In the spirit of The Avengers we have our own superhero — a superhero of computer and IT policy. This article is written — in true superhero fashion — anonymously, by The Green Geek, whose real name you may never know.

Join together with the Green Geek in the struggle against evil vector forces that willingly destroy your computer and information security. Vectors in cyber space are villains who would maim your digital dignity, steal your identity, invade your privacy, destroy your data, and ruin your gadgets. If you let them.

What threats put you at risk? What can you do about it? Defend yourself with this Five-Point Plan from The Green Geek:

5. Value your privacy.

If you think privacy is no big deal, think again. You disclose a birthday here, a school there, you friend your mother’s mother on Facebook, expose your address or phone. Here and there you leave puzzle pieces that let us assemble your whole story.

• Villains can steal your identity - costing you much time and money. Stalkers can find you. Weirdos want to know you. Friends have Too Much Information. Employers can and will use what you say against you.
• Be in control. You rule the computer not the other way around. Draw a line in the sand where you will not cross for sharing private information. Use factual security questions that only you know the answer to. Do you really need 1000 people to wish you happy birthday online? Tell us about your vacation when you get back, but don’t tell the world beforehand when your house is empty. If you use f-bombs, serial date, and drink, do we have to see you share that? Do you need to save all the web searches you ever made?

4. ”Don’t talk to strangers.” Vectors include viruses, malware, botnets, robots, scam artists, and worse. This is huge.

• Look before you click. Only open messages and emails from senders you recognize. Someone is fishing for a sucker to bite their bait, in the form of fraudulent email. This is called “phishing“. Various sources estimate spam email takes up 90-94% of ALL email! Their purpose is to get you to look, buy, send money, accept a virus, or join a global botnet. Recognize fake and unwanted messages by their familiar but wrong sender address and weird titles. Report spam to help email vendors improve spam filtering.
• Only click on links from a source you trust. Inspect hyperlinks before you click on a hyperlink, which displays one thing but underneath is the real link.
• Don’t respond to emotional appeals or act on wishful thinking. What is real and hidden in the picture? Yeah, you’re lonely AND beautiful, you believe in love; or that car is a bargain! But if it is too good to be true, then it’s probably not. Some emails are written by robots. Some generic messages say nothing specific that can’t be said to everyone.
• Never enter your password in response to links in an email.

3. Lock your doors, literally and figuratively.

Prevent the entry of illicit vectors into your space by limiting access. Consider security like an onion. At the center of the onion is treasure, payload, your precious stuff. How easy is it to peel off the layers of security, if any?

• Physical access - How safe are your things, from smartphone to PC? Stuff should not be available for just anyone to touch. Keep these objects physically secure, not left laying around. Same as you would protect a wallet. Not left in public bathrooms, unlooked cars, or on the hood of your car.
• Device access - How safe are your data files and screen displays? What if someone has access to your smartphone or PC? Require a screenlock. You should provide a uniquely personal password, finger-swipe, or biometric to see further. If you share the device or PC with other guests, then create a guest portal, so that your user session is separate from theirs.
• Network security - How safe is your connection to a network for internet access?  Beware of Wifi and untrusted networks, where your internet traffic travels on the information superhighway in full view, unencrypted for network admins or sniffers to capture. Be safe and sure, use your own encrypted 4G or 3G air card or USB modem. This is handy for reliable internet access anywhere anytime, and you not only don’t have to compete amongst an entire coffeehouse full of net surfers for bandwidth, but you also have the peace of mind that that your communications are safe.
• Software reliability - Does your software scan for malicious vectors before you open or download objects? When you use the “cloud” – all the services are provided online via the internet on a web site or web server – make sure there is rigorous protection against vectors. Good cloud service providers will filter virus vectors from reaching your PC or device.  so that you either don’t download or get your data ruined by vectors. You want to use email software that filters spam well, for example Google Mail (gmail.com).
• Device defense is 1st and last - We’ve peeled the onion back. The above inevitably fail, because new vectors can sneak through until discovered. Keep your device up-to-date with the latest:  operating system; web browser; anti-virus/anti-malware software; and storage encryption.
• Microsoft Windows vulnerabilities created a multi-billion $$ spinoff industry just to create and administer the IT security. This gave Apple one leg up to bring to market OSX or iOS which were more closed and designed for better security. The Google browser Chrome is touted for its security. Samsung Galaxy Android and Apple iPad/iPhones are now offering the NIST FIPS 140-2 standard encryption for storage.
• If you login to use software (such as email and banking), the appearance of the “padlock” icon in the browser means the network traffic is encrypted using SSL and therefore unreadable.

2. Trust NO ONE to store your credit card.

Online shopping is great. We save gas and time by browsing online, and the item is shipped faster than you can shake a green fist. Unfortunately some companies, to which we entrust our identity or financial credentials, are themselves negligently lax when it comes to IT security.

• DO NOT STORE CREDIT CARDS in online accounts with any vendor. Rather [tediously, yes], enter the credit card information for a one-time purchase each time you make a purchase. This is not risk-proof either, but incrementally better than storing your credit card like a sitting duck waiting for a hunting season.
• LIMIT CREDIT CARDS that you use online to a very short list. If something goes wrong you can more easily assess and contain the damage.
• READ YOUR STATEMENTS. We are unaware until a breach goes public. Take for example, the intrusion to Global Payments servers in March 2012 that was not reported publicly for nearly one month. Global Payments coordinates the steps involved in authorizing the charge and submitting the transaction details for VISA and Mastercard. When you hear news about credit card theft, check your statements and activity ASAP.

