An interesting lesson in service

I’m a business owner (and as surely as the day is long, I’m not perfect at it), but I’m also a consumer. Everywhere I go I find that I’m strangely vigilant about the business. I look for those subtle things. I analyze what I like and don’t like about the location, the service, even those little small nuances that make the business what it is.

I like eating at Cora’s. Excellent food, always fresh, pleasant staff and a bright and cheery atmosphere. I look at the placemats. Rather than a few stock pictures and a price list, I’m met with a smiling face and a bunch of interesting tidbits that I rather enjoy reading while I’m waiting for my food to arrive. I even brought a couple home with me so I could read them again.

I guess what I’m saying is that I always make mental notes about what I like and don’t like, then strive to incorporate the stuff I do like into my own business. That mentality of “treating others the way you want to be treated” strikes time and time again…hopefully to the benefit of our clients.

I bought a bed from a local company. I suppose I could have bought it from Sleep Country, but I didn’t simply because the “sale to beat all sales” every week grows weary after a while and it made me doubt their credibility. Instead I decided to go for another, smaller chain. I like the bed and everything, but I was very dismayed by how it was handled. They gave me a great price, I paid and left, thinking I’d have it in a couple of weeks as it was special ordered. I had no problems waiting as long as I was given the heads up.

Well, the promised date came and went, with no bed. Two more weeks passed and still no bed. A call to the store informed me that there’d been a mistake and I’d have it in a couple of days. I was disappointed, sure, but these things happen. A week came and went. Finally I got a call that my bed had arrived and while setting a date for delivery I was informed I owed money. That’s odd, I thought. I paid for it in full at time of ordering. The lady said she’d look into it and call me back. When she did, I found out that I owed $3.80 for HST on the delivery because they were delivering it on July 2, one day after the HST kicked in.

There’s a point to this story, honestly. The point is this. It was a real kick in the pants to be told I owed $4.00 when the delay was their own doing. It’s not even the $4.00, it’s the concept of the thing that was utterly dismaying. I made a note to myself. I would never make a client pay for my mistakes and I would never nickel and dime them to death either. If I quote a price, I’m going to live up to it, whether it’s $4.00 or $100. I won’t forget how I felt… and I’ll certainly endeavor not to let my clients feel the same way.

It’s not always the big things that make our experience a positive one, something that makes us want to return time and again. Sometimes it’s as simple as a couple of toonies.

Share

Save

Microsoft to launch “Kinect” device for Xbox360

Microsoft is gearing up to launch their Kinect device in November, just in time for Christmas. It is a device that allows the user to control the Xbox Console through movements and gestures. 15 titles will be available at launch. At this point it’s not certain what the retail price would be, though estimates are between $50 and $200. What I find interesting about this technology is how it might apply to the desktop or laptop computer.

Visions of Iron Man 2 come to mind. Excellent.

You can read about it in this Reuters article.

Share

Save

This could be huge. Microsoft and FBI bust first scumware infection ring

Many of my blog posts have focused on what I call “scumware”. Using dirty tricks to plant garbage, malware and infections on people’s computers, conning them out of their money, costing them money to fix it and, when left unchecked, destroying their computers. With the proliferation of free “hacking” tools, script kiddies or “wannabe hackers” crawled out from under their rocks to get a piece of the cyber crime money tree.

Microsoft just issued a press release stating that in conjunction with the FBI, they’ve nailed the first group in a global operation. This is fantastic news and a great start. It’s time to get these people behind bars, or at least away from computers.

Scareware Indictments Put Cybercriminals on Notice
Posted by Tim Cranton
Associate General Counsel, Microsoft Digital Crimes Unit

Today the FBI announced federal indictments returned against three culprits charged with disseminating a major malware scheme believed to have caused $100 million in losses to victims worldwide. The scheme revolved around a form of malware called “scareware,” which falsely persuades consumers that they need to purchase useless and expensive software to protect their computers. Microsoft is proud to have supported the FBI and the U.S. Department of Justice in these cases, which send a clear and important message to cyber-criminals that they will be caught and brought to justice.

The scheme in these indictments was global, complex and sophisticated. The scareware went by various names, including WinFixer – meant to mislead consumers into associating the bogus software with trusted Microsoft products. At one time, WinFixer and its variants are thought to have been responsible for 75 percent of scareware worldwide.

