How does Advanced Identity Protector install on your PC?

We hope some of you must be aware of this Windows-based utility name as “Advanced Identity Protector But, few of them might be still unknown with this term. Isn’t it?

Well, want to know aboutAdvanced Identity Protector in detail, let us undergo the study of What is advanced identity Protector?

remove Advanced Identity Protector

Advanced Identity Protector is a Window-primarily based software that needs to protect your status while online. It allows some characteristics like scanning of net browsers, emails, and registry entries. It can also clean out proofs of private information used at the browser’s online forms.

But, recently a survey regarding Advanced Identity Protector came into existence and the study says:

“The primary executable setup named as advancedidentityprotector.exe. The setup kit usually installs about 19 repositories and usually about 35.16 MB (36,869,660 bytes). Comparative to the overall usage of users who have this installed on their PCs, most are working on Windows 10 and Windows 7 (SP1). While about 89% of users who are a part of Advanced Identity Protector grows through the United States, and it is also widespread in Australia and the “United Kingdom.”

Advanced identity Protector is the PUP (potentially unwanted programs) that uses deceptive methods to block the elimination of the unwanted packages.

Advanced Identity Protector Is safe or unsafe?

Advanced Identification Protector isn’t always an entirely precise application although it demands that it could easily block identity theft.

Instead, it is recognized as a probably unwanted application by using many specialists. Therefore, we can say it’s not completely accurate software.

It’s our responsibility to warn you that it has already been classified as scareware because it prompts fake warnings and then promotes its licensed version. Further, we will this article will provide you the brief information about How does Advanced Identity Protector install on your PC?

Firstly, Advanced Identification Protector appears to be a useful device to shield private records while surfing the net. However, there had been reports that this software connects some adware and potentially unwanted program (pup). Moreover, a few browser redirects force pc users to reach advanced identification Protector’s legitimate website and trick them into downloading and paying for this application. In some instances, the visited web page will trouble a fake warning pointing out several troubles discovered on the computer. Then, it’s going to recommend them to call (855) 737-4053. This customer support is some other phase that aims to lie to the user to download an advanced identification Protector.

Once advanced identification Protector is hooked up at the computer, it can run a scan all through windows start-up. Then, the program will identify dozens of risks found at the pc. The user might be prompted for a group of identity traces; however, solving this difficulty requires the user to pay for the overall version of advanced identification Protector. It’s an explicit money-making scheme by way of rogue software authors. Scare techniques widely used to mislead customers into buying unknown and suspicious tools.

Thus, we can say “Advanced Identity Protector” is a highly controversial application that has marked as “potentially unwanted.”

NOTE: (“Advanced Identity Protector” adds a registry entry for the current user which will enable the application to start whenever it gets rebooted automatically. It might schedule a job to add Windows Task Scheduler to begin the program at scheduled multiple times (Variation in schedule time depends on the version).

Rather than losing money to fix the computer with the registered version of advanced identity Protector, we highly recommend you to remove/ uninstall Advanced Identity Protector as soon as possible. Then, run an intensive scan of the anti-malware software. It may find and delete any items linked to the rogue application and other PUP’s.

Although, there are numerous ways to eliminate such malicious spyware from your PC.

Here, are the few easy approaches with which you can remove Advanced Identity Protector from your PC.

How to remove Advanced Identity Protector?

For the removal of such type of PUP, there are two simple methods mentioned below accordingly:

  • Automatic Mode
  • Manual Mode

Automatic mode

  • Your first step is to download a “Free Malware Removal Tool” like Malware Crusher, ITL Anti-Malware from the approved website.
  • After downloading the removal tool, Install it.
  • After the installation procedure, it will automatically begin the scanning process.
  • Ultimately, your PC is freed from malware.

Manual Method.

Rule 1:

You can uninstall Advanced Identity Protector from Control Panel.

  • Press Ctrl + Shift + Esc concurrently.
  • It will show you the ‘Windows Task Manager.’ Window. But, make sure that you are searching for the application tab. Further, look for Advanced Identity Protector. If found, then select it and click on End Task.
  • Now you can close the task manager.
  • Again, you need to open the control panel from the start menu or by holding Windows key + R key at the same time.
  • It will bring up the “RUN” box now in this box you need to type ‘appwiz.cpl.’ and tap “OK.”
  • From the ‘program and features’ panel, you will see the list of all installed programs.
  • Perform a Right Click on ‘Advanced Identity Protector’ and uninstall it from your system.

