December 15th, 2014
The holiday season is typically a busy season for hackers and malware developers. With increased activity online because of online shopping, ecards, emails and more holiday festivities, there are also increased opportunities to infect users with viruses or steal their information. A post at Spyware News details some common methods used to victimize users around the holidays in the past. Here are three to watch for this year.
Think about all the website you visit for the holidays. You may buy airline tickets, book a hotel and order gifts in one afternoon. You’ll also likely be checking you bank accounts during this spending spree. Unfortunately, cyber criminals know that there are millions of other people like you spending money online and they know you’re always looking for a great deal. That gives them the opportunity to make fake websites, or spoof legitimate sites like your bank, in order to infect your computer or steal your payment information. Spotting a fake site can be difficult, depending on how much time has gone into crafting it. An old version of the company’s logo, typos or a missing security step could clue you in. It’s also important to keep your browser and antivirus program updated since they can sometimes alert you to a suspicious website.
Spam coming to your inbox isn’t a problem specific to the holidays, but there are some scams that attempt to use your excitement for the season against you. Many users are directed to the fake websites mentioned above after receiving an email promising a great deal or telling them they’ve won a contest. As always, following links in your email is a risky business. Be especially wary of attachments because that’s a common method for delivering malware. It sounds easy enough to not open attachments, but they’ll be labeled with something enticing that will be difficult to resist.
Not everyone does all of their shopping online. There are still plenty of folks who go out to get their shopping done, but there are dangers there too. Free WiFi at department stores or coffee shops is a convenient way for you to use your smartphone while shopping, but they also allow those with a little know-how to monitor your activity and steal your information. Never make purchases or enter passwords while on a public, unsecured connection.
If you are online during the holidays this year, you’re likely to encounter at least one of these tactics. Staying safe involves have an updated antivirus program installed and being cautious with your activity.
If you do fall victim to one of these attacks, call Geek Rescue at 918-369-4335.
November 6th, 2014
Ransomware, forms of malware that lock down your device and demand a payment, or ransom, to release your files, have seemingly increased in usage in the past year, but the earliest forms of ransomware have been around for longer than that. The FBI virus began infecting computers several years ago and uses the same scare tactics seen in freshly minted ransomware. As reported in a post on Spyware News, the FBI virus has now been adapted and evolved to infect Android smartphones and tablets.
Common methods of infection stem from malicious email attachments, or false alerts on websites asking you to update Adobe Flash, Java or a similar program.
Once the malware infects your device, it quickly locks it so you can’t access any apps or files and displays an alert claiming to be from the FBI. The alert demands $300 to be paid within 48 hours.
Although seeing this type of warning is surprising and jarring, there are many clues that this is a hoax. Most notably, the warning is littered with typos and poor grammar, which is a common characteristic of malware and malicious emails.
While it can be extremely difficult to by-pass this malware, under no circumstances should you pay the fine asked for. There’s no guarantee that your device will be unlocked if you do and that money goes to prolong this threat. The FBI Android virus, in fact, doesn’t actually encrypt your files so removing the malware should fully restore your system. So, how do you remove it?
- First, turn off your device and restart in Safe mode. To do so, turn it on and hold the menu button with one of, or both of, the volume buttons, depending on your device.
- Once in Safe mode, go to Settings, and click on Apps or Application Manager. Find any suspicious apps you don’t recognize. The FBI virus typically disguises itself as a video player or an app called ‘ScarePackage’ or ‘BaDoink’. Uninstall the suspicious app.
- Restart the device to see if it has been restored.
If these steps don’t work, it’s not a lost cause. You’ll just need a little more expertise.
If you’ve been infected by the FBI virus or any other type of malware, Geek Rescue will help. Come by or give us a call at 918-369-4335.
For your business needs, visit our parent company JD Young.
November 3rd, 2014
It seems a new malware threat emerges practically every day, but most threats have a lot in common. They gain access to your device in a similar fashion and are fixed or bypassed in a similar fashion. A new threat reported on the Symantec blog, however, is unique. Trojan.Poweliks isn’t like other malware that exists as a file on an infected machine. Instead, this particular form of malware hides in the computer’s registry.
