Visiting a Web Site Can Be Dangerous to Your Computer's Health!
If you didn't fall for the fancy websites and advertisements promoting scareware as a legitimate virus protection program, how else can you get scareware installed on your computer? Unfortunately, you can get scareware installed on your computer with out you being aware of it. The same methods used to get different kinds of malware on your computer are used to infect your computer with scareware.
These methods have changed recently in response to better security protections being used by businesses and home users. What cybercrimals have discovered is that is more difficult to spread malware through the network with increasing adoption of firewalls. Email filtering has made an it more difficult to distribute scareware through email spam. As a result malware and scareware are increasingly distributed through web browsers. Simply by visiting a website your computer can be infected with scareware. What's more, virus protection applications rarely detect this kind of attack.
To infect a computer through a web browser, an attacker must accomplish one of two tasks. Either, they must find a way to get a victim to visit an infected website, or get the victim to click a link on a compromised advertisement. The website may be a site the cybercriminal has created. The website can also be a legitimate website that has been attacked then HTML code has been inserted by the cybercrimal and this compromise has not been detected by the website owner. Usually, large organizations have the IT staff and resources to detect when their organization website has been attacked and compromised. But, smaller businesses do not have these resources. As a result there are a lot of small businesses whose websites are being used to distribute malware and are not aware of it.
To combat this latest method of distribution, search engine companies such as Google and Yahoo have developed "blacklist" of websites that contain malicious code. This protection method is not full proof, and there are still many websites that come up on search results that are compromised. It is a cat and mouse game. Protections are put in place to thwart cybercriminal attacks, so the cybercriminals change their methods to get around the protections.
How do you protect yourself? Continue to use firewalls, virus protection, and the major search engines. You can add to the protections your are currently using by obtaining a website monitor software such as McAfee SiteAdvisor. A power user suggestion: If you using Windows XP, logon to a user account that does not have Administrator privileges, and if you use Windows 7 keep UAC (User Account Control) turned on. Perhaps, the best protection is to stay informed.
Friday, August 26, 2011
Friday, June 24, 2011
Trick and No Treat with Scareware - Part 3
You think you installed the perfect virus protection…or did you get scammed?
You visit a website and see an ad touting an antivirus product second to none. You click on the ad link and are brought to the software manufacturer’s website. On the first page are recommendations and testimonials from third party security product testers ranking the product as the best in it’s class. You are impressed with how it stands up to Norton, McAfee, or Trend according to these recommendations. Besides, you are tired of your current antivirus slowing down your computer, and this product all but guarantees better performance. So, you take the plunge and buy the product.
Without realizing you’ve just been fooled into purchasing and installing a fake antivirus product. It is not only bogus, but all kinds of malware will be installed onto your computer. Welcome to one of cybercriminals favorite bait and switch scam. How do they get away with it?
They build a legitimate appearing website, falsify third party security product tester tests, and advertise using the same methods as legitimate security product companies. Yep, that’s the formula that rakes in millions for cybercriminals. And, you are left with an infected computer, a stolen credit card number, and a bruised ego from feeling like a fool.
How do you fight back? First, do some research before purchasing any security product. These websites below will help. They list legitimate antivirus products, and the corresponding websites. These security product testers will also give you a better idea of how effective one product is compared to another.
http://www.virusbtn.com/vb100/index
http://www.westcoastlabs.com/productTestReports/
Friday, May 27, 2011
Trick and No Treat with Scareware - Part 2
How do you recognize scareware?
It may not be as easy as you think. At first Scareware will appear to be a real-time, anti-virus scan of your hard drive. Then a pop-up message appears that your computer is infected with numerous viruses, spyware or other malware. There maybe a bombardment of pop-up warning messages that makes your computer difficult to use, but not in most instances. Keep in mind the scam artists want to fool you into believing the pop-up messages are legitimate. This way they can con you into purchasing the fake protection software, scan your computer for personal identity information, and use your computer to attack other computers.
The Scareware pop-ups will appear in a similar manner and appearance as messages you receive from anti-virus products manufactured by Symantec, McAfee, TrendMicro and other common anti-virus software companies. So, how do you know the difference between your legitimate anti-virus application and scareware? After all, you don't want to ignore a legitimate warning message.
First and foremost, get back to basics...
Know what anti-virus or protection software you have installed on your computer. The scam artists are counting on you not remembering what protection you've installed on your computer. Know the name of the software manufacturer (Symantec, TrendMicro, McAfee, etc.) and know the name of the product (Norton Internet Security, PC-cillin, Total Protection, etc). These products also come with a subscription for updates. Know how to find the subscription information so you can verify when the subscription expires.
