Our Adware Battle Continues

Over the past couple years, we have focused much attention on Ransomware, and that’s for good reason. However old threats are still here to make our digital lives miserable as well. One of the oldest surviving threats we continue to deal with is adware.

Image result for adware

Adware Today

There’s no denying that adware is a big problem. In fact 2016 saw a huge spike in Mac OS malware, mostly due to bundled adware. Google has tried tackling this problem by kicking known adware distributors out of the Play Store.

Google is perhaps the most aggressive trying to battle adware today because Android especially has seen a great deal of adware in recent years.

Earlier this year, a number of Android phones were discovered to have been infected with powerful adware. The “infection” took place somewhere between the factory, and the business that ordered them. That means some Android phones were purchased with adware pre-installed!

Avoid Download Portals

Desktops also continue to be targeted. One of the popular ways of infecting desktop PCs are through download portals. Many people continue to unwittingly use download portals that bundle adware and other unwanted programs with legitimate apps that people are looking for.

Unfortunately, these download portals show up at the top of search results and trick searchers into thinking they’re getting the best version of the app. When you are looking for a specific app take the time to go directly to the software provider’s website. If you do not – and you simply click on the first link in the search results you may be using a download portal which usually will give you a boatload of unwanted apps, in addition to the one you actually wanted.

* Yes – I know I used the words “download portals” five times in this section. That’s because I want you to remember what they are – so you can avoid them.

Keeping Alert for Adware

As with any other type of malware, the best way to deal with adware is to be aware if them – and what they are. Here are four things to watch out for.

If Ads Abound on Your PC – Don’t Panic But You Do Need to Act

If you’ve been infected with adware, you’re going to be seeing a lot of ads. Pop-ups, in-app ads, browser takeovers, and all sorts of other annoying behaviors might happen.

Different types of adware behave differently.

phishing ad
Image Credit: Fireofheart via Shutterstock

However one thing that they all have in common is that they will show you a huge number of ads. You’ll notice more ads, more insistent and pervasive ads, and ads outside of the locations where you usually see them. If you’ve been seeing any of this stuff, download anti-adware software right away.

Just don’t get it from…

Third-Party App Stores

If you stick to Apple’s App Store, the Google Play Store, the Chrome Store, and other first-party, controlled app stores, you will be much safer than if you use third-party options.

The same rule for desktop and laptop software applies. Unless the app isn’t available from the Windows or Mac app stores — and you can’t find it on the developer’s website — avoid third party software download sites.

Watch for the Warnings

Believe it or not, you will often be warned right before you download adware. It’s those small print terms and conditions that often go ignored. Take the time to read them if you really – really want that free app. There’s a good chance that they contain something useful. They’ll often tell you that you’ll be getting something else in addition to the software you’re looking for.

No matter where you’re getting an app, make sure to at least browse the terms and conditions first. You just might save yourself the hassle of trying to deal with the problem later.

Avoid Free Versions of Software

If you found a place to download Microsoft Office for free, run the other way. You’re not going to get high-end, fully featured apps without paying. Someone might be offering it, but they’re probably offering a few other things that they aren’t telling you about, very likely adware – or worse.

Even apps that are normally free often carry some sort of adware. Ironically a number of illegitimate anti-virus apps have been discovered to come bundled with malware.

Always be very careful about where you get your software.

What to Do If You’ve Been Infected

Here are some warning signs to watch out for.

Have you noticed a lot more pop-ups than usual lately? Or advertisements that you can’t close? If you see a new toolbar (these are very popular), a new default search engine (also a common symptom), new programs that you don’t remember installing, or new bookmarks in your browser, you are then more likely infected with adware.

Do your best not to interact with any of these ads, as that may make the problem worse. Close — force close, if you need to — those apps and download an anti-adware application as soon as possible. Here are three choices that will help you rid your computer of adware for free.

Malwarebytes AdwCleaner (Windows)

With one of the best reputations in the game, Malwarebytes is a company you can trust to clean up your computer. Its AdwCleaner software specifically targets adware and browser hijackers, as well as “potentially unwanted programs,” which could include toolbars and other questionable downloads.

AdwCleaner is free, and all you have to do is download it and run it. It doesn’t get much easier.

