Premium Text Sending Trojan Targets US Android Users

April 25th, 2014

Text message bubble on smartphone

There have been plenty of warnings about malware targeting Android devices. The Android operating system, due in large part to its open source nature, has been plagued by security threats at a much higher rate than Apple’s iOS. Still, there’s never been a documented trojan capable of sending premium SMS messages victimize users in the United States. As Adam Greenberg of SC Magazine reports, a trojan known as FakeInst has now done just that.

FakeInst isn’t only capable of sending text messages that cost users money. It’s also able delete messages, steal them and respond to contacts.

Users in the US also are far from the only victims of the SMS trojan. In all, 66 countries have been affected, including Canada, Mexico, France, Spain and Italy.

Unlike some other more malicious threats that infect devices through no real fault of their users, FakeInst has a specific infection method. A phishing website is set up that attracts users who are on their Android smartphone looking for pornographic content. The site asks visitors to download an application. After installing the application, the user is then asked to send a text message to a service to access content. These actions allow the trojan to infect the device and decrypt the necessary information needed to take over SMS capabilities.

This ends with the malware sending premium text messages that cost about $2 each.

Researchers have tracked the trojan to Russian origins, where the first reports of infection were found.

Thankfully, for most users this threat is easy to avoid. Don’t install apps from outside of the official Google Play store and certainly don’t download apps from less than reputable websites.

If your smartphone or other device has been infected by any type of malware, bring it to Geek Rescue or call us at 918-369-4335.

The Latest, Nasty Spam And Malware Threat

April 24th, 2014

Malware in email concept

How can you be sure that an email from your bank is what it claims to be? That’s a vital question in the wake of news that the latest spam and malware threat commonly springs from emails resembling messages from banks such as Wells Fargo and Lloyds Bank. Malcolm James of the All Spammed Up blog reports that the way malware is hidden in these spam messages and the way it then attacks your machine is troubling.

The emails come with an attachment. This attachment actually features another file within it, which contains malware. It’s a bit confusing even to write, which means it’s difficult for spam filters and antivirus tools to catch. Users will see a .ZIP file that claims to be a secure message from the bank and even features password protection. When opened, however, the user’s computer is attacked by the Upatre Trojan.

Upatre is the root of the problem, but it doesn’t do any real damage itself. It’s job is to communicate with the attacker and download more harmful malware to your system. The Zeus banking trojan is the first malware to download. It’s designed to steal your online banking log-in credentials. The Necurs malware is also downloaded, which is able to attack and disable security tools. This allows for a load of other malware to infect and attack your machine.

While many attacks of this nature are centralized overseas, the use of Upatre targets the United States almost exclusively. About 97-percent of recorded attacks using the trojan have targeted American users.

One of the issues with this style of attack is that users may not know they’ve been infected with anything for some time. Considering banking passwords are at stake, that’s an extremely dangerous risk.

To stay safe, users must resist the urge to open suspicious looking emails. An email from your bank may not seem suspicious, but remember that banks and other legitimate businesses likely won’t attach a file to an email unless they’ve told you ahead of time what they’re sending. If you have questions about an email, call your bank directly and ask them rather than risking malware infections.

If your computer or other device has been infected with malware, call Geek Rescue at 918-369-4335.

Oldboot Malware ‘Biggest Threat’ To Android Devices

April 16th, 2014

Virus illustration on smartphone

Users of Android smartphones are already at a significantly higher risk of malware infection than their iPhone counterparts. Experts, however, are warning of even more threats coming throughout 2014. One of those threats has already been identified and has infected millions of devices. Chris Smith of BGR reports on the Android malware threat called ‘Oldboot’ that is also being referred to as “the biggest threat to the operating system to date”.

Oldboot is capable of installing malicious apps on a device and can even remain hidden from detection or “fight” antivirus apps by modifying or uninstalling them. But, what makes it so dangerous is Oldboot’s ability to re-infect devices even after seemingly being removed. This malware is stored in the memory of devices and alters booting files. Infected devices then re-install malware in the early stages of their restarting process.

Oldboot is referred to as advanced malware because it has so many capabilities. It’s able to send text messages from a user’s device, modify the browser’s homepage, launch phishing attacks and more.