Some of the scareware pop-up messages appear to be generated from the Windows Security Center. The Windows Security Center is part of Windows XP. Its purpose is to monitor the status of the presence of an anti-virus application or when the Windows Firewall is turned off. Essentially, the only legitimate messages you will receive from the Windows Security Center are warnings as to the absence of an anti-virus application or warning that your Windows Firewall has been turned off. You can recognize any fake "Windows Security Center" pop-up messages if there is a warning stating that there are infections on the system or if there is an inducement to download or purchase a product.
Unfortunately, if these scareware messages start popping up on your computer it means that your computer is already infected. If you click the pop-up message to purchase the software, a form to collect payment information for the bogus product launches allowing you to download and purchase the fake anti-virus product. But, that is not when your computer gets infected. In most instances, the scareware installed malicious code onto your computer before you saw any pop-up messages... whether you click the warning message, the purchase pop-up form, or not.
Parts three and four will deal with how the scammers get scareware infections on to your computer.
It may not be as easy as you think. At first Scareware will appear to be a real-time, anti-virus scan of your hard drive. Then a pop-up message appears that your computer is infected with numerous viruses, spyware or other malware. There maybe a bombardment of pop-up warning messages that makes your computer difficult to use, but not in most instances. Keep in mind the scam artists want to fool you into believing the pop-up messages are legitimate. This way they can con you into purchasing the fake protection software, scan your computer for personal identity information, and use your computer to attack other computers.
The Scareware pop-ups will appear in a similar manner and appearance as messages you receive from anti-virus products manufactured by Symantec, McAfee, TrendMicro and other common anti-virus software companies. So, how do you know the difference between your legitimate anti-virus application and scareware? After all, you don't want to ignore a legitimate warning message.
First and foremost, get back to basics...
Know what anti-virus or protection software you have installed on your computer. The scam artists are counting on you not remembering what protection you've installed on your computer. Know the name of the software manufacturer (Symantec, TrendMicro, McAfee, etc.) and know the name of the product (Norton Internet Security, PC-cillin, Total Protection, etc). These products also come with a subscription for updates. Know how to find the subscription information so you can verify when the subscription expires.
Some of the scareware pop-up messages appear to be generated from the Windows Security Center. The Windows Security Center is part of Windows XP. Its purpose is to monitor the status of the presence of an anti-virus application or when the Windows Firewall is turned off. Essentially, the only legitimate messages you will receive from the Windows Security Center are warnings as to the absence of an anti-virus application or warning that your Windows Firewall has been turned off. You can recognize any fake "Windows Security Center" pop-up messages if there is a warning stating that there are infections on the system or if there is an inducement to download or purchase a product.
Unfortunately, if these scareware messages start popping up on your computer it means that your computer is already infected. If you click the pop-up message to purchase the software, a form to collect payment information for the bogus product launches allowing you to download and purchase the fake anti-virus product. But, that is not when your computer gets infected. In most instances, the scareware installed malicious code onto your computer before you saw any pop-up messages... whether you click the warning message, the purchase pop-up form, or not.
Parts three and four will deal with how the scammers get scareware infections on to your computer.
Saturday, April 30, 2011
Trick and No Treat with Scareware - Part 1
According the latest research in the last two years, scareware (aka fake security software), emerged as the single most profitable scam strategy for cybercriminals. Thousands of users fall victim to the scam on a daily basis, and the gangs or organized crime syndicates themselves earning hundreds of thousands of dollars in the process.
What is scareware? In simple terms it is fake security software masquerading as a legitimately looking security application. Scareware is usually delivered to the end user through a compromised web site. A user will visit a web site, and it can be a legitimate web site, then the user will click on a link or advertisement. By doing so the scareware gets downloaded to the user's computer.
Once downloaded to a user's computer, scareware will not only prevent legitimate security software from starting, but it will also prevent it from reaching its update locations in an attempt to ensure that the security application will not be able to get the latest signatures database. When this happens your anti-virus application will not even recognize the scareware infection. Moreover, scareware will also attempt to make its removal a time-consuming process by blocking system tools and third-party applications that can be used to remove the infection.
There have also been cases where scareware is actually better described as "ransomware" which encrypts an infected user’s files, preventing the user from accessing their files. Then the scareware demands a purchase in order to decrypt the files.