1. Protect your passwords.

Some of the most famous security intrusions come from hacking passwords, but your defense in this regard is totally within your control.

• Use strong passwords. A strong password is a character string generally not found in any dictionary for any language. Use a combination of Upper- and lower-case letters, mixed in with numbers and special characters. Create acronyms out of phrases.
• Use different passwords for different accounts, and change the password every 60-90 days. Yes, with all your stuff in the cloud, we’re talking about a load of passwords.
• Assess your risk, and firewall your passwords. Risk means the probability of something bad happening, and the impact if it did. It’s not kosher but the Green Geek does classify different accounts by degree of risk, and ramps up the security of passwords appropriately. For example, to comment on news or blogs, the Green Geek is known to reuse a password or two… For anything with private or banking information, the passwords are inscrutable. By “firewalling” passwords, there should be no crossover from an unimportant account to an important account.
• Use Multi-Factor Authentication! DO IT! Multi- or two-factor/two-step authentication (“MFA” or “2FA”) adds an extra step when you enter your user password, to ensure you are who you are. When you enable MFA, you define a “token” such as a phone; and when you try to login with your username and password, you will receive a message with a code (voice or text) on your phone or token. You enter this code along with the password. If your software provider, bank, or credit card company offers this option then use it (e.g. offered by Google Mail)!

“Social engineering” in IT security refers to the ability to hack based on using known info about a person, in order to crack the security procedures for forgotten passwords, or to guess or reset their passwords. While very common, social engineering can be reduced with the above privacy practices and password discipline. MFA stops social engineering dead in its tracks. Here are three epic social engineering stories:

• In 2008, when Sarah Palin was running for VP, someone hacked her Yahoo Mail and reset her password by correctly guessing Palin’s birthday and her security questions: “Where did you meet your spouse?” (Answer = Wasila High) Half the planet knows Palin’s bio; she compromised her own security when Palin chose that question.
• In 2009, the corporate email, business plans, and files of Twitter.com were hacked, when someone first hacked the wife of Twitter’s founder, and used the same passwords to gain access to the Twitter company.
• In 2011, the firm HBGary which specializes in corporate and government IT security got totally pwned and humiliated, when after bragging about exposing the hacker vigilante group, Anonymous, they were cyber attacked by Anonymous.

“I can explain it to you but I can’t understand it for you.” We can’t defend Stupid. But it’s not that hard. This Five-Point Plan breaks it down for you. The takeaway here is to learn from others’ mistakes, and get comfortable with security awareness.

Read more about internet crime at the FBI’s Internet Crime Complaint Center. If you are a victim of internet crime, file a complaint with the FBI. Crime or vulnerability that puts the nation at immediate risk should be reported to the U.S. Computer Emergency Readiness Team (US-CERT).

What is your best tip for keeping all of your devices protected? Comment below and you’ll be entered to win a $400 Amazon gift card from Kaspersky Lab.

One way to protect all of your devices is with Kaspersky ONE Universal Security. Download your FREE trial today.

This is a sponsored conversation written by me on behalf of Kaspersky Lab. The opinions and text are all mine. Official Sweepstakes Rules.

Mac users have had it easy. We enjoy fun stuff without worrying about the endless toil and trouble of virus scanning, security patching, and the added expense, which we see our Windows cousins engage in.

But, do you recall updating your Mac for Adobe Flash? It’s a vague nauseous feeling of been there done that. Be aware, this likely was malware.

It’s called Flashback. It simulates an update for your Adobe Flash. We all do this. Most of us are probably generally aware that Apple and Flash are like apples and oranges, or rather oil and water. It seems as if Adobe updates are as frequent as iTunes updates. After a while we get lazy and drop our guard. Therefore, when we see another [annoying] update for Flash come across the screen, it’s no surprise…

You clicked install?! If it was Flashback, then it is a Trojan horse. Malware. We know now that this fake Flash module, which was first written about back in September 2011, lurks on your Mac, takes screenshots of your password screens, and ships them off to evil locations unknown…

Don’t let that happen to you… and don’t panic. Follow the method defined by the security experts to test for the virus, and if you find it remove it.

How to test if you are affected?

1. Find “terminal.app” in your Mac’s Applications/Utilities folder.
2. Click on Terminal to open.
3. You next type in or copy and paste the diagnostic commands.
4. Type these three lines:
   • defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
   • defaults read /Applications/Safari.app/Contents/Info LSEnvironment
   • defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
5. If each time you got the response “does not exist”, then congratulations, you dodged this bullet.

For those unlucky people with the Flashback Déjà vu:

I’m guessing you didn’t win Mega Millions. No worries, no one reading or writing this did either. Doctor Web and Kaspersky Lab, antivirus companies, estimated that by the end of last week, over 600,000 Mac computers were infected with some strain of the Flashback Trojan horse.

If you’ve got Flashback, please follow the advice of experts to get rid of it. Flashback exploited a vulnerability with a version of Java. You will need to update your Java, but you don’t want to toast your Mac further with more trial and error.