BitDefender Antivirus Free Edition (Windows)

Another company with a great reputation, BitDefender is at the forefront of anti-malware tech. This lightweight antivirus app protects you from all sorts of mayhem, including adware and spyware. It also packs anti-phishing and anti-fraud features for additional protection.

While you get more features out of the paid version of this app, the free option is still a great way to go.

Malwarebytes Anti-Malware (Mac)

While some of anti-adware software out there only works on Windows computer, Malwarebytes’ anti-malware software will protect your Mac from attacks. This extremely lightweight client is great even if your Mac is starting to get old and slow down.

Don’t make the mistake of thinking that Macs don’t get adware. They do. So download this now.

And if you’re looking for mobile anti-adware apps, check out Malwarebytes’ Anti-Malware. It’s free on the Play Store.

Be Proactive Against Adware

As with any type of malware, the best way to deal with adware is to not get infected in the first place. Make sure you have an up-do-date antivirus solution running on your computer, watch out for suspicious-looking sites, and remember that the best things in life aren’t free. Especially when it comes to software.

Share This:

The Wrath of Locky Part 2

One of the most common types of ransomware, “Locky” all but disappeared late last year. Sadly however this very dangerous cyber threat has reemerged and is worse then ever. Everyone should make themselves aware of this particular cyber threat – because once your data is infected – you may never see it again.

The New Locky Brings a New Infection Mechanism

This current wave of SPAM comes in the form of emails that pretend to be payment receipts with various subjects. According to an article by My Online Security, the email subjects include Receipt 435, Payment Receipt 2724, Payment-2677, Payment Receipt_739, and Payment#229, where the numbers change.

Locky SPAM Email
Locky SPAM Email

These emails include a PDF attachment with a name like P72732.pdf. When these PDFs are opened, the target will be prompted to open an embedded Word document as shown below.

Malicious PDF SPAM
Malicious PDF SPAM

If a user opens the file, the Word document will open and the target will be greeted with the typical Malicious word document prompt. That is the prompting to enable the macros by clicking on Enable Content in order to properly see the document.

Enable Macros in Malicious Word Document
Enable Macros in Malicious Word Document

When the macros are enabled, the macros are currently downloading an encrypted Locky binary from http://uwdesign.com.br/9yg65, decrypting the file, saving it to %Temp%\redchip2.exe, and then executing the file to begin the encryption process. Redchip2.exe currently has a 7/55 detection on VirusTotal.

Just like previous variants, Locky deletes Shadow Volume Copies using a Scheduled Task and appends the .OSIRIS extension to encrypted files.  You can see the task used below.


  
  
  
    IgnoreNew
    false
    false
    true
    true
    false
    
      PT10M
      PT1H
      true
      false
    
    true
    true
    false
    false
    false
    PT72H
    7C:\Windows\system32\vssadmin.exe
      Delete Shadows /Quiet /All
    
  

While encrypting files it will routinely send status updates to the Command & Control servers located at 188.120.239.230/checkupdate and 80.85.158.212/checkupdate. When done it will display the ransom note to let the victim know that they have been infected.

Locky Ransom Note
Locky Ransom Note

Unfortunately, at this time there is still no way to decrypt files encrypted by Locky.

Protecting Yourself Against Ransomware

As I continually recommend you should never open an attachment from a sender that you did not request. This goes for hyperlinks in email messages as well that you did not request. If you receive email messages from “lenders” or “creditors” regarding payments etc that include documents call the lender and speak to someone. Do not open the attachment p or click on the hyperlink unless you are 100% certain of its legitimacy.

Share This:

New Microsoft Word Threat Discovered

Image result for word macro virusJust yesterday I warned against a scam alert and now here is yet another threat that involves Microsoft Word. We live in scary times dedicated readers.

You might want to be extra careful about what files you open in Word over the next few days: Attackers are exploiting a previously undisclosed vulnerability in Microsoft Office to sneak malware into your system.

The zero-day bug fundamentally relies on infected Word documents, which then download malicious HTML applications disguised as make-belief Rich Text files. Once executed, the HTML application connects to a remote server and runs a custom script designed to stealthily install malware.

What is particularly worrying is that unlike regular macro hacks – which Office generally warns against when opening macro-enabled documents – the attack vector makes it difficult to prevent potential attacks.

