Rules Of Thumb To Avoid An Infection

Anthony Glover is Tech Expert’s senior network engineer and service manager.

A virus can be an upsetting, expensive endeavor to deal with. A virus can wreak havoc on your personal files (like important spreadsheets or family photos) or the system files that keep your computer functioning.

These files can become corrupted, encrypted, or deleted, which makes recovery difficult or sometimes impossible.

Some less obvious viruses — the ones that might slow down your system instead of destroying it — can still affect you by stealing data and what you type on your keyboard, gaining access to your stored credit card information or important sites you use, like your bank. [Read more…]

Anti-Virus: It’s Worth Protecting Yourself

Ron Cochran is a senior help desk technician for Tech Experts.

You can have any machine — from the latest and greatest, to the old dinosaur in the corner — but if you don’t have virus protection, your latest and greatest machine might soon run like that dinosaur in the corner.

All of your sensitive images, documents, billing information, and passwords are subject to infection. No matter how careful you are, there is always something that slips through the cracks.

Often, users say, “I have such and such subscription,” or “I don’t click on anything I don’t know,” but the people spending countless hours causing havoc on computer users will always find new and sneaky ways to infect computers.

Viruses can be attached to images or links on websites. They can also be renamed to look like something that you should install. Once inside your computer, they are hard to track down even by a seasoned computer technician.

Viruses very rarely remove anything from your computer. Instead, they have a tendency to add things that can record your activities on your computer. A person could install a silent program that will start recording your keystrokes triggered by keywords; it can also take a screenshot or record email addresses and passwords. Most of the time, they don’t need to even gain access back to your computer to report the data.

They can have an email sent from your computer and Internet connection without you knowing it. That email, secretly sent from you to them, would contain your information (keystrokes, clicks, etc.).

By now, you have heard of the “crypto virus” and all of its variants. There are many solutions out there, but select few offer “zero-hour” infection reversal, however it’s something that businesses can especially benefit from. Let’s say you accidentally encrypt your machine; it would then be inaccessible until you pay the ransom to unlock your files.

Protection that offers infection reversal can revert your system back to its state right before you were infected and it would be like you never infected by the virus at all. This feature is part of Webroot Secure Anywhere, which is something we can provide.

Viruses not only help people steal your data, but they can also delete or corrupt files, degrade system performance, and make your computer run slower.

Viruses can also prevent programs from working and they can use your email to send out copies of itself to your contacts and other users. Sometimes, they can disable your computer from starting up by corrupting your BIOS firmware.

A couple of the main things that you’ll notice once you’re infected is that your system could run slower and you’ll receive all kinds of fake pop-ups, ads, warnings from “Microsoft,” etc. These type of files are referred to as “scareware” and the makers feed on the fear that you might lose your data, so you’ll pay them to “unlock” your system or “remove” the virus.

Again, we go back to protection. If you had virus protection, then it’s likely that would stop it before it even established itself inside your computer.

There are a few things you should do, if you haven’t already: get some sort of whole computer protection (such as Webroot), have restore points saved on your operating system, have a backup of your operating system install saved on some sort of external media, and save your documents, pictures, and videos to an external source.

When you find yourself in a predicament where you have to wipe an entire computer to remove an infection, you’ll be glad you took the time to prepare for the worst.

How To Avoid Infections On Your Company’s Network

Luke Gruden is a help desk technician for Tech Experts.

Computers are just like people – they too can catch a virus and become infected. Your computer can potentially be infected from anything it connects or interacts with, so it’s important to watch what disk or USB device you insert into your computer or websites you go to.

What is a computer infection?
A computer infection is referring to malicious software that can harm your computer or even steal your information. There’s more than one variation of it. There is spyware that watches what you type and do on your computer to gather and steal information.

There is adware which will change your settings and hijack certain parts of your computer to promote its own products.

There is cryptoware which will lock your whole computer and make it unusable.
There are also many other types of infections or malware that your computer can come across.

Is my computer infected?
If your computer has been running slower recently and you are seeing strange pop-ups or odd programs, you are very possibly infected. At Tech Experts, we monitor many different computers, keeping track of any odd processes and programs that are installed. We also have managed anti-virus that further helps us identify when our client’s computers could be infected.

