Wiperware: New Malware That Shouldn’t Be Taken Lightly

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Any business can be a target for hackers who use ransomware. However, in recent months, a major new threat has emerged. The recent Petya attack was initially perceived to be another form of ransomware.

However, as the firms involved took stock in the aftermath of the events, it became apparent that the attack took the form of “wipeware,” code that is designed to completely destroy the files stored on any system.

What is wiperware?

Wiperware is designed with one goal in mind: total destruction. The malware asks users to install a software update and then it immediately takes control of the device. Once it has gained admin access, it completely overwrites all files on the device and in some cases the entire network. Any attached storage is also vulnerable, included USB external drives, memory sticks and network shared drives.

While the motivations behind Petya remain unknown, what is abundantly clear is that wiperware is a threat that needs to be taken very seriously. Here are a couple of things you can do right now. [Read more…]

Five Tips For Staying Ahead Of Malware

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Malicious software has become an everyday issue for many computer users, and it can have serious implications for your finances. To keep your information, data, and finances safe, you need to be aware of the common threats to your online security that exist and how you can protect yourself against fraudulent activity.

According to research from Kaspersky Security, malicious software, which is also commonly referred to as malware, impacted as many as 34.2% of computer users in 2015. But what is malware and how does it work?

Malware is somewhat different than computer viruses because instead of completely stopping your computer from operating, it sits quietly in your system stealing important and sensitive information.

It is estimated that over 1 million new forms of malware are released on a daily basis in the form of spyware, Trojan horses, phishing links, and ransomware. [Read more…]

Yes, You Can Still Get Infected – Even With Anti-Virus

Scott Blake is a Senior Network Engineer with Tech Experts.

With the sudden release of a new variants of malware and ransomware such as CryptoWall, users are wondering why their anti-virus programs are not blocking the ransomware infection from infecting their computer.

As with many other forms of malware, the infection needs to exist before a cure or way to detect the threat can be created. This takes time and during this period of R&D, the malware spreads like wildfire.

While there are several forms and classifications of infections, there are basically only two different methods in which infections are released into your system: User Initiated and Self Extraction.

User Initiated infections are caused by a user clicking on a link within a webpage or email or by opening infected email attachment. Once opened, the malware is released and quickly spreads throughout your system.

Because the user manually clicked on or opened the link/document, most anti-virus programs receive this as an authorized override by the user and either internally whitelists the link/document or skips the scan.

CryptoWall is spread through this method, usually contained within an infected Word, Excel or PDF document. The creators of these programs take advantage of the programming of the document to hide the infection.

With the world becoming a paperless society, we are becoming more and more accepting of receiving and opening attachments sent to us through email. It has practically become second nature to just click and open anything we receive, regardless of any warning.

Self-Extracting infections are exactly what they’re named. These infections require no outside assistance to worm their way through your system, infecting as they go.

The number one method creators of this form use to place their software on your system is through “piggy back” downloads.

Red button on a dirty old panel, selective focus - virus

Piggy back downloads occur when you authorize the download and install of one program and other programs (related or unrelated to the original program) are automatically downloaded and installed with it. The most common way is by downloading programs promising to speed up your computer.

Infections can also exist on your system and lay dormant for long periods of time, waiting for the computer to reach a certain calendar day or time. These infections are called “time bomb” infections. Just like piggy back infections, they require no outside assistance to infect your system.

They are mostly found buried in the registry of the system or deep within the system folders. Because they are not active on the time of placement, most anti-virus programs will not detect them. Active reporting through toolbars is another means of becoming infected over time.

When a user downloads and installs a toolbar for their browser, they authorize at the time of install that it is okay to install and all of its actions are safe. However, most toolbars are actively scanning, recording, and reporting back to the creator. They also act have conduits for installations of other unwanted programs behind the scene.

If left unchecked, those additional programs can become gateways for hackers to gain access to your system and spread even more infections.

To help stop the spread of malware/ransomware such as CryptoWall and its variants, we need to become more vigilant in our actions when either surfing the Internet or opening email and attachments.

The best rule of thumb to follow for email is: if you don’t know the sender, or you didn’t ask for the attachment, delete it. As for websites, read carefully before you download anything and avoid adding toolbars.

