Posted on

Why Ordinary Antivirus Fails To Protect Your PC

What antivirus software “protects” your computer?

Some of the common ones I see on client computers are:

  • Norton
  • McAfee
  • Trend Micro
  • BitDefender
  • VIPRE
  • AVG
  • Avast
  • Avira
  • Microsoft Security Essentials or Windows Defender
  • ESET NOD32

Bad news, my friend.

I’ve got bad news if you’re using one of these products – your PC ISN’T as safe from viruses and malware as you believe.

Older isn’t better in this case

All of these antivirus programs use 25-year-old technology to block viruses and malware.  It’s called virus definitions.

Multiple times every day, these software manufacturers push updated virus definitions to your computer.  It’s basically a list of known bad threats they have discovered that shouldn’t be allowed on your PC.

Two Flaws

I’m sure you can see the two major flaws with this.

First, it’s impossible to keep the list on your computer up-to-date. 

Cybercriminals are always writing new scripts to attack computers. 

It’s only after these new viruses are released on the Internet and have done their damage that antivirus vendors know they exist, reverse engineer how they work, and add them to the “bad list.” 

This process can take days or even weeks – leaving your computer completely unprotected.

Second, it’s easy to bypass the list.

Hackers know how these lists scan incoming files to determine whether it is good or bad, whether it should be allowed or blocked. 

So they modify their code just enough so your antivirus software doesn’t recognize it as being malicious – simply because it’s not on “the list” in the virus definitions database.

Think of it as using a fake ID.

Use Technology To Fight Technology

What’s the solution?

Fortunately, there is a new antivirus software that utilizes the latest technology to combat against all types of virus and malware infections without using a list.

This antivirus protection stops any threat – known or unknown – from damaging your computer. 

How?

It uses artificial intelligence and machine learning to determine if the actions a particular file or program is performing are normal or malicious.  If it’s malicious, it immediately shuts it down.

There are no outdated virus definition lists and no days or weeks of your computer being vulnerable.

I’ve Seen It Work

I installed this new protection on a client’s computer in late October.  On New Year’s Eve, while I was vacationing in Arizona, I received an email alert that the Cybersecurity Antivirus had stopped a hidden, malicious file stored in the computer’s recycle bin from encrypting all her files and rendering her computer inoperable.

The report showed exactly where the file was located and specifically what files on the computer it was trying to modify.

Because it immediately quarantined it, this client didn’t experience any problems.  And more importantly, she didn’t have to shell out any money for a virus removal.

You Decide

Antivirus software MUST be installed on your computer.  Anything is better than nothing.

But is it smart to use antiquated technology that doesn’t really protect your computer from the latest threats? 

You spend between $0 and $100 for antivirus “protection,” but end up having to spend $100-$200 more to clean up your PC when that “protection” fails you (and it will).

 Alternatively, the Cybersecurity Antivirus protection can keep your computer safe and keep money in your pocket for less than $150 a year.
Posted on

How To Secure Your Online Accounts From Hackers

What do your online banking website, your email account, and Facebook all have in common?

They all require you to log in. You’re prompted to enter your username and password to gain access.

As cybercriminals desperately seek to steal your personal information, they’ve gotten really good at cracking usernames and passwords.

Unfortunately, this basic level of security is no longer effective on its own to prevent others from accessing your personal online accounts. This leaves you at serious risk for identity theft, fraud, and other scams.

In today’s column, I would like to briefly show you a foolproof way to keep hackers from breaking into your online accounts – even if they know your password.

2 is the magic number

Two-factor authentication is an advanced method of website security. It forces someone trying to gain access to a website to prove they have the right to enter.

Two-factor authentication requires two different forms of identification, both of which must be correct, to successfully be allowed entry.

Compare it to completing a transaction at the license branch. You’re often required to provide two documents to prove your identity – such as a birth certificate proving you are who you say you are and a utility bill proving your mailing address.

