Oldboot Malware ‘Biggest Threat’ To Android Devices

April 16th, 2014

Virus illustration on smartphone

Users of Android smartphones are already at a significantly higher risk of malware infection than their iPhone counterparts. Experts, however, are warning of even more threats coming throughout 2014. One of those threats has already been identified and has infected millions of devices. Chris Smith of BGR reports on the Android malware threat called ‘Oldboot’ that is also being referred to as “the biggest threat to the operating system to date”.

Oldboot is capable of installing malicious apps on a device and can even remain hidden from detection or “fight” antivirus apps by modifying or uninstalling them. But, what makes it so dangerous is Oldboot’s ability to re-infect devices even after seemingly being removed. This malware is stored in the memory of devices and alters booting files. Infected devices then re-install malware in the early stages of their restarting process.

Oldboot is referred to as advanced malware because it has so many capabilities. It’s able to send text messages from a user’s device, modify the browser’s homepage, launch phishing attacks and more.

Perhaps the biggest problem is very little is known to date about what specific Android devices are at risk or even how devices are infected. Most Android malware infects devices through malicious apps. Occasionally, these malicious apps find their way into the official Google Play app store, but more often they’re downloaded from an untrusted source.

Other dangers include malicious text messages and emails and malicious websites visited on your smartphone.

If you think your device has been infected by any form of malware, bring it to Geek Rescue or give us a call at 918-369-4335.

 

2013 Security Report Reveals Large Growth In Malware Production

April 16th, 2014

Malware on circuit board

It’s no secret that malware is an ever-present threat to internet users. It’s also no secret that while defenses against malware are steadily improving, the number of malware being produced and its capabilities are growing. A recent study released by security firm Panda Labs confirmed the growing threat of malware, as Tony Bradley reports for PC World.

In their 2013 security report, Panda Labs found that about a fifth of the malware that exists was created last year. That speaks to the rapid growth of malware production. In 2013 alone, 30-million new threats were created, which breaks down to about 82-thousand per day.

Of these newly minted threats, about 70-percent are trojans, which are particularly troubling forms of malware capable of mining data and even controlling an infected computer while staying hidden from users and security tools. Total, Panda Labs discovered more than 20-million trojans. The rest of the malware was made up of a combination of worms, viruses and adware or spyware. Trojans were also responsible for the most successful infections and accounted for almost 80-percent of infections in 2013.

In terms of application vulnerabilities, Java was to blame for the most attacks. Exploits on a security flaw in Java led to successful attacks on Twitter, Facebook, Apple and Microsoft.

With so many forms of malware around, it’s amazing users aren’t victimized more often. Most users aren’t infected by malware often, but even becoming the victim of malware once each month would mean you avoided all but .0001 of all new threats. Given these statistics, it’s clear why experts warn that there’s no such thing as perfect security.

Panda Labs also agreed with the consensus that in the mobile world, Android is the most popular target for malware producers. They also sent a warning to users that more targeted attacks aimed at stealing data would be coming this year.

Users who are unprotected by security tools like antivirus programs run a significantly higher risk of becoming the victim of an attack. This could lead to the harm of your computer and the theft of your data.

For help securing your computer or recovering from an attack, call Geek Rescue at 918-369-4335.

 

How To Protect Yourself From Spyware

April 15th, 2014

Spyware being erased with pencil

Spyware has been a problem for internet users since the mid-90′s. Software that is able to gather information, or spy on a user, without their knowledge falls under the umbrella of spyware. In 2007, an estimated 850-thousand computers in the US were essentially rendered inoperable by spyware, according to Consumer Reports. Since then, spyware hasn’t become less of a problem, but there are better ways to protect yourself from it. Steve Bell of the BullGuard blog has some tips.

First, it’s important to understand the typical ways spyware gets onto your computer. The most common method is to piggyback on other programs you download. For the most part, free software is free for a reason. While the spyware included might not be malicious, it is still not something you’d volunteer to have on your machine. Some software installation methods will let you opt out of additional programs and spyware that’s included, but others install it automatically.

In order to stay safe, it’s important to be careful about anything you download. Spyware can also stem from spam emails, links and advertisements. There are a number of antivirus tools that also protect you from spyware. There are even some legitimate, dedicated anti-spyware tools, but be careful. There are plenty of programs claiming to be security programs that are actually malware or spyware themselves. Not only will these programs infect your computer, they won’t offer you any protection at all from other threats.

If you’ve already been infected, or if you’re not sure, Windows users can head to the Control Panel and check the list of installed programs. If you don’t recognize some of the programs listed, there’s a chance they’re spyware. Before uninstalling, you might want to do some additional research.