Perhaps the biggest problem is very little is known to date about what specific Android devices are at risk or even how devices are infected. Most Android malware infects devices through malicious apps. Occasionally, these malicious apps find their way into the official Google Play app store, but more often they’re downloaded from an untrusted source.

Other dangers include malicious text messages and emails and malicious websites visited on your smartphone.

If you think your device has been infected by any form of malware, bring it to Geek Rescue or give us a call at 918-369-4335.

 

2013 Security Report Reveals Large Growth In Malware Production

April 16th, 2014

Malware on circuit board

It’s no secret that malware is an ever-present threat to internet users. It’s also no secret that while defenses against malware are steadily improving, the number of malware being produced and its capabilities are growing. A recent study released by security firm Panda Labs confirmed the growing threat of malware, as Tony Bradley reports for PC World.

In their 2013 security report, Panda Labs found that about a fifth of the malware that exists was created last year. That speaks to the rapid growth of malware production. In 2013 alone, 30-million new threats were created, which breaks down to about 82-thousand per day.

Of these newly minted threats, about 70-percent are trojans, which are particularly troubling forms of malware capable of mining data and even controlling an infected computer while staying hidden from users and security tools. Total, Panda Labs discovered more than 20-million trojans. The rest of the malware was made up of a combination of worms, viruses and adware or spyware. Trojans were also responsible for the most successful infections and accounted for almost 80-percent of infections in 2013.

In terms of application vulnerabilities, Java was to blame for the most attacks. Exploits on a security flaw in Java led to successful attacks on Twitter, Facebook, Apple and Microsoft.

With so many forms of malware around, it’s amazing users aren’t victimized more often. Most users aren’t infected by malware often, but even becoming the victim of malware once each month would mean you avoided all but .0001 of all new threats. Given these statistics, it’s clear why experts warn that there’s no such thing as perfect security.

Panda Labs also agreed with the consensus that in the mobile world, Android is the most popular target for malware producers. They also sent a warning to users that more targeted attacks aimed at stealing data would be coming this year.

Users who are unprotected by security tools like antivirus programs run a significantly higher risk of becoming the victim of an attack. This could lead to the harm of your computer and the theft of your data.

For help securing your computer or recovering from an attack, call Geek Rescue at 918-369-4335.

 

How To Protect Yourself From Spyware

April 15th, 2014

Spyware being erased with pencil

Spyware has been a problem for internet users since the mid-90’s. Software that is able to gather information, or spy on a user, without their knowledge falls under the umbrella of spyware. In 2007, an estimated 850-thousand computers in the US were essentially rendered inoperable by spyware, according to Consumer Reports. Since then, spyware hasn’t become less of a problem, but there are better ways to protect yourself from it. Steve Bell of the BullGuard blog has some tips.

First, it’s important to understand the typical ways spyware gets onto your computer. The most common method is to piggyback on other programs you download. For the most part, free software is free for a reason. While the spyware included might not be malicious, it is still not something you’d volunteer to have on your machine. Some software installation methods will let you opt out of additional programs and spyware that’s included, but others install it automatically.

In order to stay safe, it’s important to be careful about anything you download. Spyware can also stem from spam emails, links and advertisements. There are a number of antivirus tools that also protect you from spyware. There are even some legitimate, dedicated anti-spyware tools, but be careful. There are plenty of programs claiming to be security programs that are actually malware or spyware themselves. Not only will these programs infect your computer, they won’t offer you any protection at all from other threats.

If you’ve already been infected, or if you’re not sure, Windows users can head to the Control Panel and check the list of installed programs. If you don’t recognize some of the programs listed, there’s a chance they’re spyware. Before uninstalling, you might want to do some additional research.

Unfortunately, not every piece of spyware installed on your computer will always show up this way. Some can even convince you that it has been uninstalled but actually remain in operation. For these particularly nasty cases, you’ll have to rely on a trusted security application. They’ll be able to recognize the common characteristics of spyware and either block it before it is installed, or help you remove it.

If your computer is infected with spyware, malware, viruses or you’re having other issues, call Geek Rescue at 918-369-4335.

Report Shows Rise Of Advanced, Intelligent Attacks

April 11th, 2014

Cyber Attack road sign

A common piece of advice is to keep applications updated, especially antivirus programs, to try to keep up with constantly evolving cyber threats. At Dark Reading, Tim Wilson reports on the recently released Websense 2014 Threat Report that finds advanced, targeted attacks are more prevalent than ever before. This means that relying on out of date malware definitions and failing to patch vulnerabilities quickly are more likely to cause users to become victims of an attack.

