XP SP3 and Office 2003 Support Ends April 8, 2014

Windows XP has been around since August 24, 2001 – 12 years ago now. It is getting VERY long in the tooth.

Windows XP SP3 and Office 2003 Support Ends April 8th, 2014

Like many Operating System versions, Windows XP was not such a great OS in the beginning. BUT, like many Microsoft products, it got better after Service Pack 1 (SP1), but wasn’t the best it could be till after Service Pack 2 (SP2) and mildly better after Service Pack 3 (SP3). SP3 is the current version of Windows XP.

I loved Windows XP for a long time, even though it was getting long in the tooth. But I have come to love Windows 7 even more. Windows 8 … the jury is still out. For me I use several different operating systems. I also love and use Mac OS X or just OS X (as it is called now) and Debian Linux.

Windows XP has been on life support or Extended Support since April 8, 2009 when Mainstream Support ended. That was after two says of execution as it were since it was supposed to be ended earlier than 2009.

Windows XP has been the main stay for many folks for a long time in the Windows world — the last 12 years. That’s a long time for an Operating System version.

Windows XP still holds the #2 spot at 31.24% of computer users as shown below in the graph from NetMarketShare.com:

NetMarketShare.com Operating System Breakout - November 1, 2013

NetMarketShare.com Operating System Breakout – November 1, 2013

Windows 7 holds the #1 spot for a very good reason. It is still the best of the newer Operating Systems from Microsoft to date — in my opinion and nearly half of all Windows users to date. And Windows 7 is still good to go until January 14, 2020 (end of Extended Support – it is still in Mainstream Support until January 15, 2015). Here’s the break out of the Windows lifecycle fact sheet info:

Windows Life Cycles from the Windows Life Cycle Fact Sheet

Windows Life Cycles from the Windows Life Cycle Fact Sheet

I have said all this because we need to see where were are, and where we need to be as computer users, particularly as Windows users with April 8, 2014 looming over those of us still using Windows XP.

Especially in the light of the pervasive malware purveyors out there today.

We need to make sure we are all no longer using Windows XP of any kind before or at least by April 8, 2014 when Microsoft will no longer be providing ANY security updates for Windows XP.

A few years back they did the same thing with Windows 2000. It’s now Windows XP’s turn.

Please read the following articles to see why this will be very important:

Windows XP infection rate may jump 66% after patches end in April – Computerworld

Microsoft yesterday again put the scare into Windows XP users, telling them that after April 8, 2014, the chance that malware will infect their PCs could jump by two-thirds.

Windows lifecycle fact sheet – Microsoft.com (image above)

New stats show Windows 8 usage up sharply as XP usage plummets – ZDNet (for curiosity though, look at the difference between the table on ZDNet’s article and the one today).

NetMarketShare (choose Operating Systems from the dropdown to see the chart above in real time)

Gartner Says Worldwide PC, Tablet and Mobile Phone Shipments to Grow 4.5 Percent in 2013 as Lower-Priced Devices Drive Growth – Gartner.com

Source: Gartner Oct 2013 - Worldwide Device Shipments by Segment

Source: Gartner Oct 2013 – Worldwide Device Shipments by Segment

It would appear, that, as predicted, many around the world are moving to other types of computers, in particular mobile devices. This was forecast and it would seem to be coming to pass rather dramatically now.

It is amazing to see the number of people who rarely if ever use their desktop computers these days, relying on their mobile devices for almost all, if not all, their computing and Internet needs. Some folks no longer even have a computer other than a tablet, like the iPad or Nexus Tablet, or Surface, etc., or just use their smartphones for their email, browsing, messaging, gaming, etc. which is the bulk of what people seem to do on the Internet these days. Unless of course if their work or business, or gaming bents, are important to them. Having said that, even gaming has very much gone mobile for many people.

I am hoping that folks will take a look at the overall picture and determine which direction they wish to go now that there are only a few months left before Windows XP will no longer be a viable Internet connected computer.