How can I clean an infected computer?
There are many tools and resources that can be used to clean an infected computer and no single tool is absolutely perfect. Usually when cleaning an infection, we run at least three to four different (reputable) programs, depending on what type of infection it is.

If it is a very deep infection, we could end up running seven or more different programs to clean out the infection. It is important to know which tools to use and how to use them, however.

Certain programs can cause damage to the computers’ registry if you don’t know exactly what you’re looking for.

How do you prevent an infection?
Understanding your computer habits are one of the biggest ways to prevent infections. If you find yourself web surfing to questionable sites or to sites you’ve never been to before, this is one of the biggest ways to catch an infection.

Downloaded programs you don’t remember installing are one of the biggest red flags of an infection. Opening up emails and attachments that you don’t know where they came from is a good way to become infected. Know the sites you visit are safe and be attentive to what emails and downloads you view.

Having a good anti-virus is very important for a clean computer protected from those threats that you cannot see normally. At Tech Experts, we provide AV for ourselves and clients that prevent most infections. No AV is 100% able to stop all infections. With hackers making new threats every day, there is no method to make sure all possible vulnerabilities are blocked.

However, having good software and good habits will prevent the great majority of infections of hopping onto your computer.

How To Identify And Handle Scareware Pop-ups

jared-stemeye

Jared Stemeye is a Help Desk Technician at Tech Experts.

Let’s say you’re reading the latest news articles on a webpage you visit regularly. In an instant, a new browser window flashes onto your screen, blinking with some sort of notice, a warning of virus infections, a legitimate looking logo, and a phone number to call.

Some of these even employ audio statements such as, “Your PC is infected. If you close this window you will lose all information stored on your hard drive.”

These tactics combined do a very good job of eliciting emotions of fear and anxiousness from their victims.

However, with the proper knowledge to identify the fraudulent practices of these groups, along with the proper steps to handle such occurrences, you will be able to avoid the hardship many others have encountered.

The first thing you should know is that it is quite simple for anyone to attach the Microsoft, or any name brand anti-virus’ insignia onto the page to make it appear convincingly genuine. The ‘official’ logos you see on these pop-ups are not legitimate, though it is very easy to think that they are.

The second, and probably the most important, thing to know is to never – under any circumstances – call the phone number provided by the pop-up.

The disreputable individuals on the other end of the phone are not meant to help you. Like the pop-ups, they too are proficient at inducing anxiety among their victims, urging those who call to allow permission for remote access to the targeted computer.

Once someone has access to your desktop, they have access to all your locally stored files and can make changes to them as well as plant malware or spyware.

Never allow remote access to your computer unless you, without any doubt, know who it is you’re allowing access.

Now, what you should do next? First, attempt to close the window as you would with any other window by clicking the X in the top right corner.

In many cases, a dialogue box will appear at the top of the screen, providing more anxiety-inducing phrases to make you think your actions are incorrect. Rest assured you are on your way to ridding yourself of the pop-up.

Browsers such as Internet Explorer, Google Chrome, and Mozilla Firefox have an opportunity to prevent these boxes from reappearing after you exit out of them. In the pop-up box, click the check field next to the “prevent additional dialogues” option and click OK.

If the pop-up window has yet to close, retry exiting out of the window. No additional dialogue boxes should appear at this point, allowing you to regain control of your computer.

If the pop-up window does not close after these steps or if the issue persists after a short period, contact your trusted IT team to remove the issue.

Under any circumstance, remember, these pop-ups are not viruses themselves and, if you follow the advice given in this article, they will cause no harm to your computer.

However, it is still best practice to run a full virus scan if this does occur to ensure you are unaffected.

Five Tips For Staying Ahead Of Malware

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Malicious software has become an everyday issue for many computer users, and it can have serious implications for your finances. To keep your information, data, and finances safe, you need to be aware of the common threats to your online security that exist and how you can protect yourself against fraudulent activity.

According to research from Kaspersky Security, malicious software, which is also commonly referred to as malware, impacted as many as 34.2% of computer users in 2015. But what is malware and how does it work?

Malware is somewhat different than computer viruses because instead of completely stopping your computer from operating, it sits quietly in your system stealing important and sensitive information.

It is estimated that over 1 million new forms of malware are released on a daily basis in the form of spyware, Trojan horses, phishing links, and ransomware. [Read more…]

The Three Scariest Threats To Small Business Networks

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

While spam, pop-ups, and hackers are a real threat to any small business network, there are three security measures that you should be focusing on first before you do anything else.