Unfortunately, not every piece of spyware installed on your computer will always show up this way. Some can even convince you that it has been uninstalled but actually remain in operation. For these particularly nasty cases, you’ll have to rely on a trusted security application. They’ll be able to recognize the common characteristics of spyware and either block it before it is installed, or help you remove it.

If your computer is infected with spyware, malware, viruses or you’re having other issues, call Geek Rescue at 918-369-4335.

Microsoft Ending Security Support For Windows 8.1 Without Update Users

April 15th, 2014

Windows 8 on laptop

Installing a major update to your operating system can be a daunting task. Many users feel this way as evidenced by Windows 8 still owning the lion’s share of the market over Windows 8.1. It doesn’t seem to matter if the update is offered at no cost. What matters is that users think updates will be too time consuming, too complicated, or cause issues with compatibility or storage. Naturally, the audience’s reluctance to update their systems is frustrating for Microsoft, who is forced to roll-out multiple versions of the same patches and updates constantly. As Mihaita Bamburic reports for Beta News, Microsoft has found a solution to force users’ hands.

Microsoft recently announced that by May’s Patch Tuesday, roughly 30-days away, there will be no more security updates provided to Windows 8.1 users who haven’t installed Windows 8.1 Update. The update, which is the first major update released for Windows 8.1 and aims to help make it more usable for desktop users, has only been available since the beginning of April but adoption numbers have been low.

This is a move that attempts to force users to install the update because without it, their computers will be at risk to the latest threats and exploits. As it is, Microsoft is having to spend an inordinate amount of time creating patches for each version of Windows currently active and altering those patches for users who haven’t updated their operating systems fully.

For Windows 8.1 users, the best option is to bite the bullet and download the update. If you’re concerned about losing data, updating is an ideal time to back-up your files. You can even create a restore point that will allow you to revert back to the state of your system before the update is installed in case you run into problems.

If you have issues with your computer that an update from the manufacturer won’t fix, call Geek Rescue at 918-369-4335.

Millions Of Android Devices Still Vulnerable To Heartbleed

April 14th, 2014

Android phone leaking data concept

Last week, news of the Heartbleed bug, which threatens the integrity of HTTPS enabled websites worldwide, broke. In addition to a worry that important data sent between users and websites could be compromised and stolen, there is also a concern that mobile services could be vulnerable. Stephanie Mlot at PC Mag explains how Heartbleed threatens the security of Android users specifically.

Naturally, Google was among the most potentially costly sites should users fall victim to Heartbleed. Not only are Google’s services among the most used online, but they also have access to a lot of personal information that is extremely valuable to criminals. So, Google set out early to patch their services and protect their users.

So far, Google services Search, Gmail, YouTube, Wallet, Play, Apps, AdWords, Maps and Earth have all been patched.

For the Android crowd, every version of the mobile operating system is safe from Heartbleed save for Android 4.1.1. It’s unknown exactly how many users have this version installed on their devices, but some iteration of Android 4.1 is being used by more than a third of Android users. It’s estimated that the number of affected users is in the millions and devices affected include popular manufacturers Samsung and HTC.

A Google spokesperson stated that patching information is being distributed to manufacturers, but this slow process is one of the main issues regarding Android security. Unlike Apple, which can push updates and patches to all of its users directly, Android users must wait for each manufacturer to tailor patches to their specific environment. In cases like this one, that can leave users and data vulnerable to known exploits for days and even weeks.

Blackberry has released a statement informing users that a fix for their Android devices will be made available by the end of the week. Other manufacturers have been quiet, however.

The best option for users in the meantime is to assume that data can be stolen from their device. If your Android device uses the 4.1.1 operating system, which can be checked in the Settings menu under ‘About Phone’, don’t use your device to log-in to online accounts or to message personal information.

While users will have to wait for an official patch to protect themselves from Heartbleed, for any other problems with your Android device or other mobile devices, come by Geek Rescue or call us at 918-369-4335.

Report Shows Rise Of Advanced, Intelligent Attacks

April 11th, 2014

Cyber Attack road sign

A common piece of advice is to keep applications updated, especially antivirus programs, to try to keep up with constantly evolving cyber threats. At Dark Reading, Tim Wilson reports on the recently released Websense 2014 Threat Report that finds advanced, targeted attacks are more prevalent than ever before. This means that relying on out of date malware definitions and failing to patch vulnerabilities quickly are more likely to cause users to become victims of an attack.

Websense reports preventing more than 4-billion attacks in 2013. Almost all of these attacks were intelligently designed to by-pass traditional security tools and pursue confidential data. The worry is that not only are the highly targeted, advanced attacks able to fool traditional security infrastructures, but attacks considered more common and able to affect users on a large scale are also using advanced tactics to avoid detection and prevention.

