Posts Tagged ‘windows’

Posted on November 7, 2008 - by snipe

Facebook and MySpace Users, Beware!

I have received two virus emails from two unrelated friends, indicating their accounts have been compromised. The messages are being sent through Facebook and both have had a spammy sounding subject line and a link to a geocities website. This was suspicious enough, but the fact that one message came from a friend I haven’t spoken to much in a year made it even more so.

The first virus email subject was “RE: You were caught on our secret camera!” and the second was “RE: You have a great hair cut in this movie” . The geocities addresses they pointed to were for user’s reedgates21 and richiemack11.  I’ve googled both addresses and gotten no results, so my guess is that they are randomly generating geocities accounts and generating these emails. A co-worker just one too - variation on a theme. Subject is “Don’t cry! Your mom will never see this movie”, also pointing to geocities, user name rkssbcyzk.

The links in the Facebook messages point to websites that contain viruses. Do NOT click on them.

Below are some examples of what they look like. (These are just images, so you can click on them for larger versions to see how the messages come into your inbox.)

If you’re using Firefox, your browser should warn you that you’re about to try to access a page that has been linked to virus/malware when you click on the Facebook messages in question, but if you’re using an older version of IE (shame on you!), you may not get any warning at all.

When You Receive a Virus Email

1. DO NOT CLICK ON THE LINK
2. Send an e-mail (or call) the sender, letting them know they are likely infected with a virus
3. Suggest to the friend that they change their password from another, uninfected computer, and follow the steps further down in this article to remove the virus. (The method they use will depend on which virus they’ve been infected with.)
4. Once the virus is cleared from the sender’s system, suggest they install a free anti-keylogger program and switching to Firefox just to be safe

Ultimately, its like anything else - common sense will go a long way. If the email seems odd (for example, the fact that the subjects sometimes start with “RE:”, as if they were replies to a message you sent, but you never sent a message with that subject), the phrasing seems off or not something your friend would actually say, something is probably awry. If you’re unsure, contact the friend directly and ask if they sent it to you.

This has been happening a lot lately, and the scenario Tech Crunch describes in this article sounds a lot like what’s happening here.

Keep in mind… Facebook applications do NOT have access to your password, so unless you installed an application that “required you” to download an executable application (any kind of .exe, .msi, etc), your Facebook applications should NOT be the cause. (Being an application developer, I can say that I couldn’t steal someone’s password even if I wanted to, using their API. HOWEVER there have been several reports of phony applications and groups that require some sort of download in order to get the full experience (Secret Crush was one of them).

NO application or group should EVER require you to download and install anything. If they do, report them to the social network immediately.

Also keep in mind that these viruses are not limited to Facebook users. I’m more familiar with the Facebook scenario because I avoid MySpace like the plague, but every time I login there are spammy and/or virus-y emails awaiting me. This isn’t as much a flaw in the Facebook platform as a result of social networks still being young and going through some growing pains. MySpace has just as much of a problem with these issues, if not moreso, since they have been historically less concerned about user experience and safety.

Another Variation - Fake YouTube Links

Another variation of the viruses being sent around Facebook is a similar message to users suggesting they are appearing in a YouTube video and providing the supposed link to view it. Instead of actually seeing a video, the virus advises viewers they need to download an updated version of Flash, which if followed may install a virus into the user’s computer. More info on that version, including sample messages and screenshots, is available here.

Why Its Working

If you find yourself infected, don’t be too hard on yourself. People have become so used to receiving emails from Facebook asking them to confirm this or that that it could be argued that people are more prone to click on a link that looks like it came from Facebook without being as diligent as we would be if we weren’t used to preforming this same action 10 times a day for legitimate Facebook actions. For example, most users of Facebook are familiar with the “Joe has added you as a friend on Facebook…” stock email.

Some users are conditioned to follow this process whenever they receive an email of this sort. Some people can receive this email several times every day and perform this login procedure so often it becomes automatic. This simple, clean design is very easy for a phisher to mimic. Since users are conditioned to follow this process blindly, they might not notice that the email is spoofed or that the address bar is slightly incorrect. This makes Facebook users ideal targets for the type of generic phishing attacks that are usually directed at financial institutions.

If You Clicked on the Link And Your Computer is Infected

I spent some time trolling Facebook’s forums to see if anyone had any specific direction on how to remove this virus from an infected machine. I found a few possible solutions, although since the people posting didn’t know or didn’t mention the name of the specific virus they were infected with, it may take some trial and error to find the solution that works best for you.

