Zero-Day Exploit Surfaces Affecting All IE Users

April 28th, 2014

Microsoft sign

Microsoft’s web browser, Internet Explorer, is among the most used browsers worldwide. It’s also trusted by a number of companies as their standard web browser. That’s why when exploits surface that allow attackers to victimize IE users, it’s big news. At PC Mag, Chloe Albanesius reports on the latest threat to IE, which is a zero-day exploit that allows for remote code execution.

The flaw in Internet Explorer allows attackers to remotely execute code when a user visits a malicious website specifically designed for this purpose. This typically happens when a user clicks on a link sent to them through a spam email or instant messenger. Potentially, an attacker could gain the same rights as the current user, which could lead to them being credentialed as an administrator on your own machine.

This potential exploit is said to exist in versions 6 though 11 of IE, which should account for at least 99-percent of active IE programs, if not all of them. So far, however, attackers are reportedly only targeting IE 9, 10 and 11, which would represent the bulk of IE users. Overall, this vulnerability affects about a quarter of all web browsers in use.

For IE 10 and 11 users, ‘Enhanced Protected Mode’, which runs by default unless changed by the user, helps to protect against this exploit. It should not be considered a fix, however. The only way to fully protect IE browsers would be to install a patch released by Microsoft. So far, no patch has been released.

In the meantime, users can use additional caution and avoid clicking any links or visiting any untrusted websites. Or, if possible, a different browser can be used until the IE security issues are fixed.

This is also a noteworthy exploit because it’s the first vulnerability that will not be patched for Windows XP users since Microsoft recently ended support for that operating system. Those users would be wise to use a different web browser for now and update to a different operating system as soon as possible.

If your computer falls victim to an attack, or you’d like to explore additional security options, call Geek Rescue at 918-369-4335.

Premium Text Sending Trojan Targets US Android Users

April 25th, 2014

Text message bubble on smartphone

There have been plenty of warnings about malware targeting Android devices. The Android operating system, due in large part to its open source nature, has been plagued by security threats at a much higher rate than Apple’s iOS. Still, there’s never been a documented trojan capable of sending premium SMS messages victimize users in the United States. As Adam Greenberg of SC Magazine reports, a trojan known as FakeInst has now done just that.

FakeInst isn’t only capable of sending text messages that cost users money. It’s also able delete messages, steal them and respond to contacts.

Users in the US also are far from the only victims of the SMS trojan. In all, 66 countries have been affected, including Canada, Mexico, France, Spain and Italy.

Unlike some other more malicious threats that infect devices through no real fault of their users, FakeInst has a specific infection method. A phishing website is set up that attracts users who are on their Android smartphone looking for pornographic content. The site asks visitors to download an application. After installing the application, the user is then asked to send a text message to a service to access content. These actions allow the trojan to infect the device and decrypt the necessary information needed to take over SMS capabilities.

This ends with the malware sending premium text messages that cost about $2 each.

Researchers have tracked the trojan to Russian origins, where the first reports of infection were found.

Thankfully, for most users this threat is easy to avoid. Don’t install apps from outside of the official Google Play store and certainly don’t download apps from less than reputable websites.

If your smartphone or other device has been infected by any type of malware, bring it to Geek Rescue or call us at 918-369-4335.

The Latest, Nasty Spam And Malware Threat

April 24th, 2014

Malware in email concept

How can you be sure that an email from your bank is what it claims to be? That’s a vital question in the wake of news that the latest spam and malware threat commonly springs from emails resembling messages from banks such as Wells Fargo and Lloyds Bank. Malcolm James of the All Spammed Up blog reports that the way malware is hidden in these spam messages and the way it then attacks your machine is troubling.

The emails come with an attachment. This attachment actually features another file within it, which contains malware. It’s a bit confusing even to write, which means it’s difficult for spam filters and antivirus tools to catch. Users will see a .ZIP file that claims to be a secure message from the bank and even features password protection. When opened, however, the user’s computer is attacked by the Upatre Trojan.

Upatre is the root of the problem, but it doesn’t do any real damage itself. It’s job is to communicate with the attacker and download more harmful malware to your system. The Zeus banking trojan is the first malware to download. It’s designed to steal your online banking log-in credentials. The Necurs malware is also downloaded, which is able to attack and disable security tools. This allows for a load of other malware to infect and attack your machine.