Internet Security: Beware Of “Malvertising”

Michael Menor is Vice President of Support Services for Tech Experts.

As if Internet use wasn’t already troubled with cyber perils, users now have to add “malvertising” to the list of things from which they need to protect themselves.

“Malvertising,” like the name suggests, means “ads that contain malware.” Some mal-ads aren’t dangerous unless you click on them – but others can do “drive-by downloads,” sneaking their malware onto your computer simply because you’re viewing the page on which the ad appears.

While most malvertising is on websites, it can also show up on other ad-displaying apps, such as Facebook, Skype, some email programs, and many games.

The reason that malvertising is more of a problem than other malware approaches is that it can be spread through online advertising delivery networks like Google DoubleClick to legitimate sites that users routinely visit, like the New York Times, Huffington Post, and Yahoo, as well as routinely-used mobile apps that show ads. Malware-bearing ads can be “injected” either by hacking ads at the provider end or by buying and providing mal-ads. In most cases, there’s no way for a user to tell just by looking that an ad has been compromised.

The Potential Damage
The dangers of advertising-delivered malware are the same as those from malware you get any other way. Malware can steal account usernames and passwords, bank and credit card information, and other sensitive data.

It can encrypt your data and “hold it for ransom.” It can, in turn, infect other computers on your network and turn your computer into a “zombie,” spewing out spam and malware to the Internet.

July_2015_MalvertisingLike other viruses and malware, malvertisements take advantage of security vulnerabilities on users’ computers and mobile devices. These may be anywhere from the operating system, to web browsers and other applications, to add-ons and extensions like Java, JavaScript, and Flash.

How do you know if your computer has been infected by malware? One sign is that your web browser shows unexpected pop-ups or seems to be running slower. But many malware infections remain “stealthy,” possibly even eluding anti-malware scans.

Legitimate ad creators and ad delivery networks are working on ways to detect and prevent malware from getting into the digital ads they serve. Otherwise, people have even more reason to not look at ads or block ads entirely.

But, assuming it can be done, this won’t happen for a year or more. The burden is on companies and individuals to do their best to protect their networks, computers, and devices.

What Can Companies and Users Do?
Although malvertising is a relatively new vector, the best security practices still apply; if you’re already doing things right, keep doing them. But what does “doing things right” look like?

  1. Avoid clicking on those ads, even accidentally.
  2. Maintain strong network security measures. Next generation firewalls at the gateway can often detect malware payloads delivered by ads, block the ads entirely, and/or detect communication from already-infected devices.
  3. Regularly backup systems and critical files so you can quickly restore to a pre-infected state if your systems and data are compromised.
  4. Deploy endpoint security software on every device so that it’s protected on and off the network.
  5. Ensure that all operating systems and client software (especially web browsers) are fully patched and up to date.
  6. If you suspect a computer has been infected, stop using it for sensitive activities until it’s been “disinfected.” Again, many security appliances can help you identify and quarantine infected devices.

It’s unfortunate that even more of everyday Internet use is potentially unsafe, but the steps to fend off malvertising are essentially security precautions that companies and individuals should already be following.

Tips To Protect Your Business PC From Malware

Michael Menor is Vice President of Support Services for Tech Experts.

In today’s online world, technology users are essentially in a state of near-constant attack. Almost every day, there’s a new data breach in the news involving a well-known company and, quite often, fresh rules for protecting personal information are circulated.

Because of malware in email, phishing messages, and malicious websites with URLs that are one letter different from popular sites, employees need to maintain a high level of awareness and diligence to protect themselves and their organizations.

Phishing activities are especially pervasive, including attempts to steal users’ credentials or get them to install malicious software on their system. The astonishing success rate of phishing attacks makes them a favorite.

Why? More than 70% of people will follow the link to a phony website and, of those that followed the link, 30%-50% will routinely give up their usernames and passwords.

Many like to think of the network perimeter with all its firewalls and other fancy technologies as the front line in the cyber war, but the truth is there’s a whole other front.

