April 24th, 2014
How can you be sure that an email from your bank is what it claims to be? That’s a vital question in the wake of news that the latest spam and malware threat commonly springs from emails resembling messages from banks such as Wells Fargo and Lloyds Bank. Malcolm James of the All Spammed Up blog reports that the way malware is hidden in these spam messages and the way it then attacks your machine is troubling.
The emails come with an attachment. This attachment actually features another file within it, which contains malware. It’s a bit confusing even to write, which means it’s difficult for spam filters and antivirus tools to catch. Users will see a .ZIP file that claims to be a secure message from the bank and even features password protection. When opened, however, the user’s computer is attacked by the Upatre Trojan.
Upatre is the root of the problem, but it doesn’t do any real damage itself. It’s job is to communicate with the attacker and download more harmful malware to your system. The Zeus banking trojan is the first malware to download. It’s designed to steal your online banking log-in credentials. The Necurs malware is also downloaded, which is able to attack and disable security tools. This allows for a load of other malware to infect and attack your machine.
While many attacks of this nature are centralized overseas, the use of Upatre targets the United States almost exclusively. About 97-percent of recorded attacks using the trojan have targeted American users.
One of the issues with this style of attack is that users may not know they’ve been infected with anything for some time. Considering banking passwords are at stake, that’s an extremely dangerous risk.
To stay safe, users must resist the urge to open suspicious looking emails. An email from your bank may not seem suspicious, but remember that banks and other legitimate businesses likely won’t attach a file to an email unless they’ve told you ahead of time what they’re sending. If you have questions about an email, call your bank directly and ask them rather than risking malware infections.
If your computer or other device has been infected with malware, call Geek Rescue at 918-369-4335.
April 15th, 2014
Spyware has been a problem for internet users since the mid-90’s. Software that is able to gather information, or spy on a user, without their knowledge falls under the umbrella of spyware. In 2007, an estimated 850-thousand computers in the US were essentially rendered inoperable by spyware, according to Consumer Reports. Since then, spyware hasn’t become less of a problem, but there are better ways to protect yourself from it. Steve Bell of the BullGuard blog has some tips.
First, it’s important to understand the typical ways spyware gets onto your computer. The most common method is to piggyback on other programs you download. For the most part, free software is free for a reason. While the spyware included might not be malicious, it is still not something you’d volunteer to have on your machine. Some software installation methods will let you opt out of additional programs and spyware that’s included, but others install it automatically.
In order to stay safe, it’s important to be careful about anything you download. Spyware can also stem from spam emails, links and advertisements. There are a number of antivirus tools that also protect you from spyware. There are even some legitimate, dedicated anti-spyware tools, but be careful. There are plenty of programs claiming to be security programs that are actually malware or spyware themselves. Not only will these programs infect your computer, they won’t offer you any protection at all from other threats.
If you’ve already been infected, or if you’re not sure, Windows users can head to the Control Panel and check the list of installed programs. If you don’t recognize some of the programs listed, there’s a chance they’re spyware. Before uninstalling, you might want to do some additional research.
Unfortunately, not every piece of spyware installed on your computer will always show up this way. Some can even convince you that it has been uninstalled but actually remain in operation. For these particularly nasty cases, you’ll have to rely on a trusted security application. They’ll be able to recognize the common characteristics of spyware and either block it before it is installed, or help you remove it.
If your computer is infected with spyware, malware, viruses or you’re having other issues, call Geek Rescue at 918-369-4335.
March 20th, 2014
There are a number of resources online to help you protect yourself from malware infections. From security tools to tips and best practices for avoiding malware, it’s fairly easy to learn how to create an effective security infrastructure for your home network. What happens if malware is still able to get through, however? At the BullGuard blog, Kirsten Dunlaevy published a list of helpful signs that your computer may have been infected. Here’s what you need to watch for.
We’ve all experienced the frustration of having your computer freeze while you’re in the middle of working on it. That could be a one-time problem, a compatibility issue with an application or it could hint at a malware infection. If you’re seeing a growing number of problems like freezes, sudden shut downs or restarts and applications not working properly, the most likely cause of your problems is malware.
The internet used to run on pop-ups, but most legitimate sites have stopped using them. Now, if you see pop-ups, it usually means you’re on a site that’s not trustworthy or that you’ve been infected with malware. Especially if you see pop-ups when you aren’t using a web browser, it’s likely that there malware hiding somewhere on your system.