Will a Desktop or Laptop be the way to go, or will a Mobile device like a Tablet or maybe even just a smartphone be enough for many folks? Staying with Windows or moving to a Mac may also be a consideration.

No matter which way folks ultimately go, deciding will be important and thinking about this is really needed with Windows XP going away in just a short few months.

Over 31% of computer users will need to make this decision before April 8, 2014, if they wish to remain as safe as they can be on the Internet.

Even with Google Chrome continuing to support Windows XP SP3 a year after Microsoft (till 2015), if the Operating System itself has no updates, that will certainly not be enough.

Lots to think about and only a few months to decide … Windows XP SP3 and Office 2003 Support Ends April 8th, 2014

Emails with Malware URLs

It is amazing to me how many malicious emails one can get!

Just today, I got one that purported to be from CNBC, however, the link was not any of the CNBC franchise websites. So I thought, well, maybe I missed one?

I searched Google for the root domain name in email link and it tried to give me real life news channel results which were of course all legitimate websites, not the dangerous one that was in the email.

However, it did give the ability to search on the exact domain again if I really meant it, which of course I did. The only links available — which I was very happy to see — for that domain name were several links to malwareURL.com – (The MalwareURL Team is a group of Internet security experts dedicated to fighting malware, Trojans and a multitude of other web-related threats) that exposed the website in the email as a malware site for a work at home scam:

This web site is a known security risk – Detailed web site security report

Security Category: Work-At-Home scam

The results on the link above about the website stated the following:

Domain matching reallivenewschannel.com were found in our database.

1348 other active domains were found on 707 IP(s) for AS30058 (FDCSERVERS)

Show the report for AS30058 (FDCSERVERS)

Malicious URLs on reallivenewschannel.com
/weeknews/lastnews.php
/weeknews/go.php

Blacklist
Google
Google Diagnostic Page

My WOT
WOT Score Card

hpHosts
hpHosts listing

MalwareDomainList
MDL listing

After the above information, there was information specific to the domain.

Interestingly, the domain appears to be registered in NY, USA.

The name servers are in .RU/Ukranian domain origins.

In addition, this malware link in the email had a prefix that looked like the following, except I changed the numbers in the link:

cf533cb444.reallivenewschannel.com

NOTE: Notice the above is not a live link as we don’t want to visit under any circumstances, unless you are a security researcher preferably using a throwaway Virtual Machine or live CD.

If I had looked at this email in full HTML as it was intended by the malware purveyors, it would have looked somewhat like the following in simple HTML except it would likely have had the look of a CNBC website rather than just the text as it does in simple HTML:

A CNBC Event – Work At Home Mom Makes Almost $10,000/Month, Part-Time

Patricia Feeney of , never thought she’d have a job working at home until she filled out a simple form online, one afternoon. Before she knew it, she had discovered her secret to beating the recession and no longer had worries about being able to provide for her family – and she did all of this by working from home. » Continue reading

CNBC
To unsubscribe to this email click here. If this e-mail was forwarded to you and you’d like to sign up for additional alerts from CNBC click here.

© 2012 CNBC, Inc. All Rights Reserved. 900 Sylvan Avenue, Englewood Cliffs, NJ 07632

See where the Continue reading is? That was the link, totally obfuscated from view to trick users into thinking it was a CNBC link when actually it was linked to the full malware URL I have been discussing in this posting.

Pretty convincing isn’t it? Looks like a legitimate email from CNBC.

If you looked at the email source, you would also have seen that the real Return path is not CNBC, but a user from a .pl domain.

Thankfully, SpamAssassin did give it a 6.5 Spam Status level (required was 5 so it was 1.5 beyond the level required to be considered Spam. X-Spam-Report says the following:

X-Spam-Report: 
*  2.3 FROM_STARTS_WITH_NUMS From: starts with many numbers
*  1.8 URI_HEX URI: URI hostname has long hexadecimal sequence
*  0.0 HTML_MESSAGE BODY: HTML included in message
*  2.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
*  0.1 RDNS_NONE Delivered to trusted network by a host with no      rDNS

Sadly, many emails that look like they originate from legitimate sites come in every day and people are often fooled by them. Many times just because they look at emails in HTML.

