virus program that’s been around for a while. Should you get it? Read on to find out.

Getting ClamWin

ClamWin is an anti-virus program based on the only open-source anti-virus solution in the market, Clam AV, which is a toolkit initially designed for UNIX.

As you can probably tell by the name, ClamWin is available as a download for Windows machines only. You can download the installer here, which is almost 40MB, or you can also try the portable app for anti-virus protection on the go.

If you’re wondering about which version to go with, I’m using the portable version 0.97.3 for this review. This latest release has improved bytecode signature matching, in addition to the reigning features that characterize this anti-virus – virus scanner, scanning scheduler, automatic virus database updates, and integration with Windows Explorer and Microsoft Outlook.

If you’re using the installer, be aware that the Ask toolbar might be offered during the installation. Make sure you read what the checkboxes are offering before you click Next. I didn’t see any such thing during the portable application “installation”.

Launching ClamWin

When you first launch ClamWin, you’ll likely need to download the built-in database of viruses.

Doing so will just take a few seconds if you’re connected to the Internet.

Once ClamWin has finished updating its Database, you can see the main window where you’ll have the options to set your preferences, update your virus definition database once again, scan programs currently running in memory and finally, scan specific files or directories.

Running Memory Scan

Selecting this option allows you to scan the programs that are currently running in memory. If you’re as paranoid as this author, t’s probably a good idea to update your virus definition database before running your scans.

Unless you’re running Photoshop, Mozilla Firefox, and many other resource hogs, this scan should be completed in a couple of minutes. Mine took just over 3 minutes and scanned 28 processes in memory.

Running File Or Directory Scan

In the main window, there will be a directory browser where you can select a whole drive (e.g. your C drive), specific folder or even a file to scan.

Depending on what you chose, this scan can obviously last a while. When I was running a scan for my D drive, ClamWin was also working really hard, using almost 109 MB of RAM. Not that it’s a bad sign, but it’s probably a good idea not to multi-task on your PC while you let a scan run through an entire disk drive. After a scan is finished, you can see the report right after, save it or access it in the main window menu.

If a virus is detected during the scan, there are three options you can choose from in the Preferences: Quarantine it, report it, or remove it.

If you’re particular about your scans, you can also filter files to be included or excluded from the scan in the Preferences. You can also limit a file size to scan or not, and also whether to extract files from zipped files in the Preferences window.

If you installed ClamWin instead of using the portable version, you’ll be able to schedule scans right in the Preferences window, increasing security for your PC.

If you’re using the portable version and wish to schedule scans, you could always use Windows Task Schedulerand clamscan.exe which should be under ClamWinPortable/App/clamwin/bin.

ClamWin shines for being an open-source anti-virus program with file and directory scanners, scanner scheduler, automatic downloads of virus databases and more. It does lack a real-time scanner, which could be a big con, but for basic protection and its price, it’s a great product to have on your PC security arsenal.

Have you used Clam AV or ClamWin? Share your experience in the comments section below!

These viruses didn’t necessarily make front page news in the same way as Sasser, MyDoom or the Storm Worm did, but many were the first of their kind. It’s also worth noting that many were non-destructive, with the real aim of creating a self-replicating program rather than causing data loss.

1971: Creeper

Creeper was written in 1971 by Bob Thomas who worked for BBN, and is widely considered to be the first example of a computer worm. The program was self-replicating in nature and non-destructive to data as its main purpose was to test the effectiveness of such code.

Creeper was technically not a virus due to its rather passive nature. The author commented in response to this article:

“…the creeper application was not exploiting a deficiency of the operating system. The research effort was intended to develop mechanisms for bringing applications to other machines with intention of moving the application to the most efficient computer for its task.”

Creeper did not take advantage of an exploit on the (pictured) DEC PDP-10 TENEX systems it came into contact with, and was eventually stopped with a program called Reaper, which was specifically designed to halt the spread.