Rule 2:

Remove “Advanced Identity Protector” extensions from Chrome, Internet Explorer, and Mozilla Firefox.

Here, are the necessary steps to remove Advanced Identity Protector from various browsers like Chrome, Internet Explorer, Mozilla Firefox, all the removal steps for the same are listed down, please follow them accordingly:

  • Google Chrome

Step 1: Open “Google Chrome” main menu, click to the “Settings” option.

Step 2: Drag down the page to the lowest > select advanced link option.

Now scroll down the page until you get the choice for Reset settings and press the “Reset settings to their specific defaults” button.

Step 3: Click the “Reset” button, to restore settings to their original defaults.

  • Internet Explorer

Step 1: At first launch “Microsoft Internet Explorer” > Click ‘gear’ icon.

(It will navigate you to the drop-down menu on the top-right corner of the internet browser > go to “Internet Options” and click it).

Step 2: In the next window of “internet options,” pick the “advanced” tab, > click on the “Reset” button.

(Microsoft Internet Explorer will open “Reset Internet Explorer settings” dialog box > press the “Delete personal settings” check box to select it > click the “Reset”).

Step 3: As soon as the operation gets done > click the “close” button.

  • Mozilla Firefox

Step 1: Launch Firefox > press the menu button with three horizontal lines shown at the top right corner of the web-browser display screen > click on “help” option at the lowest of the drop-down menu. It’s going to show the slide-out menu.

Step 2: Select the “Troubleshooting information.”

If you can’t access the Help menu, then type “about support” in your address bar and press Enter.

Step 3: Click the “Refresh Firefox” button at the top right of the Troubleshooting Information page.

Pick out “Refresh Firefox” inside the confirmation prompt.

The Firefox will automatically initiate the process to fix issues caused by the adware that responsible for the appearance of Gstatic popup ads.

Once the task gets completed > click the “finish” button.

You can also delete “Advanced Identity Protector” from your system and we highly recommend you to use the Malware Removal Tool, i.e., Malware Crusher (To scan your computer with anti-malware software and let it do its task).

Use Malware Crusher to stay protected from all such type of threats, and make your system performance up-to-date.

Also, recommending you ITL Antimalware- Keeps your system protected from all type of malicious attacks.

Preventing measures to keep your system secure against virus and malware:

As you must be now aware of Advanced Identity Protector. Below mentioned are the few preventing guidelines to keep your gadget Malware free:

  • Set/ Allow permissions to block pop-ups

Pop-up ads, notification on the websites are the most questionable tactics spread by cybercriminals to expand a web of malicious programs.

So, we suggest you to avoid clicking on uncertain sites, software offers, pop-ups, etc.

Suggesting you install an effective ad- blocker for browsers like Chrome, Mozilla, and Internet Explorer.

  • Maintain and Update your Windows

To maintain your system’s performance and keep them free of virus or infections, we recommend you always to keep your Windows updated.

With this operation, you can keep your device free from virus/adware.

  • Avoid “Third-party” installation

An alert not to install any third-party software or program, as it may result in your system in danger.

Stop downloading/ installing “Bundling” software.

  • Daily/ regular Backup for smooth-running of your system

Daily and proper backup of the system helps you to keep your data safe and secure.

For any cause, if your system infected by any virus. Thus, it’s better to keep backup for your important files regularly on a cloud drive or an external hard drive.

  • Try to put on Anti-Virus for your system

Prevention is higher than cure.

We recommend you to install an antivirus or a Malware Removal Tool like Malware Crusher for the betterment of your system to enhance its performance.

Avoiding Email Scams with 10 Easy Tips

Recently I have been asked about a couple of suspicious email messages, which were both of course not legitimate messages but scams in which the sender, a truly bad guy was “phishing” in order to steal money from the receiver.

Every day countless phishing emails are sent to unsuspecting victims all over the world. While some of these messages are so outlandish that they are obvious frauds, others can be a bit more convincing. So how do you tell the difference between a phishing message and a legitimate message? Unfortunately, there is no one single technique that works in every situation, but there are a number of things that you can look for.

