Internet users in Sweden hit with “porn surfing fine”

Swedish media today reports that several thousand Swedes have been tricked into paying “porn surfing fines” after their computer is held hostage by blackmailers.

The scam works by tricking web surfers into believing the Police is after them for engaging in smut surfing. A notice is displayed that the user must pay a fine of 150 USD within 24 hours, or the case will be handed to a prosecutor. Oh, and the use of their computer is made impossible until they have paid the fine.

This is another example of the increasingly popular ransomware malware class that sees criminals make good money extorting computer users. As ever, a good anti-malware program should be your first line of defense.

A look at the future: What’s new in Windows 8

Windows 8 is due to be released soon - the general release date has been set to October 26, 2012. In this post we will look at some of the new features of Microsoft’s latest operating system.

The big new thing is the Metro interface, a new user interface optimized for use on table PCs. Take a look at the screenshot to get a feel for what this will look like. If you’ve ever used a Windows Phone you’ll notice the similarities immediately.

There will be four major versions of Windows 8 available. These are:

  • Windows 8
  • Windows 8 Pro
  • Windows 8 Enterprise
  • Windows RT

The last one, Windows RT, is for use on tablet computers that use the ARM architecture (a special platform that uses a reduced instruction set processor). Windows 8 Enterprise and Windows RT will not be available for sale directly to consumers - the former only via volume licensing programs and the latter only if you buy a tablet computer with Windows RT preinstalled.

Metro design language

New applications using the new Metro design language will be available only through the Windows App Store. This move sees Microsoft adopting the strategy of Apple and their App Store. Developers will need to use a programming language that supports the new Windows Runtime application architecture. The applications will run inside a sandbox and will have restrictions on which APIs they can make use of. The full Windows API will not be available to application developers.

What this means is that many apps that could be developed on the old Windows API will not be deployable on the Windows Metro platform. For example, API calls such as VirtualAlloc() and VirtualProtect() will not be available to Metro applications.

New Features

Windows 8 features a new login screen. New login options optimized for tablet computers are a four-digit PIN and “picture password”, which allows you to login by drawing a gesture on an image.

Microsoft have also integrated with their Microsoft account to allow users to store data in the cloud, thus making files and personal settings available on any computer where users log in to their Microsoft account.

The new File Explorer replaces the old Windows Explorer and uses a ribbon-interface to make it easier for users to perform file and folder actions. File Explorer allows users to mount ISO, IMG and VHD files as virtual drives without the use of any third-party applications or drivers.

In summary, Windows 8 will be quite a shift from the old Windows XP/Vista/7 versions. Microsoft is moving towards a “walled garden” with their new Windows App Store. Whether this will ultimately benefit users and developers remains to be seen.

Getting KISS My Firewall to Work on Fedora Core

KISS My Firewall is an excellent firewall script for iptables. Unfortunately, it does not work out of the box on later versions of Fedora Core. Trying to run it, you’ll get the following error message:

Since the ip_tables, ipt_state, and/or ipt_multiport modules do not exist, KISS can not function. Firewall script aborted!

The reason for the message is that the files ip_tables.ko, ipt_state.ko and ipt_multiport.ko do not exist on Fedora, even if iptables is installed and working. The fix is simple. Go to line 140 in your kiss script file and comment out the following lines by adding a # hash character in front of them:

if [ ! -e "/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/ip_tables.$EXTN" ] || [ ! -e "/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/ipt_state.$EXTN" ] || [ ! -e "/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/ipt_multiport.$EXTN" ]; then
echo "Since the ip_tables, ipt_state, and/or ipt_multiport modules do not exist, KISS can not function. Firewall script aborted!"
exit 1

After commenting these lines out the KISS script should run fine.

Hilarious Support Email

Today, the following email landed in our support mailbox:

Honourable trojan hunter. programs during the scan clearly shows that the magnifying glass does not reach the corners of pages. it is possible that computer viruses will remain in parts of the files?

The email had the following image attached:

It seems the user is concerned that files are not getting thoroughly scanned since the magnifying glass in the scan animation doesn’t completely sweep each file icon. Either that or he’s pulling our leg :)

More on the ThinkPoint Fake Anti-Spyware Application

If your system is infected with the fake antispyware application ThinkPoint you may find yourself greeted with the following screen when restarting your computer:

This is a full-screen window with the lie “ThinkPoint - World’s leading security solution” prominently displayed. Only one button is enabled, and it is labeled “Safe Startup”. Click that, and ThinkPoint will do a dog and pony show that presents your system as infected by various pieces of malware, the solution to which, it claims is to purchase the full version of ThinkPoint. All of this is a lie, of course.

So how does ThinkPoint hijack you computer’s startup screen? It does this by changing the registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Windows NT\Shell to point to hotfix.exe (or whatever filename it is programmed to use). Some versions also modify HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Windows NT\Shell in the same way.

The good news is that you can bypass ThinkPoint to gain access to your computer. Simply press Ctrl+Alt+Del and look for a process named hotfix.exe. Right-click on that and select Terminate Process. The ThinkPoint screen should go away. At this point, all you will see is a blank screen, but we will fix that. Go to to File -> New Task in Windows Task Manager and type explorer.exe. Click OK and Explorer should start, giving you access to your computer again. Now is the time to run an antimalware application, such as TrojanHunter to remove all traces of ThinkPoint for good.