- Suspicious email and social media messages
Even if your computer is absent of any other signs of malware, your email and social media profiles may tell a different story. Be sure to regularly check the “Sent” folder of your email to make sure that everything that appears there is actually messages you’ve sent. If you see messages with suspicious looking subjects, it’s likely that malware has been used to hack your email and spam your contacts. Similar problems can plague your social media profiles. Facebook and Twitter are particularly at risk.
If your computer has none of the above problems and seems to run normally, it doesn’t necessarily prove the absence of malware. As threats grow more intelligent, they’re increasingly able to hide evidence of their actions. Some malware tampers with antivirus applications to make it appear that your system is clean when it’s not. Or, malware can even trigger a false positive to make you feel secure after dealing with the supposed threat.
Keeping malware from infecting your computer starts with putting security tools in place and practicing smart, safe surfing online. Then, it’s important to stay vigilant and watch for signs of infections. Also, be aware of actions you take that could potentially lead to a malware infection.
If you’ve been infected with malware, or are just having issues with any of your devices for unknown reasons, call Geek Rescue at 918-369-4335.
February 13th, 2014
Over the summer, Instagram users were warned about fruit spam, which consisted of images of fruit being uploaded to the social network that directed users to malicious websites. As Satnam Narang of Symantec reports, fruit spam has migrated to Snapchat, but still poses a danger to users.
The problem is not quite as simple as ignoring images sent using Snapchat that feature fruit or fruit based drinks. This Snapchat spam acts similarly to many email spam problems in that it infects a user, then sends spam to all of their contacts. In the past, Snapchat spam originated from fake accounts and was much easier to spot. Now, a trusted contact may be the one spamming you.
The Snaps urge users to visit frootsnap.com or snapfroot.com for the recipes of the drinks being shown. Instead, users land on a page made to look like a GroupOn product page that offers free diet pills. Users that attempt to buy the pills are directed to yet another website, which has been associated with excessive and fraudulent charges.
Unfortunately, the root of the problem has yet to be uncovered. It does not appear that users who click on the spam images are infected themselves, which means there is some other method for accounts to be hacked and spam sent from them.
Snapchat has released a statement saying that increased security measures have been taken and advise that users change and improve the strength of their passwords. While changing passwords seems to stop the spam originating from an account, deleting the app from your device does not.
Often, these types of scams originate from a malware infection. If you have a device that’s been infected with malware, or is just acting strangely, come by Geek Rescue or call us at 918-369-4335.
January 20th, 2014
Google Chrome is the most used web browser in the world, but it recently made headlines for the wrong reasons. Chrome features extensions, which are additions that improve the capability and functionality of the browser. As Lucian Constantin reports at Computer World, two extensions were removed from the Chrome Web Store after users reported they were injecting adware into legitimate websites. This caused ads and paid links to appear for users with these extensions, which Google explicitly forbids in their extension agreement.
The nature of how these extensions began distributing adware is interesting. Both extensions, ‘Add to Feedly’ and ‘Tweet This Page’, were both sold recently by their developers. Both already had thousands of users who had added their extensions and both were developed as legitimate, useful extensions. Once they were sold, an update was released that featured no bug fixes or additional features. Instead, the update turned the extensions into adware.
When these new malicious extensions are added to Chrome, links on websites you visit are replaced with links to sites within an advertising network. Those responsible for altering the extensions are likely being paid each time a user clicks on these links. The sites a user is taken to aren’t necessarily harmful themselves, but they won’t be where anyone intended to go.
This method of altering existing extensions is effective because most users allow extensions to be updated automatically without having to take any action themselves. So, a third party is able to purchase an extension that is already installed on thousands of browsers and immediately have access to those users. It also seems that extensions with certain permissions are being targeted. Even trusted extensions often have permission to alter content on the websites a user visits. Some also have authorization to post to social media profiles or the ability to access passwords. With these permissions in place, altering an existing extension can give criminals the ability to post spam links, send users to malicious sites and steal log-in information.
Because of the way Google monitors extensions, security experts believe this method wouldn’t be effective for distributing malware. But, hackers can purchase extensions and make changes to accomplish a number of nasty jobs without having to infect users with typical malware.
