January 10th, 2014
When was the last time you updated your web browser? Periodically, you’re prompted to update to the latest version in various ways, but not all of those prompts are legitimate. As Zeljka Zorz writes at Help Net Security, agreeing to update your browser from the wrong source leads to malware infections.
It’s a common scam that’s been around for years, but internet users in the UK have seen a recent surge in malicious offers to update their browsers. These offers occur in the form of pop-ups that look official enough. They claim to be “critical updates” and many even trap you in an unending loop that prevents you from closing the tab.
If you agree to download the update, what you’ll actually get is some form of malware. In the recent occurrences seen in the UK, a trojan used to steal information was downloaded instead of a browser update.
These scams are seen most on sites where you stream media. It seems users are more likely to believe that an update is needed when they think they won’t be able to stream the video they wanted to watch. But, even if you think your browser is in need of an update, it’s never a good idea to download from an untrusted source. Instead of clicking through on the pop-up, go directly to the browser developer’s site and check for recent updates.
This scam isn’t limited to web browsers either. Warnings that your operating system, or plug-ins to your browser are out of date are also used to convince you to download a malicious file. In every case, don’t download anything unless you’re on the developer’s site. It is a good idea to regularly check to see if applications you use are out of date. Doing so helps close security flaws and eliminates bugs and compatibility issues. But, you have to be careful when downloading and make sure it’s from a trusted source.
If your computer has been infected by malware, bring it to Geek Rescue or call us at 918-369-4335.
January 9th, 2014
Two-step, or two-factor authentication is a generally trusted way to secure online accounts to ensure that only the account holder can access them. A recent hack on Blizzard’s World of Warcraft online game has exposed a vulnerability many had previously overlooked, however. Antone Gonsalves at Network World details how the attack took place and how it can be prevented in the future.
Two-step authentication requires a user to log-in to their account with their username and password. Then, a second passcode or PIN is supplied to users via text message, email or other means. That second code must also be input to give users access to their accounts. This two-step method is used to verify users anytime they use a new device to log-in.
It seems like a foolproof method for keeping hackers out of accounts that don’t belong to them, but the recent World of Warcraft hack demonstrated how a ‘man-in-the-middle’ attack provides a way around two-step authentication.
First, a trojan infected users on a popular online forum related to World of Warcraft. That trojan allowed for a man-in-the-middle attack, which allows criminals to intercept data and information a user believes they’re entering into a website. In this case, users attempted to log into their accounts using two-step authentication, but were really only giving hackers the information they needed to break into the accounts themselves. This also locked the actual users out of their own accounts.
Similar attacks have been observed on banking sites, where two-step authentication is also commonly used. Experts say these attacks highlight the weakness of most two-step authentication methods, which is the use of in-band authentication or using the same channel to input all information.
Because users are asked to enter their username, password and original generated code at the same time, over the same channel, it makes man-in-the-middle attacks extremely effective. Instead, experts suggest sites use two separate channels. For example, log-in to your account online with your usual information, then users would be prompted to enter a one-time PIN into a mobile app on their smartphone. Another suggested method is to send automated text alerts to users when someone tries to log-in using their information. If the IP address or geographic location doesn’t match their own, users would be able to reject the log-in attempt.
The lesson for users and businesses alike is that even two-step authentication doesn’t keep accounts completely secure. Hackers are getting more intelligent in their attacks all the time and technology that was once thought unbreakable now has vulnerabilities.
If your computer is infected with malware, or you’d like to investigate better security methods for home or business, call Geek Rescue at 918-369-4335.
January 8th, 2014
Ransomware is malware that takes control of a user’s computer and demands a payment to decrypt files. The most famous example of malware is currently Cryptolocker, which first began infecting users last fall. Since then, similar forms of ransomware have been springing up more and more, like the copycat Cryptolocker that targets P2P users. Danielle Walker of SC Magazine reports that the latest form of ransomware hasn’t yet been released, but is expected to be even more dangerous than Cryptolocker.
The name of the new malware is Prison Locker or Power Locker. Security experts first learned of its existence by monitoring underground forums where hackers gather to produce and sell their malware.
Prison Locker performs similarly to other ransomware. When a user is infected, a display window opens that can’t be exited. Other functions of Windows are disabled, as well as the user’s Escape key, Task Manager and Control-Alt-Delete. A user is locked out of their own computer and told they have to pay to regain control. While they’re locked out, files are also encrypted making it impossible for users to access their own data.
