Back-up! Back-up! Back-up! Have a recovery system in place so a ransomware infection can’t destroy your personal data forever. It’s best to create two back-up copies: one to be stored in the cloud (remember to use a service that makes an automatic backup of your files) and one to store physically (portable hard drive, thumb drive, extra laptop, etc.). Disconnect these from your computer when you are done. Your backup copies will also come in handy should you accidentally delete a critical file or experience a hard drive failure.- Use robust antivirus software to protect your system from ransomware. Do not switch off the ‘heuristic functions’ as these help the solution to catch samples of ransomware that have not yet been formally detected.
- Keep all the software on your computer up to date. When your operating system (OS) or applications release a new version, install it. And if the software offers the option of automatic updating, take it.
- Trust no one. Literally. Any account can be compromised and malicious links can be sent from the accounts of friends on social media, colleagues or an online gaming partner. Never open attachments in emails from someone you don’t know. Cybercriminals often distribute fake email messages that look very much like email notifications from an online store, a bank, the police, a court or a tax collection agency, luring recipients into clicking on a malicious link and releasing the malware into their system.
- Enable the ‘Show file extensions’ option in the Windows settings on your computer. This will make it much easier to spot potentially malicious files. Stay away from file extensions like ‘.exe’, ‘.vbs’ and ‘.scr’. Scammers can use several extensions to disguise a malicious file as a video, photo, or document (like hot-chics.avi.exe or doc.scr).
- If you discover a rogue or unknown process on your machine, disconnect it immediately from the internet or other network connections (such as home Wi-Fi) — this will prevent the infection from spreading.
Category Archives: Virus / Malware
Malvertising
What is Malvertising and How Do You Protect Yourself?
Attackers are trying to compromise your web browser and its plug-ins. “Malvertising,” using third-party ad networks to embed attacks in legitimate websites, is becoming increasingly popular.
The real problem with malvertising isn’t ads — it’s vulnerable software on your system that could be compromised by just clicking a link to a malicious website. Even if all ads vanished from the web overnight, the core problem would remain.
You can certainly use Adblock to reduce your risk, but it doesn’t eliminate the risk. For instance, celebrity chef Jamie Oliver’s website was hacked not once, but 3 times with a malware exploit kit that targeted millions of visitors.
Websites are hacked every day, and assuming that your adblocker is going to protect you is a false sense of security. If you are vulnerable, and a ton of people are, even a single click can infect your system.
Web Browsers and Plug-ins Are Under Attack
There are two main ways attackers attempt to compromise your system. One is by attempting to trick you into downloading and running something malicious. The second is by attacking your web browser and related software like the Adobe Flash plug-in, Oracle Java plug-in, and Adobe PDF reader. These attacks use security holes in this software to force your computer to download and run malicious software.
If your system is vulnerable — either because an attacker knows a new “zero-day” vulnerabilityfor your software or because you haven’t installed security patches — just visiting a web page with malicious code on it would allow the attacker to compromise and infect your system. This often takes the form of a malicious Flash object of Java applet. Click a link to a shady website and you could be infected, even though it shouldn’t be possible for any website — even the most disreputable ones on the worst corners of the web — to compromise your system.
What is Malvertising?
Rather than attempting to trick you into visiting a malicious website, malvertising uses advertising networks to spread these malicious Flash objects and other bits of malicious code to other websites.
Attackers upload malicious Flash objects and other bits of malicious code to ad networks, paying the network to distribute them like they’re real advertisements.
You could visit a newspaper’s website and an advertising script on the website would download an ad from the ad network. The malicious advertisement would then attempt to compromise your web browser. That’s exactly how one recent attack that used Yahoo!’s ad network to serve malicious Flash ads worked.
That’s the core bit of malvertising — it takes advantage of flaws in software you’re using to infect you on “legitimate” websites, eliminating the need to trick you into visiting a malicious website. But, without malvertising, you could be infected in the same way after just clicking a link away from that newspaper’s website. Security flaws are the core problem here.
How to Protect Yourself From Malvertising
Even if your browser never loaded another ad again, you’d still want to use the below tricks to harden your web browser and protect yourself against the most common attacks online.
