December 15th, 2014
The holiday season is typically a busy season for hackers and malware developers. With increased activity online because of online shopping, ecards, emails and more holiday festivities, there are also increased opportunities to infect users with viruses or steal their information. A post at Spyware News details some common methods used to victimize users around the holidays in the past. Here are three to watch for this year.
Think about all the website you visit for the holidays. You may buy airline tickets, book a hotel and order gifts in one afternoon. You’ll also likely be checking you bank accounts during this spending spree. Unfortunately, cyber criminals know that there are millions of other people like you spending money online and they know you’re always looking for a great deal. That gives them the opportunity to make fake websites, or spoof legitimate sites like your bank, in order to infect your computer or steal your payment information. Spotting a fake site can be difficult, depending on how much time has gone into crafting it. An old version of the company’s logo, typos or a missing security step could clue you in. It’s also important to keep your browser and antivirus program updated since they can sometimes alert you to a suspicious website.
Spam coming to your inbox isn’t a problem specific to the holidays, but there are some scams that attempt to use your excitement for the season against you. Many users are directed to the fake websites mentioned above after receiving an email promising a great deal or telling them they’ve won a contest. As always, following links in your email is a risky business. Be especially wary of attachments because that’s a common method for delivering malware. It sounds easy enough to not open attachments, but they’ll be labeled with something enticing that will be difficult to resist.
Not everyone does all of their shopping online. There are still plenty of folks who go out to get their shopping done, but there are dangers there too. Free WiFi at department stores or coffee shops is a convenient way for you to use your smartphone while shopping, but they also allow those with a little know-how to monitor your activity and steal your information. Never make purchases or enter passwords while on a public, unsecured connection.
If you are online during the holidays this year, you’re likely to encounter at least one of these tactics. Staying safe involves have an updated antivirus program installed and being cautious with your activity.
If you do fall victim to one of these attacks, call Geek Rescue at 918-369-4335.
November 3rd, 2014
It seems a new malware threat emerges practically every day, but most threats have a lot in common. They gain access to your device in a similar fashion and are fixed or bypassed in a similar fashion. A new threat reported on the Symantec blog, however, is unique. Trojan.Poweliks isn’t like other malware that exists as a file on an infected machine. Instead, this particular form of malware hides in the computer’s registry.
Trojan.Poweliks still infects computers the way most other forms of malware do. Users are commonly infected through spam emails, malicious links and exploit kits. Users have reported seeing emails claiming to alert them about a missed package delivery. Opening the email and downloading the attachment leaves them infected.
Once a machine is infected, the trojan disguises itself as a registry subkey. That means most users will never be able to find it.
While it’s hidden, the malware receives commands remotely from the attacker and can take all sorts of nasty actions to cripple your computer and monitor your activity.
Staying safe from these types of threats requires both intelligent web use and proper security tools in place. An updated antivirus tool will catch many of these threats, but if you’re among the first users infected, your antivirus won’t be able to recognize the latest form of malware. That’s why your first line of defense has to be to avoid where these threats are commonly found. Don’t download suspicious email attachments or follow links sent to your email. These practices will help keep you out of harm’s way.
If you’d like to improve the security on any of your devices, or need help getting rid of malware that’s infected your machine, call Geek Rescue at 918-369-4335.
October 14th, 2014
You’ve likely heard warnings about using unsecured WiFi networks, but what have you done to protect yourself? According to a recent study conducted by Experian, most of us are making little to no effort to stay secure despite understanding the risks. More than a third of those responding admitted to logging into their bank account while on public WiFi and over half of respondents admit to entering credit card information to sites without checking to see if they’re secure. And yet, 9 out of 10 believe everyone should be more concerned about identity theft.
So, what can you do? At Private WiFi, Jared Howe listed some ways to keep your personal information secure in any situation.
Whether you regularly connect to public WiFi or you’re extremely careful, chances are the password to at least one of your online accounts will be compromised eventually. Password theft can occur in many different ways and it doesn’t always mean an individual user did anything wrong. That’s why it’s important to regularly change passwords and use unique passwords for each account. Changing your passwords protects you in case your log-in credentials were recently stolen and using different passwords for each account ensures that when one account is hacked, it doesn’t mean a criminal now has access to multiple accounts.
