NEPA Geeks Blog

The Daring Librarian >> 4 Password Security Tips You Should Be Using

4 Password Security Tips You Should Be Using

How secure is your password? Is it “password?” Come on… These days, security is more crucial than ever. As more and more of your accounts get tied together with Facebook/Twitter integration, hackers can easily gain access to all of them with just a little bit of work. Don’t make it easy for them!

Here is a great infographic from The Daring Librarian detailing 4 password security tips you should follow when setting a password for any of your online accounts (and 10 other geeky tips you should be using):

4 tips secure password infographic daring librarian security

And there you have it. Hopefully, this will give you something to think about the next time you need to set a good password (hint: that time should be RIGHT NOW! Remember Password Security Tip #4!)

Despite anything you may have been told in the past, and how no password can be 100% secure, they are all we have standing between us and stolen identities, stolen credit card information and much worse. Personal data, and even work-related information, is at stake. This is especially worrying if you borrow a laptop from work with valuable data on it, work from home on a personal computer or interact with the public, making yourself susceptible social engineering scams at the office. Having a lousy, easily crackable password could cost you your job if you’re not careful.

There’s no guarantee that these password security tips are going to keep you completely safe, but they should definitely make it a lot harder for hackers to get into places they don’t belong.

Ars Technica Article Covers the Basics on Malware

virus malware spyware worm trojan

Protect yourself! Learn about malware.

Viruses, worms, trojans, spyware and malware — what does it all mean? If you’re at all familiar with technology, you’ve probably heard a few of these words dozens of times. But what are they? What’s the difference between them? This lengthy, in depth Ars Technica article covers the basics.

We all try our best to keep our antivirus software up to date while practicing the “tried and true” methods of handling potentially malicious software. For example, you should never click on an email attachment, even if it looks innocuous. The problem is that some malware is very good at looking like perfectly safe file types, such as PDFs, Word documents or pictures, so these things aren’t always obvious (which is why they work so well at being spread like wild fire.)

The best thing you can do is educate yourself. Learn as much as you can about malware, how it works and how it spreads. Learn about the things that viruses can, and can’t, do. This article from Ars Technica is a great start!

Viruses, Trojans, and Worms, Oh My: The basics on malware is the second installment of Ars Technica’s Guide to Online Security, and a good read for anyone who wants to know more about malware and how to protect themselves from it.

From here, you can always look up information on Wikipedia or other security websites and blogs. There’s a wealth of information out there, so take advantage of it! And, if worse comes to worse, you can always give NEPA Geeks a call. We specialize in virus removal and would be more than happy to assist you with any questions you might have.

Phishing Scheme Poses as Facebook Security to Steal Passwords


We are urging Facebook users to be on the lookout for a phishing scheme that is looking to steal your passwords. NakedSecurity recently published a blog post stating that scammers are now using Facebook apps to dupe unsuspecting users out of their Facebook password.

The scheme involves sending users an email purporting to be from Facebook’s security team, telling them that their accounts have been found in violation of Facebook’s terms of service and asking them to click on a link to log in and verify their account to avoid suspension. If you get this message in an email, don’t click the link and DON’T enter your username and password!

To keep yourself safe, don’t reply to messages from ?ac?bóok S?cur?y or click on links in emails that ask for your passwords. No one from Facebook will ever ask for your password, and users should be wary of anyone posing as such.

Looks can be deceiving

Part of the scheme being used by the bad guys is a Facebook app designed to look like a legitimate Facebook security page.

facebook ?ac?bóok S?cur?y phishing scheme scam password steal

Fake Facebook security page, via NakedSecurity.

This is a screenshot of the Facebook app users will see when they click on the URL in the email. Notice that the name ?ac?bóok S?cur?y is a made-up jumble of characters that were arranged to look like they spell out the words “Facebook Security.”

The app has nothing to do with Facebook and isn’t from Facebook’s security team. Pay special attention to the URL in the screen shot below:

facebook phishing scheme security stolen password ?ac?bóok S?cur?y

This screenshot, provided by NakedSecurity, shows what users will see if they click on the link in the email. Notice the incorrect spelling of the word “suport” in the “account_suport_help” part of the URL. This obvious, glaring flaw might be easy to spot by people accustomed to seeing these kinds of scams, but they can look pretty convincing to many who are less “tech savvy.” Also be aware that this kind of scheme is very easy to replicate and may use any combination of addresses and designs to fool users into willfully handing their passwords over to criminals.


“Secure Message” Scam Targets Victims in Email Malware Attack

Secure Message Scam Targets Victims in Email Malware Attack

We all hate getting spam — unwanted junk email — in our email inboxes, but in this case, it’s not just unsolicited ads clogging your inbox, it’s a vicious virus attack.

secure message scam email trojan virus zbot troj/zbot dpm

An example of the secure message scam email, care of NakedSecurity.

A new twist on an old scam has victims of a malicious software attack download a computer virus through an email attachment disguised as a secure message from banks and other firms. Be wary of emails with a subject line that says something similar to “You have received a secure message,” and then attempt to get you to download ZIP files (such as to read the message. A trojan virus, known as Troj/Zbot-DPM, could be inside and used to get control of your computer.