Enable Click-to-Play Plug-ins: Be sure to enable click-to-play plug-ins in your web browser. When you visit a web page containing a Flash or Java object, it won’t automatically run until you click it. Almost all malvertising uses these plug-ins, so this option should protect you from almost everything.
Use MalwareBytes Anti-Exploit: We keep banging on about MalwareBytes Anti-Exploit for a reason. It’s essentially a more user-friendly and complete alternative to Microsoft’s EMET security software, which is targeted more at enterprises. You could also use Microsoft’s EMET at home, but we recommend MalwareBytes Anti-Exploit as an anti-exploit program.
This software doesn’t function as an antivirus. Instead, it monitors your web browser and watches for techniques browser exploits use. If it notices such a technique, it will automatically stop it. MalwareBytes Anti-Exploit is free, can run alongside an antivirus, and will protect you from the vast majority of browser and plug-in exploits — even zero-days. It’s important protection every Windows user should have installed.
Disable or Uninstall Plug-ins You Don’t Frequently Use, Including Java: If you don’t need a browser plug-in, uninstall it. This will “reduce your attack surface,” giving attackers less potentially vulnerable software to target. You shouldn’t need many plug-ins these days. You probably don’t need the Java browser plug-in, which has been an unending source of vulnerabilities and is used by few websites. Microsoft’s Silverlight is no longer used by Netflix, so you may be able to uninstall that too.
You could also disable all your browser plug-ins and use a separate web browser with plug-ins enabled just for web pages that need it, although that will require a bit more work.
If Adobe Flash is successfully erased from the web — along with Java — malvertising will become much more difficult to pull off.
Keep Your Plug-ins Updated: Whatever plug-ins you leave installed, you need to ensure they’re kept up-to-date with the latest security patches. Google Chrome automatically updates Adobe Flash, and so does Microsoft Edge. Internet Explorer on Windows 8, 8.1, and 10 automatically updates Flash, too. If you’re using Internet Explorer on Windows 7, Mozilla Firefox, Opera, or Safari, ensure Adobe Flash is set to automatically update. You’ll find Adobe Flash options in your control panel or in the System Preferences window on a Mac.
Keep Your Web Browser Updated: Keep your web browser updated, too. Web browsers should automatically update themselves these days — just don’t go out of you way to disable automatic updates and you should be okay. If you’re using Internet Explorer, ensure Windows Update is activated and regularly installing updates.
While most malvertising attacks take place against plug-ins, a few have attacked holes in web browsers themselves.
Consider Avoiding Firefox Until Electrolysis is Done: Here’s a controversial piece of advice. While Firefox is still beloved by some, Firefox is behind other web browsers in an important way. Other browsers like Google Chrome, Internet Explorer, and Microsoft Edge all take advantage ofsandboxing technology to prevent browser exploits from escaping the browser and doing damage to your system.
Firefox has no such sandbox, although other browsers have had one for several years. A recent malvertising exploit targeted Firefox itself using a zero-day. Sandboxing techniques built into Firefox could have helped prevented this. However, if you do use Firefox, using MalwareBytes Anti-Exploit would have protected you.
Sandboxing is set to arrive in Firefox after years of delays as part of the Electrolysis project, which will also make Firefox multi-process. The “multi-process” feature is scheduled to be part of the stable version of Firefox “by the end of 2015,” and is already part of the unstable versions. Until then, Mozilla Firefox is arguably the least secure modern web browser. Even Internet Explorer has employed some sandboxing since Internet Explorer 7 on Windows Vista.
Currently, almost all malvertising attacks take place against Windows computers. However, users of other operating systems shouldn’t get too cocky. The recent malvertising attack against Firefox targeted Firefox on Windows, Linux, and Mac.
As we’ve seen with crapware moving over to Apple’s operating system, Macs aren’t immune. An attack on a specific web browser or a plug-in like Flash or Java usually works the same way across Windows, Mac, and Linux.
As posted on How To Geek
http://www.howtogeek.com/227205/what-is-malvertising-and-how-do-you-protect-yourself/
Credit: Chris Hoffman is a technology writer and all-around computer geek. He’s as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.
