Malware Hidden In .Zip Email Attachments Makes Sudden Rise

January 15th, 2014

Envelope with trojan virus concept

Spam emails are always annoying, but they can be malicious and harmful also. Some emails have attachments that infect your computer with malware. Recently, security company Symantec noticed an extreme spike in the number of malicious .zip files being sent out, as Eric Park reports on the Symantec blog.

Sending malicious attachments is a common practice for hackers, but sending .zip files hasn’t been popular for some time. A .zip file is used to compress a much larger file, which makes it small enough to send over email. For criminal purposes, it also obscures the true nature of an attachment. Instead of a user clearly seeing that what should be a Word document is actually an executable file, all files end in .zip and must be downloaded and opened in order to find out what the file actually is. Downloading and opening these files, however, infects your computer with malware.

In the past few months, there had never been more than about 25-thousand instances of malicious .zip attachments being sent on a single day. But, from January 7 to the 10th, between 150-thousand and 200-thousand malicious .zip files were attached to spam emails. In addition to the sudden rise in number, the names of the .zip files being sent changed every day.

On the 7th, an email claiming to be from a legitimate bank like Wells Fargo was sent with a .zip attachment named ‘BankDocs’ followed by some numbers. By the next day, the tactics had changed to an invoice for an overdue payment to an unnamed company. The attached .zip file was named ‘Invoice’ followed by numbers. On the 9th, the .zip file was called ‘Early2013TaxReturnReport’ supposedly from the IRS and then an invoice from a specific company marked on the 10th.

Each of these messages were different, but all contained the same Trojan malware that is capable of stealing data from an infected computer. Since the message changed everyday, it’s difficult to warn users of exactly what to watch for. Instead, don’t download any attachments unless you know exactly what it is and are expecting a file to be sent to you.

Since January 10,  the messages with malicious .zip have gone back to their usual volume of a few thousand per day, but security experts warn that another large-scale attack could start again at any time.

If your computer has been infected with malware, come by Geek Rescue or call us at 918-369-4335.

 

Your Computer Has Malware, Now What?

January 14th, 2014

Man at laptop shrugging

Even with security measures in place, the most cautious internet user can suffer a malware infection. Not all malware infections are created equal, but it’s advised that you find and eliminate malicious files as fast as possible, regardless of what threat they actually pose. Some malware, like the well publicized CryptoLocker, encrypts your files, which effectively locks you out of your own computer. Lincoln Specter of PC Advisor has some tips for how to overcome an invasive malware infection.

  • Restore Back-Up

Ideally, you’ve been regularly backing-up your important files. If that’s the case, get rid of infected files and restore the copies you’ve saved. Regular back-ups make recovering from an attack easy, but many of us don’t back-up our computers as much as we should.

  • Research Malware

It’s important to know exactly what your computer is infected with and how it will affect your system. Some malware opens pop-ups, or hijacks your browser, but doesn’t infect or encrypt other files on your hard drive. Those types of malware are important to remove, but can usually be solved with a good antivirus program. Malware that falls under the umbrella of ransomware is trickier. Files are either hidden or encrypted and a ransom is demanded to restore them. It’s important to research what type of malware you’re infected with so you know what the next step should be.

  • Restore Files

If you’re infected with a less complex form of ransomware, you may be able to restore your files without paying a ransom. First, reboot your machine in Safe mode. For Windows 7 users, this means pressing F8 repeatedly before Windows loads. In Safe mode, go to Windows Explorer, select ‘Organize’ and ‘Folder’ then ‘Search Options’. Click on the ‘View’ tab and enable the “show hidden folders, files and drives’ option. Now, go see if the files that you were missing are available. If you find them, you can right click, then select ‘Properties’ and unselect ‘Hidden’. Now your files should be available when you reboot into normal mode, but be sure you go through and completely remove any malicious files still on your machine.

Unfortunately, if this method doesn’t work it probably means you have a more complex form of ransomware that has encrypted your files. While some encryption can be broken, criminals are using more and more complex methods to ensure that the only way to get your files restored is to pay them.