This latest threat has to do with the Windows Object Linking and Embedding (OLE) function, which has been exploited on a number of occasions over the past few years.

The vulnerability affects all versions of Office, including the latest Office 2016 for Windows 10, according to the researchers.

Fortunately, a Microsoft spokesperson has confirmed that Microsoft will eliminate the issue with the release of its upcoming monthly update later on Tuesday, April 11.

Until then users should only run Office in Protected View mode as well as to refrain from opening any Office files obtained from untrusted locations.

Share This:

New Patch Arrives On Your iPhone Today

Today Apple is rolling out a new over the air (OTA) update for all iOS 10 users. Arriving as version 10.3.1, the latest patch isn’t a substantial one like iOS 10.3 which introduced important new features such as Find My AirPods, the Apple File System, and enhancements to Siri. Instead, the patch note simply states that “iOS 10.3.1 includes bug fixes and improves the security of your iPhone or iPad.”

A closer look at Apple’s security page sheds light on some of the content of the new update. A discoevred Wi-Fi flaw has apparently been fixed. It appears that this vulnerability could have allowed “an attacker within range” to execute arbitrary code on the Wi-Fi chip of your phone or tablet.
Apple releases iOS 10.3.1: See what's included in the new update10.3.1 is available as a free OTA update for anyone on iOS10, while you can also download it by connecting your device to iTunes. It weighs in at less than 30MB, so a Wi-Fi connection isn’t really all that necessary.

Share This:

Google Patches New Chrome Bug

Last week Google updated Chrome to patch several recently discovered vulnerabilities, including a bug in the browser’s JavaScript engine that a Chinese team tried to exploit at a recent hacking contest.

The update to version 57.0.2987.133 contained fixes for five vulnerabilities, one marked “Critical” — the most serious rating in Google’s system — and the others tagged “High.”

Of the four vulnerabilities ranked High, one was attributed to “Team Sniper,” one of five groups from Chinese company Tencent Security that participated in this year’s edition of Pwn2Own, one of the world’s best-known hacking contests. Pwn2Own ran March 15-17 alongside the CanSecWest conference in Vancouver, British Columbia.

Google noted that the bug used by Team Sniper was an “out-of-bounds memory access [vulnerability] in V8,” Chrome’s JavaScript engine. As is Google’s practice, it did not divulge any other information about the flaw. After several weeks, or even months — enough time for most users to update the browser — Google usually lifts the embargo on the bug report and its technical data.

No other individual researcher or team of hackers attempted to crack Chrome at Pwn2Own. Several successful attacks were conducted against other browsers during the contest, however, including five that compromised Microsoft’s Edge, four that broke Apple’s Safari and one which hijacked Mozilla’s Firefox.

Make sure you update your Chrome browser today. Here’s how:

Normally updates happen in the background when you close and reopen your computer’s browser. But if you haven’t closed your browser in a while, you might see a pending update:

  1. On your computer, open Chrome.
  2. At the top right, look at More More.
  3. If an update is pending, the icon will be colored:
    • Green: An update’s been available for 2 days.
    • Orange: An update’s been available for 4 days.
    • Red: An update’s been available for 7 days.

To update Google Chrome:

  1. On your computer, open Chrome.
  2. At the top right, click More More.
  3. Click Update Google Chrome. If you don’t see this button, you’re on the latest version.
  4. Click Relaunch.

The browser saves your opened tabs and windows and reopens them automatically when it restarts. If you’d prefer not to restart right away, click Not now. The next time you restart your browser, the update will be applied.

Share This:

Skype Hit with Ransomware Threat

If you use Skype*, do not respond to any pop-up messages similar to this one:

Several people have reported receiving “fake Flash” ads in Skype which, if triggered, can lead to a ransomware attack.

It has been reported that if an effort to infect a user’s PC with ransomware an advertisement appears followed by the above pop-up message. The triggered ad has obviously been designed to look like the real thing. Do not be fooled. The app, when opened, would download a malicious payload, which locks the user’s computer and encrypts its files for ransom.

Many other users in the past few days have also complained of similar issues with Skype’s in-app ads, with at least two other people having the same “fake Flash” ad into Thursday. I hope this problem has Microsoft re-considering in-app advertisements in Skype.

