Malware Being Spread Through Online Ads

October 3rd, 2013

Advertising sign

A new threat is emerging for both desktop and mobile internet users. It’s called malvertising and, as Adam Greenberg reports for SC Magazine, is a way to spread malware to unsuspecting users through online advertising.

These malicious ads are placed individually by hackers on otherwise legitimate websites. The hackers must convince companies through email and by using false identities to agree to put up the malvertising. When visitors to the site click the ads, it downloads malware onto their machine.

The criminals are specifically targeting sites with a lot of traffic and security experts estimate each malicious ad averages about 100-thousand views before it’s taken down. Users have to actually click the ads to be affected, but with so many views there’s the potential for a large number of users to be infected with malware. These threats are fairly widespread also with an estimated 10-billion malicious advertisements seen in 2012.

Because hackers are using fraudulent credentials, it’s difficult, or nearly impossible, to track them down even after an ad is found to contain malware. The key to stopping these attacks is for companies to be more judicious in selecting the ads they place on their websites. Asking about corporate and individual identities behind these ads before allowing them on a site is vital to avoiding potential headaches down the road.

Be aware that, while there are some legitimate advertisers who will contact you directly to place ads on your website, there are others who are attempting to spread malware. A safe option is to use PPC ads from a trusted source like Google or Bing.

For users, clicking on ads is a natural part of the web surfing experience, but some caution is needed. Clicking only on ads from reputable companies doesn’t always keep you safe, but it is a start. If your computer is infected with malware, call or come by Geek Rescue and we’ll clean it. Call us at 918-369-4335.

New Form Of Malware Threatens Multiple Accounts

October 1st, 2013


Fort Disco sounds like an oddly themed night club, but it’s actually a dangerous form of malware that targets users of WordPress and Joomla. Lucian Constantin, of ComputerWorld, reports that the malware has also been documented attacking POP3 email and FTP servers.

Fort Disco is described as a brute force password guessing form of malware. This means that it infects a machine, then attempts to hack into the user’s accounts by trying random passwords. That’s where the term brute force comes in. There’s no finesse used to break into accounts. Instead, password after password is tried until the malware gains access to the account.

Security experts estimate that Fort Disco has infected more than 25-thousand Windows users and successfully hacked into more than 6-thousand WordPress, Joomla and DataLife Engine accounts.

Once the malware infects a machine, it’s able to communicate with its creator to get instructions on what accounts to attack. Since it is hosted on a user’s machine, email accounts and even FTP credentials are also at risk.

Brute force password attacks against content management systems aren’t rare, but Fort Disco is a unique way to hack those accounts. This malware is easily distributed across a large number of computers, and puts multiple accounts in harms way.

As with all types of malware, there are multiple ways it can infect your computer. To stay safe, be extremely cautious what websites you visit, what you download to your computer and what emails you open. Since Fort Disco has been seen hacking email accounts, it’s likely that a number of spam emails containing the malware are being sent.

If your computer is infected, or if you’d like to improve the security on your machine, contact Geek Rescue at 918-369-4335.

Large Scale Botnet Take Down Highlights Looming Threat

October 1st, 2013


A botnet is a way for cyber criminals to use your computer to perform tasks like sending spam emails, spreading malware and other fraudulent uses. Infected computers will be able to communicate and form an entire network of zombie machines, which are all under the control of hackers.

Tom Espiner, of the BBC, reports that security company Symantec recently disabled 500-thousand infected computers that were acting as part of a botnet. The ZeroAccess botnoet, used for advertising and online currency fraud, was previously made up of 1.9-million machines.

The ZeroAccess botnet uses people’s computers to execute click fraud. Online advertisements generate income for websites that host them based on how many users click on them. This botnet used zombie machines to generate false clicks, which made them money.

By disabling 500-thousand of the infected machines, the hackers will lose about a quarter of their income. However, the identity and location of these criminals is unknown so experts warn that they’ll be working to restore their numbers quickly.

Symantec initially stepped in to take down the ZeroAccess botnet when it noticed an updated form of the Trojan program, which ZeroAccess installs on infected machines, being distributed. This malware made it more difficult to disrupt the botnet’s communications. Symantec felt they needed to act now, before updated malware made it impossible to disable any infected computers.

Perhaps the most troubling part of a botnet is that most users won’t know their computer is being used by a third-party. Infected computers will experience a decrease in performance. Your computer will be slower because a portion of its resources are being used as part of the botnet.

It’s also a good idea to check the sent messages folder in your email. If there are messages that you didn’t write being sent from your email address, you’ve got a problem and may be part of a botnet.

If you’re experiencing computer trouble or want to upgrade your cyber security, contact Geek Rescue at 918-369-4335.

Malware Infects Your Router Too

September 30th, 2013


You’ve probably taken some precautions to make sure your computer is protected from malware, viruses and other potential security issues. But have you taken precautions to protect your router?

