You are here: Home > few minutes
Tag Archives | few minutes

Malvertising on the Rise: How you can Protect your PC’s

Just in case ya didn’t know Malvertising is the #1 way to get infected due to the numerous security holes found in:

Adobe Reader (acrobat)
Adobe Flash Player
Sun’s Java

Those are the top 3 applications being exploited right now.   You may be wondering how you got infected with a fake anti-virus program (for example) without ever clicking on any ad.  See the simple explanation below.

Here’s how Malvertising Works

  1. A legit website like CNN.com sells advertising space because it has thousands of views every day. (again, this is just an example)
  2. A malicious person or group purchases some of this advertising space and submits an ad that appears perfectly fine to the CNN.com advertising editors.
  3. The ad goes live.
  4. At some point the ad becomes malicious and starts scanning clients for outdated Adobe Reader, Adobe Flash or Java binaries.
  5. Once an exploit is available the malicious ad injects malware into the clients PC.
  6. The anti-virus may or may not detect it, it’s really just luck.  If the threat is old, then there’s a good chance it will.  If it’s just a few minutes old then there’s a good chance it won’t.
  7. The ad may stay live for minutes, hours, days, etc until someone notifies the web master of that domain.

How can you stop these attacks?

  1. Keep your Adobe Reader and Flash Updated.  This is not exactly an easy task since Adobe seems to find security holes every other week.  Open Adobe Reader and click help — check for updates (at the time of this writing I just discovered I had 2 waiting to be downloaded!).  Both programs do automatic update checking, however a lot of people just cancel the update.  Bad idea.
  2. When Java alerts you that an update is available then yes…install it.  Lot’s of my clients never install this update.  It’s really important that you do.
  3. Configure the Adobe Reader plugin in each of your web browsers not to load PDF’s automatically.
  4. Browse the internet with Sandboxie as much as you can.  That goes for everyone who uses the computer.
  5. Always download and install your Windows Updates.
  6. Follow steps 1 – 5 and you’ll probably never experience the end result of a malicious ad.

Optional – Run Secunia:

Used by millions of home users around the world, the Secunia PSI is a FREE security tool designed with the sole purpose of helping you secure your computer against vulnerabilities in programs.

If you have any questions leave a comment!



Read full story · Comments { 16 }

How To Turn Off UAC in Windows 7

UAC in my opinion has marginal benefits in protecting a users PC from malware.  Why?  Windows users are too used to clicking through UAC prompts for accessing almost anything requiring elevated privileges.

If you would like to turn off UAC in Windows 7 just follow the steps below.  Note:  You should only disable UAC on your PC and you realize that any application can run without intervention

  1. Click the Windows Globe on the bottom left (the old start button).
  2. Click Control Panel.
  3. Click System and Security.
  4. Under “Action Center” click “Change User Account Control Settings”.
  5. Lower the slider down to “Never Notify”.
  6. Click OK.
  7. Reboot.

Now you’ll be able to run any program from a command prompt and you’ll also never have to click another annoying UAC prompt again.  Ahhhh…there’s those few minutes of life back that UAC was stealing from me :P

Read full story · Comments { 11 }

Remove-Malware Traffic Stats