Two of the three defendants indicted in this case are non-U.S. residents, accused of working with an Ohio resident to perpetrate the scheme. This illustrates how cybercrime has become global. Boundaries and jurisdictions are irrelevant to cyber-criminals. The problem can’t be tackled by any single entity working alone; strong cooperation is needed among governments, law enforcement and technology companies.

In the period leading up to these indictments, investigators from Microsoft’s Digital Crimes Unit, with the support of Microsoft’s Malware Protection Center and Customer Support Services, helped provide data to the FBI on damages caused by the scheme. We also testified before the grand jury to provide forensic analysis on the malware involved. Microsoft participated in the case not only because the scheme traded on Microsoft’s name and trademarks as a means of luring victims, but also because we believe in the importance of a trustworthy and reliable computing experience for everyone.

The Department of Justice and the FBI have put a stake in the ground to protect consumers; at Microsoft, we stand beside them in the fight to make the Internet a safer place.

http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/05/27/scareware-indictments-put-cybercriminals-on-notice.aspx

For more Microsoft information on fake security products, please click here.

Share

Save

“How did I get an infection?”

This is a question we hear quite often. It used to be that we could make the general recommendation “avoid adult, pirate software and file sharing sites”. That is no longer the case. Many argued the answer was Firefox because the viruses were being installed with ActiveX controls. When Internet Explorer cracked down on the installation of ActiveX controls, virus creators gave up on that.

Tonight I was researching a project. I clicked on a result in Google that took me to the page I wanted to go to. I did land on the correct page. However, at the same time Microsoft Security Essentials sprang into action and popped up a warning that a threat was detected in a web page it had saved in cache. The threat was a javascript infection imbedded in a web page (htm) file. Deleting the threat resulted in this message:

What’s interesting about this is that the website had no advertising, nor did it have any Adobe files on it. Yet here, on my computer, something is trying to use my Adobe Reader and Java (a .jar file is a Java file) to infect my computer. I performed a search to find out where 188.72.211.253 (the internet IP address) came from. As you can see in the following screenshot, the address is administered by Ripe in Amsterdam:

Amsterdam?? My web page was based in Idaho. Ripe Network controls half the internet. There’s more digging to be done here. Let’s search the Ripe database to find out where our little criminal mastermind is hiding their files:

Let’s all say hi to our friends in Turkey. Here’s the funny part. Go to http://www.imajhost.com/. The title of their page suggests “The Most Secure Network”. Really? Hmmm.

I do a little more digging and find this:

http://www.windowsecurity.com/articles/Prepare-MPACK.html

As it turns out, it’s a team of Russian hackers calling themselves the “Dream Coders Team” that developed a kit called Mpack retailing for $300 to $1000. A similar product first showed up in 2007 called Icepack, developed by the IDT group. It seems that Mpack and IcePack faded from the public eye in 2008 or so.

I did a little more digging and found these:

http://www.securelist.com/en/analysis/204792044/Bootkit_the_challenge_of_2008

http://research.zscaler.com/2010/03/recent-spike-in-neosploit-activity.html

In 2007 another web attack kit named Neosploit surfaced. It functions in a similar way to Mpack and Icepack and originally sold for $1000 to $3000. I’ve found references to Neosploit Toolkit as late as April 2010 being found on web servers.

Recently (May 4, 2010) the US Treasury website was hacked using the Eleonore Exploit Pack. You can read about that here. The Eleonore Exploit Pack was created by ExManoize in June 2009 and retails for about $1000 USD. It is updated once a month or so as new exploits are added. Currently he’s up to over a dozen of them in his “pack”.

The goal of these kits is to find vulnerabilities in websites and exploit them. PHPnuke, Wordpress, contact forms, Adobe Flash, ActiveX, third party widgets, etc. with security flaws are all targets of these tools.