Trojan.Poweliks still infects computers the way most other forms of malware do. Users are commonly infected through spam emails, malicious links and exploit kits. Users have reported seeing emails claiming to alert them about a missed package delivery. Opening the email and downloading the attachment leaves them infected.
Once a machine is infected, the trojan disguises itself as a registry subkey. That means most users will never be able to find it.
While it’s hidden, the malware receives commands remotely from the attacker and can take all sorts of nasty actions to cripple your computer and monitor your activity.
Staying safe from these types of threats requires both intelligent web use and proper security tools in place. An updated antivirus tool will catch many of these threats, but if you’re among the first users infected, your antivirus won’t be able to recognize the latest form of malware. That’s why your first line of defense has to be to avoid where these threats are commonly found. Don’t download suspicious email attachments or follow links sent to your email. These practices will help keep you out of harm’s way.
If you’d like to improve the security on any of your devices, or need help getting rid of malware that’s infected your machine, call Geek Rescue at 918-369-4335.
October 6th, 2014
A browser hijacking program does just what it’s name suggests it does. When you load your web browser of choice, the hijacker goes into effect and sends you to an alternate website than your chosen starting page. Often, this is an alternate search engine that allows malware developers to record your search and browsing habits, which helps them develop more effective malware. These search engines could also direct you to websites that infect your machine with malware without your knowledge. One of the most infamous browser hijackers is Snap.do, which is running a many users’ computers without them knowing it. At A Tech Journey, Anup Raman explained the most common way to remove Snap.do.
For most users infected with Snap.do, the program will appear in the list of programs installed on your computer, which means you can click on the uninstall option and get rid of it. Go to your ‘Control Panel’ and click on ‘Programs and Features’. A list of everything installed will come up that you can search for ‘Snap.do’, ‘Smart Bar’ or anything from developer ‘Resoft Ltd’. Once you’ve gone through the uninstall process, search your hard drive for ‘smartbar.installer.mini’, which is an executable file often found in the Downloads folder. Remove that file, then run a full anti-malware scan. Now that the program has been removed, you’ll want to load your preferred web browser and make changes there.
Mac users have a similar process for removing Snap.do. First, open the ‘Applications’ folder on the desktop. One of the applications listed should be ‘Snap.do’, which you can click on and drag to the trash. Now, empty the trash. That should remove the program from your computer, but you’ll still want to load your preferred web browser to remove it completely.
Before Snap.do is completely removed, you need to change the settings in your browser. For IE, open the browser and click on the gear icon in the top right corner. Select ‘Internet Options’ or ‘Tools’. Click to the ‘Advanced’ tab and click on the ‘Reset’ button. A new window will appear where you need to check the box next to “Delete personal settings” and then click ‘Reset’ again. Close the window, and hit ‘OK’ on the prompt that opens, then close the browser. When you open it again, Snap.do should be gone.
For Chrome, open the browser and click on the menu button. Hover over ‘Tools’ and select ‘Extensions’ from the menu. Snap.do should be listed here. Click on the trash icon on the right next to Snap.do then click the menu button again. This time, go to ‘Settings’ and select ‘Manage Search Engines’. Click ‘Make default’ next to whichever search engine you want to use, then click the ‘X’ next to Snap.do. Finally, go to ‘Settings’ one more time and under ‘On startup’, click the button next to ‘Open the New Tab page’. That should do it.
Open the browser and click on the ‘Firefox’ button in the top left corner then select ‘Help’. Depending on your operating system, you may be able to click on ‘Help’ from the menu bar. Go to ‘Troubleshooting Information’ then select ‘Reset Firefox’. A confirmation window will appear where you’ll need to select ‘Reset Firefox’ again. Your browser will close, then re-open with Snap.do removed.
These are the typical fixes for Snap.do and other browser hijacking programs. But, these methods won’t always completely remove the problem. In some cases, the malware is more complicated and will need additional work to remove.
For those complicated cases and for other IT problems, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
August 21st, 2014
Google’s Chrome browser includes a number of useful features itself, but it also offers the opportunity to add features and capabilities through extensions. There are thousands of options for extensions offering a variety of functionality. Not all of these extensions are trustworthy, however. At Tech World, Jeremy Kirk reports that about 10-percent of Chrome extensions examined by security researchers were deemed either malicious or suspicious.
