Malware Hidden In .Zip Email Attachments Makes Sudden Rise

January 15th, 2014

Envelope with trojan virus concept

Spam emails are always annoying, but they can be malicious and harmful also. Some emails have attachments that infect your computer with malware. Recently, security company Symantec noticed an extreme spike in the number of malicious .zip files being sent out, as Eric Park reports on the Symantec blog.

Sending malicious attachments is a common practice for hackers, but sending .zip files hasn’t been popular for some time. A .zip file is used to compress a much larger file, which makes it small enough to send over email. For criminal purposes, it also obscures the true nature of an attachment. Instead of a user clearly seeing that what should be a Word document is actually an executable file, all files end in .zip and must be downloaded and opened in order to find out what the file actually is. Downloading and opening these files, however, infects your computer with malware.

In the past few months, there had never been more than about 25-thousand instances of malicious .zip attachments being sent on a single day. But, from January 7 to the 10th, between 150-thousand and 200-thousand malicious .zip files were attached to spam emails. In addition to the sudden rise in number, the names of the .zip files being sent changed every day.

On the 7th, an email claiming to be from a legitimate bank like Wells Fargo was sent with a .zip attachment named ‘BankDocs’ followed by some numbers. By the next day, the tactics had changed to an invoice for an overdue payment to an unnamed company. The attached .zip file was named ‘Invoice’ followed by numbers. On the 9th, the .zip file was called ‘Early2013TaxReturnReport’ supposedly from the IRS and then an invoice from a specific company marked on the 10th.

Each of these messages were different, but all contained the same Trojan malware that is capable of stealing data from an infected computer. Since the message changed everyday, it’s difficult to warn users of exactly what to watch for. Instead, don’t download any attachments unless you know exactly what it is and are expecting a file to be sent to you.

Since January 10,  the messages with malicious .zip have gone back to their usual volume of a few thousand per day, but security experts warn that another large-scale attack could start again at any time.

If your computer has been infected with malware, come by Geek Rescue or call us at 918-369-4335.

 

Your Computer Has Malware, Now What?

January 14th, 2014

Man at laptop shrugging

Even with security measures in place, the most cautious internet user can suffer a malware infection. Not all malware infections are created equal, but it’s advised that you find and eliminate malicious files as fast as possible, regardless of what threat they actually pose. Some malware, like the well publicized CryptoLocker, encrypts your files, which effectively locks you out of your own computer. Lincoln Specter of PC Advisor has some tips for how to overcome an invasive malware infection.

  • Restore Back-Up

Ideally, you’ve been regularly backing-up your important files. If that’s the case, get rid of infected files and restore the copies you’ve saved. Regular back-ups make recovering from an attack easy, but many of us don’t back-up our computers as much as we should.

  • Research Malware

It’s important to know exactly what your computer is infected with and how it will affect your system. Some malware opens pop-ups, or hijacks your browser, but doesn’t infect or encrypt other files on your hard drive. Those types of malware are important to remove, but can usually be solved with a good antivirus program. Malware that falls under the umbrella of ransomware is trickier. Files are either hidden or encrypted and a ransom is demanded to restore them. It’s important to research what type of malware you’re infected with so you know what the next step should be.

  • Restore Files

If you’re infected with a less complex form of ransomware, you may be able to restore your files without paying a ransom. First, reboot your machine in Safe mode. For Windows 7 users, this means pressing F8 repeatedly before Windows loads. In Safe mode, go to Windows Explorer, select ‘Organize’ and ‘Folder’ then ‘Search Options’. Click on the ‘View’ tab and enable the “show hidden folders, files and drives’ option. Now, go see if the files that you were missing are available. If you find them, you can right click, then select ‘Properties’ and unselect ‘Hidden’. Now your files should be available when you reboot into normal mode, but be sure you go through and completely remove any malicious files still on your machine.

Unfortunately, if this method doesn’t work it probably means you have a more complex form of ransomware that has encrypted your files. While some encryption can be broken, criminals are using more and more complex methods to ensure that the only way to get your files restored is to pay them.

If you find yourself with any type of malware infection, call Geek Rescue at 918-369-4335 for help.

Protect Yourself From Phishing Attacks With These Tips

January 10th, 2014

Phishing with email symbol

Phishing attacks come through most of our emails on a daily basis. Thankfully, spam filters and other security measures keep us from having to regularly deal with them, but because criminals are always making these attacks more intelligent, some attacks do find their way to our inbox. Some are difficult to ignore since they capitalize on the latest news to make their message more believable. For example, the latest high-profile attacks on Target, Adobe and Snapchat are now being used by hackers as an excuse for why users need to divulge their information. As David King of IT Manager Daily writes, there are ways to protect yourself from these phishing scams. Here are the most important tactics to know.