1: The message contains a mismatched URL

One of the first things I recommend checking in a suspicious email message is the integrity of any embedded URLs (or website addresses). Often the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is more then likely fraudulent or malicious.

2: URLs contain a misleading domain name

People who launch phishing scams often depend on their victims not knowing how the DNS naming structure for domains works. The last part of a domain name is the very telling. For example, the domain name info.brienposey.com would be a child domain of brienposey.com because brienposey.com appears at the end of the full domain name (on the right-hand side). Conversely, brienposey.com.maliciousdomain.com would clearly not have originated from brienposey.com because the reference to brienposey.com is on the left side of the domain name.

I have seen this trick used countless times by phishing artists as a way of trying to convince victims that a message came from a company like Microsoft or Apple. The phishing artist simply creates a child domain bearing the name Microsoft, Apple, or whatever. The resulting domain name looks something like this: Microsoft.maliciousdomainname.com.

I have found that sadly this often works because most people trust companies like “Microsoft” and “Apple” so when long standing names like this are used people often let their guard down. The lesson here is to never let your guard down when it comes to email messages.

3: The message contains poor spelling and grammar

Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality, among other things. So if a message is filled with poor grammar or spelling mistakes, it probably did not come from a major corporation’s legal department.

4: The message asks for personal information

No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. Your bank does not need you to send it your account number. It already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

5: The offer seems too good to be true

There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.

6: You didn’t initiate the action

Just yesterday I received an email message informing me I had won the lottery! The only problem is that I have never-ever bought a lottery ticket. If you get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.

7: You’re asked to send money to cover expenses

One telltale sign of a phishing email is that you will eventually be asked for money. You might not get hit up for cash in the initial message. But sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens, you can bet that it’s a scam.

8: The message makes unrealistic threats

Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it’s probably a scam. Let me give you an example.

Just recently a workmate received an official looking email that was allegedly from a co-worker. The email went on to ask for our “account number” and “routing number”. Although it appeared to be an email from one staffer to another staffer the email originated from a hidden domain and as I mentioned in Tip #3 the spelling and grammar was poor.

Also – As I mentioned in Tip #4 – legitimate companies will not ask for sensitive information by email and you – of course should never-ever send this type of information via email.

9: The message appears to be from a government agency

Phishing artists who want to use intimidation don’t always pose as a bank. Sometimes they will send messages claiming to have come from a law enforcement agency like the IRS, the FBI, or just about any other entity that might scare the average law-abiding citizen.

I can’t tell you how government agencies work outside the United States. But here, government agencies do not normally use email as an initial point of contact. That isn’t to say that law enforcement and other government agencies don’t use email. However, law enforcement agencies follow certain protocols. They do not engage in email-based extortion.

10: Something just doesn’t look right

In Las Vegas, casino security teams are taught to look for anything that JDLRjust doesn’t look right, as they call it. The idea is that if something looks off, there’s probably a good reason why. This same principle also applies to email messages. If you receive a message that seems suspicious, it is usually in your best interest to avoid acting on the message.

The War Against Bloatware

When you buy a new Windows PC, you expect it to be clean and lean, starting up fast and speeding through your work as quickly as you need it to.

The truth is, most Windows PCs start off slower than they should be, clogged with unnecessary preloaded software. Known as bloatware this software comes in many different forms. While most bloatware is not dangerous it can slow down your system and take up space on your hard drive.

How much does bloatware actually slow down your PC? It’s hard to say, but there are some indications that it can have a considerable effect. Microsoft sells a line of what it calls Signature PCs, computers that are free of third-party software. For example the Surface Pro 3 I am using to write this article is one of them. According to the product page, on average, the Signature PCs start up 104% faster, shut down 35% faster and have 28 minutes more battery life than the same laptops with bloatware. These are truly impressive figures.

In this article we will discuss the most common types of bloatware you’ll encounter, how to uninstall it and how to buy bloatware-free PCs.

Why Bloatware Me Man?

Why do PC vendors put additional software on new machines in the first place? Sometimes it’s simply in order to offer tools that will add functionality to their systems. But most often, it’s because including third-party applications are an additional source of revenue.

