(Note:  If you find this information useful, and it solves your problem, please leave a comment at the bottom of the post, and/or share it via the link below. Thank you.)

Have you run into the Windows Update “infinite loop from hell”?  If you have, you know what I”m talking about. You get a Windows update, it installs and requires that you reboot to finish the install. After rebooting, the second part of the install fails, and it uninstalls itself. The next time you try to install Windows updates,  the same thing happens on the same update. Repeat ad nauseum.

If you check the Windows update status, it will probably tell you that the error code is “80071aa7″, but give no further information. Continue reading ‘Windows update error 80071AA7 *solved* (re-post)’ »

We’ve probably all seen it.  You go to a web page, and it tells you that you need to update your flash player in order to access the site, and gives you a handy link to download it.

Well, “the bad guys” saw those, too, and there has been a recent wave of fake “update” programs on scam sites, as well as “hacked” sites.  Sometimes, it will even come in the form of an “important message” supposedly from your bank, credit card company, or other well-known business.

The bad guys know that many people will simply click the link, and ignore any security warnings that come up, since similar warnings would be expected from a real install program.

The problem is that these e-mails and web pages don’t really have any flash content to display. They exist for the sole purpose of getting you to click on their “get the update” link, which, of course, is really a trojan meant to infect your system.

So, how can you tell if you really need to update your flash player (or other browser plugin)?

Continue reading ‘“Your flash player is out of date.”’ »

There’s a new worm in town, and it’s called “Stuxnet”. Unlike previous worms, which required the user to run a program, have “autorun” enabled, load a document into a spreadsheet or word processor, or at least look at the file in some manner, this worm is triggered by simply viewing the folder. The vulnerability even affects Windows 7, and as of today there is no fix yet from Microsoft.

For example, placing an infected USB stick into the computer on Windows 7 will, by default, ask you what you want to do.  Being a smart person, you know to avoid the “autorun” option, and instead opt for “open folder” choice, to see what sort of files are on it. That act alone will trigger the worm. Same thing with “My computer” and then double-clicking the USB stick, or navigating to any folder with the infection in it.

According to an article from Microsoft: Continue reading ‘The Stuxnet worm’ »

Another common type of e-mail fraud is called “phishing”. Basically, they pretend to be someone else, in an attempt to get you to reveal personal information, just as login and password, or your social security number. (Or both.) Many of these can be rather sophisticated, mimicking the real website down to the slightest detail.

Some, on the other hand, are so poorly done, you have to wonder why they bother. The reason is simple… because people fall for it. When you send out a million phishing e-mails, it only takes a very small fraction to fall for it to make it worth their effort.

Here is a recent example of a “so poorly done, it’s gotta be obvious that it’s a fake” phishing e-mails:

Subject:  Business Online Banking Account Alert!

—–

You must submit verification documents to continue using your account without interruption. To view the details of this request and submit the required information, click on the following link (or copy & paste it into your web browser):

http://[elided]/Upload_documents_blank.exe

We thank you for your assistance in this matter.

So, let’s take the 30-second “what red flags does this raise” tour:

Continue reading ‘Do people really fall for this? Part 2’ »

It’s hard to imagine, but people still fall for scams like this all the time.

I just got another “you won the lottery” spam e-mails. This one was supposedly from “MICROSOFT CORPORATIONS”(sic), and contained the following message:

You have been awarded the sum of £1,625,000.00GBP in the MICROSOFT EMAIL PROMOTI
ON AWARD 2010.Cont  Mr Mark Anderson with your names,address,phone and Country to
[elided]@w.cn.cn or call +4470-[elided] for moreinformation on this award.

With the exception of removing the username part of the e-mail address, and the rest of the phone number, that is the exact contents of the e-mail, spelling and line breaks as-is.

With so many obvious “this isn’t real” warning signs, I find it hard to imagine that people still fall for this. Yet they do.

Continue reading ‘Do people really fall for this?’ »

A recent article in eWeek tells how the FBI has indicted 3 people in a $100 million rogue antivirus scam.  While it’s only an indictment, and not an arrest or conviction, at least it’s a start.

Three men have been indicted in what the FBI described as an international cybercrime operation that sold $100 million in rogue antivirus software to victims in more than 60 countries.

Can you imagine the number of victims, and the number of infected systems, from $100 million in sales?

Remember, if you get a popup from a program you don’t remember installing, with a link to buy a program to clean the infection, it’s probably a scam.  Don’t click on the link!

Oh well.  Kristina did well at Challenge of Champions XXVIII, but not enough to earn a trophy.

She went up against two high-brown belts (the highest belt before black), and beat the first one.  And, while she defended herself quite well against the second, getting out of several near-submissions, it wasn’t enough to win.

She’s looking forward to December’s tournament.

http://www.ChallengeOfChampions.com

You’ve probably seen the ads.  “My name is Todd Davis.  This is my Social Security Number…”  It’s from the CEO of LifeLock, a company that offers “identity theft protection”.  The service must be pretty darn good if the CEO is announcing his Social Security Number to the world, with a “just try to steal my identity” arrogance.

Well, you’d be wrong.

Continue reading ‘Identity theft “protection” — does it work?’ »

Just a reminder that there is no BlogTalkRadio show this week for the Memorial Day weekend, nor next week, due to Kristina’s competition at the Challenge of Champions.

You’re at a conference for information security.  You pass the IBM booth where they’re giving out free USB thumb drives with some marketing material, and you pick one up.  Think you’re safe?  Think again.

Even IBM can make mistakes.

Continue reading ‘Even IBM can make mistakes’ »