What you know & what you have

Tech expert Leo Notenboom describes two-factor authentication like this:

“Authentication has almost always been in the form of something you know – for example, a password. … Two-factor authentication adds something you have to the requirements to prove you are you. … You must possess something specific that is completely unique to you and only you.”

Google What?

The Google Authenticator app makes setting up two-factor authentication extremely easy.

1. Install the app on your smartphone.
2. Enable two-factor authentication on the website you wish to secure, such as Facebook or your online bank account.
3. Associate the Google Authenticator app with your account by either typing in a code or scanning a QR image.

Once you complete this process, the Google Authenticator app will begin displaying a random six-digit number every 30 seconds. These numbers are completely unique to your account and your cell phone.

Now when you (or anyone) attempts to log in to that particular website, it will prompt for the username/password AND the random number displayed in the Google Authenticator app on your phone at that time to be entered.

Without both correct pieces of information, access will be denied.

Other Methods

You can also use simple text messaging to set up two-factor authentication, if you don’t have a smartphone or don’t wish to use Google Authenticator.

Most websites offer you the option to configure your cell phone number as a verification method.

When you (or anyone) attempts to log in, a text message with a random code is sent to your cell phone. You enter that code, along with your password, to prove you’re authorized to access the site.

Securing your important online accounts with more than just a username and password is critical. Security breaches happen every day, even with “secure” websites.

Two-factor authentication provides the best way to keep unwanted intruders out of your personal accounts.

If you’d like more information about or assistance with setting up your accounts with two-factor authentication, feel free to call my office at (812) 386-8919 or email me at scott@calibre-cs.com.

Posted on

How To Determine If A Website Is Safe

Scrolling through your Facebook news feed, you see a friend shared a link to an interesting story.  It’s obvious it will take you to a different website if you click on it.

Or maybe you’re a recipient of one of those emails a friend sent to everyone in her address list.  You’re encouraged to click on the link to watch a funny video clip.

Because you’re a faithful reader of this tech column, you know you’ve got to be careful on the Internet.  Viruses and malware lie in wait to infect your computer.

So how can you tell if a website is safe to visit or not – before you browse to it?  How can you be sure your PC won’t become infected?

The bad news

Unfortunately, there’s no guaranteed way to assure a website is completely safe or virus and malware free.

The good news

But there are some fairly reliable tools you can use to help gauge the safety of a website before you visit it.

First, you can use online web-based scanners to examine the web address.

·      Norton SafeWeb – https://safeweb.norton.com/

Security vendor Symantec offers this website to provide you an analysis of a website’s reputation.  Most of its information comes from the general public who submit reviews based on their interactions with the websites.  So you must still use caution because these reviews are not necessarily legitimate.

·      Comodo Site Inspector – http://app.webinspector.com/

Comodo Site Inspector, a free service by the popular cybersecurity vendor, will scan a URL for twelve potentially harmful components that could damage your computer.  The scan can take several minutes to complete.

·      ScanURL – https://scanurl.net/

Similar to Norton SafeWeb, ScanURL.net checks multiple databases such as Google SafeBrowsing, Web of Trust, and PhishTank to see if a site has been reported as a potentially malicious site.

Second, you can implement DNS filtering on your router.

DNS can be considered the phone book of the Internet.  Each website address (like www.calibreforhome.com) points to a specific server address comprised of numbers where the site is hosted, known as an IP address.

OpenDNS offers a free service for home users, allowing you to filter all your Internet traffic through their DNS servers, which are programmed to block known harmful websites.  It can also speed up your web browsing, compared to using your Internet Service Provider’s default DNS servers.

You can check out their packages at https://www.opendns.com/home-internet-security.

Finally, you can install a web filtering software program on your computer.

The Managed Web Protection we offer prevents you from visiting websites known contain malware, spyware, adware, and other infections.  It also functions as a parental control tool – keeping your kids and grandkids from visiting inappropriate websites.

Of course, the safest method of all – don’t click!

Posted on

The Real Costs of “Free” Antivirus Protection

When Alan brought his computer to us because he couldn’t access any websites, he never suspected the culprit would be this one seemingly harmless thing.