Generally, on Windows machines, you encounter two kinds of preinstalled software: The applications that run on the more old-fashioned desktop interface and apps that run on the touch-oriented tablet mode. I find the latter to be less intrusive because they’re visible as tiles — so it doesn’t take a lot of deep digging to find and uninstall them. Desktop applications that have been preinstalled can be a lot harder to find, especially for less techie users, who may not even realize they have unwanted software until it activates and pops up on their screen.

Within those two categories, there are a number of different types.

Trialware

Trialware is software that you get to use for free for a certain amount of time, but that you have to pay for if you want to use it after that — for, say, 30 days or six months. Among the most common kind of trialware is security software made by companies such as McAfee and Norton.

An advantage to this type of software is that it’s up-front — in fact, it has to be, because the software company wants you to use it and then, hopefully, buy it. In fact, It’s not uncommon for PC makers to publicize the trialware that comes with their computers, assuming that many people will consider that a benefit. Another advantage is that this type of add-on is usually easily uninstalled.

Utilities & Apps

Manufacturers frequently include their own software on PCs they sell. For example, Lenovo often includes its Lenovo Solution Center, a maintenance application that does things such as checking your hardware for problems, and making sure you update software.

PC vendors often also pre-install full versions of specialized third-party software. For example, Cyberlink Media Suite, a common add-on, has a set of tools for creating videos, editing photos, playing DVDs and other media, burning media and more. Cyberlink also makes the PowerDVD software that you’ll sometimes find on Dell PCs. Nero, a tool for burning CDs and DVDs, is another popular one.

In some instances you can uninstall the software, and in other instances you can’t. Whether you consider such add-ons to be a bonus or needless bloat depends on how likely you are to use them. Note that in many cases, these utilities duplicate functionality that’s already present in the Windows OS.

Adware

Finally, there’s adware, a particularly nasty form of bloatware that exists solely to pump ads to the user, either via websites or via popups that come up directly on your computer screen. Adware can do worse than irritate you and/or slow your PC down — it can spy on you as well, or expose your system to other dangers.


PART 2


Uninstalling Bloatware

So what to do about bloatware on your PC?

In some cases you can remove it simply by uninstalling it. A good strategy when you get a new system is to check it for software before you install any applications of your own and uninstall any programs you know you won’t want. (If you’re not sure whether you want it or not — even after doing a bit of research — then simply note its existence so that you can go back and remove it later if you want to.)

On the other hand, there are preinstalled programs that most users can’t do anything about. For example, Samsung was, for a while, selling its systems with preinstalled software called SW Update that was designed to handle updates for Windows, drivers and associated software. However, a small program inside SW Update called Disable_Windowsupdate.exe blocked Windows Update from working properly — and could not be removed. On June 26, 2015, Samsung changed the software to allow Windows Update to work correctly.

If you’ve got bloatware on your system that can’t be easily uninstalled — or if you suspect there is bloatware on your system that isn’t immediately obvious — there are a number of tools that might be able to remove it for you. The following are the ones I’ve found to be most useful.

The PC Decrapifier 

This free application is designed to find common bloatware installed on systems. It runs as a single executable file, so you can run it from a USB drive if you’d like.

pc decrapifier

The PC Decrapifier reports its results using three categories: Recommended, Questionable and Everything Else.

The software first takes several minutes to analyze your system. After that, it categorizes what it finds into three categories: Recommended, Questionable and Everything Else. Recommended lists software that it recommends you uninstall; Questionable lists software you might want to uninstall; Everything Else lists software about which it has little or no information.

Each lists the name of the file, the type (Application or Startup) and the percentage of PC Decrapifier users who end up uninstalling it. So in essence, The PC Decrapifier relies on the wisdom of its users to determine what is bloatware and what isn’t. You then check the box next to each application you want to uninstall and the application does the rest.

Unfortunately, the program doesn’t really provide you enough information to decide on your own whether to uninstall a piece of software. For example, when I ran it on my four-year-old Dell PC, it recommended uninstalling startup software it only identified as ehTray.exe and NvCplDaemon. Clicking the small question mark next to each launched a new browser instance, but with no useful information. I had to do a Web search to identify and decide about any pieces of software I didn’t immediately recognize.

The upshot? PC Decrapifier is a useful tool, but be prepared to do a bit of research on your own if you want to be safe.