While many attacks of this nature are centralized overseas, the use of Upatre targets the United States almost exclusively. About 97-percent of recorded attacks using the trojan have targeted American users.

One of the issues with this style of attack is that users may not know they’ve been infected with anything for some time. Considering banking passwords are at stake, that’s an extremely dangerous risk.

To stay safe, users must resist the urge to open suspicious looking emails. An email from your bank may not seem suspicious, but remember that banks and other legitimate businesses likely won’t attach a file to an email unless they’ve told you ahead of time what they’re sending. If you have questions about an email, call your bank directly and ask them rather than risking malware infections.

If your computer or other device has been infected with malware, call Geek Rescue at 918-369-4335.

How Long Does It Take To Recover From An SQL Injection Attack?

April 23rd, 2014

Days on calendar

SQL injections are a popular form of attack that exploits vulnerabilities in applications. This type of attack commonly targets web applications used by companies and, as Kelly Jackson Higgins of Dark Reading reports, it can take months to discover the attack and mitigate it.

Over the past year, SQL injections have been discovered at 65-percent of organizations polled. This is a common form of attack that can be used on networks of any size, from businesses large and small to even homes. On average, these attacks take 9-months from the time the attack occurs initially to the time a company fully recovers. Much of that time, about 140-days on average, is spent not knowing the SQL injection is even taking place. In fact, nearly half of companies that have been the victim of these attacks say it’s taken a minimum of 6-months to detect them.

The respondents in the study were made up of 595 IT professionals working for both commercial and government organizations in the US. The issue, it seems, is that most businesses don’t test third party applications for potential vulnerabilities. Considering the vital nature of third party applications for many businesses, this is a costly misstep. Many businesses also continue to rely on signature-based security. This leaves them vulnerable to attacks that have not yet been spotted and categorized. For cutting edge and more intelligent attacks, a shift to behavioral analysis based tools is needed.

Making matters worse is the growing trend of mobile devices using a company’s network. Many of the surveyed IT professionals agreed that these devices made it harder to find the source of the SQL injections.

SQL injections are a real threat and while more and more businesses are aware of them, more needs to be done to protect against them.

For help protecting against costly attacks on your network or recovering from one, call Geek Rescue at 918-369-4335.

Oldboot Malware ‘Biggest Threat’ To Android Devices

April 16th, 2014

Virus illustration on smartphone

Users of Android smartphones are already at a significantly higher risk of malware infection than their iPhone counterparts. Experts, however, are warning of even more threats coming throughout 2014. One of those threats has already been identified and has infected millions of devices. Chris Smith of BGR reports on the Android malware threat called ‘Oldboot’ that is also being referred to as “the biggest threat to the operating system to date”.

Oldboot is capable of installing malicious apps on a device and can even remain hidden from detection or “fight” antivirus apps by modifying or uninstalling them. But, what makes it so dangerous is Oldboot’s ability to re-infect devices even after seemingly being removed. This malware is stored in the memory of devices and alters booting files. Infected devices then re-install malware in the early stages of their restarting process.

Oldboot is referred to as advanced malware because it has so many capabilities. It’s able to send text messages from a user’s device, modify the browser’s homepage, launch phishing attacks and more.

Perhaps the biggest problem is very little is known to date about what specific Android devices are at risk or even how devices are infected. Most Android malware infects devices through malicious apps. Occasionally, these malicious apps find their way into the official Google Play app store, but more often they’re downloaded from an untrusted source.

Other dangers include malicious text messages and emails and malicious websites visited on your smartphone.

If you think your device has been infected by any form of malware, bring it to Geek Rescue or give us a call at 918-369-4335.


2013 Security Report Reveals Large Growth In Malware Production

April 16th, 2014

Malware on circuit board

It’s no secret that malware is an ever-present threat to internet users. It’s also no secret that while defenses against malware are steadily improving, the number of malware being produced and its capabilities are growing. A recent study released by security firm Panda Labs confirmed the growing threat of malware, as Tony Bradley reports for PC World.

In their 2013 security report, Panda Labs found that about a fifth of the malware that exists was created last year. That speaks to the rapid growth of malware production. In 2013 alone, 30-million new threats were created, which breaks down to about 82-thousand per day.