If your virus detection software determines that you’re infected with Bolivar23.exe, you can click here for directions on how to remove it.

In early August, there was a different one going around, called Koobface. Kaspersky’s website writes:

One confirmed method of removing this virus is by downloading MalwareBytes - for some at the time, it seemed to be the only out of the box software that was able to remove it.

Still another that was around this time, Troj/Dloadr-BPL Trojan horse, was reported on by Sophos:

Messages left on Facebook users’ walls are urging members to view a video (which pretends to be hosted on a Google website), but clicking on the link and visiting the webpage takes users to a site which urges them to download an executable to watch the movie.

Sophos detects the executable file as the Troj/Dloadr-BPL Trojan horse, which in turn downloads further malicious code (detected as Troj/Agent-HJX), and displays an innocent image of a court jester sticking his tongue out. [more]

In Conclusion

This isn’t the first wave of social network viruses, nor will it be the last. There isn’t one social network that is more prone to them than others. As we allow social networks to become a bigger part of how we communicate, we must simply remain cautious and avoid the temptation to become complacent. Pay attention to the links you click on that are sent through Facebook, the same way you pay attention to suspicious e-mails that come in through normal e-mail.

Posted on June 22, 2008 - by snipe

Lego Digital Designer Builds Your Lego Masterpiece

Freeware application Lego Digital Designer is a virtual Lego kit for your Windows or Mac desktop. Once installed, you can either use LDD to build your own masterpiece from scratch or—if you’re lacking patience—you can get a head start by using one of their starter models. With over 763 brick types to choose from, your LDD-design will have reached well beyond the limits of your normal lego kit. Once you’ve built the perfect prototype, you can upload the results to the Lego web site to order a custom kit with every brick you’ll need included! Lego Digital Designer is freeware, Windows and Mac only.

Posted on May 3, 2008 - by snipe

More on Plaxo

As part of my seemingly never-ending quest to get data synced between multiple computers running different software, I decided to give Plaxo another go. They felt terribly intrusive the last time I tried them, which admittedly was over 5 years ago. The reason I decided to give Plaxo another go is because research was showing me that they were one of the few services that could sync with Thunderbird. Here’s my setup:

• Office: Currently WinXP using MS Office - this will change once I start at the new place though, since they are a mac shop
• Home: Four machines - two Win laptops running Thunderbird, one WinXP desktop running Thunderbird and one mac OSX using mail.app
• Mobile: Windows Mobile on a Treo 750 running Outlook for Windows Mobile

I don’t need my actual email synced, since I use IMAP for just about everything - but contact list syncing was a real priority for me. I was using Memotoo for a little while, since they offer LDAP services for specific addy book groups, which meant I could share my animal welfare contacts with my board members. Problem is, its not a two-way sync, so I would still have to login to Memotoo to make address book updates. Boo. That said, being able to share addresses by LDAP was a bonus, but not a hardcore requirement - so my needs were not being met. Plus, the Thunderbird add-on that synced with Memotoo randomly stopped working one day. So even the bonus wasn’t working anymore.

At first, Plaxo seemed perfect. I imported my contacts into Plaxo using gmail (which meant alot of outdated contacts were pulled in, but oh well.) I synced that up with Outlook and got a merged version of all of my contacts. I de-duped using their shmancy de-duping tool, and spent some time updating information, deleting contacts, and cleaning up data. Synced again with my Treo using their Windows Mobile sync software, and everything worked marvelously. When I got home, I installed their Thunderbird plugin. I deleted my address book, since everything in it was old, and I only wanted the new version that I had spent so long cleaning up. Unfortunately, this time, things went wrong. Rather than using Plaxo as the authoritative source, it used Thunderbird as the authoritative source - effectively deleting all of my contacts. I tried syncing with my Treo to restore the contacts, but this time it did use Plaxo as the authoritative source, and then the contacts disappeared off my Treo. At this point I was pretty pissed.

When I got back to work the next day, I fired up Outlook. The Plaxo plugin in Outlook is at least smart enough to ask before deleting 500 contacts. It asked me if I wanted to delete them all, which would be done if I synced, since once again, Plaxo was being used as the authoritative source. I said no. I synced my Outlook back to my Treo to restore the contacts there and made a backup of my contacts. I synced with Plaxo, my contacts were deleted, and then I imported my backup address book into Outlook and synced. This time Outlook was seen as the authoritative source, and my contacts were back in Plaxo.