The attackers hack the server the website is hosted on to install the tool’s manager and alter the webpage. What it does is add an “iframe” to any normal webpage. An Iframe can load a webpage that’s not related to the site you are viewing and can be hidden. What these guys are doing is altering normal web pages. As your proper webpage loads, the page loaded in the Iframe is redirecting you to a PHP server running the tool kit. This server determines what operating system you have, what browser you are using and what vulnerabilities you have on your computer. Once it figures that out, it launches the infection. It may keep trying until it finally finds an infection that works. A report is then sent back to the operator of which exploits were successful and which country you are from.

In my case the infections were hosted in Turkey and launched three different exploits. The first was a trojan downloader that would try to connect to different websites. The second, the JAR java file in the screenshot above, tries to start shell code and then starts the downloader. The third is a PDF exploit. It checks the version of Adobe Reader on my computer (unfortunately for them, Acrobat is my default PDF handler), downloads a PDF file, executes it with PDF reader and a a script in the file executes automatically.

Fortunately Microsoft Security Essentials caught it. These toolkits are constantly updated. The point of installing the manager on the infected web server is so that even when the website is fixed, it is reinfected by the attackers at regular intervals. If you are a web site owner, the way to protect yourself from these attacks is to change your FTP password at regular intervals and ensure all your applications are updated.

To read more about how these types of infection work, see this article and this article

It’s very easy to get your hands on these toolkits. It didn’t take me long before I found and downloaded Neosploit 2 to confirm the download link was still active. Script kiddies all over the world are wreaking havoc on the internet by having easy access to these tools.

Another problem we’ve seen a lot of is infected banner ads. Attackers are exploiting third party advertising sites such as Interclick to spread their vicious payloads.

So why do this? The answer is money. One scenario is that the attackers can affiliate themselves with sites like Clickbank. Clickbank will give them a little commission for each product they are responsible for selling. One product that pops up on Clickbank on a regular basis is fake antivirus software. Using Mpack, the hackers (well, script kiddies is more like it) can infect your computer with the fake antivirus. When you purchase it they get a commission. Alternatively the makers of the software themselves can use Mpack to spread their scumware. In the end, the result is the same. They make money with their crime…and the chances of getting caught are very, very low.

So what is the solution? We’re still working on that, but your best defence is to keep your Windows and browser software up to date. You can also view this list of known domains participating in these scams to add to your HOSTS file (if you’re unsure how to do this, bring your computer into us for servicing and we can do it for you). It’s also critical to keep Adobe Reader, Adobe Flash and Java up to date. When you see a popup to update them, it’s important to do so. It re-emphasizes the importance of having legitimate Microsoft software to make certain you get the proper updates. It also helps ot have the best antivirus installed. We currently recommend Kaspersky Internet Security or Microsoft Security Essentials.

Share

Save

We passed the test!

Last year, unbeknownst to us, Microsoft sent a secret shopper to our location to find out if we sold genuine software or pirated it. As most of our clients know, we only offer genuine Microsoft products to our clients, including all relevant packaging. The reasoning is simple. It is to your advantage for security and functionality.

Pirated software means you don’t get valuable updates which include security fixes. It means your system is vulnerable to attack. It also can result in reduced functionality. One example we’ve seen numerous times is Microsoft Office, where you can only open documents, but not save them or send emails.

We’ve seen several vendors in classifieds such as Kijiji selling computers or computer repair with pirated software. We strongly recommend that with every new computer you purchase (this does exclude off lease or used computers) that the vendor provides you a VALID license key sticker, manual and disk. If they don’t, we encourage you to report them to Microsoft’s Piracy hotline at 1-800-RU-LEGIT or http://www.microsoft.com/piracy

Our secret shopper reported back that we were offering legitimate Microsoft software. When you purchase a new system or computer repair from Northern Protocol, you purchase security and piece of mind.

Read the letter we received from Microsoft.

Share

Save

The unfortunate reality of amateur computer sales / repair (Kijiji, etc)

It’s a fairly regular occurence. Someone gets sucked in by the “cheap” prices they see in classified publications like Kijiji and ends up getting taken for a ride. We’ve seen numerous examples of it over the years but this one really stood out.

Our client was referred to one of these scam artists by their neighbour. Everything seemed fine on the surface. The fellow came across as legit, knowing the right words to say. Our client paid their money and then sat back and waited.. and waited. Six weeks of persistent phone calls later this excuse of a computer showed up at the door.

