What Does AVG Product Give You?

• Protection that’s relevant to the way you use your computer and the Internet:
• Banking and shopping, surfing and searching, chatting and emailing, or downloading files and social networking – AVG has a protection product that’s right for you
• Protection that’s trusted by over 80 million people around the world
• Protection that’s hassle-free and doesn’t get in your way
• Protection that’s fueled by a global network of highly-experienced researchers
• Protection that’s backed by round-the-clock expert support

Interested to learn more about AVG products ? Visit AVG Here.

What Does We Give You?

During this festive Chinese New Year season, we are having a joint promotion with AVG and giving a whopping 30% discount to all our AVG customers. No matter whether you are buying Home Edition for a single computer, or whether you are buying Business Edition for thousands of licenses, you are entitled to this 30% discount.

• Never bought any antivirus program before? Here’s 30% discount for you.
• Migrating from another system protection software? Here’s 30% discount for you.
• Renewing your current AVG licenses? Here’s 30% discount for you.

This offer is exclusive to Pacific LANWorks Pte Ltd ONLY, so, what are you waiting for? Contact us now and get your price quotation from us before this offer expires.

Terms & Conditions

• 30% discount is valid for all AVG products ONLY
• Promotion ends by February 25th, 2010 (no extension and late-comers will not be entertained, sorry)
• Payment MUST be made and cleared by us before 12:00pm on February 25th, 2010
• This promotion will not be run concurrently with any other AVG-related promotions, nor any other offers promoted by us.

Please feel free to contact us for your price quotation and provide us the following information for prompt service:-

• Your contact name:
• Email Address:
• Company Name:
• Contact Number:
• Fax Number:
• Address:
• Which AVG Products you are interested in:
• How many licenses you required:

Interested to learn more about AVG products ? Visit AVG Here.

During my daily morning working ritual, that is, clearing emails, answering queries, replying to Twitters and checking out my Facebook account, all done with multiple windows on my 2 laptops and 3 screens using Synergy, an email from UPS suddenly caught my attention and all work was put on hold to check out this email. I’m usually a multi-tasker (who’s not), but in this case, nothing is more important than to read this email.

What’s The Story?

The reason why it gets my 100% attention is because we’ve recently help a customer to dismantle their server appliances from their Singapore office and ship them to their Belgium office, using UPS as our courier service. That job alone cost around S$4,900 for the shipping fees and the cargo itself is estimated to be around S$90,000. We almost make a loss for this job because another vendor who estimates the weight of the cargo for us miscalulated the total weight by a difference of over 90kg, meaning that the buffer charges we impose on the customer plus our profits have almost all gone down the drain, and if includes the manpower to do the migration, this definitely is a loss job. Any hiccups for this shipping is therefore not tolerated and that’s why my heart sinks and my mind froze when I read the first sentence from the email.

What’s In The Mailbox?

For your viewing pleasure, I’ve pasted the image of the email below:-

Computer Virus Masqueraded As UPS And DHL Delivery Failure

If you can’t see it, below is the exact mail from “UPS”:-
————————————————————–

Hello!

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail.
Please print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox.

Thank you.
United Parcel Service of America.

————————————————————–

If you are in my shoe, will your heart pound fast and your brain starts to go berserk when you see this email?

Congrates if you don’t, you have a very steady heart

What’s The Give?

Thanks to my years of training as a I.T. professional, I’m able to recollect myself and start to think and work logically after the initial shock. The few things I noticed amissed are:-

1. The email was send to me via my delson(at)pacificlanworks.com account, which I immediately knows something was wrong because our UPS account is not linked to this email!
2. I’ve corresponded with UPS multiple times before and the format and structure of this email seems not to be the same as those I’ve received from UPS previously.
3. The tracking number seems to be shorter than usual for UPS, again, this is based on our frequent shipping experience with UPS itself.

With these 3 doubts that I have, I begin to suspect this is more of a rogue email rather than a legitimate one. I blew a breather and starts to relax myself a bit. At least right now I can “rest in peace” knowing that nothing was wrong with my recent shipping ;p

Don’t Do This At Home

It’s been a long while since I’ve gotten myself so exited, especially receiving any official email from anybody, I decided to kill my curiosity cat and open the attachment.

