Tag Archive

Tag Archives for " Malware "

Three suggestions for 2013

The new year has begun, and we have three suggestions for improving the quality of your computing life in 2013.

1. Backup often and in the cloud: Consider the consequences if all your data… Word files, Music or Photo library, Quicken/Quickbooks data, and everything else, were to just disappear. It’s a scary thought, but it happens to the unprepared all too often. Make 2013 the year to get you backup in order and configure it to archive your most important files and folders automatically. A whole-system local backup is very important, too. But the cloud-based approach to backing up protects you from disasters like fire, flood, theft, and virus infestations. Don’t wait another year to safeguard your data.

2. Look before you click: Watch out for fake download buttons,toolbars and other junk-ware. Users get into trouble with these things all the time because they click without thinking. Before clicking anything that’s unfamiliar, take a second or even ten, and look more closely at the link. A little bit of precaution can save you from hassles, and even disasters.

3. Keep it clean: Dust can kill a computer, clogging it and causing everything to overheat, with potentially disastrous results. When you have pets their hair can exacerbate the situation even further. So, schedule regular cleaning sessions where you use a can of compressed air to blow dust and pet hair off your cooling-fan blades and out of your case.

Remember BWS Technologies is always available to assist you. 
Call us at 334-358-6305 or email us support@bwsit.com

Adapted from article from CIO

  • 01/11/2013
  • IT

Top Malware for November – Drive-by downloads and fake archives list

By far the biggest threat to users in November was drive-by downloads, attacks that result in malware being downloaded to users’ computers when they visit infected sites.

Below is a brief overview of how these attacks infect computers:

First of all, a user visits an infected site that contains a redirect script. The redirect leads to a script downloader which in turn is used to launch exploits. These breaches allow malicious executable files to penetrate the computer. They are primarily backdoors and Trojans that, if successfully launched, give cybercriminals full control over the infected system. In most cases, users will not be aware of the danger, as all drive-by attacks happen without their knowledge. Redirects are not restricted to sites belonging to cybercriminals but also appear on legitimate sites that have been compromised. This means that regularly installing patches and updates for operating systems and software is the only guarantee of avoiding infection.

Another significant threat in November was the spread of fake archives, an online scam that remains as popular as ever. A user is asked to send premium-rate SMSs so they can access the contents of an archive. Instead of receiving the information they wanted, users normally find that the archive is empty, “corrupt” or, worse, contains a malicious program.

The method for spreading fake archives is highly effective – when users look for something via a search engine, a page is automatically generated with a banner offering the desired information.

  • 12/07/2010
  • IT

Seven Ways to fight Scare-Ware

Have you encountered this before: a pop-up pops and it looks like a window on your computer. Next thing a scan begins. It often grabs a screenshot of your “My Computer” window mimicking your computers characteristics then tricking you into clicking on links. The scan tells you that a virus has infected your computer. And for low price of “$49.95” you can download software that magically appears just in time to save the day. If you not to  download and install the software, your computer goes crazy and pop-ups will invade you like bedbugs in New York City hotel.

Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents. The rogue software comes equipped with a customer support link leading to a live session with the bad guy. Real scammers on the other end of chat have the ability to offer live remote access support instructed by support to click a link initiating remote access to their computer.  Once connected remotely, the scammer can potentially retrieve documents to steal your identity.

Another new twist on the scam involves a popup in the form of a browser with a warning that looks like what your browser may present to you when you visit a page that might have an expired security certificate, malware warning or be a potential phishing site. The page is usually red with a warning: “Visiting This Site May Harm Your Computer” then it provides you with a link, button or pop-up that gives you the option of downloading security software or to update your browsers security.

The software is sometimes known as “AntiVirus2010” “WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2010” or something like “Security Toolkit”. These are actually viruses or spyware that infect your computer, or just junk software that does nothing of value.

What makes the scam so believable is there is actual follow through of the purchasing of software that is supposed to protect you. There is a shopping cart, an order form, credit card processing and a download, just like any online software purchase.