It came to us because it kept crashing until finally it wouldn’t load into Windows at all.

There are some things to note about this computer.

• The wiring is everywhere. It was thrown together in five minutes
• The power supply is a $10 MIOS piece of junk
• The rear fan isn’t connected. Bad air flow results in premature hardware failure.
• The main drive, a Western Digital, is failing badly and needs to be replaced
• None of the drives are fastened on both sides. The fellow didn’t even bother taking the time
• Half of the motherboard stand off supports and/or screws are missing.
• There is no Windows license on the computer
• The backing plate was improperly installed and the clips were bent outwards

Unfortunately there’s no regulation of the industry, especially on sites like Kijiji. I’m sure there’s the occasional person on there that’s legit and can actually do a decent job, but we’ve yet to see it. If this isn’t the “expert”, “elite” or “quality” computer repair that you’re looking for, our only recommendation at this point is that any of these people that are advertising cheap computers or services in free classified websites and publications should be avoided.

Share

Save

I think we’re off and running

Well, it looks like the blog is fixed. I’ve fixed whatever broken links and images I could find. There are some more things I would like to do, such as revise the recent projects layout and organize examples of laptop repairs. That will be coming shortly. However, the main part and look of the site is complete. If you find any bugs, please don’t hesitate to contact us and let us know. It would be very much appreciated.

Thank you for your patronage.

Share

Save

Blog is broken, but site is up

It’s almost humerous writing this in my blog, but my blog layout is broken at the moment. I’m working hard to get it resolved. There are still glitches here and there on the site that I’m finding, such as the occasional broken link, odd formatting and missing media and I’m working as quickly as I can to get it fixed. Thanks for your patience.

Share

Save

New site nearing completion!

If you’re a fan of our Facebook page, you’ll know that I’ve been working late hours on our new website. It’s nearing completion and almost ready to launch. I’m getting very excited. Stay tuned as I’ll be launching it soon. This is by far our best looking site to date, with focus placed on graphic elements and easier navigation and access to key information.

When it’s being launched please be patient as there will be site outtages and broken links during that time. I will announce right here on my blog as I’m making the changes.

Share

Save

Phishing scams in your email… The real truth.

I’m just going through some junk mail, looking at a phishing scam email from MBNA Canada (supposedly). This is interesting, take a look at this:

http://www.letsfish.net/images/glyph/include/
onlineaccess/NASApp/NetAccess/mba.jpg

Dear admin@npinc.ca,

Your MBNA Canada account(s) have been recently flagged by our security and fraud department in order to prevent any monetary loss or unauthorized charges. It appears that your credit card account(s) have been tampered with and accessed by an unauthorized user.

Protecting the security of your account(s) is our primary concern. Therefore, as a preventative measure we urge you to secure and confirm your account immediately. Once you have been identified by the system, your account status will be restored to normal as our security and fraud department continue their pending investigation in this matter. Please continue below to safely secure your account:

https://www.onlineaccess.ca/NASApp/NetAccess/ http://www.letsfish.net/images/glyph/include/
onlineaccess/NASApp/NetAccess/

Please note that you must authenticate your information within the next 48 hours. Failure to do so could result in a suspension/termination of services, as well as your liability of all possible unauthorized activities on your account(s). Thank you for your patience and cooperation in this matter as we work together to protect your account(s) security.

Sincerely,

Brian Sheldon
MBNA Canada Security

________________________________

Copyright © MBNA – MBNA Canada 2010
(74R4CB8H1B)

Note the links. The first link is the one you can actually see in your email. It looks like it’s coming from onlineaccess.ca. The second link is the REAL link. Where you’re directed to when you click on it (using html email coding, the same as web pages, you can hide actual links).

Here’s the interesting part. When you click on the actual link, you’ll end up at a warning page. The APWG has already been notified. Go to the parent site. www.letsfish.net. Notice what it is? It’s a website for fishing tours off the coast of Venezuela. Is it just me, or do you wonder just how much of people’s stolen money paid for the boats in those photos?

There you have it, for whatever it’s worth. I’m sure the owners of www.letsfish.net will have some glorious nonsense story about some “hacker” using their website to steal financial information. They’re no doubt COMPLETELY oblivious.

Share

Save