Every single member of a company’s staff who uses email or the Internet is also on the front line and these people are generally considered a softer target than hardware or software. It’s simple: if the bad guys can get an employee to give up his or her user credentials or download some malware, they can likely waltz right past the technological controls, basically appearing as if they belong there.

When using a computer for personal functions, a user generally has to have the ability to install software and modify the system configurations. Typically, such administrative functions are not available to all users in a corporate environment.

c471994_mAs a result, even if an organization has made an effort to improve a system’s security, a user doing work on a personal computer has the ability to disable and circumvent protections and has the privileges to allow for the installation of malware.

As companies migrate toward a world of bring-your-own-device policies, some companies are developing strategies to help address these risks. But, as a rule, using a work computer for personal reasons or doing work on a personal computer (or tablet or smartphone) can significantly increase the threat level that an employer has to protect itself against.

To help their organization protect systems and data, employees need to implement some smart web browsing habits. Smart web browsing means engaging in the following activities:

Beware of downloads
Malware can be hidden, not just in applications or installation programs, but in what appear to be image and video files also. To limit the likelihood of downloading content that contains malware, only download from reputable sites. With sites that are not a household name, take the time to do a little research and see if other people have had issues.

Additionally, be sure that antivirus software is set up to automatically scan downloads. Or scan downloads manually, even when receiving them from name-brand sites, as it is not unheard of for infected files to make their way onto otherwise legitimate web sites.

This is especially true for file-sharing sites where the site owner cannot control every piece of content a user may place there.

Be wary of deceitful sites
Those running sites already breaking the law by illegally distributing copyrighted materials — like pirated music, movies or software — probably have no qualms about including malicious content in their downloads or stealing information.

Many popular web browsers today have built-in functionality that provides an alert when visiting a website that is known to be dangerous.

And if the browser doesn’t give a notice, the antivirus software may provide that function. Heed the alerts!

Employees need to protect their devices from online and in-person threats. Start by keeping the company’s system patched. Configure it to automatically apply updates or issue notifications when there are updates and then apply them as soon as possible. This doesn’t just apply to the operating system.

Keep all installed applications updated; sometimes this takes a little extra work.

Remember, the challenge of security is that the bad guy needs to find only one hole in a security system to get past it, so fix them all. Think of it as putting dead bolts on doors, but leaving the basement window wide open.

To that end, security professionals like to debate the usefulness of today’s antivirus software. And it’s true that malware continues to become more sophisticated and harder to detect. But it always amazes me how old some of the malware running around is. As a result, use antivirus software and keep it up-to-date.

Also, use a software firewall, either the Windows firewall or one provided in an antivirus package. This is especially true for laptops connected to public wireless access points at hotels or coffee shops, but it also applies to home systems. It just provides that extra layer of defense.

And finally, please, don’t ever give passwords to anyone. Be vigilant and question anything new, especially emails and forms in the web browser that request work credentials, no matter how nicely the request is made.

(Image Source: iCLIPART)

Top Tips To Avoid A Virus Or Malware Infection

by Michael Menor, Network Technician
Malware is short for “malicious software.” It includes viruses and spyware that get installed on your computer, phone, or mobile device without your consent.

These programs can cause your device to crash and can be used to monitor and control your online activity. Criminals use malware to steal personal information, send spam, and commit fraud.

Avoid Malware
Scam artists try to trick people into clicking on links that will download malware and spyware to their computers, especially computers that don’t use adequate security software. To reduce your risk of downloading unwanted malware and spyware:

Keep your security software updated. At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS) to update automatically.

Don’t click on any links or open any attachments in emails unless you know who sent it and what it is. Clicking on links and attachments – even in emails that seem to be from friends or family – can install malware on your computer.

Download and install software only from websites you know and trust. Downloading free games, file-sharing programs, and customized toolbars may sound appealing, but free software can come with malware.

Minimize “drive-by” downloads. Make sure your browser security setting is high enough to detect unauthorized downloads. For Internet Explorer, for example, use the “medium” setting at a minimum.

Use a pop-up blocker and don’t click on any links within pop-ups. If you do, you may install malware on your PC. Close pop-up windows by clicking on the “X” in the upper right-hand corner of the title bar.

Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That’s a tactic scammers use to spread malware.