A common attack tactic is the use of malicious links, either on a website or included in an email. Clicking these links causes the download of malware, or directs users to phishing sites designed to steal log-in credentials or other important information. In 2013, 85-percent of these malicious links were found to be located on legitimate, trusted websites that had been compromised. This makes it exponentially more difficult to recognize and prevent this style of attack because the website being used isn’t designed as an attack site.

About one-third of all malicious executable files discovered in 2013 contained custom encryption of programs designed to remotely take control of a system or mine data from it.

There were also a reported 67-million exploit kits discovered throughout last year. An exploit kit is a way for developers with expertise to design an attack and sell it to others to be easily customized and launched at the target of their choosing. These kits make it easier for more criminals to launch an attack because it only takes money, rather than expertise.

The takeaway from the Websense report is that no user is safe. There are so many threats to your safety, you’re bound to run into one eventually. This report also speaks to the importance of being proactive in your security. Update and patch often and be looking for new ways to protect your network.

For help improving the security of your network at home or at the office, or for help recovering from an attack, call Geek Rescue at 918-369-4335.

Microsoft Making Changes To Discourage Adware

April 10th, 2014

Microsoft building

Adware is the name for software that automatically generates advertisements. Usually it finds its way onto a computer by piggybacking on another program. Once on a user’s computer, ads can pop-up without warning either. Sometimes, these ads are displayed while using a web browser to disguise where they’re coming from and other times they pop-up seemingly from nowhere. As Lucian Constantin reports at Network World, however, Microsoft is implementing new guidelines for programs to discourage adware.

Starting July 1st, adware will be blocked by default, which seems like a move Microsoft would’ve taken ages ago. Up until now, it was up to users to decide what action to take when adware was detected by Microsoft’s security software.

The criteria for classifying adware is also becoming much more strict. Any program that displays ads of it’s own window or inside of another program like a web browser will risk being labeled as adware and blocked. Advertisements that stay within the program that displays them will be free of Microsoft’s wrath.

Those that do get flagged will have to pass the next level of tests. First, ads must have a clear way to be closed. This can be an “x” or the word “close” in the corner of the ad. Ads also must be clearly labeled to tell users what program they stem from. Microsoft suggests using language like “Ads by [blank]” or “Powered by [blank]“. Programs will also need to provide an uninstall method through Windows control panel to make it easy for users to remove them.

The idea behind the adware criteria is to give users more control over what is allowed to run on their own systems.

In the past, adware developers intentionally made it nearly impossible for average users to remove the entirety of the programs or reset changes made by them. The most popular forms of adware are browser toolbars, which are notoriously difficult to remove once installed.

These changes aren’t expected to put an end to what has become a lucrative business, but it will hopefully cut down on the amount of adware capable of penetrating computers with Windows operating systems.

If your computer is infected with adware, spyware or malware, bring it to Geek Rescue or call us at 918-369-4335.

Heartbleed: The Bug That Threatens Millions Of Websites

April 10th, 2014

HTTPS in address bar

When you are entering sensitive information into a website, like credit card numbers, social security numbers or even just log-in information, you expect that the site will protect this data. Most sites use ‘HTTPS’, which stands for Hypertext Transfer Protocol Secure, to offer protection to users. Unfortunately, that means if a vulnerability is found in HTTPS, there are millions of websites that are suddenly putting valuable information at risk. As Doug Aamoth reports for Time, the Heartbleed bug is that worst case scenario realized.

Heartbleed exploits a flaw in OpenSSL, which is a common method used to encrypt data and implement HTTPS on a site. This bug allows attackers to steal data and listen in on communications between the user and the website. This isn’t a new development either. Researchers believe the flaw in OpenSSL has existed for at least two years.

The good news is that Heartbleed wasn’t discovered through an attack in the wild. Instead, it’s a proof of concept. This means that instead of attackers actually successfully exploiting the Heartbleed bug and victimizing actual users, the bug was discovered by researchers, who alerted the public. This doesn’t make your data any safer, but it means a permanent solution could be found before any large scale damage occurs.

If left unchecked, there’s certainly the possibility for large scale damage. As many as two-thirds of web servers could be affected by Heartbleed. There are potentially millions of other devices, such as Android smartphones and tablets, that could also be exploited by the Heartbleed bug.

The knee-jerk reaction to a bug capable of stealing log-in credentials would be to quickly change every password on every online account. But, it’s not that simple. If a website is still vulnerable to the bug, changing your password might just be giving the new information to eavesdropping criminals.

For users, the best option is to closely monitor accounts for suspect activity and wait for websites to update their infrastructure.