Protect yourself:

1. Use the most updated browser: Internet Explorer 8, Chrome or Firefox, download the latest and greatest. At least download whatever security updates there are for your exiting browser. Also keep Flash and Adobe Reader (Acrobat) up to date.

2. Usually by default, a pop-up blocker is turned on in new browsers. Keep it on. No pop-ups, no scare-ware.

3. If you are using another browser and a pop-up –pops-up, shut down your browser. If the pop-up won’t let you shut it down, do a Ctrl-Alt-Delete and shut down the browser that way.

4. Never click links in pop-ups.  If the pop-ups are out of your control, do a hard shutdown before you start clicking links.

5. Persistence counts. Shutting off this pop-up is often difficult and any buttons you press within this pop-up could mean downloading the exact virus they warned you of.

6. Install the most recent versions of anti-virus and keep it set to automatically update your virus definitions.

7.  Never click on links in the body of a “WARNING” webpage that is suggesting to download updates for your browser or suggesting to download security software. Don’t click the little red X in the upper right corner. Alt-F4 should close the pop-up window, and if it does not, then Ctrl-Alt-Del and use the Task Manager to kill the whole IE/FF browser etc (including any other running copies)

adapted via finextra.com.

  • 10/29/2010
  • IT

Fake Browser Warning Pages Distribute Malware

Security researchers warn that a new malware distribution campaign uses fake versions of the malicious site warnings commonly displayed by Firefox and Google Chrome.

Both Chrome and Firefox tap into Google’s Safe Browsing service in order to check if the accessed URLs are known attack sites.

If such malicious pages are detected, both browsers block them and display warning messages.

In such circumstances users are normally given the option to either leave the site or override the block and continue to load the page.

The pages look exactly the same as the real thing, except for a button that reads “Download Updates,” suggesting that security patches are available for the browsers.

The executable files served when these buttons are pressed install rogue antivirus programs, which try to scare users into paying a license fee.

Such attacks target vulnerabilities in outdated versions of popular software like Java, Flash Player, Adobe Reader or even the browsers themselves.

Successful exploitation results in malware being installed on the target computer in a way that is completely transparent to the victim.

Users are advised to keep their antivirus programs up to date and if possible to use script-blocking technologies available to their browsers, such as the NoScript extension for Firefox.

adapted via news.softpedia.com

  • 10/28/2010
  • IT

The 2 Biggest Security Threats: ScareWare & You

Without a doubt the largest threat to the security of your computer and consequently your identity, and bank account is YOU, followed closely by ScareWare. The best firewalls and most effective antivirus won’t help a bit if you, the user, click on Rogue Security Software and fake warnings. Known also as Scareware, this thief is fooling you big time. When it knocks, do not open the door.

Every day we have people describing ScareWare that has taken over their system. They are unable to run their antivirus because they can’t get to the sites they need. The Rogue AntiVirus has hijacked their browser and will not let them near a site that could help. Not being able to access a site or download a removal program is the work of the infection. The user receives a warning, clicks on a link to download an update and BAM! They’re infected.

What Do I Look For?

Any warning or suggestion that you are somehow infected is to be treated as possible scareware. You can be casually surfing the web or simply working with a program on your system when these false warnings arrive. Don’t click on them. Just because they’re knocking, don’t let them in. The same is true for any popup suggesting you need to download the latest version of a program or video player. Treat them all as suspect.

Looking for security software? You better know the software your reviewing. Even something as simple as a Google search can produce the very Rogue you are trying to avoid. Just because it shows up in a Google search doesn’t mean it’s safe. If you don’t know it, don’t let it in the door.

How Does It Hurt Me?

The most obvious damage but also the least troublesome, is that it prevents you from using your computer. It wastes your time looking for a way to rid yourself of the pest and get where you want to go. Consider yourself lucky if you realize you are infected and are successful removing it.