1981: Elk Cloner

In 1981 a 15-year old called Rich Skrenta stumbled upon the world’s first boot sector virus, Elk Cloner for the Apple II. At the time the Apple II used floppy disks to boot into the OS, which made it particularly vulnerable to attacks.

If a user booted into the OS from an infected floppy, the virus would be copied to the computer’s memory. Any further floppy disks that were inserted into the computer once Elk Cloner was in the memory would also become infected. Whilst the code was not malicious, the user would see a poem on every 50th boot.

Skrenta’s virus was not only the first to specifically target the boot sector but also one of the first to spread “in the wild” – i.e. outside of the environment it was originally written.

1986: Brain

Considered by many the first computer virus written for MS-DOS (and thus the IBM PC standard), Brain affected floppy disks, more specifically the boot sector of the DOS File Allocation Table (FAT), by moving the real boot sector elsewhere and marking it as “bad”. A copy of the virus replaced the real boot sector, but hard drives were specifically avoided.

The virus can be traced back to two brothers from Lahore, Pakistan – Basit and Amjad Iqbal who included the following message:

Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS…. Contact us for vaccination…

The virus was originally written as a copyright safeguard for medical software the pair were working on. They received phone calls from all over the world demanding inoculation, and still trade today as Brain NET, an Internet service provider.

1987: SCA

Another first, SCA was the Commodore Amiga’s inaugural computer virus, written by the “Swiss Cracking Association” or “Mega-Mighty SCA”. The group mostly specialised in removing copy protection from floppies, and thus the SCA virus targetted the boot sector of write-enabled disks.

Every 15th reboot the following message was displayed, warning the user that they were infected:

Something wonderful has happened Your AMIGA is alive !!! and, even better…some of your disks are infected by a VIRUS !!! Another masterpiece of The Mega-Mighty SCA !!

The virus only affected write-enabled floppies but would ruin custom bootblocks, such as those used by games. The SCA virus led the same group to release the first ever Amiga virus scanner in order to remove the infection.

1988: Morris Worm

With its source code preserved on a dusty floppy in the Boston Museum of Science, the Morris worm is one of the most famous outbreaks in history – mostly due to a mistake by its author. The Morris worm was in fact one of the first spread via the Internet, and exploited known vulnerabilities within the UNIX operating system.

The worm was originally not written to be malicious, but instead to try and gather information about the size of the Internet according to its author, Robert Tappan Morris. What made the worm such an issue was its method of spreading, which would re-infect every 1 in 7 PCs that claimed to already be infected.

This proved to be overkill and it is thought that of the 60,000 machines connected to the Internet at the time, 10% were affected. Morris was studying at Cornell University at the time, but chose to release the worm from MIT to avoid detection. He was later the first person to be convicted under the USA’s 1986 Computer Fraud and Misuse Act.

He received three years probation, 400 hours community service and a $10,000 fine. The worm is thought to have caused somewhere between $10 million -$100 million in damage and undoubtedly changed Internet security forever.

2006: Leap

Leap, also known as the Oompa-Loompa virus was the first to ever infect Apple’s cherished OS X operating system. Whilst it was not a full-blown outbreak, and didn’t even transfer via the Internet, Leap proved that no matter how tight security was, there were always going to be potential vulnerabilities.

The virus transferred itself via iChat’s Bonjour buddy list, but only over local area networks. In order for a machine to become infected the user had to accept the latestpics.tgz archive, open it and run the executable (claiming to be an image of Apple’s next OS) within.

The virus would infect non-system applications owned by the user, but due to a bug within the virus, any infected programs refused to run after exposure to Leap. Removal of the virus did not require a complete OS re-install, and thus Leap will always be considered a low threat virus, albeit a world-changing one.

Conclusion

I hope you’ve enjoyed learning about some of my “favourite” viruses, their origins and of course the knock-on effects. Whilst infections like Elk-Cloner and Creeper weren’t particularly damaging they were highly innovative and certainly provided a taste of things to come.