A recent post on NewsFactor notes that there are router-specific malware threats capable of reconfiguring it. A malware infected router is able to redirect users to malicious sites in order to steal data or infect them with more malware and viruses.

Imagine you are using your computer to check your bank balance. If your router is infected with malware, it could redirect you to a similar looking site that is actually designed to steal your log-in information. Minor differences will alert you that something is wrong, but you have to be looking for them. A slight difference in the way the site looks, or a missing option in the menu are tell-tale signs that this site isn’t legitimate.

Thankfully, most banking websites offer security specifically designed to alert you if you’re not on their official website. However, other websites don’t take the same precautions.

Your browser also has security tools available to help keep you safe in these situations. When the warning pops up that a website’s security certificate isn’t recognized, don’t ignore it. This is a warning that using this site puts your data at risk. If you see that warning, don’t use that website. If needed, contact the business directly by phone and ask them about their website.

To protect yourself, make sure your router is updated continuously. Newer models usually update automatically, but it’s worth checking to make sure. Also, use the password protection options. Not only should your router be password protected, but that password should be changed often and not easy to guess.

To find out how to improve the cyber security at your home or office, contact Geek Rescue at 918-369-4335.

New Form Of Malware Rapidly Spreading

September 27th, 2013


Antivirus vendors are reporting that a new piece of malware is being used in infection attempts hundreds of times per day over the past few weeks. It goes by the name Napolar or Solarbot and is used to steal information.

Lucian Constantin, of PC World, writes that this new malware started infecting computers in mid-August, but was put up for sale to cyber criminals weeks before the first infection. For $200, hackers are able to buy the Napolar binary code and launch their own malware attack.

While infections have mostly been reported in South America so far, security experts fear this malware will spread quickly, due to its affordable price tag. It appears Napolar is being spread through compromised Facebook accounts.

Napolar is similar in functionality to a Trojan, which has been around for years. Experts speculate it could actually become more popular, however, because of its ease of use and because it is upgradeable with plug-ins.

The tell-tale signs of the malware are pop-up images of women appearing on screen after downloading an infected photo-file.

With more hackers purchasing Napolar and more Facebook users being infected, it’s only a matter of time before the malware reaches North America.

Be sure to keep your antivirus software updated. If you discover that your computer has been infected by malware, bring it to Geek Rescue. We disinfect any device and help you improve your security to protect against future attacks. Come by or call us at 918-369-4335.

Diagnose And Fix Potential Cyber Security Flaws

September 27th, 2013

Cyber security

Every business has adopted some form of cyber security, but is your security truly aimed to keep you safe from a full-scale cyber attack? Too often businesses believe they won’t be a target of hackers and make that an excuse for not dedicating more resources to true security. Those with minimal security, however, make themselves a target because of how easy it is to attack their network. 

Catalin Zorzini, of Inspired Magazine, suggests taking the necessary steps to take your security from minimal to robust. Here’s what to consider when trying to implement adequate security.

  • Audit your current security

Conducting a security audit will reveal where you are most vulnerable. This informs you what your security is lacking and specifically what data is at risk. Knowing that will allow you to put into real terms what is at stake. Contact Geek Rescue to perform a thorough audit of your security.

  • Consider disaster recovery 

Keeping security threats like malware out is only one aspect of good security. You also need to have a plan in place for a disaster that wipes out your data. This could stem from a cyber attack, or it could be a natural disaster that destroys your servers. Regardless of the cause, you need a plan that will minimize the amount of downtime you suffer and how much data is lost.

  • Don’t forget about mobile

Mobile technologies create complications for your security infrastructure. Employees sharing data with cloud systems or through email and connecting on unsecured WiFi cause headaches. There’s also the growing bring your own device, or BYOD, trend. That is also a potential problem as employees could bring infected devices to the office and infect the whole network. 

By thinking about potential security problems and patching holes, you’ll avoid large scale data loss and downtime in the future.

Geek Rescue helps you improve cyber security. Call us at 918-369-4335 to set up a security audit, make a disaster recovery plan or more.


Malicious Extensions Are A Growing Threat

September 26th, 2013

Web Browser

Browser extensions enhance the capability of your web browser. There are a number of uses for browser extensions. Many are designed to improve security or boost productivity. Recently, more and more extensions have been made by hackers, however.

Lucian Constantin, of ComputerWorld, writes that malicious browser extensions are a growing concern among security experts. That’s because they are difficult to protect against.

Malicious extensions have been seen before. They’ve been used to hijack searches and show ads to users. Recently, an IT security consultant was able to create an extension with much more harmful capabilities.

This example malware was able to be controlled remotely. It’s able to bypass two-factor authentication, perform functions, such as downloading other malicious files or controlling the webcam and steal data.

Malicious extensions are a growing concern, but there are few options available to protect yourself from them. Many antivirus programs are unable to detect and remove this malware. Security extensions added to your browser are also powerless.