Researchers began looking closely at extensions due to concerns that they are the next attacking point for cybercriminals because of the potentially valuable information available through compromised web browsers. After examining 48-thousand extensions, researchers found 130 that were outright malicious and another 4712 suspicious extensions.
The flagged extensions were capable of various misdeeds, including affiliate fraud, credential theft, advertising fraud and social network abuse.
Much like malicious apps, extensions are granted permissions that give them a great deal of power. Malicious extensions have been observed intercepting web requests from the browser and injecting JavaScript into web pages. Researchers hope that the results of this study help to make clear that extensions need to be more limited.
If you’ve installed a malicious extension, you also won’t know about it right away. The extensions are designed to stay dormant until you visit a specific type of website. Even then, a typical user may not notice any malicious or suspicious behavior.
Google has already reacted to these findings and is attempting to make it harder for unofficial extensions, like those found outside of their Web Store, to be installed. It’s likely more changes will be implemented soon so that Google can exert even more control over extensions.
While some of the flagged extensions weren’t harmful to users, they still displayed activity that was suspicious in nature, like changing ads on a site. Some of these extensions have been downloaded millions of times.
If you’ve installed any extensions from outside of Google’s Web Store, your safest option is to uninstall it immediately. If you feel your computer has been compromised and may still be infected by malware, call Geek Rescue at 918-369-4335.
For your business solution needs, visit our parent company JD Young.
August 18th, 2014
Cryptowall is the latest ransomware malware to be claiming victims. Much like CryptoLocker, Cryptowall encrypts the files on a victim’s computer and demands a payment to decrypt those files. This malware is usually spread as an attachment on spam emails. A post at Spyware News details the Bank of America email scam that’s currently spreading Cryptowall.
If you’re not a Bank of America customer, it’s easy to ignore messages claiming to be from the bank about your account. Those that do have active accounts find the messages more believable, however.
Users are reporting seeing emails claiming to be from Bank of America with an attachment. The emails are from “Andrea.Talbot@bofa.com” and advises the user to open the attachment because it contains information about their account. The email contains an office phone number and cell number with an 817 area code and even includes a standard confidentiality notice at the bottom. The email appears to be legitimate except for the fact that no bank, much less on the size of Bank of America, would send confidential account information to customers this way.
The attached file is named “AccountsDocument.zip” but those that download it quickly discover that it’s malware. Specifically, it’s the Cryptowall virus that encrypts files.
For the time being, be extra cautious about opening any emails from Bank of America and don’t download any attachments. If you have questions about an email, always contact the institution named in the email directly, rather than downloading attachments or following links provided.
Unfortunately, if you’ve become infected by Cryptowall, or a similar virus, there’s often no easy way around it. If you’ve recently backed-up your system, you can restore the encrypted files after the malware has been removed. Otherwise, you may not be able to recover the encrypted files.
If your device is infected with malware of any kind, call Geek Rescue for help at 918-369-4335.
For business solutions needs, visit our parent company JD Young.
August 15th, 2014
Google’s Chrome browser has always been a leader in safe and secure browsing. If you’ve used Chrome before, you’ve likely been confronted with a warning that a page you’re trying to visit isn’t safe. You may have even seen a warning about a potentially malicious file attempting to be downloaded. On the Chrome blog, Google recently announced their latest addition to their Safe Browsing service, which expands its protection against suspicious downloads.
In current versions of Chrome, users are warned if a file they’re attempting to download contains warning signs that it might actually be malware. Starting soon, Chrome will automatically block malicious downloads. This will also now include downloads disguised as helpful that make “unexpected changes”. That refers to applications that change your browser’s homepage, or desktop, or add tool bars without your knowledge or consent.
When Chrome recognizes any of these types of files being downloaded, a warning will be shown informing the user that the download has been blocked. There’s certainly the possibility that a blocked download was actually legitimate, however, so users will have the option of restarting the download from their Downloads list.
Tools like this help keep malicious files off of your computer, but users shouldn’t rely on them completely. The best way to stay safe and secure is to stay away from low quality websites and to be cautious about downloading anything. These tools are a good safety net, but your browsing habits should be the first line of defense.