Our technicians put his computer through rigorous troubleshooting, but were unable to immediately find the cause of his problem. After more in-depth testing, we discovered one small setting preventing Alan from browsing the Internet.

Alan had been using AVG Free Antivirus – one of the most popular free antivirus programs. However, his troubles began when he uninstalled AVG prior to having us install our Advanced Managed Antivirus protection. Even after being “removed,” AVG was still trying to commandeer his Internet connectivity. His problem was solved by removing the remaining hidden AVG drivers.

Little things like these are what make free antivirus solutions less than optimal.

While the prospect of free protection from malicious viruses and malware may seem appealing at first, the cost further down the road is far less attractive and significantly more.

Here are three reasons why you should think carefully about risking your PCs security with a free antivirus program:

Pathetic Protection

What is the point of having an antivirus program installed on your computer if it’s not able to protect you from the latest viruses and malware attacks?

Paid antivirus programs have more frequently updated features and are always kept up-to-date with the latest virus definitions. Most free solutions, however, offer only minimal protection.

In a study conducted by PC World, free antivirus programs allowed an unsettling 15.2% of malware slip through their detection.

Real-time protection is also rarely an option when you are not paying for your antivirus software. You may be protected from common viruses attacking your computer, but many new, more highly sophisticated viruses could easily get away with infecting your PC and stealing your personal information before being detected.

Annoying Advertisements

The last thing you want when trying to rid your computer of malware is intrusive and annoying adware.
Many antivirus companies partner with advertisers so they can make money off their free products. Free antivirus utilities commonly hijack your browser, homepage, toolbars, and search engine. This generates more revenue for them and more trouble for you.

Free antivirus solutions rarely detect or stop unwanted adware. These programs often seem helpful and legitimate – advertised as being used for couponing, finding lyrics to your favorite songs, or even checking the weather.

But these programs gain an alarmingly elevated level of access to your computer. They leave your computer extremely vulnerable to malicious attacks.

Adware such as this results in even more pop-ups, advertisements, and even spam emails. Stuff you’re trying to prevent in the first place!

Something else to think about …

Why do all the free antivirus programs bombard you with ads to upgrade to their paid version? Even they know the paid version is more effective.

Unwanted Utilities

One of the more annoying and potentially dangerous aspects of free antivirus programs are the extra “features” that come bundled with them.

Free antivirus solutions are often bundled with a plethora of other largely useless and problem-causing utilities.

Some contain a bundled proprietary search engine or homepage. But these are a mere rebranding of Ask, Yahoo, or Bing search engines.

If you wish to use one of these search engines, you’re better off going to the legitimate website.

Some antivirus programs also attempt to redirect your web browsing through their servers promoting added protection. Ironically, this often results in security holes due to poor product development, leaving you even more vulnerable to outside attacks than before.

Buyer Beware

While a “free” virus program may be enticing to you, they are often littered with too many downfalls to be a truly good value.

Computer professionals who recommend you use a free antivirus program are doing you a major disservice. They often make more money off cleaning the virus infections and fixing other problems caused by the free programs than they do by offering you a highly effective paid antivirus software.

So what should you do?

Paid antivirus protection costs far less than you would expect. Premium antivirus software is the best option for your computer’s security and for your pocketbook.

If you absolutely cannot or simply refuse to pay for your antivirus protection, you should be extremely confident in your ability to safely navigate the web and steer clear of any and every suspicious website, email, or pop-up.

Posted on

You Can Avoid Becoming A Victim

Fraud

“Hi, Scott. I need to give you my new credit card information. My old card got hacked, so the bank sent me a new one.”

I receive calls like this almost every week from clients who have recurring transactions set up with us.

Scams, fraud and identity theft are on the rise. A sad reality of the 21st century.

Did you know …

  • 13.1 million U.S. consumers lost almost $15 billion because of identity theft in 2015, according to a Javelin Strategy and Research study conducted last year?
  • credit card fraud could jump from $4 billion to $10 billion by 2020, according to a February 2016 CNBC report?