If you find yourself with any type of malware infection, call Geek Rescue at 918-369-4335 for help.

Protect Yourself From Phishing Attacks With These Tips

January 10th, 2014

Phishing with email symbol

Phishing attacks come through most of our emails on a daily basis. Thankfully, spam filters and other security measures keep us from having to regularly deal with them, but because criminals are always making these attacks more intelligent, some attacks do find their way to our inbox. Some are difficult to ignore since they capitalize on the latest news to make their message more believable. For example, the latest high-profile attacks on Target, Adobe and Snapchat are now being used by hackers as an excuse for why users need to divulge their information. As David King of IT Manager Daily writes, there are ways to protect yourself from these phishing scams. Here are the most important tactics to know.

  • Question Everything

Because each message is being crafted to fool users into thinking it’s legitimate, you can’t afford to trust any message you receive. Even messages from companies you have an account with that contain official looking logos can be spam or phishing scams. Checking the email address of the sender is effective for many messages. Often, a message claiming to be from a legitimate company is sent from an email address not associated with that business. But, criminals have started to overcome that hurdle also. Even emails that come from someone in your contacts list could be malicious. So, before downloading anything or responding with important information, ask yourself why the sender of the message would be taking these actions. If it seems at all suspicious, call the sender directly and ask about the email. Or, visit the company’s website and find a more direct way to send them information. Usually, it’s safe to assume that any legitimate business won’t ask for your financial information over email.

  • Attachments

Malicious files sent as attachments are a common way to convince users to download malware. Many users will even be suspicious of an email, but download the attachment in an attempt to gain more context as to what the message is about. Downloading and opening these files infects your computer. Don’t let your curiosity get the best of you. If a message seems suspicious, don’t visit any links included in it or download any files attached. Even if the message seems legitimate, don’t download a file unless you know exactly what it is. A good rule of thumb is if you aren’t expecting a file to be emailed to you, don’t download one.

  • Updates

Unfortunately, even the most intelligent users fall prey to phishing scams and malware infections. Even if you never download attachments, visit suspect websites or open suspicious emails, malware can still find its way onto your system. It’s better to plan for this event and never need the security provisions than to be caught without it. Be sure you have a trusted antivirus program in place and keep it regularly updated so it can recognize the latest threats. Update all of your applications and your operating system also to close potential security vulnerabilities.

Phishing scams allow hackers to infect your computer and steal important information. Follow these tips to keep yourself, and you identity safe.

If your computer is infected with malware or you’d like to improve the security on your network, call Geek Rescue at 918-369-4335.

Beware Malicious Offers To Update Your Browser

January 10th, 2014

Virus alert in browser

When was the last time you updated your web browser? Periodically, you’re prompted to update to the latest version in various ways, but not all of those prompts are legitimate. As Zeljka Zorz writes at Help Net Security, agreeing to update your browser from the wrong source leads to malware infections.

It’s a common scam that’s been around for years, but internet users in the UK have seen a recent surge in malicious offers to update their browsers. These offers occur in the form of pop-ups that look official enough. They claim to be “critical updates” and many even trap you in an unending loop that prevents you from closing the tab.

If you agree to download the update, what you’ll actually get is some form of malware. In the recent occurrences seen in the UK, a trojan used to steal information was downloaded instead of a browser update.

These scams are seen most on sites where you stream media. It seems users are more likely to believe that an update is needed when they think they won’t be able to stream the video they wanted to watch. But, even if you think your browser is in need of an update, it’s never a good idea to download from an untrusted source. Instead of clicking through on the pop-up, go directly to the browser developer’s site and check for recent updates.

This scam isn’t limited to web browsers either. Warnings that your operating system, or plug-ins to your browser are out of date are also used to convince you to download a malicious file. In every case, don’t download anything unless you’re on the developer’s site. It is a good idea to regularly check to see if applications you use are out of date. Doing so helps close security flaws and eliminates bugs and compatibility issues. But, you have to be careful when downloading and make sure it’s from a trusted source.