If any of your devices have been infected with malware, or just need a tune-up, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
August 13th, 2014
In the past, most forms of malware would not run on virtual machines, which was a way to avoid detection and study. That now seems to be changing, however. Jeremy Kirk reports at Computer World how malware has changed its tactics and why malware producers are now interested in infecting VMs.
To understand the reasoning behind wanting to infect VMs, you only need to understand that most malware is created to infect as many users and environments as possible. If there’s a limitation that the malware won’t run on VMs, that greatly limits the potential for infection. This is particularly true with VMs becoming more typical in many businesses’ infrastructure.
Instead of ceasing operations on VMs, malware now is being produced with the goal of moving from a virtual machine to its host server, which could then give it access to many more environments.
Malware is typically easy to detect if it begins executing immediately after being downloaded, however. So, to avoid detection on VMs, malware comes with a delay. Before decrypting and launching their payload, malware waits a few minutes, or until a specified number of left mouse clicks are made by the user. This is usually enough time for security programs to label the file as harmless and move on.
Over the past two years, security firm Symantec studied 200-thousand samples of malware and found that only 18-percent stopped working on a virtual machine. While this does introduce the possibility of malware spreading from VMs to servers, it also creates an opportunity for researchers. Now, they’ll be able to study malware in a detached environment.
Unfortunately, since 18-percent of malware still disappears on a virtual machine, hardware is still needed to be sure that all infections are found.
For help removing malware from your devices, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
August 12th, 2014
Have you ever thought that Facebook would look better in a different color than the traditional blue? Many users have had that thought and have attempted to add a Facebook app to their profile that would allow them to change the color of their personal Facebook experience. As Dave Smith reports for Business Insider, the Facebook Color Changer app is malware that sends everyone who clicks on it to a phishing website.
More than 10-thousand users have reportedly been affected by the color changer app. Users who click through to the malicious phishing site have their Facebook logins stolen so the scammers can spam their friends with more fake offers.
Additionally, some users have reported that the website they’re directed to also asks them to download other files. Differing reports say users are directed to download a video or another app. These files are also malicious but so far it’s unclear what kind of damage they’re capable of.
If you’ve mistakenly added the color changer app to your Facebook profile, or any other app that you need to remove, you can do so by visiting the Settings menu. That’s the one with the small lock icon in the top right corner. From there, click on ‘Apps’ in the menu on the left and find the apps you want to remove in the list. Click the ‘X’ by the app name and it will be removed.
In the case of the color changer app, you’ll also want to run a full virus scan of your computer and change your Facebook password.
If you’re still interested in changing the color of Facebook, there are more legitimate ways of doing it. If you’re using Chrome there are add-ons available that can change Facebook’s color scheme. Always do some research before adding extensions or apps of this nature, however, as they’re ripe targets for scams.
If your computer, or other device, has been infected with malware, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
August 8th, 2014
Earlier this year, malware called Lurk was discovered infecting users with vulnerable versions of Adobe Flash. That same malware continues to count victims, but has altered its tactics slightly. At Dark Reading, Kelly Jackson Higgins reports how Lurk is embedding malicious code inside an image to infect users.
Steganography is the term used to describe this type of attack and it’s one that’s well-known in the intelligence and security community. In this particular scheme, iFrames on websites are used to infect users with security flaws in their version of Adobe Flash. This would be users who haven’t updated recently. Popular and legitimate websites were used to spread this malware. Rather than downloading a malicious file, which can be easily spotted by antivirus programs, Lurk is downloaded as an image with malicious code embedded within it.
Experts say this method isn’t complex, but because it’s difficult for security applications to spot it, it can be extremely effective. Attackers using this scheme have reportedly infected 350-thousand users over just a few months and netted hundreds of thousands of dollars in profit.
The profit comes in the form of click-fraud. The image file that a user unknowingly downloads contains an encrypted URL, which is used to download more files. Those are used to earn clicks on ads and websites that in turn make the attackers money.
The Lurk attack remains active and experts believe steganography will be used in more attacks in the coming months. To protect yourself, make sure to update and patch all programs, especially Adobe Flash, each time an update becomes available.
If you’ve been the victim of an attack, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.