All this is despite the advances in new security features, like the EMV chips in debit and credit cards.

If you haven’t been the victim of a computer scam, fraudulent bank or credit card use, or identity theft, you probably know someone who has. The negative effects cause incredible frustration, cost hours of lost time, and results in the loss of hundreds or even thousands of dollars.

Becoming aware of how scammers, cybercriminals, and identity thieves work and knowing how you can protect yourself is critical in this age.

In honor of National Consumer Protection Week, March 5 through 11, I’d like to provide you with this information. But I would need considerably more space than what I’m graciously given here in this column.

So I’ve created a new three-part video series where I share practical and little-known consumer safety tips.

These tips provide you the knowledge you need to be a smart consumer, even when scammers catch you off guard. Armed with this information, you’ll avoid falling victim to scams, identity theft, and fraud.

Common Computer Scams
In the first video, I’ll teach you how to quickly and easily identify the three most common computer scams. Some are blatantly obvious, yet many people fall hook-line-and-sinker for them. After watching this video, you won’t be one of those people.

How Identity Thieves Work
In the second video, I’ll describe some of the sneaky ways identity thieves steal your personal information. It’s not just through your computer, either. You’ll be surprised at how easy it is for these criminals to go undetected and how at-risk your privacy is.

How to Protect Yourself
In the final video, I’ll give you 10 specific actions you must take to protect yourself – in both the physical and digital worlds. You’ll be given the steps, resources, and tools necessary to keep your personal and financial information as secure as possible.

You can sign up to view the videos for free at on the home page of this website – www.calibreforhome.com.

I promise I’m not going to try to sell you anything, and I won’t be filling your email inbox with useless junk messages.

I simply want to help combat the growing trend of fraud and identity theft. The best way for me to do that is by sharing with you what I’ve learned as I deal with it on a daily basis.

Posted on

Beware the Fake Windows Support Scam

It was early Monday afternoon when Larry’s phone rang. “Hello,” he greeted the caller, expecting it to be a friend or family member.

“Hi. I’m calling from Windows technical support. We have detected a problem with your computer,” the caller proclaimed in an almost unintelligible accent. “I need to log in to your computer to check to see what is causing the problem.”

Suspecting something to be fishy about this, Larry told the caller he should call back in an hour. Then Larry immediately called me to inquire if this was legitimate.

This type of scam has been around for years, but is still going quite strong. Callers – often from foreign countries – pose as computer support technicians from companies like Microsoft, Norton, and other well-known computer industry names. They try to convince the victim that their computer is running slow, is infected, or has problems that they need to check out.

To make you “believe” what they are saying, they instruct you to go to your computer, pull up the Windows Event Log and observe various warnings and errors appearing there. Although most of these entries are no cause for alarm, these scammers adamantly assert these are problems that must be fixed immediately – for a cost!

They then ask you to provide credit card information either over the phone or via a web site to pay for the service. Once they receive confirmation of the payment, the scammer then asks you to download software that allows them to access your computer over the Internet, which allows them to make changes and install software.

Unsuspecting computer users who fall for this scam suffer several problems. First, they pay an exorbitant amount of money for unneeded “repairs.” Second, their computer becomes loaded with useless and often-times virus-infected software. Third, they may become the victim of identity theft.

What should you do when you get one of the calls? Hang up! Don’t waste your time talking to them. Definitely do NOT perform any actions they ask you to take on your computer.

Be warned, though, that some of these scammers are very persistent. People have reported receiving numerous calls, even after explicitly telling the scammer to not call back.

Larry asked a really good question when he called me: “How do I know if something like this is real or fake?”

You should only consider phone calls from companies that you personally know, trust, and do business with to be legitimate. Although Microsoft is the maker of the Windows operating system on your computer, you don’t actually do business with them. So they will never call you to tell you there is a problem with your computer.

Your Internet Service Provider or your local computer repair company are probably the only two who might call you to let you know about an issue with your computer.