These types of things would fall by the wayside if everyone was more wary and understood that when they send out millions of emails like this likely every day or every week, it only takes 1.5% of the people to respond to make it well worth while to the spam, malware, phishingspear phishing, or scam (or any combination together) purveyors.

Also check out the Anti-Phishing Workgroup website for more information.

There are many of us who have been using email clients that allow you to view emails as Plain Text such as; Thunderbird (opensource – free – accepts donations), Postbox ($9.95 – based on Thunderbird and by original Thunderbird developers), Pegasus (free but proprietary – accepts donations), and there are many others that allow plain text. Most Linux based email clients give this ability as well.

Oddly, however, although Apple Mail granularly allows you to choose (after already choosing the email message) to read in plain text on an email by email basis — Apple Mail DOES NOT have an option in Preferences that allows you to choose to view emails as Plain Text by default which would prevent many problems with these dangerous types of emails. This is very sad news for Apple users. Microsoft Outlook DOES NOT give users the ability to view emails in Plain Text either (on an email by email or by option in preferences). I would very much like to know why Microsoft and Apple do not give that option to people. These are the two most ubiquitous email clients used in OS X and Windows.

I have read emails in plain text from the very beginning. Intentionally. Simply because I don’t want to be accidentally fooled by this type of  spammalwarephishingspear phishing, or scam.

Email clients like Thunderbird (opensource – free – accepts donations), Postbox ($9.95 based on Thunderbird and by original Thunderbird developers), Pegasus (free but proprietary – accepts donations) give the ability to view in original HTML, simple (non-executable) HTML or Plain text. They also give you the ability to allow or disallow images inline! Very important if you wish not to be tracked by email senders with beacon ads, web beacons, web bugs. These email clients also give an easy way to view the source of an email so you can do your own investigation of information in the headers or body of the email, and to facilitate sending comprehensive email information about spammers, etc. to sites like PayPal, Google, eBay, your bank, etc.

Sadly even many website based email clients, like GMail, Yahoo Mail, Outlook.com, Hotmail, MSN Email, etc, go only half way in regard to these very necessary capabilities … if that.


			

Attackers exploit latest Flash bug on large scale

[tweetmeme source=”franscomputerservices” only_single=false]Attackers exploit latest Flash bug on large scale, says researcher (Computerworld):

Hackers are aggressively exploiting a just-patched Flash vulnerability, serving attack code “on a fairly large scale” from compromised sites as well as from their own malicious domains, a security researcher said Friday.

The attacks exploit the critical Flash Player bug that Adobe patched June 14 with its second “out-of-band,” or emergency update, in nine days.

Check your current version of Adobe Flash and make sure you have their latest version. They have put out 2 out of band updates recently, so we all need to really be sure.

Lizamoon and Epsilon breach

[tweetmeme source=”franscomputerservices” only_single=false]There are two major things that users need to be aware of right now, as if there weren’t enough already. 😉

One affects email and the other affects browsing/surfing the Internet. Both bad news, and we all need to be very aware of what has happened and why we have to be very vigilant in making sure we don’t click on links in email, open attachments sent in email, or respond to potential unexpected boxes and requests while surfing the Internet.

Financial and payment services are the biggest areas being hit right now, and will continue to be so much more effective and dangerous due to the current economy while people scramble to survive around the world.

Targeted Sectors Q2 2010 - Anti-Phishing Working Group (APWG)

Targeted Sectors Q2 2010 - Anti-Phishing Working Group (APWG)

Lizamoon/LizaMoon drive-by rogue malware infection

Lizamoon is a drive-by rouge antimalware or antivirus download infection. Thankfully you generally have to take some action to allow it to install as noted by Fred Langa in the comp copy of WindowsSecrets.com newsletter in his article entitled, “LizaMoon infection: a blow-by-blow account“. Must read!