You have choices for help. Kaspersky Lab launched a website to help you diagnose and fix the issue.

Credit Juan Leon for creating an automated app to fix the problem. Or if you want the devil’s details, see Arstechnica.com’s diagnostic help plus “How to get rid of Flashback“, which they copied from F-Secure which first distributed a free fix and instructions.

Two more steps:

Even if you don’t have Flashback, prevent it from happening. If you haven’t yet today, go next to System Preferences or your Apple menu, and run a “Software Update…” You want your OSX and Safari up to date.

While you are housekeeping, why not delete your Flash cache, because your Flash cache is never cleared when you clean your browser cache and cookies(back to the Apple and oranges thing)? Repeat this occasionally because over time it’s a drag on performance for some Macs.

Go to System Preferences / Other, open Flash Player, and “Delete All” Browser Data and Settings.

Are you a Mac?

Hope this helps. Stay healthy! Whoever said Macs are zero-maintenance? Still pretty good by comparison. (Hey for zero-maintenance, how ’bout those Chromebooks, for those in the cloud? But I digress.)

For more information about the Flashback Trojan malware, read the blog from The Next Web Conference.

Twitter has been hacked — just for the fun of it/

The site was overrun on Tuesday morning with posts discussing a programming flaw that pranks users, spread worms, and sends porn to unsuspecting Tweeters.

According to experts, the problem was limited to a JavaScript command in the old Twitter web interface, which is gradually being phased out.

The New York Times reported that one offending post included an “onmouseover” command that caused messages to pop up and sites to open automatically when a pointer hovered over it.

The script caused some users to forward the offending links to their followers — similar to the many Facebook worms that have been found over the past few years.

Twitter hasn’t issued a statement yet, but posted a status page message saying: "We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit." At 9:50 Eastern time Twitter said it had fixed the flaw. (XSS is short for "cross site scripting" and refers to Web-application flaws that enable hackers to inject scripts into Web sites.)

News outlets reported that due to the worm, Sarah Brown, wife of former British prime minister Gordon Brown, was circulating a link on her Twitter page that sent users to a hardcore Japanese porn site.

Twitter user Magnus Holm, who says he’s a Norwegian Ruby on Rails programmer, appears to have started the slaw.

In an email to the Times, Hold said he just “wanted to experiment with the flaw.”

But the hack isn’t so harmless, and it’s led to other acts of online vandalism.

Others appear to be taking the JavaScript exploit and using it for much worse actions.

The Times reported that Holm said one malicious worm “downloaded some nasty code from a Russian server.”

There is no word on law enforcement action yet.

Thousands of Tufts University alumni have received letters over the past few days warning about a computer security breach that may have left their social security numbers and other personal information exposed.

According to school officials, several computers were exposed to an unknown virus or malicious software program. The computers contained old student files and they may have been downloaded.

"We don’t have any direct evidence of any unauthorized use of personal information, but we thought it would be a good thing to notify those individuals exposed," said Kimberly Thurler, a Tufts spokeswoman.

Seven thousand alumni are affected, and warning letters started going out May 24.

Tufts is offering each alumnus a free year of credit monitoring service from Experian.

Tufts, like many other colleges, once used social security numbers as student identification numbers. That practice is quickly going out of vogue across the country as identify theft fears have climbed. The files that were exposed were old records that still contained SSN’s.

Thurler said Tufts is in the process of seeking out and destroying these kinds of records.

"This is a case of old files that were still on isolated computers," Thurler said. "A small number of isolated computers were exposed."

At least one of the computers affected was located at Tufts’s Dining Services Department.

Thurler said she did not know the nature of the files that were breached.

Malicious software can seek out personal information like social security numbers and passwords. Infected computers can send data to a third party.

If you haven’t noticed, the internet is getting increasingly shittier with each passing day.

Whether it’s the makers of “The Hurt Locker” threatening to sue anyone who downloaded it, YouTube pulling every other clip that someone posts, or the fact I can’t figure out how to use a goddamn “keygen” so I can get all of this stolen software I downloaded to work, the web isn’t the proverbial “Wild West” anymore.

Hey, at least there’s still a healthy amount of free porn sites available at our fingertips, right?

Although, after reading articles like this, I’m sure that’ll change sooner than later, too.

Anyway, with the series finale of Lost airing this coming Sunday, some impatient fans have been (unsurprisingly) looking for any hints or plot spoilers because they’re either horribly impatient (which is dumb) or, because they’d like to ruin the ending for someone who would be super pissed if that happened (which would be hilarious and awesome.)

Regardless of the intent, fans who are looking for Lost finale spoilers not only aren’t finding them, they’re ending up with a nasty computer virus. Clearly, that’s not the kind of spoiler that anybody’s looking for. More on this story, thanks to the Boston Herald, after the jump.

Three Massachusetts high school students recently made it into the eastern region semifinals of the Siemens Competition, which will head into National Finals in New York in early December. One of them, Minhye Kim, a Brookline High School senior, took a moment with Blast Magazine to discuss her findings as a young researcher.

Blast: Congratulations on your research studies! Could you explain briefly what your research focused on?

Minhye Kim: Thank you! The title of my project is "Hepatitis B Virus Infection Increases the Risk for Developing Diabetes." I studied and found the mechanism that links the two diseases together.

