February 14th, 2014
This week, in the monthly edition of Patch Tuesday, Microsoft released a number of patches to fix vulnerabilities in Internet Explorer. Just days later, Microsoft has confirmed that a zero-day exploit is being used in an active attack campaign that targets IE 9 and 10. Brandan Blevins of Search Security reports more details.
The label ‘zero-day’ categorizes attacks that exploit vulnerabilities before a patch can be created. By definition, this is a case where attackers learned of a vulnerability before the developers.
The attack is also categorized as a “watering hole attack”, which means that a specific website is being targeted in order to infect the group that typically visits that site. In this case, the U.S. Veterans of Foreign Wars’ website has its HTML code tampered with in order to load a malicious web page for visitors. When that page loads, malware is downloaded and executed on the user’s machine.
The attack exploits what’s being called the “use-after-free” bug, which allows for one byte of memory to be modified at “an arbitrary address”.
Microsoft has not announced whether a patch will be rushed out to fix the vulnerability or if users will have to wait for March’s Patch Tuesday. In the meantime, there are two options for IE 9 and 10 users.
One is a complicated fix using Microsoft’s Enhanced Mitigation Toolkit Experience.
A simpler fix is to stop using IE 9 and 10 until a patch is released. Either change browsers to Chrome, Firefox or another popular choice, or upgrade Internet Explorer to version 11.
If your computer has already been infected with malware, bring it to Geek Rescue, or call us at 918-369-4335.
February 13th, 2014
In Cisco’s Annual Security Report, they claim that 99-percent of mobile malware targeted Android in 2013. Whether or not that’s completely accurate, it’s safe to say that more threats exist for Android users than their iOS counterparts. That doesn’t mean, however, that security shouldn’t be a concern for iPhone users. As Tom Brewster of The Guardian reports, there were 387 documented security flaws in iOS in 2012 compared to only 13 for Android. When iOS debuted, another 70 flaws needed to be patched. The existence of flaws doesn’t mean attacks on them are inevitable, but it does illustrate how vulnerable iOS users are. Here are a few ways attackers could attack Apple devices.
Even if the base of iOS itself isn’t vulnerable to attacks, the apps that users add often are. One prominent flaw is the allowance of developers to switch the internet address that apps use to acquire data. Hackers are able to exploit this flaw and associate an otherwise legitimate app with their own malicious site. This allows the attackers to execute a variety of malicious actions on a user’s device.
Legitimate apps often contains security vulnerabilities, but there’s only been one documented case of a malicious app being allowed into the official App Store. That likely won’t be the case for long, however. Researchers have already demonstrated ways for a harmful app to be approved by Apple and earn a spot in the app store. One demonstrated app works legitimately when tested by Apple, but is able to rearrange its code when it’s downloaded by users to steal data and remotely control certain functions of the the device.
Insecure WiFi opens up a number of possible attacks, regardless of what device you’re using to access it. Not only does data being sent to and from your device become vulnerable, but data stored insecurely on your device could also be vulnerable to an attack. While these dangers aren’t limited to iOS users, the perceived security of Apple devices often leads to iPhone users being more cavalier in the use of their device, which can lead to valuable data being stolen with little effort.
This is another threat that isn’t limited to iOS, but certainly is a threat worth understanding. The use of fake, or stolen, security certificates is a growing trend in cyber attacks and allows for malicious programs to be accepted and executed. For example, an email that appears to be from a legitimate source asks users to download an application, update or even just a document. Without a trusted certificate, users would be warned about the download. With a false certificate, or one stolen from a legitimate source, an application is accepted as trusted by the operating system and malware is allowed to infect your device.
Protecting against these vulnerabilities often requires users to be more careful about how they use their devices. Understanding that your iPhone isn’t completely immune from common threats is important.
If you find that one of your devices has been infected by malware, call Geek Rescue at 918-369-4335.
February 11th, 2014
One of the biggest mistakes made in security by local businesses is a belief that they won’t be targeted in an attack because they have less to offer than larger enterprises. That mistake leads to weak security, which attracts attacks and leaves you susceptible to untargeted attacks. Take the latest news of a Cryptolocker victim for example. John E. Dunn of CIO reports that a local law firm in Charlotte recently lost critical data after Cryptolocker infected their network.