Your chosen web browser actually has a significant effect on how much at risk you are. Firefox users are considered to be the most vulnerable. This is because it allows for third party extensions to be added, which means hackers can convince users to install the malicious extensions themselves, or can use malware downloaded through other means to install them remotely.

Chrome users, on the other hand, are at a relatively low risk. Chrome only allows extensions to be added from their Web Store, which only contains extensions that have been approved by Google. This doesn’t mean that there can be no malicious extensions added to a Chrome browser. It just means it’s much more difficult than with Firefox.

Exercise caution when adding extension to your web browsers and make sure you understand what your security software does and does not protect against.

To improve the cyber security on your home computer or at the office, contact Geek Rescue at 918-369-4335.

Growing Number Of Cyber Attacks From Social Media

September 25th, 2013


It’s easy to understand why so many hackers are targeting social media for cyber attacks. Where else would you find such a high collection of unsuspecting people? Many users have grown wise to email attacks and have learned to avoid suspicious emails. Social media, however, is still seen by most as a safe place. Throw in that many users access social media on mobile phones, which often lack necessary security, and you have an irresistible target for hackers.

John P. Mello, of CIO, reports that these attacks claim victims using the trust of users against them. Similar tactics as previously seen in creating fake versions of legitimate websites, or sending phishing emails that appear to be from legitimate sources, have been adapted for social media. The trend is to take over an account with a large number of followers and credibility and use it to spread malicious links.

These attacks are difficult to avoid because they appear to be coming from a trusted source. You wouldn’t expect a Twitter account that you’ve followed for years to suddenly be directing you to a phishing site, or infecting you with malware.

This isn’t only a concern for individuals either. Businesses need to be aware of these threats to security also. Another reason that social media is so attractive to hackers is that so many users access social media on their company’s network. This means that if any of your employees encounter a hacked profile, they are putting your company’s data at risk.

There are a number of options for how to deal with these threats. Blocking social media sites is one. Educating employees about the risk and making sure they understand how to avoid these attacks is another.

To improve your company’s security, contact Geek Rescue at 918-369-4335. We offer security software that is capable of blocking potentially dangerous sites and catching malware before it infects your system.

Windows Defender Scores Poorly

September 24th, 2013

F on paper

Microsoft Windows users may be tempted to forego any additional security software because of the existence of Windows Defender, a free antivirus program included with Windows. While Defender does offer some security benefits, Mathew J. Schwartz, of Information Week, points out that it hardly is capable of protecting your computer on its own.

In a study conducted with 27 other antivirus programs that tested protection, repair and usability of each, Defender scored the lowest. In fact, out of a possible score of 18 on the test, Defender scored about 5 points lower than any other program.

In a test of about 60-thousand common pieces of malware, Defender was able to detect 97-percent of them. Not so good considering only three other programs failed to achieve 100-percent detection.

Defender does have its advantages, however. It earned top marks in usability and, of course, its price tag can’t be beat.

So, should you run Windows Defender on your computer? Absolutely, but you should have other security in place, as well.

Security experts suggest using multiple layers of security, even if you have the top ranked programs in place. Because malware is constantly changing and new forms are released each day, there’s no way any program can keep up. So, having multiple ways to detect malicious programs gives you a better chance to avoid infection.

For help improving the security on your machine, or to get rid of malware that’s already infected it, call Geek Rescue at 918-369-4335.

Improve Email Security By Educating Users

September 24th, 2013

Email inbox

Studies have shown that phishing and malware attacks through email are effective because of uneducated users. Individuals who are unable to identify these malicious emails, or those who don’t fully understand the risk involved, are the ones most often victimized. For a business, this means that more education and security is needed so an employee doesn’t wreak havoc for the entire organization.

Jeff Orloff, of The Email Admin, suggests some ways to safeguard your business and convince employees that email security is an important issue.

  • Have A Written Policy

You can’t expect employees to follow the rules if those rules are only implied. To keep from having data stolen or malware infecting your network, write out a policy of email usage guidelines. Make sure every employee has a copy and understands it. 

  • Use Specific Examples

The idea of ‘that won’t happen to me’ is a difficult one to overcome in the context of cyber security. To do so, use specific examples from companies similar to yours in size and industry. Detail how they were attacked, why the attack was successful and what the end result was. Personalizing the attack to show how it would affect your employees is extremely helpful. 

  • Explain The Hows

With a set of rules in place and an understanding of what’s at stake, you can explain how an attack works and how to avoid them. Most employees won’t understand, and don’t need to know, the technical details of malware, but a basic understanding of a hacker’s motivations is helpful. Then, an explanation of what to look for in a typical malicious email. 

If you’re able to improve your users’ behavior, your security will improve exponentially. After all, it’s much easier to stop malware from getting in than it is to find it and delete it.

For help with your company’s cyber security, contact Geek Rescue at 918-369-4335. We offer security solutions to keep your business safe, which includes hosted email and spam filters.