Technical Tidbits™

If you are reading this, then your ISP has cleared its cache!

I know, “WHAT?”

Over the weekend, LunarPages has had its DNS (Domain Name Server) compromised, which resulted in a redirect nightmare for thousands of shared hosting customers – including MICE!

I feel for LunarPages. Honestly I do!

They are one of the best, secure, shared web hosting companies that I’ve been affiliated with since our company went online around 1997 with our first web site.  And within a few years, our website was hacked also.  That’s the price you pay for declaring you’re more secure than others. It’s an open invitation to the creeps.

The point is, however, there are no guarantees. Even if you are capable of running your own server and you know how to lock it down, you’re still vulnerable.  That’s why I don’t run my own server. It’s too time consuming keeping up with these idiots!

So, in case you missed it, our website was redirecting to a German hosting provider.

I had it easy by comparison from what I’ve been reading on the support forum.  Many sites had been redirected to malware providers that attempted to download an executable file. Others, have become victims of Cross-site Scripting attacks (XSS) and have no idea how to remove it from their pages.  Many of these sites were using WordPress, Joomla, or other PHP pages.

In order to understand what I said in the first sentence of this post, you have to understand that when you type in a web address, such as mice.org, there is a server on the Internet that takes that address and translates it into an IP address for the server it is located on.  That server is called a DNS or Domain Name Server.

It’s sort of like a database that collects all the web addresses and connects them to their hosting server. So, when you type in an address in your browser, the address is sent to the DNS on your Internet Service Provider (ISP) and the browser then knows where to go look for the site.

Every so many hours – usually 24 – the ISPs flush their DNS cache.  I know, another, huh????

Let’s look at it in another way to help you understand.

Your computer – and I’ll use a Windows example – actually holds a storage or cache of the DNS addresses. That’s how you’re able to get to websites so quickly!  If you’ve ever gotten redirected or had problems accessing sites, you may have to flush or erase your computers DNS cache by typing in the run command the following: ipconfig /flushdns

That clears the stored – and possibly wrong – information on where websites are located.  By flushing the information, your computer is forced to go out to the Internet and get a new list. Hopefully, the new list is corrected from errors you might have been experiencing.

ISPs need to do the same from time-to-time, and if they don’t, well, you wouldn’t be reading this because you’d be redirected to the German hosting site, like some of my readers are!

Comcast appears to have flushed everything.  Verizon has not and if they did, then my friend Anthony needs to flush his DNS!

So, if you are reading this, your ISP has flushed the DNS cache and all is good.

I am still double-checking to make sure that there has been no cross-site scripting attack on my site or blog, but it looks good thus far.

If you are a victim of the XSS attack on LunarPages, use the contact link above to contact me and I will help you out.  This is a terrible situation that needs to be remedied immediately.

More about security in another post soon.

To your online peace of mind, Debbie

It’s the first time researchers – Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security (BKIS), a Vietnamese security company – have seen the malware overwrite rather than mask itself as an update program.

This is very scary especially since most of our readers can’t tell the difference!

But don’t panic! Here’s how you get the malware according to the NetworkWorld article (see link below):

Users can inadvertently install malware on computers if they open malicious e-mail attachments or visit Web sites that target specific software vulnerabilities. Adobe’s products are one of the most targeted by hackers due to their wide installation base.

So, if you stay away from known harmful sites – in which your security software should be protecting you from anyway – and you don’t open links or mail attachments from strangers, you should be okay.

And I can tell you that my TrendMicro Internet Security Pro does protect me even when I don’t want them too! (SMILE)

To read the full article visit:  New malware overwrites software updaters.

Over the past several days, I’ve received phone calls and requests for assistance because of some new mal-ads pushing yet another drive-by download.

Based on the discussion with one of these callers and their cry for help, I was able to get at some of the underlying script which was a PHP redirect.

Now for those of you who are unfamiliar with what that is, the simple explanation is that the page or ad being served up, has a code in it using PHP language (my WP blog is written in PHP language) that rotates what is displayed in the ad. I guess you could call it an ad rotation script.

What causes the problem is that when the rotation script calls up an ad that actually redirects you to a file that downloads into your temporary Internet files and launches a pop-up or pop-under page.  Once you click the pop-up/pop-under page, you’ve launched the malware.

I described in a previous post: How To Stop The New Malware, the steps to take to stop this from happening.  But like anything else security related, no one listens until they are infected!

So let me remind you one more time! First, go to this post and change your settings according to the browser you are using.  (It covers IE and Firefox. If you want Safari and Chrome settings, leave a comment and I’ll post those too!)

Next,  if the pop-up/pop-under appears, hold down the Control (CRTL) key, then the ALT key (hold it down too), and then the DEL (delete) key to bring up your Task Manager. Just do that once, because doing it twice will cause your machine to reboot!

Click to view Larger Image

When the Task Manager appears, click the Applications tab (if it’s not already on it) and click on the Internet Explorer or Firefox (whichever applies to your browser) and then click the End Task button on the bottom.

Note: You will lose your entire browsing session but it’s better to lose your browsing session then to get hit with this horrible malware right?

If you end task the way I described here, for now, the malware software will not be able to launch.

The biggest offender is still the FAKEAV (fake AV) malware, this includes the Antivirus 2009 malware. Trend Micro reports the loss to victims in an article:  Rogue AV Scams Result in US$150M in Losses

(Read more: http://blog.trendmicro.com/rogue-av-scams-result-in-us150m-in-losses/#ixzz0b766AKur) That being said, I have a theory why this is on the rise again. I tweeted an article today about the increase in online sales over the holiday season.  Specifically, Online Shopping Breaks Records at InformationWeek. The article says that,

“November marks the official start of the holiday shopping season as millions of Americans search for gifts and deals both online and in stores,” said Jack Flanagan, executive VP of comScore Media Metrix, in a statement. “With nearly 4 out of 5 Americans online visiting a retail site during November, the Internet clearly represents an increasingly important channel for retailers during the holiday season and beyond.”

Now, we’ve discussed in the past the online shadow economy and how they benefit from this malware. Now, add to that the fact that more and more Americans are shopping online and you have a hackers and identity thief’s heaven! Is it any wonder there’s an increase in the number of mal-ads being pushed through the ad servers?