  • Question Everything

Because each message is being crafted to fool users into thinking it’s legitimate, you can’t afford to trust any message you receive. Even messages from companies you have an account with that contain official looking logos can be spam or phishing scams. Checking the email address of the sender is effective for many messages. Often, a message claiming to be from a legitimate company is sent from an email address not associated with that business. But, criminals have started to overcome that hurdle also. Even emails that come from someone in your contacts list could be malicious. So, before downloading anything or responding with important information, ask yourself why the sender of the message would be taking these actions. If it seems at all suspicious, call the sender directly and ask about the email. Or, visit the company’s website and find a more direct way to send them information. Usually, it’s safe to assume that any legitimate business won’t ask for your financial information over email.

  • Attachments

Malicious files sent as attachments are a common way to convince users to download malware. Many users will even be suspicious of an email, but download the attachment in an attempt to gain more context as to what the message is about. Downloading and opening these files infects your computer. Don’t let your curiosity get the best of you. If a message seems suspicious, don’t visit any links included in it or download any files attached. Even if the message seems legitimate, don’t download a file unless you know exactly what it is. A good rule of thumb is if you aren’t expecting a file to be emailed to you, don’t download one.

  • Updates

Unfortunately, even the most intelligent users fall prey to phishing scams and malware infections. Even if you never download attachments, visit suspect websites or open suspicious emails, malware can still find its way onto your system. It’s better to plan for this event and never need the security provisions than to be caught without it. Be sure you have a trusted antivirus program in place and keep it regularly updated so it can recognize the latest threats. Update all of your applications and your operating system also to close potential security vulnerabilities.

Phishing scams allow hackers to infect your computer and steal important information. Follow these tips to keep yourself, and you identity safe.

If your computer is infected with malware or you’d like to improve the security on your network, call Geek Rescue at 918-369-4335.

Beware Malicious Offers To Update Your Browser

January 10th, 2014

Virus alert in browser

When was the last time you updated your web browser? Periodically, you’re prompted to update to the latest version in various ways, but not all of those prompts are legitimate. As Zeljka Zorz writes at Help Net Security, agreeing to update your browser from the wrong source leads to malware infections.

It’s a common scam that’s been around for years, but internet users in the UK have seen a recent surge in malicious offers to update their browsers. These offers occur in the form of pop-ups that look official enough. They claim to be “critical updates” and many even trap you in an unending loop that prevents you from closing the tab.

If you agree to download the update, what you’ll actually get is some form of malware. In the recent occurrences seen in the UK, a trojan used to steal information was downloaded instead of a browser update.

These scams are seen most on sites where you stream media. It seems users are more likely to believe that an update is needed when they think they won’t be able to stream the video they wanted to watch. But, even if you think your browser is in need of an update, it’s never a good idea to download from an untrusted source. Instead of clicking through on the pop-up, go directly to the browser developer’s site and check for recent updates.

This scam isn’t limited to web browsers either. Warnings that your operating system, or plug-ins to your browser are out of date are also used to convince you to download a malicious file. In every case, don’t download anything unless you’re on the developer’s site. It is a good idea to regularly check to see if applications you use are out of date. Doing so helps close security flaws and eliminates bugs and compatibility issues. But, you have to be careful when downloading and make sure it’s from a trusted source.

If your computer has been infected by malware, bring it to Geek Rescue or call us at 918-369-4335.

Vulnerability Of Two-Step Authentication Revealed

January 9th, 2014

Logging in on tablet

Two-step, or two-factor authentication is a generally trusted way to secure online accounts to ensure that only the account holder can access them. A recent hack on Blizzard’s World of Warcraft online game has exposed a vulnerability many had previously overlooked, however. Antone Gonsalves at Network World details how the attack took place and how it can be prevented in the future.

Two-step authentication requires a user to log-in to their account with their username and password. Then, a second passcode or PIN is supplied to users via text message, email or other means. That second code must also be input to give users access to their accounts. This two-step method is used to verify users anytime they use a new device to log-in.

It seems like a foolproof method for keeping hackers out of accounts that don’t belong to them, but the recent World of Warcraft hack demonstrated how a ‘man-in-the-middle’ attack provides a way around two-step authentication.

First, a trojan infected users on a popular online forum related to World of Warcraft. That trojan allowed for a man-in-the-middle attack, which allows criminals to intercept data and information a user believes they’re entering into a website. In this case, users attempted to log into their accounts using two-step authentication, but were really only giving hackers the information they needed to break into the accounts themselves. This also locked the actual users out of their own accounts.

Similar attacks have been observed on banking sites, where two-step authentication is also commonly used. Experts say these attacks highlight the weakness of most two-step authentication methods, which is the use of in-band authentication or using the same channel to input all information.