By doing so, I can learn more about this type of fraudulent email and secondly, to test my new version of AVG Internet Security software

I look for my AVG icon on my bottom-right taskbar and double-click to open it and make sure it is updated and running properly. This is especially important because what I am going to attempt to do will have a very avast result if my AVG Internet Security software is not running properly.

I double-click on the attachment (please be reminded again NOT to attempt this action if you are not prepared for any disastrous result and if your data are not backed up) and the zip file was opened to show an .exe file embedded in it. See image below:-

Rogue .exe File In Email Attachment From UPS

When I double-click on the .exe file, AVG kicks in and flagged it as a trojan and immediately blocked the access to the file and safely quarantined it away from me.

Well, this proves that my hunch was correct and that my AVG Internet Security software is working fine too.

I then delete this email from UPS and pops comes the next email from DHL, same format, same structure. See below:-

Fraudulent Email From DHL Regarding Shipping Failure

Even the attachment contains the same type of .exe file too, see below:-

Fraudulent Email Attachment From DHL Regarding Shipping Failure

Since I’m receiving these emails, I’ll presume that everybody will be receiving too, either sooner or later, but definitely will be, and therefore I’m writing this post to alert everybody about it. Please ensure that  your system is protected with an anti-virus software  and that it is updated to the latest version with the latest virus definition file.

Which AntiVirus Software I recommend?

For me, I’ll recommend AVG software (almost 95% of our customers are using AVG software and some has already renewed it twice since their first usage.)

Do note that AVG software comes with 2 years subscription and when my customer has renewed it twice, it means that they have been using it for more than 4 years already.

If  you are having a  little budget problem, feel free to download your free copy of AVG Anti-Virus Free Edition 9.0. There is absolutely no charge for this edition of AVG software but do note that this is just an antivirus software and do not have any firewall or antispyware to protect your system.

Alternatively, you can get FREE McAfee Internet Security software, which includes firewall and antispyware, with FREE 6 months of subscription just by becoming McAfee’s Official Facebook Fan.

Whichever you choose is not important, they are all great software, as long as you MUST choose one and get it installed in your system will do.

Good luck and have a great day.

McAfee, the wold’s leading dedicated security company, and Facebook announced an unprecedented collaboration in which McAfee will offer for FREE their flagship McAfee Internet Security to all of Facebook 350 million users, irregardless regardless of your country of origin and irregardless whether you are a previous McAfee customer or not.

The only disappointing news is that this FREE software is only for PC users and is not extended to Mac users (as if you need it … ;p )

The software will come with 6 months of FREE subscriptions to the McAfee Internet Security and you can decide to keep the software after that or hopefully wait for any other offers then.

Once you join McAfee as their fan in their Official Facebook Page for McAfee, you are entitled to their FREE software from their website.

Do note that you will need to submit your credit card details in order to get your FREE copy of the software, and they will not charge you until 6 months later, which you MUST remember to cancel it if you decide not to continue with using McAfee Internet Security.

If you decide to continue with the software, do nothing and they’ll automatically credit the software cost from you then. No such thing as totally free lunch

Head on over to McAfee’s Official Facebook Page and claim your FREE copy now!!!

Free McAfee Internet Security Software For All Facebook Users

He was very sure that it is a stolen identity hacking activity and he claims that he knows when it happened, which he believes is during the time when he was in Malaysia for a business meeting and should be during the time when he was using a public computer in a cyber cafe in Kuala Lumpur. He was very certain it is during there and then when it happened.

I asked him how he knows about the “stolen identity” incident and he starts to shed more light into it. In the end, I discovered that his so-called “stolen identity” incident was nothing more than his business associates and friends receiving mails from him recommending them to buy “some enlargement device” or “prolonging pills” and such, basically, he was just another spam victim being masquerated as the originator. That’s all!!

I explained to him that someone from somewhere had managed to get a hold of his email address and using their email system to send out spam mails, but using random email addresses as the original sender, and in this case, his email address, to send out thousand of spam mails. Some of which belongs to his associates and friends.