The next obvious damage is a little more frightening. It simply steals your money by duping you into buying the rogue program. Your immediate monetary loss may only be a few bucks but do you really think that is the end of it? Do you really want your credit card in the hands of people who duped you to begin with? Do you think they will keep your information safe? Just the thought of it is enough to make me shiver.

adapted via PCpitstop.com

  • 08/25/2010
  • IT

How can I know if my computer is infected?

Users are often advised to use an antivirus to check if their systems are infected, but with the current cyber-crime scenario, this is simply not enough.While many of today’s threats are designed specifically to go undetected, there are still some tell-tale signs that a system has been compromised.

9 signs of infection

1. Your computer is running extremely slowly. This could be a symptom of many things, including infection by a virus. If it has been infected by a virus, worm or Trojan, among other things, which are running on the computer, they could be running tasks that consume a lot of resources, making the system run more slowly than usual.

2. Your applications won’t start. How many times have you tried to run an application from the start menu or desktop and nothing happens? Sometimes another program might even run. As in the previous case, this could be another type of problem, but at the very least it’s a symptom that tells you that something is wrong.

3. Your computer speaks to you. There are all types of pop-ups and messages on the desktop either advertising things, saying that the PC is infected and needs protection… This is a typical, surefire case of an infection. There is either spyware on the computer, or it has been infected by a fake antivirus (also called “rogueware”).

4. You cannot connect to the Internet or it runs very slowly. Loss of Internet communication is another common symptom of infection, although it could also be due to a problem with your service provider or router. You might also have a connection that runs much more slowly than usual. If you have been infected, the malware could be connecting to a URL or opening separate connection sessions, thereby reducing your available bandwidth or making it practically impossible to use the Internet.

5. When you connect to the Internet, all types of windows open or the browser displays pages you have not requested. This is another certain sign of infection. Many threats are designed to redirect traffic to certain websites against the user’s will, and can even spoof Web pages, making you think you are on a legitimate site when really you have been taken to a malicious imitation.

6. Your files are gone. Hopefully nobody will be asking this type of question, although there are still some threats around designed to delete or encrypt information, to move documents from one place to another- If you find yourself in this situation, you really ought to start worrying.

7. Your antivirus has disappeared, my firewall is disabled. Another typical characteristic of many threats is that they disable security systems installed on computers. Perhaps if one thing shuts down it might just be a specific software failure; but if all your security components are disabled, you are almost certainly infected.

8. Your library files for running games, programs, etc. have disappeared from your computer. Once again, this could be a sign of infection, although it could also be down to incomplete or incorrect installation of programs.

9. Your computer has gone crazy… literally. If the computer starts acting on its own, you suddenly find your system has been sending emails without your knowledge, Internet sessions or applications open sporadically on their own – your system could be compromised by malware.

adapted via PandaLabs

  • 08/24/2010
  • IT

Wireshark Antivirus – Rogue Badware

Wireshark Antivirus is a fake anti-malware application. These so-called “rogues” use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

All indigoGUARD clients: The application has been added to your block list.

If you think you have been infected please contact us. CALL 358-6305

  • 08/17/2010
  • IT

Is Your Copier A Security Threat? Other network Devices?

Any device attached to your network poses potential risks, in terms of stuff on the network, computers — desktops, notebooks, and servers — tend to get the lion’s share of press as tempting cyberattack targets, along with unsecured web sites, gullible/careless users, CD/DVD-ROMs, USB flash drives, PDF files, smartphones, VoIP PBXs and a few other things, not all of which, to be sure.

Often overlooked are the other devices on the network that, while not considered to be “computers,” have the same core components: a CPU, and possibly also permanent storage, either a hard disk, or flash RAM. For example, printers and multi-function devices can have sensitive data left on their storage, which requires proper safeguarding while the machine is in use, and when a company disposes of it. But there’s additional devices at risk, and more types of risks and threats besides data sitting on the drives.

Network-attached devices include postage machines, UPS (Uninterruptible Power Supply) systems, Point-of-Sales systems, digital signs, security cameras, proximity readers, facility management systems, power, lighting, HVAC, and alarms. It’s not just about “printers and copiers,” but since these are devices that people can picture most easily.