Changes to Chrome’s Web Store may be coming soon to close this vulnerability. For now, make sure your extensions don’t update automatically and read the permissions of each carefully.
If your computer has been compromised and is need of a repair, call Geek Rescue at 918-369-4335.
January 15th, 2014
Spam emails are always annoying, but they can be malicious and harmful also. Some emails have attachments that infect your computer with malware. Recently, security company Symantec noticed an extreme spike in the number of malicious .zip files being sent out, as Eric Park reports on the Symantec blog.
Sending malicious attachments is a common practice for hackers, but sending .zip files hasn’t been popular for some time. A .zip file is used to compress a much larger file, which makes it small enough to send over email. For criminal purposes, it also obscures the true nature of an attachment. Instead of a user clearly seeing that what should be a Word document is actually an executable file, all files end in .zip and must be downloaded and opened in order to find out what the file actually is. Downloading and opening these files, however, infects your computer with malware.
In the past few months, there had never been more than about 25-thousand instances of malicious .zip attachments being sent on a single day. But, from January 7 to the 10th, between 150-thousand and 200-thousand malicious .zip files were attached to spam emails. In addition to the sudden rise in number, the names of the .zip files being sent changed every day.
On the 7th, an email claiming to be from a legitimate bank like Wells Fargo was sent with a .zip attachment named ‘BankDocs’ followed by some numbers. By the next day, the tactics had changed to an invoice for an overdue payment to an unnamed company. The attached .zip file was named ‘Invoice’ followed by numbers. On the 9th, the .zip file was called ‘Early2013TaxReturnReport’ supposedly from the IRS and then an invoice from a specific company marked on the 10th.
Each of these messages were different, but all contained the same Trojan malware that is capable of stealing data from an infected computer. Since the message changed everyday, it’s difficult to warn users of exactly what to watch for. Instead, don’t download any attachments unless you know exactly what it is and are expecting a file to be sent to you.
Since January 10, the messages with malicious .zip have gone back to their usual volume of a few thousand per day, but security experts warn that another large-scale attack could start again at any time.
If your computer has been infected with malware, come by Geek Rescue or call us at 918-369-4335.
December 18th, 2013
In humans, early detection is important for treating viruses and other infections. The same goes for computers. Malware, viruses and other threats that infiltrate your system become more damaging the longer it takes to discover them. A post at Rediff points to some signs all computer users should look for that suggest your computer has been infected.
Email addresses are often hacked, but the good news is that it’s usually easy to tell when something’s wrong. Make a habit to check your sent messages and make sure they’re all emails you sent personally. If you have sent messages you don’t recognize, it’s likely that someone else has access to your account. If you’ve received a message from a contact that looks like spam, be sure to tell them that their email may have been compromised.
Most hackers will try to hide their actions, but some malware will still alter the look of your computer’s desktop. If your wallpaper has changed, or there are new icons you don’t recognize, there’s probably malware hiding somewhere on your system.
Malware has the ability to change your passwords, prevent you from accessing Windows tools like Control Panel and Task Manager and lock you out of your computer completely. If you notice your system performing strangely, even if it’s just slower than usual, it’s important to act quickly. Otherwise, you may find that you’ve lost control of your machine completely.
Malware infects computers in a variety of ways. Most commonly, it’s downloaded when a user opens a bad email attachment, or clicks on a bad link. Visiting untrusted websites and downloading programs from untrusted sources are also ways that malware can infect you.
There are two steps to avoiding malware. First, secure your computer. Install an antivirus program and use a secured network with a firewall in place. Then, be careful when surfing the web. Avoid potentially dangerous situations that could lead to a malware infection.
If your computer is infected by malware, bring it to Geek Rescue or call us at 918-369-4335. We’ll remove any harmful files and help you protect against future attacks.
November 27th, 2013
A new piece of malware, a trojan called ‘Neverquest’, has security experts scrambling and forecasting a number of future attacks. As Lucian Constantin of Computer World reports, Neverquest has the ability to spread quickly and steal your financial information.
It’s believed that the Neverquest trojan originated in July, but the first attacks didn’t occur until months later. Now, experts have spotted thousands of uses of Neverquest and they expect to see that number spiral out of control soon.