The most important takeaway is that Fred said he had to take action on four separate occasions before the infection took place:

On the other hand, deliberate choices and actions by a user can defeat any software. LizaMoon required my active, voluntary involvement four different times before the infection took hold.

LizaMoon wasn’t even subtle: I had plenty of warnings and opportunities to abort the process, the malware itself provided abundant clues to its own bogus nature (such as an inability to keep its aliases straight).

Much more in the article. A must read for all who surf the Internet to be able to identify this rogue drive-by infection when it happens/if it happens.

The biggest takeaway:We can prevent these types of things by being aware and not clicking on things just because they are presented to us while surfing the Internet.

Epsilon breach – Spear Phishing attacks

Epsilon is an outsourcing marketing company for many big companies/banks. They have a huge database of people’s email addresses, names and the company or bank associated with each email address. This makes the spear phishing, generally a very effective social engineering technique and can make their attacks via email so much more effective…mainly because they know the email addresses are real, and more importantly they can link the real name and the actual company/bank connected the email address.

Computerworld reports, “Security experts today warned users to be on the watch for targeted email attacks after a breach at a major marketing firm that may have put millions of addresses in the hands of hackers and scammers.”

Brian Krebs (KrebsOnSecurity) and Heise Online Security report,

Epsilon has now confirmed that approximately 2 per cent of its total clients were affected. According to a blog post by security blogger Brian Krebs, financial services company Visa and American Express (Amex) say that they were not impacted by the Epsilon breach. However, the following banks, service providers and online retailers are said to have been affected:

1-800-FLOWERS
AbeBooks
Air Miles (Canada)
Ameriprise Financial
Barclay’s Bank of Delaware
Beach Body
Bebe Stores
Best Buy
Benefit Cosmetics
Brookstone
Capital One
Chase
Citigroup
City Market
College Board
Dillons
Disney Destinations
Eddie Bauer
Eileen Fisher
Ethan Allen
Euro Sport (Soccer.com)
Food 4 Less
Fred Meyer
Fry’s Electronics
Hilton Honors Program
Home Depot Credit Card (Citibank Editor)
Home Shopping Network
JPMorgan Chase
Kroger
Marks and Spencer
Marriott
McKinsey Quarterly
MoneyGram
New York & Co.
QFC
Ralph’s
Red Roof Inns
Ritz-Carlton
Robert Half International
Smith Brands
Target
TD Ameritrade
TiVo
U.S. Bank
Walgreen’s

Much more in these articles, must read, as well as others on the web including WashingtonPost, eWeek, BBC, and others.

The biggest takeaway: Don’t believe everything you see in email. Don’t trust links or downloads in email. Check with the person who sends it before opening any downloads and don’t give out information from your bank, and other sites, etc. unless you can confirm it definitely came from them. You can always go to the site directly from your own bookmarks/favorites and login to ensure you get to the right place. Don’t use their links in email unless you can verify it’s really from the company. In fact, one can get into trouble and get further compromised by clicking on links in email.

Side note: this is why I do not view email as HTML. So much can be hidden behind all the pretty pictures and code.

And be prepared. Keep your antivirus software and antimalware program as well, clear your Internet cache frequently. If you suspect you have been hit with one of these rogue antivirus/antimalware attacks, unplug the Internet/network cable from your computer to prevent further harm and take appropriate action by running Malwarebytes Antimalware, CCleaner (or other temporary Internet cleaner program you use), and then a scan with your antivirus software and take whatever recommended action they call for. Links to these programs provided on our Resources page.

If you make sure both of these are updated before you surf for the day, you will be in a much better situation should you somehow get hit with something.

And do your backups, and have an image of your OS to restore from if it becomes necessary. Windows 7 makes this very easy to do with their built-in image creator and backups, and system repair disk.