Historically, printers were single-purpose devices, with embedded operating systems with limited functionality, often proprietary, and which frequently did not attach directly to the network but were shared via a PC acting as a print server. Over time, these devices have evolved, Now they run complete operating systems like Windows or Linux, and they have multiple services running. A printer can also do web printing, FTP printing, sending outbound email and FTP.

And some of these protocols aren’t necessarily secure, meaning they’re not encrypted, and the web or FTP server running them may have vulnerabilities, e.g., an old version of the APACHE web server, and have known vulnerabilities which haven’t been patched on this machine… how many companies actually patch their printers? They know to patch their workstations and servers, but they may not even know they need to patch their printers.

Every time you print or copy a document, a digital copy is stored on the hard drive. If you compromise the printer via the web server you may be able to access whatever documents have been printed, copies, scanned, etc. And there have been cases where people have been able to access the hard drive to store malicious code there, outside the reach of virus scanners. There’s no anti-virus software on the printer, so you can store malicious code there for later use.

The other way these devices — especially printers and copiers — is in terms of physical security. Servers are probably in a data center, with restricted access. Employees’ computers not have quite as good security, but they’re often in rooms you need a ID or key to get into, or in offices. But copiers, printers, mailing machines and other devices are often in rooms where everybody has physical access. If you don’t have some user authentication required to use a device, like an ID code or a security fob,, anybody may be able to walk up to the front panel, and print from the device, or yank the hard drive and copy it.

But what happens when you’re done with that copier or printer? Remember, today’s digital copiers aren’t directly making a copy — they’re scanning the page to the hard drive, and then printing it from there, so the document is on the hard drive, just like it would be if you’d sent a file from the printer. Anyway, if it’s on lease, the supplier may send it to the next company, or a refurbisher may ship them overseas… with your data still on the hard drive.

Treat every device on your network like you would any other PC, workstation or server, as much as you reasonably can, in terms of getting and using security.

Six questions you should ask to assess security of networked devices.

  1. Where and how is it installed on the network?
  2. Who has access to it?
  3. What services is it running?
  4. Is it still using its default password?
  5. What kind of storage capabilities does it have?
  6. Is cryptography implemented properly or even used at all?

adapted from informationweek.com

  • 08/17/2010
  • IT

Searching for “Virus Removal” Tools Can Lead to an Even Worse Outcome

Many people tend to trust well known companies such as Google and Yahoo, but sometimes these search companies serve up some troubling links in their search results. There are many people who use these search sites to find out information about how to remove viruses, etc., but if a user types in “Security Tool Removal,” they are served up dangerous links that go to malicious websites. These websites can create even more of a security risk without the user even knowing.

All links in the SERP (Search Engine Results Page) that are marked red indicate that these sites are dangerous. The red indicator is from the WOT (Web of Trust) Firefox and Internet Explorer add-on. The WOT add-on shows you which websites you can trust for safe surfing, shopping and searching on the web.

When searching “Security Tool Removal” look at how many dangerous websites are marked red. The chances of someone clicking on one of those dangerous links are pretty good.

I encourage and recommend that you download the WOT add-on for Firefox and or Internet Explorer so that you know what links are marked dangerous preventing you from clicking on links that go to malicious websites.

Download the WOT plugin

  • 08/13/2010
  • IT

Photo Printing Kiosks can share malware and viruses

A common place that a lot of people probably do not think getting a virus from is digital photo kiosks. These places are prime distribution points for infections. Think about it, if you were up to no good with some know-how, you could infect the photo kiosk computers then sit back and laugh as literally thousands upon thousands of people walk in and insert their memory cards.

Some Windows-based photo kiosks apparently don’t run antivirus software, so lovely little bits of malicious software like Trojan.Poison-36 are winding up on customers’ USB keys.

What can you do to protect yourself against infection from a dirty public kiosk?

  • Buy a SD Card and use it’s read-only protection switch.
  • Burn your photos to read-only media such as a writable CD or DVD.
  • 07/21/2010
  • IT
1 2 3