There are a couple of options you can use to check if a site has protected itself or not. First, this site allows you to enter the URL of a site you use and see if it’s vulnerable to Heartbleed. If it is, you should avoid it and don’t log-in until the problem is fixed. If you’re a LastPass user, you can also use the password management tool to check on which of your saved passwords could have been compromised.

Once important sites like your bank’s website, credit card sites, any site where you pay bills and social media and email are given the all clear, be sure to change your passwords. Just because the site is now safe doesn’t mean that your password couldn’t have been stolen at some point to be used later.

At Geek Rescue, we know security. Whether you need enhanced security for your website, office, or home network, call us at 918-369-4335.

Unsecured Routers Create Trend Of Attacks

April 9th, 2014

Wireless router

Recently, you may have noticed the scores of headlines reporting attacks on wireless routers. Major brands like Linksys and Asus have been plagued by attacks and experts are speculating that attacks on these devices are becoming a trend. Lucian Constantin at ComputerWorld reports on the details of why wireless routers have become such a popular target of cyber attacks.

The most obvious target of attacks is your computer. It contains a wealth of information that could be valuable for criminals to steal and processing power that attackers can harness. Because computers were being targeted by such a large volume of attacks, security began to improve. Not just in the form of antivirus programs, but even in the way operating systems and other applications were built and updated. Suddenly, it was much more difficult to attack a computer directly.

While hackers began developing more intelligent threats, most attacks will target the path of least resistance. That is no longer a user’s computer. Now, that’s a user’s router.

Wireless routers haven’t been the target of many attacks in the past, so manufacturers and users have not made security a priority. This has made attacking them now relatively easy. In fact, security flaws that haven’t been available to attackers for more than a decade are often still open on wireless routers.

In addition to the relative ease of access, attacking wireless routers allows criminals to access every device connected to them. Now, instead of using a targeted attack to infect one computer, a single attack targeting a router can infect every device in the home, which could include laptops, smartphones, tablets and even TVs, DVRs and other internet ready appliances.

Adding to the problem is the fact that routers aren’t updated automatically, which leads to many of them being extremely outdated from a security standpoint. They aren’t being made securely in the first place, but when a vulnerability becomes public, the patches and updates that are released aren’t being widely implemented. This is true of most applications that require users to actively search out an update and manually install it. In the case of routers, it requires some technical expertise to change settings and update. Many users fail to even change their router’s name and password from the factory default.

The first things for users to understand is that their router is vulnerable. It does need to be updated periodically and needs to have a strong password associated with it. For those who are capable, it’s a good idea your router’s admin interface unavailable from the internet.

Creating an effective security infrastructure requires securing a number of potential attack points. For help improving security for your home or business, or for help recovering from an attack or malware infection, call Geek Rescue at 918-369-4335.

Four Steps To Protecting Your New Computer

April 8th, 2014

Bow on keyboard

Buying a new computer is exciting and you probably aren’t thinking about things like warranties and serial numbers as soon as you get home. But, if you want to save time and money later, you should be. Dave Greenbaum of LifeHacker writes that there are some important steps to take as soon as you get your new computer home and before you start testing out its new features.

  • Record the serial number

When you unbox your computer for the first time, find the serial number and take a picture of it or write it down. There will come a point when you need that serial number. If you wait, there’s a good chance it will wear off, especially if you have a laptop. If you lose the serial number, it could make it more difficult to get replacement parts or take advantage of warranties. If the computer uses Windows, also take this opportunity to write down your Windows license key. This way, if you need to reinstall your operating system, you’ll have it handy.

  • Make a recovery disk

Starting your PC for the first time might not trigger you to think about everything that could go wrong, but it’s an ideal time to make a recovery disk for a rainy day. In the case of Windows 8, it’s as easy as typing “create a recovery drive” from the Start screen and choosing a flash drive to store it on. There are a number of situations that would make you want to start over from scratch, so give yourself that opportunity and make a recovery disk before you start altering your system.

  • Inspect the surge protector

A surge protector is a great investment to ensure that your important electronics are protected from surges in electricity. They don’t last forever, however. If there are flashing lights, or you don’t remember when you purchased it, it’s probably time to replace your surge protector. Doing so when you get a new computer is an ideal time. You’ll want to keep your new machine protected and you’ll be able to easily remember how old the surge protector is.

  • Track warranties

The warranties that cover your new computer can save you a lot of money. But, you need a system to keep track of when they expire. One useful method is to set a reminder in your smartphone to go off a few days before any warranties expire. If there’s anything that needs to be fixed that is covered, you’ll be able to take care of it instead of footing the bill later.

These aren’t particularly fun steps to take with a new computer, but they will help you to protect your PC and recover from any disasters.

For help fixing issues that aren’t covered by your warranty, call Geek Rescue at 918-369-4335.