Blast: What was your inspiration for this research?

MK: I was actually having a conversation with my mentor and he… mentioned something very interesting. He said that over 350 million people worldwide are infected with HBV. I had no idea HBV was such a serious health problem. So, I did a little research on my own and found out HBV leads to different liver diseases. I knew from past knowledge that glucose production happens in the liver and glucose production is very important in type 2 diabetes. So, I was curious whether HBV had anything to do with type 2 diabetes.

Blast: What is the goal of your research?

MK: The goal of my research was to find whether HBV and type 2 diabetes were linked at all. Actually, no previous research had been done about my topic of research. So there really wasn’t anything known about the link between the two diseases.

Blast: How long did it take you to come up with all the background information and analysis for your study?

MK: There were definitely lots of readings to do! There were a few days when I would just read manuscripts and not do anything else, like running experiments. I would say the entire project took about a year. It spanned throughout my junior year.

Blast: And being so young and talented in this field, do you feel or hope that more young people will get involved in research like this?

MK: Yeah! I think it would great for young people to go out there and have research internships because it’s an awesome experience. You find out what is like to be a scientist in a real-life setting and it’s worth it!

Blast: What is your ambition for the future? Do you plan on studying science or medicine?

MK: I definitely want to go to medical school. I want to become a pediatrician and have my own diabetic clinic for children… if there is no cure for diabetes by then.

Winners of the regional event are invited to compete at the National Finals at New York University December 3 — 7. For more info visit http://www.siemens-foundation.org.

The Siemens Foundation contributes over $7 million annually to support the field of science, math, engineering and technology in the United States. The Siemens Competition in Math, Science & Technology encourages and recognizes high school students who challenge themselves through their studies and research, and may obtain national recognition for their high school research projects in science and technology.

Back in June, we told you about Microsoft’s free code-named anti-virus, anti-malware, solution being opened to beta testers. Now that those guinea pigs have put it through the ringer, MSE is going live for all users today, meaning that there’s no excuse for not having protection installed on your computer, whether you pay for it or use Microsoft’s free tool. But why pay for what’s free?

The software uses Microsoft’s own Dynamic Signature Service which fingerprints threats constantly, without having to wait for new definitional updates. The tool is low-resource, and minimizes CPU and memory usage while the computer in use. Of course, the biggest advantage will come when the vast majority of users have installed the software, preventing the spread of malware between users. While Microsoft has no plans to push MSE out to its users, the real benefit will come when it decides to do so.

MSE has remained largely unchanged since the beta tests, and requires no registration, trials or renewals and will be available for download directly from Microsoft for XP SP2 through Windows 7, although users will have to pass a Windows Genuine Advantage test to download the product.

There are many dangerous things you can do in your life like going wand to wand with a wizard who wants to Avada Kadavra your ass. For the rest of us, our average everyday lives are typically much more mundane, so the most dangerous thing we do is bury our nose in a Harry Potter book we’ve read seven times over while walking through a crosswalk.

But, did you know that merely googling “Harry Potter” right now can be dangerous? In fact, with the release of “Harry Potter and the Half-Blood Prince” imminent, googling Harry Potter is almost a surefire way to land yourself in trouble “" and we’re not even talking about finding Daniel Radcliffe’s nudie pics from Equus.

Sketchy criminals are making fake websites that promise a link where you can “watch Harry Potter for free” “" and in the midst of a recession, who doesn’t want to save $10? They then fill the blog post with lots of comments lauding the virtues of the page. Link to a page full of screenshots from the movie, and prompt the user to install a “streamviewer.” One more click, and Accio! Your computer is now full of malware, and you’re still going to have to pay $10 to see the movie.

Presented like this, most Internet users would swear they would never fall for something this obvious, but the truth is that they do, and that’s why these techniques are still being used. This is complicated by the fact that the criminals are using the dreaded search engine optimization techniques to push their sites up Google’s result listings, and submitting their sites to Digg and Reddit, and pushing the files onto P2P networks.

The best way to protect yourself is something we’ve suggested to you before, and we’ll suggest to you again. Get‚  decent malware and virus scanners, such as the ones offered by PC Tools, and use them. We searched for any number of Harry Potter related terms writing this article and we didn’t die, so obviously the simple act isn’t inherently dangerous. Just be careful and smart.

And then there’s also the whole not being a sketchball and trying to download the movie illegally thing too. We’ll be with you at midnight tonight to see “Harry Potter and the Half-Blood Prince.”

Some of us are lucky enough to work in small companies with lots of freedom. A blessed few of us even get to work from home in our pajamas. Point being, we’re free to install and run which ever programs we want, and protecting ourselves from the perils of the Internet is up to how careful we are on what we clock and how up to date our anti-virus software is. (Or we just run Macs.)

Most people though work for companies or use computers at schools and libraries that like to (rightfully) protect their electronic and intellectual property, and tend to engage in IT lockdown. How does this happen? You might be surprised at how it all works.

To start with, Windows comes with many IT solutions baked in. We recall that our high school disabled the “Properties” menu on the background after one too many phallic backgrounds made in MS Paint. Some companies go so far as to lock you into a single program and disable your right-click because you supposedly shouldn’t need it. This started with computer controlled cash registers at retail stores, but has grown to a surprising other collection of computers, such as the ones that customer service representative run at the phone banks.

