Five Ways Malware Infects Users

May 6th, 2014

malware concept

Once your computer is infected with malware, it can be a long, complicated process to remove it. An infected system is at risk for data loss and risks spreading the malware to other computers. The best security is to keep the infection from ever happening. To do that, you need to know where malware infections typically stem from. At Business New Daily, Sara Angeles lists the most common tactics taken by malware to infect users.

  • Ads

A decade ago, pop-up ads were common online and were a common way of spreading spyware and other malware. The use of pop-ups has significantly decreased over the years and online advertising has become much more legitimate. However, there are still plenty of malicious online advertisements that have the singular goal of infecting users. Sometimes referred to as malvertisements, online ads exist that are capable of infecting users without even a click. The display of these ads can be enough to install malware on your machine. Usually, these ads are found on less than reputable websites, but through an intelligent attack, they’ve been known to plant themselves on trusted sites from time to time.

  • Social Media

The traits that make social media so popular are also the primary reasons why it’s often the route of attackers. Messages received on social media are trusted because they appear to be from a friend or recognized contact. There’s also the sheer number of users. An attacker has a better chance of seeing his malware spread to thousands or millions of users on social media than through other avenues. Facebook messages and Twitter DMs are common ways to spread malware, but there are also malicious Twitter accounts that tweet out spam and malicious website links.

  • Mobile

Smartphones enjoyed a short period of safety from malware, but as the mobile audience has grown, so has the amount of malware targeting it. Android users are at a much higher risk of malware due to the operating systems open source nature, but iPhone users have seen their share of security scares also. Malicious apps that are either downloaded from a third party or infiltrate the official app store are usually to blame for a mobile malware infection. Malware can also be spread to mobile devices through text messages, emails or through infected websites.

  • User Error

Regardless of the number and effectiveness of security tools you have in place, an unsuspecting and uneducated user is likely to encounter plenty of malware. Even those that know not to click suspicious looking links or download apps from outside the official app store can be duped. Malware developers use social engineering to manipulate users and make links irresistible. They play off of current news stories and promise deals that are too good to be true. If it didn’t work, they’d stop doing it, but there’s no end to these tactics in sight.

  • Email

Much like social media, nearly every internet user also has an email account. Malware is commonly spread as an attachment to spam messages that claim to be from a trusted business, website or government agency. Users who download these attachments have their computer infected with malware, and often end up spamming their entire address book with malware and malicious links. This is another problem as other users receive messages that appear to be from a friend and instinctively trust the contents.

Malware is becoming more intelligent. Recent attacks have been able to hide themselves from security tools or encrypt a user’s files.

If your device is infected with malware, bring it to Geek Rescue or call us at 918-369-4335.

 

How Data Breaches Lead To A Loss In Customers And Revenue

May 2nd, 2014

Dollar bill as downward trending graph

Many small businesses view data security as nonessential because they don’t see themselves as ever becoming the target of an attack. Unfortunately, this often makes them a target because of the relative ease attackers have in breaching their network. Even those that do find it necessary to put security measures in place might not see the whole picture of why it’s important. As Brian Prince of Security Week reports, data security isn’t only important for protecting a company’s data. It’s also important for customer retention.

A recent survey conducted by Javelin Strategy and Research found that about a third of consumers will abandon a company that’s suffered a breach that’s resulted in the loss or exposure of customer data. For healthcare providers, 30-percent of patients will abandon after a breach and a quarter of consumers will change their bank and credit card providers in the wake of a data breach.

As experts note,  particularly telling about how important security is to consumers is their willingness to change healthcare providers given the usual hassle involved with that process.

What each of these statistics reveal is how cyber attacks cost businesses money. Not only do they often result in significant downtime that prevents you from offering services to customers, but they also cost you customers and sales.

Perhaps the best example of an attack resulting in lost profits is the recent, massive Target breach. As many as millions of customers had credit card information stolen, which resulted in an estimated $61-million being lost by Target in relation to the attack.

This is dangerous because an unrelated study found that four out of five company leaders don’t equate the loss of confidential data with the loss of revenue. This often leads to a relaxed attitude toward security that significantly increases the risks of a successful attack occurring.

Risk assessments, data management programs and other tools are needed to protect even small businesses from exposing their customer’s data, or their own, during an attack.

For help improving your company’s security, call Geek Rescue at 918-369-4335.