Should I Remove It?

Like PC Decrapifier, the free program Should I Remove It? uses crowdsourcing to determine which software should be removed and which shouldn’t. For each program it finds, it shows not only the percentage of other users who removed it, but also the rating they gave to the program itself, which is more helpful than the simpler data that The PC Decrapifier offers.

should i remove it

Should I Remove It? recommends what to get rid of and what to keep — in this case, on a Dell PC.

Should I Remove It? displays all the programs it finds on your PC and color-codes them according to the removal rates — red for most removed, orange for moderate removal rates, green for low. On my old system, it found no reds, and only two orange: Dell System Customization Wizard and Dell Documentation Launcher. It rated the Google Updater and a Nook PC app as green. It didn’t find or list any startup programs such as ehTray.exe andNvCplDaemon.

What’s truly exceptional about Should I Remove It, though, is not the program itself, but the accompanying website, which has a tremendous amount of detail about bloatware. Use it as your go-to source. The site has capsule descriptions of each piece of software to help you decide whether you think that application belongs on your system. Unfortunately, though, unlike The PC Decrapifier, Should I Remove It? doesn’t report on startup items.

Slim Computer

The free Slim Computer, like The PC Decrapifier and Should I Remove It?, uses crowdsourcing to determine which software on your PC is bloatware, and then lets you decide which to remove and which to leave. Unlike the other two, however, it also looks at browser extensions, plugins, ActiveX objects and other add-ins that might be considered bloat.

Before you run a scan, it’s a good idea to go to Settings –> Advanced and change the Scanner Threshhold mode from Default to Aggressive. Default mode is designed for computer novices who might not be able to understand which software to remove and which to keep — it’s safer, but doesn’t find all potential problematic programs. Aggressive finds more and is your best bet.

slim computer

Sim Coputer offers recommendations on which software to remove from a Dell PC.

To start the process, click Scan, and after a few minutes, items that you might want to remove will appear in four categories: Applications, Browsers, Startup Items and Shortcuts. The list in each category includes the name of each program, the publisher (if available) and recommendations as to whether to remove it based on what other Slim Computer users have done.

Where Slim Computer shines is in the information it provides about each item. Click a More Info link and you’ll get a description of the software and what it does, the number of people who have recommended removing or keeping it, and individual comments that people have made about it. It’s a great way to help you decide whether to keep the software or remove it.

For information about browser extensions, plugins, ActiveX and other browser additions you might want to remove, you click Browsers in the left-hand column and then click the icon for Internet Explorer, Firefox, Chrome, Opera or Safari. You’ll then see a list of the add-ins for each browser, along with ratings and the More Info button. And near the top of the screen you’ll see the default search engine for the browser you’re currently looking at — just in case something changed your default search engine without your say-so.

ADW Cleaner

Slim Computer should remove all toolbars and similar browser bloatware, but if you want to make sure it’s all gone, give the free AdwCleaner a try. Run it, click Scan, and after it finishes its work, click the listings it generates for each of your browsers to see what kinds of toolbars and bloatware it found. It also looks through your Registry, scheduled tasks and services.

adwcleaner

AdwCleaner, after scanning a newly-bought Lenovo PC.

Uncheck the boxes next to the items you don’t want cleaned, then tell the software to clean out everything else. Before doing that, make sure to close all your programs, because otherwise AdwCleaner will do it for you and you might lose data. It will also restart after it does its cleaning, and create a text file that contains a summary of everything it found, and everything you had it clean.

Other Tools

It’s also not a bad idea to install at least one anti-adware tool, which will look for all kinds of adware, not just ones preloaded on PCs.

Examples include Ultra Adware Killer, which is efficient — but be sure that you carefully check what it identifies as adware before telling it to remove it. For example, it considers the AVG Security Toolbar as adware, which you may or may not want to get rid of.

Two freeware applications that handle both malware and spyware are Spybotand Malwarebytes Anti-Malware.

Buy Bloat Free PCs

The best thing, of course, is to buy a clean Windows computer. That’s easier said than done — you can’t just walk into a Best Buy or order a PC online and expect it to be bloatware-free.