Do you know of any other interesting virus outbreaks? Remember that sinking feeling once your machine was infected? Have a rant below!

Image Credits: Shutterstock, DEC PDP-10, Apple II, Brain virus

Unlike most cases of malware, this virus embeds itself deeper into your system and requires more than a simple malware scan. However, even though the removal process is more involved, someone who is computer illiterate will still be able to perform it, so if you’re not very tech-savvy, fear not!

What Is The Google Redirect Virus?

The main symptom of the GRV is that clicking on a Google search result link will take you to another unrelated website. It doesn’t matter which search link you click and it doesn’t matter which browser you use for searching. How can you get it? Unfortunately, it’s not very difficult. If you accidentally (or even purposely) visit a malicious or infected website, and if you don’t have the necessary anti-virus protection on your computer, you can get it.

Technically, the GRV is not really a virus at all – it’s a trojan – and despite the name, Google has nothing to do with the problem. It’s not a problem with Google’s website, search engine, or anything else. The problem is local to your computer and it will affect all of the main browsers that you have installed, including Internet Explorer, Firefox, Opera, and Chrome.

Why Is The Google Redirect Virus So Frustrating?

For many people, the GRV is one of the most annoying and infuriating computer infections to deal with. Not only does it interrupt your normal search sessions, it makes it incredibly difficult to find a solution – because you can’t search for one. At best, you’ll spend inordinate amounts of time pressing the “Back” button to negate the website redirects. At worst, your productivity will plummet and you’ll stop wanting to even use your computer at all.

To add to the frustration, the GRV is difficult to remove. It is a variation of the TDSS rootkit, which piggybacks on top of a system driver. Since the system driver is innocent in the eyes of malware detection programs, the GRV is not flagged as malevolent and, therefore, not removed.

The GRV is an objectively small inconvenience, but it can wear you down and ruin your mood rather quickly. Luckily, there are tools and programs to aid in the process of removing the Google redirect virus.

Remove Google Redirect Virus – Using TDSSKiller

Follow these steps to get rid of the Google Redirect Virus once and for all.

Download TDSSKiller. Download the TDSSKiller.zip file to your Desktop and extract the files using an extraction program. WinRAR is popular, as is 7-Zip. After extracting, you should see a TDSSKiller.exe file.

• If you are unable to download the file, then the TDSS rootkit on your system may be blocking the connection. In this case, you’ll need to download the file using another computer and transfer it to your own computer.

Run the TDSSKiller.exe. Double click on the TDSSKiller.exe file to run it. The program will initialize and then present you with the ability to scan your computer for problems.

• If nothing happens when you double click the file, you’ll need to rename it. Right click on the file and select Rename, then rename the file to 12345.com. Take note that the .com extension is very important – it is how you can bypass the TDSS block.
• If TDSSKiller still won’t run, you may need to scroll down and use FixTDSS instead.

Scan your system. Click on Start Scan to start the scan. TDSSKiller will search your system for related problems and report back to you if it finds anything. If TDSSKiller happens to not find anything, you may need to scroll down and use FixTDSS instead.

Cure the problems. If TDSSKiller does find any problems, choose to Cure as many of them as you can – all of them would be best. If you can’t cure some of them, leave it on the default Skip option.

• Only use the Cure or Skip options. Avoid the Delete and Quarantine options because using them on critical system files may cripple your computer and render it inoperable.

Reboot your computer. To complete the removal of the TDSS rootkit, you will be required to reboot. Do so when prompted.

Google Redirect Virus Removal — Using FixTDSS

These steps are only necessary if TDSSKiller failed to clean up your system.

Download FixTDSS. Download the FixTDSS.exe file to your Desktop.

Run the FixTDSS.exe. Double click the FixTDSS.exe file to run it. After the program initializes, click on the Proceed button to start the scan. The program will look for potential problems and fix them if necessary.