Fake Microsoft Support Scams Lead to Dire Consequences
For the last nine months, I’ve heard numerous stories from friends, family, and clients about calls they’ve supposedly received from Microsoft. Unfortunately, the calls are all scams that can have dire consequences. If you haven’t heard similar stories, they usually go something like this: a person calls and says that he is a tech with Microsoft that’s contacting you because your Windows-based computer is being monitored by them and is infected with a virus and he wants to help fix it. Over the course of the conversation, he’ll ask to remote into your PC, and ultimately tell you that the level of support required to fix it requires payment and that you’ll have to provide a credit card number. More nefarious scammers will then go the extra mile and install spyware on your machine to snag your passwords and other personal information, which could then be used to access your bank accounts or even steal your identity.
Fake Microsoft Support Scams Lead to Dire Consequences
This just can’t be repeated enough and I encourage all that read this article to spread the word to friend and family alike !
My experience:
Well, I just got off the phone with a couple of these scammers.
Of course, I knew right out of the gate that the call was a sham. The odds of Microsoft ever calling an end-user out of the blue are about as likely as Bill Gates giving away millions of dollars on Facebook because you shared a photo, so that’s the first clue. But I’m also experienced enough to know when a so-called technician doesn’t know his gigabits from gigabytes, and it wouldn’t have taken long to figure out the caller was full of it anyway.
Just in case you find yourself the target of one of these phone scams, or you want to inform your not-so-tech-savvy acquaintances about the possibility, I figured it would be beneficial to let you all know how the call went down. When I answered the phone, a heavily accented fellow explained that he was with Microsoft and that my ISP has contacted them because a Windows machine using my broadband connection was infected with a virus. He asked me to go to my Windows PC and requested that I perform some mundane tasks, like opening the web browser, and hitting a couple of websites–all the while telling me what I should expect to see on-screen. I assume this was some sort of half-witted ploy to gain my trust, but there was no chance of that happening. While the scam-artist was trying to prove his worth, I used the time to check e-mail and other unrelated things, I thought I’d waste as much of the guy’s time as possible, to prevent him from calling someone else and having more success.
After a while “checking websites” the scammer then had me open Event Viewer. He tried to explain the importance of the information contained in Event Viewer’s logs, and then used a rudimentary scare tactic that I suspect would work on casual PC users. He asked how many entries were in the system log (to which I happily answered 1337!), and tried to convince me that all of those entries were errors caused by the virus. He then took a more dire tone and asked me to check the Security and Application logs (again, I gave bogus numbers of 43 and 666!).
This was the point where the real scam was about to start. The caller used the number of events listed in Event Viewer to claim that the “infection” on my system was more severe than anticipated and that there would be a charge for any tech support services moving forward. He then asked for a credit card number. I refused to give him one and said I would only pay upon completion of the clean-up. As I mentioned earlier, I wanted to keep him on the line as long as possible, but I also wanted to see what tactics these low-lives were using to scam people. After my charade, the original caller put me on hold and said he had to forward me to a tech support manager who would continue to help me out.
The second man to take the line then directed me to logmein123.com and asked me to install some remote desktop software. I should point out that logmein123.com is totally legit (and actually a great tool), but the scammer planned to use it for no good. I went so far as to install the logmein123.com remote desktop client, so I could see what a correct user ID looked like, but did not give the caller the correct ID. I fed him some false IDs (again, to waste more time), and ultimately told the caller to megabyte me (in not so kind words) and they hung up after sharing a few choice words. Had I given him the correct ID, the caller would have been able to instantly access my PC.
If I was better prepared and had a virtual machine setup that I could sacrifice for the cause, I would have let the scammers do their thing and let them believe they’d infiltrated another unfortunate soul’s computer, but I wasn’t. It’s a shame too, because it would have been useful to see what (and where) they’d download and install. Regardless, I hope this little bit of information helps. If you’re the recipient of one of these calls, at least now you’ll know they are a scam, and if you have a little time of your hands you can waste the scammers’ time and limit the number of other folks they can prey on. And if you’ve already been targeted, be sure to check your system for malware and report the call to the FTC at 1-877-FTC-HELP
Fighting back
Report the scam
- In the US: File a complaint (FTC) | More information about online fraud
Report misleading ads
“TrustInAds.org comprises a group of Internet industry leaders that have come together to work toward a common goal: Protect people from malicious online advertisements and deceptive practices.” Report misleading ads here.