Talk about safe computing. Tell your kids that some online actions can put the computer at risk: clicking on pop-ups, downloading “free” games or programs, opening chain emails, or posting personal information.

Back up your data regularly. Whether its text files or photos that are important to you, back up any data that you’d want to keep in case your computer crashes.

Detect Malware

Monitor your computer for unusual behavior. Your computer may be infected with malware if it:

  • slows down, crashes, or displays repeated error messages
  • won’t shut down or restart
  • serves up a barrage of pop-ups
  • displays web pages you didn’t intend to visit, or sends emails you didn’t write

Other warning signs of malware include:

  • new and unexpected toolbars
  • new and unexpected icons in your shortcuts or on your desktop
  • a sudden or repeated change in your computer’s internet home page
  • a laptop battery that drains more quickly than it should

Get Rid of Malware
If you suspect there is malware on your computer, take these steps:

  • Stop shopping, banking, and doing other online activities that involve user names, passwords, or other sensitive information.
  • Update your security software, and then run it to scan your computer for viruses and spyware. Delete anything it identifies as a problem. You may have to restart your computer for the changes to take effect.

If your computer is covered by a warranty that offers free tech support, contact the manufacturer.
Before you call, write down the model and serial number of your computer, the name of any software you’ve installed, and a short description of the problem.

  • Tech Experts offers technical help on the phone, in our office, or in your home or business, based upon what is most convenient for you.

Telephone and online help generally are the least expensive and most time efficient, but you may have to do some of the work yourself. Bringing the computer to our office is usually less expensive than having a technician visit your business or home.

  • Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do differently to avoid it in the future.

 

Malware: What Does It Look Like And How To Prevent it

By Tech Experts Staff
The most common issue among users for both home and businesses alike are malware infections.

While malware is a generic term for malicious software, the fact is all malware slows your computer down and brings potential security risks along with it.

Malware can be anything from viruses, trojans, and spyware to “PC Optimization” programs that really do your computer more harm than good.

While some are more serious issues than others they all have negative effects on a workstation or a server so they all need to be taken seriously.

What does malware look like? In most cases an unusual window will open up, something you do not recognize.

Many times malware looks like the speed up your pc programs or could even be designed to look as if it’s antivirus software. It is very common to see software like this requesting credit card information to purchase the software and remove the so called infections.

Do not ever give credit card information out on your computer unless you’re absolutely certain it is a program you’ve downloaded and setup.

One example is your antivirus software will sometimes let you extend a subscription that is expiring via credit card.

“How can I even get a virus, I have antivirus software installed?” This is the single most common question we have from clients that come in for virus infections on their computers.

It is a common misconception that antivirus software means you cannot get a virus. The fact is antivirus software is strictly preventative.

The way antivirus software works is the antivirus vendor makes a virus definition based off of a virus. This definition is what allows the antivirus software to find and stop viruses from infecting a computer. That being said, someone has to get infected before the antivirus companies have an example virus to make a definition for.

Due to this everyone, whether they have antivirus software or not, are susceptible to viruses.

The difference between someone with antivirus software installed and someone that does not is that the person with it installed is not susceptible to infections after a definition has been made, while the other is.

“If antivirus does not completely protect me then how do I keep from getting viruses?” This is the follow up question we always get. For starters, safe browsing habits help to greatly reduce the chances of getting a virus infection.

Do not click on ads. The most common place for someone to get a virus is the ads on websites like Facebook that are very appealing and tend to catch users eyes.

Another thing that can be done to reduce the chance of infection or at least the severity of it is to use a standard user account. Society as a whole has a bad habit of always using the administrator account on a computer for everything they do.

The problem with this is that if a user does download a virus, the virus is now working on an account that has full privileges to the entire computer versus an account that only has permissions on a very small part of it.

Aside from having good browsing habits the best thing you can have on a workstation or a server is a high quality antivirus. Paid antiviruses tend to offer other features to help further protect your computer. We sell a Managed Vipre Antivirus that has very high detection rates and is business grade software. It is very light weight and does not slow down computers.

If you are interested in looking into our antivirus solution to help protect your business or residential computers let us know.