However, there are places to turn for bloatware-free PCs. For example, Microsoft has its previously mentioned Signature Edition PCs. However, keep in mind that you may end up paying more — for example, as I write this, a Samsung ATIV Book 9 laptop with 256GB of storage costs $1,199 as aSignature Edition on the Microsoft site, but sells for $1,100 online from Newegg.

Lenovo has pledged that its Windows 10-loaded PCs will be free from bloatware.

If Lenovo truly does eliminate bloatware on its PCs as the company promises, it may well be that other vendors will eventually follow suit.

Until then, though, most of us who use Windows PCs will have to live with bloatware as an accepted industry practice. So go back through the advice in this article to make sure your new PC is as free of bloatware as possible and then use the right tools to get rid of whatever rode in that you don’t want.

Cyber Threat Shifts from Spam to Malware

There may finally be some good news in the war against spam. The overall percentage of spam among e-mail messages dropped an amazing 49.7 percent last month, the lowest level since 2003. This is the first time the figure has been below 50 percent in more than a decade, according to a new study by Symantec.

spam email

Symantec reported these figures in its “Symantec Intelligence Report” for the month of June. Enterprises in the mining sector had the highest spam rate, at 56.1 percent, according to the report. The manufacturing sector was a close second at 53.7 percent. The finance, real estate, and insurance sectors had the lowest of any industry, at 51.9 percent.

It is apparent that spammers treat all businesses the same with regard to size. On average, companies experienced a spam rate of between 52 percent and 53 percent no matter the number of employees. The only variance to this pattern was companies with 251-500 employees, which experienced a 53.2 percent spam rate.

Spam Appears on the Decrease While Malware Increases

Despite the good news with spam, there were several troubling observations I found in Symantec report. There was a grand total of 57.6 million new malware variants reported in June, up from 44.5 million created in May and 29.2 million in April. The increase in malware variants indicate, something that many of us already knew. Hackers are changing tactics and shift to the very dangerous cybercrime tool of malware, as opposed to spam and phishing,

In addition to the increase in malware variants, ransomware attacks were up in June, with over 477,000 detected during the month. While still below the levels seen at the end of 2014, June represented the second month in a row that ransomware attacks increased since reaching a 12-month low in April. Crypto-ransomware was also up in June, reaching the highest levels since December.

On social media, meanwhile, hackers continued to rely primarily on manual sharing attacks, which require victims to propagate the scam by sharing content themselves.

Airline Cancels Flights Due to Malware

Here is yet another example of how cyber crime is finding its way into our real lives.

LOT Polish Airlines was forced to cancel 10 flights scheduled to depart from Warsaw’s Chopin airport on Sunday after hackers attacked its ground computer systems.

The IT attack, which was not described in detail, left the company unable to create flight plans for outbound flights, grounding around 1,400 passengers.

The company said that plane systems were not affected and aircraft that were already in the air were able to continue their flight or to land. The incident affected only the ability of planes to depart from the airport for several hours.

It’s not clear what kind of attack it was and whether it was the hackers’ intention to ground planes or if the systems were taken offline as part of incident response procedures.

LOT Polish Airlines did not immediately respond to a request for more details.

This is not the first time hackers or malware have affected computer systems belonging to airports or airlines, although it’s one of the rare cases where such an attack actually had an impact on flight schedules.

This incident demonstrates that while attacking in-flight systems may have made headlines recently, there are many more areas of vulnerability to address in the aviation industry, Like most industries today, aviation relies on a wide variety of interconnected systems, from air traffic control to reservations systems.

Energy Sector Attacked by Malware

Malware is a plague on our personal security. Today yet another malware security threat has arrived from the energy sector.

The program, named Trojan.Laziok by researchers from antivirus vendor Symantec, was used in spear-phishing attacks earlier this year against companies from the petroleum, gas and helium industries.

The attacks targeted companies from many countries in the Middle East, but also from the U.S., India, the U.K., and others.

The Trojan is spread via emails with malicious documents that exploit a Microsoft Office vulnerability for which a patch has existed since April 2012.

“If the user opens the email attachment, which is typically an Excel file, then the exploit code is executed,” the Symantec researchers said Monday in a blog post. “If the exploit succeeds, it drops Trojan.Laziok, kicking off the infection process.”