To be on the safe side, however, I did a thorough check on his system looking for worms, viruses, spywares and any other rootkit malware or such, and his system is cleaned, very clean in fact, as we just did our maintenance for his system just 3 weeks ago!

After much tracing, we begin to suspect that these mails originate from one of his business partner. I made a quick call to the other party and asked them to check for some virus signature and voila, it is their computer that is infected and even during our teleconversation, the computer there was busy sending out more mails and generate lots more traffic.

I advised them to shut that system down and offered to check it for them later, chargeable of course, and yup, managed to clinch another deal the next day and probably will have our maintenance agreement signed too No good gestures goes unrewarded …

As for my panic-stricken customer, I do applaud him for calling us to check his system immediately but was quite puzzled as to why he use a public computer and not his personal laptop when he was in Kuala Lumpur. He claims that he thought of going shopping after his meeting so did not bring his laptop, and to him, it is more of a personal time out until his secretary in Singapore asked him to check something urgently, which he then has no choice but to use the public computer.

Don’t get me wrong, it is perfectly alright to use public computers to do your stuffs or surf the web, but there are some steps you’ll need to take to protect yourselves against any potential problem in the future.

I’ve outlined them below for your reading pleasure and hopefully you’ll remember to do it when you are using any public computer at any cyber cafe in any country, including Malaysia

1. Pay attention to your surroundings and use common sense
   • Beware of strangers around you, there might be potential shoulder surfers within your vicinity and always remember that a public computer is open to anyone.
   • Don’t view any sensitive documents from these computers
   • Look around and make sure no security camera are looking over your shoulder
   • Cover your hands when entering any login information, much like when you are using ATM (Auto-Teller Machines)
2. Don’t do online banking and online shopping
   • Even when you are using a bank’s triple secure login, it is still not advisable to use a public computer for your banking transactions, no matter what.
   • When you shop online using a public computer, you’ll inevitably need to key in your credit card details or Paypal login information, which will then expose yourselves to unnecessary financial crimes. Therefore, it is not advisable to shop online using a public computer. If you really need to, you may consider shopping at ShopBug.com, as we offer Cash-On-Delivery (COD) services, which means that you don’t need to key in any financial details and that means that you are somewhat less vulnerable. However, truth be told, if you are out of your home and in a cyber cafe, just get out of there and do some real shopping with your feet rather than a few mouse clicks
3. Don’t divulge your credit card details
   • As mentioned above, unless you want to be another statistics in the latest financial crime, don’t ever attempt to give your credit card details in any of these public computers
4. Don’t save passwords
   • I think it’s a very common sense to know that you should never save your password in any public computer, and if you are not aware of this also, I’ll really advice you to take part in some computer courses and know more about computing before you made any regrettable mistakes in the future.
   • As for your own personal computer or laptop which you believe to be secured, I’ll also adviced you NOT to save your passwords at all. It is such a primitive security but it does help to weed out casual trouble-makers, but if you let your systems remember your passwords, you might be in for a surprise when things really cropped out.
   • To make sure passwords are not saved in Internet Explorer 7, go to Tools | Internet Options | Content. In the AutoComplete panel, click the Settings button and verify that the Prompt Me To Save Passwords check box is deselected. None of the other AutoComplete features needs to be enabled either, so deselect them as well.
   • In Firefox, choose Tools | Options | Security and deselect Remember Passwords For Sites.
5. Don’t save files locally
   • By saving files locally on a public computer, you risk forgetting to remove it when you are done, and even if you do, traces of the file will still be lugging somewhere waiting for someone to retrieve it.
   • Use a flash drive instead to save your files and probably attach the flash drive to your key ring so you’ll be less likely to misplace it and create a new security problem.
6. Delete your Browsing History
   • When you’ve finished browsing, it’s a good idea to delete your cookies, form data, history, and temporary Internet files.
   • In Internet Explorer 7, you can do this all at once under Tools | Delete Browsing History. In older versions of IE, each of these must be deleted separately, under Tools | Internet Options.
   • In Mozilla Firefox, go to Tools | Options, click the Privacy tab, and select Always Clear My Private Data When I Close Firefox. By default, this erases your browsing history, download history, saved form information, cache, and authenticated sessions. Click the Settings button and select the options to erase your cookies and saved passwords, too.
7. Delete temporary files
   • If you use a public computer to surf the web only, step 6 above will help and this step may not be necessary for you. However, if you use Microsoft Office or any other applications on the public computer, then this step is very important to you.
   • Temporary files (often abbreviated to “temp files”), as opposed to temporary Internet files, are created when you use programs other than a Web browser. For instance, when you create a Word document, in addition to the actual document file you save, Word creates a temporary file to store information so memory can be freed for other purposes and to prevent data loss in the file-saving process. These files are usually supposed to be deleted automatically when the program is closed or during a system reboot, but unfortunately they often aren’t.
   • To find these files, do a search on all local drives (including subfolders, hidden, and system files) for *.tmp,*.chk,~*.*
     This will bring up all files beginning with a tilde or with the extensions .tmp and .chk, which are the most common temp files. Once the search is complete, highlight all and Shift + Delete to remove them. (If you don’t hold down Shift, they’ll usually be sent to the Recycle Bin, which you would then have to empty.)
   • If you did not clear these files, somebody else will be able to open the temporary files and recover your full content from it!
8. Clear the pagefile
   • The pagefile is the location on the hard disk that serves as virtual memory in Windows. Its purpose is to swap out data from RAM so that programs can operate as if they have more RAM available than you actually have installed in the computer. Anything that can be stored in memory could also be stored in the pagefile.
   • To delete the pagefile, change the settings in Windows Explorer. Click View | Folder Options and the View tab, then scroll down and click Show Hidden Files And Folders. Deselect the Hide Protected Operating System Files check box. Now, find the file named pagefile.sys. It is usually (but not always) on the C: drive. Delete it; a new one will be created when the system reboots.
9. Reboot
   • When you’re finished using the public computer, the final thing you should do is a hard reboot. This will not only clear the pagefile, if you’ve enabled that option, but it will also clear out everything you did from the physical memory (RAM).
10. Boot from another device
    • This is a fairly advanced option, and one that is often overlooked. If you boot from either your own USB drive or from a CD, many of the problems mentioned above can be avoided. Today, many Linux distributions have the option of running completely in memory after booting from a CD.
    • If a public computer has had its BIOS options left at default (which happens more often than you would think), this could be an option. If you are able to do this and remember not to save any other files to the local hard drive, everything will be gone when you reboot.