The Best Ways To Protect Yourself From Malware

By Tech Experts Staff
Users who bring their computers in to repair malware infections invariably ask the same question: “Why didn’t my antivirus stop me from getting viruses?”

So, you’re probably wondering, “If having antivirus software on my computer won’t protect me from viruses, what will?”

The fact of the matter is that while computer users are told they have to have antivirus on their PCs or risk getting infection, a machine can still get a virus despite antivirus software being installed.

Antivirus not foolproof
Antivirus software is designed to help prevent your system from becoming infected, but it isn’t foolproof. Antivirus software is constantly updated, but can be out of date for hours or even a day or two when a new infection is discovered.

Virus definitions are used to detect viruses and prevent them from gaining access to your computer. Automatic updates in antivirus software like Vipre download the updated definitions to protect your computer.

It’s the time period between when a new virus or malware is released, and the software companies can update the definitions, that your system is vulnerable.

How to protect from malware
Although no antivirus software, even the most expensive versions, offers guaranteed virus protection, antivirus software is a must have. We’ve seen a number of infections where clients have said that they were on legitimate sites at the time the infection hit their computer.

Even legitimate websites have the chance of malware being coded into them by hackers, causing that website to send the malware onto your computer.

So, the absolute best thing you can do is to have antivirus software installed.

The next best step is to be cautious about what you are looking for on the Internet. Many times, users looking for “free” items on the Internet don’t suspect that they might as well be searching for free viruses.

Hackers are crafty – targeting people looking for free downloads is an easy way to spread an infection.

Some of the most common risky items to search for are “screensavers,” “free games,” “work from home,” and “taxes.”

With the search terms shown here, it’s easy to see how computer users could easily be tricked into downloading a file or application that was laced with a virus.

Cautious browsing
The second step to preventing infections on your computer is a combination of common sense and caution.

While it may not be common knowledge as to what is and is not safe to click on while on the Internet, really what it comes down to is using common sense. There’s no such thing as a free lunch, even on the Internet – if it seems to good to be true, it probably is. It’s very important while browsing the Internet that you do not click on anything that just catches your eye. Many times, people have a tendency to click on ads, and because of this, ads have a high risk of containing malware. Don’t click on ads!

The second part, be cautious refers to everything you are doing that involves the connection to the Internet.

If you are using email, make sure you were expecting an email from the person sending it. Opening forwarded emails is a bad habit.Many viruses attach themselves to email accounts and send a lot of spam and forwarded messages which unsuspecting users click on and mistakenly download a virus onto their machine.

So to sum everything up, you should always have antivirus software installed on your computer and keep it up to date.

Even if you think you are a computer pro, keyloggers and many other items can get into your computer and run in the background undetected sending away your private information.

Always use common sense and extreme caution as to what you click on. Nothing is free and you don’t ever know for sure who or what is on the other end of that email you just happened to get in your inbox.

If you think you may have a virus or malware on your computer, or just want it checked for safety’s sake, give us a call or bring your computer in and we can check it out.

It is all too common to see viruses on machines but not actually see anything different on the computer other than it “running a little slow.”

Will Your Internet Stop Working In July?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

You’ve probably read in the paper or saw on the news that hundreds of thousands of computers might lose Internet access after July 9. I’ve had several clients ask, “Is this true? How serious is it?”

The short answer is, you’re probably fine. If you use Tech Experts for your anti-spyware, anti-virus, and anti-malware services, we have you covered.

Don’t get me wrong, this is a serious threat. If you happen to be one of the people with an infected computer, then yes – there’s a good chance you could wake up on July 9 to no Internet.

What’s This All About?
In a word, malware.

Last year, malware infected over half a million computers worldwide. This nasty virus modified the process your computer uses to translate domain names – like “MyTechExperts.com” – into IP addresses – like 209.151.164.50. It’s the IP address that locates the actual physical server that houses the website.

To perform that translation, computers are programmed with translators – DNS servers – that answer questions like, “What’s the IP address for www.google.com?” DNS servers are automatically provided by your Internet provider when you connect to the Internet.

When this “DNS Changer” malware infected a computer, it altered the translation server that the computer would use. Rather than a legitimate DNS server, PCs were silently reconfigured to use a bogus one.