Trojan.Laziok is mainly used to determine if a compromised system is worth further attention from the attackers. It collects information like the computer’s name, RAM size, hard disk size, GPU and CPU type, as well as a list of installed software, including running antivirus programs.

The information is sent back to the attackers, who then decide if they want to deploy additional malware that can provide them with remote access to the infected system. For this second stage of attack they use customized versions of Backdoor.Cyberat and Trojan.Zbot, two well known malware threats.

“The group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and used their attack to distribute well-known threats that are available in the underground market,” the Symantec researchers said. “However, many people still fail to apply patches for vulnerabilities that are several years old, leaving themselves open to attacks of this kind.”

What is concerning to many is that energy sector companies have been attacked so often by malware. “Of the total number of incidents reported to ICS-CERT, roughly 55 percent involved advanced persistent threats (APT) or sophisticated actors,” the organization said. “Other actor types included hacktivists, insider threats, and criminals.”

Google Looks to Protect You from… Yourself

Google is looking to to protect Internet users from themselves. The company’s Chrome Web browser will now warn users before they visit sites that might encourage them to download programs or malware that could cripple their computers or otherwise interfere with their Web-browsing experience.

 

When users attempt to visit one of the questionable sites, they will see this warning in red letters: “The site ahead contains harmful programs.”

The warning, part of what Google is terming SafeBrowsing, informs users that attackers may attempt to trick them into installing programs that harm their browsing experiences by changing their homepages or showing extra ads on the sites they visit.

Google is suggesting that unsafe sites fall into two categories. One group consists of malware sites that contain code to install malicious software onto users’ computers. Hackers can use this malicious software to capture and transmit users’ private or sensitive information. The other category consists of phishing sites that pretend to be legitimate while trying to trick users into typing in their usernames and passwords or sharing other private information.

The new precautions also extend to Google search and ads. A Google search now incorporates signals that identify deceptive sites, and Google recently began disabling ads that lead to sites with unwanted software.

Google has had SafeBrowsing malware warnings in place for several years now, but it was only last November that it added automatic malware blocking. At that time, Google noted that if users see malicious file warnings on Web sites going forward, “you can click ‘Dismiss’ knowing that Chrome is working to keep you safe.”

These new protections apparently emerged as a result of last week’s discovery that new Lenovo PCs had shipped between September and December of 2014 with pre-installed adware known as Superfish, which uses a man-in-the-middle attack to insert ads into Web browsers.

ICS Malware Infection Could Mean Internet Trouble

A few weeks ago I wrote that there may be some troubling times ahead in respect to the internet’s structure. This weekend we learned that ISC, the home for the BIND DNS program has been infected with malware.

First, what exactly is ICS and why is it so important?

ISC is the group behind the open-source Berkeley Internet Name Domain (BIND) program. BIND is arguably the most popular DNS software on the planet. It is certainly the most used DNS program on the Unix and Linux systems that make up most of the Internet’s fundamental infrastructure.

What it DNS and How Does it Work?

dns_diagram

 

DNS is the master address list of the Internet. It is what translates every human-readable Internet address in the world, say https://www.wctechblog.com, into its IPv4 and IPv6 addresses. These numeric addresses are then used by routers and switches to move data from your computer, smartphone, tablet, whatever, to your Web sites, your e-mail server, and back again.

The result here is that this process is incredibly important.

Without DNS, there is no functional Internet.

Cyphort, an Internet security company, reported that they’d told ISC that their site had malware on it on December 22. ISC’s main site, which used an out of date version of WordPress, had, according to Cyphort had been compromised to point visitors to the sites infected with Angler Exploit Kit. The Angler exploit will only impact Windows systems and it is a Windows specific malware package.

If you manage a website or web service and the BIND code has indeed been corrupted and you have updated your DNS BIND server with the code, you could be out of service. And in addition your site might now have a security hole on it. It’s also very possible that your website could be used for a Distributed Denial of Service (DDoS) attack.

To make the situation even a little gloomier the ISC also runs the F DNS root server. This is one of only 13 root servers that the Internet relies upon for global DNS services.

The good news is that as of this report there have been no reports of issues on the BIND announcement or BIND-usermailing lists. On their webpage that now greets you on the ISC site, ISC recommends that anyone who has visited the site recently “scan any machine that has accessed this site recently for malware.”

