Computer Malware has Entered a New Phase

The latest malware scam (known as ransom ware) in the repair trade is called “CryptoLocker”. Once it is installed on your computer it proceeds to encrypt your documents and files, then tells you to pay a $300.00 fee for the password to unencrypt your files.

Some businesses have been forced to pay the ransom to recover their data. All attached hard drives are effected by this ransomware – so all the backups on external drives and servers that are online at the time of the infection are encrypted too.

The best solution is prevention. I would suggest that backups of your valuable data be made to an external device (external hard drive, USB drive, CD/DVD drive, etc) that is disconnected or removed after the backup is completed.

If you are running Vista or Windows 7 or 8, it is possible to recover data with some work – bypassing the encrypted files using the “shadow copy” – provided “shadow copy” is enabled on your computer. Windows XP and prior operating systems..the news is not good if you have not made protected backups.

Take steps to protect yourself from the scammers..back up your irreplaceable pictures, documents and data now, before it is too late.

Feel free to contact me for suggestions on what to do to protect your PC… or to recover your data if that is what is needed.

Call Lon at 402-525-3799 or

Email me at:
Lon@CassCountyComputerRepair.com

Scams -Spams and Fishing for your Money Part III

The latest malicious software currently making the rounds is a recycled variant of the “FBI Virus” It locks down your computer so it will do nothing except display an official looking message “Illegal content has been found on your computer. Your computer has been locked by the FBI and the lock will not be removed until you pay a $100.00 fine”. Of course there is a link to pay your “fine”.

This virus is typically transmitted by email. Make sure your anti-virus program has access to scan your incoming email. Do not open email from people you don’t know, and be very careful when opening email attachments. It is best to right click on the attachment and have your anti-virus program scan it before opening any attachment.

Scams Spams and Phishing for Your Money Part II: Phishing for your account information using email

If you ever post on Craigslist or use PayPal, please be aware that scammers will stop at nothing to steal your information. A very common way to gain access to your financial accounts is known as “phishing”. I got an email purportedly informing me that my PayPal account had been suspended, and that I needed to “verify” my account information.

“Phishing” is a variant of the class of fraud known in computer security circles as “social engineering”. Social engineering is simply a lie. The old fashioned way of using social engineering was to call a business and impersonate someone who is high on a corporate ladder calling into the office to beg the operator to  PLEASE save them embarrassment by looking up login details of the impersonated corporate officer, giving it to the caller over the phone. The call is often accompanied by a manufactured crisis to boost the importance of the caller getting the login details immediately.

Now the scammers send an authentic appearing email to their intended victims, using classic  social engineering methodologies.

Once you have clicked the link in the authentic appearing email your web browser gets directed to a very authentic appearing copy of PayPal’s website hosted elsewhere on the internet, with the intent of stealing your password and login information to empty your PayPal account.

The easiest way to detect a scam like this is to hover your mouse over the link the scammers intend for you to click and check the web address, which usually appears in the bottom frame of the window you are viewing the email in.

Be aware that this fraud is not limited to PayPal – it can involve any business entity that can be used to gain access to your financial information – even appearing to be from your bank, credit union, or stock broker.

The link in the email below shows  as being to the secure PayPal website https://paypal.com/resolution  In reality the link leads to->  http://www.harmeen.com/images/sys/httpswww.paypal.com.htm”. This is done with the HTML coding used to display the link’s text.

Be very cautious surfing the the internet and responding to email my friends. The same type of deceptive link in an email can lead you to a site that will overwhelm your computer and install malware and/or viruses onto your PC.


Some good information on infected websites and other malicious software can be found at  StopBadware.org


Please do NOT click on anything below this – it is a copy of the email I received – minus some of the authentic appearing images from PayPal – the links are live to the scammers site.

PayPal

Dear Customer,

We need your help resolving an issue with your account. To give us time to work together on this, we’ve temporarily limited what you can do with your account until the issue is resolved.

We understand it may be frustrating not to have full access to your PayPal account. We want to work with you to get your account back to normal as quickly as possible.

Please click on the link below to initiate the verification process:

https://paypal.com/resolution

 

Yours sincerely,
PayPal

Copyright © 2012 PayPal. All rights reserved.

PayPal Email ID PP277

 

Fake Anti-Virus (Scareware) is the Most Common Infection Seen on Computers

Clicking on a “Your computer is infected, click this to scan your computer for threats” pop-up window when surfing the internet is the source of most of the virus removal jobs I get. This source of infections has been around for years – they use scare tactics to get you to click a window – and clicking that window downloads malicious software to your computer.