If your computer has been infected by malware, bring it to Geek Rescue or call us at 918-369-4335.

Vulnerability Of Two-Step Authentication Revealed

January 9th, 2014

Logging in on tablet

Two-step, or two-factor authentication is a generally trusted way to secure online accounts to ensure that only the account holder can access them. A recent hack on Blizzard’s World of Warcraft online game has exposed a vulnerability many had previously overlooked, however. Antone Gonsalves at Network World details how the attack took place and how it can be prevented in the future.

Two-step authentication requires a user to log-in to their account with their username and password. Then, a second passcode or PIN is supplied to users via text message, email or other means. That second code must also be input to give users access to their accounts. This two-step method is used to verify users anytime they use a new device to log-in.

It seems like a foolproof method for keeping hackers out of accounts that don’t belong to them, but the recent World of Warcraft hack demonstrated how a ‘man-in-the-middle’ attack provides a way around two-step authentication.

First, a trojan infected users on a popular online forum related to World of Warcraft. That trojan allowed for a man-in-the-middle attack, which allows criminals to intercept data and information a user believes they’re entering into a website. In this case, users attempted to log into their accounts using two-step authentication, but were really only giving hackers the information they needed to break into the accounts themselves. This also locked the actual users out of their own accounts.

Similar attacks have been observed on banking sites, where two-step authentication is also commonly used. Experts say these attacks highlight the weakness of most two-step authentication methods, which is the use of in-band authentication or using the same channel to input all information.

Because users are asked to enter their username, password and original generated code at the same time, over the same channel, it makes man-in-the-middle attacks extremely effective. Instead, experts suggest sites use two separate channels. For example, log-in to your account online with your usual information, then users would be prompted to enter a one-time PIN into a mobile app on their smartphone. Another suggested method is to send automated text alerts to users when someone tries to log-in using their information. If the IP address or geographic location doesn’t match their own, users would be able to reject the log-in attempt.

The lesson for users and businesses alike is that even two-step authentication doesn’t keep accounts completely secure. Hackers are getting more intelligent in their attacks all the time and technology that was once thought unbreakable now has vulnerabilities.

If your computer is infected with malware, or you’d like to investigate better security methods for home or business, call Geek Rescue at 918-369-4335.

Is Windows 7 Still Good For Business?

January 9th, 2014

Windows 7

Microsoft’s support of Windows XP will be coming to an end in April. Most organizations already migrated to Windows 7, however. But, with the end of XP and Windows 8 already on the market, the clock is now ticking on Windows 7. Kris Lall of Attachmate writes that your business doesn’t need to panic and move to Windows 8 just yet. Here’s why.

  • Standard For Business

Comparing Windows 7 to XP isn’t that encouraging considering XP is being put out to pasture, but XP was regarded as the standard for businesses for about eight years. Windows 7 just started its reign as the standard operating system. Currently, independent software vendors are mostly developing applications for Windows 7, not 8. Part of the reason for that is Windows 8’s need for a touchscreen for the best experience. Most enterprises aren’t prepared to change hardware in order to accommodate the latest operating system. For now, Windows 7 is a trusted platform with support from Microsoft pledged for at least another seven years.

  • What About Mobile? 

Mobile devices are becoming more common for use in business, which opens the door for Windows 8 integration. With the bring your own device trend, it’s likely that even without an official effort to usher in Windows 8 on mobile devices, it’s probably already being used by some employees. A move to Windows 8, at least for mobile devices is inevitable so it’s a good idea to start preliminary testing. Using Windows 8 for mobile and Windows 7 for desktop is a solution some companies are already adopting.

The decision to be an early adopter of Windows 8 isn’t a bad one, but if you’d rather wait before you need to migrate to a new operating system, Windows 7 is expected to be a safe option for a long time.

For help implementing new technologies, improving security or other IT business needs, contact Geek Rescue at 918-369-4335.