Worry About E-mail Attachments, Not Spam
Sure, spam is annoying and wastes your time, but the real danger with spam is in the attachments.

Viruses and worms are malicious programs that are spread primarily through cleverly disguised attachments to messages that trick you (or your employees) into opening them.

Another huge threat is phishing e-mails that trick the user by appearing to be legitimate e-mails from your bank, eBay, or other financial accounts.

Here are three things you must have in place to avoid this nightmare: [Read more…]

Most Employees Use Work Computers For Outside Activities

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

GFI Software, a leading software tool provider for companies like Tech Experts, recently released a report that found the personal use of company computers and other devices is leading to major downtime and loss of confidential data in many businesses.

The study of about 1,000 small business employees who used a company-provided desktop or laptop computer found that 39 percent of them said their businesses have suffered a major IT disruption caused by staff members visiting non-work related websites with work-issued hardware, resulting in malware infections and other related issues.

Even more alarming, the study showed nearly 36 percent of staff members said they would not hesitate to take company property, including email archives, confidential documents and other valuable intellectual materials, from their work-owned computer before they returned the device if they were to leave their company.

[Read more…]

Tips For Defending Against Social Engineering Attacks

c481198_mby Michael Menor, Network Technician
I just got yet another email from my bank. Or, at least it looked like the bank that had issued one of my credit cards. The email included my correct name and mailing address, as well as a variety of other quality information such as the last four digits of my credit card number.

This may not seem like it is great information, but I regularly change details in my name for accounts, such as using different middle initials, including or omitting part of my first name, or using one of the three different street addresses that will get mail delivered to my home. So when someone gets it all correct, it really is a big deal to me.

According to the email, I needed to log on (yes, convenient link included) and check a fraud alert that was being issued on my credit card by my bank because of suspicious activity.

Again, this did make some sense, because this account was compromised, and I do have fraud triggers set to alert via email and text. Despite the fact that I pretty much always view these emails as suspicious, all in all, it seemed like the type of email that I might not want to ignore.

Except for the fact that the email came to a valid email address which I have never registered with this particular bank. Oddly enough, I have seen this with increasing frequency, and have received both Facebook and LinkedIn notifications with friend/connect requests – with people I actually know – but, both sent to email addresses which I have never registered with Facebook or LinkedIn.

Social Engineering?
Getting a few emails doesn’t necessarily mean I am in the middle of a social engineering attack. The catch here is that the emails contained real information that could only be gathered if someone was working it, so I tend to look a little beyond random phishing. The sender had good information.

A more recent complexity in social engineering is the use of this type of good information in an Advanced Persistent Threat (APT). In this role, social engineering is used in concert with other attack vectors. Information gathered from social engineering is used to target technical attacks, and in turn, information from technical attacks is used to help target further social engineering attacks as an attacker learns more about a set of individuals as well as the entire organization.

The availability of information from public sources like social media allows online research about specific people to be very targeted, further enabling more specific social engineering attacks.

Part of the social engineering attacks that are the most dangerous are those attacks that also try to get targets to execute malicious links or applications, potentially installing malware.

You may recognize a random external email attack that includes a virus or a malicious link. But, how would you respond to an email from your daughter’s college that appears to claim she was being ejected, or an email from a well-known pharmaceutical company that announced recently discovered potentially fatal side effects of a prescription drug that you are currently taking? Personal attacks like this which are tailored to a specific individual have become more common, and we should expect this trend to continue.

Can We do Anything About It?
Since there is no such thing as a personal firewall to help filter out attacks, the single best thing you can do to minimize the chances of a successful social engineering attack is proper awareness. At the same time, some technical controls can help. I have no “magic list” of five things to do, and I know 16 controls can look like a daunting task, but any or all of these things can help reduce the chances of a successful social engineering/phishing attack.

Even starting with one thing that you are currently not doing can help.

1. You should know that social engineering attacks exist. You should also know that attackers are interested in getting personal information as well as corporate information, and that individuals may be attacked through any phone, email or social media account – both work and personal – since personal knowledge can help make targeted attacks more successful.

2. You should be very careful about the type of information you leave in your voicemail greeting. A good default is to leave your first name, and state that you will return the call, without identifying your group.

