Link to Main Site

Click here to visit our main site

Wednesday, 23 February 2011

Scam virus warnings

Computer viruses - we all loathe them.  Some are designed to steal our bank details, some are designed to damage our systems others are just a plain nuisance.

One thing in common is that we all want to get rid of them if we are unfortunate to fall victim.

And that opens a door for social engineering that is being actively exploited by scammers and virus writers.

Standing back for one moment, there are two variants of scam virus warning circulating at present the first based on fake pop-up messages warning you of an infection, the second and even more brazen, is cold calling from the scammers informing you that you are infected.

Lets take each variant on its own for now:

The fake phone call

"Hello, this is Bob from Microsoft.  Your registration number is 123/864/3EF.  I'm calling today to let you know that your computer has been reporting a virus infection to our central monitoring servers.  I can help clean your PC and prevent future infections!"

Should you receive a call like this, just hang up.  It's fake, it's fraud and it's dangerous.

If you continue, the scammer will ask you to log into a website such as Logmein, TeamViewer or similar .  By doing so, you will give full remote access to the scammer who will be able to control you computer, move your mouse and do anything you can while you site in front of the screen.

It should at this point be noted that most of these remote access sites are completely legitimate offering genuine remote access services  The scammer is simply exploiting these companies to gain access to your PC.

Once the scammer has gained access to your PC, they run through a script with you to further prove their credentials.  This usually involves showing you some Windows Logs know as the Event Viewer.  The Event Viewer records all program and system activity on the PC.  It will show which services have started and crucially if there are any errors.  There will always be errors in your Event Viewer - every computer will encounter some issue which will be flagged as Red in the Event Viewer.  The key thing is to put into context those errors.  The scammer will tell you that the errors indicate a virus infection that is endangering your data.

If you get this far with the scammer, turn off the computer and put the phone down.  Then call a reputable IT service company (Tinto PC's comes to mind!) to remove any infection that the scammer has already loaded onto your machine.

If you choose to continue, the scammer will take you to a fake antivirus website where he will ask you to submit your credit or debit card details to pay for a one off fix and a subscription to an ongoing service plan.  This really should be sounding alarm bells by now.

Should you agree and submit your details, you will have given the crown jewels away.  The scammer will have your name, address, telephone number, bank details and full remote control of your computer.

Job done as far as the scam artist is concerned.

If you are the victim of this fraud, immediately contact your bank who will offer professional advice on preventing any further financial damage.  If advised to do so by your bank, consider contacting your local police.  Although more often than not, the scammer is located in a far away country, there is a small possibility that they may be located where the law can reach and in any case, you are the victim of a crime which should be reported.

Finally, if the police do not require your machine for evidential purposes, get in contact with with a reputable IT service company to clean any back doors or infections loaded during the scam.

Now let's turn to the other variant.

The fake virus alert.

You are browsing the web, perhaps using Facebook, or clicking through emails, reading pdf documents or your children are playing online games.

All of a sudden, you see a pop-up message saying your computer is infected with dozens of viruses.  The screen shows a scan running which confirms the message and indicates that you should clean the machine immediately for fear of loosing bank details and passwords.

Firstly, you should confirm which antivirus program you use.  It may be Macafee, Norton, AVG, Avast, NOD32 or others, but take 5 minutes to check which one, because the fake alert will not be one of those.  Most likely, it will be a variant on Windows Antivirus Pro, or System Cleaner 2011, or Advanced Antivrus or some other overly officious sounding name.  All of these and similar names are fake.  They can however be very convincing which is why you should be clear which antivirus program is installed on your PC.

Second, you should understand a short technical difference between a Virus and a Trojan Horse.  A Virus will attempt to self replicate, a Trojan will open a door to let in bad things.  Both are dangerous, but in this case you have been infected by a drive by Trojan Horse, which has delivered a payload designed to trick you into thinking you are infected by lots of nasties.

The language used by the fake alert is alarming enough to convince some people to follow the instructions.  In the industry, such fake alerts are often known as scareware.

If you do follow the on screen instructions, you are taken to a fake website similar to the fake phone call above, you pay your money to be cleaned, but unfortunately, it's not you PC that is cleaned, much more likely your bank account.

If you fall victim of this fraud and follow the instructions - giving the scammers your bank details, follow the advice above for the fake phone call: contact your bank, the police and a reputable IT services company to remove the infections.

Many people ask why they get these pop-ups, if they have pop-up blocking software.  Good question - the answer lies in terminology.  Technically these "pop-ups" are dialog boxes.  Dialog boxes are not blocked by your pop-up blockers because they are system messages that provide system information and prompts.  Examples of genuine dialog boxes are messages asking for permission to install something or messages informing you that your antivirus has been updated etc.  So dialog boxes are not blocked and the virus writers target these to inject their own messages.

"OK, I get it" you say, "my pop-up blocker won't stop the messages. So how did it get in past my own antivirus?"  Unfortunately, there are many routes for infection.  Currently the most prevalent route is through exploiting security weaknesses in third party software such as Java (for online games), Flash (for online animations and video, PDF readers used to read online documents.  All of these technologies have been and are currently being exploited to infect PC's.  It is always recommended to update to the latest versions of these technologies to protect yourself from threats.  Similarly, always update Windows when offered, many holes and weaknesses are patched each month.

Now for the hard part - cleaning it up.  Many of these fake antivirus alerts are injected via a device known as a rootkit.  A rootkit is techno-babble for something that can install itself without your permission and run with full access to the PC even if you ask it not to.  That makes it very difficult to remove.  Often the rootkit and Trojan Horse will offer up sacrificial lambs that can be found by your genuine antivirus software.  Even more devious the names of these offerings match the names flagged by the scareware.

There are many different routes to cleaning up a scareware infection.  I recommend you call a reputable IT services company in your area (like this one!) to ask for assistance.

Monday, 14 February 2011

IPv4, IPv6, what's all that about and why should I care?

IPv4 and IPv6 - hmmm, sounds about as interesting as reading the yellow pages, doesn't it?  Well, yes, I guess so, but looking forward it will has as much impact as the change from analogue to digital TV.  In a way, it's kinda similar too.

Let's start with a quick explanation of what IPv4 is and why it's changing to IPv6.

Every computer, smartphone, tablet or Internet connected device has an Internet address, or (IP address as they are more often known).  This uniquely identifies it over the internet.

Wowsers, I hear you say that's a humongous number of IP addresses - well yes and no.  The vast majority of computers attached to commercial networks re-use IP addresses from a limited pool that are not exposed to the outside world, greatly reducing the IP addresses hoovered up by such organisations.  Chances are that if you have more than one computer, smartphone or tablet device at home, you will have the same technology that uses internal routed IP addresses, but only one external address.

So, what does an IPv4 address look like?  They are a series of 4 numbers separated by a point.  For example, your home broadband router will likely have an IP address of, or or similar.  The range is reserved for non-routable addresses, i.e. addresses that are not publicly exposed.  So your PC might be and your neighbour might also have the same IP address for his PC too.  You will both have different external IP addresses however, using the same format and allocated by your ISP.

Now a quick inspection of the IPv4 format shows that the number of addresses available is 4,294,967,296 - which is a very big number.

Unfortunately, not big enough.

Even allowing for the hoards of corporate machines hiding behind their internal IP addresses, the range of IPv4 addresses recently ran out.

Did you notice the sky falling in?  No?  Well neither did anyone else, because although the last 5 blocks of numbers were allocated on 3rd February 2011, these allocations, together with myriads of others have not been fully taken up by end users.  But time will come when they will and the world as we know it will come grinding to a halt.

Well, not exactly.  This is where IPv6 comes riding like the 7th Cavalry over the horizon to save us all.

IPv6 (don't ask what happened to IPv5!), is the successor to IPv4 and generates  an astronomic number of addresses - it has 128 bits, as opposed to 32 bits of IPv4.  This gives it approximately 340 Undecillion combinations (look it up if you are interested).  Suffice to say it's hugely bigger than IPv4.  It has a format similar to 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

Great, all is fine and dandy in the world.  Errr, not exactly.  You see, IPv4 and IPv6 are not interchangeable and not compatible with each other.

Yikes, does that mean when the big IPv4 switch is pulled my computer will come crashing down.  Probably not.  Most modern computers are able to understand both IPV4 and IPv6 and many routers are too.  Also, it is very likely that your service provider may support a period of changeover of both IPv4 and IPv6 addresses allowing you to surf away without worrying about all those bit and bytes.  Some service providers may even go far enough to provide upgrade routers that are compatible with IPv6 if your current router isn't already, though whether they give them away free or charge for the upgrade remains to be seen.

For those really interested there is a world IPv6 day on 8th June 2011 when major service providers and some website companies will be testing their readiness for IPv6.  You can also find more information about IPv6 readiness here but remember that it will almost certainly fail as of now since IPv6 is not actively being rolled out to end users in most circumstances.

Thursday, 10 February 2011

New Website, New Blog!

The old Tinto PC's website was looking a bit tired, so it was time for a quck re-vamp and a re-focus on customer needs.

There is still the link to the remote desktop session "helpdesk" software and I encourage anyone with problems with this to get in touch.

Also, I've streamlined the look and feel of the main site.  No more waffle about this and that, simple, clean and to the point.

Well, now that's done, I decided to resurrect the Tinto PC's blog and re-define its use.  From now on I intend to post articles regularly on IT issues affecting customers from Internet problems, security, hints and tips and maybe the odd fun item too.

So check back regularly or subscribe to the feed and keep up to date with what's happening.