Even then, if you do get a phone call from someone purporting to be them, don’t immediately follow their instructions. Look up the phone number for that company and call them back yourself to inquire if they called you about a problem (don’t ask the caller for their number).

Another tell-tale sign of most scammer calls is if the person calling has a foreign accent. Most of the trusted companies you do business with have employees who speak the English language very well and without a noticeably foreign accent.

Phone scams have been around for a long time and promise to be a nuisance well into the future. Play it safe. If it doesn’t sound right, it probably isn’t. Hang up and call a computer support professional you know and trust. You’ll save yourself a lot of frustration and problems.

Posted on

5 Myths About Virus Infections

Computer Virus

Our tech bench at Calibre Computer Solutions always has at least one computer (usually more) on it that’s been infected with some type of virus or malware. Nasty infections requiring specific removal tools and processes have increased dramatically over the past year.

The number one question I’m asked is, “How did this get on my computer?  I have antivirus protection.”

In today’s column, I would like to dispel five common myths most computer owners believe about viruses and spyware. Learn these, make the recommended changes, and your risk of infection will be greatly reduced.

MYTH #1 – If I have an antivirus program, my computer is safe.

Unfortunately this is not entirely true. Having a good antivirus program, such as our recommended Managed Antivirus, is an important step in the right direction.

However, malware creators work hard to sidestep the common protection programs either by exploiting newly discovered security holes before they’re patched or by using “social engineering” to trick users into opening infected files directly.

While there is no guarantee of total safety, experts recommend a combination of the following for reasonable protection:

  • Professional antivirus software – NOT the free AVG or Microsoft Security Essentials
  • Regular software updates for your operating system (Windows or Mac OSX), Java, Adobe products, and Internet browsers
  • User education (e.g. “If you don’t recognize the sender, don’t open the attachment”)
  • Perimeter defense (firewall, hosted spam filtering, DNS protection)
  • Regular, automated backups

MYTH #2 – If I use a Mac, I don’t have to worry about viruses.

Once upon a time this was mostly true. When Macs were a tiny slice of the overall market, it just wasn’t worth the malware writer’s time to learn how to infect Apple computers.

With the growing popularity of the Apple Mac though, comes a growing interest from online criminals. In 2012, over 600,000 Mac computers were infected with the Flashback malware, and security maker Sophos currently tracks over 4500 Mac-specific viruses and malware currently in use around the world.

Like PC users, the time has come for Mac users to add antivirus software and make sure they are being diligent with software updates and backups.

MYTH #3 – My mobile devices can’t get infected.

Also not true!  The fastest growing segment of both malware quantity and malware profitability (for the criminals creating these things) is the smartphone and tablet market – more specially, Android-based devices.

iPhones and iPads are still largely malware-free, though a June 2012 article in Forbes magazine titled “There is too malware on the iPhone!” makes the point that iDevice users should not assume they are completely invulnerable.

With the rise in Android malware, it is important to install protection software on your mobile phone or tablet. I recommend using VIPRE Mobile Security.

MYTH #4 – No one would be interested in hacking into my computers.

Really?  I hear this a lot, often from people who:

  • Have a reasonably powerful computer, and
  • Have a high-speed internet connection

That’s really all criminals need.

With that computer infected and under the control of a malware-enabled criminal botnet, it can be used to send thousands of spam messages per day, attack other computers on the Internet, or control other infected computers so that authorities can’t trace the real controller’s point of origin.

They can also watch every keystroke you enter in the computer, looking for patterns that might be credit card numbers, social security numbers, bank accounts, and passwords. These can be bundled and sold on the online black market. Since the entire process is automated, it’s common for thousands or even hundreds of thousands of infected computers to be under the control of just a handful of people.

The take-away here is, no matter how unimportant you think your computer might be, you should still take precautions to protect yourself AND others.

MYTH #5 – If I do get infected, it just means I’ll get some error messages or pop-up ads.

Unfortunately this is also wrong. As I mentioned above, malware is a serious, money-making business for the creators. We already talked about some of the ways they can make money – hijacking your computer to send spam or to capture your credit card information for example. In those cases, people generally have no idea their computer is infected until they notice problems on their credit report.