Computer security site NakedSecurity wrote a blog post giving detailed information on the malware spam attack.

What is a Trojan Virus?

Remember the tale of the Trojan War, where the Greeks build a large, wooden horse and hid soldiers inside? The people of Troy, thinking the horse was a gift, brought it through their impenetrable gates. Once inside, when the people of Troy least expected it, the Greek soldiers unleashed their attack and gained a swift victory. That’s essentially what’s happening when you download this “secure message” ZIP file — you’re allowing a virus to infect your computer and give control of it to some unknown computer criminals.

What to do if you receive this secure message scam

First of all, don’t click on the link inside or open any attachments that come with it. Simply delete the email and you should be ok. Even if the message looks clear or is from a source you trust, it could be a spoof set up by the scammers. Unless you fully trust the source and can identify the contents, you should be extremely wary.

If you’ve already clicked on the link, downloaded the file and suspect you may be infected, it’s not too late to correct the problem. Just give us a call at 570.474.5100, and we can set up an appointment to do a full virus removal on your computer.

Patch update eliminates Java exploit infecting computers with FBI virus

Oracle Patch Eliminates Java Exploit Being Used to Install FBI Virus

Good news! Oracle has released a patch to update Java. This update will fix the vulnerability that was being used to install the Reveton Ransomware (aka FBI Virus) on unsuspecting users’ computers.

Simply follow the instructions on the Java installer page to get the latest version of Java installed on your computer.

If you have been infected, give us a call at 570.474.5100 to set up an appointment or bring your computer to us to have the virus removed. Click here for directions to our office in Mountain Top, PA.

Java Exploit Eliminated, Virus Remains At Large

On Sunday night, Naked Security published a blog post alerting everyone that the patch was now available. Once installed, the latest version does eliminate the current Java exploit. However, the virus is still out there and can infect computers that are not running the latest version of Java. There also still exists other ways to be infected by the virus.

We therefore recommend leaving Java disabled unless there is a specific need for it. Other vulnerabilities may still exist, and there is always the threat of new Java exploits in the future. Unfortunately, there is no way to make the web 100% safe. If you do need to keep Java enabled, make sure you trust the applets that you need to run and be wary of sites that load malicious applets without your knowledge.

The FBI Virus, Explained

FBI malware locks your computer, demands ransom to unlock it.

FBI malware locks your computer, demands ransom to unlock it.

In case you missed it, on Friday we published a blog post about a recent Java exploit that was installing the so-called FBI Virus on users’ computers and how to disable Java to avoid infection.

The FBI Virus locks users’ computers and displays a bogus message purporting to be from the FBI, stating that the computer was being used for illegal activity (pirated software, illegally downloaded movies and music, child pornography and hacking, for example) and the owner would need to pay a fine to restore their computer. In actuality, the message had nothing to do with the FBI and was, instead, from computer criminals demanding a ransom.

As was often the case, this ransom was more expensive than what we would normally charge to remove a virus and carried no guarantee that the computer would ever be unlocked. As such, we still recommend customers and clients bring their computers to us if they suspect they have been infected rather than paying the amount being demanded by the message. Again, the message is NOT from the FBI and carries no legal weight.

We’ll have more information as the situation develops, but at present, this most recent threat seems to be eliminated.

New Java exploit infects computers with FBI Virus

Java Exploit Infects Computers with FBI Virus

According to a blog post on Malware Bytes’ website, there’s a new Java exploit that is being used to infect computers with the infamous FBI virus. The suggested solution is to disable Java. We have links to instructions on how to disable Java listed below.

[UPDATE – 1/13/2013 – The latest version of Java eliminates the exploit being used to infect computers. We still recommend disabling Java, however, be sure to install the latest version of Java — Version 7, update 11 just in case you absolutely need Java on your computer. And if you have been infected, give us a call at 570.474.5100 to set up an appointment or bring your computer to us to have the virus removed. Click here for directions to our office in Mountain Top, PA.]

What is the FBI Virus?

FBI virus reveton ransomware malware locks your computer pay fbi fine unlock computer

FBI malware locks your computer, demands ransom to unlock it.

The Reveton Ransonmware, or The FBI Virus as it is more well-known, locks your computer and displays a message that says the FBI is aware that your computer has been used for some “illegal activities.” The virus then demands that you pay an outrageous fine or risk further prosecution. In truth, the message isn’t from the FBI; it’s a scam by computer criminals looking to extort money from any user who falls for the scheme and pays up to have their computer restored.

The FBI Virus has been spreading for quite a while, popping up on various tech news sites and security blogs. We first alerted users about the FBI Virus on this blog back in November, warning victims to NOT pay the fine and, instead, bring their computer in to be professionally cleaned. If you have been infected, we still stand by that original recommendation. However, if you haven’t yet been infected, we’re now suggesting that you disable Java to prevent the virus from infecting your computers.

How to disable Java

Java is a computer language used to make applications that run in your web browser. It requires a plug-in be installed in your web browser to run these applications. Naked Security, a computer security blog maintained by, lists several ways on how to disable the Java plug-in, depending on your preferred web browser.