 

Advice For Better Passwords

January 8th, 2014

Password padlock

For many of your online accounts, a password is the only thing keeping criminals out. This makes users incredibly reliant on passwords, but many still make mistakes when choosing one. Kirsten Dunleavy at the Bullguard blog explains “the password management paradox” and how to best choose your passwords.

  •  Unique Passwords

The best practice for securing each of your accounts is to choose a unique password for each of them. This way, if one account is hacked, your other accounts are still safe and secure. If you use the same password for multiple accounts, one account getting hacked could give a criminal access to all of your information. The issue associated with creating unique passwords, however, is that users can’t remember all of them. This is the paradox of password management because if you can’t remember your passwords, it makes them less secure. Users take actions that weaken the strength of passwords like writing them down, or storing them unencrypted, continuously having to have passwords emailed to them or reset by admins or ignoring a prompt to update an old password.

  • Memory Tricks

You need to use different passwords for each account, but you can still use some tricks to help you remember them. Using memorable phrases for each account is one way, but unless that phrase applies directly to the account, it might be hard to keep track of which password goes with which site. Another way is to pick one, strong password and then alter it based on what site you’re using it with. So, the first seven or eight characters of every account might be the same, but the last few characters are specific to that account. Maybe add Y!00 for Yahoo accounts or GO0 for Google accounts. Whatever trick you use, remember that it’s important to use upper and lower case letters, numbers and symbols in each password.

  • Password Managers

Users’ many problems with passwords has led to the rise of password managers. These services are often free and will store all of your passwords for you. Many will even offer to log-in to stored accounts automatically when you visit the corresponding website. So, you can make each password strong and unique and not have to worry about forgetting them. Your passwords are encrypted and stored behind one master password. Make this your strongest password and make sure it’s one you’ll remember. Use a long phrase and replace letters with numbers or symbols.

Although biometrics and two-step authentication are both being used more, passwords are going to be the main tool used to secure online accounts for a long time. Make sure that you’re using them effectively.

At Geek Rescue, we specialize in security. To improve security on your computer, at your home or office, or fix the damage of malware or viruses on your machine, call us at 918-369-4335.

New Form Of Ransomware Will Soon Infect Computers

January 8th, 2014

Infected computer concept

Ransomware is malware that takes control of a user’s computer and demands a payment to decrypt files. The most famous example of malware is currently Cryptolocker, which first began infecting users last fall. Since then, similar forms of ransomware have been springing up more and more, like the copycat Cryptolocker that targets P2P users. Danielle Walker of SC Magazine reports that the latest form of ransomware hasn’t yet been released, but is expected to be even more dangerous than Cryptolocker.

The name of the new malware is Prison Locker or Power Locker. Security experts first learned of its existence by monitoring underground forums where hackers gather to produce and sell their malware.

Prison Locker performs similarly to other ransomware. When a user is infected, a display window opens that can’t be exited. Other functions of Windows are disabled, as well as the user’s Escape key, Task Manager and Control-Alt-Delete. A user is locked out of their own computer and told they have to pay to regain control. While they’re locked out, files are also encrypted making it impossible for users to access their own data.

The reason many are calling Prison Locker and bigger threat than Cryptolocker is its use of more complex encryption. Prison Locker uses multiple encryption levels. The first of them, called BlowFish, generates a new key for each file it encrypts. That means it has to be broken, or decrypted, one file at a time. In addition, each BlowFish key is encrypted through another method with a unique key for each computer infected. All of this encryption is perceived to be “unbreakable”.

The current asking price for Prison Locker is $100, which suggests it will be widely used soon. The other takeaway from these reports is that ransomware is on the rise. Because of its invasive nature and the ability to directly profit off of each infection, criminals will be using ransomware more often and producing more throughout 2014.

If your computer is infected with any type of malware, call Geek Rescue at 918-369-4335 for help.