Websense reports preventing more than 4-billion attacks in 2013. Almost all of these attacks were intelligently designed to by-pass traditional security tools and pursue confidential data. The worry is that not only are the highly targeted, advanced attacks able to fool traditional security infrastructures, but attacks considered more common and able to affect users on a large scale are also using advanced tactics to avoid detection and prevention.

A common attack tactic is the use of malicious links, either on a website or included in an email. Clicking these links causes the download of malware, or directs users to phishing sites designed to steal log-in credentials or other important information. In 2013, 85-percent of these malicious links were found to be located on legitimate, trusted websites that had been compromised. This makes it exponentially more difficult to recognize and prevent this style of attack because the website being used isn’t designed as an attack site.

About one-third of all malicious executable files discovered in 2013 contained custom encryption of programs designed to remotely take control of a system or mine data from it.

There were also a reported 67-million exploit kits discovered throughout last year. An exploit kit is a way for developers with expertise to design an attack and sell it to others to be easily customized and launched at the target of their choosing. These kits make it easier for more criminals to launch an attack because it only takes money, rather than expertise.

The takeaway from the Websense report is that no user is safe. There are so many threats to your safety, you’re bound to run into one eventually. This report also speaks to the importance of being proactive in your security. Update and patch often and be looking for new ways to protect your network.

For help improving the security of your network at home or at the office, or for help recovering from an attack, call Geek Rescue at 918-369-4335.

Unsecured Routers Create Trend Of Attacks

April 9th, 2014

Wireless router

Recently, you may have noticed the scores of headlines reporting attacks on wireless routers. Major brands like Linksys and Asus have been plagued by attacks and experts are speculating that attacks on these devices are becoming a trend. Lucian Constantin at ComputerWorld reports on the details of why wireless routers have become such a popular target of cyber attacks.

The most obvious target of attacks is your computer. It contains a wealth of information that could be valuable for criminals to steal and processing power that attackers can harness. Because computers were being targeted by such a large volume of attacks, security began to improve. Not just in the form of antivirus programs, but even in the way operating systems and other applications were built and updated. Suddenly, it was much more difficult to attack a computer directly.

While hackers began developing more intelligent threats, most attacks will target the path of least resistance. That is no longer a user’s computer. Now, that’s a user’s router.

Wireless routers haven’t been the target of many attacks in the past, so manufacturers and users have not made security a priority. This has made attacking them now relatively easy. In fact, security flaws that haven’t been available to attackers for more than a decade are often still open on wireless routers.

In addition to the relative ease of access, attacking wireless routers allows criminals to access every device connected to them. Now, instead of using a targeted attack to infect one computer, a single attack targeting a router can infect every device in the home, which could include laptops, smartphones, tablets and even TVs, DVRs and other internet ready appliances.

Adding to the problem is the fact that routers aren’t updated automatically, which leads to many of them being extremely outdated from a security standpoint. They aren’t being made securely in the first place, but when a vulnerability becomes public, the patches and updates that are released aren’t being widely implemented. This is true of most applications that require users to actively search out an update and manually install it. In the case of routers, it requires some technical expertise to change settings and update. Many users fail to even change their router’s name and password from the factory default.

The first things for users to understand is that their router is vulnerable. It does need to be updated periodically and needs to have a strong password associated with it. For those who are capable, it’s a good idea your router’s admin interface unavailable from the internet.

Creating an effective security infrastructure requires securing a number of potential attack points. For help improving security for your home or business, or for help recovering from an attack or malware infection, call Geek Rescue at 918-369-4335.

Internet Explorer Tops In Malware Blocking Test

April 3rd, 2014

Internet Explorer logo

Not all malware finds its way onto your computer in the same way. Some relies on tricking users into downloading malicious files disguised as something else. This is often referred to as socially engineered malware. The key to for protecting yourself is avoiding downloading it in the first place. As Antone Gonsalves reports at Network World, Internet Explorer users are at a distinct advantage in that sense.