3. “Extended absence” messages may be necessary, but should be used with care. Consider leaving a “fake” alternate contact name so that a coworker can easily identify that the call came from your out-of-office message. When you’re out and you want callers to reach “Betty Brown” for assistance in your absence, you might leave an outgoing message that says “Beth Brown” instead of “Betty Brown.” Then, when a caller asks for “Beth,” Betty will actually know that this call came as a result of your out-of-office message.
4. To help minimize the ease with which an attacker can identify valid email addresses at your organization, your email server should be configured so that it does not respond to inbound invalid addresses.

5. Make sure that corporate email addresses have little to no relationship with the employee’s user ID. Never make the name in your email address the same as the user ID you use on your internal network. If the user ID that you use to log onto your corporate network is bsmith, do not make your corporate email address bsmith(at)yourcompany.com.

6. You should be filtering attachments on your email and removing attachments with potentially hostile contents, such as executable files. Distributing Trojan horses or viruses via email is a common attack technique.

7. Be aware of company specific jargon. Anyone who uses improper or general information about your company can be regarded as an outsider. Maybe you work for Tech Experts, but everyone calls it “TE.” Using incorrect terminology is a clue that a call may not be genuine.

8. Someone who acts irate or angry and attempts to rush you through a questionable process should be regarded as suspicious. Bullying someone is a common technique to keep a target off balance.

9. Many (not all) data gathering emails come from temporary or “throw away” accounts, such as an account at Gmail or Yahoo. Your staff should be aware that there are a number of reasons an attacker would like to clearly identify valid email addresses and that your staff should consider this in all external responses.

10. Your company should not use or allow the use of external web-based email accounts through the normal course of your business. Do not let employees get used to seeing official email from such accounts (like @gmail.com instead of @yourcompany.com).

11. Your employees should know that no one from corporate IT (or anyone else) would ever call them and ask for their password. Simply put, no employee should ever divulge his or her password to anyone else. Never.

12. You should maintain an accurate and current employee directory with phone numbers. Anyone receiving a suspicious call can ask the caller who they are and consult the phone directory for the name and phone number.

13. Dispose of sensitive material in an appropriate manner. Either use an office shredder or contract with a reputable “secure disposal” company to dispose of sensitive information for you. Yes, “dumpster diving” is real, does happen and does work.

14. The Help Desk can take steps to reduce the number of invalid password resets and snooping attempts.

a. If a user calls from an outside number, the Help Desk’s first response should always be to consult a corporate phone directory for an official work, mobile or home phone number to return the user’s call. Any number not on the list should be considered suspicious.

b. The Help Desk should verify the employee’s full name, with proper spelling, phone extension, department or group. You are trying to add enough information that an attacker would have to be very prepared for the request.

c. The Help Desk should ask the caller for a number at which they can call the user back, regardless of from where the user is calling. A call from anyone who will not provide a callback number should be considered an attack.

d. You may consider having the Help Desk leave a user’s new password in the employee’s corporate voicemail. A valid user should have no trouble retrieving the password. An attacker would have to compromise the voicemail system to get access to the password.

15. If you are being asked to release or reveal something that is clearly sensitive, such as your strategic plan, passwords, pre-release earnings, source code and other such internal information, it should be automatically regarded as suspicious.

16. You should have a plan for how you will communicate internally if you identify that a social engineering attack is taking place against your company.

Does every employee get an email stating that an attack is in progress, and that everyone should exercise additional care? Who should send the email, and what is the final triggering event before a company-wide alert is distributed?

Conclusion
A good social engineer can extract sensitive internal information very quickly, and can then help ensure they make the best use of that information to further additional attacks.

Knowing this, you should understand that a social engineering attack can happen at any time. They don’t happen because you have poor security, they happen because someone else decided you were a target.

(Image Source: iCLIPART)

Data Security: Why You Should Be Concerned

by Michael Menor, Network Technician
All businesses, big or small, have client data which is the life blood of their company. Losing this data can prove deadly; even worse having this data held hostage.

The purpose of this article is to explain the importance of data security with encryption and also viruses like CryptoLocker which purposely encrypts your data and requests that you pay a ransom to release this data. This nasty little virus is no joke, many companies have fallen prey to it and have paid the ransom which ranges anywhere from $300 and upwards to $2000.