Reboot your computer. To complete the removal of the TDSS rootkit, you will be required to reboot. Do so when prompted. After your computer boots back up, you will see the results of FixTDSS’s findings.

Conclusion

At this point, the TDSS rootkit should be successfully eliminated from your system. You can check if the infection is gone by searching on Google and clicking on any search result link. If you aren’t redirected to another website, the infection is gone.

In the future, you can help prevent infections on your system by utilizing free anti-virus software. Compound that with safe computer habits and you will drastically reduce your likelihood of catching another virus.

If you are the victim of the Google Redirect Virus, try these tools out and let us know in the comments if they helped or not.

However, let’s say that you did follow all those steps like a good person and you still ended up getting infected, as you probably noticed once an antivirus tool you never installed suddenly tells you your computer is about to self-destruct. Well, that’s just great. So how do you remove such a virus from your computer?

There’s hope and solutions on offer. So, read on.

Use Microsoft Safety Scanner

Microsoft offers a tool that can remove certain kinds of malicious software. That tool used to be the Windows Malicious Software Removal Tool, but recently Microsoft is offering the Microsoft Safety Scanner. This scanner is supposed to check your computer for any viruses, spyware, and other bad stuff and remove it.

There are plenty of other similar online scanners, but some may lead you to actually downloading more malware on your system rather than removing it. By using Microsoft’s tool, you can be sure that it genuinely wants to remove any malware from your system.

Install Antivirus Software

Although you probably should’ve had it installed before to make use of its real-time protection, it might be helpful to install an antivirus tool now to help remove the malware that is currently wreaking havoc on your system. An antivirus tool can also scan for any other files that have dormant viruses in them, waiting for you to activate them. There are plenty of free ones that are very effective, such as AVG, Microsoft Security Essentials, and Avast, just to name a few. These tools will hopefully be able to remove that pesky virus before it does too much harm.

Search the Internet For Possible Solutions

While it’s not recommended to use the internet when you know you’re infected with a virus (as the virus could potentially start sending out any information it’s finding on your system), you can use a clean system to go online and search for the virus that you may have (based on the symptoms your computer is experiencing) and how you can possibly remove it. With some luck, you might find a solution that has been tested and proven to work.

Reinstall Windows

Last but not least, if all else fails, reinstall Windows or move to any other operating system such as Linux. If the virus is really that pesky, it’s best to just help Windows destroy itself so that you can rebuild on the ashes. Before you begin with your reinstallation, don’t forget to backup your data. Please, scan all the files that you’re backing up so that you don’t accidentally save the virus you’re trying to get rid of and then reinfect yourself later. It’s a long and hard process and is therefore the ultimate last resort, but at least this method works every time.

Don’t Buy A New Computer!

I’ve come across enough people who think that if their computer gets infected with a virus, the world is going to end and they’ll need to dump the infected computer and buy a brand new one. This is absolutely not true, as the hardware is still perfectly in tact. Reinstalling Windows is like resetting the system, and gets rid of the virus in the process. There’s no need to go out and spend $400+ for a decent new computer just because you got infected with a virus.

Conclusion

Getting rid of a virus is sometimes easy and sometimes very tricky. Your level of success will vary depending on the bug you managed to catch. However, there is always one way or another to get rid of a virus. We just hope that it doesn’t have to be very destructive to your own data. Just remember, when it comes to viruses and protection, it’s better to be safe than sorry.

What’s the worst virus you’ve managed to catch? What other tips would you add to this article? Let us know in the comments!

Image Credit: AJC1

Now, Microsoft has released a temporary fix. The fix is not a patch, but rather a workaround that involves using the command prompt to disable access to T2EMBED.DLL. Alternatively, users can have this taken care of automatically with the Microsoft Fit It utility.

Microsoft warns that using the workaround will cause embedded font technology to no longer work correctly. Applications that use it will “fail to display properly”. Microsoft does not elaborate, but this most likely means embedded fonts will not appear and instead be replaced by a default font. Webpages sometimes use font embedding to allow users to view web text in a font that’s not installed on the user’s computer, for example.