The reason many are calling Prison Locker and bigger threat than Cryptolocker is its use of more complex encryption. Prison Locker uses multiple encryption levels. The first of them, called BlowFish, generates a new key for each file it encrypts. That means it has to be broken, or decrypted, one file at a time. In addition, each BlowFish key is encrypted through another method with a unique key for each computer infected. All of this encryption is perceived to be “unbreakable”.
The current asking price for Prison Locker is $100, which suggests it will be widely used soon. The other takeaway from these reports is that ransomware is on the rise. Because of its invasive nature and the ability to directly profit off of each infection, criminals will be using ransomware more often and producing more throughout 2014.
If your computer is infected with any type of malware, call Geek Rescue at 918-369-4335 for help.
January 7th, 2014
Browser hijacking refers to malware that’s capable of changing your browser’s settings without your knowledge. Often, your homepage or default search engine will be changed, new bookmarks or pop-ups added. Spotting the effects of browser hijacking malware is usually easy, but it’s best to avoid infection altogether. Mary Alleyne of Jupiter Support published a list of ways to avoid becoming a victim of hijackware.
- Effective Antivirus Programs
As with any malware, an up-to-date, trusted antivirus program is the key to stopping most infections. Anything you download, even if it’s from a seemingly trustworthy site, should be scanned before you open it. Many antivirus programs also offer constant scanning in the background that will alert you immediately if malware, viruses or trojans have infected your system.
Unfortunately, malware is updated and new pieces released at a rate too fast for antivirus programs to keep up with. This means that even the best antivirus programs can’t be relied on to catch every piece of malware. Since there’s always a chance that your computer will be infected with a browser hijacker or other malware, take precautions and make a plan for how you’ll recover. Back-up important data and look into other security software that will aide your antivirus program.
Most popular web browsers offer higher security if you’re willing to sacrifice some functionality. In Internet Explorer, these settings are available under ‘Internet Options’ on the ‘Security’ tab. While setting the security level to ‘High’ will prevent your browser from automatically executing some code, including activeX instructions that allow most browser hijackers to function, it will also prevent some websites from working properly. For trusted sites however, you’ll be able to add them to an exceptions list that restores full functionality to only those sites.
Almost all browser hijacking malware is specifically coded for one browser. This means that malware that works for IE won’t work for Firefox or Chrome and vice versa. The simplest way to avoid the problem if you’re infected with hijackware is to use a different browser. But, the problem won’t be fixed and shouldn’t be ignored. Switching browsers is a simple way to end the hijacking, but you’ll still want to try to get rid of the malware causing it.
More in-depth fixes like editing the ‘Hosts’ file for malicious entries and searching the registry for specific websites also help overcome browser hijacking malware, but require a little more expertise.
If your computer is infected with malware, Geek Rescue fixes it. Bring your device to us, or call us at 918-369-4335.
January 6th, 2014
Even with all of the news stories about the latest hacks, such as Adobe, Snapchat and Target, there are still some individuals who don’t fully grasp what’s at stake. Jose Pagliery of CNN Money explains how much becoming a victim of a cyber attack could cost you.
In the case of the attack on Target, debit and credit card information was stolen. It’s easy to understand why you would want to keep that information out of the hands of criminals. But, this type of attack and fraud usually isn’t as costly as others. That’s because most people pay close attention to bank accounts and credit card bills and will notice anything out of the ordinary. Then, it’s an easy process to report the fraud and cancel the card.
It’s actually much worse for users when their log-in information and passwords are stolen. It doesn’t even have to be an account that houses any valuable information. Because about half of internet users use the same password for multiple accounts, even stealing the log-ins for a message board could lead to a much bigger breach in security. With one password, criminals can find an email associated with that account. They then will try to break into that email and, if successful, can take a number of potentially valuable actions.
Think about all of the old messages still stored in your inbox. Many of those could contain information that a criminal could use to steal your identity or your money. Those old messages could also lead hackers to other accounts you have online, which could allow them access to your social security number, or bank accounts. Even gaining access to your phone account could allow them to order a new device and rack up big charges.
With access to your email, criminals also have access to your contacts. They can send emails with malware attached to try to infect other users. Worse still, they can contact friends and attempt to scam them out of money or information.
There is a seemingly endless list of malicious tactics a criminal can take if they’re able to gain access to just one of your many online accounts. Keeping those accounts and your computer safe is worth your time. You need to use strong, unique passwords for each account you create. If you have potentially valuable information stored in your email, back it up elsewhere and delete it. Keep close tabs on all of your accounts so that you’ll be able to quickly tell if one has been compromised and take the necessary action.
At Geek Rescue, we help improve security for your home or business. We also fix devices with malware infections, broken hardware or any other issues. Come by or call us at 918-369-4335.
