Computer News & Safety tips  – Harry Waldron MVP Rotating Header Image

January, 2017:

Malwarebytes v3.0 – New version resource links

During December 2016, a new version of Malwarebytes was released.  As last version release was in 2014, this is an important milestone for one of best free cleaning tools available.

Malwarebytes v3.0 – HOME PAGE
https://www.malwarebytes.com/

Malwarebytes v3.0 – PRODUCT ANNOUNCEMENT
https://blog.malwarebytes.com/malwarebytes-news/2016/12/announcing-malwarebytes-3-0-a-next-generation-antivirus-replacement/

Malwarebytes v3.0 – FAQ
https://forums.malwarebytes.org/topic/191650-malwarebytes-30-frequently-asked-questions/

RECENT REVIEW – PC MAGAZINE rates as Excellent as free tool
http://www.pcmag.com/article2/0,2817,2455505,00.asp

I am thrilled to announce the launch of our next-generation product, Malwarebytes 3.0! This product is built to provide comprehensive protection against today’s threat landscape so that you can finally replace your traditional antivirus. Our engineers have spent the last year building this product from the ground up and have combined our Anti-Malware, Anti-Exploit, Anti-Ransomware, Website Protection, and Remediation technologies all into a single product which we simply call “Malwarebytes.” And it scans your computer 4 times faster

Leadership – Problem Solving improved by asking right questions

John Maxwell reflects on the need to focus on problems by asking the right questions, which focus on the root cause analysis process

http://www.johnmaxwell.com/blog/youll-never-find-the-right-answers-if-youre-asking-the-wrong-questions

When problem-solving, it’s so easy to fall into the rut of uncreative thinking. We can focus so much on answers and solutions that we lose sight of the question. And if we’re asking the wrong questions, we’ll often end up with the wrong answers.

How creative is your thinking? When faced with a problem, do you immediately turn to the tried-and-true solutions that you’ve always used? Or do you open your mind to new ideas?

A good way to do that is to start asking some right questions, like these:

*   Why must it be done this way?
*   What is the root problem?
*   What are the underlying issues?
*   What does this remind me of?
*   What is the opposite?
*   What metaphor or symbol helps to explain it?
*   Why is it important?
*   What’s the hardest or most expensive way to do it?
*   Who has a different perspective on this?
*   What happens if we don’t do it at all?

Google – Blocked 1.7 billion fake ads in 2016

Google employed automation and human effort in removing over 1.7 billion ‘bad ads’ in 2016 and banned 200 publishers.  This was over twice the volume of 2015 and illustrates the need for users to constantly keep safety in mind, as they use web resources.

http://www.businessinsider.com/google-blocked-released-its-annual-bad-ads-report-2017-1

Google purged itself of 1.7 billion bad ads last year – more than double the number it axed in 2015 – a fact which belies a problem set to swell unless more advertisers refuse to turn a blind eye to inflated numbers caused by ad fraud. The online behemoth’s latest update on its own efforts to curb ad fraud highlights the scale of a problem; for all Google’s efforts last year, is blocking a greater volume of ads just a consequence of there being more bad ads in the first place?

Expanded policies, better detection and sharper internal expertise investments in 2016 suggest it’s a conundrum not lost on the advertising business as the industry starts to understand its own involvement in ad fraud.  “While we took down more bad ads in 2016 than ever before, the battle doesn’t end here,” continued Spencer. “As we invest in better detection, the scammers invest in more elaborate attempts to trick our systems. Continuing to find and fight them is essential for creating a sustainable, open web from which we all enjoy.”

To stress the point, Google pointed out that over 1,300 accounts were suspended last year for attempting to game its system by pretending to be news, a trick known as “tabloid cloaking”.  Any quality ad tech platform will have multiple layers of defence in place in the form of both human and technology review systems that work to eliminate bad ads.

PC Operating Systems – History of 64 bit computing

This interesting article by PC Magazine discusses the history and evolution of computing from 32 bit to 64 bit addressability.

http://www.pcmag.com/article/350934/32-bit-vs-64-bit-oses-whats-the-difference

Keep going exponentially and you eventually get 32-bit (2 to the 32nd power) worth 4,294,967,296; 64-bit (or 2 to the 64th power) is worth 18,446,744,073,709,551,616 values.  That’s a lot of bits, and the numbers show just how much more powerful a chip that supports higher bit computing can be. It’s a lot more than double. That’s because every few years, the chips inside the computers (even smartphones) and the software running on those chips make leaps forward in supporting a new number. For example:

*  The Intel 8080 chip in the 1970s supported 8-bit computing.
*  Windows 3.1 back in 1992 was the first 16-bit desktop version of Windows.
*  AMD shipped the first 64-bit desktop chip in 2003.
*  Apple made Mac OS X Snow Leopard entirely 64-bit in 2009.
*  The first smartphone with a 64-bit chip (Apple A7) was the iPhone 5s in 2014.