Do remember that there is nothing you can do to make a public computer completely secure. A truly malicious owner or user could install a hardware keystroke logger that would be impossible to detect without actually opening the case and inspecting it. With that less-than-comforting thought, use common sense and use public computers only for nonsensitive tasks.

His computer was basically crawling and hardly even got a chance to do a proper boot-up. Ten minutes after turning on the computer, the Windows logo finally appeared (never thought I’ll miss seeing it…), and before the logon screen appear, lots of windows start popping up. Missing file this, error message that, buy this, “your system is infected with …” that and WOW !! It just keeps popping up like fireworks!!!

There is no way for me to work on this system, and the only way for me to revive it is to totally reformat the whole system and start fresh again (if life can be so easy too…sigh….), but the user claims that he has got lots of very important data and they cannot be gone. Well of course, that’s what our job is all about.

I then proceed to remove his hard disk from the system and install it into another computer, making sure that the second computer has already installed with AVG antivirus and that it is updated to the latest definition file. The rest…. is just basic file copy, … virus alert, … heal, … continue, … virus alert, heal… and well, just too much of a nightmare to continue. I’m just sitting there clicking on the above messages like a mindless cuckoo and wishing there’s a much better way to end a day than this.

… begins to realize what kind of crap he’s putting into his system and how his life’s work can just go into the abyss of 0s and 1s …

Well, not too bad though, as during this time, my customer begins to realize what kind of crap he’s putting into his system and how his life’s work can just go into the abyss of 0s and 1s.