Shut down their remote software account
- Write down the TeamViewer ID (9-digit code) and send it to TeamViewer’s support (they can later on block people/companies with that information)
- LogMeIn: Report abuse
Spread the word
You can raise awareness by letting your friends, family, and other acquaintances know what happened to you. Although this may be an embarrassing experience if you fell victim to these scams, educating the public will help someone caught in a similar situation and deter further scam attempts.
Tech Support Blacklist
This list is being updated on a regular basis from our own investigations as well as from tips we receive from our readers. There are two main objectives with that list:
- To protect people who are about to call for tech support assistance and want to make sure the company has not already been listed.
- To provide assistance to victims that have already been conned and are googling the phone number they called or company they interacted with.
If a company is listed below, it meets at least one of the following criteria:
Criteria:
- #1 Pretends to be working for Microsoft or ‘Windows’.
- #2 Uses misleading tactics to force a sale (see an example here).
- #3 Finds viruses, malware or an infection on a perfectly clean system.
- #4 Validates a fraudulent popup or page as legitimate (see an example here).
List:
Company name and aliases: 24/7 PC Guard Website(s): 247pcguard.com Phone number(s): 1-888-855-7953 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000001
Company name and aliases: 365 Tech Help Website(s): 365techhelp.co/bng/slow-pc, fastsupport.com Phone number(s): 1-866-539-8804 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 09/27/2013 Incident ID: 0000002
Company name and aliases: Speak Support Website(s): speaksupport.com, 121usa.com Phone number(s): 1-800-806-0768 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 10/04/2013 Incident ID: 0000003
Company name and aliases: PC Smart Care Website(s): pcsmartcare.com, pcsmartcare.us Phone number(s): 1-855-569-5945 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 11/27/2013 Incident ID: 0000004
Company name and aliases: PC Mask Website(s): pcmask.com Phone number(s): 1-877-385-1667 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 11/28/2013 Incident ID: 0000005
Company name and aliases: My Tech Gurus Website(s): mytechgurus.com Phone number(s): 1-866-587-1775 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 12/11/2013 Incident ID: 0000006
Company name and aliases: MegaITSupport Website(s): megaitsupport.com Phone number(s): 1-888-939-3618 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 01/09/2013 Incident ID: 0000007
Company name and aliases: GBM Support Website(s): gbmsupport.net Phone number(s): 1-800-492-3960 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 01/23/2013 Incident ID: 0000008
Company name and aliases: Click4Support Website(s): lickforsupport.net, webtechmasterhelp.com, techsupportcenter.org, techsupportive.com Phone number(s): 1-855-668-8555 Affiliate(s): N/A Remote control software: LogMeIn: 292242 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 01/23/2013 Incident ID: 0000009
Company name and aliases: PC Toolkit Pro Website(s): pctoolkitpro.com Phone number(s): 1-855-803-1370 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000010
Company name and aliases: iGennie Website(s): igennie.net Phone number(s): 1-888-239-4339 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 01/30/2013 Incident ID: 0000011
Company name and aliases: Compute My PC Website(s): computemypc.com Phone number(s): 1-800-356-7697 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 01/31/2013 Incident ID: 0000012
Company name and aliases: TechFix Pro Website(s): techfixpro.com Phone number(s): 1-888-768-0082 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000013
Company name and aliases: iMax Support Website(s): imaxsupport.com, fix247.org Phone number(s): 1-800-247-0830 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 03/25/2014 Incident ID: 0000014
Company name and aliases: Internet Security Protect Website(s): internetsecurityprotect.com Phone number(s): (020)-3289-1596 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000015