NSS Labs recently tested the four most popular web browsers against common forms of socially engineered malware stemming from links found in an email, instant messages and other vehicles. Email attachments were excluded from this test. In those tests, IE was found to block 99.9-percent of malware.

The success of Microsoft’s browser is being attributed to a combination of “application reputation technology and URL filtering”. The next best browser, Google Chrome, was able to block only about 70-percent of malware. Mozilla Firefox and Apple Safari each failed to block more than 95-percent of the malware used in the test.

Application reputation technology is able to scan downloads for recognizable characteristics commonly found in malware. Chrome relies heavily on it to protect users, but Firefox and Safari use it at all.

In a previous test, Chrome performed better and blocked more than 83-percent of tested malware. Where IE relies more on URL filtering than application reputation, Chrome does the opposite. One potential reason for the drop in performance is a change in how strict the application reputation system is. Another possible reason is that attackers have been able to devise tactics that avoid detection.

While IE offers more initial security for this type of malware, your browser shouldn’t be your sole security tool. It’s advisable to have antivirus software and firewalls in place, working in tandem with your browser and other tools.

If your computer is infected with malware, or you’d like to explore better options for security, call Geek Rescue at 918-369-4335.

New Form Of Ransomware Contains Loophole For Victims

April 1st, 2014

Ransomware concept

Ransomware is a particularly troubling form of malware. It’s capable of encrypting your files and preventing you from accessing them until you pay a fee. In many cases, the encryption used in these attacks is so strong that users are forced to decide whether to pay or lose the affected files forever. As Jeremy Kirk reports at Network World, one ransomware program makes a mistake that allows users an out.

Late last month, a ransomware program called CryptoDefense began victimizing users. It features the same characteristics as other ransomware. For example, it encrypts your files, specifically using a 2048-bit RSA key. It then takes the key needed to decrypt the files and sends it to the attacker’s server. The difference is that, while CryptoDefense asks for a ransom payment, you don’t need to make one to get access to the key.

The makers of CryptoDefense designed the malware with a critical hole. The key needed to decrypt the files is sent to the attacker’s server, but it’s also stored on the victim’s computer in a file folder. Users with some know-how are able to find the key and unlock their files without making any payments.

Most commonly, CryptoDefense finds its way onto computers via spam email messages. Those that mistakenly open the messages and download the attachment, usually a file disguised as a .PDF, are actually installing the ransomware.

The attackers behind CryptoDefense have collected more than $34-thousand in payments with victims in dozens of countries. With this news, users need to understand that they hold the information they need to defeat the ransomware.

If you’re infected with CryptoDefense, don’t pay the ransom.

If your computer is infected with any type of malware, bring your infected device to Geek Rescue or call us at 918-369-4335.

Failure To Update Leads To Costly Attacks On Businesses

March 28th, 2014

Security concept

A recent study found that many businesses are falling short on basic security measures. While many use antivirus programs and similar tools, they fail to implement them or monitor them correctly, or fail to keep them sufficiently updated. This leads to vulnerabilities that could allow for costly attacks. Brian Prince of Security Week reports on the common vulnerabilities contained in most companies’ security.

Managed security provides, Solutionary, recently released a report about common threats and vulnerabilities they’ve observed with their clients. In it, they find that while nearly all companies understand that using an antivirus program is a necessity, many of them fail to properly maintain it. Because malware and attacks are constantly evolving, it’s already incredibly difficult for security tools to detect threats. When those tools aren’t kept up to date with the latest definitions, it becomes almost impossible for them to provide any real security.

Solutionary found that less than half of the malware that they captured in honeypots was detected by their clients antivirus programs. Compounding that problem is that many of these malicious items downloaded more malware to infected networks, which also weren’t detected by the antivirus program in use.

Many of the vulnerabilities found in a company’s security resides in internal systems. Generally, this happens because external facing systems are a known attack point. Businesses usually spend the majority of their security budget on protecting them. Internal systems, like operating systems and applications like Microsoft Office are regarded as less important. Failing to properly update Windows, or applications leaves known vulnerabilities exposed. A vulnerability in Microsoft Word could lead to a network wide infection.

Missed updates for antivirus programs, operating systems and other applications happen because of a lack of asset management and because the IT security team doesn’t fully understand key pieces of the company’s infrastructure.

For help creating an effective security infrastructure for your business, call Geek Rescue at 918-369-4335.