In order to infect your device with malware or trick you into giving up your personal information, cyber criminals have a variety of methods. You have to be cautious of links and attachments sent to you in an email. Downloading these attachments or following these links can infect your device. Sometimes, the websites those links point to are designed to persuade you to enter your information, however, which then allows criminals to use that information to hack into accounts or steal your identity.
Many users don’t use any kind of lock on their smartphone or tablet, but that makes your device more of a target. Even though most locking methods aren’t incredibly difficult for a knowledgeable individual to by-pass, just having one in place discourages many would be thieves. It’s also advisable to disable geotagging features.
If you find yourself needing to connect to public WiFi often, you should consider investing in a Virtual Private Network. A VPN encrypts the data transmitted between your device and the internet, which would otherwise be free to intercept on an unsecured network. There are many options available for effective VPNs.
Staying secure means investing time and money now in order to avoid catastrophe later. For help with security on any of your devices, or to recover from a malware infection, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
September 10th, 2014
Despite the inherent dangers, many users continue to use the same password over and over again for all of their online accounts. Doing so makes it significantly easier to break into those accounts and, when one account is compromised, it greatly increases the risk to other accounts as well. That issue is the reason that a recent theft of Gmail addresses and passwords could potentially lead to millions of compromised accounts. As Lucian Constantin reports for PC World, 5-million email addresses and accompanying passwords were dumped in plain text on an online forum, recently.
The Gmail addresses all have a corresponding password with them, but that password isn’t necessarily the password to the user’s Google account. Instead, it’s suspected that rather than hacking Google to steal this information, cyber criminals have hacked other sites over the span of months or even years to compile this list. By hacking other sites that require an email address to register, the criminals were able to compile a list of Gmail accounts with a possible password that that user has used in the past.
So, for those users who re-use passwords, an unknown number of people could now know both their Gmail address and the password they need to log into it. Thanks to Google’s all-inclusive nature of accounts, compromising an individual Gmail account could also mean compromising their Google+ page, YouTube account, Google Drive and any other Google service being used.
It’s unconfirmed how many of the 5-million addresses and passwords are valid, but it’s estimated that at least 60-percent could be used successfully. That means that about 3-million Gmail users have their log-in credentials available online in plain text. Even if you don’t re-use passwords, this still seems like an ideal time to change not only your Gmail password, but also your password to other important online accounts as well.
At Geek Rescue, we have the expertise to enhance security at home or at the office and on any type of internet-ready device. If you have questions or concerns regarding the security of your devices, call us at 918-369-4335.
For other business solutions, visit our parent company JD Young.
August 18th, 2014
Cryptowall is the latest ransomware malware to be claiming victims. Much like CryptoLocker, Cryptowall encrypts the files on a victim’s computer and demands a payment to decrypt those files. This malware is usually spread as an attachment on spam emails. A post at Spyware News details the Bank of America email scam that’s currently spreading Cryptowall.
If you’re not a Bank of America customer, it’s easy to ignore messages claiming to be from the bank about your account. Those that do have active accounts find the messages more believable, however.
Users are reporting seeing emails claiming to be from Bank of America with an attachment. The emails are from “Andrea.Talbot@bofa.com” and advises the user to open the attachment because it contains information about their account. The email contains an office phone number and cell number with an 817 area code and even includes a standard confidentiality notice at the bottom. The email appears to be legitimate except for the fact that no bank, much less on the size of Bank of America, would send confidential account information to customers this way.
The attached file is named “AccountsDocument.zip” but those that download it quickly discover that it’s malware. Specifically, it’s the Cryptowall virus that encrypts files.
For the time being, be extra cautious about opening any emails from Bank of America and don’t download any attachments. If you have questions about an email, always contact the institution named in the email directly, rather than downloading attachments or following links provided.
Unfortunately, if you’ve become infected by Cryptowall, or a similar virus, there’s often no easy way around it. If you’ve recently backed-up your system, you can restore the encrypted files after the malware has been removed. Otherwise, you may not be able to recover the encrypted files.
If your device is infected with malware of any kind, call Geek Rescue for help at 918-369-4335.
For business solutions needs, visit our parent company JD Young.