The final test - I got home, and decided to try syncing with Plaxo from Thunderbird again. Plaxo does periodic backups of your address book, so if something went wrong, I could always restore from backup using their system. This time, inexplicably, it worked like a charm. My contacts all imported in like buttah. I made a few changes in Plaxo, synced again, and the updates were reflected in Thunderbird. Wewt.

So anyway - it looks like Plaxo will actually be the solution I’m looking for. Not sure what happened the first time with Thunderbird, but it would sure be nice if you had the option of which direction the sync would go, so mishaps don’t happen like that.  But overall, if you’re looking to a solution to having a million address books, all in various stages of disarray, Plaxo may be a good solution for you too.

Interestingly, they’re now jumping on the social networking bandwagon - they used to be just contact management. Their social networking system is called Pulse, and although the last thing I need is another social networking site, they are smart enough to realize that people are probably already using a bunch of them, and so Pulse is specifically set up to be able to pull data in from Facebook, MySpace, Twitter, Flickr, and about 20 other social networks - so it doesn’t really have to be treated as a new social network if you don’t want.

One of the nice things about Plaxo is that (at least before, not sure about now) if your contact signed up for Plaxo, their information was considered authoritative in your addy book - which means your contacts update their own information in your address book - this was a very clever feature for people with a lot of contacts that move or change jobs often.

As an aside, I like the direction many of these social networks are going in - they’re finally all starting to put in the ever-important customizable filters and they’re being a lot better about pulling in data from other sites. I’m sure that felt a lot like sleeping with the enemy for many of them at first (or at least parsing rss feeds with the enemy), but I think they’re finally starting to get the fact that people are not going to stick to just one network (theirs). Rather than trying to fight that, they’re starting to make it easier for people to integrate the systems they like best. People will use the systems they like best for different aspects of their life. I use LJ to blog, since it has the most filter support. I use Facebook to post items of interest, since their browser widget makes it a two-click experience. I use Twitter to post quickies, since Twitterfox and Twitter’s gtalk interface makes it so darned easy. I use Picasa for photo storage because the desktop integration makes it so easy to upload photos. I use MySpace for - well, nothing really, but I do have an account, if for no reason than to redirect people to my Facebook  and LJ accounts. I don’t think Plaxo supports LJ, but it supports just about everything else I’d want, so that’s handy.

Anyway, other than the one glitch - the one that had me pretty pissed, I admit - Plaxo seems to be spot on for what I need. It may be more than many of you need, but it looks perfect for what I need. As an added bonus, it syncs your tasks, calendar and notes (all your standard Office stuff) as well. Unfortunately, Thunderbird doesn’t have good calendar or notes support , so once I’m off using Office, that will be a wasted feature for me.

Something I wish Plaxo supported: the ability to define the groups you invite people under. Currently you can invite people as “Friends”, “Business” or “Family”.  While that probably works for most people, “Business” to me could be a tech contact or an animal welfare contact. Those labels define what content you allow each group to see, so it would be nice if there were a few user-defined groups in there, too - but I can live without it.

Interestingly, I had posted on Twitter how pissed I was when Plaxo first ate my contacts. Less than a few hours later, I got a reply on my Twitter feed from the guy who heads up marketing for Plaxo, asking what was wrong. While part of me was a little creeped out by that - and still another part of me wanted to ask if part of his job as head of marketing is to troll Twitter for references to Plaxo - it certainly is nice that they’re taking a proactive approach to fixing things that customers are having trouble with.

Posted on April 20, 2008 - by snipe

Quickly Organize Piles of Files and Folders

Check out Dir Utils, a little freeware shell extension that lets you quickly organize piles of files and folders with just a few clicks. Its  a great utility for anyone who regularly finds themselves organizing downloads and media files. The utility adds five new options to Windows’ right-click menu, including “Unify,” which grabs files from a folder’s sub-directories and moves them all up to the main folder; “Alphabetize,” which puts all files in sub-folders into A-Z folders based on file name; and “Extensionize,” which does the same based on file extensions. In other words, Dir Utils saves you the time you would’ve spent re-organizing MP3s, gathering a seasons’ worth of episode videos, and keeping a hefty downloads folder organized.

Note: The original Dir Utils website is down, but DJNuts.Com has been kind enough to host a copy of the software.