Simple I.T.

F1 Key Virus Warning Outline
Message warns that responding to a pop-up prompt by pressing the F1 key when visiting an infected website could download and install a virus on your computer.

Brief Analysis
The warning is valid. Microsoft has announced that because of a vulnerability in VBScript when using Internet Explorer in older versions of Windows, pressing the F1 key when on a specially crafted web page could install malware on the visitor's computer. The vulnerability is not present in Windows Vista or Windows 7. At the time of writing, Microsoft notes that they are not aware of any actual attacks that have use this method.

Last updated: 11th March 2010
First published: 11th March 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer

Subject: Virus warning F1 key

Microsoft has announced a new virus is making the rounds.

It pops a box up on your screen and tells you to press F1 for further help when you visit an infected website. Pressing F1 downloads and engages the virus.

If you are prompted to press F1, ignore it, no matter how many times it continues to pop up and remind you.

Detailed Analysis
This message, which circulates via email and social networking websites, warns recipients about a potential computer security threat involving the F1 key. According to the message, users should watch out for a pop up window that instructs them to press the F1 key when visiting a website. The warning notes that pressing the F1 key as requested could result in a virus being downloaded and installed on the visitor's computer.

The warning is valid. A threat like the one described was outlined in a March 1st 2010 Microsoft Security Advisory. The advisory notes:
Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. The main impact of the vulnerability is remote code execution. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.

The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialogue box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user. On systems running Windows Server 2003, Internet Explorer Enhanced Security Configuration is enabled by default, which helps to mitigate against this issue.

Say what you want on Twitter but be careful about it, warns AVG (AU/NZ)

Melbourne, 24 February 2010 - Last weekend, there was another Twitter security breach - a phishing attack. As the Twitter micro blogging service comes into its fourth year of existence, it is more popular than ever, which makes it a perfect target for cyber criminals. The nature of Twitter has always meant to be very open, so what are the best ways to protect yourself?

AVG (AU/NZ) has put together a list of top 10 tips to help you stay safe on Twitter. Don't forget to tweet it to your fellow tweeple!

1. Limit what you say
It's easy to tweet about where you are and what you're doing, but do you think about who is listening? What might seem like a harmless comment initially could be used to piece together a picture of your whereabouts and plans! Unless your tweets are protected, they are going to be out in the public domain. Fraudsters can use this information in many ways.

2. Be careful what you click on
Be suspicious about links that you are sent and posted. Many people use URL shortners on Twitter, so it is often very difficult to check what you are clicking on. AVG LinkScanner® can help check suspicious links, but remember: if you are in doubt, don't click!

3. Be vigilant
Watch out for suspicious activity in your tweet stream and inbox. If you start receiving strange messages or your friends are being unusually spammy, it might be worth double checking that their account hasn't been compromised.

4. Think before you tweet
Remember, the whole world can see what you write and even though tweets can be deleted, they are still searchable. Don't tweet when you're in a state of mind that might have you saying something you'll regret later. While it is funny thinking about it, the consequences are often not as amusing. Additionally, by including 'hash tags,' you increase the search for your chosen term, so think about who will be searching for your tweets.

5. Don't be too trusting
You can never be sure the stranger you 'networked' with via Twitter is who they say they are. Don't be easily befriended by strangers on Twitter who may not have your best interests at heart.

6. Check third party applications
There are hundreds of applications out there for Twitter. Before signing up to one of these, check to see that they are safe. You can do this by looking for mentions of the tools on trusted sites. Remember that the apps generally require your password and log in details so be extra cautious before sharing this information.

The same basic rules that apply to other social networking sites can also be applied to Twitter, so don't forget the following too:

7. Password information
Use different passwords, or even better still, set up separate email accounts for your social networks. That way, if you stop your account, you can easily delete the email account too. Be mindful of where you are sending your updates and the types of security questions you set.

8. Signing in
Check your browser settings on your computer so that your information is not stored for anyone else to see if you are on a shared computer!

9. Watch out for phishing attacks
As Twitter gets more popular, the likelihood of phishing attacks grows. Be aware of attempts to get users to give up their login and passwords by tricking them with fake tweets and direct messages.

10. Being mobile
Be mindful about who might have access to your mobile phone. If you have a Twitter application, make sure you log out once you're finished with it.

Lloyd Borrett, Marketing Manager for AVG (AU/NZ) advises, "As with any online activity be smart, be aware, be careful, and you can stay as safe on Twitter as anywhere else online."

For more AVG security tips, see http://www.avg.com.au/resources/security-tips/.

Say what you want on Facebook but be careful about it, warns AVG (AU/NZ)

Melbourne, 12 February 2010 - With more and more people using Facebook and sharing personal data, criminals are finding it a rich source of income - they are harvesting and selling information, stealing identities, sending spam and planting viruses.

"People put themselves at risk every day by carelessly clicking on invitations sent by 'friends' to join groups or write on their wall," said Lloyd Borrett, Marketing Manager for AVG (AU/NZ). "They put all their personal information including date of birth and photos on their page. They even respond to fake Facebook requests for security details."