Listed below are direct links to the instructions for each browser:

Pay the bad guys, or pay us to clean your computer?

Choosing to simply pay the ransom to unlock your computer might seem like a cheaper, more convenient way to get rid of the problem. However, you have no guarantee that the computer will be unlocked. Furthermore, your computer will still be infected. That’s why we suggest you bring it in to us at NEPA Geeks. We’ll make sure the virus is gone and that your data is intact. We charge much less than the amount being demanded and have tools that can help prevent future infections. You get your computer restored to fully-functioning condition AND the bad guys don’t get any of your hard-earned money. Doesn’t that sound like the smarter alternative? It is.

Remember: if you’ve been infected, DO NOT pay the fine being demanded by the virus. It is definitely NOT from the FBI. Further, if you haven’t been infected, we suggest that you disable Java using one of the techniques listed above. Let’s stay safe!

A warm welcome to our latest web hosting clients Antipode

A warm welcome to our latest web hosting clients, Antipode!

We love sharing news about new clients who have decided to make NEPA Geeks their web-hosting home. For example, the latest clients to settle-in and set up shop with NEPA Geeks are Antipode — a troupe of geek belly dancers from State College, PA.

antipode geek belly dance chrono trigger

From their site: Antipode is a geek belly dancing troupe hailing from State College, PA. Fusing the theatrics of acting with a mix of cosplay, pop-culture, and off- beat humor Antipode brings the audience not just dance, but full geek entertainment.

I first saw Antipode dance at the 2012 NEPA BlogCon. The troupe’s dance theme that day was “Internet Memes,” incorporating their dance routines with costumes, music and other props to recreate popular internet sensations that people couldn’t stop talking about and sharing on Facebook, Twitter and Tumblr. The audience was very happy to see them dance as we all took a break from learning about blogging to eat some lunch, relax and network with other bloggers and future bloggers.

Would you like to know more about Antipode? For more information about the troupe — including pictures and information on how to book them for an event — just visit their website at, proudly hosted by NEPA Geeks. Not only will you learn more about them, you’ll also find the answer to a great question: Just what is an “antipode,” anyway?

While you’re at it, take a look at the hosting packages we offer. Our variety of packages will easily fit within your budget. We also offer content and SEO services, just in case you need some extra “oomph” or “pizzazz” to get traffic to your site. Give us a call, today! You’ll be in good company with other satisfied clients, like Antipode!

NEPA Geeks PC repair business mentioned in the local news

NEPA Geeks PC repair business mentioned in the local news

It’s always great to hear good feedback on our little PC repair business up here in Mountain Top, but this recent article in the January 2nd edition of The Mountain Top Eagle blew us away!

I took a picture of the print article (as seen below) but you can read the whole thing on this blog post by Stephanie Grubert from The Mountain Top Eagle.

mountain top eagle news clipping nepa geeks pc repair

We just wanted to take this moment to thank Stephanie for her kind words. It was a pleasure working with her and helping to get her computers and iPad back in working order. We never expected to open the paper and see something like this!

As always, we look forward to each and every opportunity to help people out, whether they need a virus removed, a custom computer built or an iPhone screen replaced. We promise not to let this recent publicity go to our heads, so if you need help, feel free to give us a call. Although, no autographs, please.

Watch out for DNS Services Invoice Scam

Watch out for DNS Services Invoice Scam

Have you recently received an invoice from a company called DNS Services charging you for “DNS backup services?” Be warned, it’s not an invoice, it’s a solicitation from DNS Services.

A client recently sent us a copy of an “invoice” he received from DNS Services —, a DNS backup provider. Take a look at the picture below to see the actual letter they received:

domain name services scam letter dns services invoice scam

(click the image to see full-size)

On the surface, it looks like a bill, complete with a mailer to send in with a payment of $65. However, if you look closely (the block of text below the total in the account summary details box), you’ll notice that it’s actually “a solicitation for the order of goods or services, or both, and not a bill, invoice, or statement of account due. You are under no obligation to make any payments on account of this offer unless you accept this offer.

In other words, it’s not a bill; you owe nothing. DNS Services simply wants to charge you so they can provide a service that you are not yet receiving. Think of this more like an advertisement — albeit, one so cleverly disguised to look like a bill that unsuspected customers might feel compelled to pay it, and that’s the problem. Unsuspecting customers have been sending DNS Services money for a service they didn’t want or need. What’s worse, we’ve read first-hand reports from other sites warning about DNS Services that a lot of these folks are having trouble getting their money back.

But what about a DNS backup service? Is this a service you actually want or need? Probably not, especially when you consider that NEPA Geeks already provide a backup domain-name server for web sites hosted with us. In general, 2 domain name servers are all you normally need. A DNS is, basically, an internet-connected computer that resolves a web address (the WWW.COM) to the computer where your website is hosted. It’s very rare that these servers go down. Therefore, a backup service isn’t really needed.

In short, if you receive an “invoice” from DNS Services, throw it away. You owe them nothing. And would you really want to do business with a company that conducts themselves in this way? Probably not.