Company name and aliases: All In One Tech Support Website(s): allinonetech.net, allinonetech.us Phone number(s): 1-800-487-9456 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000016
Company name and aliases: 1844desktop Website(s): 1844desktop.com Phone number(s): 1-884-337-5867 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000017
Company name and aliases: Comlogic Website(s): comlogicinc.com Phone number(s): 1-888-930-1033 Affiliate(s): N/A Remote control software: Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000018
Company name and aliases: PC Tech Clinic Website(s): pctechclinic.com Phone number(s): 1-855-486-4411 Affiliate(s): N/A Remote control software: LogMeIn: 152903 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 06/17/2014 Incident ID: 0000019
Company name and aliases: Condis Services Website(s): condiservices.com Phone number(s): 1-888-221-6490 Affiliate(s): N/A Remote control software: ISL: 19834912 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 06/17/2014 Incident ID: 0000020
Company name and aliases: aolrisk Website(s): aolrisk.com Phone number(s): 1-855-666-8849 Affiliate(s): N/A Remote control software: LogMeIn: 770772 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000021
Company name and aliases: 247 Support Experts Website(s): 247supportexperts.com, 3wayhelp.com Phone number(s): 1-888-221-1582 Affiliate(s): N/A Remote control software: LogMein: 146794 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 07/14/2014 Incident ID: 0000023
Company name and aliases: SysCare247 Website(s): syscare247.com Phone number(s): 213-260-2279 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: N/A Incident ID: 0000024
Company name and aliases: OMG Tech Help Website(s): omgtechhelp.com Phone number(s): 855-316-8324 Affiliate(s): N/A Remote control software: LogMeIn: 642695 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 07/21/2014 Incident ID: 0000025
Company name and aliases: OnVoiceSupport Website(s): omgtechhelp.com Phone number(s): 855-316-8324 Affiliate(s): N/A Remote control software: LogMeIn: 642695 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 07/21/2014 Incident ID: 0000026
Company name and aliases: Ecomputer Support Website(s): ecomputersupport.net Phone number(s): 1-877-360-0594, 1-855-820-8680 Affiliate(s): N/A Remote control software: LogMeIn: 432039 Payment processor: N/A Reason for blacklisting: #2, #3 Incident date: 07/23/2014 Incident ID: 0000027
Company name and aliases: E-Racer Tech (Clean IT PC) Website(s): e-racertech.com, cleanitpc.com Phone number(s): 1-855-486-1800, 1-877-648-7339 Affiliate(s): error711971669.com Remote control software: LogMeIn: 432039 Payment processor: N/A Reason for blacklisting: #2, #4 Incident date: 05/28/2014 Incident ID: 0000028
Company name and aliases: Cump Tech Media Pvt Ltd Website(s): xevoke.com,onlineinstanthelp.com Phone number(s): 1-855-209-0559 Affiliate(s): onlineinstanthelp.com/malwarebytes-us/download.html Remote control software: LogMeIn: 186024 Payment processor: CheckOut LTD Reason for blacklisting: #2, #3 Incident date: 07/31/2014 Incident ID: 0000029
Company name and aliases: Fast Fix 123 Website(s): fastfix123.com Phone number(s): 1-800-832-3088 Affiliate(s): N/A Remote control software: N/A Payment processor: N/A Reason for blacklisting: #3 Incident date: 08/22/2014 Incident ID: 0000030
Company name and aliases: ProcomSupport247 Website(s): procomsupport247.com Phone number(s): 1-866-456-2763 Affiliate(s): techsupportnumber.us/online Remote control software: LogMeIn: 162225 Payment processor: FreshBooks Reason for blacklisting: #1,#2,#3,#4 Incident date: 09/04/2014 Incident ID: 0000031
Company name and aliases: American Tec Help Website(s): americantechelp.com Phone number(s): 1-800-984-9830 Affiliate(s): N/A Remote control software: LogMeIn: Payment processor: N/A Reason for blacklisting: #1,#2,#3,#4 Incident date: 11/06/2014 Incident ID: 0000032
Company name and aliases: LiveTechOnCall, Live Tech On Call, AVIVO LLC Website(s): livetechoncall.com Phone number(s): 1-888-456-7041 Affiliate(s): N/A Remote control software: TeamViewer Payment processor: N/A Price: $509.97 Reason for blacklisting: #1,#2,#3,#4 Incident date: 12/10/2014 Incident ID: 0000033