AVG (AU/NZ) has put together a list of top 10 tips to help people stay safe on Facebook or other social media sites. Don't forget to share these tips with your friends and family!

1. Think about who you add
It's not all about the numbers of friends. Remember when you accept a friend request you provide your new friend with access to lots of information about you. This includes, posts, photographs, messages and all the background information that you write about yourself. You can delete friends at any time, so perhaps it's time to refresh your list and think about who you really want accessing your information.

2. Check your settings
Recently, Facebook changed the default privacy setting to share information publicly. It's worth spending some time to go through your settings and adjust where necessary; you may be sharing more than you intended. You even have the option to add 'limited profiles' for those people that you may not want accessing your personal information. It's up to you how you want to use these settings so it's definitely worth having a look to create a profile that's right for you!

3. Why are you on Facebook?
Ask yourself what you want to achieve with your profile. Is it just to share photos, or keep in touch with people, or even to share links and updates of your activities? Sometimes it's better to cut down what you show on your profile; this includes signing up to applications which also take a lot of your data. You can always add or remove options as you go, so if your needs change, so should your profile.

4. Be smart about your password
Try not to use the same passwords on all of your accounts. It's also important to be mindful of where you are sending your updates and the types of security questions you set.

5. Be aware of where you sign in from
Check that the computer that you sign in from doesn't store your email address and password. It seems simple but often it's easy to accidentally choose it to 'remember you'. Make sure you have the appropriate privacy settings on your browser.

6. Be careful what you say
Make sure that what you say in status updates and comments is something that you would be comfortable seeing on the front page of a newspaper. Once you post it, anyone that sees it can copy and post it elsewhere, or take action based on it. Do you really want everyone to know that you will be all alone at home tonight or away next week?

7. Watch out for Phishing Attacks
Over the past year, there have been many attempts to get users to give up their login and passwords by tricking them with fake emails from Facebook. Never select any email links asking you to click to reset your password. Always go directly to Facebook - if there is a problem, Facebook will notify you on site. Installing and using an up-to-date complete protection solution on your PC, like AVG Internet Security, will also safeguard you against spam and phishing attacks.

8. Take immediate action
If friends start receiving spam from you or status updates appear that you didn't make, your account may have been compromised. If you think this has happened, immediately change your password. If you can't log in to your account, go to the Help link at the bottom of any Facebook page and click on Security to notify Facebook about your account.

9. Protect your mobile device
Be mindful about who might have access to your mobile phone. Many phones today have apps that connect you into many social networking sites such as Facebook. Therefore, if you use these apps, make sure you log out of them when you are no longer using them.

10. Monitor suspicious activity
Watch out for suspicious activity on your Wall, News Feed and Facebook Inbox. Never, ever click on suspicious links. They can often look enticing, e.g. "Hey come look at my charity cycling pictures on my site." Before you click, look closely! Does the site look authentic? If in doubt, don't click on it.

AVG's Lloyd Borrett advises, "As with any online activity be smart, be aware, be careful, and you can stay as safe on Facebook as anywhere else online."

For more AVG security tips, see http://www.avg.com.au/resources/security-tips/.

As you know, I am not a fan of any type of internet toolbar so even this one is on my no-go list. Be careful when installing other software that a toolbar isn’t being added to the installation, such as the Yahoo or Google toolbars. Both are susceptible to attack more easily than the browser itself. They send data back to their respective HQ and that line of communication makes for an easy target and can be traced back to your browser and your computer too.

I would suggest getting rid of any extra toolbars you might already have in your browser immediately by going into Control Panel and then Add/Remove Programs (or Programs & Features in Vista & Windows 7). Scroll down the list and get rid of the following if you have them: AOL Toolbar, ATOL Toolbar, ATO Toolbar, Google Toolbar, Windows Live Toolbar and the Yahoo Toolbar. There are many more but these are the main ones I dislike and have found security issues with. Epson, Kodak and PDF toolbars are ok in Windows Explorer but can still be a problem in your browser – use them at your own risk.

The only ‘toolbar’ I do agree with is the Free Launch Bar; which is a very handy tool for increasing the size of your quick launch icons at the bottom of the screen. This makes the ‘single click’ icons much easier to use!

A full installation package for AVG FREE version 9 is now available to download off the Grisoft website. Rather than struggling through the web update (which I can assure you I have found to be a tremendous pain in the bum!) this is a straight-up file that does it all from your computer … once you’ve downloaded all 70MB of it that is.

So, for those of you who don’t have AVG 9 yet, you can download the installer here: http://download.avgfree.com/filedir/inst/avg_free_stf_en_90_707a1765.exe. When you click on this link it will open your browser and start the download immediately.

Just follow the installation, clicking Next > Agree to the license agreement > Standard installation > Next > Next > I would suggest you say No to the AVG Security toolbar (see below) > Next.
Once the installation is complete, you might need to perform an update of AVG’s virus definitions. Right click on the AVG tray icon and choose Update Now.