We begin to talk and this time (out of the many times I’ve talked to him), he’s serious. He asked me lots of questions and even took out his trusted organizer and begin to take down notes about how to prevent these incidents from happening again, and we even talk further and discuss about things to avoid when using computers. In fact, the list was pretty long, and I’m very surprised of his change of attitude towards learning to protect his system, and at the end of everything, at around 11:40pm (I started working on his system since 10am), he voluntary made a copy of his notes and gave it to me and asked me to always share these with my other customers, together with a S$500 cheque to buy whatever that’s necessary for him!! And that’s on top of my bill

Anyway, long story short, I’ve narrowed down the list and these will be the top 10 things to avoid when using your computer:-

1. Using a computer without a UPS (Uninterrupted Power Supply)
   • Protecting a computer is not just getting an antivirus program to protect your operating system and your software, you need to protect the hardware too.
   • Power outrages such as trips and brownouts are very common destructive forces and they can be easily avoided by getting a UPS. You may think that your systems are in danger only during an electrical storm, but anything that interrupts the electrical circuit and then starts the current back again can fry your components. Something as simple as someone turning on an appliance that’s plugged into the same circuit (especially a high voltage one such as a hair dryer, electric heater, or air conditioner) can cause a surge, or a surge may be caused by a tree limb touching a power line. If you have a power outage, you may experience a surge when the electricity comes back on.
   • An Uninterruptible Power Supply (UPS) has a battery that keeps power flowing smoothly even when there’s an outage, giving you time to gracefully shut down your system without corrupting your operating system and software.
2. Using your computer without a firewall or at least an antivirus software
   • “This computer don’t use the Internet, so it’s alright…” , “I only use the Internet to access my trusted bank site, after that I don’t surf the web…”, “The ISP says the router has built-in firewall, so I don’t need…”
   • If all the above sounds too familiar to you, imagine how many times I’ve heard it! In the older times, having an antivirus software to protect your system is considered sufficient, you are as well-protected as the brand of the antivirus software you use, but now, it is just not enough. Antivirus don’t protect your system against intrusion, hackings, worms and spywares (sometimes they do but in a very limited capacity).
   • If you don’t have any antivirus or firewall protection on your system, do keep my contact and call me when you need me to camp at your place too
3. Not updating your antivirus/firewall/antispyware definition files
   • For the above programs to protect your system, the software must learn about the latest virus patterns and/or intrusion signatures before they can flag it to be a malware or viruses. If you did not update your definition file, you may be able to catch those older and outdated viruses, but you are no match for the latest one.
   • The good thing is that all of these software will auto-update themselves and even if they don’t, all you need to do is to click the Update button and the software will usually update themselves.
4. Installing lots of programs, including beta version software
   • The more programs you install, the more likely you are to run across ones that either include malicious code or that are poorly written and cause your system to behave improperly or crash. The risk is greater with pirated programs.
   • Even if you install only licensed, final-release commercial software, too many installations and uninstallations can gunk up the registry. Not all uninstall routines completely remove program remnants and at the least, this practice can cause your system to slow down over time.
   • You should install only the programs that you really need, stick with legitimate software, and try to minimize the number you install and uninstall.
5. Having full and fragmented hard disk
   • One of the results of installing and uninstalling lots of programs (or adding and deleting data of any kind) is that it fragments your disk. Disk fragmentation occurs because of the way information is stored on the disk: On a new, clean disk, when you save a file it’s stored in contiguous sections called clusters. If you delete a file that takes up, for example, five clusters, and then save a new file that takes eight clusters, the first five clusters’ worth of data will be saved in the empty space left by the deletion and the remaining three will be saved in the next empty spaces. That makes the file fragmented, or divided. To access that file, then, the disk’s read heads won’t find all the parts of the file together but must go to different locations on the disk to retrieve it all. That makes it slower to access. If the file is part of a program, the program will run more slowly. A badly fragmented disk will slow down to a crawl. You can use the disk defragmenter built into Windows (Programs | Accessories | System Tools) or a third-party defrag program to rearrange these pieces of files so that they’re placed contiguously on the disk.