Cryptolocker found its way on the law firms computers after an email and its malicious attachment were mistakenly opened. An employee believed the email was from the firm’s phone answering service. After that, Cryptolocker couldn’t be stopped from encrypting thousands of legal documents critical to the law firm’s operations.
The nature of law firms makes them enticing targets for Cryptolocker and similar attacks because they can’t afford to lose access to their documents. Any business with money to spend, but no time to waste is likely to pay the ransom associated with decrypting files.
In the case of the Charlotte law firm, their IT team first attempted to unlock the files and work around the malware. When their efforts were unsuccessful, the firm attempted to pay the $300 ransom, but they were informed that the deadline had past and the files were permanently locked.
The law firm notes that had an attack stolen the important documents, rather than only encrypting them, the damage could’ve been much worse. Still, they lost access to every file stored on their main server, which prevents them from serving many of their clients.
For any size business, it’s important to educate employees about this type of threat in order to avoid infection in the first place. Regular back-ups of files will also save you from a disastrous loss of data.
Small business owners need to stop believing that an attack of this nature will never happen to them. Malware infections are costly to any business and statistically just as likely to strike small, local companies as they are large enterprises.
For help improving the security at your business, or for help recovering from a malware infection, call Geek Rescue at 918-369-4335.
February 7th, 2014
Many internet users believe that the key to avoiding a malware infection is to only visit legitimate websites and never open suspicious looking email or download attachments. While this is certainly going to keep users safe from a large amount of malware, it doesn’t keep them safe from all of it. This is evidenced by a recent exploit of a vulnerability in Adobe’s Flash player. As Lucian Constantin reports for PC World, this exploit infected victims with malware capable of stealing users’ log-in credentials for a variety of websites.
Security experts uncovered 11 exploit files targeting this vulnerability, which reveals that the same security flaw was being used by hackers in different ways. Some of the exploit files were designed to execute other files, one downloaded other malicious files and one was a trojan that steals log-in credentials saved in email and web browsers.
Experts found that each file was embedded within Microsoft Word .docx files and target Windows users specifically. Though one attack used malicious emails with a rigged .docx file as an attachment to infect users, most files were found in internet caches suggesting they were downloaded from websites.
These files have already been used in attacks against real-world users, as evidenced by Adobe’s use of the phrase “in the wild” to describe them. Since the vulnerability is known in the hacking community, expect more attacks to be rolled out exploiting it.
To their credit, Adobe scrambled to release a patch that would eliminate the Flash security flaw. This is version 22.214.171.124 for Windows and Mac users. If you haven’t updated Flash on your machine yet, be sure to do that as soon as possible.
If your computer has been infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
February 6th, 2014
There are a number of ways for hackers to hijack your web browser. Usually, this stems from a user downloading a seemingly legitimate application like a game or security tool. Hidden as part of that download is malware that allows for browser hijacking. As Lisa Vaas of Naked Security reports, Google Chrome users now have a better warning system in place for any attempts to hijack the browser.
Since October, Chrome has featured a “reset browser settings” option. To find it, go to the Advanced Settings menu and scroll to the bottom. Pushing this button resets Chrome to all of the default settings it came with and removes all extensions and apps associated with your browser. It’s like starting over from scratch, which is useful if a malicious program has changed settings you aren’t aware of.
The first few months of the ‘reset browser settings’ button’s existence, it was limited because of its relatively hidden place within the settings menu. There was always the possibility that users may not know about that option, or that they won’t know their browser is being hijacked.
Now, Google has introduced a new warning system that causes a message to pop-up on screen anytime Google’s settings are changed without the user’s knowledge. Users are able to reset their settings directly from that warning pop-up.
For some users, resetting their browsers back to the factory default settings isn’t the best option, despite evidence of browser hijacking. Many have already asked Google to include an option to return to a previously saved state. This way, you wouldn’t need to completely re-customize Chrome. Some of your extensions and settings would stay in tact, rather than resetting everything and making you alter every setting and add extensions again. There’s been no word yet if Google will make this possible in a later update.
Typically, browser hijacking is easy to spot. You’ll notice your homepage has been changed, or that ads are being injected into websites where they don’t belong. Some hijacking malware can’t be thwarted by a simple reset of browser settings, however. Depending on the type of infection you encounter, failure to find and completely remove the malware could result in repeated browser hijacking. In these cases, resetting your browser only fixes the problem temporarily.
If you believe your computer has been infected with malware, come see us at Geek Rescue or call us at 918-369-4335.