A more aggressive version of malware is becoming more common though.

Imagine this scenario – You turn your computer on one day. Instead of the normal startup screen, you get a message saying that your computer’s files are encrypted and the only way to get them back is to wire $300 to the hackers. After they receive the money, they will give you the password to get all your data back. (Although they’re more likely to just demand more money).

These are increasingly common strategies that these online criminals use to make money.

To fight back, use these three tips:

  • Use strong protection (see point 1 above)
  • Backup regularly
  • Use strong passwords and change them often

Make sure any hosted email accounts you may have, including Gmail or Hotmail, include a second authentication method such as a cell phone or alternate email account. Usually with this in place, you will be notified whenever your primary password is changed, and you can contact the service provider immediately if you weren’t the one who changed it.

Posted on

Porn Sites Aren’t As Bad As You Think

Porn

 

“Did Scott really just say that?”

I know that’s what many of you are thinking about this article’s headline.

But it really is a factual statement.  Porn sites are likely some of the safest websites on the Internet, at least when it comes to being a source of virus infections on your PC.

Porn sites, even the “free” ones, work diligently to keep their sites virus and malware free because adult content is an enormous money-making business.  According to a New Mexico State University study, the industry generates $97 billion a year globally, with $10-$12 billion from the United States alone.  If users’ computers got infected every time they browsed such sites, revenue would severely plummet.

So where do those pesky, sometimes frequent, virus infections come from that cost you hard-earned money to get cleaned up?

At the risk of sounding like a broken record (because I’ve written about this numerous times over the past four years, yet still get asked this same question almost every day), allow me to share some facts about virus infections.

(Just to clarify – I don’t condone porn sites for many reasons, which would be the topic for another column.)

 

Where they come from

Virus writers strive to wreak as much havoc on as many people as possible with their coded creations.  Some do it for recognition.  For others, it’s their source of income by stealing your personal information, especially credit card numbers.

To do as much damage as possible, these cybercriminals have resorted to new methods of infecting your computer.

The most common way your computer becomes infected is through malicious advertisements that appear on popular and frequently visited websites.  This includes websites like MSN.com, FoxNews.com, Yahoo.com, and any other site contains ads.

With this type of infection, you don’t have to do anything other than visit a legitimate website at the wrong time to get infected.  If the virus-laden ad appears at the time you visit the website, it can quietly download a program to your computer, infecting it. 

Sometimes it may cause a pop-up to appear urging you to take action to speed up or clean up your PC.  These look very real, allegedly coming from Microsoft or Windows or other “reputable” companies.  When you click on such ads, software installs on your computer.  The damage is done – your computer is infected.

Phishing emails are another popular avenue virus writers use to trick you into infecting your computer.

As I was writing the column this morning, I received two fake emails purporting to be from eFax with an important fax for me.  The email instructed me to click a link to view the fax.  If I would have done so, my computer would have been immediately infected.  (I knew it was fake by recognizing the tell-tale signs of an illegitimate email.)

 

How to protect your PC

First, install good antivirus software.  This is the first line of defense against virus and malware infections.

HOWEVER, understand that NO antivirus software will block or prevent all infections.  Just like you can’t completely prevent the common cold, computer viruses are the same way.  They will happen.

Second, install the AdBlock Plus add-on for all of your web browsers (Internet Explorer, Google Chrome and Mozilla Firefox).  This will minimize your risk of having the malicious ads appear when you visit various websites.

Finally, don’t believe every pop-up or email you receive.  Even though it says it’s from Microsoft, Windows, the IRS, FedEx, UPS, or other well-known companies, it probably isn’t.  Unless you’re expecting something from someone, it’s best to simply close or delete it. 

Don’t let curiosity cost you hundreds of dollars!  Think before you click!

 

The bottom line

Computer viruses are a fact of living in the Internet age.  They’re as unforeseen and sudden as unexpectedly becoming involved in car accident.  You can do all the right things and take all the safest precautions but still get hit with an infection.