To Change Passwords Or Not In The Wake Of Heartbleed

May 1st, 2014

Heartbleed symbol on laptop

Earlier this month, news broke of the Heartbleed bug that compromised the expected security of websites using OpenSSL. The bug would allow for attackers to steal unencrypted log-in credentials from web servers through a vulnerability, or more specifically, what’s called a “bounds check” was missing. Buried in those initial news reports was the warning to change passwords as soon as possible, but only after websites patched the vulnerability. At Dark Reading, Dave Kearns explains the best practices to stay safe in the wake of Heartbleed and why it’s not always wise to change passwords.

In the context of Heartbleed, the knee-jerk reaction was for users to change passwords as soon as possible because their old passwords could be stolen off a server at any time. It was quickly pointed out, however, that most websites hadn’t patched the vulnerability yet, which means a user changing their password wouldn’t protect their account. It would just hand that new password to any attacker who decided to steal it.

In this case, changing passwords wasn’t the best idea. In fact, users who didn’t change passwords and stayed away from a site completely were probably better off than those that proactively logged in and changed their account. The Heartbleed bug makes users vulnerable when they enter their account information. So, logging in and changing your password would potentially be giving that information to an attacker. But, leaving your account dormant would keep you safe.

Going forward, there are tools available to add on to your web browser that will tell you whether or not a website has been patched to eliminate their vulnerability to Heartbleed. If it has, you’re free to log-in and change your password. This protects you in case your old password was compromised at some point.

If the site hasn’t been patched, leave immediately. That site isn’t safe for use until the vulnerability is fixed.

The best way to protect yourself from catastrophic damage in the wake of an attack of online accounts is to always use unique passwords for each account you hold. That way, if one, insecure account is compromised, your other accounts are safe. For users that use the same password for multiple accounts, the theft of one from an insecure site like a message board could lead to important accounts like social media, email or banking sites being hacked as well.

At Geek Rescue, we have tools to protect you from attacks and to help you recover. Call us at 918-369-4335.

Firefox 29 Brings Big Changes To Browser

April 30th, 2014

Firefox logo

Mozilla’s Firefox web browser is currently the third most used browser, behind Google Chrome and Microsoft Internet Explorer. This week, Mozilla released the Firefox 29, which is the first significant interface redesign in three years and makes more than 1300 changes to previous versions of the browser. Seth Rosenblatt of CNet has details about what’s new with the new Firefox.

  • A menu icon has replaced the recognizable, orange Firefox menu button and has moved from the top-left corner to the top-right.
  • A ‘Download Manager’ icon now resides by default in the add-on bar.
  • The ‘Forward’ button for browser navigation disappears until there’s a page to move forward to.
  • Tabs will no longer shrink as drastically as they have in years past when a number of tabs are open. Mozilla wanted to keep tabs legible at all times.
  • If there are more tabs open than fit in the bar, users can scroll with their mouse, or use navigation arrows provided to access additional tabs.
  • The entire new interface takes some direction from mobile-friendly websites and apps in order to become a more acceptable browser for touchscreen devices.
  • To aide syncing, Firefox introduced Accounts. Users may create a username and password and log-in through an icon provided in the browser menu.

Many of these changes, particularly the use of accounts and some changes to the interface, are designed specifically to help Firefox break into the mobile browser market. Currently, about 0.1-percent of Android users have Firefox on their smartphones.

This new version of Firefox couldn’t have been released at a better time considering Internet Explorer users are being urged to find an alternative browser until security issues are fixed.

When you’re having problems with your device, network, hardware or software, call Geek Rescue at 918-369-4335.

Attack On AOL Puts Everyone’s Email At Risk

April 30th, 2014

Spam folder

A popular method of attack for cyber criminals is to gain control of a legitimate email account and spam the user’s entire address book. This gives them a much better chance to infect more users as their spam emails appear to be from a trusted contact. This method is annoying when it’s highly targeted and affects only a few dozen email users. It becomes much more than an annoyance when potentially millions of users are affected. At CNN, Jose Pagliery reports on a hack on AOL that has potentially compromised millions of email accounts.

It’s not known yet exactly how many email users had their information stolen in this large scale attack on AOL. Currently, the company reports that only 2-percent of their email accounts have been observed spamming others. But, of their 120-million email account holders, anyone could be affected.

AOL also warns that it isn’t just the ability to spam your friends that’s at stake. The attack could also give hackers access to postal addresses, log-in credentials and answers to security questions.

This is such a large scale attack that everyone needs to be warned about it. With millions of contact lists at risk, nearly every email account in the US could be hit by AOL spam in the coming weeks.

There’s also the concern about abandoned AOL accounts being revived to send out spam. A significant number of AOL email accounts have been dormant for years. However, attackers are still able to gain access to these accounts and spam their contacts. Because this is a seldom used, and often forgotten about, account, it could take longer to mitigate the issue than an active account that a user checks every day.