All signs point to this “fake Flash” ad as a spin off of a recent Locky ransomware campaign that also delivers a Kovter trojan, which remains on the system to carry out click-fraud and malvertising campaigns. Locky, which became one of the most notorious ransomware threats last year, uses a similar malicious JavaScript-based attack to lock computers, which execute directly on Windows without the help of any other app. I wrote about Locky back in May 2016. Check it out here.

* This threat does not involve Microsoft’s Skype for Business service.

Share This:

Was Apple Hacked – Is Your iPhone in Danger?

Apple’s iPhones and Apple IDs are a tough nut to crack for hackers, but it’s not impossible. At least that’s what a group of hackers seem to suggest, as they’re currently attempting to blackmail Apple for up to $100,000 before they start “remotely wiping millions of iPhones”. Can they actually do it? Should you be worried? It’s unclear at this point.

Apparently, the hackers have been in contact with Apple’s security team for quite a while now. They even posted a video on YouTube to prove they have actual access to iCloud accounts, access which can be used to remotely wipe iPhones.

Apple, understandably, doesn’t appear to be willing to pay up the ransom. “We firstly kindly request you to remove the video that you have uploaded on your YouTube channel as it’s seeking unwanted attention, second of all we would like you to know that we do not reward cyber criminals for breaking the law,” a screenshot of a message purportedly coming from an Apple security team member reads.

The hackers say they have access to more than 300 million Apple email accounts, including @icloud and @me domains. The number is the source of some confusion though, because a different hacker from the group claimed they had 559 million accounts in all. They have not explained how they gained access to Apple ID credentials.

The hackers are threatening to move forward with remotely wiping Apple devices on April 7th, unless Apple pays up.The problem here is that Apple has not publicly commented on the matter so far. On the off-chance that the hackers are indeed holding access to millions of iCloud accounts, you may want to consider changing your password to protect your Apple ID just to be safe. For the record I changed mine today – just to be safe.

Share This:

Our Privacy Has Just Been Sold

I do not normally post articles here that have a political angle however today news out of the US Senate resulted in this one – which should worry each and everyone of us.

This morning, Republican senators voted to remove Obama administration restrictions designed to keep internet service providers (ISPs) from selling our private data. The vote passed along party lines, 50-48. This means that very soon – your private data will more then likely be sold to the highest bidder – without your control or your knowledge.

The Current Situation with Your Internet Data

The policy, originally proposed by then acting FCC Chairman Tom Wheeler outlined clear guidelines for how ISPs were to handle your data. In short, they could not use it without your permission and they certainly were not able to share sensitive information like browsing history and location data with advertisers.

The Effect on Your Privacy Effected by this New Action

As of today, that rule is a step closer to being a memory. Congress essentially just opened the floodgates to some of the sleaziest corporations on the planet using your data however they see fit, and they did it while assuring each of us that it was in our best interest.

Worse, the ruling could put the FCC in danger of not being able to create similar ones in the future. According to the Congressional Review Act:

Once a rule is thus repealed, the CRA also prohibits the reissuing of the rule in substantially the same form or the issuing of a new rule that is substantially the same, “unless the reissued or new rule is specifically authorized by a law enacted after the date of the joint resolution disapproving the original rule.

If you’re wondering how we got here, follow the money: the 22 Republican senators behind the push to strike down the original ruling have pocketed more than $1.7 million from telecom companies since the 2012 election.

On its own, the lack of privacy each of us face on the internet is already a scary proposition. Removing the few guidelines that protect us from shady backroom deals is outright terrifying.

This is just the opening shot in an on-going war. Already through the Senate, up next is the House of Representatives, where it’s expected to get the needed number of votes thanks to a Republican-controlled House voting along party lines, and finally Trump’s desk. He’s expected to sign the bill.

It’s no secret what Trump and his Republican-controlled Congress plan to do to the internet: shift control to corporate interests. Newly-installed FCC chairman, Ajit Pai has made it clear he intends to dismantle net neutrality rules. Last month, he even went as far as blocking language in the privacy rules that required ISPs to adopt reasonable security measures to protect our data, and notify each of us when a breach occurs.