Fake Anti Virus Malware removal Elmwood, Murdock, Ashland, Lousiville, Weeping Water, Nebraska, NE, Cass County

A Typical Rogue Anti-Virus Program

A  Partial List of the “Rogue AntiVirus Programs”:
Antispyware Soldier-AntiVermeans-AntiVermins-AntiVerminser-AntiVirGear-Antivirus 2009-Antivirus Lab 2009-Antivirus Master-Antivirus XP 2008-AntivirusGolden-AVGold-BraveSentry-IE Defender-Internet Antivirus-MalwareCrush-MalwareWipe-MalwareWiped-MalwareWipePro-MalwareWiper-Micro Antivirus 2009-MS Antivirus-PestCapture-PestTrap-Power Antivirus 2009-Power Antivirus-PSGuard-Smart Antivirus 2009-SpyAxe-SpyCrush-SpyDown-SpyFalcon-SpyGuard-SpyHeal-XP AntiVirus…and the list goes on and on.

These malicious programs will hijack your computer, redirect your internet searches, prevent your programs from running (including the anti virus program you have installed) – and blame it all on the imaginary “threats” they pretend to have found while “scanning” your PC. The object of all of this is simple – to blackmail you into paying them money for their fake anti-virus program..to remove the problems these infections create.

Even worse, I had a customer who actually paid $49.95 for a “year subscription” to one of these fake “Anti-virus” programs believing they were doing the right thing.to protect their computer. 30 days later they received another bill for $49.95, and when they did not pay it, their computer became impossible to use at all – only the desktop picture was visible.

I don’t know about you, but the last people in the world I want to have my credit card information are people trying to scam me out of money.

The first line of defense is to not click anything unfamiliar, install a WELL KNOWN anti virus program by a reputable company and scan regularly. Know what that program looks like and don’t allow “mystery programs” past your anti-virus program..If your anti virus detects a threat – believe it.

Another safeguard is to use Firefox as a web browser and to use the “NoScript” add-on for Firefox to prevent the Java script exploits that are one method of infecting your PC. Not clicking on pop-up Windows is another good line of defense – even clicking “No” can infect your computer. When I run into one of these pop-up windows when surfing the web, I click nothing – instead I simply re-start my computer using the Windows “Start” button.

If you already are infected, give me a call. These infections can be removed and the functionality of your computer restored to normal.

Malicious Software and Pintrest

Reports are starting to come in concerning viral and malware infections contracted by those using the “Pintrest” website. When you “Pin” something up, others are encouraged to to click it too to “pin” it up also. The “pinned” web content may be completely harmless when it is first pinned for others to see.

Given the huge growth Pintrest is experiencing, it is a “ripe fruit” for those distributing malicious software to use to their advantage. There have been multiple reports of malware infections contracted by people visiting the site “pinned” and clicking on an “irresistible” offer. Offers of “free gift cards”, “Win a PS3″ and others are “served up” by adservers to websites, so the owner of the site can make a few pennies on every ad that is clicked.

The problem; poor screening of the ads practically invites distributors of malicious software to insert malicious code into the ads “served up” to be clicked upon.

The simple solution: Remember, there is no such thing as a free lunch. DON’T click on “free” offers. If there is bait in the water, chances are it will have a hook in it.

The reported infections are sailing right past McAffee’s protection, and other anti-virus programs may have vulnerability to this malicious software too. Until virus definitions are updated, an anti-virus program cannot stop the virus, simply because it does not know what to look for.

Adware – Spyware – Malware Prevention

Sometimes children just can’t resist the “register now for a free ipod” popup that appears while they are surfing the web. Game sites are particularly known for this. A good anti-virus program does help, as will a firewall. Appropriate security policies can be set on some computers too, to prevent a non-administrator from installing software. XP home and earlier versions of Windows do not have this “security policy” feature.

It is a good idea for you to surf the web, and have your children surf the web, from an account that is NOT an administrator account. My kids have non-administrator accounts, PERIOD. Any changes have to be approved and done by an adult. Administrator accounts are by default allowed to install software..and an accidental click can cause major issues.

Another “good practice” while surfing and coming across a pop-up window that claims to have found a virus on your computer is to not click anything at all on the pop-up. Malicious programmers have taken to building programs that respond to a click anywhere (including the cancel button) by downloading their malicious software. If I come across one of these scams designed to get malware onto my computer, the action I take is the safe action. Instead of clicking anything, I simply restart my computer from the Windows “Start” button. Problem solved.

A good overall work around for the “security policy” limitation is to edit your “hosts” file to prevent a connection from being established to the server that downloads this malicious software to your computer. Winhelp2002 has a pretty good explanation of the process and they also have a downloadable hosts file available that is regularly updated and easily installed.

The hosts file download is a .zip format. After you download it, right click on the hosts.zip file and choose “extract” or “unzip”. Make sure you unzip it to a location that you can find after the unzipping completes. Go into the unzipped “hosts” folder and you will see an icon named either MVPS or MVPS.bat (depending on the settings of your computer). Click on the MVPS icon and it will automatically install the hosts file in the correct location in your computer.

It is a simple fix that saves a lot of headaches.