Onsite PC Solution Detect Bitcoin Mining Software
Onsite PC Solution Detect Bitcoin Mining Software

Thieves Use Yahoo to Spread Bitcoin Mining Malware

Security, Services, Software, , , , ,
23
Feb 2014

bitcoin-miner

You don’t need dynamites to find Bitcoins, just enough knowledge and computer hardware.

Malware not only steals your personal data, but can also hijack your system and network resources to work on things you don’t approve of.

Bitcoin and other forms of cryptocurrencies have skyrocketed in popularity in recent months.  The cryptocurrency craze isn’t reserved just for investors as virtually anyone can get their hands on these lucrative digital coins—given they have the necessary resources.  What we’re talking about is: if you don’t have money to invest in Bitcoin, you can mine the Bitcoins.  Mining these coins, however, will require some computer know-how and hardware.

Stealing Without Physically Taking

When it comes to knowledge of how hardware works and where digital information flows, cybercriminals and hackers are ahead of the game.  What they lack is the hardware, but why do they need to purchase their own hardware when they can steal your processing power?  All they have to do is run malicious code on your computer to hijack the computer’s resources remotely and us it to mine Bitcoins for themselves.

Beginning late last year, a slew of malware aimed at hijacking computers for mining Bitcoins began infecting unsuspecting victims.  Where and how these tools make their way onto people’s computer can vary, but it is especially troubling if the source is a popular website like Yahoo.

Yahoo admitted in January that its advertising platform was utilized by cybercriminals to distribute hijacking malware and viruses.  Fox IT, a cybersecurity firm, estimates that as many as 2 million Yahoo users were affected by the exploit.  Yahoo, however, has not given an estimate how many of its users clicked the scam ads.

Must Click the Ad That’s Slick!

While most of us will try to ignore any type of ads that appear on a website, savvy marketers will always find a way to deploy attractive and mind boggling banners that will trick us into clicking.  Criminals are also marketers in a sense, and so it is likely that they used these marketing tactics to lure people into clicking their ads on Yahoo.

task manager

If you’re not running any resource intensive tasks, the task manager should display low CPU and memory usage.

If you’re a Yahoo user, and notice that your computer is running unusually slow as of late, check your computer’s resource monitor to see which process is taking up abnormally large amount of bandwidth, memory and CPU usage.  Any process or application that is hogging up too much system resources could potentially be one of these Bitcoin mining malwares.

If you’re having a hard time navigating and figuring out whether or not you’re a victim of the Bitcoin malware, please contact our IT professionals and we’ll be more than happy to give you a hand!

Read More

Yahoo Messenger Becomes New Target for CryptoLocker

Security, Software, , , , , , ,
19
Feb 2014

A fairly new CryptoLocker malware has been spreading via Yahoo Messenger, and if you’re infected it may cost you a fortune to retrieve your own data.

Look Before You Jump, Steer Clear of YOURS.JPG.exe

The CryptoLocker ransomware has been wreaking havoc among many users, disguising itself as a file named ‘YOURS.JPG.exe’, the malware will encrypt important system files, and basically locking out rightful owners from their computers and documents.

2309323926

To regain access, the ransomware—as the name suggests—will demand ransom money from its victims.  In this particular case, the CryptoLocker ransomware demands $400 for a key which will supposedly unlock the encrypted files.  Once the ransom process is initiated, the malware will set off a timer that will destroy the key within a given amount of time if the exploiters don’t receive their fund.

Main Target: Yahoo Messenger Users

If you’re using Yahoo Messenger at home and especially at work, please take the necessary precautions to prevent this form of exploitation from happening to you. Recently CrytpoLocker has been targeting Yahoo Messenger users in the form of image attachments. First, we suggest you install the latest version of CryptoPrevent to keep CryptoLocker from infecting your computers.  It is also highly advisable that you keep your antivirus/antimalware software up-to-date, as this will also shield your computers from various online attacks.

