Beware Careto

untitled (3)A new, extremely sophisticated malware of totally unknown origin has hit the web. It poses as your favorite news site and attempts you to click on intriguing links, then subsequently steals all of your sensitive information.

Recently malware tends to focus on one thing: it attempts to gain control of your personal information. Sadly, the days of 1995′s cyberpunk classic Hackers – where the whole point of malware was to be a nuisance and could be thwarted by typing the word “cookie” into a prompt — are over. For better or worse malware is no longer disguised as Cookie Monster’s face munching around a computer monitor, but are now disguised as your favorite sources of news.

Kaspersky Labs released an extensive report (PDF) regarding this new kind of malware. Dubbed Careto, the malware begins life as a phishing attempt, posing as an email from popular news websites. Once you click on the link, you’re brought to a website that scans your rig for vulnerabilities, then attempts to inject an infection through one of the newly discovered holes.

This time around, Mac users can’t deploy their infamous line regarding Macs not getting viruses, because there is a tailored Careto version for each major operating system — OS X, Windows, and Linux. Kaspersky also suspects that there are iOS and Android versions of Careto on the loose.

As I have said many time to protect yourself from these cyber attacks try sticking to these simple rules:

  • Only go to reputable websites.
  • Do not click on links on websites or email without making sure it is legitimate.
  • As far as email goes, only click on links or open attachments that you specifically asked for. If you are in doubt contact the sender directly and “ask before clicking”.
  • When you receive message prompts on your computer take the time to read what it is “saying it will do” before clicking “OK” or “next”.

Share This:

Spam 101

Ok tech bloggers here is a quick lesson regarding spam and how to best defend yourselves… and your data.

spam

What is Spam?

Spam includes unwanted messages sent over the Internet, typically to large numbers of users, for the purposes of advertising, phishing, spreading malware and more. Some spam is annoying but harmless. However, some spam is part of an identity theft scam or other kind of fraud. Identity theft spam is often called a phishing scam.

The Cost of Spam
  • Waste of time: People take a certain amount of time reading messages or taking action on them.
  • Storage overload: Spam consumes storage on the server until the recipient takes some action on it.
  • The loss of an important email that accidentally gets deleted along with the plethora of spam.
  • Communications overload: Spam blocks communication channels and creates traffic.
  • Malware carrier: Some spam carries email attachments that, if opened, can infect your computer with viruses or spyware.

Why Are There Spammers?

  • Marketing: Spammers are trying to sell a product or service but the messages they send are unsolicited bulk email.
  • Fraud: Spam sends to various email addresses to try to gain personal information and, once the personal information has been gained, fraudsters can use it to commit fraud, which could include financial institution fraud, credit card fraud, and identity fraud.

The Many Faces of Spam

  • Email spam
  • Instant messaging spam
  • Comment spam
  • Junk FAX
  • Internet telephony spam
  • Unsolicited text messages

The Engines of Spam

The major sources of email spam are:

  • Open relay—An open relay is a poorly configured SMTP server that allows anyone to relay messages through it to any other destination email address. Servers that are found to be open relays are often added to block lists.
  • Botnet—A group of compromised computers is referred to as a botnet, and is used by a spammer to send out millions of emails containing spam, phishing scams, and computer viruses.

 Spam Defense

“Anti-spam” refers to services and solutions that focus on blocking and mitigating the effects of junk emails.

There are a number of things you can do to stop spam email. Which ones suit you best will depend upon your needs, the type of email you generally receive, whether you have complete control over your email account, the number of legitimate correspondents you have, and how long you tend to keep your emails.

Users can also follow these procedures to help reduce the arrival of spam.

  • Address munging
  • No response to spam – Never ever respond to an email that you suspect to be spam.
  • Disabling HTML in e-mail – HTLM links in email messages can send you to spamming websites.
  • Disposable e-mail addresses: A disposable temporary address forwards email to a valid address.

Spam is a big problem for everyone from the individual user to the enterprises that depends on email communications to conduct business. With spam increasing, it is important to take a proactive stance and arm yourself with knowledge about the methods that spammers use so you can decide how best to implement strategies to block spam.

Share This:

Spyware 101

This week I had to “clean up” another work mate’s personal PC because of spyware (and a troublesome Trojan horse). This threat obviously is not taken seriously by many computer users and I am not sure why. This got me thinking that a little education was in order. I have covered this before, but I decided to take a little time to talk “Spyware 101”.

Basically, What is Spyware?
Spyware is software that’s installed without your consent, whether it be a traditional computer, an application in your web-browser, or a mobile application residing on your device. In short, spyware communicates personal, confidential information about you to an attacker. The information might be reports about your online browsing habits or purchases, but it can also be modified to record things like keystrokes on the keyboard, credit card information, passwords, or login credentials.

This software normally gets onto a computer by attaching itself to some other program that the user intentionally downloads and installs. Sometimes this is done completely discreetly, but other times the desired software will include information in the license agreement actually describing the spyware — without using the term “spyware” — and forcing the user to agree to install it in order to install the desired program. Alternatively, spyware can get into a computer through all the avenues that other malware takes, such as when the user visits a compromised website or opens a malicious attachment in an email.

What is the Harm Anyway?
Spyware can cause you two main problems. First, and perhaps most importantly, it can steal personal information that can be used for identity theft. If the malicious software has access to every piece of information on your computer, including browsing history, email accounts, saved passwords used for online banking and shopping in addition to social networks, it can harvest more than enough information to create a profile imitating your identity. In addition, if you’ve visited online banking sites, spyware can siphon your bank account information or credit card accounts and sell it to third-parties or use them directly.

The second, and more common, problem is the damage spyware can do to your computer. This is where I usually get the phone call. Spyware can take up an enormous amount of your computer’s resources, making it run slowly, lag in between applications or while online, frequent system crashes or freezes and even overheat your computer causing permanent damage. It can also manipulate search engine results and deliver unwanted websites in your browser, which can lead to potentially harmful websites or fraudulent ones. It can also cause your home page to change and can even alter some of your computer’s settings.

Controlling Spyware
The best way to control spyware is by preventing it from getting on your computer in the first place. However not downloading programs and never clicking on email attachments isn’t always an option. Sometimes, even a trusted website can become compromised and infect your computer — even if you’ve done nothing wrong.

Many people are turning to internet security solutions with reliable antivirus detection capabilities and proactive protection. If your computer is already infected, many security providers offer spyware removal utilities to assist in identifying and removing spyware. There are a number of free antivirus solutions available, such as Microsoft’s Security Essentials which promises unlimited protection at no cost. There are also excellent paid options as well to protect your PC, and yourself which I have covered many times in the past.

Spyware, and its associated malicious programs like malware and viruses, will always be a danger as long as you use an Internet connected device. As a result everyone who uses computing devices from PCs to tablets and even smartphones needs to take a little time and become aware of the real dangers of spyware.

Share This: