Fencepost Software & Consulting » Security

Simple Rules for Avoiding Malware in Email

Alan — Sun, 18 Dec 2011 06:04:38 +0000

Here’s a bit of a writeup I did for some folks who were being hit with a bout of malware email messages (the actual attachments were being removed by our filters).

The message(s) you received were an attempt to infect your computer with malware, the mail server on receiving the message removed the dangerous attachment but in general if you receive an attachment that you’re not expecting, do not open it – malware writers are creative and may come up with something that the mail server won’t block, at least not while the attack is new. This is the first attempt I remember seeing that pretended to be travel arrangements, but it’s not a surprising development.

(...)
Read the rest of Simple Rules for Avoiding Malware in Email (531 words)

© Alan Miller/Fencepost Software & Consulting, 2011. All Rights Reserved. | Permalink & Comments
Post tags: Email, Malware, Phishing, Scams, Security, Spam, Virus

SETPWRCG.EXE – Dell Power Management component

Alan — Sun, 28 Jun 2009 14:59:18 +0000

My antivirus reported an infected file (setpwrcg.exe) this morning, with a file date of 7/19/2004.

There were a few things that struck me as odd about this:

It didn’t seem like a randomly-generated name,
Most viruses/worms don’t seem to bother to set their file dates, particularly not to 5 years ago,
I haven’t been doing anything likely to get my system infected, and
I use a firewall that should’ve warned me if anything unusual was trying to make outbound connections from my computer (e.g. to try to spread an infection).

Searches via Google & Yahoo turned up nothing significant (mostly this file in lists of files and one warning that it had been found on infected systems), so I did a little more investigating at a very brute-force level.

The file in question doesn’t have any vendor information, version strings, etc. which is a bit suspicious, but looking at the actual content of the file, I found multiple strings tied to Dell power management configuration – hibernation, etc. Since this fits with the name “set pwr cg” I’m going to assume that the cg is short for something like “configuration” and that they were trying to stick with a DOS-style 8.3 name for this file. The reason it turns up on infected systems is that Dell computers get viruses too.

Almost certainly a harmless file, at least this version of it.

[contact-form-7]

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

NEVER Give Out Your Password

Alan — Wed, 24 Jun 2009 15:31:34 +0000

IF support staff for a service you are using need access to your account or information within it, they can get that access without needing your password. Nobody should be asking for your password.

This applies to email (e.g. Hotmail/Windows Live, Yahoo, Google and many others), social networking (Facebook, LinkedIn, MySpace, etc.), online photos (Flickr, etc.), and especially applies to your banking and finances. NO bank or financial services employee should ever ask for your password – bank policies generally prohibit them from doing so as a firing offense.

Think of someone asking for your password the same way you’d think about a stranger walking up to you on the street and saying “Hi, I’m with the village. I need your home address and your house keys.” No matter how friendly and professional looking, would you just give your keys to a stranger like that?

(...)
Read the rest of NEVER Give Out Your Password (293 words)