January 6th, 2014
The latest headlines making malware attack concerns Yahoo users. A security firm based in the Netherlands, Fox IT, reported over the weekend that Yahoo’s advertising servers were compromised. Faith Karimi and Joe Sutton of CNN report that malicious ads were shown to a number of users.
Users who visited Yahoo’s website between December 31st and January 3rd are at risk of a malware infection. Yahoo has publicly stated that users in North America, Latin America and Asia were not affected and most infections are limited to the UK, France and Romania.
Those users who were affected were served malicious ads directly from Yahoo thanks to an exploit kit that installed malware on Yahoo’s servers. Researchers warn that users didn’t even need to click on ads to risk an infection. At an estimated 9-percent successful malware infection rate, about 27-thousand users would be infected every hour these ads were allowed to run. Yahoo was not able to remove the malicious ads until they had been displaying for nearly 4-days.
Only PC users were at risk, however. The malware could not infect Mac users or those using mobile devices.
If infected the malware is capable of a number of actions. Click fraud, which consists of malware opening web browsers and clicking on ads to generate revenue, is one of the least severe threats. The malware can also remotely control a computer, disable security software and steal log-in information and passwords.
Even though this particular threat did not seem to infect any computers in the US, it should serve as a warning to all internet users. Yahoo is generally a trusted website, but was compromised by criminals and began infecting users with malware. This can happen to any site you typically visit. In order to stay safe, you need an up to date, trusted antivirus program in place.
If your computer has been infected by malware or you’d like to improve security on your devices, call Geek Rescue at 918-369-4335.
January 3rd, 2014
Cryptolocker was perhaps the most talked about piece of malware during the final months of 2013. After infecting an estimated 300-thousand computers in its first three months of existence, it should be no surprise that Cryptolocker is now launching copycat malware. John E. Dunn of Tech World reports that Crilock.A, otherwise known as Cryptolocker 2.0 began infecting users just before Christmas.
Security experts say that it’s likely that version 2.0 stems from a copycat rather than the same group responsible for the original Cryptolocker because it’s not as complex. Rather than spreading through malicious emails, 2.0 infects users by posing Microsoft Office or Adobe Photoshop files on peer to peer file sharing sites. This is a much smaller target audience but also makes it less likely that Cyptolocker 2.0 will be reported to authorities.
In many ways, however, Cryptolocker 2.0 performs the same way the original does. After infecting a machine, it encrypts files with certain extensions and demands a ransom to decrypt them. 2.0 targets a wider range of files than the original also. This is likely because of the users being targeted. Music, image and video files are all included on the encryption list.
Cryptolocker 2.0 is also capable of spreading to removable drives. Anything connected via USB could be infected. This isn’t a new capability for malware, but could prolong the malware’s life.
Included in Cryptolocker 2.0 are other components that launch separate attacks. One is used for DDoS attacks. Two others are designed to steal Bitcoins.
Similarly to the original Cryptolocker, overcoming an infection and regaining your encrypted files is difficult. The best protection is to avoid an infection in the first place. Thankfully, in the case of Cryptolocker 2.0, for now avoiding an infection is as easy as avoiding peer to peer file sharing sites. Although, there is always the possibility that other users will be targeted at a later date.
If your computer is the victim of a malware attack, call Geek Rescue at 918-369-4335.
January 3rd, 2014
Recently, social network SnapChat has been making headlines for all the wrong reasons. Nearly 5-million users’ accounts were compromised and criminals made off with usernames and phone numbers. That has left many to wonder, what does a hacker want with my phone number? Quentin Fottrell of Market Watch set out to answer that question.
The most obvious reason why a hacker having your phone number would be a bad thing is the same reason you’re hesitant to give out your number in the real world. They might just use it. Malware and phishing attacks on smartphones increased steadily throughout 2013. When a criminal learns your phone number, you’re significantly more likely to receive malicious text messages. These can either be an annoyance, or a serious problem based on the type of messages being sent and your reaction to them.
Another problem that many users fail to realize is that your phone number is associated with a number of your online accounts. Particularly on social media, knowing a user’s phone number can help you find their profile. Finding their profile allows you to associate their name, birth day and other information to that phone number. Armed with that knowledge, a criminal could easily steal your identity and break into a number of important accounts. Since phone numbers don’t change often, one could argue that they’re more valuable online than even physical addresses and email addresses.
This doesn’t mean that you should never give out your phone number to any website. You shouldn’t make it public on any social media profiles, but there are other instances where it actually enhances security. In the case of two-factor authentication, your phone number is used to a second level of security to safeguard important accounts for email and banking sites. Security experts advise you to feel free to give out your phone number online if it’s for a specific use.
