Friday, September 30, 2011

OK guys my friend's company is doing a promotion and offering free Apple macbook air's

For over a year now, Facebook users have been periodically plagued with scam offers for a free MacBook Air. The pitch starts with a Facebook message from a friend of yours (aka victim) who recommends the "OK guys my friend's company is doing a promotion and offering free Apple macbook air's. This hasn't been released to everyone yet but I'm sending it out to you guys to get a chance to get them first" and sends you a link to a Facebook Wall. The perpetrators are and can be flamed by sending roadkill to this address.

9858 Clint Moore Rd Suite C-111 #319
Boca Raton, Florida 33496

Read the fine print, however, and you'll discover the MacBook Air 'giveaway' scam requires you to qualify in two ways each for each of three separate tier programs. The net result is that you pay more for required incentive merchandise than the MacBook Air is even worth. Then, assuming you've spent that much and actually qualified, you have to jump through a bunch of other hoops in order to claim "the prize". Any mistake or omission along the way, and your out all the cash with no Macbook Air to show for it.

This type of scam dates back well before the days of the Internet, when scammers sent enticing offers in snail mail that required similar jumping through hoops in an attempt to win merchandise that proves near impossible to obtain. But while the scam itself is old, it continues to give new meaning to the phrase "a fool and his money are soon parted".

Part of the added way people can earn points for one of the tiers is by recommending their friends for the program - which is how new victims are enticed into the program. After all, it's a recommendation from a friend - though in reality, a friend that has themselves been hooked by the scam.

Though the scam is misleading and costly, it manages to stay slightly on this shade of legal probably because terms and conditions are provided upfront for those who bother to read such things (and many don't, but everyone should!).

From the Better Business Bureau:

The Pitch: OK guys my friend's company is doing a promotion and offering free Apple macbook air's. This hasn't been released to everyone yet but I'm sending it out to you guys to get a chance to get them first

Also common on Facebook are ads to get a free MacBook Air claiming that the company is seeking laptop testers. The ads lead to an incentive marketing program at where participants must sign up for various products and services in order to earn their free laptop.

The Fine Print: Customers must complete two options from each of the three tiers, Top, Prime and Premium before receiving their "free" MacBook. Example offers listed in the Top and Prime tiers include signing up for credit cards or trial offers for subscription services such as for vitamin supplements or DVD rental services. In some cases, the participant will need to pay for shipping, and if they aren't vigilant about canceling the trial offers they signed up for, they'll begin being billed every month.

You are responsible for all local, state, and federal taxes on any gifts you receive. requires that anyone receiving gifts valued at $600.00 and above in any calendar year complete and submit a W-9 form from the Internal Revenue Service in order to allow to comply with IRS reporting requirements.

Examples of the Premium offers listed on the Web site that must be met in order to get the MacBook are much more expensive and include paying as much as $1,500 for furniture, credit cards with high interest rates or purchasing a travel package with a minimum value of $899.00 per person.

BBB Warns: Incentive programs can be extremely costly in the long run and the fine print shows that the customer might have to pay a significant amount of money in order to get their "Free" items. It is also a red flag that Apple does not even make MacBook Air in purple, red, pink, or green.

Read More......

Wednesday, May 11, 2011

Instructions - Removing Win7 Antivirus or other rootkits

This rootkit is getting pretty gnarly. I get 4-5 of these a week at my small shop and I've even seen it a few times on Win7 64bit. I have developed some tricks to remove it over time and I know from experience that attempting to use multiple accounts/plugins/add-on's don't work for the average person from a useability stand point, so I don't even bother recommending them. I end up getting more calls from the restrictions than I'd get if they were re-infested. On the front lines there is no way we could keep up if private tool developers weren't playing their part. AV developers are either lost or intentionally hamstrung.

My toolkit is Cleanup 4, CCleaner, ComboFix, Autoruns, Process Explorer, Process Monitor and Reglite my old school friend. Then Malwarebytes, CCleaner for a general post clean removal scan.

Brian Krebs recently blogged about how Google Images is being used to deploy this Malware. Highly recommended reading as Krebs on Security is a favorite of mine!

There is usually a multi-stage infection routine with the social engineered hijack being the first aka. Google Images/Facebook/Codecs etc. It's lately developed a mechanism to inject itself into Windows Security CP and Windows is at times treating this thing like a legit AV software - insane. Usually the system is pretty quickly disabled with restore Points deleted and either all .exe files hijacked (so nothing will run) or registry based System Policies implemented so: Run As --> is restricted; Admin CP's are all locked down; Registry access is hosed.