AOL has successfully begun redirecting emails sent through these malicious methods into users’ Spam folders, but little else has been accomplished so far. All users with an AOL account, whether it’s being used currently or not, are advised to change their passwords as soon as possible. It’s also a good idea to change other important passwords that share commonalities with your AOL password.

If your computer or email has been the victim of an attack, or you’d like to learn about additional security and spam filter options, contact Geek Rescue at 918-369-4335.

Zero-Day Exploit Surfaces Affecting All IE Users

April 28th, 2014

Microsoft sign

Microsoft’s web browser, Internet Explorer, is among the most used browsers worldwide. It’s also trusted by a number of companies as their standard web browser. That’s why when exploits surface that allow attackers to victimize IE users, it’s big news. At PC Mag, Chloe Albanesius reports on the latest threat to IE, which is a zero-day exploit that allows for remote code execution.

The flaw in Internet Explorer allows attackers to remotely execute code when a user visits a malicious website specifically designed for this purpose. This typically happens when a user clicks on a link sent to them through a spam email or instant messenger. Potentially, an attacker could gain the same rights as the current user, which could lead to them being credentialed as an administrator on your own machine.

This potential exploit is said to exist in versions 6 though 11 of IE, which should account for at least 99-percent of active IE programs, if not all of them. So far, however, attackers are reportedly only targeting IE 9, 10 and 11, which would represent the bulk of IE users. Overall, this vulnerability affects about a quarter of all web browsers in use.

For IE 10 and 11 users, ‘Enhanced Protected Mode’, which runs by default unless changed by the user, helps to protect against this exploit. It should not be considered a fix, however. The only way to fully protect IE browsers would be to install a patch released by Microsoft. So far, no patch has been released.

In the meantime, users can use additional caution and avoid clicking any links or visiting any untrusted websites. Or, if possible, a different browser can be used until the IE security issues are fixed.

This is also a noteworthy exploit because it’s the first vulnerability that will not be patched for Windows XP users since Microsoft recently ended support for that operating system. Those users would be wise to use a different web browser for now and update to a different operating system as soon as possible.

If your computer falls victim to an attack, or you’d like to explore additional security options, call Geek Rescue at 918-369-4335.

Premium Text Sending Trojan Targets US Android Users

April 25th, 2014

Text message bubble on smartphone

There have been plenty of warnings about malware targeting Android devices. The Android operating system, due in large part to its open source nature, has been plagued by security threats at a much higher rate than Apple’s iOS. Still, there’s never been a documented trojan capable of sending premium SMS messages victimize users in the United States. As Adam Greenberg of SC Magazine reports, a trojan known as FakeInst has now done just that.

FakeInst isn’t only capable of sending text messages that cost users money. It’s also able delete messages, steal them and respond to contacts.

Users in the US also are far from the only victims of the SMS trojan. In all, 66 countries have been affected, including Canada, Mexico, France, Spain and Italy.

Unlike some other more malicious threats that infect devices through no real fault of their users, FakeInst has a specific infection method. A phishing website is set up that attracts users who are on their Android smartphone looking for pornographic content. The site asks visitors to download an application. After installing the application, the user is then asked to send a text message to a service to access content. These actions allow the trojan to infect the device and decrypt the necessary information needed to take over SMS capabilities.

This ends with the malware sending premium text messages that cost about $2 each.

Researchers have tracked the trojan to Russian origins, where the first reports of infection were found.

Thankfully, for most users this threat is easy to avoid. Don’t install apps from outside of the official Google Play store and certainly don’t download apps from less than reputable websites.

If your smartphone or other device has been infected by any type of malware, bring it to Geek Rescue or call us at 918-369-4335.

The Latest, Nasty Spam And Malware Threat

April 24th, 2014

Malware in email concept

How can you be sure that an email from your bank is what it claims to be? That’s a vital question in the wake of news that the latest spam and malware threat commonly springs from emails resembling messages from banks such as Wells Fargo and Lloyds Bank. Malcolm James of the All Spammed Up blog reports that the way malware is hidden in these spam messages and the way it then attacks your machine is troubling.

The emails come with an attachment. This attachment actually features another file within it, which contains malware. It’s a bit confusing even to write, which means it’s difficult for spam filters and antivirus tools to catch. Users will see a .ZIP file that claims to be a secure message from the bank and even features password protection. When opened, however, the user’s computer is attacked by the Upatre Trojan.