Windows also comes with the ability to prevent installers (.msi files) from running. This works to keep employees from wasting all day on AIM, but not all programs come with installers”"in fact, most malicious software comes in the form of the simple executable (.exe files). This is where programs like Faronics Anti-Executable come in. The program, which runs in the background, prevents all executables that aren’t on a whitelist from running. This drastic but highly effective method prevents any program that is explicitly allowed to run from doing so.

This stops everything from e-mail embedded Trojans to Outlook hijacking malware from running. The program even comes with a one-click set up solution that sets up the whitelist according the programs running on a sample computer”"useful as long as you’re absolutely sure that computer has never been compromised.

Of course, the best thing to arm yourself with is a good education. Don’t open attachments or click on links from people you don’t know. Be careful when installing anything, especially when you’re at work. Don’t attempt to circumvent the IT lockdown you might be under at work either. At best, you might get a virus; at worst, you could lose your job”"probably not worth installing TweetDeck over. So use your best judgment, and wear”"er, um, install, your protection.

Are those “Get a Mac” ads that always talk about how your PC is always infested with horrible viruses and spyware annoying you yet? Well, they’re certainly annoying Microsoft.

Ever since XP Service Pack 2, the company has always strongly suggested that users should install anti-virus software, displaying one of those nagging yellow bubbles in the taskbar. Before, the only tool Microsoft offered was its Windows Defender software, a free download which protects users from spyware related assaults. Now, largely in response to the never ending onslaught of new security threats, Microsoft is getting ready to release its first full blown anti-malware software, Microsoft Security Essentials.

Originally codenamed Morro, the software will offer a full range of virus and malware removal as well as real time protection. While Windows Defender offered spyware protection, this addition of protection from viruses will make this a solid, complete solution, especially considering it will be available free.

Of course, to avoid even more anti-trust issues, the software can’t be bundled directly with Windows, so exactly how Microsoft intends to “strongly suggest” that users download the software, free it may be, is yet to be seen. Also of note is that installation of the software will require users to use the Genuine Advantage program.

Leaked yesterday, the program itself is very lightweight and has very low system requirements”"all good things for a program you’ll have to keep running 24/7. ‚ As we said, this new offering will be a free downloadable addition to all Windows versions, XP through 7, when it’s released this fall. Before then though, Microsoft is opening the product (link not yet live) to 75,000 beta testers on June 23, if you want to test putting your security in Microsoft’s control.

Well, if you’re reading this, you’ve apparently survived the Conficker Disaster of 2009. Congratulations!

Actually, the Conficker worm, which has been quietly distributing itself across Windows PCs since 2008, was supposed to start phoning home Wednesday. Reports are conflicted whether or not anything has actually happened yet. Most experts agree that it could be a few days until the effects of the virus are known, though predictions run the gamut from a simple botnet that will send more spam or commit DDoS attacks to more sinister actions like stealing credit card information.

While the whole Conficker situation could be a very elaborate but harmless April Fool’s joke, the fact that everyone is so worked up into a frenzy over it shows that computer viruses are still as much of a threat in the ever-connected, ever-computerized world we live in now as they have been.

Last week marked ten years since the first “malware” virus, the Melissa virus, first started wrecking havoc on users’ computers and overloading email systems. While viruses that hijack email clients and propagate by mailing copies of themselves to everyone in address book are largely extinct now, the Melissa virus was a real problem in 1999.

Dmitry Gryaznov, a member of the original McAfee team who discovered and tracked down the Melissa virus, points out that “Ten years ago, malware writers were interested in creating a name for themselves. It’s a vastly different picture today. Cybercriminals are financially-driven; they’re eager to steal personal information and cash-in on the cyber attacks.” It’s true that most viruses in the past were about being flashy, like by deleting important system files. Most viruses today are Trojan programs that watch your computer in the background to steal credit card information and passwords that could lead to identity theft.

It’s important to point out that running a decent virus scanner or just installing the patches that Windows pushes out over Windows Update would have prevented this whole situation from ever happening. Of course, if you’re on a blog like this one, you probably already knew this-or you just run OS X. And if you haven’t, go scan your system-NOW. There are lots of free (http://free.avg.com/) and open source (http://www.clamwin.com/) tools available, so there are no excuses.

Security software vendor PC Tools says that February presents a new risk to consumers who frequent virtual networking websites and who are searching for love online-a group otherwise known as the “digitally active.”

On January 23, PC Tools reported on a new computer worm disguised as a Valentine’s Day program: Waledac worm victims can be infected through links distributed in email or instant messages that redirect consumers to exploited websites, which allows cybercriminals to gain control over the user’s computer.

PC Tools says the “digitally active” are in a higher risk category than other consumers because they frequently use new and alternative ‚ technologies to look for love, such as instant messaging, social networking, dating and adult web sites, popular targets for cybercriminals. According to a recent study by Web of Trust of 19 million web sites, adult websites pose the single most significant security threat for Internet users.

The “digitally active” are also regularly posting their personal information on social networking and dating websites, only to wake up the “morning after” to find their computer has been compromised and that they are a potential victim for identity theft and financial loss.

