It's 8:30am. A MacBook brought for repair yesterday afternoon is already fixed and out the door. We've got a meeting at 9am with a representative of a local community organisation to discuss sponsorship opportunities. The meeting is taking a bit longer than I anticipated and there is already a client cancelling onsite appointment because I'm half an hour late. Half an hour?! I can't help but wonder about all those repairmen out there who (more often than not) would tell you that your onsite appointment is any time between 9am and 3pm. And you happily sit and wait (and spend a day off work waiting for something to be fixed). I hope this client calls again. They haven't been always loyal over many years that I know them, but they kept coming back (I must be doing something right, I hope).

I've done a couple of quotes (one for a printer and one for ESET antivirus) and I'm off to bank to cash in :) a few cheques. Or not… a client just rang; they're unable to connect to internet, so I'll be going to their office to fix this first.

Meanwhile, in the shop, an "infected" computer arrives. It's been quite a few lately: viruses "killing" (read: disabling) antivirus software; people pretending to be remote support companies and asking for payments for computer repair services that aren't really needed; malware that hides all desktop icons; and so on. We've also seen quite a few cases of malware that hijacks client's webcam, takes a picture of the client and inserts it into a web page that's supposedly coming from the local Police. The hijackers (of course) are asking their victims to click on a link and pay some (non-existent) Police fines. Some of our clients got actually quite upset with this as they thought the Police was really after them and it took a fair bit of reassuring before they accepted that a computer virus is the culprit. There are so many threats in the online world that it is virtually impossible to catch them all with an antivirus application. However, although antivirus can't catch them all, it can catch many, so make sure you run one and make sure it's up to date. Ask an expert (such as a computer repairer) if you're unsure which one to get. And always make sure you're surfing the net wisely:

• Do not click on every and any link that pops up on your screen or turns up in your email inbox (even if it's seemingly coming from a trusted source);
• Do not "ok" everything and anything (read what's on the screen; phishing messages usually don't make a lot of sense);
• Do not open suspicious email attachments;
• And again – just be sensible in the way you use the internet and you should be fine.

I have to call a client to let him know he can pick up his desktop computer. It's been fixed (it was a malware case once again) and we only need to buy antivirus license for him. Alisa sent him an email earlier today asking for a confirmation of this purchase and he hasn't responded (although he was very keen to have his computer back ASAP). Alisa just came up with this (crazy) idea: this is the client's only computer and he hasn't seen the email because he doesn't have email account set up on his mobile phone (we know that he's got an old phone and that he doesn't use it much). Is there really a person (and this guy runs his own business) not checking email on their mobile phone? The idea of someone being able to function without this piece of technology makes me (somehow) happy. It's quite amazing actually.

Spying on browsing and instant messaging activities

A new Mac OS X Trojan referred to as OSX/Crisis silently infects OS X 10.6 Snow Leopard and OS X 10.7 Lion. It then spies on the user by monitoring Adium, Firefox, Microsoft Messenger, Safari, and Skype.

The threat installs itself silently (no user interaction required) and does not need your user password to infect your Mac. It exploits Java vulnerabilities, but since OS X 10.7 Lion doesn’t include Java by default, this is suggesting there are other ways for this malware to infect your Mac. Newly released Mac OS X 10.8 Mountain Lion doesn’t seem to be affected by the OSX/Crisis.

The malware allows the person operating it to:

• Spy on Skype audio traffic and record all conversations and phone calls.
• Spy on Safari or Firefox browsers to record URLs and screenshots.
• Record IM messages in both Microsoft Messenger and Adium.
• Send file contents to the control server.

As this is a very advanced threat and since it hasn’t been seen in the wild yet, you’re unlikely to get infected by it. Still, if your work on Apple Mac is critical or you have classified information stored on it, it is very important that your security updates are always up to date and that you’re using an updated antivirus program.

Microsoft also suggests doing something about your Java as Java-based malware sees no end. So regardless of whether you’re using Mac or Windows-based computers, this is what Microsoft asks you to do with Java: "Update it, disable it, or kill it."