February 4th, 2014
Any time one of the giant email providers is hacked, it’s major news. A large scale attack affecting thousands to millions of users most recently hit Yahoo. Attacks on your email aren’t always part of a larger effort, however. Sometimes, your email is hacked because a device you use to access it is infected with malware, or because it shares a password with a less secure online account you use. Sometimes, there’s little you can do to avoid having your email’s security compromised. But, it’s important to be able to quickly recognize the warning signs of a hack so you can get to work resolving it. At Tech2, Nishtha Kanal explained a way to see who has been accessing your Gmail account recently.
To find out the last 10 devices that have accessed your Gmail account, you’ll first need to long in on a desktop browser. This won’t work on the Gmail app. Scroll all the way to the bottom of your inbox and locate a link called “Details” on the right side of the page. Clicking that link will open a pop-up detailing the recent activity on your account. You’ll be able to see what type of device has accessed your account, when it was accessed and where the IP address of the device is located.
Even if you don’t suspect any malicious activity on your Gmail account, it’s a good idea to regularly check this log. This way, you’re sure to catch any break-ins before they have an opportunity to do any real damage.
If you’re not a Gmail user, or you’d like some other ways to monitor your email account, there are other methods. Monitoring your ‘Sent’ folder helps you keep tabs on how your account is being used. Many times, hackers will use your email to spam all of your contacts. These messages don’t always show up in the ‘Sent’ folder, but if any messages do show up there that you aren’t familiar with, you’ll know someone else has access to your account.
If you find your email has been hacked, there’s a good chance your computer is also infected with malware. Bring your infected devices to Geek Rescue, or give us a call at 918-369-4335.
February 3rd, 2014
More than a quarter of all internet users have Mozilla Firefox set as their primary web browser. Just like any other browser, however, there are some security concerns you need to understand. Andy O’Donnell at About recently published a few ways you can enhance the security in Firefox for a safer browsing experience.
Most websites you visit track the actions you take while on their site and even after you leave. Usually, this isn’t connected to anything malicious. Instead, this data is used for marketing to offer you a more personalized experience. Many users would prefer not to be tracked for any reason, however, and Firefox has a handy tool for that. To enable ‘Do Not Track’, go to ‘Preferences’, choose ‘Privacy’ and check the box next to “Tell websites that I don’t want to be tracked.” This doesn’t guarantee that websites will never track you, but most legitimate websites obey your wishes.
- Phishing and Malware protection
It’s easy to lose yourself while surfing the internet and wind up on a less than reputable website. You may not even know a website is malicious at the time, but there are many designed specifically to infect your computer with malware or steal your information. You can provide better protection against malware and phishing by enabling a couple of options in Firefox. From the ‘Preferences’ menu. click ‘Security’ and check “Block reported attack sites” and “Block reported web forgeries”. This checks each site you visit against a constantly updated list of known malicious sites. If you attempt to visit a site on the list, you’ll be blocked and kept safe.
There are a number of attacks that use scripts on websites. There are also plenty of legitimate uses for scripts that developers use to enhance their sites. So, blocking them completely will limit how well legitimate sites you visit are able to function. Not blocking them at all leaves you open many common attacks. The best option is to use an add-on that blocks scripts on untrusted sites. There are many to choose from. To find them, go to Mozilla’s Add-on site and search “noscript”. Click the “Add to Firefox” button next to the add-on you wish to use and follow the on-screen instructions. The default for each site will be to block scripts, but when you visit a trusted site, you can choose to allow them so the website will work properly.
Pop-up blockers have become so widely used that almost no one even tries to use pop-ups anymore. But, there are still some annoyances online if you don’t have a pop-up blocker in place. To enable it in Firefox, go to ‘Preferences’, choose ‘Content’ and check the “block pop-up windows” box. If you run into a site that need pop-ups allowed to function properly, you can always add it as an exception.
Regardless of which web browser you typically use, you need to know tips like these to make it as secure as possible. Additionally, it’s important to have other security tools in place, like an updated antivirus program.
If your computer or any other device has suffered an attack or malware infection, call Geek Rescue at 918-369-4335.
January 31st, 2014
Even though 2014 is only a month old, it’s already become clear that this year will feature many large scale malware attacks on smartphones and mobile devices. Mobile security has been a focus for many this year because of the growing number of attacks being seen and the malware being produced specifically for the mobile audience. At SC Magazine, Adam Greenberg reports on the latest mobile malware threat that has already infected more than 350-thousand devices.