 

A NOTE ABOUT WINDOWS 10

Many of you have asked me a lot of great questions about the Windows 10 upgrade since I began writing about it in March.  It’s release date is set for July 29.

Mark and I are still evaluating and testing it, as well as developing proper procedures for installing and configuring it.  Right now, Windows 10 incorporates some positive changes, but it also has its pitfalls.  I will release our final verdict and recommendations in mid to late August.  Stay tuned to this column!

 

Posted on

Virus Attacks: The Worst Just Got Worse

Just when we thought we had seen the worst virus ever known – CryptoWall 3.0 – an infection even worse comes along.

Computer VirusCryptoWall-infected computers have all of their documents and pictures encrypted and held ransom by cybercriminals.  You can’t open or use any of your files unless you pay their exorbitant ransom of hundreds of dollars in hopes they will decrypt your files.  Since they’re criminals, there’s no guarantee they will honor their word after they’ve already pocketed your money.

This threat is very real.  Two clients came to my office in the same day last week with the CryptoWall virus on their computers.  One lost all of his files because he didn’t have any backups; the other recovered many of her files because she had a backup from a year ago.

While CryptoWall 3.0 is extremely difficult to prevent, it uses the old-style method of infecting your computer.  You click on a link in an email or a website, you’re taken to a website that downloads the infection to your computer, and it automatically runs.  Damage done.

But this latest strain of ransomware CANNOT BE PREVENTED.

What’s worse is that it’s attacking your computer from legitimate websites – like Photobucket.com, CBSSports.com, HuffingtonPost.com, Mapquest.com, Realtor.com, and many others.

These are websites that everyday computer users visit all the time.

Time Warner Cable customers.  You’re exposed too, especially if you check your email on their website at mail.twc.com.

This latest threat, known as Fessleak, bypasses all antivirus software because it’s doesn’t install any files on your computer before it does it’s damage.  It initiates a command to a process on your computer via your computer’s memory right from the hijacked website.

These cybercriminals create advertisements that get displayed on popular websites all over the Internet through ad distribution networks.  They use intriguing subject lines to trick you into clicking on the ad.

Recent subject lines they’ve used include: “Grandma’s response to getting an iPhone for Christmas is hilarious” and “These are the Charlie Hebdo cartoons that terrorists thought were worth killing over.”

The subject line paired with a compelling photo summons your curiosity, which makes you click on the ad.

Within moments of clicking on the ad, a full screen message appears telling you that all your files are encrypted and you have to pay a ransom to get them back.

Your computer can also become infected in other ways – without you having to click on anything.  The hackers use vulnerabilities in popular software –like Adobe Flash Player – installed on your computer to infect and destroy.  Again, this goes undetected by antivirus software.

WHAT YOU MUST REMEMBER

Antivirus protection on your PC is a necessity.

BUT … NO antivirus software will prevent 100% of infections.  And it will NOT protect against these latest, most destructive ransomware infections in the wild at all.

WHAT YOU MUST DO

 

First, you MUST religiously back up the important files on your computer.

An off-site backup is preferred.   If you back up to an external hard drive or flash drive, you MUST disconnect it from your computer as soon as the backup is complete.  Otherwise, these infections will destroy your backups, too.

Second, install Windows updates and other software programs as quickly as you can when they are released.

Third, install AdBlocker plugins for your web browsers to prevent advertisements from showing up on websites you visit.  AdBlock Plus (adblockplus.org) is a good plugin to use.

Finally, be careful what you click on.  Don’t let your curiosity get you in trouble.

The days of the safe Internet are long gone.  Prevention is becoming increasingly difficult.  Preparation for the inevitable is now what every computer user must do.

Posted on

5 Myths About Computer Viruses

Our tech bench at Calibre Computer Solutions always has at least one computer (usually more) on it that’s been infected with some type of virus or malware. Nasty infections requiring specific removal tools and processes have increased dramatically over the past year.

The number one question I’m asked is, “How did this get on my computer? I have antivirus protection.”