July 30th, 2014
Even with up to date security tools in place, every internet user runs a constant risk of being hacked or infected with malware. Early detection of these issues can save you from a devastating outcome. InfoWorld recently published an article detailing some of the most common and easily spotted signs of malware infections and the action you should take to combat them. Many times, the suggested action is to restore your system to the last known safe point so it’s important that you’re regularly backing up your devices and creating good restore points.
While there’s fewer instances of this tell-tale sign of an infection than in the past, it remains one of the most recognized. Fake antivirus messages can pop up from your desktop or in a browser window. They claim to warn you about malicious files, but in reality the damage has already been done. Malware has already been added to your system. The message exists to entice you into more trouble. Clicking on it often opens a browser window that asks users to purchase security tools. These sites look legitimate, but are actually just a means to steal credit card numbers. The first step for users is to be familiar with what their actual antivirus messages look like. If they see a fake one, power down and restart in safe mode. Try to find the new applications that have been added and remove them. You’ll also want to run a full virus scan.
To be clear, not every browser toolbar is malicious. Google, Yahoo and other legitimate vendors all offer toolbar additions for browsers, but there are scores of toolbars that signal an infection. If you don’t recognize the name associated with the toolbar and don’t remember adding it, your system has likely been compromised. Most browsers offer ways to quickly remove unwanted toolbars and extensions, but some are trickier. You may need to restore your browser to a previous point or restore your entire system.
This often comes in tandem with unwanted browser toolbars. Conducting searches sends you to an unrecognized search engine, which often contains links to sites designed to further infect your device. You may also notice your homepage change. If this is happening, you’ll want to follow similar steps as above. Remove toolbars and other recently added applications, which may require restarting in safe mode.
- Fake Emails Sent From Your Account
If this hasn’t happened to you, you’ve surely received these emails from a contact. It’s a common problem for an email to be hacked and spew spam to the entire address book. What many users don’t know is that this is usually done through a malware infection on your computer. As soon as you notice emails you didn’t personally send in your sent folder, or are alerted by friends that you’ve sent them spam, you’ll want to run a full scan. Then, look around for recently added programs or anything that looks out of the ordinary.
In short, if your device is acting strangely, which can include pop ups, mouse movements, programs being added and more, it’s likely because of malware.
For help removing malware from any of your devices or to improve security, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
June 26th, 2014
A well-known online scam is directing users to malicious websites by sending them emails claiming to contain links to en e-card. Usually, the goal of these scams is to infect users with malware, but as Sean Butler reports for Symantec, the latest scam attempts to steal users’ money by promising a get rich quick scheme.
The email messages used in the scam appear to be sent from a legitimate e-card website, 123greetings.com. It contains only one sentence with a link to supposedly view your e-card. In most scams of this nature, this link would take you to a website where malware would be downloaded to your device. In this case, however, you are delivered to a site that’s made to look like 123greetings.com. Instead of malware, users are met with a long message that appears to be from a friend urging you to take part in a get rich quick scheme.
This spoofed version of the e-card site was only registered on June 17, according to WhoIs. From that site, users are sent to several other sites that all attempt to verify the authenticity of the ‘business opportunity’. Users are promised the chance to make thousands of dollars each week, but there’s a significant catch. It requires an initial payment of $97.
In addition to stealing a user’s money, contact details are also obtained, which could allow the spammers to attack the same individuals in future scams.
It’s never a good idea to follow links sent in unsolicited emails, but there are additional clues that this particular email isn’t legitimate. Most notably is the use of URL shorteners. Actual emails from 123greetings, aside from including much more than a lone sentence and link, include the full length with their domain name. The emails sent as part of this scam are shortened to obscure the true URL.
For additional tools that keep malicious emails like this out of your inbox, or for help recovering from a malware infection, call Geek Rescue at 918-369-4335.
June 4th, 2014
Cryptolocker unveiled itself in 2013 as one of the worst malware threats on the web. Victims saw their files encrypted only to be released after a ransom payment was made, and even then sometimes the files would remain inaccessible. A new spam email scheme, as reported on the Symantec blog, uses the Cryptolocker name, but actually infects users with another form of crypto malware.
While the malware used in this attack isn’t Cryptolocker, it performs similarly. Users’ files are encrypted and a ransom is demanded. The use of the Cryptolocker name is perhaps to convince users that there’s no way around the encryption. Cryptolocker uses notoriously difficult, or nearly impossible, to break encryption. While this threat’s encryption hasn’t been closely analyzed, it’s likely that it hasn’t been crafted as carefully.