Because users are asked to enter their username, password and original generated code at the same time, over the same channel, it makes man-in-the-middle attacks extremely effective. Instead, experts suggest sites use two separate channels. For example, log-in to your account online with your usual information, then users would be prompted to enter a one-time PIN into a mobile app on their smartphone. Another suggested method is to send automated text alerts to users when someone tries to log-in using their information. If the IP address or geographic location doesn’t match their own, users would be able to reject the log-in attempt.

The lesson for users and businesses alike is that even two-step authentication doesn’t keep accounts completely secure. Hackers are getting more intelligent in their attacks all the time and technology that was once thought unbreakable now has vulnerabilities.

If your computer is infected with malware, or you’d like to investigate better security methods for home or business, call Geek Rescue at 918-369-4335.

New Form Of Ransomware Will Soon Infect Computers

January 8th, 2014

Infected computer concept

Ransomware is malware that takes control of a user’s computer and demands a payment to decrypt files. The most famous example of malware is currently Cryptolocker, which first began infecting users last fall. Since then, similar forms of ransomware have been springing up more and more, like the copycat Cryptolocker that targets P2P users. Danielle Walker of SC Magazine reports that the latest form of ransomware hasn’t yet been released, but is expected to be even more dangerous than Cryptolocker.

The name of the new malware is Prison Locker or Power Locker. Security experts first learned of its existence by monitoring underground forums where hackers gather to produce and sell their malware.

Prison Locker performs similarly to other ransomware. When a user is infected, a display window opens that can’t be exited. Other functions of Windows are disabled, as well as the user’s Escape key, Task Manager and Control-Alt-Delete. A user is locked out of their own computer and told they have to pay to regain control. While they’re locked out, files are also encrypted making it impossible for users to access their own data.

The reason many are calling Prison Locker and bigger threat than Cryptolocker is its use of more complex encryption. Prison Locker uses multiple encryption levels. The first of them, called BlowFish, generates a new key for each file it encrypts. That means it has to be broken, or decrypted, one file at a time. In addition, each BlowFish key is encrypted through another method with a unique key for each computer infected. All of this encryption is perceived to be “unbreakable”.

The current asking price for Prison Locker is $100, which suggests it will be widely used soon. The other takeaway from these reports is that ransomware is on the rise. Because of its invasive nature and the ability to directly profit off of each infection, criminals will be using ransomware more often and producing more throughout 2014.

If your computer is infected with any type of malware, call Geek Rescue at 918-369-4335 for help.

What Could A Cyber Attack Cost You?

January 6th, 2014

Money down the drain

Even with all of the news stories about the latest hacks, such as Adobe, Snapchat and Target, there are still some individuals who don’t fully grasp what’s at stake. Jose Pagliery of CNN Money explains how much becoming a victim of a cyber attack could cost you.

In the case of the attack on Target, debit and credit card information was stolen. It’s easy to understand why you would want to keep that information out of the hands of criminals. But, this type of attack and fraud usually isn’t as costly as others. That’s because most people pay close attention to bank accounts and credit card bills and will notice anything out of the ordinary. Then, it’s an easy process to report the fraud and cancel the card.

It’s actually much worse for users when their log-in information and passwords are stolen. It doesn’t even have to be an account that houses any valuable information. Because about half of internet users use the same password for multiple accounts, even stealing the log-ins for a message board could lead to a much bigger breach in security. With one password, criminals can find an email associated with that account. They then will try to break into that email and, if successful, can take a number of potentially valuable actions.

Think about all of the old messages still stored in your inbox. Many of those could contain information that a criminal could use to steal your identity or your money. Those old messages could also lead hackers to other accounts you have online, which could allow them access to your social security number, or bank accounts. Even gaining access to your phone account could allow them to order a new device and rack up big charges.

With access to your email, criminals also have access to your contacts. They can send emails with malware attached to try to infect other users. Worse still, they can contact friends and attempt to scam them out of money or information.

There is a seemingly endless list of malicious tactics a criminal can take if they’re able to gain access to just one of your many online accounts. Keeping those accounts and your computer safe is worth your time. You need to use strong, unique passwords for each account you create. If you have potentially valuable information stored in your email, back it up elsewhere and delete it. Keep close tabs on all of your accounts so that you’ll be able to quickly tell if one has been compromised and take the necessary action.

At Geek Rescue, we help improve security for your home or business. We also fix devices with malware infections, broken hardware or any other issues. Come by or call us at 918-369-4335.

Yahoo Users Infected By Malicious Ads For Four Days

January 6th, 2014

Malware on arrow

The latest headlines making malware attack concerns Yahoo users. A security firm based in the Netherlands, Fox IT, reported over the weekend that Yahoo’s advertising servers were compromised. Faith Karimi and Joe Sutton of CNN report that malicious ads were shown to a number of users.

