Another level of malware – spear phishing


It is getting harder and harder to keep up with malware these days. By the time we attempt to write an article warning about a new campaign in the wild (like the new ransomware that encrypts entire hard drives), something else comes out that is an even worse threat. As an example, have you heard of spear phishing? If not, then read on, as it’s the latest threat that is going to make your online life that much more difficult.

Phishing is a term that has been around for ages now, but it is most commonly used to refer to spam campaigns that send out emails looking like they are coming from a legitimate company (be it Apple or a bank), prompting the reader to click a link and enter in some personal information. They are “phishing” for your details, with the only contact point they have for you being an email address. Even that contact point is most likely just a generated name that came from a program that sent the spam to millions of people, most of which don’t exist, in the hope of having just a few respond. It’s dangerous trick and we’ve had to help many users who have fallen into the trap. Sometimes it’s led to simple infections on a PC, but sometimes it’s required the cancellation of credit cards and tracking of financial records. It’s one of the most common means of spreading malware on the internet.

Spear phishing is a rather frightening evolution of this, which uses programs that seek out information on potential victims, using algorithms that search social networking links, web pages, blog posts, anything that might glean real data on people. It then sends out a tricky email, usually something that sounds urgent, threatening or an emergency, with that data in it, to trick the person into clicking the link and there begins to the issues. We’ve gone from phishing trying to get you to give them your information, to directed attacks where they are using your own information to trick you into something much worse.

Ars Technica has a great write-up on one form of this attack that generates a ransomware hit on someone who clicks through the link: Crypto-ransomware targets called by name in spear-phishing blast.

This is the kind of attack that your antivirus program will have a very hard time protecting against (if at all). While this is primarily targeting PC users, we have no seen Cryptoware attacks in the wild that will hit Mac’s and there are reports of others capable of hitting android devices. So far, we haven’t seen any that can hit Blackberry’s or iOS devices, but we believe it’s just a matter of time before a vulnerability is found there as well. So how do you defend yourself?

We repeat this to all our clients and drill it into them. Their best defence comes from their own habits. Question every email that comes in, even if it is from someone you know. What is the link? Are you expecting it? Is there anyway to confirm it is real before you click-through. Don’t download any software without being sure of what you are receiving. Beware of downloading anything (even media files) from illegal sites, such as bitTorrent (they are being hammered with fake files). On today’s Internet you are your own best protection. The technology on your computer should always be considered your second line of protection only and not relied on to catch everything.

Beyond that, we cannot stress enough how important backups are for all users, whether it’s just a home PC or a major work server. You must maintain and test your backups and try to keep at least two redundant backups running at all times (we usually recommend an onsite local image backup and some “in the cloud” off site backup). While the backups can’t protect you from every threat (ie. identity theft) they can help you quickly get back up and running from some of the most common attacks out there today.

As always, if you have any questions or want to have a double-check of your own processes, contact us at Fixmycomputernow.com.

Advertisements
Posted in Reboot Articles | Tagged , , | 1 Comment

New ransomware installs in boot record, encrypts hard disk | Ars Technica


If Crypto infections didn’t scare you before, now you can be absolutely paranoid! Now Crypto doesn’t just encrypt and lock out your files, it does the WHOLE hard drive.

 

Petya performs fake CHKDSK, and instead encrypts the master file table on disk.

Source: New ransomware installs in boot record, encrypts hard disk | Ars Technica

Posted in News Release | Tagged , , , , , , , , , , , , , , , , | Leave a comment

New wave of “Malvertising” hitting – do your backups!


Get ready for a bumpy ride, because here we go again. Reports are coming in of a massive wave of malware laced ads that are hitting mainstream website and infecting people with Cryptolocking viruses just from browsing a website.

You can find the details on Ars Technica here: Big-name sites hit by rash of malicious ads

The key to remember here is that most of these attacks cannot be prevented by your antivirus. They often use exploits found in Flash or Silverlight (two common and far too buggy ways of delivering ads) to bypass protections. The real problem is that you can be infected by a tiny ad on a page that begins playing without any interaction from you. This happens when the ad provider gets compromised and the sites generally have nothing to do with that interaction.