   • Another common cause of performance problems and application misbehavior is a disk that’s too full. Many programs create temporary files and need extra free space on the disk to operate. You can use Windows XP’s Disk Cleanup Tool or a third-party program to find and delete rarely used files, or you can manually delete files to clear space on your disk.
6. Opening every email attachments
   • Getting an e-mail message with an attachment is like getting an unexpected gift. You just have to peek inside to see what it is. But just as that package left on your doorstep could contain a bomb, that file attached to your mail message could contain code that will delete your documents or system folder or send viruses to everyone in your address book.
   • The most blatantly dangerous attachments are executable files–those that run code–with extensions like .exe, .cmd, and many others (see http://antivirus.about.com/od/securitytips/a/fileextview.htm for a list of file extensions for different types of executables). Files that aren’t themselves executables, such as Word .doc files and Excel .xls files, can contain embedded macros. Scripts (Visual Basic, JavaScript, Flash, etc.) aren’t directly executed by the computer but are run by other programs.
   • It used to be that you could assume plain text (.txt) or graphics (.gif, .jpg, .bmp) files were safe, but not anymore. File extensions can be “spoofed”; attackers take advantage of the Windows default setting that doesn’t display common file extensions to name executables something like greatfile.jpg.exe. With the real extension hidden, it shows up as greatfile.jpg. So the recipient thinks it’s a graphic, but it’s actually a malicious program.
7. Clicking on everything
   • Opening attachments isn’t the only type of mouse click that can get you in trouble. Clicking on hyperlinks in e-mail messages or on Web pages can take you to Web sites that have embedded ActiveX controls or scripts that can perform all sorts of malicious activities, from wiping your hard disk to installing a backdoor program on your computer that a hacker can use to get in and take control of it.
   • Clicking the wrong link can also take you to inappropriate Web sites that feature pornography, pirated music or software, or other content that can get you in trouble if you’re using a computer on the job or even get you in trouble with the law.
8. Unnecessary sharing of system resources
   • When you’re on a network, sharing can expose you to dangers. If you have file and printer sharing enabled, others can remotely connect to your computer and access your data. Even if you haven’t created any shared folders, by default Windows systems have hidden “administrative” shares for the root of each drive. A savvy hacker may be able to use these shares to get in. One way to prevent that is to turn off file and printer sharing–if you don’t need to make any of the files on your computer accessible across the network. This is especially a good idea if you’re connecting your laptop to a public wireless hotspot.
   • If you do need to make shared folders accessible, it’s important that they be protected by both share-level permissions and file-level (NTFS) permissions. Also ensure that your account and the local administrative account have strong passwords.
9. Using a weak password
   • Don’t pick passwords that are easy to guess, such as your birthdate, loved one’s name, social security number, etc. Longer passwords are harder to crack, so make your password at least eight characters long; 14 is even better. Popular password-cracking methods use “dictionary” attacks, so don’t use words that are in the dictionary. Passwords should contain a combination of alpha, numeric, and symbol characters for best security.
   • A long string of nonsense characters may create a password that’s tough to crack, but if you can’t remember it, you’ll defeat the purpose by writing it down (where an intruder may be able to find it). Instead, create a phrase you can remember easily and use the first letters of each word, along with logical numbers and symbols. For example: “My dog ate a mouse on the 5th day of June” becomes “Md8amot5doJ.”
   • Many times when I go to a customer’s site, I’m able to just log into the system without asking anybody for password. The users will just stare at me with their big round eyes and ask me how I do it, and I just simply point at a sticky note pasted below their monitor or pinned to their partition wall and tell them that is how I know. So please, imagine if somebody wanted to sabotage you in any sense, accessing your system with your password is the best way to hack.
10. Not backing up your data
    • An attacker may crash your system or your data may be corrupted or get wiped out by a hardware problem. That’s why it’s essential that you always back up your important information and have a plan for recovering from a system failure.
    • Most computer users know they should back up, but many never get around to it. Or they make an initial backup but don’t update it regularly. Use the built-in Windows backup program (Ntbackup.exe in Windows NT, 2000, and XP) or a third-party backup program and schedule backups to occur automatically. Store backed up data on a network server or removable drive in a location away from the computer itself, in case of a natural disaster like flood, fire, or tornado.
    • Remember that the data is the most important thing on your computer. The operating system can be reinstalled and so can applications, but it may be difficult or impossible to recreate your original data. Don’t wait for disaster to happen, take the first step, backup your data!