Beware of new Phishing scam - Tab Nabbing!

A friend pointed me in the direction of this article about a new kind of phishing technique known as “tab nabbing”. Essentially a tab in your browser is Hijacked and you are redirected to a fake version of a web site. Check out the link for full explanation and safe demonstration - Article Here

Malware Hell! My little help guide

Over the last couple of years viruses have become pretty much unheard of whilst malware and spyware infections are at a plague like level…and it’s making my life and prob most tech support guys/gals lives absolute hell!

If you have no idea what I am talking about then I refer you to the bible that is Wikipedia - http://en.wikipedia.org/wiki/Malware

Check out the section on BotNets - bit creepy really but clever at the same time.

In a nutshell - popups, fake antivirus software, denied access to security web sites, identity theft, key loggers, diallers - the list goes on. I guess you could say its organized crime and your PC (once infected) is one of many vehicals used to distribute it around the world.

In  all honesty I really don’t see a light at the end of the tunnel on this issue, short of everyone switching from MS Windows to Linux or OS x we’re screwed.

My personal opinion is that the governments (for those countries that have one) should crack down on it but thats probably a tall order and would be like finding a needle in a hay stack!

I guess the real cure is prevention, but with prevention comes educating users on not to click the link in the email they received from the person they don’t know to track the parcel they never ordered on a spurious looking web site.

So here are my top tips:

DNS Filtering
You can use a DNS service like www.opendns.com (at least in the UK) to filter out known Malware and Phishing web sites. This is a great way of avoiding the nasty web sites and if you’re not technically minded the instructions are pretty straight forward to set this up.

Local Host DNS Filtering
You can filter using the hosts file on Windows systems, there are a number of web sites that maintain a list of common infected web sites and you can download this list and copy it into your hosts file.

What’s a hosts file? When you request a web site (or something on your system requests it) the hosts file in Windows will be the first point of reference to find out where the web site lives.

Example:

You want google.com

Windows looks in c:\windows\system32\drivers\etc\hosts and sees no entry for google.com so it goes to your ISP’s DNS server to find out where google.com lives.

If we put an entry in the hosts file such as:

google.com 127.0.0.1

Windows thinks the web server for google.com is 127.0.0.1 - it will never reach google.com because 127.0.0.1 is the loopback IP, i.e. your own system.

If we apply this logic to a truck load of infected web sites

bab-mofo-website1.com 127.0.0.1
I-am-infected-website.net 127.0.0.1

etc…. you get the idea - your system can never reach the site and therefore cannot be infected.

Check out www.malware.com.br for lists

Software, software and more software!
Search the net for anti-malware software and you will be faced with a choice of thousands. Some legitimate and some not!

The problem I find is there is not one product that will find everything and I have to use 3, 4 or maybe 5 different products (failing that I format C:) before I fix the issue.

In my kit bag I have:

CCleaner - clean out those temp files
Unlocker - unlock files you are trying to delete
MalwareBytes -www.malwarebytes.org
SuperAntiSpyware - www.superantispyware.com
HijackThis (HJT)

You can get most of these from Major Geeks http://www.majorgeeks.com/downloads31.html

alternatively check out my other post of the all in one downloader

All in one toolkit for anti-malware/spyware