For more tips and tricks on what you can do to prevent these types of intrusions and attacks, please don’t hesitate to contact our IT professionals.

Read More

Keeping Your Website Safe and Clean

Internet, Security, ,
03
Nov 2013

OnsitePCSolution_Main_Image_v1

 

Your website is crucial in helping the rest of the world to find your service or to learn more about you.  As more websites are built on WordPress allowing you to easily manage your site pages, blog and online stores, it has become a target of criminals.  In this article we will cover why it’s important to avoid free premium WordPress themes.

I have a website, what’s the problem?

If you have recently (in the last several years) had your website updated or created, there is a good chance  your main website or a sub section such as the blog is running WordPress.  The best way to check if WordPress is being used is to ask the person that designed your website.

 

Onsite_PC_Solution_wordpress-logo

 

A theme is then used to change the layout, colors, fonts and general look and behavior of your site.  Themes can either be free, or premium where you pay for more features, updates and typically support.  Since premium themes cost money, some people decide to do a quick Google search to find the premium theme for free.

Premium themes that are quickly available over Google can contain malicious code that will infect your website, and as a result anyone that visits your website.

What happens if my site is infected with malicious code?

Once your site has been infected, the malicious party can then run programs and code on your website.  This not only puts your website at risk but also puts your website visitors at risk.  Your website can also be flagged for malware by Google.

Snippet_of_malicious_code

A snippet of malicious code as described by Sam Parkinson in his blog post on the details of pirating premium WordPress themes

How can I keep myself safe?

The next time you talk to your website designer, ask them these questions:

1. Is my website running WordPress?

2. Is the theme of my website free or premium?

3. If it is premium,  where was it downloaded from and paid for?

If the site runs WordPress and a premium theme, make sure it was paid for and downloaded from the theme designer’s official webpage, or from the official WordPress premium theme site.

Also, as mentioned in this article, ask your website designer to disable dangerous functions that are not being used on your site as explained here.

We always recommend giving your office or home IT support all of the details so they can keep track of and inventory potential risks to your business as well.

Read More

The Most Malicious Virus of 2013: CryptoLocker

Security, Software, ,
25
Oct 2013

CryptoLocker Ransomware demands $300 to decrypt your files

CryptoLocker is becoming the most malicious ransomware (a virus that holds your data ransom) of 2013 since your data is forever lost without a solid backup copy or shadow copy. Here is a summary of what it does and how you can protect yourself.

What does it do to my files?

CryptoLocker will scan your computer and shared network drive for common document files and encrypt them making the files completely innaccessible until you pay a ransom of approximately $300 within 4 days. There is no way to decrypt your files even if your anti-virus cleans the infected computer.

[spoiler title=”Here is a full list of files affected:” open=”0″ style=”1″]
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c[/spoiler]

How would I get infected?

CryptoLocker spreads through attachments in e-mails. The email will look like a customer support issue with a zip file attachment. The virus is inside the zip file hidden as a PDF document.

There have also been reports of people being infected by visiting a website that has Java, a common web programming language.

cryptolocker_wallpaper

How can I protect myself?

There are some security policy changes that can be made to computers to prevent the virus from running, however you must be comfortable with Windows system administration to make the changes. CryptoPrevent will also make these changes for you.  Although rare, you must be careful since it could disable other programs.

The most straightforward way to protect yourself now and in the future is to install MalwareBytes Pro and Avast which both detect and prevent infections. Microsoft Security Essentials is simply not advanced enough to detect this virus.

Having an office or home policy of never opening emails or attachments unless they are from a trusted sender is the first line of defence.

What are my options if I am infected?

The best way to recover from an infection is to run the free version of MalwareBytes to delete the virus, then recover your encrypted files from a backup.

Alternatively, you can use ShadowExplorer or Shadow Volume Copies to recover an older un-encrypted version of the file only if System Restore is enabled in Windows.

If you have no backup, your only option is to pay the ransom and wait for your files to be decrypted by the virus.

cryptolocker_decrypting

Read More
1 24 25 26