While the workaround does provide temporary protection, a patch is being developed to close the exploit and allow for safe use of embedded fonts. It will be release automatically via Windows Update once it becomes available. No release date has been promised.

For our readers at home, our original advice – don’t open Word documents found in emails – is a perfectly adequate solution. Businesses with multiple computers, however, would be wise to use this fix.

Source: The Guardian, Microsoft Security TechCenter

Basically, this virus enters your system and could potentially allow malicious individuals into your system where they can take control and take all kinds of data. This would obviously be especially bad if you have credit card information on your computer or if the virus ends up on the system of a corporation where there can be all kinds of private data. Worse still, they could target government, similar to Stuxnet.

This virus could very well be made by the same people who made Stuxnet, or at the very least, their source could have been stolen to create this Duqu virus.

As of now, there is no fix for this virus. For the time being, we suggest that all of our users be extremely wary of all Word documents they receive, especially if you don’t know the person who sent it.

Source: Reuters

Basically, this Trojan overwrites XProtectUpdater files preventing the program from updating and finding new threats that need to be handled. This opens your Mac to a wide of range of possibly threatening software and attacks.

Right now it isn’t clear what this Trojan is actually trying to do, but it is able to connect to a remote host and run other pieces of code. It seems more like it is setting up for future attacks, and not doing the attacking itself. Either way, this cannot end well if it ends up on your system.

Please, make sure to only update your software from a source you trust, or better still, from the official site of the software developer. This practice applies to pretty much any piece of software, but it applies especially to flash now.

Source: MacRumors

Nobody likes to be informed that they’ve received a speeding ticket, but in today’s world of speed cameras and intersection flash-blubs, the practice of receiving a ticket without encountering a cop is becoming more common. Some enterprising ne’re-do-wells have apparently decided to take this to their advantage, and are now spreading a virus via fake email speeding tickets.

The email’s trickery largely relies on the fact that it appears to come from a government address (nyc.gov, to be specific) which helps the email’s credibility. It also attempts to work magic via false specificity by claiming that recipients were speeding at 7:25 am. That’s made up, of course – but anyone who happened to be on the road at that time might be inclined to think this makes the email legit.

Once the email has earned your trust, it directs you to open an attachment which is supposedly a form that can be filled out in response to the ticket. Instead, it’s a typical Trojan Horse virus.

If you do receive such an email, you can rest assured it’s not legitimate by fact that it’s an email. First notification of a speeding ticket via email would be unusual to say the least. In addition, the email text doesn’t provide any personal information about the recipient (such as name or address) which is an easy giveaway that the email is bogus. Finally, the Chatam Hall which is referred to in the email doesn’t exist.

Should you receive this email, simply delete and ignore it. It is harmless so long as you don’t open the attachment. Don’t forward the email to the police, either. They’re well aware of the trickery.

Source: MSNBC

Image Credit: Tech and Security

This new threat consists of two stages. First, a downloader is installed when a user executes an infected file. As it downloads the full Trojan, it opens a PDF that contains political rebel-rousing that might get you a bit rowdy – if you can read Chinese. Once the malware is installed, it connects to a remote server which can command it to take screenshots or archive files.

Researchers have noted that the Trojan is relatively harmless so far because it is not actively receiving instructions from the remote server it connects to. That could change at any time however, so be sure to keep your malware definitions up to date and watch for PDF files that seem to open randomly.

Users who do not have malware software can also try to check for this Trojan by opening Activity Monitor and hunting for a process labeled “checkvir“.  Note its location, stop it (using the Activity Monitor) and then attempt to delete it.

My opinion is that anyone running Mac should now be relying on some form of anti-malware software, such as Sophos Anti-Virus Free or iAntivirus. As OS X grows in popularity, threats targeted at it will only become more common.

Source & Image Credit: CNET