Here’s a little checklist:

• Do you visit adult websites?
• Do you use your credit card to purchase items when you visit?
• Do you have your birth date, street address, or any other personal information listed on any social networking sites or dating sites?
• Do you often open links through IM or email?
• Do you access the Internet without protection (i.e. security software, browser and firewall protection)?

“Answering ‘yes’ increases a user’s vulnerability to DTD’s,” said Greene.‚  “That’s why PC Tools has developed a list of common sense tips so the ‘digitally active’ can play safe while online.”

PC Tools’ tips for playing it safe for the “Digitally Active.”

1. PRACTICE SAFE EX-CHANGES – Be careful with e- cards

While many people trade e- cards on Valentine’s Day, birthdays and special occasions, be careful about opening e-cards and the associated links-even during an IM or social networking chat. Check the address of the link carefully before clicking on it. If the email or IM is from an address you are unfamiliar with or the link is to a Web site you are unfamiliar with, don’t open it-you could be exposing yourself to a DTD. Likewise, confirm with your friend that they have sent you a file or link to confirm its legitimacy.

2. LOOK FOR LOVE IN ALL THE RIGHT PLACES – Looks can be deceiving…

Just as our virtual networking techniques become increasingly sophisticated so too are the techniques applied by cybercriminals such that it is increasingly difficult to tell the difference between legitimate websites and hacker-created websites.‚ Both adult and dating Websites are known to have a high incidence of malicious code that could steal your identity and finances. It is also important to note that legitimate and reputable sites have also been a target for cybercriminals-be warned, looks can be deceiving! To avoid this, first be on the alert and be aware, only visit and download from websites that are recommended by well-known and reputable sources and never visit any website without protection.

3. DON’T BECOME DATE BAIT AND OVERLY PROMISCUOUS – Don’t give out too many personal details

Social networking, Instant Messaging (IM) accounts, adult websites and online dating sites should only require your basic contact details (for example, name, billing address and contact number) to register for services.‚  Consumers should demonstrate caution if a website requests too much information. Contact them by phone to find out why they need so much information, how they plan to use it and if they have a privacy and security policy to protect you and use your commonsense when updating an online profile. Also, don’t be complacent and use the auto-complete feature in your browser to save your passwords, logins or other personal information-its prime real estate for the cybercriminals.

4. KISS AND TELL – Keep records all online transactions

If a website requires payment for any reason, check out its refund policies, privacy policy and legal notices. These documents should be readily available on the company’s websites and are a good indication that a site is reputable.‚ Consumers should always print and save records of any online transactions, including the product or service description, price and the receipt of payment. If the site turns out to be fraudulent, you’ll need this information to advise the relevant authorities in order to try to get your money back. If you are going to transact online then have a separate credit card for online purchases only that has a low credit limit and is not linked to any other accounts.

5. PRACTICE CONSENTUAL UPDATING – Ensure your computer is up to date

Software companies continually issue updates to fix new security flaws, ensure you update your operating system, browser and security software regularly. Also use a web browser that is known to be relatively safe from Internet threats and vulnerabilities to ensure your computer isn’t exposed to threats where your personal and financial details, as well as your browsing habits, can be accessed by cybercriminals.

6. ALWAYS USE PROTECTION – Install comprehensive security protection

Finally, when being active, both online and offline, always use protection! There are tools consumers can use to protect themselves from DTD’s like spyware, viruses, Trojans, rootkits, and other malware. Leading independent publications recommend installing comprehensive behavior-based security software such as PC Tools Spyware Doctor with AntiVirus or PC Tools Internet Security.

Make sure your security product of choice has real-time protection, proactive behavioral protection, which helps protect against new and unknown threats, an advanced firewall to block unauthorized parties trying to access your computer via the Internet and browser protection which warns you about potentially malicious sites and identifies browser exploits.

Get a free copy of PC Tools’ Internet Security Suite 2009 on the Blast Magazine freebies page!

]]> http://blastmagazine.com/the-magazine/technology/do-you-have-a-digitally-transmitted-disease/feed/ 1 http://blastmagazine.com/the-magazine/entertainment/dangerous-celebs-to-google/ http://blastmagazine.com/the-magazine/entertainment/dangerous-celebs-to-google/#comments Tue, 16 Sep 2008 13:57:30 +0000 Blast Magazine Newsroom http://blastmagazine.com/?p=3233

Research from security firm McAfee shows that some celebrities are just dangerous to Google and search for around the web because of the litany of fake websites out there that try to infect your computer with viruses and malicious code as you innocently seek out wallpaper and screensavers of your favs.

Brad Pitt leads the pack on a list that includes Jessica Alba and‚ Katherine Heigl.

“Fans searching for “Brad Pitt,” “Brad Pitt downloads,” and Brad Pitt wallpaper, screen savers and pictures have an 18% chance of having their PCs infected with online threats, such as spyware, spam, phishing, adware, viruses and other malware,” McAfee said. “Cybercriminals are using A-listers’ names and images, like Beyoncƒ© and Justin Timberlake, to lure Internet users who surf the Web for the latest gossip, screen savers and ringtones to “fake” Web sites that look legitimate.”

The list includes:

1. Brad Pitt – When “Brad Pitt screensavers” was searched, more than half of the resulting Web sites were identified as containing malicious downloads with spyware, adware and potential viruses.