In the next blog posts I'll go into more detail on how to prevent Scareware from getting onto your system, how to recognize scareware versus a legitimate protection application, and how to get rid of scareware if it gets on your computer....
Stay tuned!
What is scareware? In simple terms it is fake security software masquerading as a legitimately looking security application. Scareware is usually delivered to the end user through a compromised web site. A user will visit a web site, and it can be a legitimate web site, then the user will click on a link or advertisement. By doing so the scareware gets downloaded to the user's computer.
Once downloaded to a user's computer, scareware will not only prevent legitimate security software from starting, but it will also prevent it from reaching its update locations in an attempt to ensure that the security application will not be able to get the latest signatures database. When this happens your anti-virus application will not even recognize the scareware infection. Moreover, scareware will also attempt to make its removal a time-consuming process by blocking system tools and third-party applications that can be used to remove the infection.
There have also been cases where scareware is actually better described as "ransomware" which encrypts an infected user’s files, preventing the user from accessing their files. Then the scareware demands a purchase in order to decrypt the files.
In the next blog posts I'll go into more detail on how to prevent Scareware from getting onto your system, how to recognize scareware versus a legitimate protection application, and how to get rid of scareware if it gets on your computer....
Stay tuned!
Saturday, June 5, 2010
Facebook Privacy
There are numerous articles relating to Facebook privacy...or lack thereof. If you really want to protect your own privacy then you best option is to learn how it protect it. Sometimes a video is the most effective learning tool. Put away that heavy and cumbersome manual. If you want a quick and dirty on how to protect your privacy using Facebook watch the video's below.
FaceBook Profile Lockdown Part 1 from Off The Broiler on Vimeo.
FaceBook Profile Lockdown Part 2 from Off The Broiler on Vimeo.
Thanks to Jason Perlow of Tech Broiler for providing these video links.
Sunday, May 23, 2010
Data stored on copy machines: a source of identity theft
Most Americans don’t know that every document that is scanned, copied, printed or faxed is stored on a copier’s hard drive. That data is never erased. So, when you return your copier, sell it, or recycle it, all the data that remains on the copier’s hard drive goes with it and who ever receives it. Most copier’s lack any built in security to protect the data and documents stored on the copier hard drive so anyone with only limited knowledge can access this information.
This means that any business that uses a copier may be exposing your personal or business private information to identity thieves ….or anyone for that matter.
Watch this CBS News report for more information
http://wimp.com/copymachines
So what can you do? Here are a few tips for good copier security:
Some copiers have privacy and security software available. Sharp and Xerox, for example, can overwrite images so that they don't remain on the hard drive after the print job finishes. Discuss these features with your vendor and implement appropriate security policies.
This means that any business that uses a copier may be exposing your personal or business private information to identity thieves ….or anyone for that matter.
Watch this CBS News report for more information
http://wimp.com/copymachines
So what can you do? Here are a few tips for good copier security:
- Be careful what you copy. Avoid copying personal information on work or public machines. Especially if you have no control over how those machines are administered.
- If you're leasing a machine, discuss end of life security with your copier service provider to ensure that copy machine hard drives will be completely erased when the machine is removed.
- The other alternative is to destroy or erase the disk yourself before selling the machine or allowing it to be removed from your premise. You can ask your computer service provider if they know how to remove the hard drive from the copier and erase all the data and documents. My company Avisotek provides this service upon client’s request, but also as a matter of security planning and compliance.
Some copiers have privacy and security software available. Sharp and Xerox, for example, can overwrite images so that they don't remain on the hard drive after the print job finishes. Discuss these features with your vendor and implement appropriate security policies.
Sunday, April 18, 2010
Going Rogue…Surviving a Fake Antivirus Application Hijacking Your Computer
I got a call from one of my CPA clients on April 15th. One of their computers was hijacked by “XP Malware 2010”. This is one of those fake virus protection applications that once on the machine activates numerous pop-up messages stating the computer is infected. The pop-ups attempt to entice the user to purchase an application that claims it will clean the machine. Fortunately, my client recognized it was a malware “infection” and immediately shutdown the computer. By the way, this client did have up to date virus protection. Never-the-less, the client lost the use of this computer on the busiest day of the year for their business.
The aforementioned is a common tactic used by rogue security software that the industry has christened “scareware” or “extortionware”. The first objective is to fool the user into believing the security warning pop-ups by creating an appearance and look very similar to Windows warning messages or the warning messages associated with popular virus protection software such as Symantec, McAfee etc.. The second objective is to lure the user to give up their credit card and other personal information through purchasing the rogue security software.