The malware targets Android devices and has been spotted in China, Spain, Brazil, Germany and the United States. Known as Android.Oldboot.1.origin, the malware operates as a bootkit and is difficult to remove.
The malware is designed to download and install new applications to your device, or even remove existing applications. This allows for additional malicious applications to be added and security apps to be removed.
The particularly noteworthy characteristic of this malware is how resilient it is. During the initial infection, the malware, which is categorized as a trojan, is extracted when the device is turned on. This makes it more difficult to detect than other malware that attempt extraction while the device is in operation. That also allows it to continue to infect a device even when most traces of the trojan have been removed. As long as part of the malware remains in the device’s memory, it is reinstalled and extracted every time the device is rebooted.
This particular threat seems to follow a more complicated infection method that involves reflashing a device with new firmware. Staying safe from most mobile malware, however, stems from being extremely cautious of what you download to your device and what links you follow.
If any of your devices are suffering from a malware infection, come by Geek Rescue or call us at 918-369-4335.
January 30th, 2014
Planning is a key step to effective data security for your business. If you know how you’re likely to be attacked, you’ll know how to best protect yourself. At PC World, Tony Bradley published a list of security threats he expects to be common throughout 2014.
The time when you could consider your smartphone immune from the dangers of malware has passed. With a large percentage of the population not only using mobile devices, but using them to access critical data, criminals have begun heavily targeting them with mobile-specific malware. And infection can stem from a number of places. Email, malicious links and text messaging are all popular modes of malware infection, but even connecting to an infected computer via USB has been the root of infection in some attacks.
You’ve likely seen this buzzword in the media and it refers to the growing number 0f items with internet capabilities. Your refrigerator, car, home security system, baby monitor and many other common items can now be online and controlled remotely. While this may present a convenience for you, it also poses a security risk as hackers may also be able to gain control of your things. We’ve already seen a refrigerator used as part of a botnet. Be aware that if an item in your home or business can connect to the internet, it can be hacked.
Patches and security updates for this operating system will be discontinued by Microsoft this April. While Microsoft Security Essentials will receive support until the summer of 2015, this still presents a significant security issue. A large portion of the world’s desktop computers, particularly in offices, are still running XP. Worse is that kiosks and other embedded devices also run off of XP. When Microsoft stops supporting their old operating system, developers will also likely stop releasing updates for their XP applications. This leaves users in a frozen state where known exploits won’t be fixed. Some security experts are forecasting that hackers will wait until support stops and then launch all out attacks on XP systems.
Due to the success of attacks, like those on Target and Nieman Marcus, expect large scale data breaches to continue. Cyber criminals understand how valuable data can be and are willing to launch intelligent attacks to steal it. Staying protected requires planning, putting proper security tools in place and being smart about what you download and who you allow on your network.
For help improving the security at your company or on your home PC, call Geek Rescue at 918-369-4335.
January 28th, 2014
The threat of Cryptolocker style malware has been around for months, but evolving threats continue to emerge. Copycats and other forms of ransomware are being churned out due to the ease of production and the immediate benefits. As Ken Westin reports for State of Security, the latest variant of Cryptolocker is being spread through Yahoo messenger.
The malware was first spotted in Asia where it victimized a number of financial institutions. The nature of this ransomware allows it to spread quickly, however. Much like a malicious email that infects one computer, then emails itself to every contact in a user’s address book, this malware infects a computer and then sends a malicious file to contacts through Yahoo messenger.
First, you receive a message from a contact on Messenger. It appears to be an image file called “YOURS.JPG” but the actual extension is .exe. With some clever social engineering, users are coaxed to download and open the file. Once opened, the malware goes to work adding files to your system and injecting code into memory. Eventually, the malware begins encrypting files and locking down your computer.
Users are presented an alert that their files are encrypted and given a ransom note that demands payment to unlock their computer. New encryption keys are used in each attack, making decryption particularly difficult, if not impossible. While you deal with the encryption of your files, the malware spreads itself to new victims by sending the malicious file to your contacts.
As with other forms of ransomware, the best protection is to avoid infection. Even trusted contacts can send you malicious files. Even if you’re expecting a file to be sent to you over email or instant messaging, be sure to check it thoroughly before opening.
If your computer is infected with any type of malware, contact Geek Rescue at 918-369-4335.