Upatre is the root of the problem, but it doesn’t do any real damage itself. It’s job is to communicate with the attacker and download more harmful malware to your system. The Zeus banking trojan is the first malware to download. It’s designed to steal your online banking log-in credentials. The Necurs malware is also downloaded, which is able to attack and disable security tools. This allows for a load of other malware to infect and attack your machine.

While many attacks of this nature are centralized overseas, the use of Upatre targets the United States almost exclusively. About 97-percent of recorded attacks using the trojan have targeted American users.

One of the issues with this style of attack is that users may not know they’ve been infected with anything for some time. Considering banking passwords are at stake, that’s an extremely dangerous risk.

To stay safe, users must resist the urge to open suspicious looking emails. An email from your bank may not seem suspicious, but remember that banks and other legitimate businesses likely won’t attach a file to an email unless they’ve told you ahead of time what they’re sending. If you have questions about an email, call your bank directly and ask them rather than risking malware infections.

If your computer or other device has been infected with malware, call Geek Rescue at 918-369-4335.

Three Ways To Improve Your Wireless Network For Free

April 24th, 2014

Wireless router

Wireless networks are everywhere and are responsible for keeping our most used devices, like PCs, smartphones and tablets, connected to the internet. They’re far from perfect, however. A WiFi network is generally slower and less stable than hardwired connections to your modem. But, as noted in a video recently posted by Techquickie to YouTube, there are a few ways to improve your wireless network. Some of these tips require the purchase of additional hardware, but here are the absolutely free ways to improve your network.

  • Find the right spot for your router

Surprisingly, making your network reach the entirety of your home or office could be as easy as moving your router. There are a number of factors that contribute to limitations to the size of your router’s range. First, understand that the coverage area is sphere-shaped. Placing your router close the center of your home will give you a better chance of covering all of it. Putting a router on the floor, or next to thick walls and thick objects, particularly those made of stone, metal or concrete, greatly reduces the coverage area so try to avoid those while finding an ideal spot.

  • Check for updates

Software and firmware updates are vital to patch security vulnerabilities, but can also be helpful in improving your router’s coverage area. To check for the latest updates, just go to the manufacturer’s website. For example, the Linksys website has a ‘Support’ section with updates for all of their products.

  • Choose a free channel

Regardless of your router’s manufacturer, you should be able to switch between channels. If you’re using a 2.4 GHz band router, you’ll want to use channel 1, 6 or 11 because these are the only usable, non-overlapping channels. Deciding between these three depends on the other routers in use in the area. For example, if you have neighbors on each side and one uses channel 1 and the other uses channel 11, you’ll want to use channel 6. Unfortunately, it doesn’t always work out so cleanly. In addition to other networks, things like baby monitors and cordless phones contribute to interference. You can either use trial and error to find the best network for your area, or look for available tools and mobile apps that show you the other networks in use.

If these tips don’t work, you’ll probably need to add or upgrade hardware in order to improve your network. A new 5 GHz router, if your devices are compatible, will greatly improve your connection speeds. Other options include adding a new antenna or repeater.

If you’re having trouble with your network and need to fix your router, modem or other hardware, call Geek Rescue at 918-369-4335.

How Long Does It Take To Recover From An SQL Injection Attack?

April 23rd, 2014

Days on calendar

SQL injections are a popular form of attack that exploits vulnerabilities in applications. This type of attack commonly targets web applications used by companies and, as Kelly Jackson Higgins of Dark Reading reports, it can take months to discover the attack and mitigate it.

Over the past year, SQL injections have been discovered at 65-percent of organizations polled. This is a common form of attack that can be used on networks of any size, from businesses large and small to even homes. On average, these attacks take 9-months from the time the attack occurs initially to the time a company fully recovers. Much of that time, about 140-days on average, is spent not knowing the SQL injection is even taking place. In fact, nearly half of companies that have been the victim of these attacks say it’s taken a minimum of 6-months to detect them.

The respondents in the study were made up of 595 IT professionals working for both commercial and government organizations in the US. The issue, it seems, is that most businesses don’t test third party applications for potential vulnerabilities. Considering the vital nature of third party applications for many businesses, this is a costly misstep. Many businesses also continue to rely on signature-based security. This leaves them vulnerable to attacks that have not yet been spotted and categorized. For cutting edge and more intelligent attacks, a shift to behavioral analysis based tools is needed.

Making matters worse is the growing trend of mobile devices using a company’s network. Many of the surveyed IT professionals agreed that these devices made it harder to find the source of the SQL injections.

SQL injections are a real threat and while more and more businesses are aware of them, more needs to be done to protect against them.

For help protecting against costly attacks on your network or recovering from one, call Geek Rescue at 918-369-4335.