The Flame malware is currently leveraging two older Microsoft vulnerabilities that have been patched since August and September of 2010(specifically, that is Microsoft Security Bulletin’s MS10-046 and MS10-061).

This malware can record keyboard strokes, audio and network traffic. It has been said to also record Skype conversations. It is currently  most seen in Middle Eastern countries but its just a matter of time before we see it here as well.

All windows users should ensure that their PCs are running the latest updates provided by Microsoft by visting the Windows Update Site and installing all patches. Also ensure your PCs Antivirus is up to date.

DNSChanger is also known as TDSS, Alureon, TidServ or TDL4.

What does DNSChanger malware do?
DNS Changer malware causes a computer to use rogue DNS servers, controlled by cyber criminals, instead of a legitimate one that is provided by your Internet service provider.

This malware resides in your computer which may leave you vulnerable to criminal organizations that could misuse and redirect your Internet traffic.

How to detect the DNSChanger malware
Visit www.dns-ok.ca.

This website checks your computer settings to see if it’s infected with DNSChanger.

This website is hosted by the Canadian Internet Registration Authority (CIRA)

 If the screen is green, you’re not affected.

 If the screen is red, your computer is infected with the DNS Changer malware.

Perform this check on all the computers/laptops within your household to ensure your home network is not infected.

How can I fix/resolve this issue?
You have two options.

1. Seek help from a computer professional.
Contact  a computer professional to have the malware removed.
The Government of Canada has provided detailed information about DNS Changer that may be useful for your computer professional.

2. Try to remove the malware yourself (for advanced users).
Using a non-infected computer, consult the malware removal guidelines provided by the Government of Canada.

Please take note that we have received reports from several customers advising us that they have received a suspicious email. This email is setup to look like it is coming from our company and is requesting that you reply to the email with your personal information.

It is not our policy to request such information through email unless it has been approved by the customer. We prefer to speak with the customer directly when requesting information pertaining to usernames or passwords.

Below is a copy of such an email. Please review the email below and let me point out home factors that you can use to determine if an email is legitimate.

----- Original Message -----
From: "System Administrator" <webupgrademaintenance2010@gmail.com>
To: <undisclosed-recipients:>
Sent: Sunday, May 01, 2011 10:29 PM
Subject: ROUTE2.PE.CA WEBMAIL TEAM SUPPORT UPDATE/MAINTENANCE OF USER
ACCOUNT


DEAR ROUTE2.PE.CA USER

Due to the congestion on all route2.pe.ca Accounts,
ROUTE2.PE.CA WEBMAIL TEAM would be shutting down all unused Accounts.

We will be conducting our regularly scheduled maintenance, to
ensure that we provide the highest quality in Internet
connectivity and services to customers. Your connectivity and
services with us may be interrupted for short periods during the
maintenance window.We will also ensure minimal disruption to
services where possible.

In order to enable us perform quality maintenance on your
Internet access and e-mail service, please you must reply to this
e-mail message confirming your route2.pe.ca account details
with us.

Do confirm your account details below.

1. First Name & Last Name:
2. Full Login Email Address:
3. Username:
4. Password:
5. Retype Password:
6. Questions or Comments:


NOTE: Failure to respond to this e-mail message may result to
technical problems on your Internet access and e-mail service.

YOU ARE REQUIRED TO CONFIRM YOUR WEBMAIL IDENTITY WITH THE
WEBMAIL TEAM BY SIMPLY REPLYING TO THIS EMAIL WITH THE REQUESTED
DETAILS.

Warning!!! Account owners who fails to update his or her account
on receiving this notice might loose his or her account.

Thank you for using route2.pe.ca.

route2.pe.ca Support.
ROUTE2.PE.CA WebMail Team"
Copyright C2011 route2.pe.ca All rights reserved

1. The first thing to look for is who the email came from. In the
below email it says ""System Administrator"
webupgrademaintenance2010@gmail.com".

- Any emails from us will have an email address containing
"@route2.pe.ca" or "@summerside.ca".


2. The next thing is to look at the end of the email and the signature.
Each of us at Route2 will sign the email with our own name and include our
signature.


Most importantly if you have any doubts then it is better to be safe than
sorry. At any time feel free to contact customer support and we will be
able to confirm whether or not the email is legitimate.

Unfortunately phone scams are becoming more common in our society and more sophisticated. One such phone scam involves a person acting as a technical support agent who informs you that you have a problem with malicious files on your computer and he wants to walk you through fixing it. 

When you receive this call you think to yourself, “Yeah I could have a problem as there are so many viruses and spyware, or maybe my computer has been hacked.”  The scenario is possible and without question you may go to your computer and follow the instructions that the technician gives.  He may walk you through going to a particular website.  As soon as you visit the website some sort of program is downloaded to your computer without your knowledge.  Now that the program is on your computer, that person can access your files, can watch you go to websites and can capture the usernames and passwords (for example your email or your banking information.)  The sky is the limit as to what he can do with your computer.

Take caution, here are a few things to consider and some questions you should think about:

1. How did he know I had malicious files on my computer?
   1. Did someone call him and if so who and when? 
   2. Did he scan my computer?

                                                               i.      Who gave him permission to scan my computer?

1. What company does he work for? 

He may respond with “Support services for your Windows Operating System” but this definitely is not a company name.  He will try to dance around and avoid answering but be firm and ask for the Company name, his name and phone number.  You could even suggest that you call him back. 

Be safe never give out personal information, ask questions and if you have any doubts call either your local police or you can call PhoneBusters directly.  Their number is 1-888-495-8501. 

To learn more about scams you can visit the Canadian Anti-Fraud Center’s website http://phonebusters.com/.

If you believe that you are a victim of this scam and your computer may have been compromised then the fastest way to stop someone’s access to your computer is to unplug it from the internet.  Once disconnected from the internet you will then have to work at making your computer safe again.  If you do not feel comfortable completing this task then you may wish to seek the services of computer technician.