Of these newly minted threats, about 70-percent are trojans, which are particularly troubling forms of malware capable of mining data and even controlling an infected computer while staying hidden from users and security tools. Total, Panda Labs discovered more than 20-million trojans. The rest of the malware was made up of a combination of worms, viruses and adware or spyware. Trojans were also responsible for the most successful infections and accounted for almost 80-percent of infections in 2013.

In terms of application vulnerabilities, Java was to blame for the most attacks. Exploits on a security flaw in Java led to successful attacks on Twitter, Facebook, Apple and Microsoft.

With so many forms of malware around, it’s amazing users aren’t victimized more often. Most users aren’t infected by malware often, but even becoming the victim of malware once each month would mean you avoided all but .0001 of all new threats. Given these statistics, it’s clear why experts warn that there’s no such thing as perfect security.

Panda Labs also agreed with the consensus that in the mobile world, Android is the most popular target for malware producers. They also sent a warning to users that more targeted attacks aimed at stealing data would be coming this year.

Users who are unprotected by security tools like antivirus programs run a significantly higher risk of becoming the victim of an attack. This could lead to the harm of your computer and the theft of your data.

For help securing your computer or recovering from an attack, call Geek Rescue at 918-369-4335.


How To Protect Yourself From Spyware

April 15th, 2014

Spyware being erased with pencil

Spyware has been a problem for internet users since the mid-90’s. Software that is able to gather information, or spy on a user, without their knowledge falls under the umbrella of spyware. In 2007, an estimated 850-thousand computers in the US were essentially rendered inoperable by spyware, according to Consumer Reports. Since then, spyware hasn’t become less of a problem, but there are better ways to protect yourself from it. Steve Bell of the BullGuard blog has some tips.

First, it’s important to understand the typical ways spyware gets onto your computer. The most common method is to piggyback on other programs you download. For the most part, free software is free for a reason. While the spyware included might not be malicious, it is still not something you’d volunteer to have on your machine. Some software installation methods will let you opt out of additional programs and spyware that’s included, but others install it automatically.

In order to stay safe, it’s important to be careful about anything you download. Spyware can also stem from spam emails, links and advertisements. There are a number of antivirus tools that also protect you from spyware. There are even some legitimate, dedicated anti-spyware tools, but be careful. There are plenty of programs claiming to be security programs that are actually malware or spyware themselves. Not only will these programs infect your computer, they won’t offer you any protection at all from other threats.

If you’ve already been infected, or if you’re not sure, Windows users can head to the Control Panel and check the list of installed programs. If you don’t recognize some of the programs listed, there’s a chance they’re spyware. Before uninstalling, you might want to do some additional research.

Unfortunately, not every piece of spyware installed on your computer will always show up this way. Some can even convince you that it has been uninstalled but actually remain in operation. For these particularly nasty cases, you’ll have to rely on a trusted security application. They’ll be able to recognize the common characteristics of spyware and either block it before it is installed, or help you remove it.

If your computer is infected with spyware, malware, viruses or you’re having other issues, call Geek Rescue at 918-369-4335.

Microsoft Ending Security Support For Windows 8.1 Without Update Users

April 15th, 2014

Windows 8 on laptop

Installing a major update to your operating system can be a daunting task. Many users feel this way as evidenced by Windows 8 still owning the lion’s share of the market over Windows 8.1. It doesn’t seem to matter if the update is offered at no cost. What matters is that users think updates will be too time consuming, too complicated, or cause issues with compatibility or storage. Naturally, the audience’s reluctance to update their systems is frustrating for Microsoft, who is forced to roll-out multiple versions of the same patches and updates constantly. As Mihaita Bamburic reports for Beta News, Microsoft has found a solution to force users’ hands.

Microsoft recently announced that by May’s Patch Tuesday, roughly 30-days away, there will be no more security updates provided to Windows 8.1 users who haven’t installed Windows 8.1 Update. The update, which is the first major update released for Windows 8.1 and aims to help make it more usable for desktop users, has only been available since the beginning of April but adoption numbers have been low.

This is a move that attempts to force users to install the update because without it, their computers will be at risk to the latest threats and exploits. As it is, Microsoft is having to spend an inordinate amount of time creating patches for each version of Windows currently active and altering those patches for users who haven’t updated their operating systems fully.