Users who visited Yahoo’s website between December 31st and January 3rd are at risk of a malware infection. Yahoo has publicly stated that users in North America, Latin America and Asia were not affected and most infections are limited to the UK, France and Romania.

Those users who were affected were served malicious ads directly from Yahoo thanks to an exploit kit that installed malware on Yahoo’s servers. Researchers warn that users didn’t even need to click on ads to risk an infection. At an estimated 9-percent successful malware infection rate, about 27-thousand users would be infected every hour these ads were allowed to run. Yahoo was not able to remove the malicious ads until they had been displaying for nearly 4-days.

Only PC users were at risk, however. The malware could not infect Mac users or those using mobile devices.

If infected the malware is capable of a number of actions. Click fraud, which consists of malware opening web browsers and clicking on ads to generate revenue, is one of the least severe threats. The malware can also remotely control a computer, disable security software and steal log-in information and passwords.

Even though this particular threat did not seem to infect any computers in the US, it should serve as a warning to all internet users. Yahoo is generally a trusted website, but was compromised by criminals and began infecting users with malware. This can happen to any site you typically visit. In order to stay safe, you need an up to date, trusted antivirus program in place.

If your computer has been infected by malware or you’d like to improve security on your devices, call Geek Rescue at 918-369-4335.

Cryptolocker Copycat Threatens P2P Users

January 3rd, 2014

Working on laptop

Cryptolocker was perhaps the most talked about piece of malware during the final months of 2013. After infecting an estimated 300-thousand computers in its first three months of existence, it should be no surprise that Cryptolocker is now launching copycat malware. John E. Dunn of Tech World reports that Crilock.A, otherwise known as Cryptolocker 2.0 began infecting users just before Christmas.

Security experts say that it’s likely that version 2.0 stems from a copycat rather than the same group responsible for the original Cryptolocker because it’s not as complex. Rather than spreading through malicious emails, 2.0 infects users by posing Microsoft Office or Adobe Photoshop files on peer to peer file sharing sites. This is a much smaller target audience but also makes it less likely that Cyptolocker 2.0 will be reported to authorities.

In many ways, however, Cryptolocker 2.0 performs the same way the original does. After infecting a machine, it encrypts files with certain extensions and demands a ransom to decrypt them. 2.0 targets a wider range of files than the original also. This is likely because of the users being targeted. Music, image and video files are all included on the encryption list.

Cryptolocker 2.0 is also capable of spreading to removable drives. Anything connected via USB could be infected. This isn’t a new capability for malware, but could prolong the malware’s life.

Included in Cryptolocker 2.0 are other components that launch separate attacks. One is used for DDoS attacks. Two others are designed to steal Bitcoins.

Similarly to the original Cryptolocker, overcoming an infection and regaining your encrypted files is difficult. The best protection is to avoid an infection in the first place. Thankfully, in the case of Cryptolocker 2.0, for now avoiding an infection is as easy as avoiding peer to peer file sharing sites. Although, there is always the possibility that other users will be targeted at a later date.

If your computer is the victim of a malware attack, call Geek Rescue at 918-369-4335.

The Dangers Of Having Your Phone Number Stolen

January 3rd, 2014

Dialing smartphone

Recently, social network SnapChat has been making headlines for all the wrong reasons. Nearly 5-million users’ accounts were compromised and criminals made off with usernames and phone numbers. That has left many to wonder, what does a hacker want with my phone number? Quentin Fottrell of Market Watch set out to answer that question.

The most obvious reason why a hacker having your phone number would be a bad thing is the same reason you’re hesitant to give out your number in the real world. They might just use it. Malware and phishing attacks on smartphones increased steadily throughout 2013. When a criminal learns your phone number, you’re significantly more likely to receive malicious text messages. These can either be an annoyance, or a serious problem based on the type of messages being sent and your reaction to them.

Another problem that many users fail to realize is that your phone number is associated with a number of your online accounts. Particularly on social media, knowing a user’s phone number can help you find their profile. Finding their profile allows you to associate their name, birth day and other information to that phone number. Armed with that knowledge, a criminal could easily steal your identity and break into a number of important accounts. Since phone numbers don’t change often, one could argue that they’re more valuable online than even physical addresses and email addresses.

This doesn’t mean that you should never give out your phone number to any website. You shouldn’t make it public on any social media profiles, but there are other instances where it actually enhances security. In the case of two-factor authentication, your phone number is used to a second level of security to safeguard important accounts for email and banking sites. Security experts advise you to feel free to give out your phone number online if it’s for a specific use.

Unfortunately for SnapChat users, there’s no way to use the service without giving up your phone number.

At Geek Rescue, we specialize in security. If you’d like to improve the security at home or at the office, give us a call at 918-369-4335. We also fix devices that have been infected by malware.