Unfortunately for SnapChat users, there’s no way to use the service without giving up your phone number.
At Geek Rescue, we specialize in security. If you’d like to improve the security at home or at the office, give us a call at 918-369-4335. We also fix devices that have been infected by malware.
January 2nd, 2014
Staying safe online requires the right security tools. It also requires the right knowledge of common threats. Knowing how criminals typically attack your computer educates you on how to prevent those attacks. Roger A. Grimes at Computer World published his list of the most devious attacks currently being used and how to protect yourself from them.
There a plenty of public places where people typically use free, public WiFi. Unfortunately, networks in places like coffee shops, libraries and airports are also common targets for hackers. They’re able to set-up fake wireless access points, or WAPs, that fool users. Users connect using a network with a believable name, but are actually giving a criminal access to all the data they transmit. This is an easy way for hackers to steal passwords, banking information and more. To protect yourself, be extremely wary of public WiFi. Don’t enter any financial information or visit any sites that require a password.
Cookies have been used by websites for years to make your browsing experience faster and more convenient. These text files store information so you don’t have to log-in every time you visit the same site, or otherwise streamline your experience. That information is dangerous if stolen, however. Hackers use a number of methods for stealing cookies. When they’re successful, they’re able to immediately gain access to certain sites and sometimes even gain payment information. Make sure that if you have cookies enabled, you’re only using HTTPS websites that use the latest encryption methods.
This is not only a common attack method, but also a simple one. Hackers use some social engineering to gain more downloads of malicious files and tempt more users to open those files. No one would want to download ‘malware.exe’, but when the file name is something more salacious or relevant to the user, many can’t resist. Some even use false file extensions to confuse users. The full file name may be ‘image.jpeg.exe’. The file is an executable application, not an image, but ‘.jpeg’ fools many users. To protect yourself, don’t download files that sound too good to be true and only download from trusted sources. If you aren’t expecting a file to be emailed to you, don’t open any attachments. Also, be sure to scan anything you download with your antivirus program before you open it.
Windows users have a DNS-related file named ‘Hosts’ in their ‘Drivers’ folder. Typically, there’s no reason for a normal user to interact with ‘Hosts’. It contains domain names that a user has visited and links them to their IP addresses. This is a way around having to contact DNS servers and perform recursive name resolution every time a popular site is visited. But, this opens the door for hackers to enter their own malicious entries into ‘Hosts’. By changing the IP addresses linked to common domain names, a hacker can redirect users to a spoofed version of a legitimate site. These malicious sites usually look very similar to the original, but are used to steal your data. This is a difficult attack to spot. If a site looks different than usual, avoid it. Don’t enter any information on a site that looks different than you’d expect. If you suspect you’re being maliciously redirected, examine your ‘Hosts’ file.
These are only a small collection of ways criminals can steal your data and infect your computer. For help improving your security, or fixing the effects an attack has had on your system, call Geek Rescue at 918-369-4335.
December 31st, 2013
If you use a smartphone or digital camera, you’re probably familiar with SD cards. They’re the small cards that store data using flash memory. For most users, they only think about their SD card when they’re transferring contacts to a new phone or removing pictures from their camera. As Stephen Shankland reports for CNet, however, a new technique exposed by security researchers has demonstrated how vulnerable SD cards are to “man in the middle” attacks.
A man in the middle attacks is true to its name. When data is transferred from one location or device to another, a third party intercepts that data in order to monitor, modify or copy it. This allows a criminal to gain access to valuable data like credit card information, or encryption keys. They could also substitute malicious files for trusted files in order to infect users with malware.
The vulnerability in SD cards exists in the cards’ microcontrollers. These are like built-in computers that manage the data stored on the SD card. By reverse engineering an SD card, researchers were able to install and run new firmware on the microcontroller then installed an application that would intercept data being sent by the device.
The specific attack used in the researchers’ demonstration doesn’t work for any flash-memory device because of variations in the microcontrollers, but this example exposes vulnerabilities for all devices using flash memory. This means similar attacks could be used to steal data from solid-state drives or eMMC storage for smartphones.
This is yet another example of the vulnerability of mobile devices. With millions of users and a general lack of security in place, mobile devices are an inviting target for hackers and new threats are emerging all the time. While this particular attack will need a change to the make-up of SD cards to close the vulnerability, other threats need only smarter user behavior. Remember that your mobile device faces the same risks as your PC and protecting it requires vigilance.
If any of your devices have been infected with malware, bring it to Geek Rescue or give us a call at 918-369-4335.