For Windows 8.1 users, the best option is to bite the bullet and download the update. If you’re concerned about losing data, updating is an ideal time to back-up your files. You can even create a restore point that will allow you to revert back to the state of your system before the update is installed in case you run into problems.

If you have issues with your computer that an update from the manufacturer won’t fix, call Geek Rescue at 918-369-4335.

Millions Of Android Devices Still Vulnerable To Heartbleed

April 14th, 2014

Android phone leaking data concept

Last week, news of the Heartbleed bug, which threatens the integrity of HTTPS enabled websites worldwide, broke. In addition to a worry that important data sent between users and websites could be compromised and stolen, there is also a concern that mobile services could be vulnerable. Stephanie Mlot at PC Mag explains how Heartbleed threatens the security of Android users specifically.

Naturally, Google was among the most potentially costly sites should users fall victim to Heartbleed. Not only are Google’s services among the most used online, but they also have access to a lot of personal information that is extremely valuable to criminals. So, Google set out early to patch their services and protect their users.

So far, Google services Search, Gmail, YouTube, Wallet, Play, Apps, AdWords, Maps and Earth have all been patched.

For the Android crowd, every version of the mobile operating system is safe from Heartbleed save for Android 4.1.1. It’s unknown exactly how many users have this version installed on their devices, but some iteration of Android 4.1 is being used by more than a third of Android users. It’s estimated that the number of affected users is in the millions and devices affected include popular manufacturers Samsung and HTC.

A Google spokesperson stated that patching information is being distributed to manufacturers, but this slow process is one of the main issues regarding Android security. Unlike Apple, which can push updates and patches to all of its users directly, Android users must wait for each manufacturer to tailor patches to their specific environment. In cases like this one, that can leave users and data vulnerable to known exploits for days and even weeks.

Blackberry has released a statement informing users that a fix for their Android devices will be made available by the end of the week. Other manufacturers have been quiet, however.

The best option for users in the meantime is to assume that data can be stolen from their device. If your Android device uses the 4.1.1 operating system, which can be checked in the Settings menu under ‘About Phone’, don’t use your device to log-in to online accounts or to message personal information.

While users will have to wait for an official patch to protect themselves from Heartbleed, for any other problems with your Android device or other mobile devices, come by Geek Rescue or call us at 918-369-4335.

Report Shows Rise Of Advanced, Intelligent Attacks

April 11th, 2014

Cyber Attack road sign

A common piece of advice is to keep applications updated, especially antivirus programs, to try to keep up with constantly evolving cyber threats. At Dark Reading, Tim Wilson reports on the recently released Websense 2014 Threat Report that finds advanced, targeted attacks are more prevalent than ever before. This means that relying on out of date malware definitions and failing to patch vulnerabilities quickly are more likely to cause users to become victims of an attack.

Websense reports preventing more than 4-billion attacks in 2013. Almost all of these attacks were intelligently designed to by-pass traditional security tools and pursue confidential data. The worry is that not only are the highly targeted, advanced attacks able to fool traditional security infrastructures, but attacks considered more common and able to affect users on a large scale are also using advanced tactics to avoid detection and prevention.

A common attack tactic is the use of malicious links, either on a website or included in an email. Clicking these links causes the download of malware, or directs users to phishing sites designed to steal log-in credentials or other important information. In 2013, 85-percent of these malicious links were found to be located on legitimate, trusted websites that had been compromised. This makes it exponentially more difficult to recognize and prevent this style of attack because the website being used isn’t designed as an attack site.

About one-third of all malicious executable files discovered in 2013 contained custom encryption of programs designed to remotely take control of a system or mine data from it.

There were also a reported 67-million exploit kits discovered throughout last year. An exploit kit is a way for developers with expertise to design an attack and sell it to others to be easily customized and launched at the target of their choosing. These kits make it easier for more criminals to launch an attack because it only takes money, rather than expertise.

The takeaway from the Websense report is that no user is safe. There are so many threats to your safety, you’re bound to run into one eventually. This report also speaks to the importance of being proactive in your security. Update and patch often and be looking for new ways to protect your network.

For help improving the security of your network at home or at the office, or for help recovering from an attack, call Geek Rescue at 918-369-4335.