2. Beyoncƒ© – Inputting “Beyoncƒ© ringtones” into a search engine yields risky Web sites that promote misleading offers to gather consumers’ personal information.

3. Justin Timberlake – Interest in his high-profile relationships makes him an easy target for spammers and hackers. When searching for “Justin Timberlake downloads” one Web site advertised free music downloads that were flagged as directly leading to spam, spyware and adware.

4. Heidi Montag – “The Hills” star is a popular search term when it comes to searching for wallpaper. A host of wallpaper Web sites contained hundreds of malware-laden downloads.

5. Mariah Carey – Spammers and hackers are using Mariah Carey screen saver Web sites to link to other sites proven to contain spyware, adware and other threatening downloads.

6. Jessica Alba – Red-ranked risky sites were identified when searching for “Jessica Alba” and “Jessica Alba downloads.” The sites contained hundreds of malicious downloads, links to other bad sites, misleading offers to gather information, and a high number of spam emails when an email address was provided.

7. Lindsay Lohan – This young Hollywood starlet is as dangerous to search online as she is famous. Searching for “Lindsay Lohan downloads” resulted in several dangerous Web sites laden with hidden adware.

8. Cameron Diaz – Cybercriminals use download Web sites related to Cameron Diaz’s image to link to other harmful sites containing spyware.

9. George Clooney, Rihanna – The technology found one Web site embedded with hundreds of dangerous wallpaper and photo downloads after inputting “George Clooney downloads.” “Rihanna pictures” was also a risky search term, as McAfee identified a site that spammed its test email address.

11. Angelina Jolie – When “Angelina Jolie downloads” was searched, the software highlighted a risky site with 978 hidden malware-infected wallpaper and photo downloads, as well as links to other potentially dangerous URLs.

12. Fergie – A Fergie screen saver site was flagged as offering 111 risky downloads that could seriously compromise a PC’s privacy with unwanted spyware and adware.

13. David Beckham, Katie Holmes – The “David Beckham” search term generated a great deal of wallpaper and screen saver downloads veiled with malware. Consumers should also exercise caution when searching for “Katie Holmes” online – one download site advertised free screen savers that, if downloaded, would infect your computer with malicious programs like spyware.

15. Katherine Heigl – Hollywood’s big headliner in recent years is now susceptible to Internet lurkers too. “Katherine Heigl” was searched and a site was identified containing hundreds of malware-infected pictures.

‚ ”Cybercriminals employ numerous methods, yet one of the simplest but most effective ways is to trick consumers into infecting themselves by capitalizing on Americans’ interest in celebrity gossip,” said Jeff Green, senior vice president of McAfee’s Product Development and Avert Labs. “Tapping into current events, pop culture or commonly browsed sites is an easy way to achieve this. And because of Americans’ obsession with following celebrities’ lifestyles, they are an obvious target. We have to take precautions in casually navigating the Web since many subtle sites may be rife with malware for consumers’ computers.”

The list was compiled using McAfee SiteAdvisor, which can be downloaded for free at‚ www.mcafee.com/siteadvisor.

]]> http://blastmagazine.com/the-magazine/entertainment/dangerous-celebs-to-google/feed/ 0 http://blastmagazine.com/the-magazine/technology/mcafee-identifies-downloader-uah-first-medium-risk-malware-in-three-years/ http://blastmagazine.com/the-magazine/technology/mcafee-identifies-downloader-uah-first-medium-risk-malware-in-three-years/#comments Wed, 07 May 2008 01:28:01 +0000 John M. Guilfoil http://blastmagazine.com/?p=1288

McAfee Avert Labs reported Tuesday the most significant malware outbreak in three years with more than 500,000 detections of a Trojan horse they’re calling “Downloader-UA.h,” which is spreading by masquerading as a media file.

“The malicious MP3 music or MPEG video files have appeared on popular file-sharing services such as Limewire and eDonkey,” Avert Labs said in a statement.

McAfee has rated “Downloader-UA.h” as a “medium” risk threat. It is the first malware to receive that risk rating since 2005. It is the most dangerous threat to mask itself as a multimedia file ever recorded.

“This is one of the most prevalent pieces of malware in the last three years,” said Craig Schmugar, threat researcher at McAfee Avert Labs. “We have never before had a threat this significant that arrives as a media file.”

The last time McAfee went to “medium” on a computer threat was W32/Sober from November 2005. Sober was a virus that proliferated massively through email.

The malicious files are all named differently in multiple languages and vary in size to make them appear like legitimate music or video files, McAfee said. Attempting to play one of the malicious files will trigger a program called “PLAY_MP3.exe” to download, launch, and force advertisements to appear on the infected computer.

Some of the sample names used by the malicious media files include “preview-t-3545425-adult.mpg” ; “preview-t-3545425-changing times earth wind .mp3″ ; “preview-t-3545425-girls aloud st trinnians.mp3″ ; “preview-t-3545425-jij bent zo jeroen van den.mp3″ ; “t-3545425-lion king portugues.mpg” and “t-3545425-los padres de ella.mpg”

If you need a another reason to get rid of Limewire and other filesharing apps, you might not get a better one.