In many ways, Neverquest is similar to other malware that targets financial websites. It’s able to insert its own forms into websites opened in Internet Explorer and Mozilla Firefox. It steals log-in information entered into these malicious forms and can also control your computer remotely.
Those are scary features, but that’s not all Neverquest can do. The trojan comes with 28 websites where criminals will be able to steal log-ins that control finances. These are the most popular banking sites and online payment services. To expand the number of sites it’s used with, and to ensure that every infected user is at risk, the trojan also monitors a victim’s activity and searches sites visited for keywords like ‘account summary’ or ‘balance’. When it discovers those sites, it alerts it’s host so they can begin attacking those sites as well.
In order to gain access to your computer, hackers first infect websites. When you visit one of these infected websites, vulnerabilities in browser plug-ins are used to install malware directly onto your hard drive. Spam email and links sent over social media are also used to infect users.
To keep your computer, and bank account information safe, don’t follow suspicious looking links and don’t visit untrusted websites. Keep your antivirus program running and up to date, as well.
If you have malware, trojans or viruses on your computer, bring it to Geek Rescue or call us at 918-369-4335. We clean infected machines and help you protect against future attacks.
November 21st, 2013
Spam emails began as a nuisance, but one that ultimately wouldn’t harm your computer. Since those early days, spam has evolved to be much more malicious. Now, spam often is the first step to infecting your machine with malware, trojans, keyloggers and viruses. Spam can be used to steal your identity and hold your computer for ransom. Jeff Orloff of The Email Admin posted some threats to be on the look-out for and some tips for how to stay safe.
Cryptolocker is the latest threat making headlines. The trojan is a form of ransomware that first surfaced in August. Most commonly, it stems from an email attachment that infects the victims computer when it’s downloaded. The cryptolocker is then able to encrypt certain types of files on your system and holds them for ransom. To decrypt the data, a payment is required. Often, there is a deadline that goes along with this demand for money. While some users report they’ve paid the ransom and their files were encrypted, others have paid and seen no results. Unfortunately, even professionals struggle to decrypt files that have fallen victim to a cryptolocker.
In less than a week, more than 12-thousand users reported being infected by a cryptolocker in the US. This isn’t the only threat to your security that strikes through email. Cryptolocker is just the latest.
Email security is essential for both your business or your home network. There are a number of options for enhanced email security, but regardless of what you choose, make sure it includes some vital features. Your security software should scan incoming email for known threats and separate those that are potentially harmful. Email protection has to be more intelligent than ever to properly protect you. Spammers are constantly updating their tactics to get around spam filters.
Geek Rescue offers a number of options to keep you safe from the latest cyber threats. Call us at 918-369-4335 to find out how we can protect you.
November 14th, 2013
Spam email is a common problem for anyone with an an email address. Most spam messages are easy to identify, but a practice called brandjacking muddies the distinction between legitimate email and spam. Sue Walsh, of the All Spammed Up blog, reports that a recent brandjacking spam campaign involves Dropbox and attempts to steal banking and credit card information.
This scam starts when an email that appears to be from Dropbox arrives in your inbox. There are multiple variations of the same spam email, but all contain the same basic message. Some, however, are more convincing because they eliminate the typical broken English and poor spelling that marks most spam.
The message informs users that their password is too old and needs to be replaced. Users are then directed to follow the provided link and update their password. This is actually a believable ploy because Dropbox does periodically ask users to change passwords when their account hasn’t been active for an extended period of time.
The link provided doesn’t take users to a Dropbox log-in page, however. Instead, they arrive on a site made to look like it’s owned by Microsoft and told that their browser is out of date. An update is offered up for download, which is actually a Trojan that steals banking and credit card information.
The same group suspected of this scam has brandjacked UPS, Verizon and the Better Business Bureau in the past.
No matter how believable a message is, there are still ways to see through these scams. Before following the instructions of any email, check the sender’s address. In this case, the send won’t have an ‘@dropbox.com’ address, so you can assume the message isn’t legitimate. Also, if you follow a link provided that doesn’t take you where it’s supposed to, it’s another sign that you’re being scammed.
If you have any suspicion that an email you receive from a company isn’t legitimate, contact the company directly by phone.
If your computer has been infected by malware, viruses or Trojans, or you’d like to improve your device’s security before an attack happens, contact Geek Rescue by calling 918-369-4335.