Even if you weren’t “fooled” your computer is still infected!!
But, even if you aren’t fooled, that doesn’t mean you’ve avoided the worst part of the infection. Often, more than one malware infection is loaded on the user’s computer. “…the underlying JavaScript code ensures that wherever on the image a user clicks, whether on the ‘Remove All’ or ‘Cancel’ buttons, the malware will load.”, says Greg Masters in the April issue of SC Magazine (a computer security industry trade magazine).
What to do when you computer has been slammed…
First thing you should do is disconnect your computer from the company network. In other words, remove the Ethernet cord from your computer. It is important to disconnect the computer access to the Internet as soon as possible. Why? “Some iterations of rogue security software contain keystroke loggers and back door functionality. This allows the malware authors to siphon off personal information on an infected computer. And, like legitimate registered software, this establishes a connection between the computer and a server controlled by the scam artists – linking what is now estimated to be millions of computers together into a botnet. Thus, updates can be pushed out to the network commanding the enlisted computers to perform any number of functions”, explains Greg Masters.
Secondly, have a professional look at the computer. These rogue security software are created by well funded criminal organizations, and have a sophistication inherent to well paid programmers that are beyond your average computer user knowledge to successfully remove. Often, the payload includes more than one infection. So, the original fake antivirus application may be removed, but the other infections remain intact.
In fact, most virus protection software fails to detection “botnet” infections that are part of the payload associated with rogue security software. A recent study found that only 9 out 41 virus protection software vendors were able to detect a “botnet” infection. That is a pitiful percentage. This is just another reason enlist a professional to clean your computer.
Your mother always said that an ounce of prevention was worth more than a pound of cure
Here are some suggestions to help you avoid computer infection
The aforementioned is a common tactic used by rogue security software that the industry has christened “scareware” or “extortionware”. The first objective is to fool the user into believing the security warning pop-ups by creating an appearance and look very similar to Windows warning messages or the warning messages associated with popular virus protection software such as Symantec, McAfee etc.. The second objective is to lure the user to give up their credit card and other personal information through purchasing the rogue security software.
Even if you weren’t “fooled” your computer is still infected!!
But, even if you aren’t fooled, that doesn’t mean you’ve avoided the worst part of the infection. Often, more than one malware infection is loaded on the user’s computer. “…the underlying JavaScript code ensures that wherever on the image a user clicks, whether on the ‘Remove All’ or ‘Cancel’ buttons, the malware will load.”, says Greg Masters in the April issue of SC Magazine (a computer security industry trade magazine).
What to do when you computer has been slammed…
First thing you should do is disconnect your computer from the company network. In other words, remove the Ethernet cord from your computer. It is important to disconnect the computer access to the Internet as soon as possible. Why? “Some iterations of rogue security software contain keystroke loggers and back door functionality. This allows the malware authors to siphon off personal information on an infected computer. And, like legitimate registered software, this establishes a connection between the computer and a server controlled by the scam artists – linking what is now estimated to be millions of computers together into a botnet. Thus, updates can be pushed out to the network commanding the enlisted computers to perform any number of functions”, explains Greg Masters.
Secondly, have a professional look at the computer. These rogue security software are created by well funded criminal organizations, and have a sophistication inherent to well paid programmers that are beyond your average computer user knowledge to successfully remove. Often, the payload includes more than one infection. So, the original fake antivirus application may be removed, but the other infections remain intact.
In fact, most virus protection software fails to detection “botnet” infections that are part of the payload associated with rogue security software. A recent study found that only 9 out 41 virus protection software vendors were able to detect a “botnet” infection. That is a pitiful percentage. This is just another reason enlist a professional to clean your computer.
Your mother always said that an ounce of prevention was worth more than a pound of cure
Here are some suggestions to help you avoid computer infection
- Use a website advisor, such as McAfee Site Advisor. According to Greg Masters an estimated 70 percent of infections are coming from visiting websites.
- Educate your employees on the best computer usage practices. For example, avoid clicking on links embedded in email. Instead, manually type the website address into your web browser. Education is often one of the best investments in protecting your computer systems.
- These days virus protection software and firewalls are only rudimentary protection. Consider network monitoring tools, web content filtering, user account restrictions, and program white listing. If you are not familiar with these options, talk to a professional who can explain what these additional layers of protection do and how they add increased protection.
Subscribe to:
Posts (Atom)