 

Overturning net neutrality guidelines, when coupled with a complete lack of privacy, seems to put all of us on a one-way collision course with the antiquated cable TV model. That means tiered pricing, prioritized service, and always-on monitoring of your internet activity. And thanks to this sacrifice at the alter of capitalism, ISPs are set to profit handsomely while doing away with any notion of an open internet.

For the rest of us, we’re at the mercy of a group of rich suits, a group we’re now trusting to ethically handle data containing our most sensitive information.

Share This:

Ransomware Strikes PA Dems

The threat of Ransomware is something we have written about much and now it seems that this scourge has infected the Pennsylvania State Democrats.

Pennsylvania’s Senate Democrats yesterday reported that they are in contact with the FBI and state attorney general’s office after a “ransomware” cyberattack shut down their computer systems.

The attack Friday left lawmakers and staff in the caucus unable to access their computer network or data.

Senator Jay Costa states that the ransomware attack was discovered Friday morning. Citing the investigation, caucus officials are not saying what, if any, ransom was demanded.

A ransomware attack is typically aimed at stealing sensitive information in an attempt to be paid for the data’s return, often in a digital currency.

Democratic Govenor Tom Wolf’s office states that the attack hasn’t affected the state’s networks, which are separate from the Senate Democrats’ computers. An FBI spokeswoman in Philadelphia didn’t immediately have any information about the case. The attorney general’s office says it is taking the cyberattack very seriously.

What is Ransomware?

Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.

Protecting Yourself Against Ransomware

The best defense against ransomware is to outwit attackers by not being vulnerable to their threats in the first place. This means backing up important data daily, so that even if your computers and servers get locked, you won’t be forced to pay to see your data again.

The primary method of infecting victims with ransomware involves every hacker’s favorite bait—the “spray-‘n’-pray” phishing attack, which involves spamming you with emails that carry a malicious attachment or instruct you to click on a URL where malware surreptitiously crawls into your machine. The recent ransomware attacks targeting Congressional members prompted the House IT staff to temporarily block access to Yahoo email accounts, which apparently were the accounts the attackers were phishing.

Share This:

Windows Defender Matures & Improves

If you are using Windows 10, I am happy the report that Microsoft’s built-in security application, Windows Defender is finally growing up. This is important because if you can trust Windows Defender on your Windows 10 PC you will save yourself some money because you will not need to purchase a third party security application.

The Creators Update will include a new Windows Defender Security Center. It’s basically a hub where users can go to see if there are any security concerns for their system, and if any do exist they can easily address them. It’s also a place to customize security across five different pillars. Here is what Microsoft has to say about each one:

  • Virus & threat protection provides a new view of your antivirus protection whether it’s Windows Defender Antivirus that comes free with Windows 10 or AV software from one of our ecosystem partners. If you’ve chosen Windows Defender Antivirus, your scan results and threat history will be displayed here, or you will be able to launch your 3rd party AV protection app directly from this screen.
  • Device performance & health provides a single view of your latest Windows updates, drivers, battery life and storage capacity. Additionally, you have the option to start fresh with a clean install of Windows using the Refresh Windows feature. This option will keep your personal files and some Windows settings, and remove most of your apps for a fresh start that can help with performance improvements should your device need them.
  • Firewall & network protection provides information on the network connections and active Windows Firewall settings, as well as links to network troubleshooting information.
  • App & browser control allows you to adjust settings for SmartScreen for apps and browsers helping you be more informed and stay safer online by warning you of potential malicious sites, downloads and unrecognized apps and files from the Internet.
  • Family options gives you an easy way to connect to the family options available online. This page can link you to information about parental controls, options for setting up good screen time habits, setting up activity reports of your kids’ online activity and managing controls for purchasing apps and games. You can also view the health and safety of your family’s devices from this centralized location.

This is an effort by Microsoft to streamline Windows 10’s advanced security features so that users have a better understanding of how they’re protected and can more easily make changes.

The Creators Update will also look to close gaps in security. For example, if you have a third-party antivirus program installed and it expires, Windows Defender Antivirus will automatically become the default option until you take further action. Some people may find that annoying, though Microsoft is choosing to err on the side of caution.

I am part of the Windows Insiders Team and therefore I have been using Windows Defender Security Center for a few weeks now. So far I like what I see. It will be available to everyone else when the Creators Update rolls out, which is expected to happen in April.

Share This:

1 2 3 35