I have been successful at this point to Run a renamed Combofix As Administrator (although renaming seems to be less of an issue lately), but in XP the administrator account usually has no password and you won't be successful. Adding a password at this point (even if you can as the CP is locked down) won't help.

Best idea at this point is to reboot into Safe Mode with networking (as administrator if possible) and either get Restore to run or get Combofix to run.

Restore is your best option under all conditions and in 64bit Windows it may be your only option! Although there are some tools that are billed as removing rootkits from 64bit systems from my experience they don't work.

If System Restore works make sure you reboot straight back into Safe Mode on reboot using the same profile (administrator) until it's complete. If you don't 9/10 it will fail to complete the restore successfully. Even if restore works you must still run Combofix; because it seems to me some files are being left behind to be used in a future Hijack attempt. I have noticed this more recently!

If ComboFix runs you'll usually lick this with one scan, and then all that's needed is a Cleanup 4 run and a reveiw of drivers in AutoRuns making sure you follow any files still existing and delete them at the source. Sometimes Combofix will only get the registry on the first pass and the file(s) may still exist. Although always remember after Combofix reboots to go back into Safe on reboot and log back into the same profile you were logged into when you ran it.

It becomes more time consuming when Safe Mode is disabled or the system Blue Screens when booting into Safe Mode and you have use RegLite to modify the Policy registry entries manually so you are able to run the tools in regular boot mode. Then you can add add a password to the Administrator account if necessary in XP use Run As Administrator.

If you are unlucky enough to experience a system that the user has actually purchased (accepted the EULA and installed it) it becomes exponentially more difficult to remove and the system is an offical zombie। This means keep it off the network if possible particularly if other machines are around. Using Combofix becomes tricky particularly if it's gotten into the boot record.

For more detailed Malware removal instructions visit Michael's awesome blog.

Read More......

Monday, November 08, 2010

KitRx - Announce New Google Apps Exchange Tools

Google is making it a lot easier for customers of Microsoft Exchange to go Google with Apps. Google Apps Migration for Microsoft® Exchange is a new server-side tool that migrates your company's email, calendar and contact data from Microsoft Exchange to Google Apps. With the tool, migrations are:

Easy: set it up in just 4 steps
• Efficient: select the combination of mail, calendar and contact data that you want to move, with the option of doing so in phases
• Fast: migrate hundreds of users at the same time
• Painless: employees can continue to use Microsoft Exchange during the migration without interruption or any involvement on their part

As Paul Lovett, Project Manager for the Google Apps project at New Zealand Post, described, "We are a very calendar-bound organization, so Google Apps Migration for Microsoft® Exchange was the missing link in our migration strategy, allowing us to perform a server-side migration of our calendar and contact data from Microsoft Exchange 2003. We moved our corporate executive team first which required spot-on accuracy and a quality product, and Google Apps Migration for Microsoft® Exchange met that high bar.”

At Kitrx we welcome this assistance in migrating our clients from burdensome and expensive Exchange Servers and allows us to provide flat rate pricing for this service.

"I had been a Microsoft Exchange user and administrator for more than 10 years, so I assumed we’d go with Microsoft Exchange and Outlook clients. Then I thought about our overtaxed IT staff of five, and what would be required from them to set up and run Exchange. We would need to purchase, configure, integrate, manage and maintain many hardware and software components. We would also have to worry about our 50 mobile users and managing client software for their devices, too. I was also thinking about the cost for all of the required hardware and software. It would be a significant investment.

Then we started looking at Google Apps. The move to a cloud computing model really made sense for us because we wouldn’t have to worry about mail servers, updates to the software, backups, softwarerollouts to desktops or mobile users, and constant maintenance. Google Apps’ features met our requirements and provided 50-85% in cost savings to maintaining our old system or moving to Microsoft Exchange – either on-premise or hosted. With Google Apps, we got a complete messaging solution with anti-spam protection, disaster recovery and a 99.9%uptime SLA built-in. We also got features for collaboration that came as an extra bonus to email – and we're now looking at different ways to use Google Sites and Google Docs to improve our collaboration, internally and with customers. But probably the feature that our employees love the most is chat, including video chat, which is fully integrated and included in the suite of apps."

For more information about San Diego Google Apps Services visit Kitrx by EveryMethod

Read More......