Three Keys To Effective Access Management

January 7th, 2014

Password screen

Taking charge of access management for your company is a vital step towards better security. Very few members of your organization need access to all of the applications and data on your network and access management ensures that each employee is given access only to what they need. This significantly decreases the likelihood of a data breach and allows you to keep closer tabs on who is accessing data and how they access it.

Cloud computing and the bring your own device trend make data security more difficult than ever before. Effective access management is crucial in tandem with these new technologies. David King of IT Manager Daily published a list of policies all businesses should follow to limit access to critical data and prevent data breaches.

  • Communicate Role Changes

The more employees you have, the more roles change. Communication between departments is important so that when an employee’s role changes, due to a promotion, firing or change in projects, their access changes too. Problems arise from individual users having access to data they no longer need. Especially in the case of workers who are no longer with the company, access changes should be a priority and made immediately.

  • Regular Reporting

Staying up to date on who can access what data and how and where they’re accessing it is a big time investment, but it’s necessary. Without regular checks on data access, you’ll be caught unaware when a problem occurs. Many times, warning signs of an impending breach, or at least a potential vulnerability, exist days or weeks before any data is actually stolen. Data being accessed during off-hours or being accessed off-site are warning signs that someone is accessing data that shouldn’t be. They don’t tell you definitively that there’s a problem, but they suggest you should look into the matter.

  • Password Security

Part of access management is ensuring that employee accounts are only being used by those employees. Educating workers about the dangers of weak passwords is important. Make sure each employee understands what a strong password consists of and is using one. Also, prohibit the sharing of passwords or inheriting accounts from others. This weakens your efforts to limit access to certain employees and opens loopholes that workers can exploit after they’ve left the company.

Data breaches can be extremely costly to any type of business. Investing in security now can save you later.

For help improving all facets of data security at your company, call Geek Rescue at 918-369-4335.

Preventing And Overcoming Browser Hijacking Malware

January 7th, 2014

Lock and chain on browser

Browser hijacking refers to malware that’s capable of changing your browser’s settings without your knowledge. Often, your homepage or default search engine will be changed, new bookmarks or pop-ups added. Spotting the effects of browser hijacking malware is usually easy, but it’s best to avoid infection altogether. Mary Alleyne of Jupiter Support published a list of ways to avoid becoming a victim of hijackware.

  • Effective Antivirus Programs

As with any malware, an up-to-date, trusted antivirus program is the key to stopping most infections. Anything you download, even if it’s from a seemingly trustworthy site, should be scanned before you open it. Many antivirus programs also offer constant scanning in the background that will alert you immediately if malware, viruses or trojans have infected your system.

  • Disaster Recovery

Unfortunately, malware is updated and new pieces released at a rate too fast for antivirus programs to keep up with. This means that even the best antivirus programs can’t be relied on to catch every piece of malware. Since there’s always a chance that your computer will be infected with a browser hijacker or other malware, take precautions and make a plan for how you’ll recover. Back-up important data and look into other security software that will aide your antivirus program.

  • Change Security Settings

Most popular web browsers offer higher security if you’re willing to sacrifice some functionality. In Internet Explorer, these settings are available under ‘Internet Options’ on the ‘Security’ tab. While setting the security level to ‘High’ will prevent your browser from automatically executing some code, including activeX instructions that allow most browser hijackers to function, it will also prevent some websites from working properly. For trusted sites however, you’ll be able to add them to an exceptions list that restores full functionality to only those sites.

  • Change Browsers

Almost all browser hijacking malware is specifically coded for one browser. This means that malware that works for IE won’t work for Firefox or Chrome and vice versa. The simplest way to avoid the problem if you’re infected with hijackware is to use a different browser. But, the problem won’t be fixed and shouldn’t be ignored. Switching browsers is a simple way to end the hijacking, but you’ll still want to try to get rid of the malware causing it.

More in-depth fixes like editing the ‘Hosts’ file for malicious entries and searching the registry for specific websites also help overcome browser hijacking malware, but require a little more expertise.

If your computer is infected with malware, Geek Rescue fixes it. Bring your device to us, or call us at 918-369-4335.