It’s pretty obvious: 64-bit, sometimes styled as x64, is capable of doing more than 32-bit (which is actually called x86, a term that stuck from when Windows Vista starting sticking 32-bit apps in a folder called “Program Files (x86),” x86 originally referring to any OS with the instruction set to work on Intel chips like 8086 through 80486).

These days, you are most likely already running 64-bit chips with 64-bit operating systems, which in turn run 64-bit apps (for mobile) or programs (on the desktop, to settle on some nomenclature). But not always. Windows 7, 8, 8.1, and 10 all came in 32-bit or 64-bit versions, for example. If you are running Windows on a computer less than 10 years old, your chip is almost guaranteed to be 64-bit, but you may have installed a 32-bit version of the OS. It’s easy enough to check.

Twitter – Star Wars BOTNET of 350,000 fake users

Security researchers have discovered an automated BOTNET of 350,000 fake users using a “Star Wars” theme as documented below.  

http://www.pcmag.com/news/351285/massive-star-wars-twitter-botnet-uncovered

http://www.bbc.com/news/technology-38724082

UK analysts accidentally uncovered more than 350,000 bogus accounts used to fabricate follower numbers, send spam, and boost interest in trending topics.  Most people sign onto the social networking site to share thoughts, photos, and where to find the best hot dogs in New York City. But legions of automated accounts, or bots, can serve as political propaganda or facilitate trades on the black market.

In this case, 350,000 bots exclusively post random quotes from Star Wars novels—often with incomplete sentences or broken words at the beginning or end. This ensures messages appear as if they are written by real humans.

Despite Twitter’s regular efforts to remove suspicious users, these clever bots have flown under the radar since 2013 by acting differently from obviously automated accounts. Research suggests they tweet only a few times per day, don’t include URLs, never mention or reply to other users, and only follow a few “friends.”

“The Star Wars botnet provides a valuable source of ground truth data for research on Twitter bots.”  Researchers set out with the intention of better understanding how people use Twitter. But their observations led them to the dark side of social media.  “We were really lucky to discover the Star Wars bots by accident,” the research paper said.

Malware – Malicious Scalable Vector Graphics SVG image files

The ISC warns of malicious Scalable Vector Graphics (SVG) “image files” that are circulating in the wild.  While SVG files are rarely used, they can execute scripts and trick users into disclosing sensitive information or infected them malware. The SVG file extention is a good one to add to the email blocking list and to avoid if encountered when visiting websites  

https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/

http://securityaffairs.co/wordpress/53650/malware/svg-images-locky.html

http://blogs.msmvps.com/harrywaldron/2016/11/29/malware-imagegate-embeds-malicious-code-in-graphics-files/

In November 2016, the Facebook messenger application was used to deliver malicious SVG files to people. SVG files (or “Scalable Vector Graphics”) are vector images that can be displayed in most modern browsers (natively or via a specific plugin). More precisely, Internet Explorer 9 supports the basic SVG feature sets and IE10 extended the support by adding SVG 1.1 support. In the Microsoft Windows operating system, SVG files are handled by Internet Explorer by default.

From a file format point of view, SVG files are XML-based and can be edited/viewed via your regular text editor. Amongst all the specifications of the SVG format, we can read this one in the W3C recommendations.  All aspects of an SVG document can be accessed and manipulated using scripts in a similar way to HTML. The default scripting language is ECMAScript (closely related to JavaScript) and there are defined Document Object Model (DOM) objects for every SVG element and attribute.

Windows 10 – Advanced Desktop Customization techniques

This Guiding Tech guide offers advanced desktop customization techniques for Windows 10

http://www.guidingtech.com/61212/windows-10-desktop-cool-look/

Windows 10 undeniably looks very cool. The minimalistic approach for the design has contributed to its success. The recent anniversary update has brought in some good customizations. But, you still don’t get enough options to customize it at the desktop level. Yes, you can get those fancy windows 7 gadgets and cool themes to revamp its look. But, they don’t fit well with Windows 10’s minimal design. So, here I’m going to show you how I customized my Windows 10 desktop that not only looks cool but also complements the minimal design of Windows 10.

What is Rainmeter?  — Rainmeter is a desktop customization tool through which you can create and apply various customizable skins to your desktop. Skins for hardware monitors, clock, weather forecast, RSS Feeds and more. If you don’t like picking specific skins and customizing them for your desktop or you don’t have enough time, go for the Rainmeter suites.  The Rainmeter suites are fully packed and customized skins based on a specific theme. This Star Wars-themed suite will give you a good overview.