Let’s talk about this CryptoLocker virus. “What is it?” you ask. This is a piece of ransomware that targets computers with the Windows operating system. This virus is spread as an email attachment and has been seen to pose itself as a voicemail message.

Once CryptoLocker is installed on your computer, it encrypts all documents on your local computer, as well as ones that are stored on network drives and external storage. The encryption used is strong, 2048-bit, cracking this level of encryption is impossible.

It would take approximately 6.4 quadrillion years to break. Even if you were using a super computer it would take a very long time to break.

Hard drive encryption should be the first step in ensuring data integrity. Microsoft has their own encryption technology called BitLocker, which is only available on Windows Enterprise and Ultimate editions.

TrueCrypt is a free alternative. The only problem with this is that once you authenticate the drive that is secured with either software, it is ready for use and allows the user to freely read and write to the drive. Which in turn lets other programs on the computer do the same.

In regards to TrueCrypt, it has no supporting management infrastructure, and no key recovery system. If you forget your password, or something goes wrong with the TrueCrypt file, there is no way to get your data back. You must therefore keep separate backups. Another alternative to hard drive encryption is backing up your important data to the Cloud. You don’t have to worry about maintaining a storage server or carrying around an external hard drive. Everything is available to you wherever you go as long as you have an Internet connection.

Talking about all this data security will not stop the standard user from opening email attachments without verifying the sender of this file. Having proper net etiquette training can be very useful, you want your employees to understand the risks of these attachments and the possible risks involved when they’re viewing their email or even browsing the Internet.

Before users open any email attachments they should ask themselves. Is the email address trusted? Were you expecting an email from them? Is the spelling and grammar consistent with what you’d expect from the sender?

Security Expert, Nick Shaw has created software that can prevent CryptoLocker. This software prevents CryptoLocker from ever executing and has been proven to work on Windows XP and Windows 7 workstations.

Contact us for more information on how to prevent viruses or if you have any questions regarding data security and backups.

It’s A Scary Time For Your Company’s Systems And Data

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

We sent out an email a few days ago alerting folks to a new and particularly nasty virus that’s making the rounds. It’s called CryptoLocker and, if your systems get infected with this particular kind of “ransomware,” it is, frankly, a nightmare.

CryptoLocker scans your system and looks for all of your file storage locations – your local C: drive, any USB thumb or external drives, and even network shares (if you save files on your S: drive, for example).

It then encrypts every file it finds using a sophisticated, spy-level type of encryption. Your files – Word, Excel, Powerpoint, etc. – all become unusable.

Pay up, or else
You’ll then get a pop up on your system, letting you know that your personal files are encrypted, and if you want the key to unlock them, you’ll need to pay the cyber crooks to get it. The ransom (thus, the term “ransomware”) is anywhere from $300 on up. And, there’s a deadline – 72 to 100 hours – after which, the key to your files is destroyed, and you’re simply out of luck.

Prevention
This nasty virus is spread by opening email attachments or through other “social engineering” means.

Spam/virus filtering are generally aware of the threat and actively block emails that contain elements of this and other malware.

We suggest notifying your employees immediately of this new virus and making sure everyone is following some basic preventive measures:

  • Do not click on attachments in emails from someone you don’t know or companies from which you haven’t expressed interest in receiving information.
  • Do not click on links, advertisements or pictures that pop up on your screen when visiting other websites.
  • Do not engage in social media games or click on links that appear on social media platforms.

The virus emails come in the form of a shipping notice from UPS or FedEx. It is obviously fake, but the scammers make it look very real.

Why aren’t you backing up your data?
I’ve been in the IT business for nearly 27 years and I can say I’ve pretty much seen it all. But I’m still astounded when we run across a business owner who isn’t backing up their data.

Studies show that only six out of every 10 people back up their computer files. The 40% that don’t said that it was because they didn’t think they needed to.

According to a report by PricewaterhouseCoopers, 70% of small businesses that suffer a significant data loss go out of business within a year.

These ransomware and other destructive viruses are becoming more and more prevalent. We work hard to keep your systems safe and protected, but no antivirus software catches 100% of everything.

More than ever, it is vitally important that your business have a solid backup system that is managed, monitored and tested. Too many times we’ve gone in to help a new client who is in the middle of a disaster, only to find out they were religiously changing tapes in a system that hadn’t successfully ran a backup in months – or years.