Here we have another example of malware infecting computers and web services. malware is a plague on our internet infrastructure and our personal and professional security.

Microsoft Strikes Back Against Tech Support Scammers

This past weekend my dad called me (again) reporting that his PC was running “slow” and displaying “pop-up messages” and the internet browser was taking him to strange pages and “weird homepages”. As I was working on the PC my dad asked several times “who writes these things” and “why doesn’t every get arrested or charged” for infecting computers? I tried to explain that malware was a scourge on computers, and that it is normally triggered usually through email or visiting compromised websites. I also said that catching these cyber-criminals is incredibly difficult at best. Then I learned about Microsoft’s attempt to actually hold these cyber-criminals accountable.

Another incident that actually occurred to my dad about a month ago was a fake support message that popped up on his PC and without thinking he called the phone number listed. Fortunately he did not provide any credit card information to the the tech support company” to fix his PC and he called me instead. This is important with tech support scams. Never give anyone on the phone your credit card information!

These ongoing attempts to scam people by offering fake support and installing malware on PCs are growing at an alarming rate, and Microsoft has decided to take action.

The first example of this is Microsoft’s recent lawsuit against the software company, Omnitech Support.

Pop Up Windows offering tech support should be avoided at all costs.

Pop Up Windows offering tech support should be avoided at all costs.

As Microsoft detailed in a recent blog post, the Omni tech Support allegedly called customers and offered them to “fix issues with Microsoft software” that were not actually affecting their computers. Not just that, they actually created new problems by installing malicious software on these PCs then offering to “fix it”.

It is also evident that in addition to cheat unsuspecting computer users out of money they also have the intention of gaining access to personal data, passwords and financial information.

Microsoft has claimed that it had received 65,000 customer complaints since May 2014, with these fraudulent attempts to offer tech support using Microsoft brand and trademarks:

“Omnitech utilized the Microsoft trademarks and service marks to enhance their credentials and confuse customers about their affiliation with Microsoft. Omnitech then used their enhanced credibility to convince consumers that their personal computers are infected with malware in order to sell them unnecessary security services to clean their computers.”

As of right now there is no data on the number of users that fell victim to these scam attacks, but if the lawsuit is an indication, there probably is a large number of people that were tricked.

Microsoft has recommended that users refuse to pay for support when someone contacts them directly, and avoid paying for any such services.

And disclosing personal information and credit card details on phone should be avoided all times.

Staples Data Breached

If there is one thing for certain it’s that 2014 will be remembered as the year of data breach. These countless data breaches were almost always the result of the organization being infected with malware. This weekend as 2014 is about to conclude we have yet one more huge reported data breach, impacting countless customers.

The data breach this time was at the Staples office supply chain and it may have affected roughly 1.16 million payment cards. Once again like in so many similar cases earlier this year criminals deployed malware to point-of-sale systems at 115 stores.

The affected stores cover 35 states from California to Connecticut, according to a list Staples released Friday. The chain has more than 1,400 stores in the U.S.

The malware, which allowed the theft of debit and credit card data, was removed in mid-September upon detection, Staples said. The retailer had previously confirmed the incident in October. A previous report from security researcher Brian Krebs around that time cited fraudulent transactions traced to cards that were used for purchases at Staples stores in the Northeastern U.S., but apparently the attack was much wider than that.

The malware may have allowed access to transaction data including cardholder names, payment card numbers, expiration dates, and card verification codes, for purchases made between Aug. 10 and Sept. 16, Staples said Friday.

At two of the stores, the malware may have involved purchases over an even longer period, from July 20 through Sept. 16. Staples has posted a list of all the stores involved on its site.

Staples is offering free identity protection services, including credit monitoring, identity theft insurance, and a free credit report, to any customer who used a payment card at any of the affected stores during the relevant time periods.

Staples is another in a long line of retailers to have had sensitive data stolen this year.

Protecting Our Data

There are some ways to prevent these types of data breaches. The most immediate and effective manner is for organization’s to take information security seriously. Malware is a plague on our data systems but with strong security systems and policies in place malware can be prevented. Another solution will be the addition of chips to payment cards which are already being used in most of the world but not often in the United States. This could also help prevent future attacks. But a broad rollout of the technology may take a long time.

1 2