In today’s column, I would like to dispel five common myths most computer owners believe about viruses and spyware. Learn these, make the recommended changes, and your risk of infection will be greatly reduced.

MYTH #1 – If I have an antivirus program, my computer is safe.
Unfortunately this is not entirely true. Having a good antivirus program, such as our recommended Managed VIPRE Antivirus, is an important step in the right direction.

However, malware creators work hard to sidestep the common protection programs either by exploiting newly discovered security holes before they’re patched or by using “social engineering” to trick users into opening infected files directly.

While there is no guarantee of total safety, experts recommend a combination of the following for reasonable protection:

• Professional antivirus software – NOT the free AVG or Microsoft Security Essentials
• Regular software updates for your operating system (Windows or Mac OSX), Java, Adobe products, and Internet browsers
• User education (e.g. “If you don’t recognize the sender, don’t open the attachment”)
• Perimeter defense (firewall, hosted spam filtering, DNS protection)
• Regular, automated backups

MYTH #2 – If I use a Mac, I don’t have to worry about viruses.

Once upon a time this was mostly true. When Macs were a tiny slice of the overall market, it just wasn’t worth the malware writer’s time to learn how to infect Apple computers.

With the growing popularity of the Apple Mac though, comes a growing interest from online criminals. In 2012, over 600,000 Mac computers were infected with the Flashback malware, and security maker Sophos currently tracks over 4500 Mac-specific viruses and malware currently in use around the world.

Like PC users, the time has come for Mac users to add antivirus software and make sure they are being diligent with software updates and backups.

MYTH #3 – My mobile devices can’t get infected.

Also not true! As of 2012, the fastest growing segment of both malware quantity and malware profitability (for the criminals creating these things) is the smartphone and tablet market – more specially, Android-based devices.

iPhones and iPads are still largely malware-free, though a June 2012 article in Forbes magazine titled “There is too malware on the iPhone!” makes the point that iDevice users should not assume they are completely invulnerable.

With the rise in Android malware, it is important to install protection software on your mobile phone or tablet. I recommend using VIPRE Mobile Security.

MYTH #4 – No one would be interested in hacking into my computers.

Really? I hear this a lot, often from people who:
• Have a reasonably powerful computer, and
• Have a high-speed internet connection

That’s really all criminals need.

With that computer infected and under the control of a malware-enabled criminal botnet, it can be used to send thousands of spam messages per day, attack other computers on the Internet, or control other infected computers so that authorities can’t trace the real controller’s point of origin.

They can also watch every keystroke you enter in the computer, looking for patterns that might be credit card numbers, social security numbers, bank accounts, and passwords. These can be bundled and sold on the online black market. Since the entire process is automated, it’s common for thousands or even hundreds of thousands of infected computers to be under the control of just a handful of people.

The take-away here is, no matter how unimportant you think your computer might be, you should still take precautions to protect yourself AND others.

MYTH #5 – If I do get infected, it just means I’ll get some error messages or pop-up ads.

Unfortunately this is also wrong. As I mentioned above, malware is a serious, money-making business for the creators. We already talked about some of the ways they can make money – hijacking your computer to send spam or to capture your credit card information for example. In those cases, people generally have no idea their computer is infected until they notice problems on their credit report.

A more aggressive version of malware is becoming more common though.

Imagine this scenario – You turn your computer on one day. Instead of the normal startup screen, you get a message saying that your computer’s files are encrypted and the only way to get them back is to wire $300 to the hackers. After they receive the money, they will give you the password to get all your data back. (Although they’re more likely to just demand more money).

These are increasingly common strategies that these online criminals use to make money.

To fight back, use these three tips:
• Use strong protection (see point 1 above)
• Backup regularly
• Use strong passwords and change them often

Make sure any hosted email accounts you may have, including Gmail or Hotmail, include a second authentication method such as a cell phone or alternate email account. Usually with this in place, you will be notified whenever your primary password is changed, and you can contact the service provider immediately if you weren’t the one who changed it.