We’ve said this many times, but make sure your backups are current! Whether you are a business or home user, check them and make sure they are running. And yes, this applies to Mac users too, as a new crypto attack on Mac systems was recently uncovered.

As always, if you have questions, contact us and we’ll discuss options with you and how you can protect yourself, including whether it is a good idea to remove Flash and run adblocking software.

Posted in Uncategorized | 1 Comment

Windows 10 creeps even closer to landing on your PC – CNET


Microsoft makes a status change that has implications for all you Windows 7 and 8.1 users.

Source: Windows 10 creeps even closer to landing on your PC – CNET

Posted in News Release | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment

AVG, McAfee, Kaspersky Antiviruses All Had a Common Bug – Slashdot


An anonymous reader writes: Basic ASLR was not implemented in 3 major antivirus makers, allowing attackers to use the antivirus itself towards attacking Windows PCs. The bug, in layman terms, is: the antivirus would select the same memory address space every time it would run. If attackers found out the memory space’s address, they could tell their malicious code to execute in the same space, at the same time, and have it execute with root privileges, which most antivirus have on Windows PCs. It’s a basic requirement these days for software programmers to use ASLR (Address Space Layout Randomization) to prevent their code from executing in predictable locations. Affected products: AVG, McAfee, Kaspersky. All “quietly” issued fixes

 

 

Source: AVG, McAfee, Kaspersky Antiviruses All Had a Common Bug – Slashdot

Posted in News Release | Tagged , , , , , , , , , , , , , | Leave a comment

Dell apologizes for HTTPS certificate fiasco, provides removal tool | Ars Technica


So Dell has been preloading extras into your new purchases without you knowing. This is typical of what we call CRAPWARE which regardless of intent, is additional software added to your purchase without your informed and obvious consent. It is covered under the EULA and purchase agreement which legally covers their butts but is a poor practice.

Click Source: Dell apologizes for HTTPS certificate fiasco, provides removal tool | Ars Technica

Posted in News Release | Tagged , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Cybersecurity experts warn of new ModPOS malware targeting retail payment terminals – Business – CBC News


U.S. retailers are hunting for evidence of new breaches leading into the holiday shopping season after a cyber intelligence firm privately warned them about payment-card-stealing malware that it said evades almost all security software.

Source: Cybersecurity experts warn of new ModPOS malware targeting retail payment terminals – Business – CBC News

Posted in News Release | Tagged , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

CryptoWall returns for another round with CryptoWall 4.0


Backup is going to be more important then ever now because this new version encrypts the FILENAMES as well meaning it will be impossible to tell what the files are once they are attacked.

Read the article below from our Intronis Partner forum for the details.

 

CryptoWall 4.0 has arrived on the ransomware scene. Find out what’s different about this latest twist on the ransomware juggernaut.

Source: CryptoWall returns for another round with CryptoWall 4.0

Posted in News Release | Tagged , , , , , , , , , , , , , , , , , | 1 Comment

2015 was the worst in history for OSX malware


oh now here is a shock!

A new report from Bit9 and Carbon Black details how 2015 was the worst year in history for OSX malware. In a 10 week study conducted by both organizations it was discovered that 2015 had 5 times more malware than all of 2010-2014 combined. OSX users need to take security seriously or they are bound to be affected by future malware.

Source: 2015 was the worst in history for OSX malware

Posted in News Release | Tagged , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

The 2015 Social Media Shortcuts Guide [Infographic] – Geeks are Sexy Technology


This is a pretty cool Info Graphic for different short cuts on your social media browser apps. It even shows the PC vs. Mac differences where there are any.

shortcutguide

 

[Source: SetUpABlogToday]

Source: The 2015 Social Media Shortcuts Guide [Infographic] – Geeks are Sexy Technology NewsGeeks are Sexy Technology News

Posted in News Release | Tagged , , , , , , , , , , , , , | Leave a comment