]]> http://blastmagazine.com/the-magazine/technology/mcafee-identifies-downloader-uah-first-medium-risk-malware-in-three-years/feed/ 0 http://blastmagazine.com/the-magazine/technology/case-mod-of-the-year/ http://blastmagazine.com/the-magazine/technology/case-mod-of-the-year/#comments Fri, 08 Feb 2008 07:08:30 +0000 John M. Guilfoil http://blastmagazine.com/2008/02/case-mod-of-the-year/

It’s Friday afternoon. It’s been a long week. Here’s one of those email forwards that was too hilarious to ignore.

After going through a virus attack,

losing a hard drive,

fighting off hackers,

upgrading all my software,

installing fire-walls,

being threatened with being cut-off by my email provider,

and a host of other problems…

I have fixed my computer…

and NOW it works exactly the way I want it to!



]]> http://blastmagazine.com/the-magazine/technology/case-mod-of-the-year/feed/ 0 http://blastmagazine.com/the-magazine/technology/myspace-page-sends-fake-xp-update/ http://blastmagazine.com/the-magazine/technology/myspace-page-sends-fake-xp-update/#comments Sat, 12 Jan 2008 02:00:40 +0000 Blast Magazine Newsroom http://blastmagazine.com/2008/01/myspace-page-sends-fake-xp-update/

McAfee Avert Labs announced Friday a Trojan horse attack disguised as a Microsoft update on a particular MySpace profile.

Attackers send friend requests to the victim MySpace users. Clicking on the person’s picture or name link loads a profile page with what looks like a legitimate Windows Automatic Updates pop-up box. When the user clicks the pop-up, it results in a request for a file download masked as a Microsoft update called “updateKB890830.exe” from a server that includes “winxpupdate.Microsoft” in its name.”

“The file in actuality is a true malware cocktail,” McAfee said. “If installed and run it downloads programs from multiple servers that in turn download more malware in addition to Trojans, and a remote control tool.”

Initially, McAfee thought the download files look to be from China, but its Avert Labs determined the origin of the IP address belonging to an ISP in Malaysia and further downloads directed from the Ukraine.

The malicious MySpace profile is still live, McAfee said late Friday. MySpace and Microsoft have both been notified. Users should beware of friend requests from people they don’t know and be cautious when surfing MySpace profiles.

]]> http://blastmagazine.com/the-magazine/technology/myspace-page-sends-fake-xp-update/feed/ 1 http://blastmagazine.com/the-magazine/technology/11-year-old-hacks-iphone/ http://blastmagazine.com/the-magazine/technology/11-year-old-hacks-iphone/#comments Wed, 09 Jan 2008 20:39:31 +0000 Torrey Meeks http://blastmagazine.com/2008/01/11-year-old-hacks-iphone/

What appeared to be a legitimate iPhone application, “iPhone firmware 1.1.3 prep,” turned out to be a piece of malicious software intended to ruin functionality on affected phones.

The programmer of this dangerous piece of code was an eleven-year-old boy.

Using the installer.app feature on the iPhone, users can access the diverse world of third-party applications. The malware in question passed itself off an update at www.jmwiki.com for applications including Erica’s Utilities, OpenSSH, Launcher and Doom. After downloading and installing the file via the iPhone’s installer.app, the malware displayed the word, “shoes” and proceeded to remove files critical to iPhone functionality.

Though by malware standards the virus was fairly tame, McAfee Avert Labs blogger Jimmy Shah noted that the piece of software highlights an important security concern with iPhone, one that depends entirely on the vigilance of well-informed users.

McAfee recommends users only acquire software only from trusted sources and install only official firmware updates.

After the child’s ISP was informed of the problem, his father was contacted and the site hosting the malicious application was taken down.

]]> http://blastmagazine.com/the-magazine/technology/11-year-old-hacks-iphone/feed/ 3 http://blastmagazine.com/the-magazine/technology/worm-found-on-google-orkut/ http://blastmagazine.com/the-magazine/technology/worm-found-on-google-orkut/#comments Thu, 20 Dec 2007 20:08:46 +0000 John M. Guilfoil http://blastmagazine.com/2007/12/worm-found-on-google-orkut/

Almost 400,000 members of Google’s social networking site, Orkut, were victimized by a new spam worm spreading around the site, said McAfee’s Avert Labs.

“While the worm doesn’t appear to harm users’ PCs, it does impact their profile and spread from friend to friend,” said McAfee. “This virus will add the user to a community called “Infectados pelo Virus Orkut” (“Infected by the Orkut Virus”) and starts to send messages to the friends of the infected user. Avert Labs believes Google is working to fight the worm.”

This raises concerns on how to keep the growing number of Web 2.0 sites safe and secure. MySpace and Facebook have faced similar issues recently, and everyone remembers the series of AIM Profile viruses and malicious code.

“I analyzed some suspicious scrap ’2008 vem ai… que ele comece mto bem para vc’ from a bunch of friends on Orkut,” wrote McAfee’s Vinay Mahadik. “For a while it was all over Orkut!! Translated to English, it reads ’2008 is coming…I wish that it begins quite well for you.’”

The worm is spreading through Orkut’s recently introduced tool that allows users to write messages that contain HTML code. The ability to add Flash/Javascript content to Orkut scraps was only recently introduced.

Click here for the full Avert Labs blog post.

The form has been named W32/KutWormer by McAfee.

]]> http://blastmagazine.com/the-magazine/technology/worm-found-on-google-orkut/feed/ 0