The attack begins with an email arriving appearing to be from an energy company. Users are told that they have an outstanding debt on an electric bill. That should be the first clue for most users. In this sense, this particular threat is more believable than others. Many companies, including electric providers, often send an email to customers telling them their latest bill is ready.
The message contains a link supposedly allowing users to view their bill. It directs them to a website containing a CAPTCHA. The number you’re directed to enter never changes, however. From there, users arrive on a page with a link to download their bill. It downloads as a file disguised as a .PDF. Again, this is all fairly believable.
Opening that file, however, immediately causes files to be encrypted and a text file pops-up informing the victim that they’ve been hacked with Cryptolocker. They’re informed to send an email to a provided address to start the ransom process.
There’s an added feature to this attack also. The malware checks to see if the user is running email client Outlook or Thunderbird. If you are, your contact list is stolen and sent to the attacker, presumably to help spread the malware to more users.
As with any other crypto attack, the key is to avoid infection. Once your files are encrypted, it’s extremely difficult to unlock them. Avoid these threats by being extremely cautious about following links in emails and downloading attachments. Also, regularly back-up your important files in case they’re encrypted or corrupted.
For help recovering from a malware infection, call Geek Rescue at 918-369-4335.
June 3rd, 2014
About two months ago, the Heartbleed bug was the scourge of the internet. Since then, websites have scurried to update and patch the vulnerabilities that could potentially lead to the theft of their users’ data. As Jeremy Kirk of Computer World reports, the Heartbleed name is still being used to strike fear into users only now it’s in association with a phishing scam.
Security firm TrendMicro reports that spam emails are being distributed that promise a “Heartbleed removal tool”. Individuals who have some understanding of what Heartbleed is will understand that it isn’t a virus or malware that can simply be removed. But, others who are familiar with the name ‘Heratbleed’ but unfamiliar with any other details are being fooled.
The attachment to these emails, the supposed removal tool, is actually a keylogger, which is used to record the keystrokes of the user and sends them to the criminal who launched this attack.
Given the apparent misunderstanding of Heartbleed, this scam is already poorly constructed, but it falls apart even more when you consider the content of the email. While the body contains a warning about Heartbleed and urges users to run the attached removal tool, the subject line reads “Looking For Investment Opportunities from Syria”. A more spammy email subject has rarely been written and, of course, the subject and body don’t match.
These characteristics make this particular scam easy to spot for users and spam filters, but criminals trading on the Heartbleed name isn’t likely to stop anytime soon. Be wary of any email, even those purporting to be from legitimate companies, that advises you to protect yourself from Heartbleed. Don’t follow links in those emails and don’t download the attachments.
If your computer is infected by malware, Geek Rescue is here to help. Call us at 918-369-4335.
May 22nd, 2014
Spam is a constant problem for email users and has been since the early days of email. Through spam, malware infections and phishing schemes torment users. Unfortunately, as Malcolm James reports for the All Spammed Up blog, the spam problem in the US is getting worse.
A report released by antivirus manufacturer Kaspersky that users in the United States receive more malicious emails than any other country. At nearly 14-percent of the world’s spam, the US leads this category by almost a full 4-percent over second place United Kingdom.
Over the past few months, the US has seen a sharp increase in spam emails. In the third quarter of 2013, US email users received about 10-percent of all spam, while users in the UK received the most at about 12-percent.
One noticeable trend is an increase in spam targeting mobile users. Most notably, spammers have begun sending messages that appear to be from popular mobile app developers. Messaging app ‘WhatsApp’ has been used in a number of email scams to spread malware. Even users who have never connected an app to their email address have been fooled. For many users, these messages are believable enough that they’re opened and an attachment downloaded to investigate further. Unfortunately, that’s all the action a user needs to take for malware to infect their system.
Overall, about two-thirds of all email messages are categorized as spam. This is actually down from the end of 2013, but about the same as this time last year. Experts warn that the total amount of spam is less consequential than the tactics the spammers are using. New, more intelligent tactics are allowing more spam to slip through filters and find their way into users’ inboxes, which creates more opportunities for users to mistakenly open these messages.
Geek Rescue helps you recover from and protect from spam. We offer services to help get rid of malware and better filter spam. Call us to find out more at 918-369-4335.