The problem is, this new bogus server sometimes lies.

False DNS Responses
Rather than answering the question, “What’s the IP address for google.com?” with the correct answer, the fake DNS server would return a different IP address: the address of a malicious server that was configured to look like Google, but that is really a server run by identity theives.

As long as the malicious server looked enough like Google, the computer user wouldn’t know until it was too late that something was wrong. They’d be tricked into thinking it was Google.

The bogus site (which could be any site the hackers chose, not just Google) could itself install more malware, display additional advertising, or do just about anything that a malicious website could do. All without warning.

What Happens In July
In November, the hackers were caught. But hundreds of thousands of infected machines were left with their DNS settings pointing to the fake DNS servers.

So, rather than removing the fake DNS servers from the Internet, the agencies that caught the hackers changed them to be legitimate ones. The government is spending about $10,000 per month to maintain these servers.

While this meant that people with infected PCs would be able to surf the net more safely, it didn’t change the fact that their computers were, fundamentally, still infected.

On July 9th, the government is shutting down the temporary DNS servers. Anyone whose computer is still infected, and is using those servers to get DNS answers, won’t get an answer at all.

Without a working translator – DNS server – your computer can’t answer the “What’s the IP address of xyz.com” for any site on the Internet. For those people with infected computers, the Internet will simply stop working.

Let me be clear: the Internet will stop working only if your machine is infected. It’s easy to find out if you’re infected. Visit the DNS Changer Working Group at http://www.dcwg.org/ and click the green button labeled “Detect.”

This will examine whether or not your computer is affected by the DNS Changer malware. If you’re not, you’re done. July 9 will be a non-event for you.

What To Do If You’re Infected
If DCWG indicates that you’re affected, the page should also include information on what to do to clean the infection from your system.

The good news is that there are many free tools that are listed as resolving the issue – free tools from most of the major anti-malware utility vendors.

Specifically, Windows Defender Offline (formerly Microsoft Standalone System Sweeper) is listed, and it would probably be the tool I’d reach for first.

After cleaning DNS Changer off of your machine, I would also seriously review the anti-malware tools that you’re currently using. Put simply, it should have been caught by now.

Alert: Top Four Threats Attacking Your Network

There are many threats that could be attacking your network. Here are just a few that most clients have happen to them.

Overconfidence
User overconfidence in security products is the top threat to your network.

Failure to “practice safe software” results in nuisance attacks like porn storms (unstoppable rapid fire pornographic pop-ups) and more subtle key loggers that steal passwords.

Surveys promising free stuff result in theft of information like your mother’s maiden name, high school, etc. which can be used to answer common security questions.

To avoid theft of otherwise secure data, think before you click.

Social Networking Sites
Social networking sites like Facebook are exploding in popularity. Threats range from malware (eg. viruses, worms, spyware) to scammers trying to steal your identity, information and money. Many businesses and government agencies are using these sites to communicate with clients and constituents, so simply blocking access is no longer reasonable; defending your company while allowing employee access requires social network education for your employees and the enforcement of strong acceptable use policies.

We can help you develop a policy, then monitor compliance using a Unified Threat Management device that controls and reports on network access.

Attacks On Mobile Devices
Everyone is going mobile these days, not just the “road warriors.”

Once limited to laptop computers, mobile network devices now include PDAs, handheld computers and smart phones, with new appliances appearing in the stores every month. Mobile devices often contain sensitive data yet they are easily lost or stolen.

Be sure to password protect and encrypt data on all mobile devices whenever possible. Include mobile devices in your acceptable use policy.

Cloud Computing
“The Cloud,” in its simplest form, involves using the Internet to access and store your data.

It’s actually thousands of servers all working together to provide computing power. When you access e-mail using a web browser, you are working in “the cloud.” Using the cloud for automated off-site backup is rapidly gaining popularity, but that’s just the beginning.

Companies like Microsoft, IBM, and Google envision the day when we will use inexpensive terminals instead of computers to run programs and access data located somewhere on the Internet.

You need to be sure that any data you store and access across the Internet is secure not just where it is stored, but during the trip to and from the Internet.

Pay close attention to this top threats and it will help with network security.