How I Customized My Desktop — So, I wanted it to look minimal but informative at the same time. Hardware monitors, a date/time widget, to-do list and few customized desktop icons were all I wanted. I thought of an RSS feed reader but then it would take up more space, depleting the beauty of the background wallpaper. So decided to not have that.  Circle Launcher is what I used for Program Launchers. You can use the Polygon shaped buttons called Honeycomb if you want. Well, just installing them won’t make them work. You’ll have to set the target location of the program manually by editing the skin.

Background Wallpaper — The background wallpaper automatically changes based on the submissions on the Spaceporn subreddit. Space wallpapers mostly have darker backgrounds and they look cool at the same time. I achieved this by using a simple tool called Reddit Wallpaper Changer specifically developed for this task.

Windows 10 – New Defender Security Center will centralize controls

The forthcoming “Windows 10 Creators Update” will centralize security controls within the new Defender Security Center.  This will provide easier capabilities for users to tune privacy and security settings on their computers and devices.

https://blogs.windows.com/windowsexperience/2017/01/23/introducing-windows-defender-security-center/

http://www.forbes.com/sites/leemathews/2017/01/24/windows-10-is-getting-smarter-easier-security-controls/

The Windows Defender Security Center includes five pillars that give you control and visibility of your device security, health and online safety experiences.

1. Virus & threat protection — provides a new view of your antivirus protection whether it’s Windows Defender Antivirus that comes free with Windows 10 or AV software from one of our ecosystem partners. If you’ve chosen Windows Defender Antivirus, your scan results and threat history will be displayed here, or you will be able to launch your 3rd party AV protection app directly from this screen.

2. Device performance & health — provides a single view of your latest Windows updates, drivers, battery life and storage capacity. Additionally, you have the option to start fresh with a clean install of Windows using the Refresh Windows feature. This option will keep your personal files and some Windows settings, and remove most of your apps for a fresh start that can help with performance improvements should your device need them.

3. Firewall & network protection — provides information on the network connections and active Windows Firewall settings, as well as links to network troubleshooting information.

4. App & browser control — allows you to adjust settings for SmartScreen for apps and browsers helping you be more informed and stay safer online by warning you of potential malicious sites, downloads and unrecognized apps and files from the Internet.

5. Family options — gives you an easy way to connect to the family options available online. This page can link you to information about parental controls, options for setting up good screen time habits, setting up activity reports of your kids’ online activity and managing controls for purchasing apps and games. You can also view the health and safety of your family’s devices from this centralized location.

Oracle – Huge January 2017 quarterly security update

In the latest quarterly security updates, Oracle has patched 270 Vulnerabilities within it’s product base

http://www.eweek.com/security/oracle-patches-270-vulnerabilities-in-january-update.html

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Oracle is out with its first Critical Patch Update (CPU) for 2017 and it’s a big one. In total, Oracle is patching a staggering 270 different vulnerabilities across its software portfolio, with 121 patches in Oracle’s E-Business Suite alone. In its security advisory for the January 2017 CPU, Oracle strongly recommends that organizations patch quickly.

The largest set of patches in the new CPU are for Oracle’s E-Business suite, which accounted for 42 percent of the entire CPU. Of the 121 security issues in the E-Business suite, 118 are remotely exploitable without the need for a user to enter credentials.  Oracle’s open-source MySQL database is being patched for 27 different security issues, though only 5 of them are remotely exploitable without authentication. The Fusion Middleware suite is being updated for 18 different vulnerabilities, with 16 of the issues being remotely exploitable without user authentication.    Java, which in the past has typically been among the Oracle software components with the most vulnerabilities, is being patched for 17 issues in the January CPU.

Ransomware – New Sage 2.0 variant circulating in-the-wild

The Internet Storm center documents a new ransonware variant circulating in-the-wild

https://isc.sans.edu/forums/diary/Sage+20+Ransomware/21959/

https://www.pcrisk.com/removal-guides/10732-sage-ransomware

On Friday 2017-01-20, I checked a malicious spam (malspam) campaign that normally distributes Cerber ransomware.  That Friday it delivered ransomware I’d never seen before called “Sage.”  More specifically, it was “Sage 2.0.”  Sage is yet another family of ransomware in an already crowded field.  It was noted on BleepingComputer forums back in December 2016, and Sage is a variant of CryLocker. 

Emails from this particular campaign generally have no subject lines, and they always have no message text.  The only content is a zip attachment containing a Word document with a malicious macro that downloads and installs ransomware.  Sometimes, I’ll see a .js file instead of a Word document, but it does the same thing. The Word document macros or .js files are designed to download and install ransomware

The infected Windows host has an image of the decryption instructions as the desktop background.  There’s also an HTML file with the same instructions dropped to the desktop.  The same HTML file is also dropped to any directory with encrypted files.  “.sage” is the suffix for all encrypted files.